from fediseer.apis.v1.base import * from fediseer.messaging import activitypub_pm from fediseer.fediverse import get_admin_for_software, get_nodeinfo from fediseer.classes.user import User, Claim from fediseer.consts import SUPPORTED_SOFTWARE class Whitelist(Resource): get_parser = reqparse.RequestParser() get_parser.add_argument("Client-Agent", default="unknown:0:unknown", type=str, required=False, help="The client name and version.", location="headers") get_parser.add_argument("endorsements", required=False, default=0, type=int, help="Limit to this amount of endorsements of more", location="args") get_parser.add_argument("guarantors", required=False, default=1, type=int, help="Limit to this amount of guarantors of more", location="args") get_parser.add_argument("csv", required=False, type=bool, help="Set to true to return just the domains as a csv. Mutually exclusive with domains", location="args") get_parser.add_argument("domains", required=False, type=bool, help="Set to true to return just the domains as a list. Mutually exclusive with csv", location="args") @api.expect(get_parser) @cache.cached(timeout=10, query_string=True) @api.marshal_with(models.response_model_model_Whitelist_get, code=200, description='Instances', skip_none=True) def get(self): '''A List with the details of all instances and their endorsements ''' self.args = self.get_parser.parse_args() instance_details = [] for instance in database.get_all_instances(self.args.endorsements,self.args.guarantors): instance_details.append(instance.get_details()) if self.args.csv: return {"csv": ",".join([instance["domain"] for instance in instance_details])},200 if self.args.domains: return {"domains": [instance["domain"] for instance in instance_details]},200 return {"instances": instance_details},200 class WhitelistDomain(Resource): get_parser = reqparse.RequestParser() get_parser.add_argument("Client-Agent", default="unknown:0:unknown", type=str, required=False, help="The client name and version.", location="headers") @api.expect(get_parser) @cache.cached(timeout=10, query_string=True) @api.marshal_with(models.response_model_instances, code=200, description='Instances') def get(self, domain): '''Display info about a specific instance ''' self.args = self.get_parser.parse_args() instance, nodeinfo, site, admin_usernames = self.ensure_instance_registered(domain) if not instance: raise e.NotFound(f"Something went wrong trying to register this instance.") return instance.get_details(),200 put_parser = reqparse.RequestParser() put_parser.add_argument("Client-Agent", default="unknown:0:unknown", type=str, required=False, help="The client name and version.", location="headers") put_parser.add_argument("admin", required=False, type=str, help="The username of the admin who wants to register this domain", location="json") put_parser.add_argument("guarantor", required=False, type=str, help="(Optiona) The domain of the guaranteeing instance. They will receive a PM to validate you", location="json") @api.expect(put_parser) @api.marshal_with(models.response_model_instances, code=200, description='Instances') @api.response(400, 'Bad Request', models.response_model_error) def put(self, domain): '''Register a new instance to the fediseer An instance account has to exist in the fediseer lemmylemmy instance That account will recieve the new API key via PM ''' self.args = self.put_parser.parse_args() if '@' in self.args.admin: raise e.BadRequest("Please send the username without any @ signs or domains") instance, nodeinfo, site, admin_usernames = self.ensure_instance_registered(domain) guarantor_instance = None if self.args.guarantor: guarantor_instance = database.find_instance_by_domain(self.args.guarantor) if not guarantor_instance: raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Overseer yet!") if self.args.admin not in admin_usernames: raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.") existing_claim = database.find_claim(f"@{self.args.admin}@{domain}") if existing_claim: raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.") api_key = activitypub_pm.pm_new_api_key(domain, self.args.admin, instance.software) if not api_key: raise e.BadRequest("Failed to generate API Key") new_user = User( api_key=hash_api_key(api_key), account=f"@{self.args.admin}@{domain}", username=self.args.admin, ) db.session.add(new_user) db.session.commit() new_claim = Claim( user_id = new_user.id, instance_id = instance.id, ) db.session.add(new_claim) db.session.commit() if guarantor_instance: activitypub_pm.pm_admins( message=f"New instance {domain} was just registered with the Overseer and have asked you to guarantee for them!", domain=guarantor_instance.domain, software=guarantor_instance.software, instance=guarantor_instance, ) return instance.get_details(),200 patch_parser = reqparse.RequestParser() patch_parser.add_argument("apikey", type=str, required=True, help="The sending instance's API key.", location='headers') patch_parser.add_argument("Client-Agent", default="unknown:0:unknown", type=str, required=False, help="The client name and version.", location="headers") patch_parser.add_argument("regenerate_key", required=False, type=str, help="If a username is given, their API will be reset. This can be initiated by other instance admins or the fediseer.", location="json") @api.expect(patch_parser) @api.marshal_with(models.response_model_simple_response, code=200, description='Instances', skip_none=True) @api.response(401, 'Invalid API Key', models.response_model_error) @api.response(403, 'Instance Not Registered', models.response_model_error) def patch(self, domain): '''Regenerate API key for instance ''' self.args = self.patch_parser.parse_args() if not self.args.apikey: raise e.Unauthorized("You must provide the API key that was PM'd admin account") user = database.find_user_by_api_key(self.args.apikey) if not user: raise e.Forbidden("You have not yet claimed an instance. Use the POST method to do so.") instance = database.find_instance_by_user(user) if self.args.regenerate_key: requestor = None if self.args.regenerate_key != user.username or user.username == "fediseer": requestor = user.username instance_to_reset = database.find_instance_by_account(f"@{self.args.regenerate_key}@{domain}") if instance != instance_to_reset and user.username != "fediseer": raise e.BadRequest("Only other admins or the fediseer can request API key reset for others.") instance = instance_to_reset user = database.find_user_by_account(f"@{self.args.regenerate_key}@{domain}") new_key = activitypub_pm.pm_new_api_key(domain, self.args.regenerate_key, instance.software, requestor=requestor) user.api_key = hash_api_key(new_key) db.session.commit() return {"message": "Changed"},200 delete_parser = reqparse.RequestParser() delete_parser.add_argument("apikey", type=str, required=True, help="The sending instance's API key.", location='headers') delete_parser.add_argument("Client-Agent", default="unknown:0:unknown", type=str, required=False, help="The client name and version.", location="headers") delete_parser.add_argument("username", required=False, type=str, help="(Not Implemented) Provide the username of another admin to remove their API key", location="json") @api.expect(delete_parser) @api.marshal_with(models.response_model_simple_response, code=200, description='Instances', skip_none=True) @api.response(400, 'Bad Request', models.response_model_error) @api.response(401, 'Invalid API Key', models.response_model_error) @api.response(403, 'Forbidden', models.response_model_error) def delete(self, domain): '''Delete claim to instance ''' return e.BadRequest("Not implemented") self.args = self.patch_parser.parse_args() if not self.args.apikey: raise e.Unauthorized("You must provide the API key that was PM'd to your account") instance = database.find_authenticated_instance(domain, self.args.apikey) if not instance: raise e.BadRequest(f"No Instance found matching provided API key and domain. Have you remembered to register it?") if domain == os.getenv('FEDISEER_LEMMY_DOMAIN'): raise e.Forbidden("Cannot delete fediseer control instance") db.session.delete(instance) db.session.commit() logger.warning(f"{domain} deleted") return {"message":'Changed'}, 200 def ensure_instance_registered(self, domain): if domain.endswith("test.dbzer0.com"): # Fake instances for testing chain of trust requested_lemmy = Lemmy(f"https://{domain}") requested_lemmy._requestor.nodeinfo = {"software":{"name":"lemmy"}} open_registrations = False email_verify = True software = "lemmy" admin_usernames = ["db0"] nodeinfo = get_nodeinfo("lemmy.dbzer0.com") requested_lemmy = Lemmy(f"https://{domain}") site = requested_lemmy.site.get() else: nodeinfo = get_nodeinfo(domain) if not nodeinfo: raise e.BadRequest(f"Error encountered while polling domain {domain}. Please check it's running correctly") software = nodeinfo["software"]["name"] if software not in SUPPORTED_SOFTWARE: raise e.BadRequest(f"Fediverse software {software} not supported at this time") if software == "lemmy": requested_lemmy = Lemmy(f"https://{domain}") site = requested_lemmy.site.get() if not site: raise e.BadRequest(f"Error encountered while polling lemmy domain {domain}. Please check it's running correctly") open_registrations = site["site_view"]["local_site"]["registration_mode"] == "open" email_verify = site["site_view"]["local_site"]["require_email_verification"] software = software admin_usernames = [a["person"]["name"] for a in site["admins"]] else: open_registrations = nodeinfo["openRegistrations"] email_verify = False admin_usernames = get_admin_for_software(software, domain) instance = database.find_instance_by_domain(domain) if instance: return instance, nodeinfo, site, admin_usernames new_instance = Instance( domain=domain, open_registrations=open_registrations, email_verify=email_verify, software=software, ) new_instance.create() return new_instance, nodeinfo, site, admin_usernames