ignore `instance.actor` when checking if there are local users (#13146)

* ignore `instance.actor` when checking if there are local users

We've seen this happen a few times:

* there was some AP software at $some_domain
* it gets replaced by Misskey
* before the first user can be created, an AP activity comes in
* Misskey resolves the activity
* to do this, it creates the `instance.actor` to sign its request
* now there *is* a local user, so the `meta` endpoint returns
  `requireSetup:false`
* the admin is very confused

This commit factors out the check, and doesn't count the
`instance.actor` as a real user.

* autogen bits
This commit is contained in:
Gianni Ceccarelli 2024-02-04 11:46:28 +00:00 committed by GitHub
parent 2c4ba4723f
commit bafef1f8b4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 25 additions and 18 deletions

View File

@ -4,7 +4,7 @@
*/ */
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { IsNull } from 'typeorm'; import { IsNull, Not } from 'typeorm';
import type { MiLocalUser } from '@/models/User.js'; import type { MiLocalUser } from '@/models/User.js';
import type { UsersRepository } from '@/models/_.js'; import type { UsersRepository } from '@/models/_.js';
import { MemorySingleCache } from '@/misc/cache.js'; import { MemorySingleCache } from '@/misc/cache.js';
@ -27,6 +27,14 @@ export class InstanceActorService {
this.cache = new MemorySingleCache<MiLocalUser>(Infinity); this.cache = new MemorySingleCache<MiLocalUser>(Infinity);
} }
@bindThis
public async realLocalUsersPresent(): Promise<boolean> {
return await this.usersRepository.existsBy({
host: IsNull(),
username: Not(ACTOR_USERNAME),
});
}
@bindThis @bindThis
public async getInstanceActor(): Promise<MiLocalUser> { public async getInstanceActor(): Promise<MiLocalUser> {
const cached = this.cache.get(); const cached = this.cache.get();

View File

@ -16,6 +16,7 @@ import { MiUserKeypair } from '@/models/UserKeypair.js';
import { MiUsedUsername } from '@/models/UsedUsername.js'; import { MiUsedUsername } from '@/models/UsedUsername.js';
import generateUserToken from '@/misc/generate-native-user-token.js'; import generateUserToken from '@/misc/generate-native-user-token.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import UsersChart from '@/core/chart/charts/users.js'; import UsersChart from '@/core/chart/charts/users.js';
import { UtilityService } from '@/core/UtilityService.js'; import { UtilityService } from '@/core/UtilityService.js';
@ -37,6 +38,7 @@ export class SignupService {
private userEntityService: UserEntityService, private userEntityService: UserEntityService,
private idService: IdService, private idService: IdService,
private metaService: MetaService, private metaService: MetaService,
private instanceActorService: InstanceActorService,
private usersChart: UsersChart, private usersChart: UsersChart,
) { ) {
} }
@ -81,7 +83,7 @@ export class SignupService {
throw new Error('USED_USERNAME'); throw new Error('USED_USERNAME');
} }
const isTheFirstUser = (await this.usersRepository.countBy({ host: IsNull() })) === 0; const isTheFirstUser = !await this.instanceActorService.realLocalUsersPresent();
if (!opts.ignorePreservedUsernames && !isTheFirstUser) { if (!opts.ignorePreservedUsernames && !isTheFirstUser) {
const instance = await this.metaService.fetch(true); const instance = await this.metaService.fetch(true);

View File

@ -9,6 +9,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/_.js'; import type { UsersRepository } from '@/models/_.js';
import { SignupService } from '@/core/SignupService.js'; import { SignupService } from '@/core/SignupService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import { localUsernameSchema, passwordSchema } from '@/models/User.js'; import { localUsernameSchema, passwordSchema } from '@/models/User.js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import { Packed } from '@/misc/json-schema.js'; import { Packed } from '@/misc/json-schema.js';
@ -46,13 +47,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private userEntityService: UserEntityService, private userEntityService: UserEntityService,
private signupService: SignupService, private signupService: SignupService,
private instanceActorService: InstanceActorService,
) { ) {
super(meta, paramDef, async (ps, _me, token) => { super(meta, paramDef, async (ps, _me, token) => {
const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null; const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
const noUsers = (await this.usersRepository.countBy({ const realUsers = await this.instanceActorService.realLocalUsersPresent();
host: IsNull(), if ((realUsers && !me?.isRoot) || token !== null) throw new Error('access denied');
})) === 0;
if ((!noUsers && !me?.isRoot) || token !== null) throw new Error('access denied');
const { account, secret } = await this.signupService.signup({ const { account, secret } = await this.signupService.signup({
username: ps.username, username: ps.username,

View File

@ -6,11 +6,12 @@
import { IsNull, LessThanOrEqual, MoreThan, Brackets } from 'typeorm'; import { IsNull, LessThanOrEqual, MoreThan, Brackets } from 'typeorm';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import JSON5 from 'json5'; import JSON5 from 'json5';
import type { AdsRepository, UsersRepository } from '@/models/_.js'; import type { AdsRepository } from '@/models/_.js';
import { MAX_NOTE_TEXT_LENGTH } from '@/const.js'; import { MAX_NOTE_TEXT_LENGTH } from '@/const.js';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { MetaService } from '@/core/MetaService.js'; import { MetaService } from '@/core/MetaService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import type { Config } from '@/config.js'; import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import { DEFAULT_POLICIES } from '@/core/RoleService.js'; import { DEFAULT_POLICIES } from '@/core/RoleService.js';
@ -326,14 +327,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@Inject(DI.config) @Inject(DI.config)
private config: Config, private config: Config,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.adsRepository) @Inject(DI.adsRepository)
private adsRepository: AdsRepository, private adsRepository: AdsRepository,
private userEntityService: UserEntityService, private userEntityService: UserEntityService,
private metaService: MetaService, private metaService: MetaService,
private instanceActorService: InstanceActorService,
) { ) {
super(meta, paramDef, async (ps, me) => { super(meta, paramDef, async (ps, me) => {
const instance = await this.metaService.fetch(true); const instance = await this.metaService.fetch(true);
@ -412,9 +411,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
...(ps.detail ? { ...(ps.detail ? {
cacheRemoteFiles: instance.cacheRemoteFiles, cacheRemoteFiles: instance.cacheRemoteFiles,
cacheRemoteSensitiveFiles: instance.cacheRemoteSensitiveFiles, cacheRemoteSensitiveFiles: instance.cacheRemoteSensitiveFiles,
requireSetup: (await this.usersRepository.countBy({ requireSetup: !await this.instanceActorService.realLocalUsersPresent(),
host: IsNull(),
})) === 0,
} : {}), } : {}),
}; };

View File

@ -1,6 +1,6 @@
/* /*
* version: 2024.2.0-beta.8 * version: 2024.2.0-beta.8
* generatedAt: 2024-01-31T01:46:47.964Z * generatedAt: 2024-02-02T14:18:15.716Z
*/ */
import type { SwitchCaseResponseType } from '../api.js'; import type { SwitchCaseResponseType } from '../api.js';

View File

@ -1,6 +1,6 @@
/* /*
* version: 2024.2.0-beta.8 * version: 2024.2.0-beta.8
* generatedAt: 2024-01-31T01:46:47.962Z * generatedAt: 2024-02-02T14:18:15.712Z
*/ */
import type { import type {

View File

@ -1,6 +1,6 @@
/* /*
* version: 2024.2.0-beta.8 * version: 2024.2.0-beta.8
* generatedAt: 2024-01-31T01:46:47.961Z * generatedAt: 2024-02-02T14:18:15.709Z
*/ */
import { operations } from './types.js'; import { operations } from './types.js';

View File

@ -1,6 +1,6 @@
/* /*
* version: 2024.2.0-beta.8 * version: 2024.2.0-beta.8
* generatedAt: 2024-01-31T01:46:47.959Z * generatedAt: 2024-02-02T14:18:15.708Z
*/ */
import { components } from './types.js'; import { components } from './types.js';

View File

@ -3,7 +3,7 @@
/* /*
* version: 2024.2.0-beta.8 * version: 2024.2.0-beta.8
* generatedAt: 2024-01-31T01:46:47.878Z * generatedAt: 2024-02-02T14:18:15.529Z
*/ */
/** /**