snac2/utils.c

541 lines
15 KiB
C
Raw Permalink Normal View History

2022-10-04 06:51:24 +00:00
/* snac - A simple, minimalistic ActivityPub instance */
2024-01-04 08:22:03 +00:00
/* copyright (c) 2022 - 2024 grunfink et al. / MIT license */
2022-10-04 06:51:24 +00:00
#include "xs.h"
#include "xs_io.h"
#include "xs_json.h"
2022-10-04 07:40:16 +00:00
#include "xs_time.h"
#include "xs_openssl.h"
#include "xs_random.h"
#include "xs_glob.h"
2024-02-15 18:24:10 +00:00
#include "xs_curl.h"
#include "xs_regex.h"
2022-10-04 06:51:24 +00:00
#include "snac.h"
#include <sys/stat.h>
2022-10-04 07:40:16 +00:00
#include <stdlib.h>
2022-10-04 06:51:24 +00:00
static const char *default_srv_config = "{"
2022-10-04 06:51:24 +00:00
"\"host\": \"\","
"\"prefix\": \"\","
"\"address\": \"127.0.0.1\","
"\"port\": 8001,"
2022-11-23 12:32:23 +00:00
"\"layout\": 0.0,"
2022-10-04 06:51:24 +00:00
"\"dbglevel\": 0,"
"\"queue_retry_minutes\": 2,"
"\"queue_retry_max\": 10,"
"\"queue_timeout\": 6,"
"\"queue_timeout_2\": 8,"
2022-10-04 06:51:24 +00:00
"\"cssurls\": [\"\"],"
"\"max_timeline_entries\": 50,"
2022-11-12 07:26:26 +00:00
"\"timeline_purge_days\": 120,"
"\"local_purge_days\": 0,"
"\"min_account_age\": 0,"
"\"admin_email\": \"\","
"\"admin_account\": \"\","
"\"title\": \"\","
2023-10-17 18:02:08 +00:00
"\"short_description\": \"\","
"\"protocol\": \"https\","
2023-10-17 18:02:08 +00:00
"\"fastcgi\": false"
2022-10-04 06:51:24 +00:00
"}";
static const char *default_css =
2023-07-24 10:55:56 +00:00
"body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n"
"pre { overflow-x: scroll; }\n"
".snac-embedded-video, img { max-width: 100% }\n"
2022-10-04 06:51:24 +00:00
".snac-origin { font-size: 85% }\n"
2022-11-09 14:30:21 +00:00
".snac-score { float: right; font-size: 85% }\n"
2022-10-04 06:51:24 +00:00
".snac-top-user { text-align: center; padding-bottom: 2em }\n"
".snac-top-user-name { font-size: 200% }\n"
".snac-top-user-id { font-size: 150% }\n"
".snac-announcement { border: black 1px solid; padding: 0.5em }\n"
".snac-avatar { float: left; height: 2.5em; width: 2.5em; padding: 0.25em }\n"
2023-06-01 07:20:20 +00:00
".snac-author { font-size: 90%; text-decoration: none }\n"
2023-06-01 08:11:09 +00:00
".snac-author-tag { font-size: 80% }\n"
2022-10-04 06:51:24 +00:00
".snac-pubdate { color: #a0a0a0; font-size: 90% }\n"
".snac-top-controls { padding-bottom: 1.5em }\n"
".snac-post { border-top: 1px solid #a0a0a0; }\n"
2024-02-22 12:27:03 +00:00
".snac-children { padding-left: 1em; border-left: 1px solid #a0a0a0; }\n"
2022-10-04 06:51:24 +00:00
".snac-textarea { font-family: inherit; width: 100% }\n"
".snac-history { border: 1px solid #606060; border-radius: 3px; margin: 2.5em 0; padding: 0 2em }\n"
".snac-btn-mute { float: right; margin-left: 0.5em }\n"
".snac-btn-unmute { float: right; margin-left: 0.5em }\n"
2022-10-04 06:51:24 +00:00
".snac-btn-follow { float: right; margin-left: 0.5em }\n"
".snac-btn-unfollow { float: right; margin-left: 0.5em }\n"
2022-11-04 07:48:15 +00:00
".snac-btn-hide { float: right; margin-left: 0.5em }\n"
2022-10-04 06:51:24 +00:00
".snac-btn-delete { float: right; margin-left: 0.5em }\n"
".snac-btn-limit { float: right; margin-left: 0.5em }\n"
".snac-btn-unlimit { float: right; margin-left: 0.5em }\n"
".snac-footer { margin-top: 2em; font-size: 75% }\n"
2023-07-24 10:55:56 +00:00
".snac-poll-result { margin-left: auto; margin-right: auto; }\n"
2024-02-03 06:36:17 +00:00
"@media (prefers-color-scheme: dark) { \n"
" body, input, textarea { background-color: #000; color: #fff; }\n"
2024-02-03 06:36:17 +00:00
" a { color: #7799dd }\n"
" a:visited { color: #aa99dd }\n"
"}\n"
2023-07-24 10:55:56 +00:00
;
2022-10-04 06:51:24 +00:00
2023-08-14 16:02:20 +00:00
const char *snac_blurb =
"<p><b>%host%</b> is a <a href=\"https:/"
"/en.wikipedia.org/wiki/Fediverse\">Fediverse</a> "
"instance that uses the <a href=\"https:/"
"/en.wikipedia.org/wiki/ActivityPub\">ActivityPub</a> "
"protocol. In other words, users at this host can communicate with people "
"that use software like Mastodon, Pleroma, Friendica, etc. "
"all around the world.</p>\n"
"<p>This server runs the "
"<a href=\"" WHAT_IS_SNAC_URL "\">snac</a> software and there is no "
"automatic sign-up process.</p>\n"
;
static const char *greeting_html =
2022-10-04 06:51:24 +00:00
"<!DOCTYPE html>\n"
"<html><head>\n"
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n"
"<link rel=\"icon\" type=\"image/x-icon\" href=\"https://%host%/favicon.ico\"/>\n"
2022-10-04 06:51:24 +00:00
"<title>Welcome to %host%</title>\n"
"<body style=\"margin: auto; max-width: 50em\">\n"
2023-08-14 16:02:20 +00:00
"%blurb%"
"<p>The following users are part of this community:</p>\n"
2022-10-04 06:51:24 +00:00
"\n"
"%userlist%\n"
"\n"
"<p>This site is powered by <abbr title=\"Social Networks Are Crap\">snac</abbr>.</p>\n"
"</body></html>\n";
2023-01-31 17:38:56 +00:00
int snac_init(const char *basedir)
2022-10-04 06:51:24 +00:00
{
FILE *f;
if (basedir == NULL) {
printf("Base directory: "); fflush(stdout);
2023-01-12 08:28:02 +00:00
srv_basedir = xs_strip_i(xs_readline(stdin));
2022-10-04 06:51:24 +00:00
}
else
srv_basedir = xs_str_new(basedir);
if (srv_basedir == NULL || *srv_basedir == '\0')
return 1;
if (xs_endswith(srv_basedir, "/"))
2023-01-12 08:28:02 +00:00
srv_basedir = xs_crop_i(srv_basedir, 0, -1);
2022-10-04 06:51:24 +00:00
if (mtime(srv_basedir) != 0.0) {
2023-07-12 04:29:01 +00:00
printf("ERROR: directory '%s' must not exist.\n", srv_basedir);
2022-10-04 06:51:24 +00:00
return 1;
}
srv_config = xs_json_loads(default_srv_config);
2023-01-31 17:33:45 +00:00
xs *layout = xs_number_new(disk_layout);
2022-11-23 12:32:23 +00:00
srv_config = xs_dict_set(srv_config, "layout", layout);
printf("Network address [%s]: ", xs_dict_get(srv_config, "address")); fflush(stdout);
2022-10-04 06:51:24 +00:00
{
2023-01-12 08:28:02 +00:00
xs *i = xs_strip_i(xs_readline(stdin));
2022-10-04 06:51:24 +00:00
if (*i)
srv_config = xs_dict_set(srv_config, "address", i);
}
printf("Network port [%d]: ", (int)xs_number_get(xs_dict_get(srv_config, "port"))); fflush(stdout);
2022-10-04 06:51:24 +00:00
{
2023-01-12 08:28:02 +00:00
xs *i = xs_strip_i(xs_readline(stdin));
2022-10-04 06:51:24 +00:00
if (*i) {
xs *n = xs_number_new(atoi(i));
2022-10-04 08:06:38 +00:00
srv_config = xs_dict_set(srv_config, "port", n);
2022-10-04 06:51:24 +00:00
}
}
printf("Host name: "); fflush(stdout);
2022-10-04 06:51:24 +00:00
{
2023-01-12 08:28:02 +00:00
xs *i = xs_strip_i(xs_readline(stdin));
2022-10-04 06:51:24 +00:00
if (*i == '\0')
return 1;
srv_config = xs_dict_set(srv_config, "host", i);
}
printf("URL prefix: "); fflush(stdout);
2022-10-04 06:51:24 +00:00
{
2023-01-12 08:28:02 +00:00
xs *i = xs_strip_i(xs_readline(stdin));
2022-10-04 06:51:24 +00:00
if (*i) {
if (xs_endswith(i, "/"))
2023-01-12 08:28:02 +00:00
i = xs_crop_i(i, 0, -1);
2022-10-04 06:51:24 +00:00
srv_config = xs_dict_set(srv_config, "prefix", i);
}
}
printf("Admin email address (optional): "); fflush(stdout);
{
xs *i = xs_strip_i(xs_readline(stdin));
srv_config = xs_dict_set(srv_config, "admin_email", i);
}
2023-02-07 08:25:01 +00:00
if (mkdirx(srv_basedir) == -1) {
2022-10-04 06:51:24 +00:00
printf("ERROR: cannot create directory '%s'\n", srv_basedir);
return 1;
}
xs *udir = xs_fmt("%s/user", srv_basedir);
2023-02-07 08:25:01 +00:00
mkdirx(udir);
2022-10-04 06:51:24 +00:00
2022-11-23 12:32:23 +00:00
xs *odir = xs_fmt("%s/object", srv_basedir);
2023-02-07 08:25:01 +00:00
mkdirx(odir);
2022-11-23 12:32:23 +00:00
2023-01-31 17:38:56 +00:00
xs *qdir = xs_fmt("%s/queue", srv_basedir);
2023-02-07 08:25:01 +00:00
mkdirx(qdir);
2023-01-31 17:38:56 +00:00
2023-03-02 07:43:50 +00:00
xs *ibdir = xs_fmt("%s/inbox", srv_basedir);
mkdirx(ibdir);
2022-10-04 06:51:24 +00:00
xs *gfn = xs_fmt("%s/greeting.html", srv_basedir);
if ((f = fopen(gfn, "w")) == NULL) {
printf("ERROR: cannot create '%s'\n", gfn);
return 1;
}
2023-08-14 16:02:20 +00:00
xs *gh = xs_replace(greeting_html, "%blurb%", snac_blurb);
fwrite(gh, strlen(gh), 1, f);
2022-10-04 06:51:24 +00:00
fclose(f);
xs *sfn = xs_fmt("%s/style.css", srv_basedir);
if ((f = fopen(sfn, "w")) == NULL) {
printf("ERROR: cannot create '%s'\n", sfn);
return 1;
}
fwrite(default_css, strlen(default_css), 1, f);
fclose(f);
xs *cfn = xs_fmt("%s/server.json", srv_basedir);
if ((f = fopen(cfn, "w")) == NULL) {
printf("ERROR: cannot create '%s'\n", cfn);
return 1;
}
xs_json_dump(srv_config, 4, f);
2022-10-04 06:51:24 +00:00
fclose(f);
printf("Done.\n");
return 0;
}
2022-10-04 07:40:16 +00:00
2023-08-31 05:00:15 +00:00
void new_password(const char *uid, xs_str **clear_pwd, xs_str **hashed_pwd)
2022-12-04 20:14:18 +00:00
/* creates a random password */
{
int rndbuf[3];
xs_rnd_buf(rndbuf, sizeof(rndbuf));
2022-12-04 20:14:18 +00:00
*clear_pwd = xs_base64_enc((char *)rndbuf, sizeof(rndbuf));
*hashed_pwd = hash_password(uid, *clear_pwd, NULL);
}
int adduser(const char *uid)
2022-10-04 07:40:16 +00:00
/* creates a new user */
{
snac snac;
xs *config = xs_dict_new();
2023-05-29 07:07:27 +00:00
xs *date = xs_str_utctime(0, ISO_DATE_SPEC);
2022-10-04 07:40:16 +00:00
xs *pwd = NULL;
xs *pwd_f = NULL;
xs *key = NULL;
FILE *f;
if (uid == NULL) {
printf("Username: "); fflush(stdout);
2023-01-12 08:28:02 +00:00
uid = xs_strip_i(xs_readline(stdin));
2022-10-04 07:40:16 +00:00
}
if (!validate_uid(uid)) {
printf("ERROR: only alphanumeric characters and _ are allowed in user ids.\n");
return 1;
}
if (user_open(&snac, uid)) {
printf("ERROR: user '%s' already exists\n", snac.uid);
2022-10-04 07:40:16 +00:00
return 1;
}
2022-12-04 20:14:18 +00:00
new_password(uid, &pwd, &pwd_f);
2022-10-04 07:40:16 +00:00
config = xs_dict_append(config, "uid", uid);
config = xs_dict_append(config, "name", uid);
config = xs_dict_append(config, "avatar", "");
config = xs_dict_append(config, "bio", "");
config = xs_dict_append(config, "cw", "");
2022-10-04 07:40:16 +00:00
config = xs_dict_append(config, "published", date);
2022-10-04 07:52:41 +00:00
config = xs_dict_append(config, "passwd", pwd_f);
2022-10-04 07:40:16 +00:00
xs *basedir = xs_fmt("%s/user/%s", srv_basedir, uid);
2023-02-07 08:25:01 +00:00
if (mkdirx(basedir) == -1) {
2022-10-04 07:40:16 +00:00
printf("ERROR: cannot create directory '%s'\n", basedir);
return 0;
}
const char *dirs[] = {
"followers", "following", "muted", "hidden",
"public", "private", "queue", "history",
"static", NULL };
2022-10-04 07:40:16 +00:00
int n;
for (n = 0; dirs[n]; n++) {
xs *d = xs_fmt("%s/%s", basedir, dirs[n]);
2023-02-07 08:25:01 +00:00
mkdirx(d);
2022-10-04 07:40:16 +00:00
}
xs *cfn = xs_fmt("%s/user.json", basedir);
if ((f = fopen(cfn, "w")) == NULL) {
printf("ERROR: cannot create '%s'\n", cfn);
return 1;
}
else {
xs_json_dump(config, 4, f);
2022-10-04 07:40:16 +00:00
fclose(f);
}
printf("\nCreating RSA key...\n");
key = xs_evp_genkey(4096);
2022-10-04 07:40:16 +00:00
printf("Done.\n");
xs *kfn = xs_fmt("%s/key.json", basedir);
if ((f = fopen(kfn, "w")) == NULL) {
printf("ERROR: cannot create '%s'\n", kfn);
return 1;
}
else {
xs_json_dump(key, 4, f);
2022-10-04 07:40:16 +00:00
fclose(f);
}
printf("\nUser password is %s\n", pwd);
2022-11-10 21:50:58 +00:00
printf("\nGo to %s/%s and continue configuring your user there.\n", srv_baseurl, uid);
2022-10-04 07:40:16 +00:00
return 0;
}
2022-12-04 20:26:24 +00:00
int resetpwd(snac *snac)
/* creates a new password for the user */
{
xs *clear_pwd = NULL;
xs *hashed_pwd = NULL;
xs *fn = xs_fmt("%s/user.json", snac->basedir);
FILE *f;
int ret = 0;
new_password(snac->uid, &clear_pwd, &hashed_pwd);
snac->config = xs_dict_set(snac->config, "passwd", hashed_pwd);
if ((f = fopen(fn, "w")) != NULL) {
xs_json_dump(snac->config, 4, f);
2022-12-04 20:26:24 +00:00
fclose(f);
printf("New password for user %s is %s\n", snac->uid, clear_pwd);
}
else {
printf("ERROR: cannot write to %s\n", fn);
ret = 1;
}
return ret;
}
void rm_rf(const char *dir)
/* does an rm -rf (yes, I'm also scared) */
{
xs *d = xs_str_cat(xs_dup(dir), "/" "*");
xs *l = xs_glob(d, 0, 0);
xs_list *p = l;
2024-05-23 08:01:37 +00:00
const xs_str *v;
if (dbglevel >= 1)
printf("Deleting directory %s\n", dir);
while (xs_list_iter(&p, &v)) {
struct stat st;
if (stat(v, &st) != -1) {
if (st.st_mode & S_IFDIR) {
rm_rf(v);
}
else {
if (dbglevel >= 1)
printf("Deleting file %s\n", v);
if (unlink(v) == -1)
printf("ERROR: cannot delete file %s\n", v);
}
}
else
printf("ERROR: stat() fail for %s\n", v);
}
if (rmdir(dir) == -1)
printf("ERROR: cannot delete directory %s\n", dir);
}
int deluser(snac *user)
/* deletes a user */
{
int ret = 0;
xs *fwers = following_list(user);
xs_list *p = fwers;
2024-05-23 08:01:37 +00:00
const xs_str *v;
while (xs_list_iter(&p, &v)) {
xs *object = NULL;
if (valid_status(following_get(user, v, &object))) {
xs *msg = msg_undo(user, xs_dict_get(object, "object"));
following_del(user, v);
enqueue_output_by_actor(user, msg, v, 0);
printf("Unfollowing actor %s\n", v);
}
}
rm_rf(user->basedir);
return ret;
}
2024-02-15 18:24:10 +00:00
void verify_links(snac *user)
/* verifies a user's links */
{
2024-05-21 12:12:15 +00:00
const xs_dict *p = xs_dict_get(user->config, "metadata");
2024-05-23 08:01:37 +00:00
const char *k, *v;
2024-02-15 18:24:10 +00:00
int changed = 0;
xs *headers = xs_dict_new();
headers = xs_dict_append(headers, "accept", "text/html");
headers = xs_dict_append(headers, "user-agent", USER_AGENT " (link verify)");
int c = 0;
while (p && xs_dict_next(p, &k, &v, &c)) {
2024-02-15 18:24:10 +00:00
/* not an https link? skip */
if (!xs_startswith(v, "https:/" "/"))
continue;
int status;
xs *req = NULL;
xs *payload = NULL;
int p_size = 0;
req = xs_http_request("GET", v, headers, NULL, 0, &status,
2024-02-15 18:24:10 +00:00
&payload, &p_size, 0);
2024-02-16 04:26:31 +00:00
if (!valid_status(status)) {
snac_log(user, xs_fmt("link %s verify error %d", v, status));
2024-02-15 18:24:10 +00:00
continue;
2024-02-16 04:26:31 +00:00
}
2024-02-15 18:24:10 +00:00
/* extract the links */
xs *ls = xs_regex_select(payload, "< *(a|link) +[^>]+>");
xs_list *lp = ls;
2024-05-23 08:01:37 +00:00
const char *ll;
int vfied = 0;
2024-02-15 18:24:10 +00:00
2024-02-16 05:06:12 +00:00
while (!vfied && xs_list_iter(&lp, &ll)) {
2024-02-15 18:24:10 +00:00
/* extract href and rel */
xs *r = xs_regex_select(ll, "(href|rel) *= *(\"[^\"]*\"|'[^']*')");
/* must have both attributes */
if (xs_list_len(r) != 2)
continue;
xs *href = NULL;
int is_rel_me = 0;
xs_list *pr = r;
2024-05-23 08:01:37 +00:00
const char *ar;
2024-02-15 18:24:10 +00:00
while (xs_list_iter(&pr, &ar)) {
xs *nq = xs_dup(ar);
nq = xs_replace_i(nq, "\"", "");
nq = xs_replace_i(nq, "'", "");
xs *r2 = xs_split_n(nq, "=", 1);
if (xs_list_len(r2) != 2)
continue;
xs *ak = xs_strip_i(xs_dup(xs_list_get(r2, 0)));
xs *av = xs_strip_i(xs_dup(xs_list_get(r2, 1)));
if (strcmp(ak, "href") == 0)
href = xs_dup(av);
else
if (strcmp(ak, "rel") == 0) {
/* split the value by spaces */
xs *vbs = xs_split(av, " ");
/* is any of it "me"? */
if (xs_list_in(vbs, "me") != -1)
is_rel_me = 1;
}
}
/* after all this acrobatics, do we have an href and a rel="me"? */
if (href != NULL && is_rel_me) {
/* is it the same as the actor? */
if (strcmp(href, user->actor) == 0) {
/* got it! */
xs *verified_time = xs_number_new((double)time(NULL));
2024-02-15 18:24:10 +00:00
2024-02-16 05:06:12 +00:00
if (user->links == NULL)
user->links = xs_dict_new();
user->links = xs_dict_set(user->links, v, verified_time);
2024-02-15 18:24:10 +00:00
vfied = 1;
2024-02-15 18:24:10 +00:00
}
2024-02-16 04:26:31 +00:00
else
snac_debug(user, 1,
xs_fmt("verify link %s rel='me' found but not related (%s)", v, href));
2024-02-15 18:24:10 +00:00
}
}
if (vfied) {
changed++;
snac_log(user, xs_fmt("link %s verified", v));
}
else {
snac_log(user, xs_fmt("link %s not verified (rel='me' not found)", v));
}
2024-02-15 18:24:10 +00:00
}
if (changed) {
FILE *f;
/* update the links.json file */
xs *fn = xs_fmt("%s/links.json", user->basedir);
xs *bfn = xs_fmt("%s.bak", fn);
rename(fn, bfn);
if ((f = fopen(fn, "w")) != NULL) {
xs_json_dump(user->links, 4, f);
fclose(f);
}
else
rename(bfn, fn);
}
}