summaryrefslogtreecommitdiffstats
path: root/users/views
diff options
context:
space:
mode:
authorAndrew Godwin2022-11-20 18:29:19 -0700
committerAndrew Godwin2022-11-20 18:29:19 -0700
commit5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068 (patch)
treef6bfb8d8e0fe6e00a30125ba4b6076426c56bcf2 /users/views
parentbed5c7ffaa184fd6146df17279fc2b96f9d02944 (diff)
downloadtakahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.tar.gz
takahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.tar.bz2
takahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.zip
Add a system actor to sign outgoing S2S GETs
Diffstat (limited to 'users/views')
-rw-r--r--users/views/activitypub.py84
-rw-r--r--users/views/identity.py4
2 files changed, 65 insertions, 23 deletions
diff --git a/users/views/activitypub.py b/users/views/activitypub.py
index c0fcd98..bb52f8a 100644
--- a/users/views/activitypub.py
+++ b/users/views/activitypub.py
@@ -18,7 +18,7 @@ from core.signatures import (
VerificationFormatError,
)
from takahe import __version__
-from users.models import Identity, InboxMessage
+from users.models import Identity, InboxMessage, SystemActor
from users.shortcuts import by_handle_or_404
@@ -96,28 +96,52 @@ class Webfinger(View):
resource = request.GET.get("resource")
if not resource.startswith("acct:"):
raise Http404("Not an account resource")
- handle = resource[5:].replace("testfedi", "feditest")
- identity = by_handle_or_404(request, handle)
- return JsonResponse(
- {
- "subject": f"acct:{identity.handle}",
- "aliases": [
- str(identity.urls.view_nice),
- ],
- "links": [
- {
- "rel": "http://webfinger.net/rel/profile-page",
- "type": "text/html",
- "href": str(identity.urls.view_nice),
- },
- {
- "rel": "self",
- "type": "application/activity+json",
- "href": identity.actor_uri,
- },
- ],
- }
- )
+ handle = resource[5:]
+ if handle.startswith("__system__@"):
+ # They are trying to webfinger the system actor
+ system_actor = SystemActor()
+ return JsonResponse(
+ {
+ "subject": f"acct:{handle}",
+ "aliases": [
+ system_actor.profile_uri,
+ ],
+ "links": [
+ {
+ "rel": "http://webfinger.net/rel/profile-page",
+ "type": "text/html",
+ "href": system_actor.profile_uri,
+ },
+ {
+ "rel": "self",
+ "type": "application/activity+json",
+ "href": system_actor.actor_uri,
+ },
+ ],
+ }
+ )
+ else:
+ identity = by_handle_or_404(request, handle)
+ return JsonResponse(
+ {
+ "subject": f"acct:{identity.handle}",
+ "aliases": [
+ str(identity.urls.view_nice),
+ ],
+ "links": [
+ {
+ "rel": "http://webfinger.net/rel/profile-page",
+ "type": "text/html",
+ "href": str(identity.urls.view_nice),
+ },
+ {
+ "rel": "self",
+ "type": "application/activity+json",
+ "href": identity.actor_uri,
+ },
+ ],
+ }
+ )
@method_decorator(csrf_exempt, name="dispatch")
@@ -171,3 +195,17 @@ class Inbox(View):
# Hand off the item to be processed by the queue
InboxMessage.objects.create(message=document)
return HttpResponse(status=202)
+
+
+class SystemActorView(View):
+ """
+ Special endpoint for the overall system actor
+ """
+
+ def get(self, request):
+ return JsonResponse(
+ canonicalise(
+ SystemActor().to_ap(),
+ include_security=True,
+ )
+ )
diff --git a/users/views/identity.py b/users/views/identity.py
index 4dae6d5..b96d2eb 100644
--- a/users/views/identity.py
+++ b/users/views/identity.py
@@ -161,6 +161,10 @@ class CreateIdentity(FormView):
raise forms.ValidationError(
"This username is restricted to administrators only."
)
+ if value in ["__system__"]:
+ raise forms.ValidationError(
+ "This username is reserved for system use."
+ )
# Validate it's all ascii characters
for character in value: