public async Task <bool> VerifyAccess(APEntity entity, string userId)
{
if (entity.Type == "_blocks" && !entity.Data["attributedTo"].Any(a => a.Id == userId))
{
return(false);
}
if (entity.Type == "_blocked")
{
return(false);
}
if (entity.Type == "https://www.w3.org/ns/activitystreams#OrderedCollection" || entity.Type == "https://www.w3.org/ns/activitystreams#Collection" || entity.Type.StartsWith("_"))
{
return(true);
}
if (EntityData.IsActor(entity.Data))
{
return(true);
}
var audience = DeliveryService.GetAudienceIds(entity.Data);
return(
entity.Data["attributedTo"].Concat(entity.Data["actor"]).Any(a => a.Id == userId) ||
audience.Contains("https://www.w3.org/ns/activitystreams#Public") ||
(userId != null && audience.Contains(userId))
);
}
internal async Task <ASObject> Get(string url, IQueryCollection arguments, HttpContext context)
{
var store = _mainStore;
if (store is RetrievingEntityStore)
{
store = ((RetrievingEntityStore)store).Next;
}
var userId = _user.FindFirstValue(JwtTokenSettings.ActorClaim);
var entity = await store.GetEntity(url, true);
if (entity == null)
{
return(null);
}
if (entity.Type == "_blocks" && !entity.Data["attributedTo"].Any(a => (string)a.Primitive == userId))
{
throw new UnauthorizedAccessException("Blocks are private!");
}
if (entity.Type == "_blocked")
{
throw new UnauthorizedAccessException("This collection is only used internally for optimization reasons");
}
if (entity.Type == "OrderedCollection" || entity.Type.StartsWith("_"))
{
return(await _getCollection(entity, arguments));
}
if (entity.IsOwner && _entityData.IsActor(entity.Data))
{
return(entity.Data);
}
var audience = DeliveryService.GetAudienceIds(entity.Data);
if (userId == null && !audience.Contains("https://www.w3.org/ns/activitystreams#Public"))
{
var authToken = context.Request.Headers["Authorization"];
if (authToken.Count == 0)
{
throw new UnauthorizedAccessException("You need authorization!");
}
var jwt = authToken.First().Split(' ')[1];
userId = await _deliveryService.VerifyJWS(url, jwt);
}
if (entity.Data["attributedTo"].Concat(entity.Data["actor"]).All(a => (string)a.Primitive != userId) && !audience.Contains("https://www.w3.org/ns/activitystreams#Public") && (userId == null || !audience.Contains(userId)))
{
throw new UnauthorizedAccessException("No access");
}
return(entity.Data);
}
public override async Task <bool> Handle()
{
if (MainObject.Type != "Accept" && MainObject.Type != "Reject")
{
return(true);
}
var subObject = await EntityStore.GetEntity((string)MainObject.Data["object"].Single().Primitive, true);
var requestedUser = await EntityStore.GetEntity((string)subObject.Data["actor"].First().Primitive, true);
if (subObject.Type != "Follow")
{
return(true);
}
if ((string)subObject.Data["object"].Single().Primitive != Actor.Id)
{
throw new InvalidOperationException("Cannot Accept or Reject a Follow from another actor!");
}
if (MainObject.Type != "Like" && MainObject.Type != "Follow")
{
return(true);
}
var audience = DeliveryService.GetAudienceIds(MainObject.Data);
if (!audience.Contains(requestedUser.Id))
{
throw new InvalidOperationException("Accepts/Rejects of Follows should be sent to the actor of the follower!");
}
bool isAccept = MainObject.Type == "Accept";
var followers = await EntityStore.GetEntity((string)Actor.Data["followers"].Single().Primitive, false);
if (isAccept && !await _collection.Contains(followers.Id, requestedUser.Id))
{
await _collection.AddToCollection(followers, requestedUser);
}
if (!isAccept && await _collection.Contains(followers.Id, requestedUser.Id))
{
await _collection.RemoveFromCollection(followers, requestedUser);
}
return(true);
}
internal async Task <ASObject> Get(string url, IQueryCollection arguments, HttpContext context)
{
var userId = _user.FindFirstValue(JwtTokenSettings.ActorClaim);
var entity = await _mainStore.GetEntity(url, false);
if (entity == null)
{
return(null);
}
if (entity.Type == "_blocks" && !entity.Data["attributedTo"].Any(a => (string)a.Primitive == userId))
{
throw new UnauthorizedAccessException("Blocks are private!");
}
if (entity.Type == "_blocked")
{
throw new UnauthorizedAccessException("This collection is only used internally for optimization reasons");
}
if (entity.Type == "OrderedCollection" || entity.Type.StartsWith("_"))
{
return(await _getCollection(entity, arguments));
}
if (entity.IsOwner && _entityData.IsActor(entity.Data))
{
return(entity.Data);
}
var audience = DeliveryService.GetAudienceIds(entity.Data);
if (userId == null && !audience.Contains("https://www.w3.org/ns/activitystreams#Public"))
{
userId = await _verifier.Verify(url, context);
}
if (entity.Data["attributedTo"].Concat(entity.Data["actor"]).All(a => (string)a.Primitive != userId) && !audience.Contains("https://www.w3.org/ns/activitystreams#Public") && (userId == null || !audience.Contains(userId)))
{
throw new UnauthorizedAccessException("No access");
}
return(entity.Data);
}