From 55d05f047642ca4125044b005a8a5e5724fcbe7a Mon Sep 17 00:00:00 2001 From: Fabien O'Carroll Date: Thu, 18 Apr 2024 14:45:13 +0700 Subject: [PATCH] Used path instead of query params for ActivityPub API ref https://linear.app/tryghost/issue/MOM-25 This makes it easier to work with on the frontend, as we don't need to whitelist query params for Ghost(Pro) --- .../src/core/activitypub/actor.entity.ts | 34 +++---------------- .../controllers/activitypub.controller.ts | 14 ++++---- 2 files changed, 12 insertions(+), 36 deletions(-) diff --git a/ghost/ghost/src/core/activitypub/actor.entity.ts b/ghost/ghost/src/core/activitypub/actor.entity.ts index cd59e32b98..7d7b343784 100644 --- a/ghost/ghost/src/core/activitypub/actor.entity.ts +++ b/ghost/ghost/src/core/activitypub/actor.entity.ts @@ -13,16 +13,6 @@ type CreateActorData = ActorData & { id? : ObjectID }; -function makeUrl(base: URL, props: Record): URL { - const url = new URL(`${props.type}`, base.href); - for (const [key, value] of Object.entries(props)) { - if (key !== 'type') { - url.searchParams.set(key, value); - } - } - return url; -} - export class Actor extends Entity { get username() { return this.attr.username; @@ -32,25 +22,11 @@ export class Actor extends Entity { if (!url.href.endsWith('/')) { url.href += '/'; } - const actor = makeUrl(url, { - type: 'actor', - id: this.id.toHexString() - }); - - const publicKey = makeUrl(url, { - type: 'key', - owner: this.id.toHexString() - }); - - const inbox = makeUrl(url, { - type: 'inbox', - owner: this.id.toHexString() - }); - - const outbox = makeUrl(url, { - type: 'outbox', - owner: this.id.toHexString() - }); + const id = this.id.toHexString(); + const actor = new URL(`actor/${id}`, url.href); + const publicKey = new URL(`key/${id}`, url.href); + const inbox = new URL(`inbox/${id}`, url.href); + const outbox = new URL(`outbox/${id}`, url.href); return { '@context': 'https://www.w3.org/ns/activitystreams', diff --git a/ghost/ghost/src/http/admin/controllers/activitypub.controller.ts b/ghost/ghost/src/http/admin/controllers/activitypub.controller.ts index e618aa08e6..f8917e4fd9 100644 --- a/ghost/ghost/src/http/admin/controllers/activitypub.controller.ts +++ b/ghost/ghost/src/http/admin/controllers/activitypub.controller.ts @@ -1,4 +1,4 @@ -import {Controller, Get, Query} from '@nestjs/common'; +import {Controller, Get, Param} from '@nestjs/common'; import {Roles} from '../../../common/decorators/permissions.decorator'; import ObjectID from 'bson-objectid'; import {JSONLDService} from '../../../core/activitypub/jsonld.service'; @@ -10,8 +10,8 @@ export class ActivityPubController { ) {} @Roles(['Anon']) - @Get('actor') - async getActor(@Query('id') id: unknown) { + @Get('actor/:id') + async getActor(@Param('id') id: unknown) { if (typeof id !== 'string') { throw new Error('Bad Request'); } @@ -19,8 +19,8 @@ export class ActivityPubController { } @Roles(['Anon']) - @Get('key') - async getKey(@Query('owner') owner: unknown) { + @Get('key/:owner') + async getKey(@Param('owner') owner: unknown) { if (typeof owner !== 'string') { throw new Error('Bad Request'); } @@ -28,8 +28,8 @@ export class ActivityPubController { } @Roles(['Anon']) - @Get('outbox') - async getOutbox(@Query('owner') owner: unknown) { + @Get('outbox/:owner') + async getOutbox(@Param('owner') owner: unknown) { if (typeof owner !== 'string') { throw new Error('Bad Request'); }