usbharu
/
misskey
mirror of https://github.com/misskey-dev/misskey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 58f28d6f09 into 218070eb13

This commit is contained in:
tamaina 2025-09-25 20:33:23 +09:00 committed by GitHub
parent 218070eb13 58f28d6f09
commit ab5f2cd90f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
83 changed files with 2803 additions and 880 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.config/cypress-devcontainer.yml
View File

@ -183,16 +183,17 @@ id: 'aidx'
#clusterLimit: 1
# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
#deliverJobConcurrency: 16
#inboxJobConcurrency: 4
#relationshipJobConcurrency: 16
# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 32
#deliverJobPerSec: 1024
#inboxJobPerSec: 64
# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8
#deliverJobMaxAttempts: 12
#inboxJobMaxAttempts: 8
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4

13
.config/docker_example.yml
View File

@ -195,16 +195,17 @@ id: 'aidx'
#clusterLimit: 1
# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
#deliverJobConcurrency: 16
#inboxJobConcurrency: 4
#relationshipJobConcurrency: 16
# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 32
#deliverJobPerSec: 1024
#inboxJobPerSec: 64
# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8
#deliverJobMaxAttempts: 12
#inboxJobMaxAttempts: 8
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4

8
.config/example.yml
View File

@ -287,15 +287,15 @@ id: 'aidx'
#clusterLimit: 1
# Job concurrency per worker
#deliverJobConcurrency: 128
#inboxJobConcurrency: 16
#deliverJobConcurrency: 16
#inboxJobConcurrency: 4
#relationshipJobConcurrency: 16
# What's relationshipJob?:
# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
# Job rate limiter
#deliverJobPerSec: 128
#inboxJobPerSec: 32
#deliverJobPerSec: 1024
#inboxJobPerSec: 64
#relationshipJobPerSec: 64
# Job attempts

13
.devcontainer/devcontainer.yml
View File

@ -170,16 +170,17 @@ id: 'aidx'
#clusterLimit: 1
# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
#deliverJobConcurrency: 16
#inboxJobConcurrency: 4
#relationshipJobConcurrency: 16
# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 32
#deliverJobPerSec: 1024
#inboxJobPerSec: 64
# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8
#deliverJobMaxAttempts: 12
#inboxJobMaxAttempts: 8
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4

44
.github/workflows/test-federation.yml vendored
View File

@ -99,11 +99,51 @@ jobs:
run: |
cd packages/backend/test-federation
docker compose run --no-deps tester
- name: Log
- name: 'Redis Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs
docker compose logs -t redis.test
- name: 'Setup Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t setup
- name: 'DB A Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t db.a.test
- name: 'DB B Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t db.b.test
- name: 'Daemon Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t daemon
- name: 'Misskey A Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t misskey.a.test
- name: 'Misskey B Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t misskey.b.test
- name: 'Nginx A Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t a.test
- name: 'Nginx B Log'
if: always()
run: |
cd packages/backend/test-federation
docker compose logs -t b.test
- name: Stop servers
if: always()
run: |

2
CONTRIBUTING.md
View File

@ -246,7 +246,7 @@ See [`/packages/backend/test-federation/README.md`](/packages/backend/test-feder
## Environment Variable
- `MISSKEY_CONFIG_YML`: Specify the file path of config.yml instead of default.yml (e.g. `2nd.yml`).
- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
- `MISSKEY_USE_HTTP`: If it's set true, federation requests (like nodeinfo and webfinger) will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION. (was `MISSKEY_WEBFINGER_USE_HTTP`)
## Continuous integration
Misskey uses GitHub Actions for executing automated tests.

13
chart/files/default.yml
View File

@ -191,16 +191,17 @@ id: "aidx"
#clusterLimit: 1
# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
#deliverJobConcurrency: 16
#inboxJobConcurrency: 4
#relationshipJobConcurrency: 16
# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 32
#deliverJobPerSec: 1024
#inboxJobPerSec: 64
# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8
#deliverJobMaxAttempts: 12
#inboxJobMaxAttempts: 8
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4

39
packages/backend/migration/1708980134301-APMultipleKeys.js Normal file
View File

@ -0,0 +1,39 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class APMultipleKeys1708980134301 {
name = 'APMultipleKeys1708980134301'
async up(queryRunner) {
await queryRunner.query(`DROP INDEX "public"."IDX_171e64971c780ebd23fae140bb"`);
await queryRunner.query(`ALTER TABLE "user_keypair" ADD "ed25519PublicKey" character varying(128)`);
await queryRunner.query(`ALTER TABLE "user_keypair" ADD "ed25519PrivateKey" character varying(128)`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "FK_10c146e4b39b443ede016f6736d"`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_10c146e4b39b443ede016f6736d"`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_0db6a5fdb992323449edc8ee421" PRIMARY KEY ("userId", "keyId")`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_0db6a5fdb992323449edc8ee421"`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_171e64971c780ebd23fae140bba" PRIMARY KEY ("keyId")`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "UQ_10c146e4b39b443ede016f6736d" UNIQUE ("userId")`);
await queryRunner.query(`CREATE INDEX "IDX_10c146e4b39b443ede016f6736" ON "user_publickey" ("userId") `);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "FK_10c146e4b39b443ede016f6736d" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`);
}
async down(queryRunner) {
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "FK_10c146e4b39b443ede016f6736d"`);
await queryRunner.query(`DROP INDEX "public"."IDX_10c146e4b39b443ede016f6736"`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "UQ_10c146e4b39b443ede016f6736d"`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_171e64971c780ebd23fae140bba"`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_0db6a5fdb992323449edc8ee421" PRIMARY KEY ("userId", "keyId")`);
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_0db6a5fdb992323449edc8ee421"`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_10c146e4b39b443ede016f6736d" PRIMARY KEY ("userId")`);
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "FK_10c146e4b39b443ede016f6736d" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`);
await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" DROP DEFAULT`);
await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" TYPE "public"."user_profile_followersVisibility_enum_old" USING "followersVisibility"::"text"::"public"."user_profile_followersVisibility_enum_old"`);
await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" SET DEFAULT 'public'`);
await queryRunner.query(`ALTER TABLE "user_keypair" DROP COLUMN "ed25519PrivateKey"`);
await queryRunner.query(`ALTER TABLE "user_keypair" DROP COLUMN "ed25519PublicKey"`);
await queryRunner.query(`CREATE UNIQUE INDEX "IDX_171e64971c780ebd23fae140bb" ON "user_publickey" ("keyId") `);
}
}

16
packages/backend/migration/1709242519122-HttpSignImplLv.js Normal file
View File

@ -0,0 +1,16 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class HttpSignImplLv1709242519122 {
name = 'HttpSignImplLv1709242519122'
async up(queryRunner) {
await queryRunner.query(`ALTER TABLE "instance" ADD "httpMessageSignaturesImplementationLevel" character varying(16) NOT NULL DEFAULT '00'`);
}
async down(queryRunner) {
await queryRunner.query(`ALTER TABLE "instance" DROP COLUMN "httpMessageSignaturesImplementationLevel"`);
}
}

16
packages/backend/migration/1709269211718-APMultipleKeysFix1.js Normal file
View File

@ -0,0 +1,16 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class APMultipleKeys1709269211718 {
name = 'APMultipleKeys1709269211718'
async up(queryRunner) {
await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "UQ_10c146e4b39b443ede016f6736d"`);
}
async down(queryRunner) {
await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "UQ_10c146e4b39b443ede016f6736d" UNIQUE ("userId")`);
}
}

19
packages/backend/migration/1751848750315-RemoteSuspend.js Normal file
View File

@ -0,0 +1,19 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class RemoteSuspend1751848750315 {
name = 'RemoteSuspend1751848750315'
async up(queryRunner) {
await queryRunner.query(`ALTER TABLE "user" ADD "isRemoteSuspended" boolean NOT NULL DEFAULT false`);
await queryRunner.query(`COMMENT ON COLUMN "user"."isSuspended" IS 'Whether the User is suspended by the local moderators.'`);
await queryRunner.query(`COMMENT ON COLUMN "user"."isRemoteSuspended" IS 'Whether the User is suspended by the remote moderators.'`);
}
async down(queryRunner) {
await queryRunner.query(`COMMENT ON COLUMN "user"."isRemoteSuspended" IS 'Whether the User is suspended by the remote moderators.'`);
await queryRunner.query(`COMMENT ON COLUMN "user"."isSuspended" IS 'Whether the User is suspended.'`);
await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "isRemoteSuspended"`);
}
}

22
packages/backend/migration/1752410859370-FollowingIsFollowerSuspended.js Normal file
View File

@ -0,0 +1,22 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class FollowingIsFollowerSuspended1752410859370 {
name = 'FollowingIsFollowerSuspended1752410859370'
async up(queryRunner) {
await queryRunner.query(`DROP INDEX "public"."IDX_ce62b50d882d4e9dee10ad0d2f"`);
await queryRunner.query(`ALTER TABLE "following" ADD "isFollowerSuspended" boolean NOT NULL DEFAULT false`);
await queryRunner.query(`CREATE INDEX "IDX_1896254b78a41a50e0396fdabd" ON "following" ("followeeId", "followerHost", "isFollowerSuspended", "isFollowerHibernated") `);
await queryRunner.query(`CREATE INDEX "IDX_d2b8dbf0b772042f4fe241a29d" ON "following" ("followerId", "followeeId", "isFollowerSuspended") `);
}
async down(queryRunner) {
await queryRunner.query(`DROP INDEX "public"."IDX_d2b8dbf0b772042f4fe241a29d"`);
await queryRunner.query(`DROP INDEX "public"."IDX_1896254b78a41a50e0396fdabd"`);
await queryRunner.query(`ALTER TABLE "following" DROP COLUMN "isFollowerSuspended"`);
await queryRunner.query(`CREATE INDEX "IDX_ce62b50d882d4e9dee10ad0d2f" ON "following" ("followeeId", "followerHost", "isFollowerHibernated") `);
}
}

21
packages/backend/migration/1752410900000-FollowingIsFollowerSuspendedCopySuspendedState.js Normal file
View File

@ -0,0 +1,21 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class FollowingIsFollowerSuspendedCopySuspendedState1752410900000 {
name = 'FollowingIsFollowerSuspendedCopySuspendedState1752410900000'
async up(queryRunner) {
// Update existing records based on user suspension status
await queryRunner.query(`
UPDATE "following"
SET "isFollowerSuspended" = "user"."isSuspended"
FROM "user"
WHERE "following"."followerId" = "user"."id"
`);
}
async down(queryRunner) {
}
}

2
packages/backend/package.json
View File

@ -80,13 +80,13 @@
"@fastify/multipart": "9.2.1",
"@fastify/static": "8.2.0",
"@fastify/view": "10.0.2",
"@misskey-dev/node-http-message-signatures": "0.0.10",
"@misskey-dev/sharp-read-bmp": "1.2.0",
"@misskey-dev/summaly": "5.2.3",
"@napi-rs/canvas": "0.1.79",
"@nestjs/common": "11.1.6",
"@nestjs/core": "11.1.6",
"@nestjs/testing": "11.1.6",
"@peertube/http-signature": "1.7.0",
"@sentry/node": "8.55.0",
"@sentry/profiling-node": "8.55.0",
"@simplewebauthn/server": "12.0.0",

82
packages/backend/src/@types/http-signature.d.ts vendored
View File

@ -1,82 +0,0 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
declare module '@peertube/http-signature' {
import type { IncomingMessage, ClientRequest } from 'node:http';
interface ISignature {
keyId: string;
algorithm: string;
headers: string[];
signature: string;
}
interface IOptions {
headers?: string[];
algorithm?: string;
strict?: boolean;
authorizationHeaderName?: string;
}
interface IParseRequestOptions extends IOptions {
clockSkew?: number;
}
interface IParsedSignature {
scheme: string;
params: ISignature;
signingString: string;
algorithm: string;
keyId: string;
}
type RequestSignerConstructorOptions =
IRequestSignerConstructorOptionsFromProperties |
IRequestSignerConstructorOptionsFromFunction;
interface IRequestSignerConstructorOptionsFromProperties {
keyId: string;
key: string | Buffer;
algorithm?: string;
}
interface IRequestSignerConstructorOptionsFromFunction {
sign?: (data: string, cb: (err: any, sig: ISignature) => void) => void;
}
class RequestSigner {
constructor(options: RequestSignerConstructorOptions);
public writeHeader(header: string, value: string): string;
public writeDateHeader(): string;
public writeTarget(method: string, path: string): void;
public sign(cb: (err: any, authz: string) => void): void;
}
interface ISignRequestOptions extends IOptions {
keyId: string;
key: string;
httpVersion?: string;
}
export function parse(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
export function parseRequest(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
export function sign(request: ClientRequest, options: ISignRequestOptions): boolean;
export function signRequest(request: ClientRequest, options: ISignRequestOptions): boolean;
export function createSigner(): RequestSigner;
export function isSigner(obj: any): obj is RequestSigner;
export function sshKeyToPEM(key: string): string;
export function sshKeyFingerprint(key: string): string;
export function pemToRsaSSHKey(pem: string, comment: string): string;
export function verify(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
export function verifySignature(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
export function verifyHMAC(parsedSignature: IParsedSignature, secret: string): boolean;
}

5
packages/backend/src/const.ts
View File

@ -8,6 +8,11 @@ export const MAX_NOTE_TEXT_LENGTH = 3000;
export const USER_ONLINE_THRESHOLD = 1000 * 60 * 10; // 10min
export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days
export const REMOTE_USER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
export const REMOTE_USER_MOVE_COOLDOWN = 1000 * 60 * 60 * 24 * 14; // 14days
export const REMOTE_SERVER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
export const PER_NOTE_REACTION_USER_PAIR_CACHE_MAX = 16;
//#region hard limits

70
packages/backend/src/core/AccountUpdateService.ts
View File

@ -3,39 +3,85 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
import { ModuleRef } from '@nestjs/core';
import { DI } from '@/di-symbols.js';
import type { UsersRepository } from '@/models/_.js';
import type { MiUser } from '@/models/User.js';
import type { MiLocalUser, MiUser } from '@/models/User.js';
import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
import { RelayService } from '@/core/RelayService.js';
import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
@Injectable()
export class AccountUpdateService {
export class AccountUpdateService implements OnModuleInit {
private apDeliverManagerService: ApDeliverManagerService;
constructor(
private moduleRef: ModuleRef,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private userEntityService: UserEntityService,
private apRendererService: ApRendererService,
private apDeliverManagerService: ApDeliverManagerService,
private relayService: RelayService,
) {
}
@bindThis
public async publishToFollowers(userId: MiUser['id']) {
const user = await this.usersRepository.findOneBy({ id: userId });
if (user == null) throw new Error('user not found');
async onModuleInit() {
this.apDeliverManagerService = this.moduleRef.get(ApDeliverManagerService.name);
}
// フォロワーがリモートユーザーかつ投稿者がローカルユーザーならUpdateを配信
private async createUpdatePersonActivity(user: MiLocalUser) {
return this.apRendererService.addContext(
this.apRendererService.renderUpdate(
await this.apRendererService.renderPerson(user), user
)
);
}
@bindThis
/**
* Deliver account update to followers
* @param userId user id
* @param deliverKey optional. Private key to sign the deliver.
*/
public async publishToFollowers(userId: MiUser['id'], deliverKey?: PrivateKeyWithPem) {
const user = await this.usersRepository.findOneBy({ id: userId });
if (user == null || user.isDeleted) {
// ユーザーが存在しない、または削除されている場合は何もしない
return;
}
// ローカルユーザーならUpdateを配信
if (this.userEntityService.isLocalUser(user)) {
const content = this.apRendererService.addContext(this.apRendererService.renderUpdate(await this.apRendererService.renderPerson(user), user));
this.apDeliverManagerService.deliverToFollowers(user, content);
this.relayService.deliverToRelays(user, content);
const content = await this.createUpdatePersonActivity(user);
this.apDeliverManagerService.deliverToFollowers(user, content, deliverKey);
this.relayService.deliverToRelays(user, content, deliverKey);
}
}
@bindThis
async publishToFollowersAndSharedInboxAndRelays(userId: MiUser['id']) {
const user = await this.usersRepository.findOneBy({ id: userId });
if (user == null || user.isDeleted) {
// ユーザーが存在しない、または削除されている場合は何もしない
return;
}
// ローカルユーザーならUpdateを配信
if (this.userEntityService.isLocalUser(user)) {
const content = await this.createUpdatePersonActivity(user);
const manager = this.apDeliverManagerService.createDeliverManager(user, content);
manager.addAllKnowingSharedInboxRecipe();
manager.addFollowersRecipe();
await Promise.allSettled([
manager.execute(),
this.relayService.deliverToRelays(user, content),
]);
}
}
}

1
packages/backend/src/core/FanoutTimelineEndpointService.ts
View File

@ -149,6 +149,7 @@ export class FanoutTimelineEndpointService {
filter = (note) => {
if (!ps.ignoreAuthorFromUserSuspension) {
if (note.user!.isSuspended) return false;
if (note.user!.isRemoteSuspended) return false;
}
if (note.userId !== note.renoteUserId && note.renote?.user?.isSuspended) return false;
if (note.userId !== note.replyUserId && note.reply?.user?.isSuspended) return false;

55
packages/backend/src/core/FetchInstanceMetadataService.ts
View File

@ -15,6 +15,7 @@ import { LoggerService } from '@/core/LoggerService.js';
import { HttpRequestService } from '@/core/HttpRequestService.js';
import { bindThis } from '@/decorators.js';
import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
import { REMOTE_SERVER_CACHE_TTL } from '@/const.js';
import type { DOMWindow } from 'jsdom';
type NodeInfo = {
@ -24,6 +25,7 @@ type NodeInfo = {
version?: unknown;
};
metadata?: {
httpMessageSignaturesImplementationLevel?: unknown,
name?: unknown;
nodeName?: unknown;
nodeDescription?: unknown;
@ -39,6 +41,7 @@ type NodeInfo = {
@Injectable()
export class FetchInstanceMetadataService {
private logger: Logger;
private httpColon = 'https://';
constructor(
private httpRequestService: HttpRequestService,
@ -48,6 +51,7 @@ export class FetchInstanceMetadataService {
private redisClient: Redis.Redis,
) {
this.logger = this.loggerService.getLogger('metadata', 'cyan');
this.httpColon = process.env.MISSKEY_USE_HTTP?.toLowerCase() === 'true' ? 'http://' : 'https://';
}
@bindThis
@ -59,7 +63,7 @@ export class FetchInstanceMetadataService {
return await this.redisClient.set(
`fetchInstanceMetadata:mutex:v2:${host}`, '1',
'EX', 30, // 30秒したら自動でロック解除 https://github.com/misskey-dev/misskey/issues/13506#issuecomment-1975375395
'GET' // 古い値を返すなかったらnull
'GET', // 古い値を返すなかったらnull
);
}
@ -73,23 +77,24 @@ export class FetchInstanceMetadataService {
public async fetchInstanceMetadata(instance: MiInstance, force = false): Promise<void> {
const host = instance.host;
if (!force) {
// キャッシュ有効チェックはロック取得前に行う
const _instance = await this.federatedInstanceService.fetchOrRegister(host);
const now = Date.now();
if (_instance && _instance.infoUpdatedAt != null && (now - _instance.infoUpdatedAt.getTime() < REMOTE_SERVER_CACHE_TTL)) {
this.logger.debug(`Skip because updated recently ${_instance.infoUpdatedAt.toJSON()}`);
return;
}
// finallyでunlockされてしまうのでtry内でロックチェックをしない
// returnであってもfinallyは実行される
if (!force && await this.tryLock(host) === '1') {
// 1が返ってきていたらロックされているという意味なので、何もしない
if (await this.tryLock(host) === '1') {
// 1が返ってきていたら他にロックされているという意味なので、何もしない
return;
}
}
try {
if (!force) {
const _instance = await this.federatedInstanceService.fetchOrRegister(host);
const now = Date.now();
if (_instance && _instance.infoUpdatedAt && (now - _instance.infoUpdatedAt.getTime() < 1000 * 60 * 60 * 24)) {
// unlock at the finally caluse
return;
}
}
this.logger.info(`Fetching metadata of ${instance.host} ...`);
const [info, dom, manifest] = await Promise.all([
@ -118,6 +123,14 @@ export class FetchInstanceMetadataService {
updates.openRegistrations = info.openRegistrations;
updates.maintainerName = info.metadata ? info.metadata.maintainer ? (info.metadata.maintainer.name ?? null) : null : null;
updates.maintainerEmail = info.metadata ? info.metadata.maintainer ? (info.metadata.maintainer.email ?? null) : null : null;
if (info.metadata && info.metadata.httpMessageSignaturesImplementationLevel && (
info.metadata.httpMessageSignaturesImplementationLevel === '01' ||
info.metadata.httpMessageSignaturesImplementationLevel === '11'
)) {
updates.httpMessageSignaturesImplementationLevel = info.metadata.httpMessageSignaturesImplementationLevel;
} else {
updates.httpMessageSignaturesImplementationLevel = '00';
}
}
if (name) updates.name = name;
@ -129,6 +142,12 @@ export class FetchInstanceMetadataService {
await this.federatedInstanceService.update(instance.id, updates);
this.logger.succ(`Successfuly updated metadata of ${instance.host}`);
this.logger.debug('Updated metadata:', {
info: !!info,
dom: !!dom,
manifest: !!manifest,
updates,
});
} catch (e) {
this.logger.error(`Failed to update metadata of ${instance.host}: ${e}`);
} finally {
@ -141,7 +160,7 @@ export class FetchInstanceMetadataService {
this.logger.info(`Fetching nodeinfo of ${instance.host} ...`);
try {
const wellknown = await this.httpRequestService.getJson('https://' + instance.host + '/.well-known/nodeinfo')
const wellknown = await this.httpRequestService.getJson(this.httpColon + instance.host + '/.well-known/nodeinfo')
.catch(err => {
if (err.statusCode === 404) {
throw new Error('No nodeinfo provided');
@ -184,7 +203,7 @@ export class FetchInstanceMetadataService {
private async fetchDom(instance: MiInstance): Promise<Document> {
this.logger.info(`Fetching HTML of ${instance.host} ...`);
const url = 'https://' + instance.host;
const url = this.httpColon + instance.host;
const html = await this.httpRequestService.getHtml(url);
@ -196,7 +215,7 @@ export class FetchInstanceMetadataService {
@bindThis
private async fetchManifest(instance: MiInstance): Promise<Record<string, unknown> | null> {
const url = 'https://' + instance.host;
const url = this.httpColon + instance.host;
const manifestUrl = url + '/manifest.json';
@ -207,7 +226,7 @@ export class FetchInstanceMetadataService {
@bindThis
private async fetchFaviconUrl(instance: MiInstance, doc: Document | null): Promise<string | null> {
const url = 'https://' + instance.host;
const url = this.httpColon + instance.host;
if (doc) {
// https://github.com/misskey-dev/misskey/pull/8220#issuecomment-1025104043
@ -234,12 +253,12 @@ export class FetchInstanceMetadataService {
@bindThis
private async fetchIconUrl(instance: MiInstance, doc: Document | null, manifest: Record<string, any> | null): Promise<string | null> {
if (manifest && manifest.icons && manifest.icons.length > 0 && manifest.icons[0].src) {
const url = 'https://' + instance.host;
const url = this.httpColon + instance.host;
return (new URL(manifest.icons[0].src, url)).href;
}
if (doc) {
const url = 'https://' + instance.host;
const url = this.httpColon + instance.host;
// https://github.com/misskey-dev/misskey/pull/8220#issuecomment-1025104043
const links = Array.from(doc.getElementsByTagName('link')).reverse();

3
packages/backend/src/core/GlobalEventService.ts
View File

@ -225,7 +225,7 @@ type UndefinedAsNullAll<T> = {
};
export interface InternalEventTypes {
userChangeSuspendedState: { id: MiUser['id']; isSuspended: MiUser['isSuspended']; };
userChangeSuspendedState: { id: MiUser['id']; isSuspended: MiUser['isSuspended']; } | { id: MiUser['id']; isRemoteSuspended: MiUser['isRemoteSuspended']; };
userChangeDeletedState: { id: MiUser['id']; isDeleted: MiUser['isDeleted']; };
userTokenRegenerated: { id: MiUser['id']; oldToken: string; newToken: string; };
remoteUserUpdated: { id: MiUser['id']; };
@ -260,6 +260,7 @@ export interface InternalEventTypes {
unmute: { muterId: MiUser['id']; muteeId: MiUser['id']; };
userListMemberAdded: { userListId: MiUserList['id']; memberId: MiUser['id']; };
userListMemberRemoved: { userListId: MiUserList['id']; memberId: MiUser['id']; };
userKeypairUpdated: { userId: MiUser['id']; };
}
type EventTypesToEventPayload<T> = EventUnionFromDictionary<UndefinedAsNullAll<SerializedAll<T>>>;

2
packages/backend/src/core/HttpRequestService.ts
View File

@ -162,7 +162,7 @@ export class HttpRequestService {
this.https = new HttpsRequestServiceAgent(config, agentOption);
const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 128);
const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 16);
this.httpAgent = config.proxy
? new HttpProxyAgent({

2
packages/backend/src/core/NoteCreateService.ts
View File

@ -549,6 +549,7 @@ export class NoteCreateService implements OnApplicationShutdown {
// TODO: キャッシュ
this.followingsRepository.findBy({
followeeId: user.id,
isFollowerSuspended: false,
notify: 'normal',
}).then(async followings => {
if (note.visibility !== 'specified') {
@ -854,6 +855,7 @@ export class NoteCreateService implements OnApplicationShutdown {
where: {
followeeId: user.id,
followerHost: IsNull(),
isFollowerSuspended: false,
isFollowerHibernated: false,
},
select: ['followerId', 'withReplies'],

20
packages/backend/src/core/QueueService.ts
View File

@ -15,7 +15,6 @@ import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
import { bindThis } from '@/decorators.js';
import type { Antenna } from '@/server/api/endpoints/i/import-antennas.js';
import { ApRequestCreator } from '@/core/activitypub/ApRequestService.js';
import { type SystemWebhookPayload } from '@/core/SystemWebhookService.js';
import type { Packed } from '@/misc/json-schema.js';
import { type UserWebhookPayload } from './UserWebhookService.js';
@ -38,7 +37,7 @@ import type {
SystemWebhookDeliverQueue,
UserWebhookDeliverQueue,
} from './QueueModule.js';
import type httpSignature from '@peertube/http-signature';
import { genRFC3230DigestHeader, type PrivateKeyWithPem, type ParsedSignature } from '@misskey-dev/node-http-message-signatures';
import type * as Bull from 'bullmq';
export const QUEUE_TYPES = [
@ -129,21 +128,21 @@ export class QueueService {
}
@bindThis
public deliver(user: ThinUser, content: IActivity | null, to: string | null, isSharedInbox: boolean) {
public async deliver(user: ThinUser, content: IActivity | null, to: string | null, isSharedInbox: boolean, privateKey?: PrivateKeyWithPem) {
if (content == null) return null;
if (to == null) return null;
const contentBody = JSON.stringify(content);
const digest = ApRequestCreator.createDigest(contentBody);
const data: DeliverJobData = {
user: {
id: user.id,
},
content: contentBody,
digest,
digest: await genRFC3230DigestHeader(contentBody, 'SHA-256'),
to,
isSharedInbox,
privateKey,
};
const label = to.replace('https://', '').replace('/inbox', '');
@ -169,13 +168,16 @@ export class QueueService {
* @param user `{ id: string; }` ThinUserに変換しないので前もって変換してください
* @param content IActivity | null
* @param inboxes `Map<string, boolean>` / key: to (inbox url), value: isSharedInbox (whether it is sharedInbox)
* @param forceMainKey boolean | undefined, force to use main (rsa) key
* @returns void
*/
@bindThis
public async deliverMany(user: ThinUser, content: IActivity | null, inboxes: Map<string, boolean>) {
public async deliverMany(user: ThinUser, content: IActivity | null, inboxes: Map<string, boolean>, privateKey?: PrivateKeyWithPem) {
if (content == null) return null;
inboxes.delete(null as unknown as string); // remove null inboxes
if (inboxes.size === 0) return null;
const contentBody = JSON.stringify(content);
const digest = ApRequestCreator.createDigest(contentBody);
const opts = {
attempts: this.config.deliverJobMaxAttempts ?? 12,
@ -197,9 +199,9 @@ export class QueueService {
data: {
user,
content: contentBody,
digest,
to: d[0],
isSharedInbox: d[1],
privateKey,
} as DeliverJobData,
opts,
})));
@ -208,7 +210,7 @@ export class QueueService {
}
@bindThis
public inbox(activity: IActivity, signature: httpSignature.IParsedSignature) {
public inbox(activity: IActivity, signature: ParsedSignature | null) {
const data = {
activity: activity,
signature,

13
packages/backend/src/core/RelayService.ts
View File

@ -15,6 +15,8 @@ import { DI } from '@/di-symbols.js';
import { deepClone } from '@/misc/clone.js';
import { bindThis } from '@/decorators.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
import { UserKeypairService } from './UserKeypairService.js';
import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
@Injectable()
export class RelayService {
@ -28,6 +30,7 @@ export class RelayService {
private queueService: QueueService,
private systemAccountService: SystemAccountService,
private apRendererService: ApRendererService,
private userKeypairService: UserKeypairService,
) {
this.relaysCache = new MemorySingleCache<MiRelay[]>(1000 * 60 * 10); // 10m
}
@ -92,7 +95,7 @@ export class RelayService {
}
@bindThis
public async deliverToRelays(user: { id: MiUser['id']; host: null; }, activity: any): Promise<void> {
public async deliverToRelays(user: { id: MiUser['id']; host: null; }, activity: any, privateKey?: PrivateKeyWithPem): Promise<void> {
if (activity == null) return;
const relays = await this.relaysCache.fetch(() => this.relaysRepository.findBy({
@ -102,11 +105,9 @@ export class RelayService {
const copy = deepClone(activity);
if (!copy.to) copy.to = ['https://www.w3.org/ns/activitystreams#Public'];
privateKey = privateKey ?? await this.userKeypairService.getLocalUserPrivateKeyPem(user.id);
const signed = await this.apRendererService.attachLdSignature(copy, privateKey);
const signed = await this.apRendererService.attachLdSignature(copy, user);
for (const relay of relays) {
this.queueService.deliver(user, signed, relay.inbox, false);
}
this.queueService.deliverMany(user, signed, new Map(relays.map(({ inbox }) => [inbox, false])), privateKey);
}
}

2
packages/backend/src/core/RoleService.ts
View File

@ -260,7 +260,7 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit {
}
// サスペンド済みユーザである
case 'isSuspended': {
return user.isSuspended;
return this.userEntityService.isSuspendedEither(user);
}
// 鍵アカウントユーザである
case 'isLocked': {

22
packages/backend/src/core/SignupService.ts
View File

@ -3,7 +3,6 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { generateKeyPair } from 'node:crypto';
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
import { DataSource, IsNull } from 'typeorm';
@ -19,6 +18,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import UsersChart from '@/core/chart/charts/users.js';
import { UtilityService } from '@/core/UtilityService.js';
import { genRSAAndEd25519KeyPair } from '@/misc/gen-key-pair.js';
import { UserService } from '@/core/UserService.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
import { MetaService } from '@/core/MetaService.js';
@ -100,22 +100,7 @@ export class SignupService {
}
}
const keyPair = await new Promise<string[]>((res, rej) =>
generateKeyPair('rsa', {
modulusLength: 2048,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: undefined,
passphrase: undefined,
},
}, (err, publicKey, privateKey) =>
err ? rej(err) : res([publicKey, privateKey]),
));
const keyPair = await genRSAAndEd25519KeyPair();
let account!: MiUser;
@ -137,9 +122,8 @@ export class SignupService {
}));
await transactionalEntityManager.save(new MiUserKeypair({
publicKey: keyPair[0],
privateKey: keyPair[1],
userId: account.id,
...keyPair,
}));
await transactionalEntityManager.save(new MiUserProfile({

7
packages/backend/src/core/SystemAccountService.ts
View File

@ -18,7 +18,7 @@ import { DI } from '@/di-symbols.js';
import { bindThis } from '@/decorators.js';
import { generateNativeUserToken } from '@/misc/token.js';
import { IdService } from '@/core/IdService.js';
import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
import { genRSAAndEd25519KeyPair } from '@/misc/gen-key-pair.js';
export const SYSTEM_ACCOUNT_TYPES = ['actor', 'relay', 'proxy'] as const;
@ -119,7 +119,7 @@ export class SystemAccountService implements OnApplicationShutdown {
// Generate secret
const secret = generateNativeUserToken();
const keyPair = await genRsaKeyPair();
const keyPair = await genRSAAndEd25519KeyPair();
let account!: MiUser;
@ -148,9 +148,8 @@ export class SystemAccountService implements OnApplicationShutdown {
}).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0]));
await transactionalEntityManager.insert(MiUserKeypair, {
publicKey: keyPair.publicKey,
privateKey: keyPair.privateKey,
userId: account.id,
...keyPair,
});
await transactionalEntityManager.insert(MiUserProfile, {

7
packages/backend/src/core/UserFollowingService.ts
View File

@ -229,9 +229,7 @@ export class UserFollowingService implements OnModuleInit {
followee: {
id: MiUser['id']; host: MiUser['host']; uri: MiUser['host']; inbox: MiUser['inbox']; sharedInbox: MiUser['sharedInbox']
},
follower: {
id: MiUser['id']; host: MiUser['host']; uri: MiUser['host']; inbox: MiUser['inbox']; sharedInbox: MiUser['sharedInbox']
},
follower: MiUser,
silent = false,
withReplies?: boolean,
): Promise<void> {
@ -244,6 +242,7 @@ export class UserFollowingService implements OnModuleInit {
followerId: follower.id,
followeeId: followee.id,
withReplies: withReplies,
isFollowerSuspended: follower.isSuspended,
// 非正規化
followerHost: follower.host,
@ -734,6 +733,7 @@ export class UserFollowingService implements OnModuleInit {
return this.followingsRepository.createQueryBuilder('following')
.select('following.followeeId')
.where('following.followerId = :followerId', { followerId: userId })
.andWhere('following.isFollowerSuspended = false')
.getMany();
}
@ -743,6 +743,7 @@ export class UserFollowingService implements OnModuleInit {
where: {
followerId,
followeeId,
isFollowerSuspended: false,
},
});
}

155
packages/backend/src/core/UserKeypairService.ts
View File

@ -5,41 +5,184 @@
import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import * as Redis from 'ioredis';
import { genEd25519KeyPair, importPrivateKey, PrivateKey, PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
import type { MiUser } from '@/models/User.js';
import type { UserKeypairsRepository } from '@/models/_.js';
import { RedisKVCache } from '@/misc/cache.js';
import { RedisKVCache, MemoryKVCache } from '@/misc/cache.js';
import type { MiUserKeypair } from '@/models/UserKeypair.js';
import { DI } from '@/di-symbols.js';
import { bindThis } from '@/decorators.js';
import { GlobalEventService, GlobalEvents } from '@/core/GlobalEventService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import type { webcrypto } from 'node:crypto';
@Injectable()
export class UserKeypairService implements OnApplicationShutdown {
private cache: RedisKVCache<MiUserKeypair>;
private keypairEntityCache: RedisKVCache<MiUserKeypair>;
private privateKeyObjectCache: MemoryKVCache<webcrypto.CryptoKey>;
constructor(
@Inject(DI.redis)
private redisClient: Redis.Redis,
@Inject(DI.redisForSub)
private redisForSub: Redis.Redis,
@Inject(DI.userKeypairsRepository)
private userKeypairsRepository: UserKeypairsRepository,
private globalEventService: GlobalEventService,
private userEntityService: UserEntityService,
) {
this.cache = new RedisKVCache<MiUserKeypair>(this.redisClient, 'userKeypair', {
this.keypairEntityCache = new RedisKVCache<MiUserKeypair>(this.redisClient, 'userKeypair', {
lifetime: 1000 * 60 * 60 * 24, // 24h
memoryCacheLifetime: 1000 * 60 * 60, // 1h
fetcher: (key) => this.userKeypairsRepository.findOneByOrFail({ userId: key }),
toRedisConverter: (value) => JSON.stringify(value),
fromRedisConverter: (value) => JSON.parse(value),
});
this.privateKeyObjectCache = new MemoryKVCache<webcrypto.CryptoKey>(1000 * 60 * 60 * 1);
this.redisForSub.on('message', this.onMessage);
}
@bindThis
public async getUserKeypair(userId: MiUser['id']): Promise<MiUserKeypair> {
return await this.cache.fetch(userId);
return await this.keypairEntityCache.fetch(userId);
}
/**
* Get private key [Only PrivateKeyWithPem for queue data etc.]
* @param userIdOrHint user id or MiUserKeypair
* @param preferType
* If ed25519-like(`ed25519`, `01`, `11`) is specified, ed25519 keypair will be returned if exists.
* Otherwise, main keypair will be returned.
* @returns
*/
@bindThis
public async getLocalUserPrivateKeyPem(
userIdOrHint: MiUser['id'] | MiUserKeypair,
preferType?: string,
): Promise<PrivateKeyWithPem> {
const keypair = typeof userIdOrHint === 'string' ? await this.getUserKeypair(userIdOrHint) : userIdOrHint;
if (
preferType && ['01', '11', 'ed25519'].includes(preferType.toLowerCase()) &&
keypair.ed25519PublicKey != null && keypair.ed25519PrivateKey != null
) {
return {
keyId: `${this.userEntityService.genLocalUserUri(keypair.userId)}#ed25519-key`,
privateKeyPem: keypair.ed25519PrivateKey,
};
}
return {
keyId: `${this.userEntityService.genLocalUserUri(keypair.userId)}#main-key`,
privateKeyPem: keypair.privateKey,
};
}
/**
* Get private key [Only PrivateKey for ap request]
* Using cache due to performance reasons of `crypto.subtle.importKey`
* @param userIdOrHint user id, MiUserKeypair, or PrivateKeyWithPem
* @param preferType
* If ed25519-like(`ed25519`, `01`, `11`) is specified, ed25519 keypair will be returned if exists.
* Otherwise, main keypair will be returned. (ignored if userIdOrHint is PrivateKeyWithPem)
* @returns
*/
@bindThis
public async getLocalUserPrivateKey(
userIdOrHint: MiUser['id'] | MiUserKeypair | PrivateKeyWithPem,
preferType?: string,
): Promise<PrivateKey> {
if (typeof userIdOrHint === 'object' && 'privateKeyPem' in userIdOrHint) {
// userIdOrHint is PrivateKeyWithPem
return {
keyId: userIdOrHint.keyId,
privateKey: await this.privateKeyObjectCache.fetch(userIdOrHint.keyId, async () => {
return await importPrivateKey(userIdOrHint.privateKeyPem);
}),
};
}
const userId = typeof userIdOrHint === 'string' ? userIdOrHint : userIdOrHint.userId;
const getKeypair = () => typeof userIdOrHint === 'string' ? this.getUserKeypair(userId) : userIdOrHint;
if (preferType && ['01', '11', 'ed25519'].includes(preferType.toLowerCase())) {
const keyId = `${this.userEntityService.genLocalUserUri(userId)}#ed25519-key`;
const fetched = await this.privateKeyObjectCache.fetchMaybe(keyId, async () => {
const keypair = await getKeypair();
if (keypair.ed25519PublicKey != null && keypair.ed25519PrivateKey != null) {
return await importPrivateKey(keypair.ed25519PrivateKey);
}
return;
});
if (fetched) {
return {
keyId,
privateKey: fetched,
};
}
}
const keyId = `${this.userEntityService.genLocalUserUri(userId)}#main-key`;
return {
keyId,
privateKey: await this.privateKeyObjectCache.fetch(keyId, async () => {
const keypair = await getKeypair();
return await importPrivateKey(keypair.privateKey);
}),
};
}
@bindThis
public async refresh(userId: MiUser['id']): Promise<void> {
return await this.keypairEntityCache.refresh(userId);
}
/**
* If DB has ed25519 keypair, refresh cache and return it.
* If not, create, save and return ed25519 keypair.
* @param userId user id
* @returns MiUserKeypair if keypair is created, void if keypair is already exists
*/
@bindThis
public async refreshAndPrepareEd25519KeyPair(userId: MiUser['id']): Promise<MiUserKeypair | void> {
await this.refresh(userId);
const keypair = await this.keypairEntityCache.fetch(userId);
if (keypair.ed25519PublicKey != null) {
return;
}
const ed25519 = await genEd25519KeyPair();
await this.userKeypairsRepository.update({ userId }, {
ed25519PublicKey: ed25519.publicKey,
ed25519PrivateKey: ed25519.privateKey,
});
this.globalEventService.publishInternalEvent('userKeypairUpdated', { userId });
const result = {
...keypair,
ed25519PublicKey: ed25519.publicKey,
ed25519PrivateKey: ed25519.privateKey,
};
this.keypairEntityCache.set(userId, result);
return result;
}
@bindThis
private async onMessage(_: string, data: string): Promise<void> {
const obj = JSON.parse(data);
if (obj.channel === 'internal') {
const { type, body } = obj.message as GlobalEvents['internal']['payload'];
switch (type) {
case 'userKeypairUpdated': {
this.refresh(body.userId);
break;
}
}
}
}
@bindThis
public dispose(): void {
this.cache.dispose();
this.keypairEntityCache.dispose();
}
@bindThis

6
packages/backend/src/core/UserSearchService.ts
View File

@ -207,7 +207,7 @@ export class UserSearchService {
}
}
userQuery.andWhere('user.isSuspended = FALSE');
userQuery.andWhere('user.isSuspended = FALSE').andWhere('user.isRemoteSuspended = FALSE');
return userQuery;
}
@ -243,7 +243,8 @@ export class UserSearchService {
.where('user.updatedAt IS NULL')
.orWhere('user.updatedAt > :activeThreshold', { activeThreshold: activeThreshold });
}))
.andWhere('user.isSuspended = FALSE');
.andWhere('user.isSuspended = FALSE')
.andWhere('user.isRemoteSuspended = FALSE');
if (mutingQuery) {
nameQuery.andWhere(`user.id NOT IN (${mutingQuery.getQuery()})`);
@ -286,6 +287,7 @@ export class UserSearchService {
.orWhere('user.updatedAt > :activeThreshold', { activeThreshold: activeThreshold });
}))
.andWhere('user.isSuspended = FALSE')
.andWhere('user.isRemoteSuspended = FALSE')
.setParameters(profQuery.getParameters());
users = users.concat(await userQuery

143
packages/backend/src/core/UserSuspendService.ts
View File

@ -4,17 +4,14 @@
*/
import { Inject, Injectable } from '@nestjs/common';
import { Not, IsNull } from 'typeorm';
import type { FollowingsRepository, FollowRequestsRepository, UsersRepository } from '@/models/_.js';
import type { MiUser } from '@/models/User.js';
import { QueueService } from '@/core/QueueService.js';
import type { MiRemoteUser, MiUser } from '@/models/User.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { DI } from '@/di-symbols.js';
import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import { RelationshipJobData } from '@/queue/types.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { AccountUpdateService } from '@/core/AccountUpdateService.js';
@Injectable()
export class UserSuspendService {
@ -29,9 +26,8 @@ export class UserSuspendService {
private followRequestsRepository: FollowRequestsRepository,
private userEntityService: UserEntityService,
private queueService: QueueService,
private globalEventService: GlobalEventService,
private apRendererService: ApRendererService,
private accountUpdateService: AccountUpdateService,
private moderationLogService: ModerationLogService,
) {
}
@ -49,8 +45,20 @@ export class UserSuspendService {
});
(async () => {
await this.postSuspend(user).catch(e => {});
await this.unFollowAll(user).catch(e => {});
await this.postSuspend(user, false).catch((e: any) => { });
await this.suspendFollowings(user).catch((e: any) => { });
})();
}
@bindThis
public async suspendFromRemote(user: { id: MiRemoteUser['id']; host: MiRemoteUser['host'] }): Promise<void> {
await this.usersRepository.update(user.id, {
isRemoteSuspended: true,
});
(async () => {
await this.postSuspend(user, true).catch((e: any) => { });
await this.suspendFollowings(user).catch((e: any) => { });
})();
}
@ -67,13 +75,29 @@ export class UserSuspendService {
});
(async () => {
await this.postUnsuspend(user).catch(e => {});
await this.postUnsuspend(user, false).catch((e: any) => { });
await this.restoreFollowings(user).catch((e: any) => { });
})();
}
@bindThis
private async postSuspend(user: { id: MiUser['id']; host: MiUser['host'] }): Promise<void> {
this.globalEventService.publishInternalEvent('userChangeSuspendedState', { id: user.id, isSuspended: true });
public async unsuspendFromRemote(user: { id: MiRemoteUser['id']; host: MiRemoteUser['host'] }): Promise<void> {
await this.usersRepository.update(user.id, {
isRemoteSuspended: false,
});
(async () => {
await this.postUnsuspend(user, true).catch((e: any) => { });
await this.restoreFollowings(user).catch((e: any) => { });
})();
}
@bindThis
private async postSuspend(user: { id: MiUser['id']; host: MiUser['host'] }, isFromRemote: boolean): Promise<void> {
this.globalEventService.publishInternalEvent(
'userChangeSuspendedState',
isFromRemote ? { id: user.id, isRemoteSuspended: true } : { id: user.id, isSuspended: true }
);
this.followRequestsRepository.delete({
followeeId: user.id,
@ -83,80 +107,55 @@ export class UserSuspendService {
});
if (this.userEntityService.isLocalUser(user)) {
// 知り得る全SharedInboxにDelete配信
const content = this.apRendererService.addContext(this.apRendererService.renderDelete(this.userEntityService.genLocalUserUri(user.id), user));
const queue: string[] = [];
const followings = await this.followingsRepository.find({
where: [
{ followerSharedInbox: Not(IsNull()) },
{ followeeSharedInbox: Not(IsNull()) },
],
select: ['followerSharedInbox', 'followeeSharedInbox'],
});
const inboxes = followings.map(x => x.followerSharedInbox ?? x.followeeSharedInbox);
for (const inbox of inboxes) {
if (inbox != null && !queue.includes(inbox)) queue.push(inbox);
}
for (const inbox of queue) {
this.queueService.deliver(user, content, inbox, true);
}
this.accountUpdateService.publishToFollowersAndSharedInboxAndRelays(user.id);
}
}
@bindThis
private async postUnsuspend(user: MiUser): Promise<void> {
this.globalEventService.publishInternalEvent('userChangeSuspendedState', { id: user.id, isSuspended: false });
private async postUnsuspend(user: { id: MiUser['id']; host: MiUser['host'] }, isFromRemote: boolean): Promise<void> {
this.globalEventService.publishInternalEvent(
'userChangeSuspendedState',
isFromRemote ? { id: user.id, isRemoteSuspended: false } : { id: user.id, isSuspended: false }
);
if (this.userEntityService.isLocalUser(user)) {
// 知り得る全SharedInboxにUndo Delete配信
const content = this.apRendererService.addContext(this.apRendererService.renderUndo(this.apRendererService.renderDelete(this.userEntityService.genLocalUserUri(user.id), user), user));
const queue: string[] = [];
const followings = await this.followingsRepository.find({
where: [
{ followerSharedInbox: Not(IsNull()) },
{ followeeSharedInbox: Not(IsNull()) },
],
select: ['followerSharedInbox', 'followeeSharedInbox'],
});
const inboxes = followings.map(x => x.followerSharedInbox ?? x.followeeSharedInbox);
for (const inbox of inboxes) {
if (inbox != null && !queue.includes(inbox)) queue.push(inbox);
}
for (const inbox of queue) {
this.queueService.deliver(user as any, content, inbox, true);
}
this.accountUpdateService.publishToFollowersAndSharedInboxAndRelays(user.id);
}
}
@bindThis
private async unFollowAll(follower: MiUser) {
const followings = await this.followingsRepository.find({
where: {
private async suspendFollowings(follower: { id: MiUser['id'] }) {
await this.followingsRepository.update(
{
followerId: follower.id,
followeeId: Not(IsNull()),
},
});
{
isFollowerSuspended: true,
}
);
}
const jobs: RelationshipJobData[] = [];
for (const following of followings) {
if (following.followeeId && following.followerId) {
jobs.push({
from: { id: following.followerId },
to: { id: following.followeeId },
silent: true,
});
@bindThis
private async restoreFollowings(_follower: { id: MiUser['id'] }) {
// 最新の情報を取得
const follower = await this.usersRepository.findOneBy({ id: _follower.id });
if (follower == null) {
// ユーザーが削除されている場合は何もしないでおく
return;
}
if (this.userEntityService.isSuspendedEither(follower)) {
// フォロー関係を復元しない
return;
}
this.queueService.createUnfollowJob(jobs);
// フォロー関係を復元isFollowerSuspended: falseに変更
await this.followingsRepository.update(
{
followerId: follower.id,
},
{
isFollowerSuspended: false,
}
);
}
}

2
packages/backend/src/core/WebfingerService.ts
View File

@ -46,7 +46,7 @@ export class WebfingerService {
const m = query.match(mRegex);
if (m) {
const hostname = m[2];
const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
const useHttp = process.env.MISSKEY_USE_HTTP && process.env.MISSKEY_USE_HTTP.toLowerCase() === 'true';
return `http${useHttp ? '' : 's'}://${hostname}/.well-known/webfinger?${urlQuery({ resource: `acct:${query}` })}`;
}

1
packages/backend/src/core/WebhookTestService.ts
View File

@ -44,6 +44,7 @@ function generateDummyUser(override?: Partial<MiUser>): MiUser {
avatarDecorations: [],
tags: [],
isSuspended: false,
isRemoteSuspended: false,
isLocked: false,
isBot: false,
isCat: true,

214
packages/backend/src/core/activitypub/ApDbResolverService.ts
View File

@ -4,8 +4,9 @@
*/
import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import * as Redis from 'ioredis';
import { DI } from '@/di-symbols.js';
import type { NotesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
import type { MiUser, NotesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
import type { Config } from '@/config.js';
import { MemoryKVCache } from '@/misc/cache.js';
import type { MiUserPublickey } from '@/models/UserPublickey.js';
@ -14,9 +15,12 @@ import { UtilityService } from '@/core/UtilityService.js';
import type { MiNote } from '@/models/Note.js';
import { bindThis } from '@/decorators.js';
import { MiLocalUser, MiRemoteUser } from '@/models/User.js';
import Logger from '@/logger.js';
import { getApId } from './type.js';
import { ApPersonService } from './models/ApPersonService.js';
import { ApLoggerService } from './ApLoggerService.js';
import type { IObject } from './type.js';
import { GlobalEvents } from '@/core/GlobalEventService.js';
export type UriParseResult = {
/** wether the URI was generated by us */
@ -36,8 +40,8 @@ export type UriParseResult = {
@Injectable()
export class ApDbResolverService implements OnApplicationShutdown {
private publicKeyCache: MemoryKVCache<MiUserPublickey | null>;
private publicKeyByUserIdCache: MemoryKVCache<MiUserPublickey | null>;
private publicKeyByUserIdCache: MemoryKVCache<MiUserPublickey[] | null>;
private logger: Logger;
constructor(
@Inject(DI.config)
@ -52,12 +56,17 @@ export class ApDbResolverService implements OnApplicationShutdown {
@Inject(DI.userPublickeysRepository)
private userPublickeysRepository: UserPublickeysRepository,
@Inject(DI.redisForSub)
private redisForSub: Redis.Redis,
private cacheService: CacheService,
private apPersonService: ApPersonService,
private apLoggerService: ApLoggerService,
private utilityService: UtilityService,
) {
this.publicKeyCache = new MemoryKVCache<MiUserPublickey | null>(1000 * 60 * 60 * 12); // 12h
this.publicKeyByUserIdCache = new MemoryKVCache<MiUserPublickey | null>(1000 * 60 * 60 * 12); // 12h
this.publicKeyByUserIdCache = new MemoryKVCache<MiUserPublickey[] | null>(1000 * 60 * 60 * 12); // 12h
this.logger = this.apLoggerService.logger.createSubLogger('db-resolver');
this.redisForSub.on('message', this.onMessage);
}
@bindThis
@ -120,63 +129,180 @@ export class ApDbResolverService implements OnApplicationShutdown {
}
}
/**
* AP KeyId => Misskey User and Key
*/
@bindThis
public async getAuthUserFromKeyId(keyId: string): Promise<{
user: MiRemoteUser;
key: MiUserPublickey;
} | null> {
const key = await this.publicKeyCache.fetch(keyId, async () => {
const key = await this.userPublickeysRepository.findOneBy({
keyId,
});
if (key == null) return null;
return key;
}, key => key != null);
if (key == null) return null;
const user = await this.cacheService.findUserById(key.userId).catch(() => null) as MiRemoteUser | null;
if (user == null) return null;
if (user.isDeleted) return null;
return {
user,
key,
};
private async refreshAndFindKey(userId: MiUser['id'], keyId: string): Promise<MiUserPublickey | null> {
this.refreshCacheByUserId(userId);
const keys = await this.getPublicKeyByUserId(userId);
if (keys == null || !Array.isArray(keys) || keys.length === 0) {
this.logger.warn(`No key found (refreshAndFindKey) userId=${userId} keyId=${keyId} keys=${JSON.stringify(keys)}`);
return null;
}
const exactKey = keys.find(x => x.keyId === keyId);
if (exactKey) return exactKey;
this.logger.warn(`No exact key found (refreshAndFindKey) userId=${userId} keyId=${keyId} keys=${JSON.stringify(keys)}`);
return null;
}
/**
* AP Actor id => Misskey User and Key
* @param uri AP Actor id
* @param keyId Key id to find. If not specified, main key will be selected.
* @returns
* 1. `null` if the user and key host do not match
* 2. `{ user: null, key: null }` if the user is not found
* 3. `{ user: MiRemoteUser, key: null }` if key is not found
* 4. `{ user: MiRemoteUser, key: MiUserPublickey }` if both are found
*/
@bindThis
public async getAuthUserFromApId(uri: string): Promise<{
public async getAuthUserFromApId(uri: string, keyId?: string): Promise<{
user: MiRemoteUser;
key: MiUserPublickey | null;
} | null> {
const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
if (user.isDeleted) return null;
} | {
user: null;
key: null;
} |
null> {
if (keyId) {
if (this.utilityService.punyHost(uri) !== this.utilityService.punyHost(keyId)) {
/**
* keyIdはURL形式かつkeyIdのホストはuriのホストと一致するはず
* ApPersonService.validateActorに由来
*
* Mastodonはリプライ関連で他人のトゥートをHTTP Signature署名して送ってくることがある
*
* uriとkeyIdのホストが一致しない場合は無視する
* keyIdとuriの同一性を比べてみてもいいが`uri#*-key`keyIdを設定するのが
*
*
*
* The keyId should be in URL format and its host should match the host of the uri
* (derived from ApPersonService.validateActor)
*
* However, Mastodon sometimes sends toots from other users with HTTP Signature signing for reply-related purposes
* Such signatures are of questionable validity, so we choose to ignore them
* Here, we ignore cases where the hosts of uri and keyId do not match
* We could also compare the equality of keyId without the hash and uri, but since setting a keyId like `uri#*-key`
* is not a strict rule, we decide to allow for some flexibility
*/
this.logger.warn(`getAuthUserFromApId: actor uri and keyId are not matched uri=${uri} keyId=${keyId}`);
return null;
}
}
const key = await this.publicKeyByUserIdCache.fetch(
user.id,
() => this.userPublickeysRepository.findOneBy({ userId: user.id }),
const user = await this.apPersonService.resolvePerson(uri, undefined, true) as MiRemoteUser;
this.logger.debug(`getAuthUserFromApId: User resolved uri=${uri} userId=${user.id} keyId=${keyId}`);
if (user.isDeleted) {
this.logger.warn(`getAuthUserFromApId: User is deleted uri=${uri} userId=${user.id} keyId=${keyId}`);
return { user: null, key: null };
}
const keys = await this.getPublicKeyByUserId(user.id);
if (keys == null || !Array.isArray(keys) || keys.length === 0) {
this.logger.warn(`getAuthUserFromApId: No key found uri=${uri} userId=${user.id} keys=${JSON.stringify(keys)}`);
return { user, key: null };
}
if (!keyId) {
// Choose the main-like
const mainKey = keys.find(x => {
try {
const url = new URL(x.keyId);
const path = url.pathname.split('/').pop()?.toLowerCase();
if (url.hash) {
if (url.hash.toLowerCase().includes('main')) {
return true;
}
} else if (path?.includes('main') || path === 'publickey') {
return true;
}
} catch { /* noop */ }
return false;
});
if (mainKey) {
this.logger.debug(`getAuthUserFromApId: keyId not specified, use main key uri=${uri} userId=${user.id} keyId=${mainKey.keyId}`);
return { user, key: mainKey };
}
this.logger.warn(`getAuthUserFromApId: keyId not specified, No main key found, use the first key of ${keys.length} key(s) uri=${uri} userId=${user.id} key=${keys[0].keyId}`);
return { user, key: keys[0] };
}
const exactKey = keys.find(x => x.keyId === keyId);
if (exactKey) {
this.logger.debug(`getAuthUserFromApId: key found uri=${uri} userId=${user.id} keyId=${keyId}`);
return { user, key: exactKey };
}
/**
* keyIdで見つからない場合
* If not found with keyId, update cache and reacquire
*/
this.logger.debug(`getAuthUserFromApId: key not found, refreshing cache uri=${uri} userId=${user.id} keyId=${keyId}`);
const cacheRaw = this.publicKeyByUserIdCache.getRaw(user.id);
if (cacheRaw && Date.now() - cacheRaw.date > 1000 * 60 * 5) {
this.logger.debug(`getAuthUserFromApId: Cache is old, refreshing user public keys uri=${uri} userId=${user.id} keyId=${keyId}`);
const exactKey = await this.refreshAndFindKey(user.id, keyId);
if (exactKey) return { user, key: exactKey };
}
/**
* lastFetchedAtでの更新制限を弱めて再取得
* Reacquisition with weakened update limit at lastFetchedAt
*/
if (user.lastFetchedAt == null || Date.now() - user.lastFetchedAt.getTime() > 1000 * 60 * 5) {
this.logger.info(`getAuthUserFromApId: Renewing remote user uri=${uri} userId=${user.id} keyId=${keyId}`);
const renewed = await this.apPersonService.fetchPersonWithRenewal(uri, 0);
if (renewed == null) {
this.logger.warn(`getAuthUserFromApId: User not found uri=${uri} userId=${user.id} keyId=${keyId}`);
return null;
} else if (renewed.isDeleted) {
this.logger.warn(`getAuthUserFromApId: User is deleted uri=${uri} userId=${user.id} keyId=${keyId}`);
return null;
}
return { user, key: await this.refreshAndFindKey(user.id, keyId) };
}
this.logger.warn(`getAuthUserFromApId: No key found uri=${uri} userId=${user.id} keyId=${keyId}`);
return { user, key: null };
}
@bindThis
public async getPublicKeyByUserId(userId: MiUser['id']): Promise<MiUserPublickey[] | null> {
return await this.publicKeyByUserIdCache.fetch(
userId,
() => this.userPublickeysRepository.find({ where: { userId } }),
v => v != null,
);
}
return {
user,
key,
};
@bindThis
public refreshCacheByUserId(userId: MiUser['id']): void {
this.publicKeyByUserIdCache.delete(userId);
}
@bindThis
private async onMessage(_: string, data: string): Promise<void> {
const obj = JSON.parse(data);
if (obj.channel === 'internal') {
const { type, body } = obj.message as GlobalEvents['internal']['payload'];
switch (type) {
case 'remoteUserUpdated': {
this.refreshCacheByUserId(body.id);
break;
}
default:
break;
}
}
}
@bindThis
public dispose(): void {
this.publicKeyCache.dispose();
this.publicKeyByUserIdCache.dispose();
this.redisForSub.off('message', this.onMessage);
}
@bindThis

113
packages/backend/src/core/activitypub/ApDeliverManagerService.ts
View File

@ -3,16 +3,21 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
import { IsNull, Not } from 'typeorm';
import { DI } from '@/di-symbols.js';
import type { FollowingsRepository } from '@/models/_.js';
import type { MiLocalUser, MiRemoteUser, MiUser } from '@/models/User.js';
import { QueueService } from '@/core/QueueService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import type { IActivity } from '@/core/activitypub/type.js';
import { ThinUser } from '@/queue/types.js';
import { AccountUpdateService } from '@/core/AccountUpdateService.js';
import type Logger from '@/logger.js';
import { UserKeypairService } from '../UserKeypairService.js';
import { ApLoggerService } from './ApLoggerService.js';
import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
import { ModuleRef } from '@nestjs/core';
interface IRecipe {
type: string;
@ -27,12 +32,19 @@ interface IDirectRecipe extends IRecipe {
to: MiRemoteUser;
}
interface IAllKnowingSharedInboxRecipe extends IRecipe {
type: 'AllKnowingSharedInbox';
}
const isFollowers = (recipe: IRecipe): recipe is IFollowersRecipe =>
recipe.type === 'Followers';
const isDirect = (recipe: IRecipe): recipe is IDirectRecipe =>
recipe.type === 'Direct';
const isAllKnowingSharedInbox = (recipe: IRecipe): recipe is IAllKnowingSharedInboxRecipe =>
recipe.type === 'AllKnowingSharedInbox';
class DeliverManager {
private actor: ThinUser;
private activity: IActivity | null;
@ -40,16 +52,18 @@ class DeliverManager {
/**
* Constructor
* @param userEntityService
* @param userKeypairService
* @param followingsRepository
* @param queueService
* @param actor Actor
* @param activity Activity to deliver
*/
constructor(
private userEntityService: UserEntityService,
private userKeypairService: UserKeypairService,
private followingsRepository: FollowingsRepository,
private queueService: QueueService,
private accountUpdateService: AccountUpdateService,
private logger: Logger,
actor: { id: MiUser['id']; host: null; },
activity: IActivity | null,
@ -91,6 +105,18 @@ class DeliverManager {
this.addRecipe(recipe);
}
/**
* Add recipe for all-knowing shared inbox deliver
*/
@bindThis
public addAllKnowingSharedInboxRecipe(): void {
const deliver: IAllKnowingSharedInboxRecipe = {
type: 'AllKnowingSharedInbox',
};
this.addRecipe(deliver);
}
/**
* Add recipe
* @param recipe Recipe
@ -104,11 +130,46 @@ class DeliverManager {
* Execute delivers
*/
@bindThis
public async execute(): Promise<void> {
public async execute(opts: { privateKey?: PrivateKeyWithPem; ignoreSuspend?: boolean } = {}): Promise<void> {
//#region MIGRATION
if (!opts?.privateKey) {
/**
* ed25519の署名がなければ追加する
*/
const created = await this.userKeypairService.refreshAndPrepareEd25519KeyPair(this.actor.id);
if (created) {
// createdが存在するということは新規作成されたということなので、フォロワーに配信する
this.logger.info(`ed25519 key pair created for user ${this.actor.id} and publishing to followers`);
// リモートに配信
const keyPair = await this.userKeypairService.getLocalUserPrivateKeyPem(created, 'main');
await this.accountUpdateService.publishToFollowers(this.actor.id, keyPair);
}
}
//#endregion
//#region collect inboxes by recipes
// The value flags whether it is shared or not.
// key: inbox URL, value: whether it is sharedInbox
const inboxes = new Map<string, boolean>();
if (this.recipes.some(r => isAllKnowingSharedInbox(r))) {
// all-knowing shared inbox
const followings = await this.followingsRepository.createQueryBuilder('f')
.select([
'f.followerSharedInbox',
'f.followeeSharedInbox',
])
.where('f.followerSharedInbox IS NOT NULL')
.orWhere('f.followeeSharedInbox IS NOT NULL')
.distinct()
.getRawMany<{ f_followerSharedInbox: string | null; f_followeeSharedInbox: string | null; }>();
for (const following of followings) {
if (following.f_followeeSharedInbox) inboxes.set(following.f_followeeSharedInbox, true);
if (following.f_followerSharedInbox) inboxes.set(following.f_followerSharedInbox, true);
}
}
// build inbox list
// Process follower recipes first to avoid duplication when processing direct recipes later.
if (this.recipes.some(r => isFollowers(r))) {
@ -119,6 +180,7 @@ class DeliverManager {
where: {
followeeId: this.actor.id,
followerHost: Not(IsNull()),
isFollowerSuspended: opts.ignoreSuspend ? undefined : false,
},
select: {
followerSharedInbox: true,
@ -142,39 +204,55 @@ class DeliverManager {
inboxes.set(recipe.to.inbox, false);
}
//#endregion
// deliver
await this.queueService.deliverMany(this.actor, this.activity, inboxes);
await this.queueService.deliverMany(this.actor, this.activity, inboxes, opts?.privateKey);
this.logger.info(`Deliver queues dispatched: inboxes=${inboxes.size} actorId=${this.actor.id} activityId=${this.activity?.id}`);
}
}
@Injectable()
export class ApDeliverManagerService {
export class ApDeliverManagerService implements OnModuleInit {
private logger: Logger;
private accountUpdateService: AccountUpdateService;
constructor(
private moduleRef: ModuleRef,
@Inject(DI.followingsRepository)
private followingsRepository: FollowingsRepository,
private userEntityService: UserEntityService,
private userKeypairService: UserKeypairService,
private queueService: QueueService,
private apLoggerService: ApLoggerService,
) {
this.logger = this.apLoggerService.logger.createSubLogger('deliver-manager');
}
async onModuleInit() {
this.accountUpdateService = this.moduleRef.get(AccountUpdateService.name);
}
/**
* Deliver activity to followers
* @param actor
* @param activity Activity
* @param forceMainKey Force to use main (rsa) key
*/
@bindThis
public async deliverToFollowers(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity): Promise<void> {
public async deliverToFollowers(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity, privateKey?: PrivateKeyWithPem): Promise<void> {
const manager = new DeliverManager(
this.userEntityService,
this.userKeypairService,
this.followingsRepository,
this.queueService,
this.accountUpdateService,
this.logger,
actor,
activity,
);
manager.addFollowersRecipe();
await manager.execute();
await manager.execute({ privateKey });
}
/**
@ -186,9 +264,11 @@ export class ApDeliverManagerService {
@bindThis
public async deliverToUser(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity, to: MiRemoteUser): Promise<void> {
const manager = new DeliverManager(
this.userEntityService,
this.userKeypairService,
this.followingsRepository,
this.queueService,
this.accountUpdateService,
this.logger,
actor,
activity,
);
@ -205,9 +285,11 @@ export class ApDeliverManagerService {
@bindThis
public async deliverToUsers(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity, targets: MiRemoteUser[]): Promise<void> {
const manager = new DeliverManager(
this.userEntityService,
this.userKeypairService,
this.followingsRepository,
this.queueService,
this.accountUpdateService,
this.logger,
actor,
activity,
);
@ -218,10 +300,11 @@ export class ApDeliverManagerService {
@bindThis
public createDeliverManager(actor: { id: MiUser['id']; host: null; }, activity: IActivity | null): DeliverManager {
return new DeliverManager(
this.userEntityService,
this.userKeypairService,
this.followingsRepository,
this.queueService,
this.accountUpdateService,
this.logger,
actor,
activity,
);

14
packages/backend/src/core/activitypub/ApInboxService.ts
View File

@ -127,21 +127,13 @@ export class ApInboxService {
result = await this.performOneActivity(actor, activity, resolver);
}
// ついでにリモートユーザーの情報が古かったら更新しておく
if (actor.uri) {
if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) {
setImmediate(() => {
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
this.apPersonService.updatePerson(actor.uri);
});
}
}
return result;
// ついでにリモートユーザーの情報が古かったら更新しておく?
// → No, この関数が呼び出される前に署名検証で更新されているはず
}
@bindThis
public async performOneActivity(actor: MiRemoteUser, activity: IObject, resolver?: Resolver): Promise<string | void> {
if (actor.isSuspended) return;
// ここでは凍結されているかどうかはチェックせず、各処理で判断する
if (isCreate(activity)) {
return await this.create(actor, activity, resolver);

21
packages/backend/src/core/activitypub/ApRendererService.ts
View File

@ -32,6 +32,7 @@ import { JsonLdService } from './JsonLdService.js';
import { ApMfmService } from './ApMfmService.js';
import { CONTEXT } from './misc/contexts.js';
import type { IAccept, IActivity, IAdd, IAnnounce, IApDocument, IApEmoji, IApHashtag, IApImage, IApMention, IBlock, ICreate, IDelete, IFlag, IFollow, IKey, ILike, IMove, IObject, IPost, IQuestion, IReject, IRemove, ITombstone, IUndo, IUpdate } from './type.js';
import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
@Injectable()
export class ApRendererService {
@ -291,15 +292,15 @@ export class ApRendererService {
}
@bindThis
public renderKey(user: MiLocalUser, key: MiUserKeypair, postfix?: string): IKey {
public renderKey(user: MiLocalUser, publicKey: string, postfix?: string): IKey {
return {
id: `${this.config.url}/users/${user.id}${postfix ?? '/publickey'}`,
id: `${this.userEntityService.genLocalUserUri(user.id)}${postfix ?? '/publickey'}`,
type: 'Key',
owner: this.userEntityService.genLocalUserUri(user.id),
publicKeyPem: createPublicKey(key.publicKey).export({
publicKeyPem: createPublicKey(publicKey).export({
type: 'spki',
format: 'pem',
}),
}) as string,
};
}
@ -574,9 +575,13 @@ export class ApRendererService {
tag,
manuallyApprovesFollowers: user.isLocked,
discoverable: user.isExplorable,
publicKey: this.renderKey(user, keypair, '#main-key'),
publicKey: this.renderKey(user, keypair.publicKey, '#main-key'),
additionalPublicKeys: [
...(keypair.ed25519PublicKey ? [this.renderKey(user, keypair.ed25519PublicKey, '#ed25519-key')] : []),
],
isCat: user.isCat,
attachment: attachment.length ? attachment : undefined,
suspended: user.isSuspended,
};
if (user.movedToUri) {
@ -697,12 +702,10 @@ export class ApRendererService {
}
@bindThis
public async attachLdSignature(activity: any, user: { id: MiUser['id']; host: null; }): Promise<IActivity> {
const keypair = await this.userKeypairService.getUserKeypair(user.id);
public async attachLdSignature(activity: any, key: PrivateKeyWithPem): Promise<IActivity> {
const jsonLd = this.jsonLdService.use();
jsonLd.debug = false;
activity = await jsonLd.signRsaSignature2017(activity, keypair.privateKey, `${this.config.url}/users/${user.id}#main-key`);
activity = await jsonLd.signRsaSignature2017(activity, key.privateKeyPem, key.keyId);
return activity;
}

175
packages/backend/src/core/activitypub/ApRequestService.ts
View File

@ -3,9 +3,9 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import * as crypto from 'node:crypto';
import { URL } from 'node:url';
import { Inject, Injectable } from '@nestjs/common';
import { genRFC3230DigestHeader, signAsDraftToRequest } from '@misskey-dev/node-http-message-signatures';
import { Window } from 'happy-dom';
import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js';
@ -17,124 +17,63 @@ import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import type Logger from '@/logger.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
import { assertActivityMatchesUrl, FetchAllowSoftFailMask as FetchAllowSoftFailMask } from '@/core/activitypub/misc/check-against-url.js';
import { assertActivityMatchesUrl, FetchAllowSoftFailMask } from '@/core/activitypub/misc/check-against-url.js';
import type { IObject } from './type.js';
import type { PrivateKeyWithPem, PrivateKey } from '@misskey-dev/node-http-message-signatures';
type Request = {
url: string;
method: string;
headers: Record<string, string>;
};
type Signed = {
request: Request;
signingString: string;
signature: string;
signatureHeader: string;
};
type PrivateKey = {
privateKeyPem: string;
keyId: string;
};
export class ApRequestCreator {
static createSignedPost(args: { key: PrivateKey, url: string, body: string, digest?: string, additionalHeaders: Record<string, string> }): Signed {
export async function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; digest?: string, additionalHeaders: Record<string, string> }) {
const u = new URL(args.url);
const digestHeader = args.digest ?? this.createDigest(args.body);
const request: Request = {
const request = {
url: u.href,
method: 'POST',
headers: this.#objectAssignWithLcKey({
headers: {
'Date': new Date().toUTCString(),
'Host': u.host,
'Content-Type': 'application/activity+json',
'Digest': digestHeader,
}, args.additionalHeaders),
...args.additionalHeaders,
} as Record<string, string>,
};
const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
// TODO: httpMessageSignaturesImplementationLevelによって新規格で通信をするようにする
const digestHeader = args.digest ?? await genRFC3230DigestHeader(args.body, 'SHA-256');
request.headers['Digest'] = digestHeader;
const result = await signAsDraftToRequest(
request,
args.key,
['(request-target)', 'date', 'host', 'digest'],
);
return {
request,
signingString: result.signingString,
signature: result.signature,
signatureHeader: result.signatureHeader,
...result,
};
}
}
static createDigest(body: string) {
return `SHA-256=${crypto.createHash('sha256').update(body).digest('base64')}`;
}
static createSignedGet(args: { key: PrivateKey, url: string, additionalHeaders: Record<string, string> }): Signed {
export async function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
const u = new URL(args.url);
const request: Request = {
const request = {
url: u.href,
method: 'GET',
headers: this.#objectAssignWithLcKey({
headers: {
'Accept': 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
'Date': new Date().toUTCString(),
'Host': new URL(args.url).host,
}, args.additionalHeaders),
...args.additionalHeaders,
} as Record<string, string>,
};
const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
// TODO: httpMessageSignaturesImplementationLevelによって新規格で通信をするようにする
const result = await signAsDraftToRequest(
request,
args.key,
['(request-target)', 'date', 'host', 'accept'],
);
return {
request,
signingString: result.signingString,
signature: result.signature,
signatureHeader: result.signatureHeader,
...result,
};
}
static #signToRequest(request: Request, key: PrivateKey, includeHeaders: string[]): Signed {
const signingString = this.#genSigningString(request, includeHeaders);
const signature = crypto.sign('sha256', Buffer.from(signingString), key.privateKeyPem).toString('base64');
const signatureHeader = `keyId="${key.keyId}",algorithm="rsa-sha256",headers="${includeHeaders.join(' ')}",signature="${signature}"`;
request.headers = this.#objectAssignWithLcKey(request.headers, {
Signature: signatureHeader,
});
// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
delete request.headers['host'];
return {
request,
signingString,
signature,
signatureHeader,
};
}
static #genSigningString(request: Request, includeHeaders: string[]): string {
request.headers = this.#lcObjectKey(request.headers);
const results: string[] = [];
for (const key of includeHeaders.map(x => x.toLowerCase())) {
if (key === '(request-target)') {
results.push(`(request-target): ${request.method.toLowerCase()} ${new URL(request.url).pathname}`);
} else {
results.push(`${key}: ${request.headers[key]}`);
}
}
return results.join('\n');
}
static #lcObjectKey(src: Record<string, string>): Record<string, string> {
const dst: Record<string, string> = {};
for (const key of Object.keys(src).filter(x => x !== '__proto__' && typeof src[x] === 'string')) dst[key.toLowerCase()] = src[key];
return dst;
}
static #objectAssignWithLcKey(a: Record<string, string>, b: Record<string, string>): Record<string, string> {
return Object.assign(this.#lcObjectKey(a), this.#lcObjectKey(b));
}
}
@Injectable()
@ -155,21 +94,28 @@ export class ApRequestService {
}
@bindThis
public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, digest?: string): Promise<void> {
public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, level: string, digest?: string, key?: PrivateKeyWithPem): Promise<void> {
const body = typeof object === 'string' ? object : JSON.stringify(object);
const keypair = await this.userKeypairService.getUserKeypair(user.id);
const req = ApRequestCreator.createSignedPost({
key: {
privateKeyPem: keypair.privateKey,
keyId: `${this.config.url}/users/${user.id}#main-key`,
},
const keyFetched = await this.userKeypairService.getLocalUserPrivateKey(key ?? user.id, level);
const req = await createSignedPost({
level,
key: keyFetched,
url,
body,
digest,
additionalHeaders: {
'User-Agent': this.config.userAgent,
},
digest,
});
// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
delete req.request.headers['Host'];
this.logger.debug('create signed post', {
version: 'draft',
level,
url,
keyId: keyFetched.keyId,
});
await this.httpRequestService.send(url, {
@ -185,20 +131,29 @@ export class ApRequestService {
* @param url URL to fetch
*/
@bindThis
public async signedGet(url: string, user: { id: MiUser['id'] }, allowSoftfail: FetchAllowSoftFailMask = FetchAllowSoftFailMask.Strict, followAlternate?: boolean): Promise<unknown> {
public async signedGet(url: string, user: { id: MiUser['id'] }, allowSoftfail: FetchAllowSoftFailMask = FetchAllowSoftFailMask.Strict, level: string, followAlternate?: boolean): Promise<unknown> {
const _followAlternate = followAlternate ?? true;
const keypair = await this.userKeypairService.getUserKeypair(user.id);
const req = ApRequestCreator.createSignedGet({
key: {
privateKeyPem: keypair.privateKey,
keyId: `${this.config.url}/users/${user.id}#main-key`,
},
const key = await this.userKeypairService.getLocalUserPrivateKey(user.id, level);
const req = await createSignedGet({
level,
key,
url,
additionalHeaders: {
'User-Agent': this.config.userAgent,
},
});
// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
delete req.request.headers['Host'];
this.logger.debug('create signed get', {
version: 'draft',
level,
url,
keyId: key.keyId,
});
const res = await this.httpRequestService.send(url, {
method: req.request.method,
headers: req.request.headers,
@ -243,7 +198,7 @@ export class ApRequestService {
if (alternate) {
const href = alternate.getAttribute('href');
if (href && this.utilityService.punyHost(url) === this.utilityService.punyHost(href)) {
return await this.signedGet(href, user, allowSoftfail, false);
return await this.signedGet(href, user, allowSoftfail, level, false);
}
}
} catch (e) {

8
packages/backend/src/core/activitypub/ApResolverService.ts
View File

@ -16,6 +16,7 @@ import { LoggerService } from '@/core/LoggerService.js';
import type Logger from '@/logger.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
import { IdentifiableError } from '@/misc/identifiable-error.js';
import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
import { isCollectionOrOrderedCollection } from './type.js';
import { ApDbResolverService } from './ApDbResolverService.js';
import { ApRendererService } from './ApRendererService.js';
@ -42,6 +43,7 @@ export class Resolver {
private httpRequestService: HttpRequestService,
private apRendererService: ApRendererService,
private apDbResolverService: ApDbResolverService,
private federatedInstanceService: FederatedInstanceService,
private loggerService: LoggerService,
private recursionLimit = 256,
) {
@ -108,8 +110,10 @@ export class Resolver {
this.user = await this.systemAccountService.fetch('actor');
}
const server = await this.federatedInstanceService.fetch(host);
const object = (this.user
? await this.apRequestService.signedGet(value, this.user, allowSoftfail) as IObject
? await this.apRequestService.signedGet(value, this.user, allowSoftfail, server?.httpMessageSignaturesImplementationLevel ?? '00') as IObject
: await this.httpRequestService.getActivityJson(value, undefined, allowSoftfail)) as IObject;
if (
@ -207,6 +211,7 @@ export class ApResolverService {
private httpRequestService: HttpRequestService,
private apRendererService: ApRendererService,
private apDbResolverService: ApDbResolverService,
private federatedInstanceService: FederatedInstanceService,
private loggerService: LoggerService,
) {
}
@ -227,6 +232,7 @@ export class ApResolverService {
this.httpRequestService,
this.apRendererService,
this.apDbResolverService,
this.federatedInstanceService,
this.loggerService,
);
}

2
packages/backend/src/core/activitypub/misc/contexts.ts
View File

@ -134,6 +134,7 @@ const security_v1 = {
'privateKey': { '@id': 'sec:privateKey', '@type': '@id' },
'privateKeyPem': 'sec:privateKeyPem',
'publicKey': { '@id': 'sec:publicKey', '@type': '@id' },
'additionalPublicKeys': { '@id': 'sec:publicKey', '@type': '@id' },
'publicKeyBase58': 'sec:publicKeyBase58',
'publicKeyPem': 'sec:publicKeyPem',
'publicKeyWif': 'sec:publicKeyWif',
@ -543,6 +544,7 @@ const extension_context_definition = {
Emoji: 'toot:Emoji',
featured: 'toot:featured',
discoverable: 'toot:discoverable',
suspended: 'toot:suspended',
// schema
schema: 'http://schema.org#',
PropertyValue: 'schema:PropertyValue',

134
packages/backend/src/core/activitypub/models/ApPersonService.ts
View File

@ -3,9 +3,10 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { verify } from 'crypto';
import { Inject, Injectable } from '@nestjs/common';
import promiseLimit from 'promise-limit';
import { DataSource } from 'typeorm';
import { DataSource, In, Not } from 'typeorm';
import { ModuleRef } from '@nestjs/core';
import { DI } from '@/di-symbols.js';
import type { FollowingsRepository, InstancesRepository, MiMeta, UserProfilesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
@ -38,6 +39,8 @@ import { RoleService } from '@/core/RoleService.js';
import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
import type { AccountMoveService } from '@/core/AccountMoveService.js';
import { checkHttps } from '@/misc/check-https.js';
import { REMOTE_USER_CACHE_TTL, REMOTE_USER_MOVE_COOLDOWN } from '@/const.js';
import { UserSuspendService } from '@/core/UserSuspendService.js';
import { getApId, getApType, getOneApHrefNullable, isActor, isCollection, isCollectionOrOrderedCollection, isPropertyValue } from '../type.js';
import { extractApHashtags } from './tag.js';
import type { OnModuleInit } from '@nestjs/common';
@ -47,7 +50,7 @@ import type { ApResolverService, Resolver } from '../ApResolverService.js';
import type { ApLoggerService } from '../ApLoggerService.js';
import type { ApImageService } from './ApImageService.js';
import type { IActor, ICollection, IObject, IOrderedCollection } from '../type.js';
import type { IActor, IKey, IObject, ICollection, IOrderedCollection } from '../type.js';
const nameLength = 128;
const summaryLength = 2048;
@ -74,6 +77,7 @@ export class ApPersonService implements OnModuleInit {
private instanceChart: InstanceChart;
private apLoggerService: ApLoggerService;
private accountMoveService: AccountMoveService;
private userSuspendService: UserSuspendService;
private logger: Logger;
constructor(
@ -126,6 +130,7 @@ export class ApPersonService implements OnModuleInit {
this.instanceChart = this.moduleRef.get('InstanceChart');
this.apLoggerService = this.moduleRef.get('ApLoggerService');
this.accountMoveService = this.moduleRef.get('AccountMoveService');
this.userSuspendService = this.moduleRef.get('UserSuspendService');
this.logger = this.apLoggerService.logger;
}
@ -209,15 +214,40 @@ export class ApPersonService implements OnModuleInit {
}
if (x.publicKey) {
if (typeof x.publicKey.id !== 'string') {
const publicKeys = Array.isArray(x.publicKey) ? x.publicKey : [x.publicKey];
for (const publicKey of publicKeys) {
if (typeof publicKey.id !== 'string') {
throw new Error('invalid Actor: publicKey.id is not a string');
}
const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id);
const publicKeyIdHost = this.utilityService.punyHost(publicKey.id);
if (publicKeyIdHost !== expectHost) {
throw new Error('invalid Actor: publicKey.id has different host');
}
}
}
if (x.additionalPublicKeys) {
if (!x.publicKey) {
throw new Error('invalid Actor: additionalPublicKeys is set but publicKey is not');
}
if (!Array.isArray(x.additionalPublicKeys)) {
throw new Error('invalid Actor: additionalPublicKeys is not an array');
}
for (const key of x.additionalPublicKeys) {
if (typeof key.id !== 'string') {
throw new Error('invalid Actor: additionalPublicKeys.id is not a string');
}
const keyIdHost = this.utilityService.punyHost(key.id);
if (keyIdHost !== expectHost) {
throw new Error('invalid Actor: additionalPublicKeys.id has different host');
}
}
}
return x;
}
@ -252,6 +282,33 @@ export class ApPersonService implements OnModuleInit {
return null;
}
/**
* uriからUser(Person)
*
* Misskeyに対象のPersonが登録されていればそれを返しnullを返します
* TTLが0でない場合TTLを過ぎていた場合はupdatePersonを実行します
*/
@bindThis
async fetchPersonWithRenewal(uri: string, TTL = REMOTE_USER_CACHE_TTL): Promise<MiLocalUser | MiRemoteUser | null> {
const exist = await this.fetchPerson(uri);
if (exist == null) return null;
if (this.userEntityService.isRemoteUser(exist)) {
if (TTL === 0 || exist.lastFetchedAt == null || Date.now() - exist.lastFetchedAt.getTime() > TTL) {
this.logger.debug('fetchPersonWithRenewal: renew', { uri, TTL, lastFetchedAt: exist.lastFetchedAt });
try {
await this.updatePerson(exist.uri);
return await this.fetchPerson(uri);
} catch (err) {
this.logger.error('error occurred while renewing user', { err });
}
}
this.logger.debug('fetchPersonWithRenewal: use cache', { uri, TTL, lastFetchedAt: exist.lastFetchedAt });
}
return exist;
}
private async resolveAvatarAndBanner(user: MiRemoteUser, icon: any, image: any): Promise<Partial<Pick<MiRemoteUser, 'avatarId' | 'bannerId' | 'avatarUrl' | 'bannerUrl' | 'avatarBlurhash' | 'bannerBlurhash'>>> {
if (user == null) throw new Error('failed to create user: user is null');
@ -333,7 +390,7 @@ export class ApPersonService implements OnModuleInit {
.then(isPublic => isPublic ? 'public' : 'private')
.catch(err => {
if (!(err instanceof StatusError) || err.isRetryable) {
this.logger.error('error occurred while fetching following/followers collection', { stack: err });
this.logger.error('Create the Person: error occurred while fetching following/followers collection', { stack: err });
}
return 'private';
}),
@ -359,7 +416,7 @@ export class ApPersonService implements OnModuleInit {
const emojis = await this.apNoteService.extractEmojis(person.tag ?? [], host)
.then(_emojis => _emojis.map(emoji => emoji.name))
.catch(err => {
this.logger.error('error occurred while fetching user emojis', { stack: err });
this.logger.error('Create the Person: error occurred while fetching user emojis', { stack: err });
return [];
});
//#endregion
@ -393,6 +450,7 @@ export class ApPersonService implements OnModuleInit {
makeNotesFollowersOnlyBefore: (person as any).makeNotesFollowersOnlyBefore ?? null,
makeNotesHiddenBefore: (person as any).makeNotesHiddenBefore ?? null,
emojis,
isRemoteSuspended: person.suspended === true,
})) as MiRemoteUser;
let _description: string | null = null;
@ -417,11 +475,16 @@ export class ApPersonService implements OnModuleInit {
}));
if (person.publicKey) {
await transactionalEntityManager.save(new MiUserPublickey({
userId: user.id,
keyId: person.publicKey.id,
keyPem: person.publicKey.publicKeyPem,
}));
const publicKeys = new Map<string, IKey>();
(person.additionalPublicKeys ?? []).forEach(key => publicKeys.set(key.id, key));
(Array.isArray(person.publicKey) ? person.publicKey : [person.publicKey]).forEach(key => publicKeys.set(key.id, key));
this.logger.debug(`Create the Person: Saving public keys for user ${user.id}`, { keyIds: Array.from(publicKeys.keys()) });
await transactionalEntityManager.save(Array.from(publicKeys.values(), key => new MiUserPublickey({
keyId: key.id,
userId: user!.id,
keyPem: key.publicKeyPem,
})));
}
});
} catch (e) {
@ -429,7 +492,10 @@ export class ApPersonService implements OnModuleInit {
if (isDuplicateKeyValueError(e)) {
// /users/@a => /users/:id のように入力がaliasなときにエラーになることがあるのを対応
const u = await this.usersRepository.findOneBy({ uri: person.id });
if (u == null) throw new Error('already registered');
if (u == null) {
this.logger.error('Create the Person: duplicate key error', { stack: e });
throw new Error('already registered');
}
user = u as MiRemoteUser;
} else {
@ -570,6 +636,7 @@ export class ApPersonService implements OnModuleInit {
movedToUri: person.movedTo ?? null,
alsoKnownAs: person.alsoKnownAs ?? null,
isExplorable: person.discoverable,
isRemoteSuspended: person.suspended === true,
...(await this.resolveAvatarAndBanner(exist, person.icon, person.image).catch(() => ({}))),
} as Partial<MiRemoteUser> & Pick<MiRemoteUser, 'isBot' | 'isCat' | 'isLocked' | 'movedToUri' | 'alsoKnownAs' | 'isExplorable'>;
@ -598,11 +665,42 @@ export class ApPersonService implements OnModuleInit {
return 'skip';
}
//#region suspend
if (exist.isRemoteSuspended === false && person.suspended === true) {
// リモートサーバーでアカウントが凍結された
this.logger.info(`Remote User Suspended: acct=${exist.username}@${exist.host} id=${exist.id} uri=${exist.uri}`);
this.userSuspendService.suspendFromRemote({ id: exist.id, host: exist.host });
}
if (exist.isRemoteSuspended === true && person.suspended === false) {
// リモートサーバーでアカウントが解凍された
this.logger.info(`Remote User Unsuspended: acct=${exist.username}@${exist.host} id=${exist.id} uri=${exist.uri}`);
this.userSuspendService.unsuspendFromRemote({ id: exist.id, host: exist.host });
}
//#endregion
try {
// Deleteアクティビティ受信時にもここが走ってsaveがuserforeign key制約エラーを吐くことがある
// とりあえずtry-catchで囲っておく
const publicKeys = new Map<string, IKey>();
if (person.publicKey) {
await this.userPublickeysRepository.update({ userId: exist.id }, {
keyId: person.publicKey.id,
keyPem: person.publicKey.publicKeyPem,
(person.additionalPublicKeys ?? []).forEach(key => publicKeys.set(key.id, key));
(Array.isArray(person.publicKey) ? person.publicKey : [person.publicKey]).forEach(key => publicKeys.set(key.id, key));
await this.userPublickeysRepository.save(Array.from(publicKeys.values(), key => ({
keyId: key.id,
userId: exist.id,
keyPem: key.publicKeyPem,
})));
}
this.userPublickeysRepository.delete({
keyId: Not(In(Array.from(publicKeys.keys()))),
userId: exist.id,
}).catch(err => {
this.logger.error('something happened while deleting remote user public keys:', { userId: exist.id, err });
});
} catch (err) {
this.logger.error('something happened while updating remote user public keys:', { userId: exist.id, err });
}
let _description: string | null = null;
@ -647,7 +745,7 @@ export class ApPersonService implements OnModuleInit {
exist.movedAt == null ||
// 以前のmovingから14日以上経過した場合のみ移行処理を許可
// Mastodonのクールダウン期間は30日だが若干緩めに設定しておく
exist.movedAt.getTime() + 1000 * 60 * 60 * 24 * 14 < updated.movedAt.getTime()
exist.movedAt.getTime() + REMOTE_USER_MOVE_COOLDOWN < updated.movedAt.getTime()
)) {
this.logger.info(`Start to process Move of @${updated.username}@${updated.host} (${uri})`);
return this.processRemoteMove(updated, movePreventUris)
@ -670,9 +768,9 @@ export class ApPersonService implements OnModuleInit {
* Misskeyに登録しそれを返します
*/
@bindThis
public async resolvePerson(uri: string, resolver?: Resolver): Promise<MiLocalUser | MiRemoteUser> {
public async resolvePerson(uri: string, resolver?: Resolver, withRenewal = false): Promise<MiLocalUser | MiRemoteUser> {
//#region このサーバーに既に登録されていたらそれを返す
const exist = await this.fetchPerson(uri);
const exist = withRenewal ? await this.fetchPersonWithRenewal(uri) : await this.fetchPerson(uri);
if (exist) return exist;
//#endregion

12
packages/backend/src/core/activitypub/type.ts
View File

@ -59,7 +59,7 @@ export function getOneApId(value: ApObject): string {
export function getApId(value: string | IObject): string {
if (typeof value === 'string') return value;
if (typeof value.id === 'string') return value.id;
throw new Error('cannot detemine id');
throw new Error('cannot determine id');
}
/**
@ -182,10 +182,8 @@ export interface IActor extends IObject {
discoverable?: boolean;
inbox: string;
sharedInbox?: string; // 後方互換性のため
publicKey?: {
id: string;
publicKeyPem: string;
};
publicKey?: IKey | IKey[];
additionalPublicKeys?: IKey[];
followers?: string | ICollection | IOrderedCollection;
following?: string | ICollection | IOrderedCollection;
featured?: string | IOrderedCollection;
@ -195,6 +193,7 @@ export interface IActor extends IObject {
};
'vcard:bday'?: string;
'vcard:Address'?: string;
suspended?: boolean;
}
export const isCollection = (object: IObject): object is ICollection =>
@ -254,8 +253,9 @@ export const isEmoji = (object: IObject): object is IApEmoji =>
export interface IKey extends IObject {
type: 'Key';
id: string;
owner: string;
publicKeyPem: string | Buffer;
publicKeyPem: string;
}
export const validDocumentTypes = ['Audio', 'Document', 'Image', 'Page', 'Video'];

1
packages/backend/src/core/entities/InstanceEntityService.ts
View File

@ -60,6 +60,7 @@ export class InstanceEntityService {
infoUpdatedAt: instance.infoUpdatedAt ? instance.infoUpdatedAt.toISOString() : null,
latestRequestReceivedAt: instance.latestRequestReceivedAt ? instance.latestRequestReceivedAt.toISOString() : null,
moderationNote: iAmModerator ? instance.moderationNote : null,
httpMessageSignaturesImplementationLevel: instance.httpMessageSignaturesImplementationLevel,
};
}

2
packages/backend/src/core/entities/NotificationEntityService.ts
View File

@ -290,7 +290,7 @@ export class NotificationEntityService implements OnModuleInit {
if (notifier == null) return false;
if (notifier.host && userMutedInstances.has(notifier.host)) return false;
if (notifier.isSuspended) return false;
if (this.userEntityService.isSuspendedEither(notifier)) return false;
return true;
}

7
packages/backend/src/core/entities/UserEntityService.ts
View File

@ -69,6 +69,10 @@ function isRemoteUser(user: MiUser | { host: MiUser['host'] }): boolean {
return !isLocalUser(user);
}
function isSuspendedEither(user: MiUser): boolean {
return user.isSuspended || user.isRemoteSuspended;
}
export type UserRelation = {
id: MiUser['id']
following: MiFollowing | null,
@ -163,6 +167,7 @@ export class UserEntityService implements OnModuleInit {
public isLocalUser = isLocalUser;
public isRemoteUser = isRemoteUser;
public isSuspendedEither = isSuspendedEither;
@bindThis
public async getRelation(me: MiUser['id'], target: MiUser['id']): Promise<UserRelation> {
@ -538,7 +543,7 @@ export class UserEntityService implements OnModuleInit {
bannerBlurhash: user.bannerId == null ? null : user.bannerBlurhash,
isLocked: user.isLocked,
isSilenced: this.roleService.getUserPolicies(user.id).then(r => !r.canPublicNote),
isSuspended: user.isSuspended,
isSuspended: this.isSuspendedEither(user),
description: profile!.description,
location: profile!.location,
birthday: profile!.birthday,

5
packages/backend/src/misc/cache.ts
View File

@ -237,6 +237,11 @@ export class MemoryKVCache<T> {
return cached.value;
}
@bindThis
public getRaw(key: string): { date: number; value: T; } | undefined {
return this.cache.get(key);
}
@bindThis
public delete(key: string): void {
this.cache.delete(key);

43
packages/backend/src/misc/gen-key-pair.ts
View File

@ -3,39 +3,14 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import * as crypto from 'node:crypto';
import * as util from 'node:util';
import { genEd25519KeyPair, genRsaKeyPair } from '@misskey-dev/node-http-message-signatures';
const generateKeyPair = util.promisify(crypto.generateKeyPair);
export async function genRsaKeyPair(modulusLength = 2048) {
return await generateKeyPair('rsa', {
modulusLength,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: undefined,
passphrase: undefined,
},
});
}
export async function genEcKeyPair(namedCurve: 'prime256v1' | 'secp384r1' | 'secp521r1' | 'curve25519' = 'prime256v1') {
return await generateKeyPair('ec', {
namedCurve,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: undefined,
passphrase: undefined,
},
});
export async function genRSAAndEd25519KeyPair(rsaModulusLength = 4096) {
const [rsa, ed25519] = await Promise.all([genRsaKeyPair(rsaModulusLength), genEd25519KeyPair()]);
return {
publicKey: rsa.publicKey,
privateKey: rsa.privateKey,
ed25519PublicKey: ed25519.publicKey,
ed25519PrivateKey: ed25519.privateKey,
};
}

8
packages/backend/src/models/Following.ts
View File

@ -9,7 +9,8 @@ import { MiUser } from './User.js';
@Entity('following')
@Index(['followerId', 'followeeId'], { unique: true })
@Index(['followeeId', 'followerHost', 'isFollowerHibernated'])
@Index(['followerId', 'followeeId', 'isFollowerSuspended'])
@Index(['followeeId', 'followerHost', 'isFollowerSuspended', 'isFollowerHibernated'])
export class MiFollowing {
@PrimaryColumn(id())
public id: string;
@ -45,6 +46,11 @@ export class MiFollowing {
})
public isFollowerHibernated: boolean;
@Column('boolean', {
default: false,
})
public isFollowerSuspended: boolean;
// タイムラインにその人のリプライまで含めるかどうか
@Column('boolean', {
default: false,

5
packages/backend/src/models/Instance.ts
View File

@ -158,4 +158,9 @@ export class MiInstance {
length: 16384, default: '',
})
public moderationNote: string;
@Column('varchar', {
length: 16, default: '00', nullable: false,
})
public httpMessageSignaturesImplementationLevel: string;
}

8
packages/backend/src/models/User.ts
View File

@ -166,10 +166,16 @@ export class MiUser {
@Column('boolean', {
default: false,
comment: 'Whether the User is suspended.',
comment: 'Whether the User is suspended by the local moderators.',
})
public isSuspended: boolean;
@Column('boolean', {
default: false,
comment: 'Whether the User is suspended by the remote moderators.',
})
public isRemoteSuspended: boolean;
@Column('boolean', {
default: false,
comment: 'Whether the User is locked.',

24
packages/backend/src/models/UserKeypair.ts
View File

@ -3,7 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { PrimaryColumn, Entity, JoinColumn, Column, OneToOne } from 'typeorm';
import { PrimaryColumn, Entity, JoinColumn, Column, ManyToOne } from 'typeorm';
import { id } from './util/id.js';
import { MiUser } from './User.js';
@ -12,22 +12,42 @@ export class MiUserKeypair {
@PrimaryColumn(id())
public userId: MiUser['id'];
@OneToOne(type => MiUser, {
@ManyToOne(type => MiUser, {
onDelete: 'CASCADE',
})
@JoinColumn()
public user: MiUser | null;
/**
* RSA public key
*/
@Column('varchar', {
length: 4096,
})
public publicKey: string;
/**
* RSA private key
*/
@Column('varchar', {
length: 4096,
})
public privateKey: string;
@Column('varchar', {
length: 128,
nullable: true,
default: null,
})
public ed25519PublicKey: string | null;
@Column('varchar', {
length: 128,
nullable: true,
default: null,
})
public ed25519PrivateKey: string | null;
constructor(data: Partial<MiUserKeypair>) {
if (data == null) return;

18
packages/backend/src/models/UserPublickey.ts
View File

@ -3,27 +3,27 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { PrimaryColumn, Entity, Index, JoinColumn, Column, OneToOne } from 'typeorm';
import { PrimaryColumn, Entity, Index, JoinColumn, Column, ManyToOne } from 'typeorm';
import { id } from './util/id.js';
import { MiUser } from './User.js';
@Entity('user_publickey')
export class MiUserPublickey {
@PrimaryColumn(id())
@PrimaryColumn('varchar', {
length: 256,
})
public keyId: string;
@Index()
@Column(id())
public userId: MiUser['id'];
@OneToOne(type => MiUser, {
@ManyToOne(type => MiUser, {
onDelete: 'CASCADE',
})
@JoinColumn()
public user: MiUser | null;
@Index({ unique: true })
@Column('varchar', {
length: 256,
})
public keyId: string;
@Column('varchar', {
length: 4096,
})

4
packages/backend/src/models/json-schema/federation-instance.ts
View File

@ -120,5 +120,9 @@ export const packedFederationInstanceSchema = {
type: 'string',
optional: true, nullable: true,
},
httpMessageSignaturesImplementationLevel: {
type: 'string',
optional: false, nullable: false,
},
},
} as const;

8
packages/backend/src/queue/QueueProcessorService.ts
View File

@ -269,9 +269,9 @@ export class QueueProcessorService implements OnApplicationShutdown {
}, {
...baseWorkerOptions(this.config, QUEUE.DELIVER),
autorun: false,
concurrency: this.config.deliverJobConcurrency ?? 128,
concurrency: this.config.deliverJobConcurrency ?? 16,
limiter: {
max: this.config.deliverJobPerSec ?? 128,
max: this.config.deliverJobPerSec ?? 1024,
duration: 1000,
},
settings: {
@ -309,9 +309,9 @@ export class QueueProcessorService implements OnApplicationShutdown {
}, {
...baseWorkerOptions(this.config, QUEUE.INBOX),
autorun: false,
concurrency: this.config.inboxJobConcurrency ?? 16,
concurrency: this.config.inboxJobConcurrency ?? 4,
limiter: {
max: this.config.inboxJobPerSec ?? 32,
max: this.config.inboxJobPerSec ?? 64,
duration: 1000,
},
settings: {

34
packages/backend/src/queue/processors/DeliverProcessorService.ts
View File

@ -81,30 +81,35 @@ export class DeliverProcessorService {
}
try {
await this.apRequestService.signedPost(job.data.user, job.data.to, job.data.content, job.data.digest);
const server = await (this.meta.enableStatsForFederatedInstances
? this.federatedInstanceService.fetchOrRegister(host)
: this.federatedInstanceService.fetch(host));
await this.apRequestService.signedPost(
job.data.user,
job.data.to,
job.data.content,
server?.httpMessageSignaturesImplementationLevel ?? '00',
job.data.digest,
job.data.privateKey,
);
// Update stats
this.apRequestChart.deliverSucc();
this.federationChart.deliverd(host, true);
// Update instance stats
process.nextTick(async () => {
if (i == null) return;
if (server == null) return 'Success';
if (i.isNotResponding) {
this.federatedInstanceService.update(i.id, {
if (server.isNotResponding) {
this.federatedInstanceService.update(server.id, {
isNotResponding: false,
notRespondingSince: null,
});
}
if (this.meta.enableStatsForFederatedInstances) {
this.fetchInstanceMetadataService.fetchInstanceMetadata(i);
}
if (this.meta.enableChartsForFederatedInstances) {
this.instanceChart.requestSent(i.host, true);
this.instanceChart.requestSent(server.host, true);
}
});
return 'Success';
} catch (res) {
@ -139,6 +144,11 @@ export class DeliverProcessorService {
});
if (res instanceof StatusError) {
if (res.statusCode === 401) {
// 401 Unauthorized: this may be caused by a time difference between the server and the target server.
// Let the job be retried.
throw new Error(`${res.statusCode} ${res.statusMessage}\n* 401 may be caused by a time difference between the server and the target server.`);
}
// 4xx
if (!res.isRetryable) {
// 相手が閉鎖していることを明示しているため、配送停止する

120
packages/backend/src/queue/processors/InboxProcessorService.ts
View File

@ -5,8 +5,8 @@
import { URL } from 'node:url';
import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import httpSignature from '@peertube/http-signature';
import * as Bull from 'bullmq';
import { verifyDraftSignature } from '@misskey-dev/node-http-message-signatures';
import type Logger from '@/logger.js';
import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
import { FetchInstanceMetadataService } from '@/core/FetchInstanceMetadataService.js';
@ -15,12 +15,10 @@ import ApRequestChart from '@/core/chart/charts/ap-request.js';
import FederationChart from '@/core/chart/charts/federation.js';
import { getApId } from '@/core/activitypub/type.js';
import type { IActivity } from '@/core/activitypub/type.js';
import type { MiRemoteUser } from '@/models/User.js';
import type { MiUserPublickey } from '@/models/UserPublickey.js';
import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
import { StatusError } from '@/misc/status-error.js';
import * as Acct from '@/misc/acct.js';
import { UtilityService } from '@/core/UtilityService.js';
import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
import { JsonLdService } from '@/core/activitypub/JsonLdService.js';
import { ApInboxService } from '@/core/activitypub/ApInboxService.js';
import { bindThis } from '@/decorators.js';
@ -51,7 +49,6 @@ export class InboxProcessorService implements OnApplicationShutdown {
private federatedInstanceService: FederatedInstanceService,
private fetchInstanceMetadataService: FetchInstanceMetadataService,
private jsonLdService: JsonLdService,
private apPersonService: ApPersonService,
private apDbResolverService: ApDbResolverService,
private instanceChart: InstanceChart,
private apRequestChart: ApRequestChart,
@ -64,8 +61,15 @@ export class InboxProcessorService implements OnApplicationShutdown {
@bindThis
public async process(job: Bull.Job<InboxJobData>): Promise<string> {
const signature = job.data.signature; // HTTP-signature
const signature = job.data.signature ?
'version' in job.data.signature ? job.data.signature.value : job.data.signature
: null;
if (Array.isArray(signature)) {
// RFC 9401はsignatureが配列になるが、とりあえずエラーにする
throw new Error('signature is array');
}
let activity = job.data.activity;
let actorUri = getApId(activity.actor);
//#region Log
const info = Object.assign({}, activity);
@ -73,27 +77,18 @@ export class InboxProcessorService implements OnApplicationShutdown {
this.logger.debug(JSON.stringify(info, null, 2));
//#endregion
const host = this.utilityService.toPuny(new URL(signature.keyId).hostname);
const host = this.utilityService.toPuny(new URL(actorUri).hostname);
if (!this.utilityService.isFederationAllowedHost(host)) {
return `Blocked request: ${host}`;
}
const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith('acct:')) {
return `Old keyId is no longer supported. ${keyIdLower}`;
}
// HTTP-Signature keyIdを元にDBから取得
let authUser: {
user: MiRemoteUser;
key: MiUserPublickey | null;
} | null = await this.apDbResolverService.getAuthUserFromKeyId(signature.keyId);
let authUser: Awaited<ReturnType<typeof this.apDbResolverService.getAuthUserFromApId>> = null;
let httpSignatureIsValid = null as boolean | null;
// keyIdでわからなければ、activity.actorを元にDBから取得 || activity.actorを元にリモートから取得
if (authUser == null) {
try {
authUser = await this.apDbResolverService.getAuthUserFromApId(getApId(activity.actor));
authUser = await this.apDbResolverService.getAuthUserFromApId(actorUri, signature?.keyId);
} catch (err) {
// 対象が4xxならスキップ
if (err instanceof StatusError) {
@ -103,45 +98,61 @@ export class InboxProcessorService implements OnApplicationShutdown {
throw new Error(`Error in actor ${activity.actor} - ${err.statusCode}`);
}
}
}
// それでもわからなければ終了
if (authUser == null) {
// authUser.userがnullならスキップ
if (authUser != null && authUser.user == null) {
throw new Bull.UnrecoverableError(`skip: failed to resolve user ${getApId(activity.actor)}`);
}
// publicKey がなくても終了
if (authUser.key == null) {
throw new Bull.UnrecoverableError(`skip: failed to resolve user publicKey ${getApId(activity.actor)}`);
if (signature != null && authUser != null) {
if (signature.keyId.toLowerCase().startsWith('acct:')) {
this.logger.warn(`Old keyId is no longer supported. lowerKeyId=${signature.keyId.toLowerCase()}`);
} else if (authUser.key != null) {
// keyがなかったらLD Signatureで検証するべき
// HTTP-Signatureの検証
const errorLogger = (ms: any) => this.logger.error(ms);
httpSignatureIsValid = await verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
this.logger.debug('Inbox message validation: ', {
userId: authUser.user.id,
userAcct: Acct.toString(authUser.user),
parsedKeyId: signature.keyId,
foundKeyId: authUser.key.keyId,
httpSignatureValid: httpSignatureIsValid,
});
}
}
// HTTP-Signatureの検証
const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
// また、signatureのsignerは、activity.actorと一致する必要がある
if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
if (
authUser == null ||
httpSignatureIsValid !== true ||
authUser.user.uri !== actorUri // 一応チェック
) {
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
const ldSignature = activity.signature;
if (ldSignature) {
if (ldSignature && ldSignature.creator) {
if (ldSignature.type !== 'RsaSignature2017') {
throw new Bull.UnrecoverableError(`skip: unsupported LD-signature type ${ldSignature.type}`);
}
// ldSignature.creator: https://example.oom/users/user#main-key
// みたいになっててUserを引っ張れば公開キーも入ることを期待する
if (ldSignature.creator) {
const candicate = ldSignature.creator.replace(/#.*/, '');
await this.apPersonService.resolvePerson(candicate).catch(() => null);
if (ldSignature.creator.toLowerCase().startsWith('acct:')) {
throw new Bull.UnrecoverableError(`old key not supported ${ldSignature.creator}`);
}
// keyIdからLD-Signatureのユーザーを取得
authUser = await this.apDbResolverService.getAuthUserFromKeyId(ldSignature.creator);
authUser = await this.apDbResolverService.getAuthUserFromApId(actorUri, ldSignature.creator);
if (authUser == null) {
throw new Bull.UnrecoverableError('skip: LD-Signatureのユーザーが取得できませんでした');
throw new Bull.UnrecoverableError(`skip: LD-Signatureのactorとcreatorが一致しませんでした uri=${actorUri} creator=${ldSignature.creator}`);
}
if (authUser.user == null) {
throw new Bull.UnrecoverableError(`skip: LD-Signatureのユーザーが取得できませんでした uri=${actorUri} creator=${ldSignature.creator}`);
}
// 一応actorチェック
if (authUser.user.uri !== actorUri) {
throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${actorUri})`);
}
if (authUser.key == null) {
throw new Bull.UnrecoverableError('skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした');
throw new Bull.UnrecoverableError(`skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした uri=${actorUri} creator=${ldSignature.creator}`);
}
const jsonLd = this.jsonLdService.use();
@ -152,13 +163,27 @@ export class InboxProcessorService implements OnApplicationShutdown {
throw new Bull.UnrecoverableError('skip: LD-Signatureの検証に失敗しました');
}
// ブロックしてたら中断
const ldHost = this.utilityService.extractDbHost(authUser.user.uri);
if (this.utilityService.isFederationAllowedHost(ldHost)) {
throw new Bull.UnrecoverableError(`Blocked request: ${ldHost}`);
}
// アクティビティを正規化
// GHSA-2vxv-pv3m-3wvj
delete activity.signature;
try {
activity = await jsonLd.compact(activity) as IActivity;
} catch (e) {
throw new Bull.UnrecoverableError(`skip: failed to compact activity: ${e}`);
}
// actorが正規化前後で一致しているか確認
actorUri = getApId(activity.actor);
if (authUser.user.uri !== actorUri) {
throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity(after normalization).actor(${actorUri})`);
}
// TODO: 元のアクティビティと非互換な形に正規化される場合は転送をスキップする
// https://github.com/mastodon/mastodon/blob/664b0ca/app/services/activitypub/process_collection_service.rb#L24-L29
activity.signature = ldSignature;
@ -168,18 +193,8 @@ export class InboxProcessorService implements OnApplicationShutdown {
delete compactedInfo['@context'];
this.logger.debug(`compacted: ${JSON.stringify(compactedInfo, null, 2)}`);
//#endregion
// もう一度actorチェック
if (authUser.user.uri !== activity.actor) {
throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`);
}
const ldHost = this.utilityService.extractDbHost(authUser.user.uri);
if (!this.utilityService.isFederationAllowedHost(ldHost)) {
throw new Bull.UnrecoverableError(`Blocked request: ${ldHost}`);
}
} else {
throw new Bull.UnrecoverableError(`skip: http-signature verification failed and no LD-Signature. keyId=${signature.keyId}`);
throw new Error(`http-signature verification failed and no LD-Signature. http_signature_keyId=${signature?.keyId}`);
}
}
@ -219,6 +234,7 @@ export class InboxProcessorService implements OnApplicationShutdown {
// アクティビティを処理
try {
this.logger.debug('performing activity', { activityId: activity.id, actorUri: authUser.user.uri, actorId: authUser.user.id, actorAcct: Acct.toString(authUser.user), activity });
const result = await this.apInboxService.performActivity(authUser.user, activity);
if (result && !result.startsWith('ok')) {
this.logger.warn(`inbox activity ignored (maybe): id=${activity.id} reason=${result}`);

23
packages/backend/src/queue/types.ts
View File

@ -12,7 +12,24 @@ import type { MiWebhook, WebhookEventTypes } from '@/models/Webhook.js';
import type { IActivity } from '@/core/activitypub/type.js';
import type { SystemWebhookPayload } from '@/core/SystemWebhookService.js';
import type { UserWebhookPayload } from '@/core/UserWebhookService.js';
import type httpSignature from '@peertube/http-signature';
import type { ParsedSignature, PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
/**
* @peertube/http-signature
* TODO: 2026年ぐらいには消す
*/
export interface OldParsedSignature {
scheme: 'Signature';
params: {
keyId: string;
algorithm: string;
headers: string[];
signature: string;
};
signingString: string;
algorithm: string;
keyId: string;
}
export type DeliverJobData = {
/** Actor */
@ -25,11 +42,13 @@ export type DeliverJobData = {
to: string;
/** whether it is sharedInbox */
isSharedInbox: boolean;
/** force to use main (rsa) key */
privateKey?: PrivateKeyWithPem;
};
export type InboxJobData = {
activity: IActivity;
signature: httpSignature.IParsedSignature;
signature: ParsedSignature | OldParsedSignature | null;
};
export type RelationshipJobData = {

103
packages/backend/src/server/ActivityPubServerService.ts
View File

@ -3,11 +3,10 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import * as crypto from 'node:crypto';
import { IncomingMessage } from 'node:http';
import { Inject, Injectable } from '@nestjs/common';
import fastifyAccepts from '@fastify/accepts';
import httpSignature from '@peertube/http-signature';
import { verifyDigestHeader, parseRequestSignature } from '@misskey-dev/node-http-message-signatures';
import { Brackets, In, IsNull, LessThan, Not } from 'typeorm';
import accepts from 'accepts';
import vary from 'vary';
@ -29,6 +28,8 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import { IActivity } from '@/core/activitypub/type.js';
import { isQuote, isRenote } from '@/misc/is-renote.js';
import { LoggerService } from '@/core/LoggerService.js';
import Logger from '@/logger.js';
import * as Acct from '@/misc/acct.js';
import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions, FastifyBodyParser } from 'fastify';
import type { FindOptionsWhere } from 'typeorm';
@ -39,6 +40,9 @@ const LD_JSON = 'application/ld+json; profile="https://www.w3.org/ns/activitystr
@Injectable()
export class ActivityPubServerService {
private logger: Logger;
private inboxLogger: Logger;
constructor(
@Inject(DI.config)
private config: Config,
@ -77,8 +81,11 @@ export class ActivityPubServerService {
private userKeypairService: UserKeypairService,
private queryService: QueryService,
private fanoutTimelineEndpointService: FanoutTimelineEndpointService,
private loggerService: LoggerService,
) {
//this.createServer = this.createServer.bind(this);
this.logger = this.loggerService.getLogger('server-ap', 'gray');
this.inboxLogger = this.logger.createSubLogger('inbox', 'gray');
}
@bindThis
@ -106,75 +113,59 @@ export class ActivityPubServerService {
}
@bindThis
private inbox(request: FastifyRequest, reply: FastifyReply) {
private async inbox(request: FastifyRequest, reply: FastifyReply) {
if (this.meta.federation === 'none') {
this.inboxLogger.debug('federation is disabled');
reply.code(403);
return;
}
let signature;
try {
signature = httpSignature.parseRequest(request.raw, { 'headers': ['(request-target)', 'host', 'date'], authorizationHeaderName: 'signature' });
} catch (e) {
reply.code(401);
return;
}
if (signature.params.headers.indexOf('host') === -1
|| request.headers.host !== this.config.host) {
// Host not specified or not match.
reply.code(401);
return;
}
if (signature.params.headers.indexOf('digest') === -1) {
// Digest not found.
reply.code(401);
} else {
const digest = request.headers.digest;
if (typeof digest !== 'string') {
// Huh?
reply.code(401);
return;
}
const re = /^([a-zA-Z0-9\-]+)=(.+)$/;
const match = digest.match(re);
if (match == null) {
// Invalid digest
reply.code(401);
return;
}
const algo = match[1].toUpperCase();
const digestValue = match[2];
if (algo !== 'SHA-256') {
// Unsupported digest algorithm
reply.code(401);
return;
}
if (request.rawBody == null) {
// Bad request
if (request.body == null) {
this.inboxLogger.warn('request body is empty');
reply.code(400);
return;
}
const hash = crypto.createHash('sha256').update(request.rawBody).digest('base64');
let signature: ReturnType<typeof parseRequestSignature>;
if (hash !== digestValue) {
// Invalid digest
const verifyDigest = await verifyDigestHeader(
request.raw,
typeof request.rawBody === 'string' ? request.rawBody : (request.rawBody ? request.rawBody.toString('utf8') : ''),
true
);
if (verifyDigest !== true) {
this.inboxLogger.warn('digest verification failed');
reply.code(401);
return;
}
try {
signature = parseRequestSignature(request.raw, {
requiredInputs: {
draft: ['(request-target)', 'digest', 'host', 'date'],
},
clockSkew: {
forward: 300_000,
delay: 300_000,
},
});
this.inboxLogger.debug('signature header parsed', { signature, body: request.body });
} catch (err) {
if (typeof request.body === 'object' && 'signature' in request.body) {
// LD SignatureがあればOK
this.queueService.inbox(request.body as IActivity, null);
this.inboxLogger.debug('LD Signature found in request body', { err, body: request.body });
reply.code(202);
return;
}
this.inboxLogger.warn('signature header parsing failed and LD signature not found', { err });
reply.code(401);
return;
}
this.queueService.inbox(request.body as IActivity, signature);
reply.code(202);
}
@ -742,7 +733,7 @@ export class ActivityPubServerService {
if (this.userEntityService.isLocalUser(user)) {
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair.publicKey)));
} else {
reply.code(400);
return;

7
packages/backend/src/server/NodeinfoServerService.ts
View File

@ -94,6 +94,13 @@ export class NodeinfoServerService {
localComments: 0,
},
metadata: {
/**
* '00': Draft, RSA only
* '01': Draft, Ed25519 suported
* '11': RFC 9421, Ed25519 supported
*/
httpMessageSignaturesImplementationLevel: '01',
nodeName: meta.name,
nodeDescription: meta.description,
nodeAdmins: [{

1
packages/backend/src/server/ServerService.ts
View File

@ -215,6 +215,7 @@ export class ServerService implements OnApplicationShutdown {
usernameLower: username.toLowerCase(),
host: (host == null) || (host === this.config.host) ? IsNull() : host,
isSuspended: false,
isRemoteSuspended: false,
},
});

3
packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts
View File

@ -55,7 +55,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const res = [] as [string, number][];
for (const job of jobs) {
const host = new URL(job.data.signature.keyId).host;
const signature = job.data.signature ? 'version' in job.data.signature ? job.data.signature.value : job.data.signature : null;
const host = signature ? Array.isArray(signature) ? 'TODO' : new URL(signature.keyId).host : new URL(job.data.activity.actor).host;
if (res.find(x => x[0] === host)) {
res.find(x => x[0] === host)![1]++;
} else {

60
packages/backend/src/server/api/endpoints/admin/show-user.ts
View File

@ -11,6 +11,9 @@ import { RoleService } from '@/core/RoleService.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
import { IdService } from '@/core/IdService.js';
import { notificationRecieveConfig } from '@/models/json-schema/user.js';
import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { UserKeypairService } from '@/core/UserKeypairService.js';
export const meta = {
tags: ['admin'],
@ -124,6 +127,10 @@ export const meta = {
type: 'boolean',
optional: false, nullable: false,
},
isRemoteSuspended: {
type: 'boolean',
optional: false, nullable: false,
},
isHibernated: {
type: 'boolean',
optional: false, nullable: false,
@ -177,6 +184,53 @@ export const meta = {
},
},
},
publicKeys: {
type: 'array',
optional: false, nullable: true,
items: {
type: 'object',
properties: {
userId: {
type: 'string',
optional: false, nullable: false,
},
keyId: {
type: 'string',
optional: false, nullable: false,
},
keyPem: {
type: 'string',
optional: false, nullable: false,
},
},
},
},
keyPairs: {
type: 'object',
optional: false, nullable: true,
properties: {
userId: {
type: 'string',
optional: false, nullable: false,
},
publicKey: {
type: 'string',
optional: false, nullable: false,
},
privateKey: {
type: 'string',
optional: false, nullable: false,
},
ed25519PublicKey: {
type: 'string',
optional: false, nullable: true,
},
ed25519PrivateKey: {
type: 'string',
optional: false, nullable: true,
},
},
},
},
},
} as const;
@ -204,6 +258,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private roleService: RoleService,
private roleEntityService: RoleEntityService,
private idService: IdService,
private apDbResolverService: ApDbResolverService,
private userEntityService: UserEntityService,
private userKeypairService: UserKeypairService,
) {
super(meta, paramDef, async (ps, me) => {
const [user, profile] = await Promise.all([
@ -246,6 +303,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
isModerator: isModerator,
isSilenced: isSilenced,
isSuspended: user.isSuspended,
isRemoteSuspended: user.isRemoteSuspended,
isHibernated: user.isHibernated,
lastActiveDate: user.lastActiveDate ? user.lastActiveDate.toISOString() : null,
moderationNote: profile.moderationNote ?? '',
@ -257,6 +315,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
expiresAt: a.expiresAt ? a.expiresAt.toISOString() : null,
roleId: a.roleId,
})),
publicKeys: this.userEntityService.isRemoteUser(user) ? await this.apDbResolverService.getPublicKeyByUserId(user.id) : null,
keyPairs: this.userEntityService.isLocalUser(user) ? await this.userKeypairService.getUserKeypair(user.id) : null,
};
});
}

2
packages/backend/src/server/api/endpoints/admin/show-users.ts
View File

@ -61,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const query = this.usersRepository.createQueryBuilder('user');
switch (ps.state) {
case 'available': query.where('user.isSuspended = FALSE'); break;
case 'available': query.where('user.isSuspended = FALSE').andWhere('user.isRemoteSuspended = FALSE'); break;
case 'alive': query.where('user.updatedAt > :date', { date: new Date(Date.now() - 1000 * 60 * 60 * 24 * 5) }); break;
case 'suspended': query.where('user.isSuspended = TRUE'); break;
case 'admin': {

3
packages/backend/src/server/api/endpoints/federation/followers.ts
View File

@ -50,7 +50,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
) {
super(meta, paramDef, async (ps, me) => {
const query = this.queryService.makePaginationQuery(this.followingsRepository.createQueryBuilder('following'), ps.sinceId, ps.untilId, ps.sinceDate, ps.untilDate)
.andWhere('following.followeeHost = :host', { host: ps.host });
.andWhere('following.followeeHost = :host', { host: ps.host })
.andWhere('following.isFollowerSuspended = false');
const followings = await query
.limit(ps.limit)

3
packages/backend/src/server/api/endpoints/federation/following.ts
View File

@ -50,7 +50,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
) {
super(meta, paramDef, async (ps, me) => {
const query = this.queryService.makePaginationQuery(this.followingsRepository.createQueryBuilder('following'), ps.sinceId, ps.untilId, ps.sinceDate, ps.untilDate)
.andWhere('following.followerHost = :host', { host: ps.host });
.andWhere('following.followerHost = :host', { host: ps.host })
.andWhere('following.isFollowerSuspended = false');
const followings = await query
.limit(ps.limit)

2
packages/backend/src/server/api/endpoints/federation/stats.ts
View File

@ -94,11 +94,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
this.followingsRepository.count({
where: {
followeeHost: Not(IsNull()),
isFollowerSuspended: false,
},
}),
this.followingsRepository.count({
where: {
followerHost: Not(IsNull()),
isFollowerSuspended: false,
},
}),
]);

3
packages/backend/src/server/api/endpoints/hashtags/users.ts
View File

@ -51,7 +51,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (!safeForSql(normalizeForSearch(ps.tag))) throw new Error('Injection');
const query = this.usersRepository.createQueryBuilder('user')
.where(':tag <@ user.tags', { tag: [normalizeForSearch(ps.tag)] })
.andWhere('user.isSuspended = FALSE');
.andWhere('user.isSuspended = FALSE')
.andWhere('user.isRemoteSuspended = FALSE');
const recent = new Date(Date.now() - (1000 * 60 * 60 * 24 * 5));

4
packages/backend/src/server/api/endpoints/users/followers.ts
View File

@ -125,6 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
where: {
followeeId: user.id,
followerId: me.id,
isFollowerSuspended: false,
},
});
if (!isFollowing) {
@ -136,12 +137,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const query = this.queryService.makePaginationQuery(this.followingsRepository.createQueryBuilder('following'), ps.sinceId, ps.untilId, ps.sinceDate, ps.untilDate)
.andWhere('following.followeeId = :userId', { userId: user.id })
.andWhere('following.isFollowerSuspended = FALSE')
.innerJoinAndSelect('following.follower', 'follower');
const followings = await query
.limit(ps.limit)
.getMany();
console.log(followings);
return await this.followingEntityService.packMany(followings, me, { populateFollower: true });
});
}

2
packages/backend/src/server/api/endpoints/users/following.ts
View File

@ -133,6 +133,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
where: {
followeeId: user.id,
followerId: me.id,
isFollowerSuspended: false,
},
});
if (!isFollowing) {
@ -144,6 +145,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const query = this.queryService.makePaginationQuery(this.followingsRepository.createQueryBuilder('following'), ps.sinceId, ps.untilId, ps.sinceDate, ps.untilDate)
.andWhere('following.followerId = :userId', { userId: user.id })
.andWhere('following.isFollowerSuspended = false')
.innerJoinAndSelect('following.followee', 'followee');
if (ps.birthday) {

3
packages/backend/src/server/api/endpoints/users/recommendation.ts
View File

@ -68,7 +68,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const followingQuery = this.followingsRepository.createQueryBuilder('following')
.select('following.followeeId')
.where('following.followerId = :followerId', { followerId: me.id });
.where('following.followerId = :followerId', { followerId: me.id })
.andWhere('following.isFollowerSuspended = false');
query
.andWhere(`user.id NOT IN (${ followingQuery.getQuery() })`);

1
packages/backend/src/server/api/endpoints/users/show.ts
View File

@ -138,6 +138,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} : {
id: In(ps.userIds),
isSuspended: false,
isRemoteSuspended: false,
});
// リクエストされた通りに並べ替え

3
packages/backend/src/server/web/ClientServerService.ts
View File

@ -435,6 +435,7 @@ export class ClientServerService {
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
isRemoteSuspended: false,
requireSigninToViewContents: false,
});
@ -494,6 +495,7 @@ export class ClientServerService {
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
isRemoteSuspended: false,
});
vary(reply.raw, 'Accept');
@ -543,6 +545,7 @@ export class ClientServerService {
id: request.params.user,
host: IsNull(),
isSuspended: false,
isRemoteSuspended: false,
});
if (user == null) {

95
packages/backend/test-federation/test/user-suspension.test.ts Normal file
View File

@ -0,0 +1,95 @@
import assert, { rejects, strictEqual } from 'node:assert';
import * as Misskey from 'misskey-js';
import { createAccount, deepStrictEqualWithExcludedFields, fetchAdmin, type LoginUser, resolveRemoteNote, resolveRemoteUser, sleep } from './utils.js';
const [aAdmin, bAdmin] = await Promise.all([
fetchAdmin('a.test'),
fetchAdmin('b.test'),
]);
describe('User Suspension', () => {
describe('Suspension', () => {
describe('Check suspend/unsuspend consistency', () => {
let alice: LoginUser, bob: LoginUser;
let bobInA: Misskey.entities.UserDetailedNotMe, aliceInB: Misskey.entities.UserDetailedNotMe;
beforeAll(async () => {
[alice, bob] = await Promise.all([
createAccount('a.test'),
createAccount('b.test'),
]);
[bobInA, aliceInB] = await Promise.all([
resolveRemoteUser('b.test', bob.id, alice),
resolveRemoteUser('a.test', alice.id, bob),
]);
});
test('Bob follows Alice, and Alice gets suspended, there is no following relation, and Bob fails to follow again', async () => {
await bob.client.request('following/create', { userId: aliceInB.id });
await sleep();
const followers = await alice.client.request('users/followers', { userId: alice.id });
strictEqual(followers.length, 1); // followed by Bob
await aAdmin.client.request('admin/suspend-user', { userId: alice.id });
await sleep();
const aliceInBRaw = await bAdmin.client.request('admin/show-user', { userId: aliceInB.id });
strictEqual(aliceInBRaw.isRemoteSuspended, true);
const renewedAliceInB = await bob.client.request('users/show', { userId: aliceInB.id });
strictEqual(renewedAliceInB.isSuspended, true);
await rejects(
async () => await bob.client.request('following/create', { userId: aliceInB.id }),
(err: any) => {
strictEqual(err.code, 'ALREADY_FOLLOWING');
return true;
},
);
});
test('Alice gets unsuspended, Bob succeeds in following Alice', async () => {
await aAdmin.client.request('admin/unsuspend-user', { userId: alice.id });
await sleep();
const aliceInBRenewed = await bAdmin.client.request('admin/show-user', { userId: aliceInB.id });
strictEqual(aliceInBRenewed.isRemoteSuspended, false);
await rejects(
async () => await bob.client.request('following/create', { userId: aliceInB.id }),
(err: any) => {
strictEqual(err.code, 'ALREADY_FOLLOWING');
return true;
},
);
});
test('Alice can follow Bob', async () => {
await alice.client.request('following/create', { userId: bobInA.id });
await sleep();
const bobFollowers = await bob.client.request('users/followers', { userId: bob.id });
strictEqual(bobFollowers.length, 1); // followed by Alice
assert(bobFollowers[0].follower != null);
const renewedAliceInB = bobFollowers[0].follower;
assert(aliceInB.username === renewedAliceInB.username);
assert(aliceInB.host === renewedAliceInB.host);
assert(aliceInB.id === renewedAliceInB.id);
});
test('Alice follows Bob, and Alice gets suspended, the following relation hidden', async () => {
await aAdmin.client.request('admin/suspend-user', { userId: alice.id });
await sleep(1000);
const renewedAliceInB = await bob.client.request('users/show', { userId: aliceInB.id });
strictEqual(renewedAliceInB.isSuspended, true);
const aliceInBRaw = await bAdmin.client.request('admin/show-user', { userId: aliceInB.id });
strictEqual(aliceInBRaw.isRemoteSuspended, true);
const bobFollowers = await bob.client.request('users/followers', { userId: bob.id });
strictEqual(bobFollowers.length, 0); // Relation is hidden
});
});
});
});

106
packages/backend/test-federation/test/user.test.ts
View File

@ -452,110 +452,4 @@ describe('User', () => {
});
});
});
describe('Suspension', () => {
describe('Check suspend/unsuspend consistency', () => {
let alice: LoginUser, bob: LoginUser;
let bobInA: Misskey.entities.UserDetailedNotMe, aliceInB: Misskey.entities.UserDetailedNotMe;
beforeAll(async () => {
[alice, bob] = await Promise.all([
createAccount('a.test'),
createAccount('b.test'),
]);
[bobInA, aliceInB] = await Promise.all([
resolveRemoteUser('b.test', bob.id, alice),
resolveRemoteUser('a.test', alice.id, bob),
]);
});
test('Bob follows Alice, and Alice gets suspended, there is no following relation, and Bob fails to follow again', async () => {
await bob.client.request('following/create', { userId: aliceInB.id });
await sleep();
const followers = await alice.client.request('users/followers', { userId: alice.id });
strictEqual(followers.length, 1); // followed by Bob
await aAdmin.client.request('admin/suspend-user', { userId: alice.id });
await sleep();
const following = await bob.client.request('users/following', { userId: bob.id });
strictEqual(following.length, 0); // no following relation
await rejects(
async () => await bob.client.request('following/create', { userId: aliceInB.id }),
(err: any) => {
strictEqual(err.code, 'NO_SUCH_USER');
return true;
},
);
});
test('Alice gets unsuspended, Bob succeeds in following Alice', async () => {
await aAdmin.client.request('admin/unsuspend-user', { userId: alice.id });
await sleep();
const followers = await alice.client.request('users/followers', { userId: alice.id });
strictEqual(followers.length, 1); // FIXME: followers are not deleted??
/**
* FIXME: still rejected!
* seems to can't process Undo Delete activity because it is not implemented
* related @see https://github.com/misskey-dev/misskey/issues/13273
*/
await rejects(
async () => await bob.client.request('following/create', { userId: aliceInB.id }),
(err: any) => {
strictEqual(err.code, 'NO_SUCH_USER');
return true;
},
);
// FIXME: resolving also fails
await rejects(
async () => await resolveRemoteUser('a.test', alice.id, bob),
(err: any) => {
strictEqual(err.code, 'INTERNAL_ERROR');
return true;
},
);
});
/**
* instead of simple unsuspension, let's tell existence by following from Alice
*/
test('Alice can follow Bob', async () => {
await alice.client.request('following/create', { userId: bobInA.id });
await sleep();
const bobFollowers = await bob.client.request('users/followers', { userId: bob.id });
strictEqual(bobFollowers.length, 1); // followed by Alice
assert(bobFollowers[0].follower != null);
const renewedaliceInB = bobFollowers[0].follower;
assert(aliceInB.username === renewedaliceInB.username);
assert(aliceInB.host === renewedaliceInB.host);
assert(aliceInB.id !== renewedaliceInB.id); // TODO: Same username and host, but their ids are different! Is it OK?
const following = await bob.client.request('users/following', { userId: bob.id });
strictEqual(following.length, 0); // following are deleted
// Bob tries to follow Alice
await bob.client.request('following/create', { userId: renewedaliceInB.id });
await sleep();
const aliceFollowers = await alice.client.request('users/followers', { userId: alice.id });
strictEqual(aliceFollowers.length, 1);
// FIXME: but resolving still fails ...
await rejects(
async () => await resolveRemoteUser('a.test', alice.id, bob),
(err: any) => {
strictEqual(err.code, 'INTERNAL_ERROR');
return true;
},
);
});
});
});
});

2
packages/backend/test/misc/mock-resolver.ts
View File

@ -11,6 +11,7 @@ import type { IObject } from '@/core/activitypub/type.js';
import type { HttpRequestService } from '@/core/HttpRequestService.js';
import type { LoggerService } from '@/core/LoggerService.js';
import type { UtilityService } from '@/core/UtilityService.js';
import type { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
import type {
FollowRequestsRepository,
MiMeta,
@ -47,6 +48,7 @@ export class MockResolver extends Resolver {
{} as HttpRequestService,
{} as ApRendererService,
{} as ApDbResolverService,
{} as FederatedInstanceService,
loggerService,
);
}

659
packages/backend/test/unit/ApDeliverManagerService.ts Normal file
View File

@ -0,0 +1,659 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
process.env.NODE_ENV = 'test';
import { jest } from '@jest/globals';
import { Test } from '@nestjs/testing';
import type { TestingModule } from '@nestjs/testing';
import type { MiLocalUser, MiRemoteUser } from '@/models/User.js';
import type { IActivity } from '@/core/activitypub/type.js';
import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
import { ApLoggerService } from '@/core/activitypub/ApLoggerService.js';
import { QueueService } from '@/core/QueueService.js';
import { FollowingsRepository, UsersRepository } from '@/models/_.js';
import { DI } from '@/di-symbols.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { UserKeypairService } from '@/core/UserKeypairService.js';
import { AccountUpdateService } from '@/core/AccountUpdateService.js';
describe('ApDeliverManagerService', () => {
let service: ApDeliverManagerService;
let followingsRepository: jest.Mocked<FollowingsRepository>;
let queueService: jest.Mocked<QueueService>;
let apLoggerService: jest.Mocked<ApLoggerService>;
const mockLocalUser: MiLocalUser = {
id: 'local-user-id',
host: null,
} as MiLocalUser;
const mockRemoteUser1: MiRemoteUser & { inbox: string; sharedInbox: string; } = {
id: 'remote-user-1',
host: 'remote.example.com',
inbox: 'https://remote.example.com/inbox',
sharedInbox: 'https://remote.example.com/shared-inbox',
} as MiRemoteUser & { inbox: string; sharedInbox: string; };
const mockRemoteUser2: MiRemoteUser & { inbox: string; } = {
id: 'remote-user-2',
host: 'another.example.com',
inbox: 'https://another.example.com/inbox',
sharedInbox: null,
} as MiRemoteUser & { inbox: string; };
const mockActivity: IActivity = {
type: 'Create',
id: 'activity-id',
actor: 'https://local.example.com/users/local-user-id',
object: {
type: 'Note',
id: 'note-id',
content: 'Hello, world!',
},
};
beforeAll(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
ApDeliverManagerService,
{
provide: ApDeliverManagerService.name,
useExisting: ApDeliverManagerService,
},
{
provide: DI.followingsRepository,
useValue: {
find: jest.fn(),
createQueryBuilder: jest.fn(),
},
},
{
provide: QueueService,
useValue: {
deliverMany: jest.fn(),
},
},
{
provide: ApLoggerService,
useValue: {
logger: {
createSubLogger: jest.fn().mockReturnValue({
info: jest.fn(),
warn: jest.fn(),
error: jest.fn(),
}),
},
},
},
{
provide: UserKeypairService,
useFactory: () => ({
refreshAndPrepareEd25519KeyPair: jest.fn(),
}),
},
{
provide: AccountUpdateService.name,
useFactory: () => ({
publishToFollowers: jest.fn(),
}),
},
],
}).compile();
service = module.get<ApDeliverManagerService>(ApDeliverManagerService);
followingsRepository = module.get(DI.followingsRepository);
queueService = module.get(QueueService);
apLoggerService = module.get(ApLoggerService);
await service.onModuleInit();
});
beforeEach(() => {
jest.clearAllMocks();
});
describe('deliverToFollowers', () => {
it('should deliver activity to all followers', async () => {
const mockFollowings = [
{
followerSharedInbox: 'https://remote1.example.com/shared-inbox',
followerInbox: 'https://remote1.example.com/inbox',
},
{
followerSharedInbox: 'https://remote2.example.com/shared-inbox',
followerInbox: 'https://remote2.example.com/inbox',
},
{
followerSharedInbox: null,
followerInbox: 'https://remote3.example.com/inbox',
},
];
followingsRepository.find.mockResolvedValue(mockFollowings as any);
await service.deliverToFollowers(mockLocalUser, mockActivity);
expect(followingsRepository.find).toHaveBeenCalledWith({
where: {
followeeId: mockLocalUser.id,
followerHost: expect.anything(), // Not(IsNull())
isFollowerSuspended: false,
},
select: {
followerSharedInbox: true,
followerInbox: true,
},
});
expect(queueService.deliverMany).toHaveBeenCalledWith(
{ id: mockLocalUser.id },
mockActivity,
expect.any(Map),
undefined,
);
// 呼び出されたinboxesを確認
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(3);
expect(inboxes.has('https://remote1.example.com/shared-inbox')).toBe(true);
expect(inboxes.has('https://remote2.example.com/shared-inbox')).toBe(true);
expect(inboxes.has('https://remote3.example.com/inbox')).toBe(true);
});
it('should exclude suspended followers by default', async () => {
followingsRepository.find.mockResolvedValue([]);
await service.deliverToFollowers(mockLocalUser, mockActivity);
expect(followingsRepository.find).toHaveBeenCalledWith(
expect.objectContaining({
where: expect.objectContaining({
isFollowerSuspended: false,
}),
}),
);
});
});
describe('deliverToUser', () => {
it('should deliver activity to specific remote user', async () => {
await service.deliverToUser(mockLocalUser, mockActivity, mockRemoteUser1);
expect(queueService.deliverMany).toHaveBeenCalledWith(
{ id: mockLocalUser.id },
mockActivity,
expect.any(Map),
undefined,
);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(1);
expect(inboxes.has(mockRemoteUser1.inbox)).toBe(true);
});
it('should handle user without shared inbox', async () => {
await service.deliverToUser(mockLocalUser, mockActivity, mockRemoteUser2);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(1);
expect(inboxes.has(mockRemoteUser2.inbox)).toBe(true);
});
it('should skip user with null inbox', async () => {
const userWithoutInbox = {
...mockRemoteUser1,
inbox: null,
} as MiRemoteUser;
await service.deliverToUser(mockLocalUser, mockActivity, userWithoutInbox);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(0);
});
});
describe('deliverToUsers', () => {
it('should deliver activity to multiple remote users', async () => {
await service.deliverToUsers(mockLocalUser, mockActivity, [mockRemoteUser1, mockRemoteUser2]);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(2);
expect(inboxes.has(mockRemoteUser1.inbox)).toBe(true);
expect(inboxes.has(mockRemoteUser2.inbox)).toBe(true);
});
});
describe('createDeliverManager', () => {
it('should create a DeliverManager instance', () => {
const manager = service.createDeliverManager(mockLocalUser, mockActivity);
expect(manager).toBeDefined();
expect(typeof manager.addFollowersRecipe).toBe('function');
expect(typeof manager.addDirectRecipe).toBe('function');
expect(typeof manager.addAllKnowingSharedInboxRecipe).toBe('function');
expect(typeof manager.execute).toBe('function');
});
it('should allow manual recipe management', async () => {
const manager = service.createDeliverManager(mockLocalUser, mockActivity);
followingsRepository.find.mockResolvedValue([
{
followerSharedInbox: null,
followerInbox: 'https://follower.example.com/inbox',
},
] as any);
// フォロワー配信のレシピを追加
manager.addFollowersRecipe();
// ダイレクト配信のレシピを追加
manager.addDirectRecipe(mockRemoteUser1);
await manager.execute();
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(2);
expect(inboxes.has('https://follower.example.com/inbox')).toBe(true);
expect(inboxes.has(mockRemoteUser1.inbox)).toBe(true);
});
it('should support ignoreSuspend option', async () => {
const manager = service.createDeliverManager(mockLocalUser, mockActivity);
followingsRepository.find.mockResolvedValue([]);
manager.addFollowersRecipe();
await manager.execute({ ignoreSuspend: true });
expect(followingsRepository.find).toHaveBeenCalledWith(
expect.objectContaining({
where: expect.objectContaining({
isFollowerSuspended: undefined, // ignoreSuspend: true なので undefined
}),
}),
);
});
it('followers and directs mixture: 先にfollowersでsharedInboxが追加されていた場合、directsでユーザーがそのsharedInboxを持っていたらinboxを追加しない', async () => {
const manager = service.createDeliverManager(mockLocalUser, mockActivity);
followingsRepository.find.mockResolvedValue([
{
followerSharedInbox: mockRemoteUser1.sharedInbox,
followerInbox: mockRemoteUser2.inbox,
},
] as any);
manager.addFollowersRecipe();
manager.addDirectRecipe(mockRemoteUser1);
await manager.execute();
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(1);
expect(inboxes.has(mockRemoteUser1.sharedInbox)).toBe(true);
expect(inboxes.has(mockRemoteUser1.inbox)).toBe(false);
});
});
describe('error handling', () => {
it('should throw error for non-local actor', () => {
const remoteActor = { id: 'remote-id', host: 'remote.example.com' } as any;
expect(() => {
service.createDeliverManager(remoteActor, mockActivity);
}).toThrow('actor.host must be null');
});
it('should throw error when follower has null inbox', async () => {
const mockFollowings = [
{
followerSharedInbox: null,
followerInbox: null, // null inbox
},
];
followingsRepository.find.mockResolvedValue(mockFollowings as any);
await expect(service.deliverToFollowers(mockLocalUser, mockActivity)).rejects.toThrow('inbox is null');
});
});
describe('AllKnowingSharedInbox recipe', () => {
it('should collect all shared inboxes when using AllKnowingSharedInbox', async () => {
const mockQueryBuilder = {
select: jest.fn().mockReturnThis(),
where: jest.fn().mockReturnThis(),
orWhere: jest.fn().mockReturnThis(),
distinct: jest.fn().mockReturnThis(),
getRawMany: jest.fn<any>().mockResolvedValue([
{ f_followerSharedInbox: 'https://shared1.example.com/inbox' },
{ f_followeeSharedInbox: 'https://shared2.example.com/inbox' },
]),
};
followingsRepository.createQueryBuilder.mockReturnValue(mockQueryBuilder as any);
const manager = service.createDeliverManager(mockLocalUser, mockActivity);
manager.addAllKnowingSharedInboxRecipe();
await manager.execute();
expect(followingsRepository.createQueryBuilder).toHaveBeenCalledWith('f');
expect(mockQueryBuilder.select).toHaveBeenCalledWith([
'f.followerSharedInbox',
'f.followeeSharedInbox',
]);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(2);
expect(inboxes.has('https://shared1.example.com/inbox')).toBe(true);
expect(inboxes.has('https://shared2.example.com/inbox')).toBe(true);
});
});
});
describe('ApDeliverManagerService (SQL)', () => {
// followerにデータを挿入して、SQLの動作を確認します
let app: TestingModule;
let service: ApDeliverManagerService;
let followingsRepository: FollowingsRepository;
let usersRepository: UsersRepository;
let queueService: jest.Mocked<QueueService>;
async function createUser(data: Partial<{ id: string; username: string; host: string | null; inbox: string | null; sharedInbox: string | null; isSuspended: boolean }> = {}): Promise<any> {
const user = {
id: secureRndstr(16),
username: secureRndstr(16),
usernameLower: (data.username ?? secureRndstr(16)).toLowerCase(),
host: data.host ?? null,
inbox: data.inbox ?? null,
sharedInbox: data.sharedInbox ?? null,
isSuspended: data.isSuspended ?? false,
...data,
};
await usersRepository.insert(user);
return user;
}
async function createFollowing(follower: any, followee: any, data: Partial<{
followerInbox: string | null;
followerSharedInbox: string | null;
followeeInbox: string | null;
followeeSharedInbox: string | null;
isFollowerSuspended: boolean;
}> = {}): Promise<any> {
const following = {
id: secureRndstr(16),
followerId: follower.id,
followeeId: followee.id,
followerHost: follower.host,
followeeHost: followee.host,
followerInbox: data.followerInbox ?? follower.inbox,
followerSharedInbox: data.followerSharedInbox ?? follower.sharedInbox,
followeeInbox: data.followeeInbox ?? null,
followeeSharedInbox: data.followeeSharedInbox ?? null,
isFollowerSuspended: data.isFollowerSuspended ?? false,
isFollowerHibernated: false,
withReplies: false,
notify: null,
};
await followingsRepository.insert(following);
return following;
}
beforeEach(async () => {
const { Test } = await import('@nestjs/testing');
const { GlobalModule } = await import('@/GlobalModule.js');
const { DI } = await import('@/di-symbols.js');
app = await Test.createTestingModule({
imports: [GlobalModule],
providers: [
ApDeliverManagerService,
{
provide: ApDeliverManagerService.name,
useExisting: ApDeliverManagerService,
},
{
provide: QueueService,
useFactory: () => ({
deliverMany: jest.fn(),
}),
},
{
provide: ApLoggerService,
useValue: {
logger: {
createSubLogger: jest.fn().mockReturnValue({
info: jest.fn(),
warn: jest.fn(),
error: jest.fn(),
}),
},
},
},
{
provide: UserKeypairService,
useFactory: () => ({
refreshAndPrepareEd25519KeyPair: jest.fn(),
}),
},
{
provide: AccountUpdateService.name,
useFactory: () => ({
publishToFollowers: jest.fn(),
}),
},
],
}).compile();
app.enableShutdownHooks();
// Reset mocks
jest.clearAllMocks();
service = app.get<ApDeliverManagerService>(ApDeliverManagerService);
followingsRepository = app.get<FollowingsRepository>(DI.followingsRepository);
usersRepository = app.get<UsersRepository>(DI.usersRepository);
queueService = app.get<QueueService>(QueueService) as jest.Mocked<QueueService>;
await service.onModuleInit();
});
afterEach(async () => {
await app.close();
});
describe('deliverToFollowers with real data', () => {
it('should deliver to followers excluding suspended ones', async () => {
// Create local user (followee)
const localUser = await createUser({
host: null,
username: 'localuser',
});
// Create remote followers
const activeFollower = await createUser({
host: 'active.example.com',
username: 'activefollower',
inbox: 'https://active.example.com/inbox',
sharedInbox: 'https://active.example.com/shared-inbox',
isSuspended: false,
});
const suspendedFollower = await createUser({
host: 'suspended.example.com',
username: 'suspendedfollower',
inbox: 'https://suspended.example.com/inbox',
sharedInbox: 'https://suspended.example.com/shared-inbox',
isSuspended: true,
});
const followerWithoutSharedInbox = await createUser({
host: 'noshared.example.com',
username: 'noshared',
inbox: 'https://noshared.example.com/inbox',
sharedInbox: null,
isSuspended: false,
});
// Create following relationships
await createFollowing(activeFollower, localUser, {
followerInbox: activeFollower.inbox,
followerSharedInbox: activeFollower.sharedInbox,
isFollowerSuspended: false,
});
await createFollowing(suspendedFollower, localUser, {
followerInbox: suspendedFollower.inbox,
followerSharedInbox: suspendedFollower.sharedInbox,
isFollowerSuspended: true, // 凍結されたフォロワー
});
await createFollowing(followerWithoutSharedInbox, localUser, {
followerInbox: followerWithoutSharedInbox.inbox,
followerSharedInbox: null,
isFollowerSuspended: false,
});
const mockActivity = {
type: 'Create',
id: 'test-activity',
actor: `https://local.example.com/users/${localUser.id}`,
object: { type: 'Note', content: 'Hello' },
} as any;
// Execute delivery
await service.deliverToFollowers(localUser, mockActivity);
// Verify delivery was queued
expect(queueService.deliverMany).toHaveBeenCalledTimes(1);
const [actor, activity, inboxes] = queueService.deliverMany.mock.calls[0];
expect(actor.id).toBe(localUser.id);
expect(activity).toBe(mockActivity);
// Check inboxes - should include active followers but exclude suspended ones
expect(inboxes.size).toBe(2);
expect(inboxes.has('https://active.example.com/shared-inbox')).toBe(true);
expect(inboxes.has('https://noshared.example.com/inbox')).toBe(true);
expect(inboxes.has('https://suspended.example.com/shared-inbox')).toBe(false);
});
it('should include suspended followers when ignoreSuspend is true', async () => {
const localUser = await createUser({ host: null });
const suspendedFollower = await createUser({
host: 'suspended.example.com',
inbox: 'https://suspended.example.com/inbox',
isSuspended: true,
});
await createFollowing(suspendedFollower, localUser, {
isFollowerSuspended: true,
});
const manager = service.createDeliverManager(localUser, { type: 'Test' } as any);
manager.addFollowersRecipe();
// Execute with ignoreSuspend: true
await manager.execute({ ignoreSuspend: true });
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
expect(inboxes.size).toBe(1);
expect(inboxes.has('https://suspended.example.com/inbox')).toBe(true);
});
it('should handle mixed follower types correctly', async () => {
const localUser = await createUser({ host: null });
// フォロワー1: shared inbox あり
const follower1 = await createUser({
host: 'server1.example.com',
inbox: 'https://server1.example.com/users/user1/inbox',
sharedInbox: 'https://server1.example.com/inbox',
});
// フォロワー2: 同じサーバーの別ユーザーshared inbox は同じ)
const follower2 = await createUser({
host: 'server1.example.com',
inbox: 'https://server1.example.com/users/user2/inbox',
sharedInbox: 'https://server1.example.com/inbox',
});
// フォロワー3: 別サーバー、shared inbox なし
const follower3 = await createUser({
host: 'server2.example.com',
inbox: 'https://server2.example.com/users/user3/inbox',
sharedInbox: null,
});
await createFollowing(follower1, localUser);
await createFollowing(follower2, localUser);
await createFollowing(follower3, localUser);
await service.deliverToFollowers(localUser, { type: 'Test' } as any);
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
// shared inbox は重複排除されるので、2つのinboxのみ
expect(inboxes.size).toBe(2);
expect(inboxes.has('https://server1.example.com/inbox')).toBe(true); // shared inbox
expect(inboxes.has('https://server2.example.com/users/user3/inbox')).toBe(true); // individual inbox
// individual inbox は shared inbox があるので使用されない
expect(inboxes.has('https://server1.example.com/users/user1/inbox')).toBe(false);
expect(inboxes.has('https://server1.example.com/users/user2/inbox')).toBe(false);
});
});
describe('AllKnowingSharedInbox with real data', () => {
it('should collect all unique shared inboxes from database', async () => {
// Create users with various inbox configurations
const user1 = await createUser({ host: null });
const user2 = await createUser({ host: null });
const remoteUser1 = await createUser({
host: 'server1.example.com',
sharedInbox: 'https://server1.example.com/shared',
});
const remoteUser2 = await createUser({
host: 'server2.example.com',
sharedInbox: 'https://server2.example.com/shared',
});
const remoteUser3 = await createUser({
host: 'server1.example.com', // 同じサーバー
sharedInbox: 'https://server1.example.com/shared', // 同じ shared inbox
});
// Create following relationships
await createFollowing(remoteUser1, user1, {
followerSharedInbox: 'https://server1.example.com/shared',
});
await createFollowing(user1, remoteUser2, {
followerSharedInbox: null,
followeeSharedInbox: 'https://server2.example.com/shared',
});
await createFollowing(remoteUser3, user2, {
followerSharedInbox: 'https://server1.example.com/shared', // 重複
});
const manager = service.createDeliverManager(user1, { type: 'Test' } as any);
manager.addAllKnowingSharedInboxRecipe();
await manager.execute();
const [, , inboxes] = queueService.deliverMany.mock.calls[0];
// 重複は除去されて2つのユニークな shared inbox
expect(inboxes.size).toBe(2);
expect(inboxes.has('https://server1.example.com/shared')).toBe(true);
expect(inboxes.has('https://server2.example.com/shared')).toBe(true);
});
});
});

23
packages/backend/test/unit/FetchInstanceMetadataService.ts
View File

@ -75,62 +75,61 @@ describe('FetchInstanceMetadataService', () => {
test('Lock and update', async () => {
redisClient.set = mockRedis();
const now = Date.now();
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => { return now - 10 * 1000 * 60 * 60 * 24; } } } as any);
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
httpRequestService.getJson.mockImplementation(() => { throw Error(); });
const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
expect(tryLockSpy).toHaveBeenCalledTimes(1);
expect(unlockSpy).toHaveBeenCalledTimes(1);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
expect(httpRequestService.getJson).toHaveBeenCalled();
});
test('Lock and don\'t update', async () => {
test('Don\'t lock and update if recently updated', async () => {
redisClient.set = mockRedis();
const now = Date.now();
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now } } as any);
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date() } as any);
httpRequestService.getJson.mockImplementation(() => { throw Error(); });
const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
expect(tryLockSpy).toHaveBeenCalledTimes(1);
expect(unlockSpy).toHaveBeenCalledTimes(1);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
expect(tryLockSpy).toHaveBeenCalledTimes(0);
expect(unlockSpy).toHaveBeenCalledTimes(0);
expect(httpRequestService.getJson).toHaveBeenCalledTimes(0);
});
test('Do nothing when lock not acquired', async () => {
redisClient.set = mockRedis();
const now = Date.now();
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now - 10 * 1000 * 60 * 60 * 24 } } as any);
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
httpRequestService.getJson.mockImplementation(() => { throw Error(); });
await fetchInstanceMetadataService.tryLock('example.com');
const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
expect(tryLockSpy).toHaveBeenCalledTimes(1);
expect(unlockSpy).toHaveBeenCalledTimes(0);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
expect(httpRequestService.getJson).toHaveBeenCalledTimes(0);
});
test('Do when lock not acquired but forced', async () => {
test('Do when forced', async () => {
redisClient.set = mockRedis();
const now = Date.now();
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now - 10 * 1000 * 60 * 60 * 24 } } as any);
federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
httpRequestService.getJson.mockImplementation(() => { throw Error(); });
await fetchInstanceMetadataService.tryLock('example.com');
const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any, true);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
expect(tryLockSpy).toHaveBeenCalledTimes(0);
expect(unlockSpy).toHaveBeenCalledTimes(1);
expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
expect(httpRequestService.getJson).toHaveBeenCalled();
});
});

503
packages/backend/test/unit/UserSuspendService.ts Normal file
View File

@ -0,0 +1,503 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
process.env.NODE_ENV = 'test';
import { jest } from '@jest/globals';
import { Test } from '@nestjs/testing';
import { setTimeout } from 'node:timers/promises';
import type { TestingModule } from '@nestjs/testing';
import { GlobalModule } from '@/GlobalModule.js';
import { UserSuspendService } from '@/core/UserSuspendService.js';
import {
MiFollowing,
MiUser,
FollowingsRepository,
FollowRequestsRepository,
UsersRepository,
} from '@/models/_.js';
import { DI } from '@/di-symbols.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { QueueService } from '@/core/QueueService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { randomString } from '../utils.js';
import { AccountUpdateService } from '@/core/AccountUpdateService.js';
import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
import { RelayService } from '@/core/RelayService.js';
import { ApLoggerService } from '@/core/activitypub/ApLoggerService.js';
import { MiRemoteUser } from '@/models/User.js';
import { UserKeypairService } from '@/core/UserKeypairService.js';
function genHost() {
return randomString() + '.example.com';
}
describe('UserSuspendService', () => {
let app: TestingModule;
let userSuspendService: UserSuspendService;
let usersRepository: UsersRepository;
let followingsRepository: FollowingsRepository;
let followRequestsRepository: FollowRequestsRepository;
let userEntityService: jest.Mocked<UserEntityService>;
let queueService: jest.Mocked<QueueService>;
let globalEventService: jest.Mocked<GlobalEventService>;
let apRendererService: jest.Mocked<ApRendererService>;
let moderationLogService: jest.Mocked<ModerationLogService>;
let userKeypairService: jest.Mocked<UserKeypairService>;
let accountUpdateService: AccountUpdateService;
let apDeliverManagerService: ApDeliverManagerService;
async function createUser(data: Partial<MiUser> = {}): Promise<MiUser> {
const user = {
id: secureRndstr(16),
username: secureRndstr(16),
usernameLower: secureRndstr(16).toLowerCase(),
host: null,
isSuspended: false,
isRemoteSuspended: false,
...data,
} as MiUser;
await usersRepository.insert(user);
return user;
}
async function createFollowing(follower: MiUser, followee: MiUser, data: Partial<MiFollowing> = {}): Promise<MiFollowing> {
const following = {
id: secureRndstr(16),
followerId: follower.id,
followeeId: followee.id,
isFollowerSuspended: false,
isFollowerHibernated: false,
withReplies: false,
notify: null,
followerHost: follower.host,
followerInbox: null,
followerSharedInbox: null,
followeeHost: followee.host,
followeeInbox: null,
followeeSharedInbox: null,
...data,
} as MiFollowing;
await followingsRepository.insert(following);
return following;
}
beforeAll(async () => {
app = await Test.createTestingModule({
imports: [GlobalModule],
providers: [
UserSuspendService,
AccountUpdateService,
ApDeliverManagerService,
{
provide: AccountUpdateService.name,
useExisting: AccountUpdateService,
},
{
provide: ApDeliverManagerService.name,
useExisting: ApDeliverManagerService,
},
{
provide: UserEntityService,
useFactory: () => ({
isLocalUser: jest.fn(),
genLocalUserUri: jest.fn(),
isSuspendedEither: jest.fn(),
}),
},
{
provide: QueueService,
useFactory: () => ({
deliverMany: jest.fn(),
deliver: jest.fn(),
}),
},
{
provide: GlobalEventService,
useFactory: () => ({
publishInternalEvent: jest.fn(),
}),
},
{
provide: ModerationLogService,
useFactory: () => ({
log: jest.fn(),
}),
},
{
provide: RelayService,
useFactory: () => ({
deliverToRelays: jest.fn(),
}),
},
{
provide: ApRendererService,
useFactory: () => ({
renderDelete: jest.fn(),
renderUndo: jest.fn(),
renderPerson: jest.fn(),
renderUpdate: jest.fn(),
addContext: jest.fn(),
}),
},
{
provide: ApLoggerService,
useFactory: () => ({
logger: {
createSubLogger: jest.fn().mockReturnValue({
info: jest.fn(), error: jest.fn(), warn: jest.fn(), debug: jest.fn(),
}),
},
}),
},
{
provide: UserKeypairService,
useFactory: () => ({
refreshAndPrepareEd25519KeyPair: jest.fn(),
}),
},
],
}).compile();
app.enableShutdownHooks();
userSuspendService = app.get<UserSuspendService>(UserSuspendService);
usersRepository = app.get<UsersRepository>(DI.usersRepository);
followingsRepository = app.get<FollowingsRepository>(DI.followingsRepository);
followRequestsRepository = app.get<FollowRequestsRepository>(DI.followRequestsRepository);
userEntityService = app.get<UserEntityService>(UserEntityService) as jest.Mocked<UserEntityService>;
queueService = app.get<QueueService>(QueueService) as jest.Mocked<QueueService>;
globalEventService = app.get<GlobalEventService>(GlobalEventService) as jest.Mocked<GlobalEventService>;
apRendererService = app.get<ApRendererService>(ApRendererService) as jest.Mocked<ApRendererService>;
moderationLogService = app.get<ModerationLogService>(ModerationLogService) as jest.Mocked<ModerationLogService>;
userKeypairService = app.get<UserKeypairService>(UserKeypairService) as jest.Mocked<UserKeypairService>;
apDeliverManagerService = app.get<ApDeliverManagerService>(ApDeliverManagerService);
await apDeliverManagerService.onModuleInit();
accountUpdateService = app.get<AccountUpdateService>(AccountUpdateService.name);
await accountUpdateService.onModuleInit();
});
beforeEach(() => {
jest.clearAllMocks();
});
describe('suspend', () => {
test('should suspend user and update database', async () => {
const user = await createUser();
const moderator = await createUser();
await userSuspendService.suspend(user, moderator);
// ユーザーが凍結されているかチェック
const suspendedUser = await usersRepository.findOneBy({ id: user.id });
expect(suspendedUser?.isSuspended).toBe(true);
// モデレーションログが記録されているかチェック
expect(moderationLogService.log).toHaveBeenCalledWith(moderator, 'suspend', {
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
});
test('should mark follower relationships as suspended', async () => {
const user = await createUser();
const followee1 = await createUser();
const followee2 = await createUser();
const moderator = await createUser();
// ユーザーがフォローしている関係を作成
await createFollowing(user, followee1);
await createFollowing(user, followee2);
await userSuspendService.suspend(user, moderator);
await setTimeout(250);
// フォロー関係が論理削除されているかチェック
const followings = await followingsRepository.find({
where: { followerId: user.id },
});
expect(followings).toHaveLength(2);
followings.forEach(following => {
expect(following.isFollowerSuspended).toBe(true);
});
});
test('should publish internal event for suspension', async () => {
const user = await createUser();
const moderator = await createUser();
await userSuspendService.suspend(user, moderator);
await setTimeout(250);
// 内部イベントが発行されているかチェック(非同期処理のため少し待つ)
await setTimeout(100);
expect(globalEventService.publishInternalEvent).toHaveBeenCalledWith(
'userChangeSuspendedState',
{ id: user.id, isSuspended: true },
);
});
});
describe('unsuspend', () => {
test('should unsuspend user and update database', async () => {
const user = await createUser({ isSuspended: true });
const moderator = await createUser();
await userSuspendService.unsuspend(user, moderator);
await setTimeout(250);
// ユーザーの凍結が解除されているかチェック
const unsuspendedUser = await usersRepository.findOneBy({ id: user.id });
expect(unsuspendedUser?.isSuspended).toBe(false);
// モデレーションログが記録されているかチェック
expect(moderationLogService.log).toHaveBeenCalledWith(moderator, 'unsuspend', {
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
});
test('should restore follower relationships', async () => {
userEntityService.isSuspendedEither.mockReturnValue(false);
const user = await createUser({ isSuspended: true });
const followee1 = await createUser();
const followee2 = await createUser();
const moderator = await createUser();
// 凍結状態のフォロー関係を作成
await createFollowing(user, followee1, { isFollowerSuspended: true });
await createFollowing(user, followee2, { isFollowerSuspended: true });
await userSuspendService.unsuspend(user, moderator);
await setTimeout(250);
// フォロー関係が復元されているかチェック
const followings = await followingsRepository.find({
where: { followerId: user.id },
});
expect(followings).toHaveLength(2);
followings.forEach(following => {
expect(following.isFollowerSuspended).toBe(false);
});
});
test('should publish internal event for unsuspension', async () => {
const user = await createUser({ isSuspended: true });
const moderator = await createUser();
await userSuspendService.unsuspend(user, moderator);
await setTimeout(250);
// 内部イベントが発行されているかチェック(非同期処理のため少し待つ)
await setTimeout(100);
expect(globalEventService.publishInternalEvent).toHaveBeenCalledWith(
'userChangeSuspendedState',
{ id: user.id, isSuspended: false },
);
});
});
describe('integration test: suspend and unsuspend cycle', () => {
test('should preserve follow relationships through suspend/unsuspend cycle', async () => {
userEntityService.isSuspendedEither.mockReturnValue(false);
const user = await createUser();
const followee1 = await createUser();
const followee2 = await createUser();
const moderator = await createUser();
// 初期のフォロー関係を作成
await createFollowing(user, followee1);
await createFollowing(user, followee2);
// 初期状態の確認
let followings = await followingsRepository.find({
where: { followerId: user.id },
});
expect(followings).toHaveLength(2);
followings.forEach(following => {
expect(following.isFollowerSuspended).toBe(false);
});
// 凍結
await userSuspendService.suspend(user, moderator);
await setTimeout(250);
// 凍結後の状態確認
followings = await followingsRepository.find({
where: { followerId: user.id },
});
expect(followings).toHaveLength(2);
followings.forEach(following => {
expect(following.isFollowerSuspended).toBe(true);
});
// 凍結解除
const suspendedUser = await usersRepository.findOneByOrFail({ id: user.id });
await userSuspendService.unsuspend(suspendedUser, moderator);
await setTimeout(250);
// 凍結解除後の状態確認
followings = await followingsRepository.find({
where: { followerId: user.id },
});
expect(followings).toHaveLength(2);
followings.forEach(following => {
expect(following.isFollowerSuspended).toBe(false);
});
});
});
describe('ActivityPub delivery', () => {
test('should deliver Update Person activity on suspend of local user', async () => {
const localUser = await createUser({ host: null });
const moderator = await createUser();
userEntityService.isLocalUser.mockReturnValue(true);
userEntityService.genLocalUserUri.mockReturnValue(`https://example.com/users/${localUser.id}`);
apRendererService.renderUpdate.mockReturnValue({ type: 'Update' } as any);
apRendererService.renderPerson.mockReturnValue({ type: 'Person' } as any);
apRendererService.addContext.mockReturnValue({ '@context': '...', type: 'Update' } as any);
await userSuspendService.suspend(localUser, moderator);
await setTimeout(250);
// ActivityPub配信が呼ばれているかチェック
expect(userEntityService.isLocalUser).toHaveBeenCalledWith(localUser);
expect(apRendererService.renderUpdate).toHaveBeenCalled();
expect(apRendererService.renderPerson).toHaveBeenCalled();
expect(apRendererService.addContext).toHaveBeenCalled();
expect(queueService.deliverMany).toHaveBeenCalled();
});
test('should deliver Update Person activity on unsuspend of local user', async () => {
const localUser = await createUser({ host: null, isSuspended: true });
const moderator = await createUser();
userEntityService.isLocalUser.mockReturnValue(true);
userEntityService.genLocalUserUri.mockReturnValue(`https://example.com/users/${localUser.id}`);
apRendererService.renderUpdate.mockReturnValue({ type: 'Update' } as any);
apRendererService.renderPerson.mockReturnValue({ type: 'Person' } as any);
apRendererService.addContext.mockReturnValue({ '@context': '...', type: 'Update' } as any);
await userSuspendService.suspend(localUser, moderator);
await setTimeout(250);
// ActivityPub配信が呼ばれているかチェック
expect(userEntityService.isLocalUser).toHaveBeenCalledWith(localUser);
expect(apRendererService.renderUpdate).toHaveBeenCalled();
expect(apRendererService.renderPerson).toHaveBeenCalled();
expect(apRendererService.addContext).toHaveBeenCalled();
expect(queueService.deliverMany).toHaveBeenCalled();
});
test('should not deliver any activity on suspend of remote user', async () => {
const remoteUser = await createUser({ host: 'remote.example.com' });
const moderator = await createUser();
userEntityService.isLocalUser.mockReturnValue(false);
await userSuspendService.suspend(remoteUser, moderator);
await setTimeout(250);
// ActivityPub配信が呼ばれていないことをチェック
expect(userEntityService.isLocalUser).toHaveBeenCalledWith(remoteUser);
expect(apRendererService.renderDelete).not.toHaveBeenCalled();
expect(queueService.deliver).not.toHaveBeenCalled();
});
});
describe('suspension for remote user', () => {
test('should suspend remote user without AP delivery', async () => {
const remoteUser = await createUser({ host: genHost() });
const moderator = await createUser();
await userSuspendService.suspend(remoteUser, moderator);
await setTimeout(250);
// ユーザーが凍結されているかチェック
const suspendedUser = await usersRepository.findOneBy({ id: remoteUser.id });
expect(suspendedUser?.isSuspended).toBe(true);
// モデレーションログが記録されているかチェック
expect(moderationLogService.log).toHaveBeenCalledWith(moderator, 'suspend', {
userId: remoteUser.id,
userUsername: remoteUser.username,
userHost: remoteUser.host,
});
// ActivityPub配信が呼ばれていないことを確認
expect(queueService.deliver).not.toHaveBeenCalled();
});
test('should unsuspend remote user without AP delivery', async () => {
const remoteUser = await createUser({ host: genHost(), isSuspended: true });
const moderator = await createUser();
await userSuspendService.unsuspend(remoteUser, moderator);
await setTimeout(250);
// ユーザーの凍結が解除されているかチェック
const unsuspendedUser = await usersRepository.findOneBy({ id: remoteUser.id });
expect(unsuspendedUser?.isSuspended).toBe(false);
// モデレーションログが記録されているかチェック
expect(moderationLogService.log).toHaveBeenCalledWith(moderator, 'unsuspend', {
userId: remoteUser.id,
userUsername: remoteUser.username,
userHost: remoteUser.host,
});
// ActivityPub配信が呼ばれていないことを確認
expect(queueService.deliver).not.toHaveBeenCalled();
});
});
describe('suspension from remote', () => {
test('should suspend remote user and post suspend event', async () => {
const remoteUser = await createUser({ host: genHost() }) as MiRemoteUser;
await userSuspendService.suspendFromRemote(remoteUser);
// ユーザーがリモート凍結されているかチェック
const suspendedUser = await usersRepository.findOneBy({ id: remoteUser.id });
expect(suspendedUser?.isRemoteSuspended).toBe(true);
// イベントが発行されているかチェック
expect(globalEventService.publishInternalEvent).toHaveBeenCalledWith(
'userChangeSuspendedState',
{ id: remoteUser.id, isRemoteSuspended: true },
);
});
test('should unsuspend remote user and post unsuspend event', async () => {
const remoteUser = await createUser({ host: genHost(), isRemoteSuspended: true }) as MiRemoteUser;
await userSuspendService.unsuspendFromRemote(remoteUser);
// ユーザーのリモート凍結が解除されているかチェック
const unsuspendedUser = await usersRepository.findOneBy({ id: remoteUser.id });
expect(unsuspendedUser?.isRemoteSuspended).toBe(false);
// イベントが発行されているかチェック
expect(globalEventService.publishInternalEvent).toHaveBeenCalledWith(
'userChangeSuspendedState',
{ id: remoteUser.id, isRemoteSuspended: false },
);
});
});
});

67
packages/backend/test/unit/ap-request.ts
View File

@ -4,12 +4,11 @@
*/
import * as assert from 'assert';
import httpSignature from '@peertube/http-signature';
import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
import { ApRequestCreator } from '@/core/activitypub/ApRequestService.js';
import { assertActivityMatchesUrl, FetchAllowSoftFailMask } from '@/core/activitypub/misc/check-against-url.js';
import { IObject } from '@/core/activitypub/type.js';
import { verifyDraftSignature, parseRequestSignature, genRsaKeyPair, genEd25519KeyPair, importPrivateKey } from '@misskey-dev/node-http-message-signatures';
import { createSignedGet, createSignedPost } from '@/core/activitypub/ApRequestService.js';
export const buildParsedSignature = (signingString: string, signature: string, algorithm: string) => {
return {
@ -30,10 +29,16 @@ function cartesianProduct<T, U>(a: T[], b: U[]): [T, U][] {
return a.flatMap(a => b.map(b => [a, b] as [T, U]));
}
describe('ap-request', () => {
test('createSignedPost with verify', async () => {
const keypair = await genRsaKeyPair();
const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
async function getKeyPair(level: string) {
if (level === '00') {
return await genRsaKeyPair();
} else if (level === '01') {
return await genEd25519KeyPair();
}
throw new Error('Invalid level');
}
describe('ap-request post', () => {
const url = 'https://example.com/inbox';
const activity = { a: 1 };
const body = JSON.stringify(activity);
@ -41,30 +46,56 @@ describe('ap-request', () => {
'User-Agent': 'UA',
};
const req = ApRequestCreator.createSignedPost({ key, url, body, additionalHeaders: headers });
describe.each(['00', '01'])('createSignedPost with verify', (level) => {
test('pem', async () => {
const keypair = await getKeyPair(level);
const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
const parsed = buildParsedSignature(req.signingString, req.signature, 'rsa-sha256');
const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
const result = httpSignature.verifySignature(parsed, keypair.publicKey);
assert.deepStrictEqual(result, true);
const parsed = parseRequestSignature(req.request);
expect(parsed.version).toBe('draft');
expect(Array.isArray(parsed.value)).toBe(false);
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
assert.deepStrictEqual(verify, true);
});
test('imported', async () => {
const keypair = await getKeyPair(level);
const key = { keyId: 'x', 'privateKey': await importPrivateKey(keypair.privateKey) };
test('createSignedGet with verify', async () => {
const keypair = await genRsaKeyPair();
const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
const parsed = parseRequestSignature(req.request);
expect(parsed.version).toBe('draft');
expect(Array.isArray(parsed.value)).toBe(false);
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
assert.deepStrictEqual(verify, true);
});
});
});
describe('ap-request get', () => {
describe.each(['00', '01'])('createSignedGet with verify', (level) => {
test('pass', async () => {
const keypair = await getKeyPair(level);
const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
const url = 'https://example.com/outbox';
const headers = {
'User-Agent': 'UA',
};
const req = ApRequestCreator.createSignedGet({ key, url, additionalHeaders: headers });
const req = await createSignedGet({ level, key, url, additionalHeaders: headers });
const parsed = buildParsedSignature(req.signingString, req.signature, 'rsa-sha256');
const result = httpSignature.verifySignature(parsed, keypair.publicKey);
assert.deepStrictEqual(result, true);
const parsed = parseRequestSignature(req.request);
expect(parsed.version).toBe('draft');
expect(Array.isArray(parsed.value)).toBe(false);
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
assert.deepStrictEqual(verify, true);
});
});
});
describe('assertActivityMatchesUrl', () => {
test('rejects non matching domain', () => {
assert.doesNotThrow(() => assertActivityMatchesUrl(
'https://alice.example.com/abc',

2
packages/backend/test/unit/entities/UserEntityService.ts
View File

@ -51,6 +51,7 @@ import { ReactionService } from '@/core/ReactionService.js';
import { NotificationService } from '@/core/NotificationService.js';
import { ReactionsBufferingService } from '@/core/ReactionsBufferingService.js';
import { ChatService } from '@/core/ChatService.js';
import { UserSuspendService } from '@/core/UserSuspendService.js';
process.env.NODE_ENV = 'test';
@ -170,6 +171,7 @@ describe('UserEntityService', () => {
InstanceChart,
ApLoggerService,
AccountMoveService,
UserSuspendService,
ReactionService,
ReactionsBufferingService,
NotificationService,

3
packages/frontend/src/pages/admin-user.vue
View File

@ -14,6 +14,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<span class="sub"><span class="acct _monospace">@{{ acct(user) }}</span></span>
<span class="state">
<span v-if="suspended" class="suspended">Suspended</span>
<span v-if="remoteSuspended" class="suspended">Suspended in Remote</span>
<span v-if="silenced" class="silenced">Silenced</span>
<span v-if="moderator" class="moderator">Moderator</span>
</span>
@ -261,6 +262,7 @@ const ap = ref<any>(null);
const moderator = ref(info.value.isModerator);
const silenced = ref(info.value.isSilenced);
const suspended = ref(info.value.isSuspended);
const remoteSuspended = ref(info.value.isRemoteSuspended);
const isSystem = ref(user.value.host == null && user.value.username.includes('.'));
const moderationNote = ref(info.value.moderationNote);
const filesPaginator = markRaw(new Paginator('admin/drive/files', {
@ -317,6 +319,7 @@ async function refreshUser() {
moderator.value = info.value.isModerator;
silenced.value = info.value.isSilenced;
suspended.value = info.value.isSuspended;
remoteSuspended.value = info.value.isRemoteSuspended;
isSystem.value = user.value.host == null && user.value.username.includes('.');
moderationNote.value = info.value.moderationNote;
}

14
packages/misskey-js/src/autogen/types.ts
View File

@ -5026,6 +5026,7 @@ export type components = {
/** Format: date-time */
latestRequestReceivedAt: string | null;
moderationNote?: string | null;
httpMessageSignaturesImplementationLevel: string;
};
GalleryPost: {
/**
@ -11720,6 +11721,7 @@ export interface operations {
isModerator: boolean;
isSilenced: boolean;
isSuspended: boolean;
isRemoteSuspended: boolean;
isHibernated: boolean;
lastActiveDate: string | null;
moderationNote: string;
@ -11731,6 +11733,18 @@ export interface operations {
expiresAt: string | null;
roleId: string;
}[];
publicKeys: {
userId: string;
keyId: string;
keyPem: string;
}[] | null;
keyPairs: {
userId: string;
publicKey: string;
privateKey: string;
ed25519PublicKey: string | null;
ed25519PrivateKey: string | null;
} | null;
};
};
};

55
pnpm-lock.yaml
View File

@ -128,6 +128,9 @@ importers:
'@fastify/view':
specifier: 10.0.2
version: 10.0.2
'@misskey-dev/node-http-message-signatures':
specifier: 0.0.10
version: 0.0.10
'@misskey-dev/sharp-read-bmp':
specifier: 1.2.0
version: 1.2.0
@ -146,9 +149,6 @@ importers:
'@nestjs/testing':
specifier: 11.1.6
version: 11.1.6(@nestjs/common@11.1.6(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.6)(@nestjs/platform-express@10.4.20)
'@peertube/http-signature':
specifier: 1.7.0
version: 1.7.0
'@sentry/node':
specifier: 8.55.0
version: 8.55.0
@ -2798,6 +2798,11 @@ packages:
'@kurkle/color@0.3.2':
resolution: {integrity: sha512-fuscdXJ9G1qb7W8VdHi+IwRqij3lBkosAm4ydQtEmbY58OzHXqQhvlxqEkoz0yssNVn38bcpRWgA9PP+OGoisw==}
'@lapo/asn1js@2.0.4':
resolution: {integrity: sha512-KJD3wQAZxozcraJdWp3utDU6DEZgAVBGp9INCdptUpZaXCEYkpwNb7h7wyYh5y6DxtpvIud8k0suhWJ/z2rKvw==}
engines: {node: '>=12.20.0'}
hasBin: true
'@levischuck/tiny-cbor@0.2.2':
resolution: {integrity: sha512-f5CnPw997Y2GQ8FAvtuVVC19FX8mwNNC+1XJcIi16n/LTJifKO6QBgGLgN3YEmqtGMk17SKSuoWES3imJVxAVw==}
@ -2852,6 +2857,10 @@ packages:
eslint-plugin-import: '>= 2'
globals: '>= 15'
'@misskey-dev/node-http-message-signatures@0.0.10':
resolution: {integrity: sha512-HiAuc//tOU077KFUJhHYLAPWku9enTpOFIqQiK6l2i2mIizRvv7HhV7Y+yuav5quDOAz+WZGK/i5C9OR5fkKIg==}
engines: {node: '>=18.4.0'}
'@misskey-dev/sharp-read-bmp@1.2.0':
resolution: {integrity: sha512-er4pRakXzHYfEgOFAFfQagqDouG+wLm+kwNq1I30oSdIHDa0wM3KjFpfIGQ25Fks4GcmOl1s7Zh6xoQu5dNjTw==}
@ -3378,10 +3387,6 @@ packages:
'@peculiar/asn1-x509@2.3.8':
resolution: {integrity: sha512-voKxGfDU1c6r9mKiN5ZUsZWh3Dy1BABvTM3cimf0tztNwyMJPhiXY94eRTgsMQe6ViLfT6EoXxkWVzcm3mFAFw==}
'@peertube/http-signature@1.7.0':
resolution: {integrity: sha512-aGQIwo6/sWtyyqhVK4e1MtxYz4N1X8CNt6SOtCc+Wnczs5S5ONaLHDDR8LYaGn0MgOwvGgXyuZ5sJIfd7iyoUw==}
engines: {node: '>=0.10'}
'@pkgjs/parseargs@0.11.0':
resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
engines: {node: '>=14'}
@ -7938,10 +7943,6 @@ packages:
resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
engines: {node: '>=0.10.0'}
jsprim@1.4.2:
resolution: {integrity: sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==}
engines: {node: '>=0.6.0'}
jsprim@2.0.2:
resolution: {integrity: sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==}
engines: {'0': node >=0.6.0}
@ -9709,6 +9710,9 @@ packages:
resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
rfc4648@1.5.3:
resolution: {integrity: sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ==}
rfdc@1.4.1:
resolution: {integrity: sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==}
@ -10307,6 +10311,10 @@ packages:
resolution: {integrity: sha512-ERPW+XkvX9W2A+ov07iy+ZFJpVdik04GhDA4eVogiG9hpC97Kem2iucyzhFxbFRvQ5o2UckFtKZdp1hkGvnrEw==}
engines: {node: '>=16'}
structured-headers@1.0.1:
resolution: {integrity: sha512-QYBxdBtA4Tl5rFPuqmbmdrS9kbtren74RTJTcs0VSQNVV5iRhJD4QlYTLD0+81SBwUQctjEQzjTRI3WG4DzICA==}
engines: {node: '>= 14', npm: '>=6'}
stylehacks@7.0.5:
resolution: {integrity: sha512-5kNb7V37BNf0Q3w+1pxfa+oiNPS++/b4Jil9e/kPDgrk1zjEd6uR7SZeJiYaLYH6RRSC1XX2/37OTeU/4FvuIA==}
engines: {node: ^18.12.0 || ^20.9.0 || >=22.0}
@ -13208,6 +13216,8 @@ snapshots:
'@kurkle/color@0.3.2': {}
'@lapo/asn1js@2.0.4': {}
'@levischuck/tiny-cbor@0.2.2': {}
'@lukeed/csprng@1.0.1': {}
@ -13289,6 +13299,12 @@ snapshots:
eslint-plugin-import: 2.32.0(@typescript-eslint/parser@8.42.0(eslint@9.35.0)(typescript@5.9.2))(eslint@9.35.0)
globals: 16.3.0
'@misskey-dev/node-http-message-signatures@0.0.10':
dependencies:
'@lapo/asn1js': 2.0.4
rfc4648: 1.5.3
structured-headers: 1.0.1
'@misskey-dev/sharp-read-bmp@1.2.0':
dependencies:
decode-bmp: 0.2.1
@ -13854,12 +13870,6 @@ snapshots:
pvtsutils: 1.3.5
tslib: 2.8.1
'@peertube/http-signature@1.7.0':
dependencies:
assert-plus: 1.0.0
jsprim: 1.4.2
sshpk: 1.18.0
'@pkgjs/parseargs@0.11.0':
optional: true
@ -19412,13 +19422,6 @@ snapshots:
jsonpointer@5.0.1: {}
jsprim@1.4.2:
dependencies:
assert-plus: 1.0.0
extsprintf: 1.3.0
json-schema: 0.4.0
verror: 1.10.0
jsprim@2.0.2:
dependencies:
assert-plus: 1.0.0
@ -21407,6 +21410,8 @@ snapshots:
reusify@1.0.4: {}
rfc4648@1.5.3: {}
rfdc@1.4.1: {}
rimraf@2.7.1:
@ -22148,6 +22153,8 @@ snapshots:
'@tokenizer/token': 0.3.0
peek-readable: 5.3.1
structured-headers@1.0.1: {}
stylehacks@7.0.5(postcss@8.5.6):
dependencies:
browserslist: 4.25.1