validate person

2024-01-04 18:04:46 +01:00 · 2024-01-04 18:04:46 +01:00 · 6e46739090
commit 6e46739090
parent 0505baab2b
4 changed files with 101 additions and 6 deletions
--- a/docs/unsure-where-to-put/dev-notes.md
+++ b/docs/unsure-where-to-put/dev-notes.md
@ -89,9 +89,10 @@ curl -X 'POST' \
 ```json
 {
  "id": "http://localhost:3000/api/v1/activitypub/user-id/1/outbox/12345",
-  "type": "Star",
+  "type": "Like",
  "actor": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/13",
-  "object": "http://localhost:3000/api/v1/activitypub/repository-id/1"
+  "object": "http://localhost:3000/api/v1/activitypub/repository-id/2",
+  "startTime": "2014-12-31T23:00:00-08:00"
 }
 ```

--- a/models/forgefed/actor.go
+++ b/models/forgefed/actor.go
@ -8,6 +8,8 @@ import (
 	"net/url"
 	"strings"

+	ap "github.com/go-ap/activitypub"
+
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/validation"
 )
@ -196,3 +198,29 @@ func newActorID(uri string) (ActorID, error) {
 	result.UnvalidatedInput = validatedURI.String()
 	return result, nil
 }
+
+// ----------------------------- ForgePerson -------------------------------------
+
+// ForgePerson activity data type
+// swagger:model
+type ForgePerson struct {
+	// swagger:ignore
+	ap.Actor
+}
+
+func (s ForgePerson) MarshalJSON() ([]byte, error) {
+	return s.Actor.MarshalJSON()
+}
+
+func (s *ForgePerson) UnmarshalJSON(data []byte) error {
+	return s.Actor.UnmarshalJSON(data)
+}
+
+func (s ForgePerson) Validate() []string {
+	var result []string
+	result = append(result, validation.ValidateNotEmpty(string(s.Type), "type")...)
+	result = append(result, validation.ValidateOneOf(string(s.Type), []any{string(ap.PersonType)})...)
+	result = append(result, validation.ValidateNotEmpty(s.PreferredUsername.String(), "preferredUsername")...)
+
+	return result
+}
--- a/models/forgefed/actor_test.go
+++ b/models/forgefed/actor_test.go
@ -4,8 +4,12 @@
 package forgefed

 import (
+	"reflect"
+	"strings"
 	"testing"

+	ap "github.com/go-ap/activitypub"
+
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/validation"
 )
@ -155,3 +159,64 @@ func TestShouldThrowErrorOnInvalidInput(t *testing.T) {
 		t.Errorf("this uri should be valid but was: %v", err)
 	}
 }
+
+func Test_PersonMarshalJSON(t *testing.T) {
+	sut := ForgePerson{}
+	sut.Type = "Person"
+	sut.PreferredUsername = ap.NaturalLanguageValuesNew()
+	sut.PreferredUsername.Set("en", ap.Content("MaxMuster"))
+	result, _ := sut.MarshalJSON()
+	if "{\"type\":\"Person\",\"preferredUsername\":\"MaxMuster\"}" != string(result) {
+		t.Errorf("MarshalJSON() was = %q", result)
+	}
+}
+
+func Test_PersonUnmarshalJSON(t *testing.T) {
+	expected := &ForgePerson{
+		Actor: ap.Actor{
+			Type: "Person",
+			PreferredUsername: ap.NaturalLanguageValues{
+				ap.LangRefValue{Ref: "en", Value: []byte("MaxMuster")},
+			},
+		}}
+	sut := new(ForgePerson)
+	err := sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`))
+	if err != nil {
+		t.Errorf("UnmarshalJSON() unexpected error: %v", err)
+	}
+	x, _ := expected.MarshalJSON()
+	y, _ := sut.MarshalJSON()
+	if !reflect.DeepEqual(x, y) {
+		t.Errorf("UnmarshalJSON() expected: %q got: %q", x, y)
+	}
+
+	expectedStr := strings.ReplaceAll(strings.ReplaceAll(`{
+		"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
+		"type":"Person",
+		"icon":{"type":"Image","mediaType":"image/png","url":"https://federated-repo.prod.meissa.de/avatar/fa7f9c4af2a64f41b1bef292bf872614"},
+		"url":"https://federated-repo.prod.meissa.de/stargoose9",
+		"inbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/inbox",
+		"outbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/outbox",
+		"preferredUsername":"stargoose9",
+		"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
+			"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
+			"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}`,
+		"\n", ""),
+		"\t", "")
+	err = sut.UnmarshalJSON([]byte(expectedStr))
+	if err != nil {
+		t.Errorf("UnmarshalJSON() unexpected error: %v", err)
+	}
+	result, _ := sut.MarshalJSON()
+	if expectedStr != string(result) {
+		t.Errorf("UnmarshalJSON() expected: %q got: %q", expectedStr, result)
+	}
+}
+
+func TestForgePersonValidation(t *testing.T) {
+	sut := new(ForgePerson)
+	sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`))
+	if res, _ := validation.IsValid(sut); !res {
+		t.Errorf("sut expected to be valid: %v\n", sut.Validate())
+	}
+}
--- a/routers/api/v1/activitypub/repository.go
+++ b/routers/api/v1/activitypub/repository.go
@ -223,14 +223,15 @@ func createUserFromAP(ctx *context.APIContext, personID forgefed.PersonID) (*use
 		return &user_model.User{}, err
 	}

-	person := ap.Person{}
+	person := forgefed.ForgePerson{}
 	err = person.UnmarshalJSON(body)
 	if err != nil {
 		return &user_model.User{}, err
 	}
-	log.Info("RepositoryInbox: got person by ap: %v", person)
-
-	// TODO: we should validate the person object here!
+	if res, err := validation.IsValid(person); !res {
+		return &user_model.User{}, err
+	}
+	log.Info("RepositoryInbox: validated person: %q", person)

 	email := fmt.Sprintf("%v@%v", uuid.New().String(), personID.Host)
 	loginName := personID.AsLoginName()