-
-
Notifications
You must be signed in to change notification settings - Fork 6
/
daemon_get.py
6345 lines (6023 loc) · 288 KB
/
daemon_get.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
__filename__ = "daemon_get.py"
__author__ = "Bob Mottram"
__license__ = "AGPL3+"
__version__ = "1.5.0"
__maintainer__ = "Bob Mottram"
__email__ = "[email protected]"
__status__ = "Production"
__module_group__ = "Core"
import os
import time
import json
import urllib.parse
from siteactive import referer_is_active
from maps import map_format_from_tagmaps_path
from blog import html_edit_blog
from blog import html_blog_post
from blog import path_contains_blog_link
from blog import html_blog_view
from speaker import get_ssml_box
from follow import pending_followers_timeline_json
from blocking import broch_mode_is_active
from blocking import remove_global_block
from blocking import update_blocked_cache
from blocking import add_global_block
from blocking import blocked_timeline_json
from cache import get_person_from_cache
from webapp_moderation import html_account_info
from webapp_calendar import html_calendar_delete_confirm
from webapp_calendar import html_calendar
from webapp_hashtagswarm import html_search_hashtag_category
from webapp_minimalbutton import set_minimal
from webapp_minimalbutton import is_minimal
from webapp_search import html_search_emoji_text_entry
from webapp_search import html_search
from webapp_search import html_hashtag_search_remote
from webapp_column_left import html_links_mobile
from webapp_column_right import html_newswire_mobile
from webapp_theme_designer import html_theme_designer
from webapp_accesskeys import html_access_keys
from webapp_manual import html_manual
from webapp_specification import html_specification
from webapp_about import html_about
from webapp_tos import html_terms_of_service
from webapp_confirm import html_confirm_remove_shared_item
from webapp_welcome_profile import html_welcome_profile
from webapp_welcome_final import html_welcome_final
from webapp_welcome import html_welcome_screen
from webapp_welcome import is_welcome_screen_complete
from webapp_podcast import html_podcast_episode
from webapp_utils import html_known_epicyon_instances
from webapp_utils import get_default_path
from webapp_utils import csv_following_list
from webapp_utils import get_shares_collection
from webapp_utils import html_following_list
from webapp_utils import html_show_share
from webapp_login import html_login
from followerSync import update_followers_sync_cache
from securemode import secure_mode
from fitnessFunctions import sorted_watch_points
from fitnessFunctions import fitness_performance
from fitnessFunctions import html_watch_points_graph
from session import establish_session
from session import get_session_for_domains
from crawlers import blocked_user_agent
from daemon_utils import etag_exists
from daemon_utils import has_accept
from daemon_utils import show_person_options
from daemon_utils import is_authorized
from daemon_utils import get_user_agent
from daemon_utils import log_epicyon_instances
from httpheaders import update_headers_catalog
from httpheaders import set_headers_etag
from httpheaders import login_headers
from httpheaders import redirect_headers
from httprequests import request_icalendar
from httprequests import request_ssml
from httprequests import request_csv
from httprequests import request_http
from httpheaders import set_headers
from httpheaders import logout_headers
from httpheaders import logout_redirect
from httpheaders import contains_suspicious_headers
from httpcodes import http_200
from httpcodes import http_402
from httpcodes import http_403
from httpcodes import http_404
from httpcodes import http_304
from httpcodes import http_400
from httpcodes import http_503
from httpcodes import write2
from flags import is_image_file
from flags import is_artist
from flags import is_blog_post
from utils import date_utcnow
from utils import replace_strings
from utils import contains_invalid_chars
from utils import save_json
from utils import data_dir
from utils import user_agent_domain
from utils import local_network_host
from utils import permitted_dir
from utils import has_users_path
from utils import media_file_mime_type
from utils import replace_users_with_at
from utils import remove_id_ending
from utils import local_actor_url
from utils import load_json
from utils import acct_dir
from utils import get_instance_url
from utils import convert_domains
from utils import get_nickname_from_actor
from utils import get_json_content_from_accept
from utils import check_bad_path
from utils import corp_servers
from utils import decoded_host
from person import get_person_notes_endpoint
from person import get_account_pub_key
from shares import actor_attached_shares
from shares import get_share_category
from shares import vf_proposal_from_id
from shares import authorize_shared_items
from shares import shares_catalog_endpoint
from shares import shares_catalog_account_endpoint
from shares import shares_catalog_csv_endpoint
from posts import is_moderator
from posts import get_pinned_post_as_json
from posts import outbox_message_create_wrap
from daemon_get_masto_api import masto_api
from daemon_get_favicon import show_cached_favicon
from daemon_get_favicon import get_favicon
from daemon_get_exports import get_exported_blocks
from daemon_get_exports import get_exported_theme
from daemon_get_pwa import progressive_web_app_manifest
from daemon_get_css import get_fonts
from daemon_get_css import get_style_sheet
from daemon_get_nodeinfo import get_nodeinfo
from daemon_get_hashtag import hashtag_search_rss2
from daemon_get_hashtag import hashtag_search_json2
from daemon_get_hashtag import hashtag_search2
from daemon_get_hashtag import get_hashtag_categories_feed2
from daemon_get_timeline import show_media_timeline
from daemon_get_timeline import show_blogs_timeline
from daemon_get_timeline import show_news_timeline
from daemon_get_timeline import show_features_timeline
from daemon_get_timeline import show_shares_timeline
from daemon_get_timeline import show_wanted_timeline
from daemon_get_timeline import show_bookmarks_timeline
from daemon_get_timeline import show_outbox_timeline
from daemon_get_timeline import show_mod_timeline
from daemon_get_timeline import show_dms
from daemon_get_timeline import show_replies
from daemon_get_timeline import show_inbox
from daemon_get_feeds import show_shares_feed
from daemon_get_feeds import show_following_feed
from daemon_get_feeds import show_moved_feed
from daemon_get_feeds import show_inactive_feed
from daemon_get_feeds import show_followers_feed
from daemon_get_buttons_announce import announce_button
from daemon_get_buttons_announce import announce_button_undo
from daemon_get_buttons import follow_approve_button
from daemon_get_buttons import follow_deny_button
from daemon_get_buttons_like import like_button
from daemon_get_buttons_like import like_button_undo
from daemon_get_buttons_reaction import reaction_button
from daemon_get_buttons_reaction import reaction_button_undo
from daemon_get_buttons_bookmark import bookmark_button
from daemon_get_buttons_bookmark import bookmark_button_undo
from daemon_get_buttons import delete_button
from daemon_get_buttons_mute import mute_button
from daemon_get_buttons_mute import mute_button_undo
from daemon_get_newswire import get_newswire_feed
from daemon_get_newswire import newswire_vote
from daemon_get_newswire import newswire_unvote
from daemon_get_newswire import edit_newswire2
from daemon_get_newswire import edit_news_post2
from daemon_get_rss import get_rss2feed
from daemon_get_rss import get_rss2site
from daemon_get_rss import get_rss3feed
from daemon_get_profile import show_person_profile
from daemon_get_profile import show_skills
from daemon_get_profile import show_roles
from daemon_get_profile import edit_profile2
from daemon_get_images import show_avatar_or_banner
from daemon_get_images import show_cached_avatar
from daemon_get_images import show_help_screen_image
from daemon_get_images import show_manual_image
from daemon_get_images import show_specification_image
from daemon_get_images import show_icon
from daemon_get_images import show_share_image
from daemon_get_images import show_media
from daemon_get_images import show_background_image
from daemon_get_images import show_default_profile_background
from daemon_get_images import column_image
from daemon_get_images import search_screen_banner
from daemon_get_images import show_qrcode
from daemon_get_images import show_emoji
from daemon_get_post import show_individual_post
from daemon_get_post import show_notify_post
from daemon_get_post import show_replies_to_post
from daemon_get_post import show_announcers_of_post
from daemon_get_post import show_likers_of_post
from daemon_get_post import show_individual_at_post
from daemon_get_post import show_new_post
from daemon_get_post import show_conversation_thread
from daemon_get_collections import get_featured_collection
from daemon_get_collections import get_featured_tags_collection
from daemon_get_collections import get_following_json
from daemon_get_webfinger import get_webfinger
from daemon_get_reactions import reaction_picker2
from daemon_get_instance_actor import show_instance_actor
from daemon_get_vcard import show_vcard
from daemon_get_blog import show_blog_page
from daemon_get_links import edit_links2
from daemon_get_login import redirect_to_login_screen
from daemon_get_login import show_login_screen
from poison import html_poisoned
# Blogs can be longer, so don't show many per page
MAX_POSTS_IN_BLOGS_FEED = 4
# maximum number of posts to list in outbox feed
MAX_POSTS_IN_FEED = 12
# Maximum number of entries in returned rss.xml
MAX_POSTS_IN_RSS_FEED = 10
# reduced posts for media feed because it can take a while
MAX_POSTS_IN_MEDIA_FEED = 6
MAX_POSTS_IN_NEWS_FEED = 10
# number of item shares per page
SHARES_PER_PAGE = 12
# number of follows/followers per page
FOLLOWS_PER_PAGE = 6
# maximum number of posts in a hashtag feed
MAX_POSTS_IN_HASHTAG_FEED = 6
def daemon_http_get(self) -> None:
"""daemon handler for http GET
"""
if self.server.starting_daemon:
return
if check_bad_path(self.path):
http_400(self)
return
calling_domain = self.server.domain_full
# record header fields encountered
update_headers_catalog(self.server.base_dir,
self.server.headers_catalog,
self.headers)
if self.headers.get('Server'):
if self.headers['Server'] in corp_servers():
print('GET HTTP Corporate leech bounced: ' +
self.headers['Server'])
http_402(self)
return
# handle robots.txt
if self.path == '/robots.txt':
if self.server.robots_txt:
msg = self.server.robots_txt
else:
msg = "User-agent: *\nAllow: /"
msg = msg.encode('utf-8')
msglen = len(msg)
set_headers(self, 'text/plain', msglen,
'', calling_domain, False)
write2(self, msg)
return
# headers used by LLM scrapers
# oai-host-hash requests come from Microsoft Corporation,
# which has a long term partnership with OpenAI
if 'oai-host-hash' in self.headers:
if is_image_file(self.path):
http_404(self, 720)
return
print('GET HTTP LLM scraper poisoned: ' + str(self.headers))
msg = html_poisoned(self.server.dictionary,
self.server.twograms)
msg = msg.encode('utf-8')
msglen = len(msg)
set_headers(self, 'text/html', msglen,
'', calling_domain, False)
write2(self, msg)
return
# replace invalid .well-known path, prior to checking for suspicious paths
if self.path.startswith('/users/.well-known/'):
self.path = self.path.replace('/users/.well-known/', '/.well-known/')
# suspicious headers
if contains_suspicious_headers(self.headers):
print('GET HTTP suspicious headers ' + str(self.headers))
http_403(self)
return
# php
if 'index.php' in self.path:
print('GET HTTP Attempt to access PHP file ' + self.path)
http_404(self, 145)
return
if contains_invalid_chars(str(self.headers)):
print('GET HTTP headers contain invalid characters ' +
str(self.headers))
http_403(self)
return
if self.headers.get('Host'):
calling_domain = decoded_host(self.headers['Host'])
if self.server.onion_domain:
if calling_domain not in (self.server.domain,
self.server.domain_full,
self.server.onion_domain):
print('GET domain blocked: ' + calling_domain)
http_400(self)
return
elif self.server.i2p_domain:
if calling_domain not in (self.server.domain,
self.server.domain_full,
self.server.i2p_domain):
print('GET domain blocked: ' + calling_domain)
http_400(self)
return
else:
if calling_domain not in (self.server.domain,
self.server.domain_full):
print('GET domain blocked: ' + calling_domain)
http_400(self)
return
ua_str = get_user_agent(self)
if ua_str:
if 'Epicyon/' in ua_str:
log_epicyon_instances(self.server.base_dir, ua_str,
self.server.known_epicyon_instances)
if not _permitted_crawler_path(self.path):
block, self.server.blocked_cache_last_updated, llm = \
blocked_user_agent(calling_domain, ua_str,
self.server.news_instance,
self.server.debug,
self.server.user_agents_blocked,
self.server.blocked_cache_last_updated,
self.server.base_dir,
self.server.blocked_cache,
self.server.block_federated,
self.server.blocked_cache_update_secs,
self.server.crawlers_allowed,
self.server.known_bots,
self.path, self.server.block_military)
if block:
if llm:
# check if LLM is too frequent
if self.server.last_llm_time:
curr_date = date_utcnow()
time_diff = curr_date - self.server.last_llm_time
diff_secs = time_diff.total_seconds()
if diff_secs < 60:
http_402(self)
return
if is_image_file(self.path):
http_402(self)
return
# if this is an LLM crawler then feed it some trash
print('GET HTTP LLM scraper poisoned: ' + str(self.headers))
msg = html_poisoned(self.server.dictionary,
self.server.twograms)
msg = msg.encode('utf-8')
msglen = len(msg)
set_headers(self, 'text/html', msglen,
'', calling_domain, False)
write2(self, msg)
self.server.last_llm_time = date_utcnow()
return
http_400(self)
return
referer_domain = _get_referer_domain(self, ua_str)
curr_session, proxy_type = \
get_session_for_domains(self.server,
calling_domain, referer_domain)
getreq_start_time = time.time()
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'start', self.server.debug)
if show_vcard(self, self.server.base_dir,
self.path, calling_domain, referer_domain,
self.server.domain, self.server.translate):
return
# getting the public key for an account
acct_pub_key_json = \
get_account_pub_key(self.path, self.server.person_cache,
self.server.base_dir,
self.server.domain, calling_domain,
self.server.http_prefix,
self.server.domain_full,
self.server.onion_domain,
self.server.i2p_domain)
if acct_pub_key_json:
msg_str = json.dumps(acct_pub_key_json, ensure_ascii=False)
msg = msg_str.encode('utf-8')
msglen = len(msg)
accept_str = self.headers['Accept']
protocol_str = \
get_json_content_from_accept(accept_str)
set_headers(self, protocol_str, msglen,
None, calling_domain, False)
write2(self, msg)
return
# Since fediverse crawlers are quite active,
# make returning info to them high priority
# get nodeinfo endpoint
if get_nodeinfo(self, ua_str, calling_domain, referer_domain,
self.server.http_prefix, 5, self.server.debug,
self.server.base_dir,
self.server.unit_test,
self.server.domain_full,
self.path,
self.server.allow_local_network_access,
self.server.sites_unavailable,
self.server.known_crawlers,
self.server.onion_domain,
self.server.i2p_domain,
self.server.project_version,
self.server.show_node_info_version,
self.server.show_node_info_accounts,
self.server.registration,
self.server.domain,
self.server.instance_description_short,
self.server.instance_description):
return
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', '_nodeinfo[calling_domain]',
self.server.debug)
if _security_txt(self, ua_str, calling_domain, referer_domain,
self.server.http_prefix, 5, self.server.debug):
return
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', '_security_txt[calling_domain]',
self.server.debug)
# followers synchronization request
# See https://github.com/mastodon/mastodon/pull/14510
# https://codeberg.org/fediverse/fep/src/branch/main/feps/fep-8fcf.md
if self.path.startswith('/users/') and \
self.path.endswith('/followers_synchronization'):
if self.server.followers_synchronization:
# only do one request at a time
http_503(self)
return
self.server.followers_synchronization = True
if self.server.debug:
print('DEBUG: followers synchronization request ' +
self.path + ' ' + calling_domain)
# check authorized fetch
if secure_mode(curr_session, proxy_type, False,
self.server, self.headers, self.path):
nickname = get_nickname_from_actor(self.path)
sync_cache = self.server.followers_sync_cache
sync_json, _ = \
update_followers_sync_cache(self.server.base_dir,
nickname,
self.server.domain,
self.server.http_prefix,
self.server.domain_full,
calling_domain,
sync_cache)
msg_str = json.dumps(sync_json, ensure_ascii=False)
msg_str = convert_domains(calling_domain, referer_domain,
msg_str,
self.server.http_prefix,
self.server.domain,
self.server.onion_domain,
self.server.i2p_domain)
msg = msg_str.encode('utf-8')
msglen = len(msg)
set_headers(self, 'application/json', msglen,
None, calling_domain, False)
write2(self, msg)
self.server.followers_synchronization = False
return
else:
# request was not signed
result_json = {
"error": "Request not signed"
}
msg_str = json.dumps(result_json, ensure_ascii=False)
msg = msg_str.encode('utf-8')
msglen = len(msg)
accept_str = self.headers['Accept']
if 'json' in accept_str:
protocol_str = \
get_json_content_from_accept(accept_str)
set_headers(self, protocol_str, msglen,
None, calling_domain, False)
write2(self, msg)
self.server.followers_synchronization = False
return
http_404(self, 110)
self.server.followers_synchronization = False
return
if self.path == '/logout':
if not self.server.news_instance:
msg = \
html_login(self.server.translate,
self.server.base_dir,
self.server.http_prefix,
self.server.domain_full,
self.server.system_language,
False, ua_str,
self.server.theme_name).encode('utf-8')
msglen = len(msg)
logout_headers(self, 'text/html', msglen, calling_domain)
write2(self, msg)
else:
news_url = \
get_instance_url(calling_domain,
self.server.http_prefix,
self.server.domain_full,
self.server.onion_domain,
self.server.i2p_domain) + \
'/users/news'
logout_redirect(self, news_url, calling_domain)
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'logout',
self.server.debug)
return
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'show logout',
self.server.debug)
# replace https://domain/@nick with https://domain/users/nick
if self.path.startswith('/@'):
self.path = self.path.replace('/@', '/users/')
# replace https://domain/@nick/statusnumber
# with https://domain/users/nick/statuses/statusnumber
nickname = self.path.split('/users/')[1]
if '/' in nickname:
status_number_str = nickname.split('/')[1]
if status_number_str.isdigit():
nickname = nickname.split('/')[0]
self.path = \
self.path.replace('/users/' + nickname + '/',
'/users/' + nickname + '/statuses/')
# instance actor
if self.path in ('/actor', '/users/instance.actor', '/users/actor',
'/Actor', '/users/Actor'):
self.path = '/users/inbox'
if show_instance_actor(self, calling_domain, referer_domain,
self.path,
self.server.base_dir,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.onion_domain,
self.server.i2p_domain,
getreq_start_time,
None, self.server.debug,
self.server.enable_shared_inbox,
self.server.fitness):
return
http_404(self, 111)
return
# turn off dropdowns on new post screen
no_drop_down = False
if self.path.endswith('?nodropdown'):
no_drop_down = True
self.path = self.path.replace('?nodropdown', '')
# redirect music to #nowplaying list
if self.path == '/music' or self.path == '/NowPlaying':
self.path = '/tags/NowPlaying'
if self.server.debug:
print('DEBUG: GET from ' + self.server.base_dir +
' path: ' + self.path + ' busy: ' +
str(self.server.getreq_busy))
if self.server.debug:
print(str(self.headers))
cookie = None
if self.headers.get('Cookie'):
cookie = self.headers['Cookie']
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'get cookie',
self.server.debug)
if '/manifest.json' in self.path:
if has_accept(self, calling_domain):
if not request_http(self.headers, self.server.debug):
progressive_web_app_manifest(self, self.server.base_dir,
calling_domain,
referer_domain,
getreq_start_time,
self.server.http_prefix,
self.server.domain,
self.server.onion_domain,
self.server.i2p_domain,
self.server.fitness,
self.server.debug)
return
else:
self.path = '/'
if '/browserconfig.xml' in self.path:
if has_accept(self, calling_domain):
_browser_config(self, calling_domain, referer_domain,
getreq_start_time)
return
# default newswire favicon, for links to sites which
# have no favicon
if not self.path.startswith('/favicons/'):
if 'newswire_favicon.ico' in self.path:
get_favicon(self, calling_domain, self.server.base_dir,
self.server.debug,
'newswire_favicon.ico',
self.server.iconsCache,
self.server.domain_full)
return
# favicon image
if 'favicon.ico' in self.path:
get_favicon(self, calling_domain, self.server.base_dir,
self.server.debug, 'favicon.ico',
self.server.iconsCache,
self.server.domain_full)
return
# check authorization
authorized = is_authorized(self)
if self.server.debug:
if authorized:
print('GET Authorization granted ' + self.path)
else:
print('GET Not authorized ' + self.path + ' ' +
str(self.headers))
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'isAuthorized',
self.server.debug)
# json endpoint for person options notes
if (authorized and
('/private_account_notes/' in self.path or
self.path.endswith('/private_account_notes'))):
nickname = get_nickname_from_actor(self.path)
handle = ''
if '/private_account_notes/' in self.path:
handle = self.path.split('/private_account_notes/', 1)[1]
if nickname:
notes_json = \
get_person_notes_endpoint(self.server.base_dir,
nickname,
self.server.domain,
handle,
self.server.http_prefix,
self.server.domain_full)
msg_str = json.dumps(notes_json)
msg = msg_str.encode('utf-8')
msglen = len(msg)
set_headers(self, 'application/json', msglen,
None, calling_domain, True)
write2(self, msg)
return
http_404(self, 212)
return
if authorized and self.path.endswith('/bots.txt'):
known_bots_str = ''
for bot_name in self.server.known_bots:
known_bots_str += bot_name + '\n'
msg = known_bots_str.encode('utf-8')
msglen = len(msg)
set_headers(self, 'text/plain; charset=utf-8',
msglen, None, calling_domain, True)
write2(self, msg)
if self.server.debug:
print('Sent known bots: ' +
self.server.path + ' ' + calling_domain)
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', 'get_known_bots',
self.server.debug)
return
if show_conversation_thread(self, authorized,
calling_domain, self.path,
self.server.base_dir,
self.server.http_prefix,
self.server.domain,
self.server.port,
self.server.debug,
self.server.session,
cookie, ua_str,
self.server.domain_full,
self.server.onion_domain,
self.server.i2p_domain,
self.server.account_timezone,
self.server.bold_reading,
self.server.translate,
self.server.project_version,
self.server.recent_posts_cache,
self.server.max_recent_posts,
self.server.cached_webfingers,
self.server.person_cache,
self.server.yt_replace_domain,
self.server.twitter_replacement_domain,
self.server.show_published_date_only,
self.server.peertube_instances,
self.server.allow_local_network_access,
self.server.theme_name,
self.server.system_language,
self.server.max_like_count,
self.server.signing_priv_key_pem,
self.server.cw_lists,
self.server.lists_enabled,
self.server.dogwhistles,
self.server.access_keys,
self.server.min_images_for_accounts,
self.server.buy_sites,
self.server.blocked_cache,
self.server.block_federated,
self.server.auto_cw_cache,
self.server.default_timeline):
fitness_performance(getreq_start_time, self.server.fitness,
'_GET', '_show_conversation_thread',
self.server.debug)
return
# show a shared item if it is listed within actor attachment
if self.path.startswith('/users/') and '/shareditems/' in self.path:
nickname = self.path.split('/users/')[1]
if '/' in nickname:
nickname = nickname.split('/')[0]
shared_item_display_name = self.path.split('/shareditems/')[1]
if not nickname or not shared_item_display_name:
http_404(self, 112)
return
if not has_accept(self, calling_domain):
print('DEBUG: shareditems 1')
http_404(self, 113)
return
# get the actor from the cache
actor = \
get_instance_url(calling_domain,
self.server.http_prefix,
self.server.domain_full,
self.server.onion_domain,
self.server.i2p_domain) + \
'/users/' + nickname
actor_json = get_person_from_cache(self.server.base_dir, actor,
self.server.person_cache)
if not actor_json:
actor_filename = acct_dir(self.server.base_dir, nickname,
self.server.domain) + '.json'
if os.path.isfile(actor_filename):
actor_json = load_json(actor_filename)
if not actor_json:
print('DEBUG: shareditems 2 ' + actor)
http_404(self, 114)
return
attached_shares = actor_attached_shares(actor_json)
if not attached_shares:
print('DEBUG: shareditems 3 ' + str(actor_json['attachment']))
http_404(self, 115)
return
# is the given shared item in the list?
share_id = None
for share_href in attached_shares:
if not isinstance(share_href, str):
continue
if share_href.endswith(self.path):
share_id = share_href.replace('://', '___')
share_id = share_id.replace('/', '--')
break
if not share_id:
print('DEBUG: shareditems 4')
http_404(self, 116)
return
# show the shared item
print('DEBUG: shareditems 5 ' + share_id)
shares_file_type = 'shares'
if request_http(self.headers, self.server.debug):
# get the category for share_id
share_category = \
get_share_category(self.server.base_dir,
nickname, self.server.domain,
shares_file_type, share_id)
msg = \
html_show_share(self.server.base_dir,
self.server.domain, nickname,
self.server.http_prefix,
self.server.domain_full,
share_id, self.server.translate,
self.server.shared_items_federated_domains,
self.server.default_timeline,
self.server.theme_name, shares_file_type,
share_category, not authorized)
if msg:
msg = msg.encode('utf-8')
msglen = len(msg)
set_headers(self, 'text/html', msglen,
None, calling_domain, True)
write2(self, msg)
return
print('DEBUG: shareditems 6 ' + share_id)
else:
# get json for the shared item in ValueFlows format
share_json = \
vf_proposal_from_id(self.server.base_dir,
nickname, self.server.domain,
shares_file_type, share_id,
actor)
if share_json:
msg_str = json.dumps(share_json)
msg_str = convert_domains(calling_domain,
referer_domain,
msg_str,
self.server.http_prefix,
self.server.domain,
self.server.onion_domain,
self.server.i2p_domain)
msg = msg_str.encode('utf-8')
msglen = len(msg)
set_headers(self, 'application/json', msglen,
None, calling_domain, True)
write2(self, msg)
return
print('DEBUG: shareditems 7 ' + share_id)
http_404(self, 117)
return
# shared items offers collection for this instance
# this is only accessible to instance members or to
# other instances which present an authorization token
if self.path.startswith('/users/') and '/offers' in self.path:
offers_collection_authorized = authorized
nickname = self.path.split('/users/')[1]
if '/' in nickname:
nickname = nickname.split('/')[0]
page_number = 1
if '?page=' in self.path:
page_number_str = self.path.split('?page=')[1]
if ';' in page_number_str:
page_number_str = page_number_str.split(';')[0]
if page_number_str.isdigit():
page_number = int(page_number_str)
if not offers_collection_authorized:
if self.server.debug:
print('Offers collection access is not authorized. ' +
'Checking Authorization header')
# Check the authorization token
if self.headers.get('Origin') and \
self.headers.get('Authorization'):
permitted_domains = \
self.server.shared_items_federated_domains
shared_item_tokens = \
self.server.shared_item_federation_tokens
if authorize_shared_items(permitted_domains,
self.server.base_dir,
self.headers['Origin'],
calling_domain,
self.headers['Authorization'],
self.server.debug,
shared_item_tokens):
offers_collection_authorized = True
elif self.server.debug:
print('Authorization token refused for ' +
'offers collection federation')
# show offers collection for federation
offers_json = []
if has_accept(self, calling_domain) and \
offers_collection_authorized:
if self.server.debug:
print('Preparing offers collection')
domain_full = self.server.domain_full
http_prefix = self.server.http_prefix
if self.server.debug:
print('Offers collection for account: ' + nickname)
base_dir = self.server.base_dir
offers_items_per_page = 12
max_shares_per_account = offers_items_per_page
shared_items_federated_domains = \
self.server.shared_items_federated_domains
actor = \
local_actor_url(http_prefix, nickname, domain_full) + \
'/offers'
offers_json = \
get_shares_collection(actor, page_number,
offers_items_per_page, base_dir,
self.server.domain, nickname,
max_shares_per_account,
shared_items_federated_domains,
'shares')
msg_str = json.dumps(offers_json,
ensure_ascii=False)
msg_str = convert_domains(calling_domain,
referer_domain,
msg_str,
self.server.http_prefix,
self.server.domain,
self.server.onion_domain,
self.server.i2p_domain)
msg = msg_str.encode('utf-8')
msglen = len(msg)
accept_str = self.headers['Accept']
protocol_str = \
get_json_content_from_accept(accept_str)
set_headers(self, protocol_str, msglen,
None, calling_domain, False)
write2(self, msg)
return
if self.path.startswith('/users/') and '/blocked' in self.path:
blocked_collection_authorized = authorized
nickname = self.path.split('/users/')[1]
if '/' in nickname:
nickname = nickname.split('/')[0]
page_number = 1
if '?page=' in self.path:
page_number_str = self.path.split('?page=')[1]
if ';' in page_number_str:
page_number_str = page_number_str.split(';')[0]
if page_number_str.isdigit():
page_number = int(page_number_str)
# show blocked collection for the nickname
actor = \
local_actor_url(self.server.http_prefix,
nickname, self.server.domain_full)
actor += '/blocked'
blocked_json = {
"@context": [
'https://www.w3.org/ns/activitystreams',
'https://w3id.org/security/v1',
"https://purl.archive.org/socialweb/blocked"
],
"id": actor,
"type": "OrderedCollection",
"name": nickname + "'s Blocked Collection",
"orderedItems": []
}
if has_accept(self, calling_domain) and \
blocked_collection_authorized:
if self.server.debug:
print('Preparing blocked collection')
if self.server.debug:
print('Blocked collection for account: ' + nickname)
base_dir = self.server.base_dir
blocked_items_per_page = 12
blocked_json = \
blocked_timeline_json(actor, page_number,
blocked_items_per_page, base_dir,
nickname, self.server.domain)
msg_str = json.dumps(blocked_json,
ensure_ascii=False)
msg_str = convert_domains(calling_domain,
referer_domain,
msg_str,
self.server.http_prefix,
self.server.domain,
self.server.onion_domain,
self.server.i2p_domain)
msg = msg_str.encode('utf-8')
msglen = len(msg)
accept_str = self.headers['Accept']
protocol_str = \
get_json_content_from_accept(accept_str)
set_headers(self, protocol_str, msglen,
None, calling_domain, False)
write2(self, msg)
return
if self.path.startswith('/users/') and \