13
39
Fork
You've already forked forte
10

fix_channel_import_content #8

Merged
streams merged 14 commits from abanink/forte:fix_channel_import_content into dev 2025年03月06日 20:00:39 +01:00
Collaborator
Copy link

solves the OWA issues when getting files from the original server, when the channel is imported directly from another server (not via file import)

Original server:
Screenshot From 2025年03月02日 13-05-27.png

Done an /import on the target server, providing the original server profile (copied from 'View Profile') and providing the new nickname on the target server 'portmefromservernewnick'

Target server:
Screenshot From 2025年03月02日 13-05-11.png

Profile picture and cover photo are imported.
I had not added posts etc but chances are good that these are ok as well.

solves the OWA issues when getting files from the original server, when the channel is imported directly from another server (not via file import) Original server: ![Screenshot From 2025年03月02日 13-05-27.png](/attachments/47b2c5f9-fb9d-4131-b696-a60f9a42c901) Done an /import on the target server, providing the original server profile (copied from 'View Profile') and providing the new nickname on the target server 'portmefromservernewnick' Target server: ![Screenshot From 2025年03月02日 13-05-11.png](/attachments/ed48d5d8-cc76-4871-b5da-23b0a36cb49d) Profile picture and cover photo are imported. I had not added posts etc but chances are good that these are ok as well.
abanink changed title from (削除) fix_channel_import_content (削除ここまで) to WIP: fix_channel_import_content 2025年03月03日 19:56:11 +01:00
Collaborator
Copy link

Don't know if you saw my DM the other day - I've had some federation difficulties. Anyway I think the solution to the api_auth issue is to replace get_zotfinger_key() in api_auth.php with get_webfinger_key().

Don't know if you saw my DM the other day - I've had some federation difficulties. Anyway I think the solution to the api_auth issue is to replace get_zotfinger_key() in api_auth.php with get_webfinger_key().
Author
Collaborator
Copy link

@streams wrote in #8 (comment):

Don't know if you saw my DM the other day - I've had some federation difficulties. Anyway I think the solution to the api_auth issue is to replace get_zotfinger_key() in api_auth.php with get_webfinger_key().

Yes, I'm going this route. Busy testing...

@streams wrote in https://codeberg.org/fortified/forte/pulls/8#issuecomment-2927334: > Don't know if you saw my DM the other day - I've had some federation difficulties. Anyway I think the solution to the api_auth issue is to replace get_zotfinger_key() in api_auth.php with get_webfinger_key(). Yes, I'm going this route. Busy testing...
abanink changed title from (削除) WIP: fix_channel_import_content (削除ここまで) to fix_channel_import_content 2025年03月05日 09:19:14 +01:00
Author
Collaborator
Copy link

@streams

Switched to get_webfinger_key - I hope it's more or less as intended.

The case when 'force = true' is broken, but I haven't been in this case for the channel cloning, so it doesn't have an impact here.
I stopped troubleshooting when I noticed that the remote does not provide the 'nomad' links in the webfinger reply.

This could be enough for this PR and we can fix the case 'force = true' in another change.

@streams Switched to get_webfinger_key - I hope it's more or less as intended. The case when 'force = true' is broken, but I haven't been in this case for the channel cloning, so it doesn't have an impact here. I stopped troubleshooting when I noticed that the remote does not provide the 'nomad' links in the webfinger reply. This could be enough for this PR and we can fix the case 'force = true' in another change.
@ -92,2 +92,4 @@
if ($sigblock) {
$keyId = str_replace('acct:', '', $sigblock['keyId']);
# keyId might have a #rsa suffix
$keyId = substr($keyId, 0, strpos($keyId, '#') ?: null);
Collaborator
Copy link

This line is probably not needed. In HTTPSig.php::L186-181 the query and fragment are filtered out.

This line is probably not needed. In HTTPSig.php::L186-181 the query and fragment are filtered out.
abanink marked this conversation as resolved
@ -98,1 +99,3 @@
$r = hubloc_id_addr_query($keyId);
$r = HTTPSig::get_webfinger_key($keyId);
if ($r) {
$r = $r['hubloc'];
Collaborator
Copy link

$r['hubloc'] should return a single hubloc record; the best identity we can use. Originally this was the case with zot/nomad where a single actor could have records for identities on multiple networks. In forte we no longer check for zot/nomad, so the 'best' record will be one with hubloc_network = 'nomadic' -- if it's available.

The solution here is to fix hubloc_id_addr_query() so it will return the correct hubloc record(s) for the keyId, which should be the case already. Ignore the cached entry from get_webfinger_key(), which may not exist depending on the value of $force. If there isn't a hubloc after doing the webfinger lookup, we don't have the record and couldn't discover it.

The issue here is that we may have an apgateway address (https://$something/.well-known/apgateway/did:key:....), and hubloc_id_addr_query() won't resolve it. If this happens, hubloc_id_addr_query() needs to be fixed. The ActorId class can be used to normalize the id we received and $actorId->getId() will return either a URL or a DID. Then you might end up with something like this:

function hubloc_id_addr_query($s, $limit = 0) {
 if ($limit) {
 $qlimit = 'limit ' . intval($limit);
 }
 $actorId = new ActorId($s);
 $id = $actorId->getId();
 $r = q(
 "select * from xchan left join hubloc on xchan_hash = hubloc_hash where ( hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' or xchan_epubkey = '%s') and hubloc_deleted = 0 order by hubloc_id desc $qlimit",
 dbesc(str_replace('acct:', '', $s)), // we still need to match the non-normalised id against webfinger addresses
 dbesc($id), // use the results from ActorId for any other id forms. 
 dbesc($id),
 dbesc(str_replace('did:key:', '', $id)) // this is a fallback for some special cases where the nomadic id is in transition
 );
 return $r;
 }

This might need a bit of additional tweaking, but should return all the hublocs for the record in nearly cases.

$r['hubloc'] should return a single hubloc record; the best identity we can use. Originally this was the case with zot/nomad where a single actor could have records for identities on multiple networks. In forte we no longer check for zot/nomad, so the 'best' record will be one with hubloc_network = 'nomadic' -- if it's available. The solution here is to fix hubloc_id_addr_query() so it will return the correct hubloc record(s) for the keyId, which should be the case already. Ignore the cached entry from get_webfinger_key(), which may not exist depending on the value of $force. If there isn't a hubloc after doing the webfinger lookup, we don't have the record and couldn't discover it. The issue here is that we may have an apgateway address (https://$something/.well-known/apgateway/did:key:....), and hubloc_id_addr_query() won't resolve it. If this happens, hubloc_id_addr_query() needs to be fixed. The ActorId class can be used to normalize the id we received and $actorId->getId() will return either a URL or a DID. Then you might end up with something like this: ``` function hubloc_id_addr_query($s, $limit = 0) { if ($limit) { $qlimit = 'limit ' . intval($limit); } $actorId = new ActorId($s); $id = $actorId->getId(); $r = q( "select * from xchan left join hubloc on xchan_hash = hubloc_hash where ( hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' or xchan_epubkey = '%s') and hubloc_deleted = 0 order by hubloc_id desc $qlimit", dbesc(str_replace('acct:', '', $s)), // we still need to match the non-normalised id against webfinger addresses dbesc($id), // use the results from ActorId for any other id forms. dbesc($id), dbesc(str_replace('did:key:', '', $id)) // this is a fallback for some special cases where the nomadic id is in transition ); return $r; } ``` This might need a bit of additional tweaking, but should return all the hublocs for the record in nearly cases.
abanink marked this conversation as resolved
@ -65,3 +65,3 @@
$verified = HTTPSig::verify('');
if ($verified && $verified['header_signed'] && $verified['header_valid']) {
$r = hubloc_id_addr_query($verified['signer']);
$r = hubloc_id_addr_query($verified['portable_id']);
Collaborator
Copy link

With the above fixes to hubloc_id_addr_query(), the original signer should work here.

With the above fixes to hubloc_id_addr_query(), the original signer should work here.
abanink marked this conversation as resolved
@ -402,3 +402,3 @@
public static function get_webfinger_key($id, $force = false)
public static function get_webfinger_key($arg_id, $force = false)
Collaborator
Copy link

With the above changes, this function should be reverted. It has been working fine for a long time. You can also revert get_zotfinger_key() - which shouldn't be used any more. I'll remove it in a future update.

With the above changes, this function should be reverted. It has been working fine for a long time. You can also revert get_zotfinger_key() - which shouldn't be used any more. I'll remove it in a future update.
abanink marked this conversation as resolved
Author
Collaborator
Copy link

with the changes in the feedback, channel cloning works with import of profile photo.

Thanks for your review!

with the changes in the feedback, channel cloning works with import of profile photo. Thanks for your review!
Sign in to join this conversation.
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
fortified/forte!8
Reference in a new issue
fortified/forte
No description provided.
Delete branch "abanink/forte:fix_channel_import_content"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?