// // Copyright (c) 2019 Ted Unangst // // Permission to use, copy, modify, and distribute this software for any // purpose with or without fee is hereby granted, provided that the above // copyright notice and this permission notice appear in all copies. // // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. package main import ( "crypto/rand" "crypto/rsa" "fmt" "html/template" "log" "net/http" "os" "regexp" "strings" "sync" "golang.org/x/net/html" "humungus.tedunangst.com/r/webs/htfilter" "humungus.tedunangst.com/r/webs/httpsig" ) func reverbolate(userid int64, honks []*Honk) { filt := htfilter.New() filt.Imager = replaceimg zilences := getzilences(userid) for _, h := range honks { h.What += "ed" if h.What == "tonked" { h.What = "honked back" h.Style = "subtle" } if !h.Public { h.Style += " limited" } translate(h) if h.Whofore == 2 || h.Whofore == 3 { h.URL = h.XID if h.What != "bonked" { h.Noise = re_memes.ReplaceAllString(h.Noise, "") h.Noise = mentionize(h.Noise) h.Noise = ontologize(h.Noise) } h.Username, h.Handle = handles(h.Honker) } else { _, h.Handle = handles(h.Honker) h.Username = h.Handle if len(h.Username) > 20 { h.Username = h.Username[:20] + ".." } if h.URL == "" { h.URL = h.XID } } if h.Oonker != "" { _, h.Oondle = handles(h.Oonker) } zap := make(map[*Donk]bool) h.Precis = unpucker(h.Precis) h.Noise = unpucker(h.Noise) h.Open = "open" if userid == -1 { if h.Precis != "" { h.Open = "" } } else { if badword := unsee(zilences, h.Precis, h.Noise, h.Donks); badword != "" { if h.Precis == "" { h.Precis = badword } h.Open = "" } else if h.Precis == "unspecified horror" { h.Precis = "" } } if len(h.Noise) > 4000 && h.Open == "open" { if h.Precis == "" { h.Precis = "really freaking long" } h.Open = "" } h.HTPrecis, _ = filt.String(h.Precis) h.HTML, _ = filt.String(h.Noise) emuxifier := func(e string) string { for _, d := range h.Donks { if d.Name == e { zap[d] = true if d.Local { return fmt.Sprintf(``, d.Name, d.XID) } } } return e } h.HTPrecis = template.HTML(re_emus.ReplaceAllStringFunc(string(h.HTPrecis), emuxifier)) h.HTML = template.HTML(re_emus.ReplaceAllStringFunc(string(h.HTML), emuxifier)) j := 0 for i := 0; i < len(h.Donks); i++ { if !zap[h.Donks[i]] { h.Donks[j] = h.Donks[i] j++ } } h.Donks = h.Donks[:j] } } func replaceimg(node *html.Node) string { src := htfilter.GetAttr(node, "src") alt := htfilter.GetAttr(node, "alt") //title := GetAttr(node, "title") if htfilter.HasClass(node, "Emoji") && alt != "" { return alt } alt = html.EscapeString(alt) src = html.EscapeString(src) d := finddonk(src) if d != nil { src = fmt.Sprintf("https://%s/d/%s", serverName, d.XID) return fmt.Sprintf(`%s`, alt, alt, src) } return fmt.Sprintf(`<img alt="%s" src="%s">`, alt, src, src) } func inlineimgs(node *html.Node) string { src := htfilter.GetAttr(node, "src") alt := htfilter.GetAttr(node, "alt") //title := GetAttr(node, "title") if htfilter.HasClass(node, "Emoji") && alt != "" { return alt } alt = html.EscapeString(alt) src = html.EscapeString(src) if !strings.HasPrefix(src, "https://"+serverName+"/") { d := savedonk(src, "image", alt, "image", true) if d != nil { src = fmt.Sprintf("https://%s/d/%s", serverName, d.XID) } } log.Printf("inline img with src: %s", src) return fmt.Sprintf(`%s$2$3") s = re_italicer.ReplaceAllString(s, "$1$2$3") s = re_quoter.ReplaceAllString(s, "
$1

") lilun := func(s string) string { code := lilcodes[0] lilcodes = lilcodes[1:] return code } s = re_coder.ReplaceAllStringFunc(s, lilun) bigun := func(s string) string { code := bigcodes[0] bigcodes = bigcodes[1:] return code } s = re_bigcoder.ReplaceAllStringFunc(s, bigun) s = re_bigcoder.ReplaceAllString(s, "

$1

") s = re_coder.ReplaceAllString(s, "$1") return s } func obfusbreak(s string) string { s = strings.TrimSpace(s) s = strings.Replace(s, "\r", "", -1) s = html.EscapeString(s) // dammit go s = strings.Replace(s, "'", "'", -1) linkfn := func(url string) string { if url[0] == '@' { return url } addparen := false adddot := false if strings.HasSuffix(url, ")") && strings.IndexByte(url, '(') == -1 { url = url[:len(url)-1] addparen = true } if strings.HasSuffix(url, ".") { url = url[:len(url)-1] adddot = true } url = fmt.Sprintf(`%s`, url, url) if adddot { url += "." } if addparen { url += ")" } return url } s = re_link.ReplaceAllStringFunc(s, linkfn) s = markitzero(s) s = strings.Replace(s, "\n", "
", -1) return s } var re_quickmention = regexp.MustCompile("(^| )@[[:alnum:]]+ ") func quickrename(s string, userid int64) string { return re_quickmention.ReplaceAllStringFunc(s, func(m string) string { prefix := "" if m[0] == ' ' { prefix = " " m = m[1:] } prefix += "@" m = m[1:] m = m[:len(m)-1] row := stmtOneHonker.QueryRow(m, userid) var xid string err := row.Scan(&xid) if err == nil { _, name := handles(xid) if name != "" { m = name } } return prefix + m + " " }) } func mentionize(s string) string { s = re_mentions.ReplaceAllStringFunc(s, func(m string) string { where := gofish(m) if where == "" { return m } who := m[0 : 1+strings.IndexByte(m[1:], '@')] return fmt.Sprintf(`%s`, html.EscapeString(where), html.EscapeString(who)) }) s = re_urltions.ReplaceAllStringFunc(s, func(m string) string { return fmt.Sprintf(`%s`, html.EscapeString(m[1:]), html.EscapeString(m)) }) return s } func ontologize(s string) string { s = re_hashes.ReplaceAllStringFunc(s, func(o string) string { if o[0] == '&' { return o } p := "" h := o if h[0] != '#' { p = h[:1] h = h[1:] } return fmt.Sprintf(`%s%s`, p, serverName, strings.ToLower(h[1:]), h) }) return s } var re_unurl = regexp.MustCompile("https://([^/]+).*/([^/]+)") var re_urlhost = regexp.MustCompile("https://([^/ ]+)") func originate(u string) string { m := re_urlhost.FindStringSubmatch(u) if len(m) > 1 { return m[1] } return "" } var allhandles = make(map[string]string) var handlelock sync.Mutex // handle, handle@host func handles(xid string) (string, string) { if xid == "" { return "", "" } handlelock.Lock() handle := allhandles[xid] handlelock.Unlock() if handle == "" { handle = findhandle(xid) handlelock.Lock() allhandles[xid] = handle handlelock.Unlock() } if handle == xid { return xid, xid } return handle, handle + "@" + originate(xid) } func findhandle(xid string) string { row := stmtGetXonker.QueryRow(xid, "handle") var handle string err := row.Scan(&handle) if err != nil { p, _ := investigate(xid) if p == nil { m := re_unurl.FindStringSubmatch(xid) if len(m) > 2 { handle = m[2] } else { handle = xid } } else { handle = p.Handle } _, err = stmtSaveXonker.Exec(xid, handle, "handle") if err != nil { log.Printf("error saving handle: %s", err) } } return handle } var handleprelock sync.Mutex func prehandle(xid string) { handleprelock.Lock() defer handleprelock.Unlock() handles(xid) } func prepend(s string, x []string) []string { return append([]string{s}, x...) } // pleroma leaks followers addressed posts to followers func butnottooloud(aud []string) { for i, a := range aud { if strings.HasSuffix(a, "/followers") { aud[i] = "" } } } func keepitquiet(aud []string) bool { for _, a := range aud { if a == thewholeworld { return false } } return true } func firstclass(honk *Honk) bool { return honk.Audience[0] == thewholeworld } func oneofakind(a []string) []string { var x []string for n, s := range a { if s != "" { x = append(x, s) for i := n + 1; i < len(a); i++ { if a[i] == s { a[i] = "" } } } } return x } var ziggies = make(map[string]*rsa.PrivateKey) var zaggies = make(map[string]*rsa.PublicKey) var ziggylock sync.Mutex func ziggy(username string) (keyname string, key *rsa.PrivateKey) { ziggylock.Lock() key = ziggies[username] ziggylock.Unlock() if key == nil { db := opendatabase() row := db.QueryRow("select seckey from users where username = ?", username) var data string row.Scan(&data) var err error key, _, err = httpsig.DecodeKey(data) if err != nil { log.Printf("error decoding %s seckey: %s", username, err) return } ziggylock.Lock() ziggies[username] = key ziggylock.Unlock() } keyname = fmt.Sprintf("https://%s/%s/%s#key", serverName, userSep, username) return } func zaggy(keyname string) (key *rsa.PublicKey) { ziggylock.Lock() key = zaggies[keyname] ziggylock.Unlock() if key != nil { return } row := stmtGetXonker.QueryRow(keyname, "pubkey") var data string err := row.Scan(&data) if err != nil { log.Printf("hitting the webs for missing pubkey: %s", keyname) j, err := GetJunk(keyname) if err != nil { log.Printf("error getting %s pubkey: %s", keyname, err) return } keyobj, ok := j.GetMap("publicKey") if ok { j = keyobj } data, ok = j.GetString("publicKeyPem") if !ok { log.Printf("error finding %s pubkey", keyname) return } _, ok = j.GetString("owner") if !ok { log.Printf("error finding %s pubkey owner", keyname) return } _, key, err = httpsig.DecodeKey(data) if err != nil { log.Printf("error decoding %s pubkey: %s", keyname, err) return } _, err = stmtSaveXonker.Exec(keyname, data, "pubkey") if err != nil { log.Printf("error saving key: %s", err) } } else { _, key, err = httpsig.DecodeKey(data) if err != nil { log.Printf("error decoding %s pubkey: %s", keyname, err) return } } ziggylock.Lock() zaggies[keyname] = key ziggylock.Unlock() return } func makeitworksomehowwithoutregardforkeycontinuity(keyname string, r *http.Request, payload []byte) (string, error) { _, err := stmtDeleteXonker.Exec(keyname, "pubkey") if err != nil { log.Printf("error deleting key: %s", err) } ziggylock.Lock() delete(zaggies, keyname) ziggylock.Unlock() return httpsig.VerifyRequest(r, payload, zaggy) } var thumbbiters map[int64]map[string]bool var zoggles map[int64]map[string]bool var zordses map[int64][]*regexp.Regexp var zilences map[int64][]*regexp.Regexp var thumblock sync.Mutex func bitethethumbs() { rows, err := stmtThumbBiters.Query() if err != nil { log.Printf("error getting thumbbiters: %s", err) return } defer rows.Close() thumblock.Lock() defer thumblock.Unlock() thumbbiters = make(map[int64]map[string]bool) zoggles = make(map[int64]map[string]bool) zordses = make(map[int64][]*regexp.Regexp) zilences = make(map[int64][]*regexp.Regexp) for rows.Next() { var userid int64 var name, wherefore string err = rows.Scan(&userid, &name, &wherefore) if err != nil { log.Printf("error scanning zonker: %s", err) continue } if wherefore == "zord" || wherefore == "zilence" { zord := "\\b(?i:" + name + ")\\b" re, err := regexp.Compile(zord) if err != nil { log.Printf("error compiling zord: %s", err) } else { if wherefore == "zord" { zordses[userid] = append(zordses[userid], re) } else { zilences[userid] = append(zilences[userid], re) } } } if wherefore == "zoggle" { m := zoggles[userid] if m == nil { m = make(map[string]bool) zoggles[userid] = m } m[name] = true } if wherefore == "zonker" || wherefore == "zomain" { m := thumbbiters[userid] if m == nil { m = make(map[string]bool) thumbbiters[userid] = m } m[name] = true } } } func getzords(userid int64) []*regexp.Regexp { thumblock.Lock() defer thumblock.Unlock() return zordses[userid] } func getzilences(userid int64) []*regexp.Regexp { thumblock.Lock() defer thumblock.Unlock() return zilences[userid] } func thoudostbitethythumb(userid int64, who []string, objid string) bool { thumblock.Lock() biters := thumbbiters[userid] thumblock.Unlock() objwhere := originate(objid) if objwhere != "" && biters[objwhere] { log.Printf("thumbbiter: %s", objid) return true } for _, w := range who { if biters[w] { log.Printf("thumbbiter: %s", w) return true } where := originate(w) if where != "" { if biters[where] { log.Printf("thumbbiter: %s", w) return true } } } return false } func stealthmode(userid int64, r *http.Request) bool { agent := r.UserAgent() agent = originate(agent) addr := r.Header.Get("X-Forwarded-For") thumblock.Lock() biters := thumbbiters[userid] thumblock.Unlock() fake := (agent != "" && biters[agent]) || (addr != "" && biters[addr]) if fake { log.Printf("faking 404 for %s from %s", agent, addr) } return fake } func keymatch(keyname string, actor string) string { hash := strings.IndexByte(keyname, '#') if hash == -1 { hash = len(keyname) } owner := keyname[0:hash] if owner == actor { return originate(actor) } return "" }