diff --git a/app/Config/Filters.php b/app/Config/Filters.php index a838f4dee0451b87d8d227e275fa83f3ac702484..9481194ed437e19bd99d731eaa81dee382a74040 100644 --- a/app/Config/Filters.php +++ b/app/Config/Filters.php @@ -11,6 +11,7 @@ use CodeIgniter\Filters\Honeypot; use CodeIgniter\Filters\InvalidChars; use CodeIgniter\Filters\SecureHeaders; use Modules\Auth\Filters\PermissionFilter; +use Modules\Fediverse\Filters\AllowCorsFilter; use Modules\Fediverse\Filters\FediverseFilter; use Myth\Auth\Filters\LoginFilter; use Myth\Auth\Filters\RoleFilter; @@ -31,7 +32,8 @@ class Filters extends BaseConfig 'login' => LoginFilter::class, 'role' => RoleFilter::class, 'permission' => PermissionFilter::class, - 'activity-pub' => FediverseFilter::class, + 'fediverse' => FediverseFilter::class, + 'allow-cors' => AllowCorsFilter::class, ]; /** diff --git a/app/Config/Routes.php b/app/Config/Routes.php index 2ad119d64f8694b40d2c25953190f8de0f4876c3..1432ceda8e66b7df40816399531ecb293fd7ef9d 100644 --- a/app/Config/Routes.php +++ b/app/Config/Routes.php @@ -90,6 +90,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'controller-method' => 'ActorController/$1', ], ], + 'filter' => 'allow-cors', ]); $routes->get('about', 'PodcastController::about/$1', [ 'as' => 'podcast-about', @@ -108,6 +109,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'controller-method' => 'PodcastController::episodeCollection/$1', ], ], + 'filter' => 'allow-cors', ]); $routes->group('episodes/(:slug)', function ($routes): void { $routes->options('/', 'ActivityPubController::preflight'); @@ -124,6 +126,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'controller-method' => 'EpisodeController::episodeObject/$1/$2', ], ], + 'filter' => 'allow-cors', ]); $routes->get('activity', 'EpisodeController::activity/$1/$2', [ 'as' => 'episode-activity', @@ -140,7 +143,9 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'application/ld+json; profile="https://www.w3.org/ns/activitystreams' => [ 'controller-method' => 'EpisodeController::comments/$1/$2', ], + 'filter' => 'allow-cors', ]); + $routes->options('comments/(:uuid)', 'ActivityPubController::preflight'); $routes->get('comments/(:uuid)', 'EpisodeCommentController::view/$1/$2/$3', [ 'as' => 'episode-comment', 'application/activity+json' => [ @@ -152,6 +157,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'application/ld+json; profile="https://www.w3.org/ns/activitystreams' => [ 'controller-method' => 'EpisodeController::commentObject/$1/$2', ], + 'filter' => 'allow-cors', ]); $routes->get('comments/(:uuid)/replies', 'EpisodeCommentController::replies/$1/$2/$3', [ 'as' => 'episode-comment-replies', @@ -221,6 +227,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'controller-method' => 'PostController/$2', ], ], + 'filter' => 'allow-cors', ]); $routes->options('replies', 'ActivityPubController::preflight'); $routes->get('replies', 'PostController/$1/$2', [ @@ -235,6 +242,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { 'controller-method' => 'PostController::replies/$2', ], ], + 'filter' => 'allow-cors', ]); // Actions @@ -278,7 +286,7 @@ $routes->group('@(:podcastHandle)', function ($routes): void { ]); $routes->get('outbox', 'ActorController::outbox/$1', [ 'as' => 'outbox', - 'filter' => 'activity-pub:verify-activitystream', + 'filter' => 'fediverse:verify-activitystream', ]); }); diff --git a/app/Controllers/ActivityPubController.php b/app/Controllers/ActivityPubController.php index f46b8e771ead9a8c1f0c3188b49baaaf1a74e82d..a735e886c9503d1c950ccd4e10abe30c296f18b4 100644 --- a/app/Controllers/ActivityPubController.php +++ b/app/Controllers/ActivityPubController.php @@ -10,21 +10,8 @@ declare(strict_types=1); namespace App\Controllers; -use CodeIgniter\Controller; -use CodeIgniter\HTTP\Response; +use Modules\Fediverse\Controllers\ActivityPubController as FediverseActivityPubController; -class ActivityPubController extends Controller +class ActivityPubController extends FediverseActivityPubController { - /** - * @noRector ReturnTypeDeclarationRector - */ - public function preflight(): Response - { - return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure - ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure - ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only - ->setHeader('Access-Control-Max-Age', '86400') - ->setHeader('Cache-Control', 'public, max-age=86400') - ->setStatusCode(200); - } } diff --git a/modules/Fediverse/Config/Routes.php b/modules/Fediverse/Config/Routes.php index c3bf55bc7c9375128d2262e4fdcdf74daa5d3f5f..33d70220c4b7eb7bdad9df3ce129f38592d76077 100644 --- a/modules/Fediverse/Config/Routes.php +++ b/modules/Fediverse/Config/Routes.php @@ -43,15 +43,15 @@ $routes->group('', [ $routes->post('inbox', 'ActorController::inbox/$1', [ 'as' => 'inbox', 'filter' => - 'activity-pub:verify-activitystream,verify-blocks,verify-signature', + 'fediverse:verify-activitystream,verify-blocks,verify-signature', ]); $routes->get('outbox', 'ActorController::outbox/$1', [ 'as' => 'outbox', - 'filter' => 'activity-pub:verify-activitystream', + 'filter' => 'fediverse:verify-activitystream', ]); $routes->get('followers', 'ActorController::followers/$1', [ 'as' => 'followers', - 'filter' => 'activity-pub::activity-stream', + 'filter' => 'fediverse::activity-stream', ]); $routes->post('follow', 'ActorController::attemptFollow/$1', [ 'as' => 'attempt-follow', diff --git a/modules/Fediverse/Controllers/ActivityPubController.php b/modules/Fediverse/Controllers/ActivityPubController.php new file mode 100644 index 0000000000000000000000000000000000000000..fe94c9a127e83285316678c9c13b8c3258ec116f --- /dev/null +++ b/modules/Fediverse/Controllers/ActivityPubController.php @@ -0,0 +1,30 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2021 Podlibre + * @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3 + * @link https://castopod.org/ + */ + +namespace Modules\Fediverse\Controllers; + +use CodeIgniter\Controller; +use CodeIgniter\HTTP\Response; + +class ActivityPubController extends Controller +{ + /** + * @noRector ReturnTypeDeclarationRector + */ + public function preflight(): Response + { + return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure + ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure + ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only + ->setHeader('Access-Control-Max-Age', '86400') + ->setHeader('Cache-Control', 'public, max-age=86400') + ->setStatusCode(200); + } +} diff --git a/modules/Fediverse/Filters/AllowCorsFilter.php b/modules/Fediverse/Filters/AllowCorsFilter.php new file mode 100644 index 0000000000000000000000000000000000000000..3ed0f9489a393cbd0144e3b828baed123344bc83 --- /dev/null +++ b/modules/Fediverse/Filters/AllowCorsFilter.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +namespace Modules\Fediverse\Filters; + +use CodeIgniter\Filters\FilterInterface; +use CodeIgniter\HTTP\RequestInterface; +use CodeIgniter\HTTP\ResponseInterface; + +class AllowCorsFilter implements FilterInterface +{ + public function before(RequestInterface $request, $arguments = null): void + { + // Do something here + } + + public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void + { + $response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure + ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure + ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only + ->setHeader('Access-Control-Max-Age', '86400') + ->setHeader('Cache-Control', 'public, max-age=86400') + ->setStatusCode(200); + } +}