Update ActivityPubFetchService, fix authorized_fetch support

CHANGELOG.md

@@ -14,6 +14,9 @@
 - Update AdminApiController, add instance stats endpoint ([89c3710d](https://github.com/pixelfed/pixelfed/commit/89c3710d))
 - Update config, re-add `PF_MAX_USERS` .env variable to limit max users to 1000 by default ([a6d10f03](https://github.com/pixelfed/pixelfed/commit/a6d10f03))
 - Update AdminApiController, fix stats ([5c5541fc](https://github.com/pixelfed/pixelfed/commit/5c5541fc))
+- Update AdminApiController, include more data for getUser method ([4f850e54](https://github.com/pixelfed/pixelfed/commit/4f850e54))
+- Update AdminApiController, improve admin moderation tools ([763ce19a](https://github.com/pixelfed/pixelfed/commit/763ce19a))
+- Update ActivityPubFetchService, fix authorized_fetch compatibility. Closes #1850, #2713, #2935 ([63a7879c](https://github.com/pixelfed/pixelfed/commit/63a7879c))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.11.8 (2023-05-29)](https://github.com/pixelfed/pixelfed/compare/v0.11.7...v0.11.8)

app/Http/Controllers/InstanceActorController.php

@@ -25,7 +25,61 @@ public function inbox()
 	public function outbox()
 	{
 		$res = json_encode([
-			'@context' => 'https://www.w3.org/ns/activitystreams',
+			"@context" => [
+                "https://www.w3.org/ns/activitystreams",
+                "https://w3id.org/security/v1",
+                [
+                    "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
+                    "toot" => "http://joinmastodon.org/ns#",
+                    "featured" => [
+                        "@id" => "toot:featured",
+                        "@type" => "@id"
+                    ],
+                    "featuredTags" => [
+                        "@id" => "toot:featuredTags",
+                        "@type" => "@id"
+                    ],
+                    "alsoKnownAs" => [
+                        "@id" => "as:alsoKnownAs",
+                        "@type" => "@id"
+                    ],
+                    "movedTo" => [
+                        "@id" => "as:movedTo",
+                        "@type" => "@id"
+                    ],
+                    "schema" => "http://schema.org#",
+                    "PropertyValue" => "schema:PropertyValue",
+                    "value" => "schema:value",
+                    "discoverable" => "toot:discoverable",
+                    "Device" => "toot:Device",
+                    "Ed25519Signature" => "toot:Ed25519Signature",
+                    "Ed25519Key" => "toot:Ed25519Key",
+                    "Curve25519Key" => "toot:Curve25519Key",
+                    "EncryptedMessage" => "toot:EncryptedMessage",
+                    "publicKeyBase64" => "toot:publicKeyBase64",
+                    "deviceId" => "toot:deviceId",
+                    "claim" => [
+                        "@type" => "@id",
+                        "@id" => "toot:claim"
+                    ],
+                    "fingerprintKey" => [
+                        "@type" => "@id",
+                        "@id" => "toot:fingerprintKey"
+                    ],
+                    "identityKey" => [
+                        "@type" => "@id",
+                        "@id" => "toot:identityKey"
+                    ],
+                    "devices" => [
+                        "@type" => "@id",
+                        "@id" => "toot:devices"
+                    ],
+                    "messageFranking" => "toot:messageFranking",
+                    "messageType" => "toot:messageType",
+                    "cipherText" => "toot:cipherText",
+                    "suspended" => "toot:suspended"
+                ]
+            ],
 			'id' => config('app.url') . '/i/actor/outbox',
 			'type' => 'OrderedCollection',
 			'totalItems' => 0,

app/Models/InstanceActor.php

@@ -23,7 +23,61 @@ public function permalink($suffix = '')
 	public function getActor()
 	{
 		return [
-			'@context' => 'https://www.w3.org/ns/activitystreams',
+			"@context" => [
+                "https://www.w3.org/ns/activitystreams",
+                "https://w3id.org/security/v1",
+                [
+                    "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
+                    "toot" => "http://joinmastodon.org/ns#",
+                    "featured" => [
+                        "@id" => "toot:featured",
+                        "@type" => "@id"
+                    ],
+                    "featuredTags" => [
+                        "@id" => "toot:featuredTags",
+                        "@type" => "@id"
+                    ],
+                    "alsoKnownAs" => [
+                        "@id" => "as:alsoKnownAs",
+                        "@type" => "@id"
+                    ],
+                    "movedTo" => [
+                        "@id" => "as:movedTo",
+                        "@type" => "@id"
+                    ],
+                    "schema" => "http://schema.org#",
+                    "PropertyValue" => "schema:PropertyValue",
+                    "value" => "schema:value",
+                    "discoverable" => "toot:discoverable",
+                    "Device" => "toot:Device",
+                    "Ed25519Signature" => "toot:Ed25519Signature",
+                    "Ed25519Key" => "toot:Ed25519Key",
+                    "Curve25519Key" => "toot:Curve25519Key",
+                    "EncryptedMessage" => "toot:EncryptedMessage",
+                    "publicKeyBase64" => "toot:publicKeyBase64",
+                    "deviceId" => "toot:deviceId",
+                    "claim" => [
+                        "@type" => "@id",
+                        "@id" => "toot:claim"
+                    ],
+                    "fingerprintKey" => [
+                        "@type" => "@id",
+                        "@id" => "toot:fingerprintKey"
+                    ],
+                    "identityKey" => [
+                        "@type" => "@id",
+                        "@id" => "toot:identityKey"
+                    ],
+                    "devices" => [
+                        "@type" => "@id",
+                        "@id" => "toot:devices"
+                    ],
+                    "messageFranking" => "toot:messageFranking",
+                    "messageType" => "toot:messageType",
+                    "cipherText" => "toot:cipherText",
+                    "suspended" => "toot:suspended"
+                ]
+            ],
 			'id' => $this->permalink(),
 			'type' => 'Application',
 			'inbox' => $this->permalink('/inbox'),

app/Services/ActivityPubFetchService.php

@@ -19,12 +19,11 @@ public static function get($url)
 
 		$baseHeaders = [
 			'Accept' => 'application/activity+json, application/ld+json',
-			'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
 		];
 
-		$headers = HttpSignature::instanceActorSign($url, false, $baseHeaders);
+		$headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get');
 		$headers['Accept'] = 'application/activity+json, application/ld+json';
-		$headers['User-Agent'] = '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
+		$headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
 
 		try {
 			$res = Http::withHeaders($headers)

app/Util/ActivityPub/HttpSignature.php

@@ -33,7 +33,7 @@ public static function sign(Profile $profile, $url, $body = false, $addlHeaders
     return self::_headersToCurlArray($headers);
   }
 
-  public static function instanceActorSign($url, $body = false, $addlHeaders = [])
+  public static function instanceActorSign($url, $body = false, $addlHeaders = [], $method = 'post')
   {
     $keyId = config('app.url') . '/i/actor#main-key';
     $privateKey = Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() {
@@ -42,7 +42,7 @@ public static function instanceActorSign($url, $body = false, $addlHeaders = [])
     if($body) {
       $digest = self::_digest($body);
     }
-    $headers = self::_headersToSign($url, $body ? $digest : false);
+    $headers = self::_headersToSign($url, $body ? $digest : false, $method);
     $headers = array_merge($headers, $addlHeaders);
     $stringToSign = self::_headersToSigningString($headers);
     $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
@@ -125,11 +125,14 @@ private static function _digest($body) {
     return base64_encode(hash('sha256', $body, true));
   }
 
-  protected static function _headersToSign($url, $digest = false) {
+  protected static function _headersToSign($url, $digest = false, $method = 'post') {
     $date = new DateTime('UTC');
 
+    if(!in_array($method, ['post', 'get'])) {
+        throw new \Exception('Invalid method used to sign headers in HttpSignature');
+    }
     $headers = [
-      '(request-target)' => 'post '.parse_url($url, PHP_URL_PATH),
+      '(request-target)' => $method . ' '.parse_url($url, PHP_URL_PATH),
       'Host' => parse_url($url, PHP_URL_HOST),
       'Date' => $date->format('D, d M Y H:i:s \G\M\T'),
     ];