diff options
author | Andrew Godwin | 2022-11-20 18:29:19 -0700 |
---|---|---|
committer | Andrew Godwin | 2022-11-20 18:29:19 -0700 |
commit | 5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068 (patch) | |
tree | f6bfb8d8e0fe6e00a30125ba4b6076426c56bcf2 /users/views | |
parent | bed5c7ffaa184fd6146df17279fc2b96f9d02944 (diff) | |
download | takahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.tar.gz takahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.tar.bz2 takahe-5ddce16213a8e7b4e9d052a14ed8d7e37ac5f068.zip |
Add a system actor to sign outgoing S2S GETs
Diffstat (limited to 'users/views')
-rw-r--r-- | users/views/activitypub.py | 84 | ||||
-rw-r--r-- | users/views/identity.py | 4 |
2 files changed, 65 insertions, 23 deletions
diff --git a/users/views/activitypub.py b/users/views/activitypub.py index c0fcd98..bb52f8a 100644 --- a/users/views/activitypub.py +++ b/users/views/activitypub.py @@ -18,7 +18,7 @@ from core.signatures import ( VerificationFormatError, ) from takahe import __version__ -from users.models import Identity, InboxMessage +from users.models import Identity, InboxMessage, SystemActor from users.shortcuts import by_handle_or_404 @@ -96,28 +96,52 @@ class Webfinger(View): resource = request.GET.get("resource") if not resource.startswith("acct:"): raise Http404("Not an account resource") - handle = resource[5:].replace("testfedi", "feditest") - identity = by_handle_or_404(request, handle) - return JsonResponse( - { - "subject": f"acct:{identity.handle}", - "aliases": [ - str(identity.urls.view_nice), - ], - "links": [ - { - "rel": "http://webfinger.net/rel/profile-page", - "type": "text/html", - "href": str(identity.urls.view_nice), - }, - { - "rel": "self", - "type": "application/activity+json", - "href": identity.actor_uri, - }, - ], - } - ) + handle = resource[5:] + if handle.startswith("__system__@"): + # They are trying to webfinger the system actor + system_actor = SystemActor() + return JsonResponse( + { + "subject": f"acct:{handle}", + "aliases": [ + system_actor.profile_uri, + ], + "links": [ + { + "rel": "http://webfinger.net/rel/profile-page", + "type": "text/html", + "href": system_actor.profile_uri, + }, + { + "rel": "self", + "type": "application/activity+json", + "href": system_actor.actor_uri, + }, + ], + } + ) + else: + identity = by_handle_or_404(request, handle) + return JsonResponse( + { + "subject": f"acct:{identity.handle}", + "aliases": [ + str(identity.urls.view_nice), + ], + "links": [ + { + "rel": "http://webfinger.net/rel/profile-page", + "type": "text/html", + "href": str(identity.urls.view_nice), + }, + { + "rel": "self", + "type": "application/activity+json", + "href": identity.actor_uri, + }, + ], + } + ) @method_decorator(csrf_exempt, name="dispatch") @@ -171,3 +195,17 @@ class Inbox(View): # Hand off the item to be processed by the queue InboxMessage.objects.create(message=document) return HttpResponse(status=202) + + +class SystemActorView(View): + """ + Special endpoint for the overall system actor + """ + + def get(self, request): + return JsonResponse( + canonicalise( + SystemActor().to_ap(), + include_security=True, + ) + ) diff --git a/users/views/identity.py b/users/views/identity.py index 4dae6d5..b96d2eb 100644 --- a/users/views/identity.py +++ b/users/views/identity.py @@ -161,6 +161,10 @@ class CreateIdentity(FormView): raise forms.ValidationError( "This username is restricted to administrators only." ) + if value in ["__system__"]: + raise forms.ValidationError( + "This username is reserved for system use." + ) # Validate it's all ascii characters for character in value: |