Fediverse-based authentication (#1846)

* Able to authenticate user against IndieAuth. For #1273 * WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272 * Add migration to remove access tokens from user * Add authenticated bool to user for display purposes * Add indieauth modal and auth flair to display names. For #1273 * Validate URLs and display errors * Renames, cleanups * Handle relative auth endpoint paths. Add error handling for missing redirects. * Disallow using display names in use by registered users. Closes #1810 * Verify code verifier via code challenge on callback * Use relative path to authorization_endpoint * Post-rebase fixes * Use a timestamp instead of a bool for authenticated * Propertly handle and display error in modal * Use auth'ed timestamp to derive authenticated flag to display in chat * Fediverse chat auth via OTP * Increase validity time just in case * Add fediverse auth into auth modal * Text, validation, cleanup updates for fedi auth * Fix typo * Remove unused images * Remove unused file * Add chat display name to auth modal text
2025-11-01 02:44:31 +08:00 · 2022-04-22 17:23:14 -07:00
parent 8b7e2b945e
commit a082cf3a77
21 changed files with 855 additions and 81 deletions
--- a/activitypub/outbox/outbox.go
+++ b/activitypub/outbox/outbox.go
@ -1,7 +1,6 @@
 package outbox

 import (
-	"errors"
 	"fmt"
 	"net/url"
 	"path/filepath"
@ -13,7 +12,11 @@ import (
 	"github.com/owncast/owncast/activitypub/apmodels"
 	"github.com/owncast/owncast/activitypub/crypto"
 	"github.com/owncast/owncast/activitypub/persistence"
+	"github.com/owncast/owncast/activitypub/requests"
+	"github.com/owncast/owncast/activitypub/resolvers"
+	"github.com/owncast/owncast/activitypub/webfinger"
 	"github.com/owncast/owncast/activitypub/workerpool"
+	"github.com/pkg/errors"

 	"github.com/owncast/owncast/config"
 	"github.com/owncast/owncast/core/data"
@ -61,6 +64,12 @@ func SendLive() error {

 	activity, _, note, noteID := createBaseOutboundMessage(textContent)

+	// To the public if we're not treating ActivityPub as "private".
+	if !data.GetFederationIsPrivate() {
+		note = apmodels.MakeNotePublic(note)
+		activity = apmodels.MakeActivityPublic(activity)
+	}
+
 	note.SetActivityStreamsTag(tagProp)

 	// Attach an image along with the Federated message.
@ -106,6 +115,37 @@ func SendLive() error {
 	return nil
 }

+// SendDirectMessageToAccount will send a direct message to a single account.
+func SendDirectMessageToAccount(textContent, account string) error {
+	links, err := webfinger.GetWebfingerLinks(account)
+	if err != nil {
+		return errors.Wrap(err, "unable to get webfinger links when sending private message")
+	}
+	user := apmodels.MakeWebFingerRequestResponseFromData(links)
+
+	iri := user.Self
+	actor, err := resolvers.GetResolvedActorFromIRI(iri)
+	if err != nil {
+		return errors.Wrap(err, "unable to resolve actor to send message to")
+	}
+
+	activity, _, note, _ := createBaseOutboundMessage(textContent)
+
+	// Set direct message visibility
+	activity = apmodels.MakeActivityDirect(activity, actor.ActorIri)
+	note = apmodels.MakeNoteDirect(note, actor.ActorIri)
+	object := activity.GetActivityStreamsObject()
+	object.SetActivityStreamsNote(0, note)
+
+	b, err := apmodels.Serialize(activity)
+	if err != nil {
+		log.Errorln("unable to serialize custom fediverse message activity", err)
+		return errors.Wrap(err, "unable to serialize custom fediverse message activity")
+	}
+
+	return SendToUser(actor.Inbox, b)
+}
+
 // SendPublicMessage will send a public message to all followers.
 func SendPublicMessage(textContent string) error {
 	originalContent := textContent
@ -191,6 +231,20 @@ func SendToFollowers(payload []byte) error {
 	return nil
 }

+// SendToUser will send a payload to a single specific inbox.
+func SendToUser(inbox *url.URL, payload []byte) error {
+	localActor := apmodels.MakeLocalIRIForAccount(data.GetDefaultFederationUsername())
+
+	req, err := requests.CreateSignedRequest(payload, inbox, localActor)
+	if err != nil {
+		return errors.Wrap(err, "unable to create outbox request")
+	}
+
+	workerpool.AddToOutboundQueue(req)
+
+	return nil
+}
+
 // UpdateFollowersWithAccountUpdates will send an update to all followers alerting of a profile update.
 func UpdateFollowersWithAccountUpdates() error {
 	// Don't do anything if federation is disabled.