From 185070df160e4d92c4673b6ad667637029173b8f Mon Sep 17 00:00:00 2001
From: Jeremy Dormitzer <jeremy.dormitzer@gmail.com>
Date: Thu, 27 Sep 2018 20:45:03 -0400
Subject: [PATCH] Dereference objects wherever possible

---
 includes/server/deliver.php   |  1 +
 includes/server/followers.php |  3 +++
 includes/server/inbox.php     |  2 ++
 includes/server/objects.php   | 42 +++++++++++++++++++-------------
 includes/server/outbox.php    |  5 ++++
 includes/util.php             | 45 ++++++++++++++++++++++++-----------
 6 files changed, 68 insertions(+), 30 deletions(-)

diff --git a/includes/server/deliver.php b/includes/server/deliver.php
index 36f200b..ae14112 100644
--- a/includes/server/deliver.php
+++ b/includes/server/deliver.php
@@ -18,6 +18,7 @@ function deliver_activity( $activity ) {
     }
     $recipients = array_unique( $recipients );
     if ( array_key_exists( 'actor', $activity ) ) {
+        $actor = \util\dereference_object( $activity['actor'] );
         $recipients = remove_actor_inbox_from_recipients( $activity['actor'], $recipients );
     }
     $activity = \activities\strip_private_fields( $activity );
diff --git a/includes/server/followers.php b/includes/server/followers.php
index 958a444..0187fdb 100644
--- a/includes/server/followers.php
+++ b/includes/server/followers.php
@@ -3,6 +3,7 @@ namespace followers;
 
 require_once plugin_dir_path( __FILE__ ) . 'actors.php';
 require_once plugin_dir_path( __FILE__ ) . 'objects.php';
+require_once plugin_dir_path( __FILE__ ) . '../util.php';
 
 function add_follower( $actor_slug, $follower ) {
     global $wpdb;
@@ -14,6 +15,7 @@ function add_follower( $actor_slug, $follower ) {
             array( 'status' => 404 )
         );
     }
+    $follower = \util\dereference_object( $follower );
     if ( !array_key_exists( 'id', $follower ) ) {
         return new \WP_Error(
             'invalid_object',
@@ -45,6 +47,7 @@ function remove_follower( $actor_slug, $follower ) {
             array( 'status' => 404 )
         );
     }
+    $follower = \util\dereference_object( $follower );
     if ( !array_key_exists( 'id', $follower ) ) {
         return new \WP_Error(
             'invalid_object',
diff --git a/includes/server/inbox.php b/includes/server/inbox.php
index 04e838d..adfd827 100644
--- a/includes/server/inbox.php
+++ b/includes/server/inbox.php
@@ -20,8 +20,10 @@ require_once plugin_dir_path( __FILE__ ) . 'activities/accept.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/reject.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/announce.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/undo.php';
+require_once plugin_dir_path( __FILE__ ) . '../util.php';
 
 function handle_activity( $actor_slug, $activity ) {
+    $activity = \util\dereference_object( $activity );
     if ( !array_key_exists( 'type', $activity ) ) {
         return new \WP_Error(
             'invalid_activity',
diff --git a/includes/server/objects.php b/includes/server/objects.php
index ff1ede3..7bde197 100644
--- a/includes/server/objects.php
+++ b/includes/server/objects.php
@@ -1,11 +1,17 @@
 <?php
 namespace objects;
 
+require_once plugin_dir_path( __FILE__ ) . '../util.php';
+
 // TODO for 'post' objects, store a post id instead of the full post text,
 // then hydrate the text on read
 
 function create_local_object( $object ) {
     global $wpdb;
+    $object = \util\dereference_object( $object );
+    if ( is_wp_error( $object ) ) {
+        return $object;
+    }
     if ( !array_key_exists( 'type', $object) ) {
         return new \WP_Error(
             'invalid_object',
@@ -51,6 +57,10 @@ function create_local_object( $object ) {
 
 function upsert_object( $object ) {
     global $wpdb;
+    $object = \util\dereference_object( $object );
+    if ( is_wp_error( $object ) ) {
+        return $object;
+    }
     if ( !array_key_exists( 'id', $object ) ) {
         return new \WP_Error(
             'invalid_object',
@@ -116,6 +126,10 @@ function upsert_object( $object ) {
 
 function update_object( $object ) {
     global $wpdb;
+    $object = \util\dereference_object( $object );
+    if ( is_wp_error( $object ) ) {
+        return $object;
+    }
     if ( !array_key_exists( 'id', $object ) ) {
         return new \WP_Error(
             'invalid_object',
@@ -185,6 +199,10 @@ function get_object_id( $activitypub_id ) {
 
 function delete_object( $object ) {
     global $wpdb;
+    $object = \util\dereference_object( $object );
+    if ( is_wp_error( $object ) ) {
+        return $object;
+    }
     if ( !array_key_exists( 'id', $object ) ) {
         return new \WP_Error(
             'invalid_object',
@@ -240,22 +258,14 @@ function make_tombstone( $object ) {
 }
 
 function is_local_object( $object ) {
-    if ( is_array( $object ) ) {
-        if ( array_key_exists( 'id', $object ) ) {
-            $parsed = parse_url( $object['id'] );
-            if ( $parsed ) {
-                $site_host = parse_url( get_site_url() )['host'];
-                return $parsed['host'] === $site_host;
-            }
-        } else {
-            return false;
-        }
-    } else {
-        $parsed = parse_url( $object );
-        if ( $parsed ) {
-            $site_host = parse_url( get_site_url() )['host'];
-            return $parsed['host'] === $site_host;
-        }
+    $url = \util\get_id( $object );
+    if ( !$url ) {
+        return false;
+    }
+    $parsed = parse_url( $url );
+    if ( $parsed ) {
+        $site_host = parse_url( get_site_url() )['host'];
+        return $parsed['host'] === $site_host;
     }
     return false;
 }
diff --git a/includes/server/outbox.php b/includes/server/outbox.php
index 4a069d8..a92db79 100644
--- a/includes/server/outbox.php
+++ b/includes/server/outbox.php
@@ -22,9 +22,14 @@ require_once plugin_dir_path( __FILE__ ) . 'activities/like.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/follow.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/block.php';
 require_once plugin_dir_path( __FILE__ ) . 'activities/undo.php';
+require_once plugin_dir_path( __FILE__ ) . '../util.php';
 
 function handle_activity( $actor_slug, $activity ) {
     // TODO handle authentication/authorization
+    $activity = \util\dereference_object( $activity );
+    if ( is_wp_error( $activity ) ) {
+        return $activity;
+    }
     if ( !array_key_exists( 'type', $activity ) ) {
         return new \WP_Error(
             'invalid_activity',
diff --git a/includes/util.php b/includes/util.php
index 4342c68..3950622 100644
--- a/includes/util.php
+++ b/includes/util.php
@@ -5,23 +5,23 @@ namespace util;
 // (this is anywhere I access a field on an object, basically)
 
 function dereference_object( $object ) {
+    return dereference_object_helper( $object, 0 );
+}
+
+function dereference_object_helper( $object, $depth ) {
+    if ( $depth === 30 ) {
+        return $object;
+    }
     if ( is_array( $object ) ) {
+        if ( array_key_exists( 'type', $object ) &&
+             $object['type'] === 'Link' &&
+             array_key_exists( 'href', $object ) &&
+             filter_var( $object['href'], FILTER_VALIDATE_URL ) ) {
+            return get_object_from_url( $object['href'], $depth );
+        }
         return $object;
     } else if ( filter_var( $object, FILTER_VALIDATE_URL ) ) {
-        $response = wp_remote_get( $object );
-        if ( is_wp_error( $response ) ) {
-            return $response;
-        }
-        $body = wp_remote_retrieve_body( $response );
-        if ( empty( $body ) ) {
-            return new \WP_Error(
-                'not_found',
-                __( 'The object did not dereference to a valid object', 'pterotype' ),
-                array( 'status' => 404 )
-            );
-        }
-        $body_array = json_decode( $body, true );
-        return $body_array;
+        return get_object_from_url( $object, $depth );
     } else {
         return new \WP_Error(
             'invalid_object',
@@ -31,6 +31,23 @@ function dereference_object( $object ) {
     }
 }
 
+function get_object_from_url( $url, $depth ) {
+    $response = wp_remote_get( $url );
+    if ( is_wp_error( $response ) ) {
+        return $response;
+    }
+    $body = wp_remote_retrieve_body( $response );
+    if ( empty( $body ) ) {
+        return new \WP_Error(
+            'not_found',
+            __( 'The object did not dereference to a valid object', 'pterotype' ),
+            array( 'status' => 404 )
+        );
+    }
+    $body_array = json_decode( $body, true );
+    return dereference_object_helper( $body_array, $depth + 1 );
+}
+
 function is_same_object( $object1, $object2 ) {
     return get_id( $object1 ) === get_id( $object2 );
 }