suwako
/
activity
1
0
フォーク 0
コード イシュー プルリクエスト パッケージ プロジェクト リリース Wiki アクティビティ

Update authn and authz functions to have intuitive return values

このコミットが含まれているのは:
Cory Slep 2019-02-19 20:40:26 +01:00
b41491e2c2
コミット 1e5f5f9c86
8個のファイルの変更94行の追加91行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

20
pub/base_actor.go
ファイルの表示

@ -154,10 +154,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
return true, nil
}
// Check the peer request is authentic.
shouldReturn, err := b.delegate.AuthenticatePostInbox(c, w, r)
authenticated, err := b.delegate.AuthenticatePostInbox(c, w, r)
if err != nil {
return true, err
} else if shouldReturn {
} else if !authenticated {
return true, nil
}
// Begin processing the request, but have not yet applied
@ -188,10 +188,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
return true, nil
}
// Check authorization of the activity.
shouldReturn, err = b.delegate.AuthorizePostInbox(c, w, activity)
authorized, err := b.delegate.AuthorizePostInbox(c, w, activity)
if err != nil {
return true, err
} else if shouldReturn {
} else if !authorized {
return true, nil
}
// Post the activity to the actor's inbox and trigger side effects for
@ -230,10 +230,10 @@ func (b *baseActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.R
return false, nil
}
// Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticateGetInbox(c, w, r)
authenticated, err := b.delegate.AuthenticateGetInbox(c, w, r)
if err != nil {
return true, err
} else if shouldReturn {
} else if !authenticated {
return true, nil
}
// Everything is good to begin processing the request.
@ -283,10 +283,10 @@ func (b *baseActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http
return true, nil
}
// Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticatePostOutbox(c, w, r)
authenticated, err := b.delegate.AuthenticatePostOutbox(c, w, r)
if err != nil {
return true, err
} else if shouldReturn {
} else if !authenticated {
return true, nil
}
// Everything is good to begin processing the request.
@ -370,10 +370,10 @@ func (b *baseActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.
return false, nil
}
// Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticateGetOutbox(c, w, r)
authenticated, err := b.delegate.AuthenticateGetOutbox(c, w, r)
if err != nil {
return true, err
} else if shouldReturn {
} else if !authenticated {
return true, nil
}
// Everything is good to begin processing the request.

62
pub/base_actor_test.go
ファイルの表示

@ -79,7 +79,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.GetInbox(ctx, resp, req)
@ -95,7 +95,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -119,7 +119,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -154,7 +154,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.PostOutbox(ctx, resp, req)
@ -170,7 +170,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxUnknownRequest())
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
// Run the test
handled, err := a.PostOutbox(ctx, resp, req)
// Verify results
@ -185,7 +185,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity)
return nil
@ -212,7 +212,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testMyNote))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().WrapInCreate(ctx, toDeserializedForm(testMyNote), mustParse(testMyOutboxIRI)).DoAndReturn(func(c context.Context, t vocab.Type, u *url.URL) (vocab.ActivityStreamsCreate, error) {
return wrappedInCreate(t), nil
})
@ -240,7 +240,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity)
return nil
@ -265,7 +265,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity)
return nil
@ -306,7 +306,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.GetOutbox(ctx, resp, req)
@ -322,7 +322,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -381,7 +381,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
@ -397,7 +397,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxUnknownRequest())
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
// Verify results
@ -412,7 +412,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
// Verify results
@ -427,10 +427,10 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, activity Activity) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
@ -446,8 +446,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
// Run the test
@ -464,8 +464,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrObjectRequired)
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
@ -481,8 +481,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrTargetRequired)
// Run the test
handled, err := a.PostInbox(ctx, resp, req)
@ -514,7 +514,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.GetInbox(ctx, resp, req)
@ -530,7 +530,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -554,7 +554,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -617,7 +617,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden)
return true, nil
return false, nil
})
// Run the test
handled, err := a.GetOutbox(ctx, resp, req)
@ -633,7 +633,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now())
// Run the test
@ -676,8 +676,8 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
// Run the test
@ -694,7 +694,7 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity)
return nil
@ -721,7 +721,7 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity)
return nil

16
pub/common_behavior.go
ファイルの表示

@ -21,17 +21,17 @@ type CommonBehavior interface {
// If an error is returned, it is passed back to the caller of
// GetInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetOutbox delegates the authentication of a GET to an
// outbox.
//
@ -41,17 +41,17 @@ type CommonBehavior interface {
// If an error is returned, it is passed back to the caller of
// GetOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// NewTransport returns a new Transport on behalf of a specific actor.
//
// The actorBoxIRI will be either the inbox or outbox of an actor who is

42
pub/delegate_actor.go
ファイルの表示

@ -31,17 +31,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetInbox delegates the authentication of a GET to an
// inbox.
//
@ -51,17 +51,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of
// GetInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthorizePostInbox delegates the authorization of an activity that
// has been sent by POST to an inbox.
//
@ -70,16 +70,16 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authorized' is ignored.
//
// If no error is returned, but authorization fails, then shouldReturn
// must be true and error nil. It is expected that the implementation
// If no error is returned, but authorization fails, then authorized
// must be false and error nil. It is expected that the implementation
// handles writing to the ResponseWriter in this case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authorized must be true and error nil. The request will continue
// to be processed.
AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error)
AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error)
// PostInbox delegates the side effects of adding to the inbox and
// determining if it is a request that should be blocked.
//
@ -155,17 +155,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of
// PostOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetOutbox delegates the authentication of a GET to an
// outbox.
//
@ -175,17 +175,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of
// GetOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// WrapInCreate wraps the provided object in a Create ActivityStreams
// activity. The provided URL is the actor's outbox endpoint.
//

12
pub/federating_protocol.go
ファイルの表示

@ -22,17 +22,17 @@ type FederatingProtocol interface {
// If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// Blocked should determine whether to permit a set of actors given by
// their ids are able to interact with this particular end user due to
// being blocked or other application-specific logic.
@ -41,11 +41,11 @@ type FederatingProtocol interface {
// PostInbox.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. An http.StatusForbidden
// then blocked must be true and error nil. An http.StatusForbidden
// will be written in the wresponse.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// blocked must be false and error nil. The request will continue
// to be processed.
Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error)
// Callbacks returns the application logic that handles ActivityStreams

17
pub/side_effect_actor.go
ファイルの表示

@ -30,22 +30,22 @@ type sideEffectActor struct {
}
// AuthenticatePostInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.s2s.AuthenticatePostInbox(c, w, r)
}
// AuthenticateGetInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.common.AuthenticateGetInbox(c, w, r)
}
// AuthenticatePostOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.c2s.AuthenticatePostOutbox(c, w, r)
}
// AuthenticateGetOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.common.AuthenticateGetOutbox(c, w, r)
}
@ -64,7 +64,8 @@ func (a *sideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.Ac
// AuthorizePostInbox defers to the federating protocol whether the peer request
// is authorized based on the actors' ids.
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) {
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) {
authorized = false
actor := activity.GetActivityStreamsActor()
var iris []*url.URL
for i := 0; i < actor.Len(); i++ {
@ -79,12 +80,14 @@ func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseW
}
}
// Determine if the actor(s) sending this request are blocked.
if shouldReturn, err = a.s2s.Blocked(c, iris); err != nil {
var blocked bool
if blocked, err = a.s2s.Blocked(c, iris); err != nil {
return
} else if shouldReturn {
} else if blocked {
w.WriteHeader(http.StatusForbidden)
return
}
authorized = true
return
}

8
pub/side_effect_actor_test.go
ファイルの表示

@ -141,7 +141,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
// Verify
assertEqual(t, b, false)
assertEqual(t, b, true)
assertEqual(t, err, nil)
})
t.Run("ActorNotAuthorized", func(t *testing.T) {
@ -153,7 +153,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
// Verify
assertEqual(t, b, true)
assertEqual(t, b, false)
assertEqual(t, err, nil)
})
t.Run("AllActorsAuthorized", func(t *testing.T) {
@ -165,7 +165,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
// Verify
assertEqual(t, b, false)
assertEqual(t, b, true)
assertEqual(t, err, nil)
})
t.Run("OneActorNotAuthorized", func(t *testing.T) {
@ -177,7 +177,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
// Verify
assertEqual(t, b, true)
assertEqual(t, b, false)
assertEqual(t, err, nil)
})
}

8
pub/social_protocol.go
ファイルの表示

@ -23,17 +23,17 @@ type SocialProtocol interface {
// If an error is returned, it is passed back to the caller of
// PostOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored.
// do so when handling the error. The 'authenticated' is ignored.
//
// If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that
// then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this
// case.
//
// Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue
// authenticated must be true and error nil. The request will continue
// to be processed.
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// Callbacks returns the application logic that handles ActivityStreams
// received from C2S clients.
//