misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'develop' into 'nodeinfostats'

Browse source 
# Conflicts:
#   packages/backend/src/server/NodeinfoServerService.ts
This commit is contained in:
Marie 2025-08-16 08:18:54 +00:00
commit 239a4a7a7b
1760 changed files with 69477 additions and 49515 deletions
Download patch file Download diff file Expand all files Collapse all files

431
packages/backend/src/server/ActivityPubServerService.ts
View file

@ -14,7 +14,7 @@ import accepts from 'accepts';
import vary from 'vary';
import secureJson from 'secure-json-parse';
import { DI } from '@/di-symbols.js';
import type { FollowingsRepository, NotesRepository, EmojisRepository, NoteReactionsRepository, UserProfilesRepository, UserNotePiningsRepository, UsersRepository, FollowRequestsRepository } from '@/models/_.js';
import type { FollowingsRepository, NotesRepository, EmojisRepository, NoteReactionsRepository, UserProfilesRepository, UserNotePiningsRepository, UsersRepository, FollowRequestsRepository, MiMeta } from '@/models/_.js';
import * as url from '@/misc/prelude/url.js';
import type { Config } from '@/config.js';
import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
@ -22,7 +22,6 @@ import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
import { QueueService } from '@/core/QueueService.js';
import type { MiLocalUser, MiRemoteUser, MiUser } from '@/models/User.js';
import { UserKeypairService } from '@/core/UserKeypairService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import type { MiUserPublickey } from '@/models/UserPublickey.js';
import type { MiFollowing } from '@/models/Following.js';
import { countIf } from '@/misc/prelude/array.js';
@ -33,11 +32,13 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
import type Logger from '@/logger.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import { IActivity } from '@/core/activitypub/type.js';
import { isQuote, isRenote } from '@/misc/is-renote.js';
import { IActivity, IAnnounce, ICreate } from '@/core/activitypub/type.js';
import { isPureRenote, isQuote, isRenote } from '@/misc/is-renote.js';
import * as Acct from '@/misc/acct.js';
import { CacheService } from '@/core/CacheService.js';
import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions, FastifyBodyParser } from 'fastify';
import type { FindOptionsWhere } from 'typeorm';
import { FanoutTimelineEndpointService } from '@/core/FanoutTimelineEndpointService.js';
const ACTIVITY_JSON = 'application/activity+json; charset=utf-8';
const LD_JSON = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"; charset=utf-8';
@ -51,6 +52,9 @@ export class ActivityPubServerService {
@Inject(DI.config)
private config: Config,
@Inject(DI.meta)
private meta: MiMeta,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@ -77,13 +81,14 @@ export class ActivityPubServerService {
private utilityService: UtilityService,
private userEntityService: UserEntityService,
private instanceActorService: InstanceActorService,
private apRendererService: ApRendererService,
private apDbResolverService: ApDbResolverService,
private queueService: QueueService,
private userKeypairService: UserKeypairService,
private queryService: QueryService,
private fanoutTimelineEndpointService: FanoutTimelineEndpointService,
private loggerService: LoggerService,
private readonly cacheService: CacheService,
) {
//this.createServer = this.createServer.bind(this);
this.logger = this.loggerService.getLogger('apserv', 'pink');
@ -106,7 +111,7 @@ export class ActivityPubServerService {
* @param author Author of the note
*/
@bindThis
private async packActivity(note: MiNote, author: MiUser): Promise<any> {
private async packActivity(note: MiNote, author: MiUser): Promise<ICreate | IAnnounce> {
if (isRenote(note) && !isQuote(note)) {
const renote = await this.notesRepository.findOneByOrFail({ id: note.renoteId });
return this.apRendererService.renderAnnounce(renote.uri ? renote.uri : `${this.config.url}/notes/${renote.id}`, note);
@ -115,10 +120,55 @@ export class ActivityPubServerService {
return this.apRendererService.renderCreate(await this.apRendererService.renderNote(note, author, false), note);
}
@bindThis
private async shouldRefuseGetRequest(request: FastifyRequest, reply: FastifyReply, userId: string | undefined = undefined): Promise<boolean> {
if (!this.config.checkActivityPubGetSignature) return false;
/**
* Checks Authorized Fetch.
* Returns an object with two properties:
* * reject - true if the request should be ignored by the caller, false if it should be processed.
* * redact - true if the caller should redact response data, false if it should return full data.
* When "reject" is true, the HTTP status code will be automatically set to 401 unauthorized.
*/
private async checkAuthorizedFetch(
request: FastifyRequest,
reply: FastifyReply,
userId?: string,
essential?: boolean,
): Promise<{ reject: boolean, redact: boolean }> {
// Federation disabled => reject
if (this.meta.federation === 'none') {
reply.code(401);
return { reject: true, redact: true };
}
// Auth fetch disabled => accept
const allowUnsignedFetch = await this.getUnsignedFetchAllowance(userId);
if (allowUnsignedFetch === 'always') {
return { reject: false, redact: false };
}
// Valid signature => accept
const error = await this.checkSignature(request);
if (!error) {
return { reject: false, redact: false };
}
// Unsigned, but essential => accept redacted
if (allowUnsignedFetch === 'essential' && essential) {
return { reject: false, redact: true };
}
// Unsigned, not essential => reject
this.authlogger.warn(error);
reply.code(401);
return { reject: true, redact: true };
}
/**
* Verifies HTTP Signatures for a request.
* Returns null of success (valid signature).
* Returns a string error on validation failure.
*/
@bindThis
private async checkSignature(request: FastifyRequest): Promise<string | null> {
/* this code is inspired from the `inbox` function below, and
`queue/processors/InboxProcessorService`
@ -129,59 +179,33 @@ export class ActivityPubServerService {
this is also inspired by FireFish's `checkFetch`
*/
/* tell any caching proxy that they should not cache these
responses: we wouldn't want the proxy to return a 403 to
someone presenting a valid signature, or return a cached
response body to someone we've blocked!
*/
reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
/* we always allow requests about our instance actor, because when
a remote instance needs to check our signature on a request we
sent, it will need to fetch information about the user that
signed it (which is our instance actor), and if we try to check
their signature on *that* request, we'll fetch *their* instance
actor... leading to an infinite recursion */
if (userId) {
const instanceActor = await this.instanceActorService.getInstanceActor();
if (userId === instanceActor.id || userId === instanceActor.username) {
this.authlogger.debug(`${request.id} ${request.url} request to instance.actor, letting through`);
return false;
}
}
let signature;
let signature: httpSignature.IParsedSignature;
try {
signature = httpSignature.parseRequest(request.raw, { 'headers': ['(request-target)', 'host', 'date'], authorizationHeaderName: 'signature' });
signature = httpSignature.parseRequest(request.raw, {
headers: ['(request-target)', 'host', 'date'],
authorizationHeaderName: 'signature',
});
} catch (e) {
// not signed, or malformed signature: refuse
this.authlogger.warn(`${request.id} ${request.url} not signed, or malformed signature: refuse`);
reply.code(401);
return true;
return `${request.id} ${request.url} not signed, or malformed signature: refuse`;
}
const keyId = new URL(signature.keyId);
const keyHost = this.utilityService.toPuny(keyId.hostname);
const logPrefix = `${request.id} ${request.url} (by ${request.headers['user-agent']}) apparently from ${keyHost}:`;
const logPrefix = `${request.id} ${request.url} (by ${request.headers['user-agent']}) claims to be from ${keyHost}:`;
if (signature.params.headers.indexOf('host') === -1
|| request.headers.host !== this.config.host) {
if (signature.params.headers.indexOf('host') === -1 || request.headers.host !== this.config.host) {
// no destination host, or not us: refuse
this.authlogger.warn(`${logPrefix} no destination host, or not us: refuse`);
reply.code(401);
return true;
return `${logPrefix} no destination host, or not us: refuse`;
}
if (!this.utilityService.isFederationAllowedHost(keyHost)) {
/* blocked instance: refuse (we don't care if the signature is
good, if they even pretend to be from a blocked instance,
they're out) */
this.authlogger.warn(`${logPrefix} instance is blocked: refuse`);
reply.code(401);
return true;
return `${logPrefix} instance is blocked: refuse`;
}
// do we know the signer already?
@ -200,34 +224,64 @@ export class ActivityPubServerService {
if (authUser?.key == null) {
// we can't figure out who the signer is, or we can't get their key: refuse
this.authlogger.warn(`${logPrefix} we can't figure out who the signer is, or we can't get their key: refuse`);
reply.code(401);
return true;
return `${logPrefix} we can't figure out who the signer is, or we can't get their key: refuse`;
}
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
if (authUser.user.isSuspended) {
// Signer is suspended locally
return `${logPrefix} signer is suspended: refuse`;
}
// some fedi implementations include the query (`?foo=bar`) in the
// signature, some don't, so we have to handle both cases
function verifyWithOrWithoutQuery() {
const httpSignatureValidated = httpSignature.verifySignature(signature, authUser!.key!.keyPem);
if (httpSignatureValidated) return true;
const requestUrl = new URL(`http://whatever${request.raw.url}`);
if (! requestUrl.search) return false;
// verification failed, the request URL contained a query, let's try without
const semiRawRequest = request.raw;
semiRawRequest.url = requestUrl.pathname;
// no need for try/catch, if the original request parsed, this
// one will, too
const signatureWithoutQuery = httpSignature.parseRequest(semiRawRequest, {
headers: ['(request-target)', 'host', 'date'],
authorizationHeaderName: 'signature',
});
return httpSignature.verifySignature(signatureWithoutQuery, authUser!.key!.keyPem);
}
let httpSignatureValidated = verifyWithOrWithoutQuery();
// maybe they changed their key? refetch it
// TODO rate-limit this using lastFetchedAt
if (!httpSignatureValidated) {
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
if (authUser.key != null) {
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
httpSignatureValidated = verifyWithOrWithoutQuery();
}
}
if (!httpSignatureValidated) {
// bad signature: refuse
this.authlogger.info(`${logPrefix} failed to validate signature: refuse`);
reply.code(401);
return true;
return `${logPrefix} failed to validate signature: refuse`;
}
// all good, don't refuse
return false;
return null;
}
@bindThis
private inbox(request: FastifyRequest, reply: FastifyReply) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
let signature;
try {
@ -299,7 +353,13 @@ export class ActivityPubServerService {
request: FastifyRequest<{ Params: { user: string; }; Querystring: { cursor?: string; page?: string; }; }>,
reply: FastifyReply,
) {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
const userId = request.params.user;
@ -326,11 +386,9 @@ export class ActivityPubServerService {
if (profile.followersVisibility === 'private') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followersVisibility === 'followers') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30');
return;
}
//#endregion
@ -382,7 +440,6 @@ export class ActivityPubServerService {
user.followersCount,
`${partOf}?page=true`,
);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@ -393,7 +450,13 @@ export class ActivityPubServerService {
request: FastifyRequest<{ Params: { user: string; }; Querystring: { cursor?: string; page?: string; }; }>,
reply: FastifyReply,
) {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
const userId = request.params.user;
@ -420,11 +483,9 @@ export class ActivityPubServerService {
if (profile.followingVisibility === 'private') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followingVisibility === 'followers') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=30');
return;
}
//#endregion
@ -476,7 +537,6 @@ export class ActivityPubServerService {
user.followingCount,
`${partOf}?page=true`,
);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@ -484,7 +544,13 @@ export class ActivityPubServerService {
@bindThis
private async featured(request: FastifyRequest<{ Params: { user: string; }; }>, reply: FastifyReply) {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
const userId = request.params.user;
@ -505,7 +571,7 @@ export class ActivityPubServerService {
const pinnedNotes = (await Promise.all(pinings.map(pining =>
this.notesRepository.findOneByOrFail({ id: pining.noteId }))))
.filter(note => !note.localOnly && ['public', 'home'].includes(note.visibility));
.filter(note => !note.localOnly && ['public', 'home'].includes(note.visibility) && !isPureRenote(note));
const renderedNotes = await Promise.all(pinnedNotes.map(note => this.apRendererService.renderNote(note, user)));
@ -517,7 +583,6 @@ export class ActivityPubServerService {
renderedNotes,
);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@ -530,7 +595,13 @@ export class ActivityPubServerService {
}>,
reply: FastifyReply,
) {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user);
if (reject) return;
const userId = request.params.user;
@ -567,16 +638,28 @@ export class ActivityPubServerService {
const partOf = `${this.config.url}/users/${userId}/outbox`;
if (page) {
const query = this.queryService.makePaginationQuery(this.notesRepository.createQueryBuilder('note'), sinceId, untilId)
.andWhere('note.userId = :userId', { userId: user.id })
.andWhere(new Brackets(qb => {
qb
.where('note.visibility = \'public\'')
.orWhere('note.visibility = \'home\'');
}))
.andWhere('note.localOnly = FALSE');
const notes = await query.limit(limit).getMany();
const notes = this.meta.enableFanoutTimeline ? await this.fanoutTimelineEndpointService.getMiNotes({
sinceId: sinceId ?? null,
untilId: untilId ?? null,
limit: limit,
allowPartial: false, // Possibly true? IDK it's OK for ordered collection.
me: null,
redisTimelines: [
`userTimeline:${user.id}`,
`userTimelineWithReplies:${user.id}`,
],
useDbFallback: true,
ignoreAuthorFromMute: true,
excludePureRenotes: false,
noteFilter: (note) => {
if (note.visibility !== 'home' && note.visibility !== 'public') return false;
if (note.localOnly) return false;
return true;
},
dbFallback: async (untilId, sinceId, limit) => {
return await this.getUserNotesFromDb(sinceId, untilId, limit, user.id);
},
}) : await this.getUserNotesFromDb(sinceId ?? null, untilId ?? null, limit, user.id);
if (sinceId) notes.reverse();
@ -608,14 +691,32 @@ export class ActivityPubServerService {
`${partOf}?page=true`,
`${partOf}?page=true&since_id=000000000000000000000000`,
);
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
}
@bindThis
private async userInfo(request: FastifyRequest, reply: FastifyReply, user: MiUser | null) {
private async getUserNotesFromDb(untilId: string | null, sinceId: string | null, limit: number, userId: MiUser['id']) {
return await this.queryService.makePaginationQuery(this.notesRepository.createQueryBuilder('note'), sinceId, untilId)
.andWhere('note.userId = :userId', { userId })
.andWhere(new Brackets(qb => {
qb
.where('note.visibility = \'public\'')
.orWhere('note.visibility = \'home\'');
}))
.andWhere('note.localOnly = FALSE')
.limit(limit)
.getMany();
}
@bindThis
private async userInfo(request: FastifyRequest, reply: FastifyReply, user: MiUser | null, redact = false) {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
if (user == null) {
reply.code(404);
return;
@ -631,10 +732,12 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser)));
const person = redact
? await this.apRendererService.renderPersonRedacted(user as MiLocalUser)
: await this.apRendererService.renderPerson(user as MiLocalUser);
return this.apRendererService.addContext(person);
}
@bindThis
@ -687,6 +790,17 @@ export class ActivityPubServerService {
reply.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
reply.header('Access-Control-Allow-Origin', '*');
reply.header('Access-Control-Expose-Headers', 'Vary');
// Tell crawlers not to index AP endpoints.
// https://developers.google.com/search/docs/crawling-indexing/block-indexing
reply.header('X-Robots-Tag', 'noindex');
/* tell any caching proxy that they should not cache these
responses: we wouldn't want the proxy to return a 403 to
someone presenting a valid signature, or return a cached
response body to someone we've blocked!
*/
reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
done();
});
@ -697,16 +811,22 @@ export class ActivityPubServerService {
// note
fastify.get<{ Params: { note: string; } }>('/notes/:note', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const note = await this.notesRepository.findOneBy({
id: request.params.note,
visibility: In(['public', 'home']),
localOnly: false,
});
const { reject } = await this.checkAuthorizedFetch(request, reply, note?.userId);
if (reject) return;
if (note == null) {
reply.code(404);
return;
@ -722,7 +842,11 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
// Boosts don't federate directly - they should only be referenced as an activity
if (isPureRenote(note)) {
return 404;
}
this.setResponseType(request, reply);
const author = await this.usersRepository.findOneByOrFail({ id: note.userId });
@ -731,10 +855,13 @@ export class ActivityPubServerService {
// note activity
fastify.get<{ Params: { note: string; } }>('/notes/:note/activity', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const note = await this.notesRepository.findOneBy({
id: request.params.note,
userHost: IsNull(),
@ -742,18 +869,66 @@ export class ActivityPubServerService {
localOnly: false,
});
const { reject } = await this.checkAuthorizedFetch(request, reply, note?.userId);
if (reject) return;
if (note == null) {
reply.code(404);
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
const author = await this.usersRepository.findOneByOrFail({ id: note.userId });
return (this.apRendererService.addContext(await this.packActivity(note, author)));
});
// replies
fastify.get<{
Params: { note: string; };
Querystring: { page?: unknown; until_id?: unknown; };
}>('/notes/:note/replies', async (request, reply) => {
vary(reply.raw, 'Accept');
this.setResponseType(request, reply);
// Raw query to avoid fetching the while entity just to check access and get the user ID
const note = await this.notesRepository
.createQueryBuilder('note')
.andWhere({
id: request.params.note,
userHost: IsNull(),
visibility: In(['public', 'home']),
localOnly: false,
})
.select(['note.id', 'note.userId'])
.getRawOne<{ note_id: string, note_userId: string }>();
const { reject } = await this.checkAuthorizedFetch(request, reply, note?.note_userId);
if (reject) return;
if (note == null) {
reply.code(404);
return;
}
const untilId = request.query.until_id;
if (untilId != null && typeof(untilId) !== 'string') {
reply.code(400);
return;
}
// If page is unset, then we just provide the outer wrapper.
// This is because the spec doesn't allow the wrapper to contain both elements *and* pages.
// We could technically do it anyway, but that may break other instances.
if (request.query.page !== 'true') {
const collection = await this.apRendererService.renderRepliesCollection(note.note_id);
return this.apRendererService.addContext(collection);
}
const page = await this.apRendererService.renderRepliesCollectionPage(note.note_id, untilId ?? undefined);
return this.apRendererService.addContext(page);
});
// outbox
fastify.get<{
Params: { user: string; };
@ -777,7 +952,13 @@ export class ActivityPubServerService {
// publickey
fastify.get<{ Params: { user: string; } }>('/users/:user/publickey', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.user, true);
if (reject) return;
const userId = request.params.user;
@ -794,7 +975,6 @@ export class ActivityPubServerService {
const keypair = await this.userKeypairService.getUserKeypair(user.id);
if (this.userEntityService.isLocalUser(user)) {
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
} else {
@ -804,10 +984,16 @@ export class ActivityPubServerService {
});
fastify.get<{ Params: { user: string; } }>('/users/:user', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply, request.params.user)) return;
const { reject, redact } = await this.checkAuthorizedFetch(request, reply, request.params.user, true);
if (reject) return;
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const userId = request.params.user;
const user = await this.usersRepository.findOneBy({
@ -815,29 +1001,41 @@ export class ActivityPubServerService {
isSuspended: false,
});
return await this.userInfo(request, reply, user);
return await this.userInfo(request, reply, user, redact);
});
fastify.get<{ Params: { acct: string; } }>('/@:acct', { constraints: { apOrHtml: 'ap' } }, async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply, request.params.acct)) return;
vary(reply.raw, 'Accept');
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const acct = Acct.parse(request.params.acct);
const user = await this.usersRepository.findOneBy({
usernameLower: acct.username,
usernameLower: acct.username.toLowerCase(),
host: acct.host ?? IsNull(),
isSuspended: false,
});
return await this.userInfo(request, reply, user);
const { reject, redact } = await this.checkAuthorizedFetch(request, reply, user?.id, true);
if (reject) return;
return await this.userInfo(request, reply, user, redact);
});
//#endregion
// emoji
fastify.get<{ Params: { emoji: string; } }>('/emojis/:emoji', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply);
if (reject) return;
const emoji = await this.emojisRepository.findOneBy({
host: IsNull(),
@ -849,17 +1047,22 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji)));
});
// like
fastify.get<{ Params: { like: string; } }>('/likes/:like', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const reaction = await this.noteReactionsRepository.findOneBy({ id: request.params.like });
const { reject } = await this.checkAuthorizedFetch(request, reply, reaction?.userId);
if (reject) return;
if (reaction == null) {
reply.code(404);
return;
@ -872,14 +1075,19 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
});
// follow
fastify.get<{ Params: { follower: string; followee: string; } }>('/follows/:follower/:followee', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const { reject } = await this.checkAuthorizedFetch(request, reply, request.params.follower);
if (reject) return;
// This may be used before the follow is completed, so we do not
// check if the following exists.
@ -900,14 +1108,16 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
});
// follow
fastify.get<{ Params: { followRequestId: string ; } }>('/follows/:followRequestId', async (request, reply) => {
if (await this.shouldRefuseGetRequest(request, reply)) return;
fastify.get<{ Params: { followRequestId: string; } }>('/follows/:followRequestId', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
// This may be used before the follow is completed, so we do not
// check if the following exists and only check if the follow request exists.
@ -916,6 +1126,9 @@ export class ActivityPubServerService {
id: request.params.followRequestId,
});
const { reject } = await this.checkAuthorizedFetch(request, reply, followRequest?.followerId);
if (reject) return;
if (followRequest == null) {
reply.code(404);
return;
@ -937,11 +1150,21 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature) reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
});
done();
}
private async getUnsignedFetchAllowance(userId: string | undefined) {
const user = userId ? await this.cacheService.findLocalUserById(userId) : null;
// User system value if there is no user, or if user has deferred the choice.
if (!user?.allowUnsignedFetch || user.allowUnsignedFetch === 'staff') {
return this.meta.allowUnsignedFetch;
}
return user.allowUnsignedFetch;
}
}

45
packages/backend/src/server/FileServerService.ts
View file

@ -32,6 +32,7 @@ import { getIpHash } from '@/misc/get-ip-hash.js';
import { AuthenticateService } from '@/server/api/AuthenticateService.js';
import { SkRateLimiterService } from '@/server/SkRateLimiterService.js';
import { Keyed, RateLimit, sendRateLimitHeaders } from '@/misc/rate-limit-utils.js';
import { renderInlineError } from '@/misc/render-inline-error.js';
import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions } from 'fastify';
const _filename = fileURLToPath(import.meta.url);
@ -69,6 +70,10 @@ export class FileServerService {
fastify.addHook('onRequest', (request, reply, done) => {
reply.header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\'; media-src \'self\'; style-src \'unsafe-inline\'');
reply.header('Access-Control-Allow-Origin', '*');
// Tell crawlers not to index files endpoints.
// https://developers.google.com/search/docs/crawling-indexing/block-indexing
reply.header('X-Robots-Tag', 'noindex');
done();
});
@ -120,7 +125,7 @@ export class FileServerService {
@bindThis
private async errorHandler(request: FastifyRequest<{ Params?: { [x: string]: any }; Querystring?: { [x: string]: any }; }>, reply: FastifyReply, err?: any) {
this.logger.error(`${err}`);
this.logger.error(`Unhandled error in file server: ${renderInlineError(err)}`);
reply.header('Cache-Control', 'max-age=300');
@ -195,6 +200,10 @@ export class FileServerService {
reply.header('Content-Length', file.file.size);
if (!image) {
if (file.file.size > 0) {
reply.header('Accept-Ranges', 'bytes');
}
if (request.headers.range && file.file.size > 0) {
const range = request.headers.range as string;
const parts = range.replace(/bytes=/, '').split('-');
@ -215,7 +224,6 @@ export class FileServerService {
};
reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
reply.header('Accept-Ranges', 'bytes');
reply.header('Content-Length', chunksize);
reply.code(206);
} else {
@ -257,6 +265,10 @@ export class FileServerService {
reply.header('Cache-Control', 'max-age=31536000, immutable');
reply.header('Content-Disposition', contentDisposition('inline', filename));
if (file.file.size > 0) {
reply.header('Accept-Ranges', 'bytes');
}
if (request.headers.range && file.file.size > 0) {
const range = request.headers.range as string;
const parts = range.replace(/bytes=/, '').split('-');
@ -271,7 +283,6 @@ export class FileServerService {
end,
});
reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
reply.header('Accept-Ranges', 'bytes');
reply.header('Content-Length', chunksize);
reply.code(206);
return fileStream;
@ -284,6 +295,10 @@ export class FileServerService {
reply.header('Cache-Control', 'max-age=31536000, immutable');
reply.header('Content-Disposition', contentDisposition('inline', file.filename));
if (file.file.size > 0) {
reply.header('Accept-Ranges', 'bytes');
}
if (request.headers.range && file.file.size > 0) {
const range = request.headers.range as string;
const parts = range.replace(/bytes=/, '').split('-');
@ -298,7 +313,6 @@ export class FileServerService {
end,
});
reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
reply.header('Accept-Ranges', 'bytes');
reply.header('Content-Length', chunksize);
reply.code(206);
return fileStream;
@ -344,7 +358,7 @@ export class FileServerService {
if (!request.headers['user-agent']) {
throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
throw new StatusError(`Refusing to proxy recursive request to ${url} (from user-agent ${request.headers['user-agent']})`, 403, 'Proxy is recursive');
}
// Create temp file
@ -374,7 +388,7 @@ export class FileServerService {
) {
if (!isConvertibleImage) {
// 画像でないなら404でお茶を濁す
throw new StatusError('Unexpected mime', 404);
throw new StatusError(`Unexpected non-convertible mime: ${file.mime}`, 404, 'Unexpected mime');
}
}
@ -438,10 +452,14 @@ export class FileServerService {
} else if (file.mime === 'image/svg+xml') {
image = this.imageProcessingService.convertToWebpStream(file.path, 2048, 2048);
} else if (!file.mime.startsWith('image/') || !FILE_TYPE_BROWSERSAFE.includes(file.mime)) {
throw new StatusError('Rejected type', 403, 'Rejected type');
throw new StatusError(`Blocked mime type: ${file.mime}`, 403, 'Blocked mime type');
}
if (!image) {
if (file.file && file.file.size > 0) {
reply.header('Accept-Ranges', 'bytes');
}
if (request.headers.range && file.file && file.file.size > 0) {
const range = request.headers.range as string;
const parts = range.replace(/bytes=/, '').split('-');
@ -462,7 +480,6 @@ export class FileServerService {
};
reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
reply.header('Accept-Ranges', 'bytes');
reply.header('Content-Length', chunksize);
reply.code(206);
} else {
@ -509,7 +526,7 @@ export class FileServerService {
> {
if (url.startsWith(`${this.config.url}/files/`)) {
const key = url.replace(`${this.config.url}/files/`, '').split('/').shift();
if (!key) throw new StatusError('Invalid File Key', 400, 'Invalid File Key');
if (!key) throw new StatusError(`Invalid file URL ${url}`, 400, 'Invalid file url');
return await this.getFileFromKey(key);
}
@ -519,7 +536,7 @@ export class FileServerService {
@bindThis
private async downloadAndDetectTypeFromUrl(url: string): Promise<
{ state: 'remote' ; mime: string; ext: string | null; path: string; cleanup: () => void; filename: string; }
{ state: 'remote'; mime: string; ext: string | null; path: string; cleanup: () => void; filename: string; }
> {
const [path, cleanup] = await createTemp();
try {
@ -663,9 +680,11 @@ export class FileServerService {
if (info.blocked) {
reply.code(429);
reply.send({
message: 'Rate limit exceeded. Please try again later.',
code: 'RATE_LIMIT_EXCEEDED',
id: 'd5826d14-3982-4d2e-8011-b9e9f02499ef',
error: {
message: 'Rate limit exceeded. Please try again later.',
code: 'RATE_LIMIT_EXCEEDED',
id: 'd5826d14-3982-4d2e-8011-b9e9f02499ef',
},
});
return false;

10
packages/backend/src/server/NodeinfoServerService.ts
View file

@ -10,11 +10,11 @@ import type { UsersRepository } from '@/models/_.js';
import type { Config } from '@/config.js';
import { MetaService } from '@/core/MetaService.js';
import { MemorySingleCache } from '@/misc/cache.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { bindThis } from '@/decorators.js';
import NotesChart from '@/core/chart/charts/notes.js';
import UsersChart from '@/core/chart/charts/users.js';
import { DEFAULT_POLICIES } from '@/core/RoleService.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
import type { FastifyInstance, FastifyPluginOptions } from 'fastify';
const nodeinfo2_1path = '/nodeinfo/2.1';
@ -30,7 +30,7 @@ export class NodeinfoServerService {
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private userEntityService: UserEntityService,
private systemAccountService: SystemAccountService,
private metaService: MetaService,
private notesChart: NotesChart,
private usersChart: UsersChart,
@ -71,7 +71,7 @@ export class NodeinfoServerService {
this.usersRepository.count({ where: { host: IsNull(), isBot: false, lastActiveDate: MoreThan(new Date(now - 2592000000)) } }),
]);
const proxyAccount = meta.proxyAccountId ? await this.userEntityService.pack(meta.proxyAccountId).catch(() => null) : null;
const proxyAccount = await this.systemAccountService.fetch('proxy');
const basePolicies = { ...DEFAULT_POLICIES, ...meta.policies };
@ -130,9 +130,11 @@ export class NodeinfoServerService {
maxRemoteCwLength: this.config.maxRemoteCwLength,
maxAltTextLength: this.config.maxAltTextLength,
maxRemoteAltTextLength: this.config.maxRemoteAltTextLength,
maxBioLength: this.config.maxBioLength,
maxRemoteBioLength: this.config.maxRemoteBioLength,
enableEmail: meta.enableEmail,
enableServiceWorker: meta.enableServiceWorker,
proxyAccountName: proxyAccount ? proxyAccount.username : null,
proxyAccountName: proxyAccount.username,
themeColor: meta.themeColor ?? '#86b300',
},
};

31
packages/backend/src/server/ServerModule.ts
View file

@ -7,6 +7,16 @@ import { Module } from '@nestjs/common';
import { EndpointsModule } from '@/server/api/EndpointsModule.js';
import { CoreModule } from '@/core/CoreModule.js';
import { SkRateLimiterService } from '@/server/SkRateLimiterService.js';
import { MastodonClientService } from '@/server/api/mastodon/MastodonClientService.js';
import { ApiNotificationsMastodon } from '@/server/api/mastodon/endpoints/notifications.js';
import { ApiAccountMastodon } from '@/server/api/mastodon/endpoints/account.js';
import { ApiFilterMastodon } from '@/server/api/mastodon/endpoints/filter.js';
import { ApiSearchMastodon } from '@/server/api/mastodon/endpoints/search.js';
import { ApiTimelineMastodon } from '@/server/api/mastodon/endpoints/timeline.js';
import { ApiAppsMastodon } from '@/server/api/mastodon/endpoints/apps.js';
import { ApiInstanceMastodon } from '@/server/api/mastodon/endpoints/instance.js';
import { ApiStatusMastodon } from '@/server/api/mastodon/endpoints/status.js';
import { ServerUtilityService } from '@/server/ServerUtilityService.js';
import { ApiCallService } from './api/ApiCallService.js';
import { FileServerService } from './FileServerService.js';
import { HealthServerService } from './HealthServerService.js';
@ -19,14 +29,13 @@ import { ActivityPubServerService } from './ActivityPubServerService.js';
import { ApiLoggerService } from './api/ApiLoggerService.js';
import { ApiServerService } from './api/ApiServerService.js';
import { AuthenticateService } from './api/AuthenticateService.js';
import { RateLimiterService } from './api/RateLimiterService.js';
import { SigninApiService } from './api/SigninApiService.js';
import { SigninService } from './api/SigninService.js';
import { SignupApiService } from './api/SignupApiService.js';
import { StreamingApiServerService } from './api/StreamingApiServerService.js';
import { OpenApiServerService } from './api/openapi/OpenApiServerService.js';
import { ClientServerService } from './web/ClientServerService.js';
import { MastoConverters } from './api/mastodon/converters.js';
import { MastodonConverters } from './api/mastodon/MastodonConverters.js';
import { MastodonLogger } from './api/mastodon/MastodonLogger.js';
import { MastodonDataService } from './api/mastodon/MastodonDataService.js';
import { FeedService } from './web/FeedService.js';
@ -50,6 +59,8 @@ import { ServerStatsChannelService } from './api/stream/channels/server-stats.js
import { UserListChannelService } from './api/stream/channels/user-list.js';
import { MastodonApiServerService } from './api/mastodon/MastodonApiServerService.js';
import { RoleTimelineChannelService } from './api/stream/channels/role-timeline.js';
import { ChatUserChannelService } from './api/stream/channels/chat-user.js';
import { ChatRoomChannelService } from './api/stream/channels/chat-room.js';
import { ReversiChannelService } from './api/stream/channels/reversi.js';
import { ReversiGameChannelService } from './api/stream/channels/reversi-game.js';
import { SigninWithPasskeyApiService } from './api/SigninWithPasskeyApiService.js';
@ -77,8 +88,6 @@ import { SigninWithPasskeyApiService } from './api/SigninWithPasskeyApiService.j
ApiServerService,
AuthenticateService,
SkRateLimiterService,
// No longer used, but kept for backwards compatibility
RateLimiterService,
SigninApiService,
SigninWithPasskeyApiService,
SigninService,
@ -93,6 +102,8 @@ import { SigninWithPasskeyApiService } from './api/SigninWithPasskeyApiService.j
BubbleTimelineChannelService,
HashtagChannelService,
RoleTimelineChannelService,
ChatUserChannelService,
ChatRoomChannelService,
ReversiChannelService,
ReversiGameChannelService,
HomeTimelineChannelService,
@ -104,9 +115,19 @@ import { SigninWithPasskeyApiService } from './api/SigninWithPasskeyApiService.j
OpenApiServerService,
MastodonApiServerService,
OAuth2ProviderService,
MastoConverters,
MastodonConverters,
MastodonLogger,
MastodonDataService,
MastodonClientService,
ApiAccountMastodon,
ApiAppsMastodon,
ApiFilterMastodon,
ApiInstanceMastodon,
ApiNotificationsMastodon,
ApiSearchMastodon,
ApiStatusMastodon,
ApiTimelineMastodon,
ServerUtilityService,
],
exports: [
ServerService,

75
packages/backend/src/server/ServerService.ts
View file

@ -7,7 +7,7 @@ import cluster from 'node:cluster';
import * as fs from 'node:fs';
import { fileURLToPath } from 'node:url';
import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import Fastify, { FastifyInstance } from 'fastify';
import Fastify, { type FastifyInstance } from 'fastify';
import fastifyStatic from '@fastify/static';
import fastifyRawBody from 'fastify-raw-body';
import { IsNull } from 'typeorm';
@ -21,6 +21,7 @@ import { genIdenticon } from '@/misc/gen-identicon.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import { renderInlineError } from '@/misc/render-inline-error.js';
import { ActivityPubServerService } from './ActivityPubServerService.js';
import { NodeinfoServerService } from './NodeinfoServerService.js';
import { ApiServerService } from './api/ApiServerService.js';
@ -105,6 +106,43 @@ export class ServerService implements OnApplicationShutdown {
serve: false,
});
// if the requester looks like to be performing an ActivityPub object lookup, reject all external redirects
//
// this will break lookup that involve copying a URL from a third-party server, like trying to lookup http://charlie.example.com/@alice@alice.com
//
// this is not required by standard but protect us from peers that did not validate final URL.
if (this.config.disallowExternalApRedirect) {
const maybeApLookupRegex = /application\/activity\+json|application\/ld\+json.+activitystreams/i;
fastify.addHook('onSend', (request, reply, _, done) => {
const location = reply.getHeader('location');
if (reply.statusCode < 300 || reply.statusCode >= 400 || typeof location !== 'string') {
done();
return;
}
if (!maybeApLookupRegex.test(request.headers.accept ?? '')) {
done();
return;
}
const effectiveLocation = process.env.NODE_ENV === 'production' ? location : location.replace(/^http:\/\//, 'https://');
if (effectiveLocation.startsWith(`https://${this.config.host}/`)) {
done();
return;
}
reply.status(406);
reply.removeHeader('location');
reply.header('content-type', 'text/plain; charset=utf-8');
reply.header('link', `<${encodeURI(location)}>; rel="canonical"`);
done(null, [
"Refusing to relay remote ActivityPub object lookup.",
"",
`Please remove 'application/activity+json' and 'application/ld+json' from the Accept header or fetch using the authoritative URL at ${location}.`,
].join('\n'));
});
}
fastify.register(this.apiServerService.createServer, { prefix: '/api' });
fastify.register(this.openApiServerService.createServer);
fastify.register(this.mastodonApiServerService.createServer, { prefix: '/api' });
@ -186,18 +224,18 @@ export class ServerService implements OnApplicationShutdown {
reply.header('Cache-Control', 'public, max-age=86400');
if (user) {
reply.redirect(user.avatarUrl ?? this.userEntityService.getIdenticonUrl(user));
reply.redirect((user.avatarId == null ? null : user.avatarUrl) ?? this.userEntityService.getIdenticonUrl(user));
} else {
reply.redirect('/static-assets/user-unknown.png');
}
});
fastify.get<{ Params: { x: string } }>('/identicon/:x', async (request, reply) => {
reply.header('Content-Type', 'image/png');
fastify.get<{ Params: { x: string } }>('/identicon/:x', (request, reply) => {
reply.header('Content-Type', 'image/png');
reply.header('Cache-Control', 'public, max-age=86400');
if (this.meta.enableIdenticonGeneration) {
return await genIdenticon(request.params.x);
return genIdenticon(request.params.x);
} else {
return reply.redirect('/static-assets/avatar.png');
}
@ -240,7 +278,7 @@ export class ServerService implements OnApplicationShutdown {
this.logger.error(`Port ${this.config.port} is already in use by another process.`);
break;
default:
this.logger.error(err);
this.logger.error(`Unhandled error in server: ${renderInlineError(err)}`);
break;
}
@ -256,13 +294,14 @@ export class ServerService implements OnApplicationShutdown {
if (fs.existsSync(this.config.socket)) {
fs.unlinkSync(this.config.socket);
}
fastify.listen({ path: this.config.socket }, (err, address) => {
if (this.config.chmodSocket) {
fs.chmodSync(this.config.socket!, this.config.chmodSocket);
}
});
await fastify.listen({ path: this.config.socket });
if (this.config.chmodSocket) {
fs.chmodSync(this.config.socket!, this.config.chmodSocket);
}
} else {
fastify.listen({ port: this.config.port, host: this.config.address });
await fastify.listen({ port: this.config.port, host: this.config.address });
}
await fastify.ready();
@ -270,8 +309,20 @@ export class ServerService implements OnApplicationShutdown {
@bindThis
public async dispose(): Promise<void> {
this.logger.info('Disconnecting WebSocket clients...');
await this.streamingApiServerService.detach();
this.logger.info('Disconnecting HTTP clients....;');
await this.#fastify.close();
this.logger.info('Server disposed.');
}
/**
* Get the Fastify instance for testing.
*/
public get fastify(): FastifyInstance {
return this.#fastify;
}
@bindThis

162
packages/backend/src/server/ServerUtilityService.ts Normal file
View file

@ -0,0 +1,162 @@
/*
* SPDX-FileCopyrightText: hazelnoot and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
import querystring from 'querystring';
import multipart from '@fastify/multipart';
import { Inject, Injectable } from '@nestjs/common';
import { FastifyInstance } from 'fastify';
import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js';
import { saveToTempFile } from '@/misc/create-temp.js';
@Injectable()
export class ServerUtilityService {
constructor(
@Inject(DI.config)
private readonly config: Config,
) {}
public addMultipartFormDataContentType(fastify: FastifyInstance): void {
fastify.register(multipart, {
limits: {
fileSize: this.config.maxFileSize,
files: 1,
},
});
// Default behavior saves files to memory - we don't want that!
// Store to temporary file instead, and copy the body fields while we're at it.
fastify.addHook<{ Body?: Record<string, string | string[] | undefined> }>('preValidation', async request => {
if (request.isMultipart()) {
// We can't use saveRequestFiles() because it erases all the data fields.
// Instead, recreate it manually.
// https://github.com/fastify/fastify-multipart/issues/549
for await (const part of request.parts()) {
if (part.type === 'field') {
const k = part.fieldname;
const v = part.value;
const body = request.body ??= {};
// Value can be string, buffer, or undefined.
// We only support the first one.
if (typeof(v) !== 'string') continue;
// This is just progressive conversion from undefined -> string -> string[]
if (!body[k]) {
body[k] = v;
} else if (Array.isArray(body[k])) {
body[k].push(v);
} else {
body[k] = [body[k], v];
}
} else { // Otherwise it's a file
try {
const [filepath] = await saveToTempFile(part.file);
const tmpUploads = (request.tmpUploads ??= []);
tmpUploads.push(filepath);
const requestSavedFiles = (request.savedRequestFiles ??= []);
requestSavedFiles.push({
...part,
filepath,
});
} catch (e) {
// Cleanup to avoid file leak in case of errors
await request.cleanRequestFiles();
request.tmpUploads = null;
request.savedRequestFiles = null;
throw e;
}
}
}
}
});
}
public addFormUrlEncodedContentType(fastify: FastifyInstance) {
fastify.addContentTypeParser('application/x-www-form-urlencoded', (_, payload, done) => {
let body = '';
payload.on('data', (data) => {
body += data;
});
payload.on('end', () => {
try {
const parsed = querystring.parse(body);
done(null, parsed);
} catch (e) {
done(e as Error);
}
});
payload.on('error', done);
});
}
public addCORS(fastify: FastifyInstance) {
fastify.addHook('preHandler', (_, reply, done) => {
// Allow web-based clients to connect from other origins.
reply.header('Access-Control-Allow-Origin', '*');
// Mastodon uses all types of request methods.
reply.header('Access-Control-Allow-Methods', '*');
// Allow web-based clients to access Link header - required for mastodon pagination.
// https://stackoverflow.com/a/54928828
// https://docs.joinmastodon.org/api/guidelines/#pagination
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Expose-Headers
reply.header('Access-Control-Expose-Headers', 'Link');
// Cache to avoid extra pre-flight requests
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Max-Age
reply.header('Access-Control-Max-Age', 60 * 60 * 24); // 1 day in seconds
done();
});
}
public addFlattenedQueryType(fastify: FastifyInstance) {
// Remove trailing "[]" from query params
fastify.addHook<{ Querystring?: Record<string, string | string[] | undefined> }>('preValidation', (request, _reply, done) => {
if (!request.query || typeof(request.query) !== 'object') {
return done();
}
for (const key of Object.keys(request.query)) {
if (!key.endsWith('[]')) {
continue;
}
if (request.query[key] == null) {
continue;
}
const newKey = key.substring(0, key.length - 2);
const newValue = request.query[key];
const oldValue = request.query[newKey];
// Move the value to the correct key
if (oldValue != null) {
if (Array.isArray(oldValue)) {
// Works for both array and single values
request.query[newKey] = oldValue.concat(newValue);
} else if (Array.isArray(newValue)) {
// Preserve order
request.query[newKey] = [oldValue, ...newValue];
} else {
// Preserve order
request.query[newKey] = [oldValue, newValue];
}
} else {
request.query[newKey] = newValue;
}
// Remove the invalid key
delete request.query[key];
}
return done();
});
}
}

15
packages/backend/src/server/SkRateLimiterService.md
View file

@ -34,13 +34,18 @@ Header meanings and usage have been devised by adapting common patterns to work
## Performance
SkRateLimiterService makes between 1 and 4 redis transactions per rate limit check.
SkRateLimiterService makes between 0 and 4 redis transactions per rate limit check.
The first call is read-only, while the others perform at least one write operation.
No calls are made if a client has already been blocked at least once, as the block status is stored in a short-term memory cache.
Two integer keys are stored per client/subject, and both expire together after the maximum duration of the limit.
While performance has not been formally tested, it's expected that SkRateLimiterService has an impact roughly on par with the legacy RateLimiterService.
Redis memory usage should be notably lower due to the reduced number of keys and avoidance of set / array constructions.
If redis load does become a concern, then a dedicated node can be assigned via the `redisForRateLimit` config setting.
To prevent Redis DoS, SkRateLimiterService internally tracks the number of concurrent requests for each unique client/endpoint combination.
If the number of requests exceeds the limit's maximum value, then any further requests are automatically rejected.
The lockout will automatically end when the number of active requests drops to within the limit value.
## Concurrency and Multi-Node Correctness
To provide consistency across multi-node environments, leaky bucket is implemented with only atomic operations (`Increment`, `Decrement`, `Add`, and `Subtract`).
@ -54,6 +59,12 @@ Any possible conflict would have to occur within a few-milliseconds window, whic
This error does not compound, as all further operations are relative (Increment and Add).
Thus, it's considered an acceptable tradeoff given the limitations imposed by Redis and ioredis.
In-process memory caches are used sparingly to avoid consistency problems.
Besides the role factor cache, there is one "important" cache which directly impacts limit calculations: the lockout cache.
This cache stores response data for blocked limits, preventing repeated calls to redis if a client ignores the 429 errors and continues making requests.
Consistency is guaranteed by only caching blocked limits (allowances are not cached), and by limiting cached data to the duration of the block.
This ensures that stale limit info is never used.
## Algorithm Pseudocode
The Atomic Leaky Bucket algorithm is described here, in pseudocode:
@ -70,7 +81,7 @@ The Atomic Leaky Bucket algorithm is described here, in pseudocode:
# * Delta Timestamp - Difference between current and expected timestamp value
# 0 - Calculations
dripRate = ceil(limit.dripRate ?? 1000);
dripRate = ceil((limit.dripRate ?? 1000) * factor);
dripSize = ceil(limit.dripSize ?? 1);
bucketSize = max(ceil(limit.size / factor), 1);
maxExpiration = max(ceil((dripRate * ceil(bucketSize / dripSize)) / 1000), 1);;

179
packages/backend/src/server/SkRateLimiterService.ts
View file

@ -17,10 +17,23 @@ import type { RoleService } from '@/core/RoleService.js';
// Required because MemoryKVCache doesn't support null keys.
const defaultUserKey = '';
interface ParsedLimit {
key: string;
now: number;
bucketSize: number;
dripRate: number;
dripSize: number;
fullResetMs: number;
fullResetSec: number;
}
@Injectable()
export class SkRateLimiterService {
// 1-minute cache interval
private readonly factorCache = new MemoryKVCache<number>(1000 * 60);
// 10-second cache interval
private readonly lockoutCache = new MemoryKVCache<number>(1000 * 10);
private readonly requestCounts = new Map<string, number>();
private readonly disabled: boolean;
constructor(
@ -58,6 +71,8 @@ export class SkRateLimiterService {
}
const actor = typeof(actorOrUser) === 'object' ? actorOrUser.id : actorOrUser;
const actorKey = `@${actor}#${limit.key}`;
const userCacheKey = typeof(actorOrUser) === 'object' ? actorOrUser.id : defaultUserKey;
const userRoleKey = typeof(actorOrUser) === 'object' ? actorOrUser.id : null;
const factor = this.factorCache.get(userCacheKey) ?? await this.factorCache.fetch(userCacheKey, async () => {
@ -73,25 +88,81 @@ export class SkRateLimiterService {
throw new Error(`Rate limit factor is zero or negative: ${factor}`);
}
if (isLegacyRateLimit(limit)) {
return await this.limitLegacy(limit, actor, factor);
} else {
return await this.limitBucket(limit, actor, factor);
}
}
private async limitLegacy(limit: Keyed<LegacyRateLimit>, actor: string, factor: number): Promise<LimitInfo> {
if (hasMaxLimit(limit)) {
return await this.limitLegacyMinMax(limit, actor, factor);
} else if (hasMinLimit(limit)) {
return await this.limitLegacyMinOnly(limit, actor, factor);
} else {
const parsedLimit = this.parseLimit(limit, factor);
if (parsedLimit == null) {
return disabledLimitInfo;
}
// Fast-path to avoid extra redis calls for blocked clients
const lockout = this.getLockout(actorKey, parsedLimit);
if (lockout) {
return lockout;
}
// Fast-path to avoid queuing requests that are guaranteed to fail
const overflow = this.incrementOverflow(actorKey, parsedLimit);
if (overflow) {
return overflow;
}
try {
const info = await this.limitBucket(parsedLimit, actor);
// Store blocked status to avoid hammering redis
if (info.blocked) {
this.lockoutCache.set(actorKey, info.resetMs);
}
return info;
} finally {
this.decrementOverflow(actorKey);
}
}
private async limitLegacyMinMax(limit: Keyed<MaxLegacyLimit>, actor: string, factor: number): Promise<LimitInfo> {
if (limit.duration === 0) return disabledLimitInfo;
private getLockout(lockoutKey: string, limit: ParsedLimit): LimitInfo | null {
const lockoutReset = this.lockoutCache.get(lockoutKey);
if (!lockoutReset) {
// Not blocked, proceed with redis check
return null;
}
if (limit.now >= lockoutReset) {
// Block expired, clear and proceed with redis check
this.lockoutCache.delete(lockoutKey);
return null;
}
// Lockout is still active, pre-emptively reject the request
return {
blocked: true,
remaining: 0,
resetMs: limit.fullResetMs,
resetSec: limit.fullResetSec,
fullResetMs: limit.fullResetMs,
fullResetSec: limit.fullResetSec,
};
}
private parseLimit(limit: Keyed<RateLimit>, factor: number): ParsedLimit | null {
if (isLegacyRateLimit(limit)) {
return this.parseLegacyLimit(limit, factor);
} else {
return this.parseBucketLimit(limit, factor);
}
}
private parseLegacyLimit(limit: Keyed<LegacyRateLimit>, factor: number): ParsedLimit | null {
if (hasMaxLimit(limit)) {
return this.parseLegacyMinMax(limit, factor);
} else if (hasMinLimit(limit)) {
return this.parseLegacyMinOnly(limit, factor);
} else {
return null;
}
}
private parseLegacyMinMax(limit: Keyed<MaxLegacyLimit>, factor: number): ParsedLimit | null {
if (limit.duration === 0) return null;
if (limit.duration < 0) throw new Error(`Invalid rate limit ${limit.key}: duration is negative (${limit.duration})`);
if (limit.max < 1) throw new Error(`Invalid rate limit ${limit.key}: max is less than 1 (${limit.max})`);
@ -104,35 +175,30 @@ export class SkRateLimiterService {
// Calculate final dripRate from dripSize and duration/max
const dripRate = Math.max(Math.round(limit.duration / (limit.max / dripSize)), 1);
const bucketLimit: Keyed<BucketRateLimit> = {
return this.parseBucketLimit({
type: 'bucket',
key: limit.key,
size: limit.max,
dripRate,
dripSize,
};
return await this.limitBucket(bucketLimit, actor, factor);
}, factor);
}
private async limitLegacyMinOnly(limit: Keyed<MinLegacyLimit>, actor: string, factor: number): Promise<LimitInfo> {
if (limit.minInterval === 0) return disabledLimitInfo;
private parseLegacyMinOnly(limit: Keyed<MinLegacyLimit>, factor: number): ParsedLimit | null {
if (limit.minInterval === 0) return null;
if (limit.minInterval < 0) throw new Error(`Invalid rate limit ${limit.key}: minInterval is negative (${limit.minInterval})`);
const dripRate = Math.max(Math.round(limit.minInterval), 1);
const bucketLimit: Keyed<BucketRateLimit> = {
return this.parseBucketLimit({
type: 'bucket',
key: limit.key,
size: 1,
dripRate,
dripSize: 1,
};
return await this.limitBucket(bucketLimit, actor, factor);
}, factor);
}
/**
* Implementation of Leaky Bucket rate limiting - see SkRateLimiterService.md for details.
*/
private async limitBucket(limit: Keyed<BucketRateLimit>, actor: string, factor: number): Promise<LimitInfo> {
private parseBucketLimit(limit: Keyed<BucketRateLimit>, factor: number): ParsedLimit {
if (limit.size < 1) throw new Error(`Invalid rate limit ${limit.key}: size is less than 1 (${limit.size})`);
if (limit.dripRate != null && limit.dripRate < 1) throw new Error(`Invalid rate limit ${limit.key}: dripRate is less than 1 (${limit.dripRate})`);
if (limit.dripSize != null && limit.dripSize < 1) throw new Error(`Invalid rate limit ${limit.key}: dripSize is less than 1 (${limit.dripSize})`);
@ -140,9 +206,29 @@ export class SkRateLimiterService {
// 0 - Calculate
const now = this.timeService.now;
const bucketSize = Math.max(Math.ceil(limit.size / factor), 1);
const dripRate = Math.ceil(limit.dripRate ?? 1000);
const dripRate = Math.ceil((limit.dripRate ?? 1000) * factor);
const dripSize = Math.ceil(limit.dripSize ?? 1);
const expirationSec = Math.max(Math.ceil((dripRate * Math.ceil(bucketSize / dripSize)) / 1000), 1);
const fullResetMs = dripRate * Math.ceil(bucketSize / dripSize);
const fullResetSec = Math.max(Math.ceil(fullResetMs / 1000), 1);
return {
key: limit.key,
now,
bucketSize,
dripRate,
dripSize,
fullResetMs,
fullResetSec,
};
}
/**
* Implementation of Leaky Bucket rate limiting - see SkRateLimiterService.md for details.
*/
private async limitBucket(limit: ParsedLimit, actor: string): Promise<LimitInfo> {
// 0 - Calculate (extracted to other function)
const { now, bucketSize, dripRate, dripSize } = limit;
const expirationSec = limit.fullResetSec;
// 1 - Read
const counterKey = createLimitKey(limit, actor, 'c');
@ -262,17 +348,48 @@ export class SkRateLimiterService {
return responses;
}
private incrementOverflow(actorKey: string, limit: ParsedLimit): LimitInfo | null {
const oldCount = this.requestCounts.get(actorKey) ?? 0;
if (oldCount >= limit.bucketSize) {
// Overflow, pre-emptively reject the request
return {
blocked: true,
remaining: 0,
resetMs: limit.fullResetMs,
resetSec: limit.fullResetSec,
fullResetMs: limit.fullResetMs,
fullResetSec: limit.fullResetSec,
};
}
// No overflow, increment and continue to redis
this.requestCounts.set(actorKey, oldCount + 1);
return null;
}
private decrementOverflow(actorKey: string): void {
const count = this.requestCounts.get(actorKey);
if (count) {
if (count > 1) {
this.requestCounts.set(actorKey, count - 1);
} else {
this.requestCounts.delete(actorKey);
}
}
}
}
// Not correct, but good enough for the basic commands we use.
type RedisResult = string | null;
type RedisCommand = [command: string, ...args: unknown[]];
function createLimitKey(limit: Keyed<RateLimit>, actor: string, value: string): string {
function createLimitKey(limit: ParsedLimit, actor: string, value: string): string {
return `rl_${actor}_${limit.key}_${value}`;
}
class ConflictError extends Error {}
export class ConflictError extends Error {}
interface LimitCounter {
timestamp: number;

27
packages/backend/src/server/WellKnownServerService.ts
View file

@ -8,7 +8,7 @@ import { IsNull } from 'typeorm';
import vary from 'vary';
import fastifyAccepts from '@fastify/accepts';
import { DI } from '@/di-symbols.js';
import type { UsersRepository } from '@/models/_.js';
import type { MiMeta, UsersRepository } from '@/models/_.js';
import type { Config } from '@/config.js';
import { escapeAttribute, escapeValue } from '@/misc/prelude/xml.js';
import type { MiUser } from '@/models/User.js';
@ -26,6 +26,9 @@ export class WellKnownServerService {
@Inject(DI.config)
private config: Config,
@Inject(DI.meta)
private meta: MiMeta,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@ -66,6 +69,11 @@ export class WellKnownServerService {
});
fastify.get('/.well-known/host-meta', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
reply.header('Content-Type', xrd);
return XRD({ element: 'Link', attributes: {
rel: 'lrdd',
@ -75,6 +83,11 @@ export class WellKnownServerService {
});
fastify.get('/.well-known/host-meta.json', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
reply.header('Content-Type', 'application/json');
return {
links: [{
@ -86,6 +99,11 @@ export class WellKnownServerService {
});
fastify.get('/.well-known/nodeinfo', async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
return { links: this.nodeinfoServerService.getLinks() };
});
@ -99,6 +117,11 @@ fastify.get('/.well-known/change-password', async (request, reply) => {
*/
fastify.get<{ Querystring: { resource: string } }>(webFingerPath, async (request, reply) => {
if (this.meta.federation === 'none') {
reply.code(403);
return;
}
const fromId = (id: MiUser['id']): FindOptionsWhere<MiUser> => ({
id,
host: IsNull(),
@ -115,7 +138,7 @@ fastify.get('/.well-known/change-password', async (request, reply) => {
const fromAcct = (acct: Acct.Acct): FindOptionsWhere<MiUser> | number =>
!acct.host || acct.host === this.config.host.toLowerCase() ? {
usernameLower: acct.username,
usernameLower: acct.username.toLowerCase(),
host: IsNull(),
isSuspended: false,
} : 422;

49
packages/backend/src/server/api/ApiCallService.ts
View file

@ -20,12 +20,14 @@ import { RoleService } from '@/core/RoleService.js';
import type { Config } from '@/config.js';
import { sendRateLimitHeaders } from '@/misc/rate-limit-utils.js';
import { SkRateLimiterService } from '@/server/SkRateLimiterService.js';
import { renderInlineError } from '@/misc/render-inline-error.js';
import { ApiError } from './error.js';
import { ApiLoggerService } from './ApiLoggerService.js';
import { AuthenticateService, AuthenticationError } from './AuthenticateService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
import type { OnApplicationShutdown } from '@nestjs/common';
import type { IEndpointMeta, IEndpoint } from './endpoints.js';
import { renderFullError } from '@/misc/render-full-error.js';
const accessDenied = {
message: 'Access denied.',
@ -100,26 +102,26 @@ export class ApiCallService implements OnApplicationShutdown {
throw err;
} else {
const errId = randomUUID();
this.logger.error(`Internal error occurred in ${ep.name}: ${err.message}`, {
ep: ep.name,
ps: data,
e: {
message: err.message,
code: err.name,
stack: err.stack,
id: errId,
},
const fullError = renderFullError(err);
const message = typeof(fullError) === 'string'
? `Internal error id=${errId} occurred in ${ep.name}: ${fullError}`
: `Internal error id=${errId} occurred in ${ep.name}:`;
const data = typeof(fullError) === 'object'
? { e: fullError }
: {};
this.logger.error(message, {
user: userId ?? '<unauthenticated>',
...data,
});
if (this.config.sentryForBackend) {
Sentry.captureMessage(`Internal error occurred in ${ep.name}: ${err.message}`, {
Sentry.captureMessage(`Internal error occurred in ${ep.name}: ${renderInlineError(err)}`, {
level: 'error',
user: {
id: userId,
},
extra: {
ep: ep.name,
ps: data,
e: {
message: err.message,
code: err.name,
@ -146,6 +148,10 @@ export class ApiCallService implements OnApplicationShutdown {
request: FastifyRequest<{ Body: Record<string, unknown> | undefined, Querystring: Record<string, unknown> }>,
reply: FastifyReply,
): void {
// Tell crawlers not to index API endpoints.
// https://developers.google.com/search/docs/crawling-indexing/block-indexing
reply.header('X-Robots-Tag', 'noindex');
const body = request.method === 'GET'
? request.query
: request.body;
@ -213,6 +219,7 @@ export class ApiCallService implements OnApplicationShutdown {
? request.headers.authorization.slice(7)
: fields['i'];
if (token != null && typeof token !== 'string') {
cleanup();
reply.code(400);
return;
}
@ -223,6 +230,7 @@ export class ApiCallService implements OnApplicationShutdown {
}, request, reply).then((res) => {
this.send(reply, res);
}).catch((err: ApiError) => {
cleanup();
this.#sendApiError(reply, err);
});
@ -230,6 +238,7 @@ export class ApiCallService implements OnApplicationShutdown {
this.logIp(request, user);
}
}).catch(err => {
cleanup();
this.#sendAuthenticationError(reply, err);
});
}
@ -341,14 +350,14 @@ export class ApiCallService implements OnApplicationShutdown {
}
if (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin) {
if (user == null) {
if (user == null && ep.meta.requireCredential !== 'optional') {
throw new ApiError({
message: 'Credential required.',
code: 'CREDENTIAL_REQUIRED',
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
httpStatusCode: 401,
});
} else if (user!.isSuspended) {
} else if (user?.isSuspended) {
throw new ApiError({
message: 'Your account has been suspended.',
code: 'YOUR_ACCOUNT_SUSPENDED',
@ -369,8 +378,8 @@ export class ApiCallService implements OnApplicationShutdown {
}
}
if ((ep.meta.requireModerator || ep.meta.requireAdmin) && !user!.isRoot) {
const myRoles = await this.roleService.getUserRoles(user!.id);
if ((ep.meta.requireModerator || ep.meta.requireAdmin) && (this.meta.rootUserId !== user?.id)) {
const myRoles = user ? await this.roleService.getUserRoles(user) : [];
if (ep.meta.requireModerator && !myRoles.some(r => r.isModerator || r.isAdministrator)) {
throw new ApiError({
message: 'You are not assigned to a moderator role.',
@ -389,10 +398,10 @@ export class ApiCallService implements OnApplicationShutdown {
}
}
if (ep.meta.requireRolePolicy != null && !user!.isRoot) {
const myRoles = await this.roleService.getUserRoles(user!.id);
const policies = await this.roleService.getUserPolicies(user!.id);
if (!policies[ep.meta.requireRolePolicy] && !myRoles.some(r => r.isAdministrator)) {
if (ep.meta.requiredRolePolicy != null && (this.meta.rootUserId !== user?.id)) {
const myRoles = user ? await this.roleService.getUserRoles(user) : [];
const policies = await this.roleService.getUserPolicies(user ?? null);
if (!policies[ep.meta.requiredRolePolicy] && !myRoles.some(r => r.isAdministrator)) {
throw new ApiError({
message: 'You are not assigned to a required role.',
code: 'ROLE_PERMISSION_DENIED',
@ -415,7 +424,7 @@ export class ApiCallService implements OnApplicationShutdown {
// Cast non JSON input
if ((ep.meta.requireFile || request.method === 'GET') && ep.params.properties) {
for (const k of Object.keys(ep.params.properties)) {
const param = ep.params.properties![k];
const param = ep.params.properties[k];
if (['boolean', 'number', 'integer'].includes(param.type ?? '') && typeof data[k] === 'string') {
try {
data[k] = JSON.parse(data[k]);

3
packages/backend/src/server/api/ApiServerService.ts
View file

@ -6,7 +6,6 @@
import { Inject, Injectable } from '@nestjs/common';
import cors from '@fastify/cors';
import multipart from '@fastify/multipart';
import fastifyCookie from '@fastify/cookie';
import { ModuleRef } from '@nestjs/core';
import { AuthenticationResponseJSON } from '@simplewebauthn/types';
import type { Config } from '@/config.js';
@ -57,8 +56,6 @@ export class ApiServerService {
},
});
fastify.register(fastifyCookie, {});
// Prevent cache
fastify.addHook('onRequest', (request, reply, done) => {
reply.header('Cache-Control', 'private, max-age=0, must-revalidate');

6
packages/backend/src/server/api/AuthenticateService.ts
View file

@ -11,7 +11,7 @@ import type { MiAccessToken } from '@/models/AccessToken.js';
import { MemoryKVCache } from '@/misc/cache.js';
import type { MiApp } from '@/models/App.js';
import { CacheService } from '@/core/CacheService.js';
import isNativeToken from '@/misc/is-native-token.js';
import { isNativeUserToken } from '@/misc/token.js';
import { bindThis } from '@/decorators.js';
export class AuthenticationError extends Error {
@ -46,7 +46,7 @@ export class AuthenticateService implements OnApplicationShutdown {
return [null, null];
}
if (isNativeToken(token)) {
if (isNativeUserToken(token)) {
const user = await this.cacheService.localUserByNativeTokenCache.fetch(token,
() => this.usersRepository.findOneBy({ token }) as Promise<MiLocalUser | null>);
@ -84,6 +84,8 @@ export class AuthenticateService implements OnApplicationShutdown {
return [user, {
id: accessToken.id,
permission: app.permission,
appId: app.id,
app,
} as MiAccessToken];
} else {
return [user, accessToken];

8
packages/backend/src/server/api/GetterService.ts
View file

@ -36,7 +36,7 @@ export class GetterService {
const note = await this.notesRepository.findOneBy({ id: noteId });
if (note == null) {
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', `Note ${noteId} does not exist`);
}
return note;
@ -47,7 +47,7 @@ export class GetterService {
const note = await this.notesRepository.findOne({ where: { id: noteId }, relations: ['user'] });
if (note == null) {
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', `Note ${noteId} does not exist`);
}
return note;
@ -59,7 +59,7 @@ export class GetterService {
@bindThis
public async getEdits(noteId: MiNote['id']) {
const edits = await this.noteEditRepository.findBy({ noteId: noteId }).catch(() => {
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', `Note ${noteId} does not exist`);
});
return edits;
@ -73,7 +73,7 @@ export class GetterService {
const user = await this.usersRepository.findOneBy({ id: userId });
if (user == null) {
throw new IdentifiableError('15348ddd-432d-49c2-8a5a-8069753becff', 'No such user.');
throw new IdentifiableError('15348ddd-432d-49c2-8a5a-8069753becff', `User ${userId} does not exist`);
}
return user as MiLocalUser | MiRemoteUser;

107
packages/backend/src/server/api/RateLimiterService.ts
View file

@ -1,107 +0,0 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import Limiter from 'ratelimiter';
import * as Redis from 'ioredis';
import { DI } from '@/di-symbols.js';
import type Logger from '@/logger.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import { LegacyRateLimit } from '@/misc/rate-limit-utils.js';
import type { IEndpointMeta } from './endpoints.js';
/** @deprecated Use SkRateLimiterService instead */
@Injectable()
export class RateLimiterService {
private logger: Logger;
private disabled = false;
constructor(
@Inject(DI.redis)
private redisClient: Redis.Redis,
private loggerService: LoggerService,
) {
this.logger = this.loggerService.getLogger('limiter');
if (process.env.NODE_ENV !== 'production') {
this.disabled = true;
}
}
@bindThis
public limit(limitation: LegacyRateLimit & { key: NonNullable<string> }, actor: string, factor = 1) {
return new Promise<void>((ok, reject) => {
if (this.disabled) ok();
// Short-term limit
const minP = (): void => {
const minIntervalLimiter = new Limiter({
id: `${actor}:${limitation.key}:min`,
duration: limitation.minInterval! * factor,
max: 1,
db: this.redisClient,
});
minIntervalLimiter.get((err, info) => {
if (err) {
return reject({ code: 'ERR', info });
}
this.logger.debug(`${actor} ${limitation.key} min remaining: ${info.remaining}`);
if (info.remaining === 0) {
return reject({ code: 'BRIEF_REQUEST_INTERVAL', info });
} else {
if (hasLongTermLimit) {
return maxP();
} else {
return ok();
}
}
});
};
// Long term limit
const maxP = (): void => {
const limiter = new Limiter({
id: `${actor}:${limitation.key}`,
duration: limitation.duration! * factor,
max: limitation.max! / factor,
db: this.redisClient,
});
limiter.get((err, info) => {
if (err) {
return reject({ code: 'ERR', info });
}
this.logger.debug(`${actor} ${limitation.key} max remaining: ${info.remaining}`);
if (info.remaining === 0) {
return reject({ code: 'RATE_LIMIT_EXCEEDED', info });
} else {
return ok();
}
});
};
const hasShortTermLimit = typeof limitation.minInterval === 'number';
const hasLongTermLimit =
typeof limitation.duration === 'number' &&
typeof limitation.max === 'number';
if (hasShortTermLimit) {
minP();
} else if (hasLongTermLimit) {
maxP();
} else {
ok();
}
});
}
}

21
packages/backend/src/server/api/SigninApiService.ts
View file

@ -35,7 +35,8 @@ import type { FastifyReply, FastifyRequest } from 'fastify';
// Up to 10 attempts, then 1 per minute
const signinRateLimit: Keyed<RateLimit> = {
key: 'signin',
max: 10,
type: 'bucket',
size: 10,
dripRate: 1000 * 60,
};
@ -146,7 +147,7 @@ export class SigninApiService {
if (isSystemAccount(user)) {
return error(403, {
id: 's8dhsj9s-a93j-493j-ja9k-kas9sj20aml2',
id: 'ba4ba3bc-ef1e-4c74-ad88-1d2b7d69a100',
});
}
@ -204,37 +205,37 @@ export class SigninApiService {
if (process.env.NODE_ENV !== 'test') {
if (this.meta.enableHcaptcha && this.meta.hcaptchaSecretKey) {
await this.captchaService.verifyHcaptcha(this.meta.hcaptchaSecretKey, body['hcaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableMcaptcha && this.meta.mcaptchaSecretKey && this.meta.mcaptchaSitekey && this.meta.mcaptchaInstanceUrl) {
await this.captchaService.verifyMcaptcha(this.meta.mcaptchaSecretKey, this.meta.mcaptchaSitekey, this.meta.mcaptchaInstanceUrl, body['m-captcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableFC && this.meta.fcSecretKey) {
await this.captchaService.verifyFriendlyCaptcha(this.meta.fcSecretKey, body['frc-captcha-solution']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableRecaptcha && this.meta.recaptchaSecretKey) {
await this.captchaService.verifyRecaptcha(this.meta.recaptchaSecretKey, body['g-recaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableTurnstile && this.meta.turnstileSecretKey) {
await this.captchaService.verifyTurnstile(this.meta.turnstileSecretKey, body['turnstile-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableTestcaptcha) {
await this.captchaService.verifyTestcaptcha(body['testcaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
}
@ -243,7 +244,7 @@ export class SigninApiService {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
password: newHash,
});
}
if (!this.meta.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true });
@ -267,7 +268,7 @@ export class SigninApiService {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
password: newHash,
});
}
await this.userAuthService.twoFactorAuthenticate(profile, token);

2
packages/backend/src/server/api/SigninWithPasskeyApiService.ts
View file

@ -128,7 +128,7 @@ export class SigninWithPasskeyApiService {
try {
authorizedUserId = await this.webAuthnService.verifySignInWithPasskeyAuthentication(context, credential);
} catch (err) {
this.logger.warn(`Passkey challenge Verify error! : ${err}`);
this.logger.warn('Passkey challenge verify error:', err as Error);
const errorId = (err as IdentifiableError).id;
return error(403, {
id: errorId,

61
packages/backend/src/server/api/SignupApiService.ts
View file

@ -4,11 +4,10 @@
*/
import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository, MiRegistrationTicket, MiMeta } from '@/models/_.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository, MiRegistrationTicket, MiMeta, UserIpsRepository } from '@/models/_.js';
import type { Config } from '@/config.js';
import { CaptchaService } from '@/core/CaptchaService.js';
import { IdService } from '@/core/IdService.js';
@ -20,11 +19,14 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { bindThis } from '@/decorators.js';
import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
import { RoleService } from '@/core/RoleService.js';
import Logger from '@/logger.js';
import { LoggerService } from '@/core/LoggerService.js';
import { SigninService } from './SigninService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
@Injectable()
export class SignupApiService {
private logger: Logger;
constructor(
@Inject(DI.config)
private config: Config,
@ -47,6 +49,9 @@ export class SignupApiService {
@Inject(DI.registrationTicketsRepository)
private registrationTicketsRepository: RegistrationTicketsRepository,
@Inject(DI.userIpsRepository)
private userIpsRepository: UserIpsRepository,
private userEntityService: UserEntityService,
private idService: IdService,
private captchaService: CaptchaService,
@ -54,7 +59,9 @@ export class SignupApiService {
private signinService: SigninService,
private emailService: EmailService,
private roleService: RoleService,
private loggerService: LoggerService,
) {
this.logger = this.loggerService.getLogger('Signup');
}
@bindThis
@ -84,37 +91,37 @@ export class SignupApiService {
if (process.env.NODE_ENV !== 'test') {
if (this.meta.enableHcaptcha && this.meta.hcaptchaSecretKey) {
await this.captchaService.verifyHcaptcha(this.meta.hcaptchaSecretKey, body['hcaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableMcaptcha && this.meta.mcaptchaSecretKey && this.meta.mcaptchaSitekey && this.meta.mcaptchaInstanceUrl) {
await this.captchaService.verifyMcaptcha(this.meta.mcaptchaSecretKey, this.meta.mcaptchaSitekey, this.meta.mcaptchaInstanceUrl, body['m-captcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableRecaptcha && this.meta.recaptchaSecretKey) {
await this.captchaService.verifyRecaptcha(this.meta.recaptchaSecretKey, body['g-recaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableTurnstile && this.meta.turnstileSecretKey) {
await this.captchaService.verifyTurnstile(this.meta.turnstileSecretKey, body['turnstile-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableFC && this.meta.fcSecretKey) {
await this.captchaService.verifyFriendlyCaptcha(this.meta.fcSecretKey, body['frc-captcha-solution']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
if (this.meta.enableTestcaptcha) {
await this.captchaService.verifyTestcaptcha(body['testcaptcha-response']).catch(err => {
throw new FastifyReplyError(400, err);
throw new FastifyReplyError(400, String(err), err);
});
}
}
@ -148,7 +155,7 @@ export class SignupApiService {
let ticket: MiRegistrationTicket | null = null;
if (this.meta.disableRegistration) {
if (this.meta.disableRegistration && process.env.NODE_ENV !== 'test') {
if (invitationCode == null || typeof invitationCode !== 'string') {
reply.code(400);
return;
@ -205,7 +212,6 @@ export class SignupApiService {
const code = secureRndstr(16, { chars: L_CHARS });
// Generate hash of password
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(password);
const pendingUser = await this.userPendingsRepository.insertOne({
@ -215,6 +221,7 @@ export class SignupApiService {
username: username,
password: hash,
reason: reason,
requestOriginIp: this.meta.enableIpLogging ? request.ip : null,
});
const link = `${this.config.url}/signup-complete/${code}`;
@ -251,6 +258,10 @@ export class SignupApiService {
});
}
if (this.meta.enableIpLogging) {
this.logIp(request.ip, null, account.id);
}
const moderators = await this.roleService.getModerators();
for (const moderator of moderators) {
@ -284,12 +295,16 @@ export class SignupApiService {
});
}
if (this.meta.enableIpLogging) {
this.logIp(request.ip, null, account.id);
}
return {
...res,
token: secret,
};
} catch (err) {
throw new FastifyReplyError(400, typeof err === 'string' ? err : (err as Error).toString());
throw new FastifyReplyError(400, String(err), err);
}
}
}
@ -334,6 +349,15 @@ export class SignupApiService {
});
}
if (pendingUser.requestOriginIp) {
this.logIp(pendingUser.requestOriginIp, this.idService.parse(pendingUser.id).date, account.id);
}
// The sign-up request and the confirmation may've come from different addresses: log both
if (this.meta.enableIpLogging) {
this.logIp(request.ip, null, account.id);
}
if (this.meta.approvalRequiredForSignup) {
if (pendingUser.email) {
this.emailService.sendEmail(pendingUser.email, 'Approval pending',
@ -358,7 +382,20 @@ export class SignupApiService {
return this.signinService.signin(request, reply, account as MiLocalUser);
} catch (err) {
throw new FastifyReplyError(400, typeof err === 'string' ? err : (err as Error).toString());
throw new FastifyReplyError(400, String(err), err);
}
}
@bindThis
private logIp(ip: string, ipDate: Date | null, userId: MiLocalUser['id']) {
try {
this.userIpsRepository.createQueryBuilder().insert().values({
createdAt: ipDate ?? new Date(),
userId,
ip,
}).orIgnore(true).execute();
} catch (err) {
this.logger.error(err as Error);
}
}
}

179
packages/backend/src/server/api/StreamingApiServerService.ts
View file

@ -4,14 +4,15 @@
*/
import { EventEmitter } from 'events';
import { Inject, Injectable } from '@nestjs/common';
import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import * as Redis from 'ioredis';
import * as WebSocket from 'ws';
import proxyAddr from 'proxy-addr';
import ms from 'ms';
import { DI } from '@/di-symbols.js';
import type { UsersRepository, MiAccessToken } from '@/models/_.js';
import { NoteReadService } from '@/core/NoteReadService.js';
import type { UsersRepository, MiAccessToken, MiUser, NoteReactionsRepository, NotesRepository, NoteFavoritesRepository } from '@/models/_.js';
import type { Config } from '@/config.js';
import type { Keyed, RateLimit } from '@/misc/rate-limit-utils.js';
import { renderInlineError } from '@/misc/render-inline-error.js';
import { NotificationService } from '@/core/NotificationService.js';
import { bindThis } from '@/decorators.js';
import { CacheService } from '@/core/CacheService.js';
@ -20,18 +21,26 @@ import { UserService } from '@/core/UserService.js';
import { ChannelFollowingService } from '@/core/ChannelFollowingService.js';
import { getIpHash } from '@/misc/get-ip-hash.js';
import { LoggerService } from '@/core/LoggerService.js';
import type Logger from '@/logger.js';
import { SkRateLimiterService } from '@/server/SkRateLimiterService.js';
import { QueryService } from '@/core/QueryService.js';
import { AuthenticateService, AuthenticationError } from './AuthenticateService.js';
import MainStreamConnection from './stream/Connection.js';
import { ChannelsService } from './stream/ChannelsService.js';
import type * as http from 'node:http';
import type { IEndpointMeta } from './endpoints.js';
// Maximum number of simultaneous connections by client (user ID or IP address).
// Excess connections will be closed automatically.
const MAX_CONNECTIONS_PER_CLIENT = 32;
@Injectable()
export class StreamingApiServerService {
export class StreamingApiServerService implements OnApplicationShutdown {
#wss: WebSocket.WebSocketServer;
#connections = new Map<WebSocket.WebSocket, number>();
#connectionsByClient = new Map<string, Set<WebSocket.WebSocket>>(); // key: IP / user ID -> value: connection
#cleanConnectionsIntervalId: NodeJS.Timeout | null = null;
readonly #globalEv = new EventEmitter();
#logger: Logger;
constructor(
@Inject(DI.redisForSub)
@ -40,8 +49,17 @@ export class StreamingApiServerService {
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.noteReactionsRepository)
private readonly noteReactionsRepository: NoteReactionsRepository,
@Inject(DI.notesRepository)
private readonly notesRepository: NotesRepository,
@Inject(DI.noteFavoritesRepository)
private readonly noteFavoritesRepository: NoteFavoritesRepository,
private readonly queryService: QueryService,
private cacheService: CacheService,
private noteReadService: NoteReadService,
private authenticateService: AuthenticateService,
private channelsService: ChannelsService,
private notificationService: NotificationService,
@ -49,31 +67,42 @@ export class StreamingApiServerService {
private channelFollowingService: ChannelFollowingService,
private rateLimiterService: SkRateLimiterService,
private loggerService: LoggerService,
@Inject(DI.config)
private config: Config,
) {
this.redisForSub.on('message', this.onRedis);
this.#logger = loggerService.getLogger('streaming', 'coral');
}
@bindThis
onApplicationShutdown() {
this.redisForSub.off('message', this.onRedis);
this.#globalEv.removeAllListeners();
// Other shutdown logic is handled by detach(), which gets called by ServerServer's own shutdown handler.
}
@bindThis
private async rateLimitThis(
user: MiLocalUser | null | undefined,
requestIp: string,
limit: IEndpointMeta['limit'] & { key: NonNullable<string> },
limitActor: MiUser | string,
limit: Keyed<RateLimit>,
) : Promise<boolean> {
let limitActor: string | MiLocalUser;
if (user) {
limitActor = user;
} else {
limitActor = getIpHash(requestIp);
}
// Rate limit
const rateLimit = await this.rateLimiterService.limit(limit, limitActor);
return rateLimit.blocked;
}
@bindThis
private onRedis(_: string, data: string) {
const parsed = JSON.parse(data);
this.#globalEv.emit('message', parsed);
}
@bindThis
public attach(server: http.Server): void {
this.#wss = new WebSocket.WebSocketServer({
noServer: true,
perMessageDeflate: this.config.websocketCompression,
});
server.on('upgrade', async (request, socket, head) => {
@ -83,21 +112,6 @@ export class StreamingApiServerService {
return;
}
// ServerServices sets `trustProxy: true`, which inside
// fastify/request.js ends up calling `proxyAddr` in this way,
// so we do the same
const requestIp = proxyAddr(request, () => { return true; } );
if (await this.rateLimitThis(null, requestIp, {
key: 'wsconnect',
duration: ms('5min'),
max: 32,
})) {
socket.write('HTTP/1.1 429 Rate Limit Exceeded\r\n\r\n');
socket.destroy();
return;
}
const q = new URL(request.url, `http://${request.headers.host}`).searchParams;
let user: MiLocalUser | null = null;
@ -135,21 +149,59 @@ export class StreamingApiServerService {
return;
}
// ServerServices sets `trustProxy: true`, which inside fastify/request.js ends up calling `proxyAddr` in this way, so we do the same.
const requestIp = proxyAddr(request, () => true );
const limitActor = user?.id ?? getIpHash(requestIp);
if (await this.rateLimitThis(limitActor, {
// Up to 32 connections, then 1 every 10 seconds
type: 'bucket',
key: 'wsconnect',
size: 32,
dripRate: 10 * 1000,
})) {
socket.write('HTTP/1.1 429 Rate Limit Exceeded\r\n\r\n');
socket.destroy();
return;
}
// For performance and code simplicity, obtain and hold this reference for the lifetime of the connection.
// This should be safe because the map entry should only be deleted after *all* connections close.
let connectionsForClient = this.#connectionsByClient.get(limitActor);
if (!connectionsForClient) {
connectionsForClient = new Set();
this.#connectionsByClient.set(limitActor, connectionsForClient);
}
// Close excess connections
while (connectionsForClient.size >= MAX_CONNECTIONS_PER_CLIENT) {
// Set maintains insertion order, so first entry is the oldest.
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const oldestConnection = connectionsForClient.values().next().value!;
// Technically, the close() handler should remove this entry.
// But if that ever fails, then we could enter an infinite loop.
// We manually remove the connection here just in case.
oldestConnection.close(1008, 'Disconnected - too many simultaneous connections');
connectionsForClient.delete(oldestConnection);
}
const rateLimiter = () => {
// rather high limit, because when catching up at the top of a
// timeline, the frontend may render many many notes, each of
// which causes a message via `useNoteCapture` to ask for
// realtime updates of that note
return this.rateLimitThis(user, requestIp, {
// Rather high limit because when catching up at the top of a timeline, the frontend may render many many notes.
// Each of which causes a message via `useNoteCapture` to ask for realtime updates of that note.
return this.rateLimitThis(limitActor, {
type: 'bucket',
key: 'wsmessage',
duration: ms('2sec'),
max: 4096,
size: 4096, // Allow spikes of up to 4096
dripRate: 50, // Then once every 50ms (20/second rate)
});
};
const stream = new MainStreamConnection(
this.noteReactionsRepository,
this.notesRepository,
this.noteFavoritesRepository,
this.queryService,
this.channelsService,
this.noteReadService,
this.notificationService,
this.cacheService,
this.channelFollowingService,
@ -161,19 +213,30 @@ export class StreamingApiServerService {
await stream.init();
this.#wss.handleUpgrade(request, socket, head, (ws) => {
connectionsForClient.add(ws);
// Call before emit() in case it throws an error.
// We don't want to leave dangling references!
ws.once('close', () => {
connectionsForClient.delete(ws);
// Make sure we don't leak the Set objects!
if (connectionsForClient.size < 1) {
this.#connectionsByClient.delete(limitActor);
}
});
ws.once('error', (e) => {
this.#logger.error(`Unhandled error in Streaming Api: ${renderInlineError(e)}`);
ws.terminate();
});
this.#wss.emit('connection', ws, request, {
stream, user, app,
});
});
});
const globalEv = new EventEmitter();
this.redisForSub.on('message', (_: string, data: string) => {
const parsed = JSON.parse(data);
globalEv.emit('message', parsed);
});
this.#wss.on('connection', async (connection: WebSocket.WebSocket, request: http.IncomingMessage, ctx: {
stream: MainStreamConnection,
user: MiLocalUser | null;
@ -187,12 +250,13 @@ export class StreamingApiServerService {
ev.emit(data.channel, data.message);
}
globalEv.on('message', onRedisMessage);
this.#globalEv.on('message', onRedisMessage);
await stream.listen(ev, connection);
this.#connections.set(connection, Date.now());
// TODO use collapsed queue
const userUpdateIntervalId = user ? setInterval(() => {
this.usersService.updateLastActiveDate(user);
}, 1000 * 60 * 5) : null;
@ -203,7 +267,7 @@ export class StreamingApiServerService {
connection.once('close', () => {
ev.removeAllListeners();
stream.dispose();
globalEv.off('message', onRedisMessage);
this.#globalEv.off('message', onRedisMessage);
this.#connections.delete(connection);
if (userUpdateIntervalId) clearInterval(userUpdateIntervalId);
});
@ -228,13 +292,24 @@ export class StreamingApiServerService {
}
@bindThis
public detach(): Promise<void> {
public async detach(): Promise<void> {
if (this.#cleanConnectionsIntervalId) {
clearInterval(this.#cleanConnectionsIntervalId);
this.#cleanConnectionsIntervalId = null;
}
return new Promise((resolve) => {
this.#wss.close(() => resolve());
for (const connection of this.#connections.keys()) {
connection.close();
}
this.#connections.clear();
this.#connectionsByClient.clear();
await new Promise<void>((resolve, reject) => {
this.#wss.close(err => {
if (err) reject(err);
else resolve();
});
});
}
}

36
packages/backend/src/server/api/endpoint-list.ts
View file

@ -72,8 +72,14 @@ export * as 'admin/promo/create' from './endpoints/admin/promo/create.js';
export * as 'admin/queue/clear' from './endpoints/admin/queue/clear.js';
export * as 'admin/queue/deliver-delayed' from './endpoints/admin/queue/deliver-delayed.js';
export * as 'admin/queue/inbox-delayed' from './endpoints/admin/queue/inbox-delayed.js';
export * as 'admin/queue/promote' from './endpoints/admin/queue/promote.js';
export * as 'admin/queue/retry-job' from './endpoints/admin/queue/retry-job.js';
export * as 'admin/queue/remove-job' from './endpoints/admin/queue/remove-job.js';
export * as 'admin/queue/show-job' from './endpoints/admin/queue/show-job.js';
export * as 'admin/queue/promote-jobs' from './endpoints/admin/queue/promote-jobs.js';
export * as 'admin/queue/jobs' from './endpoints/admin/queue/jobs.js';
export * as 'admin/queue/stats' from './endpoints/admin/queue/stats.js';
export * as 'admin/queue/queues' from './endpoints/admin/queue/queues.js';
export * as 'admin/queue/queue-stats' from './endpoints/admin/queue/queue-stats.js';
export * as 'admin/reject-quotes' from './endpoints/admin/reject-quotes.js';
export * as 'admin/relays/add' from './endpoints/admin/relays/add.js';
export * as 'admin/relays/list' from './endpoints/admin/relays/list.js';
@ -82,6 +88,7 @@ export * as 'admin/reset-password' from './endpoints/admin/reset-password.js';
export * as 'admin/resolve-abuse-user-report' from './endpoints/admin/resolve-abuse-user-report.js';
export * as 'admin/roles/assign' from './endpoints/admin/roles/assign.js';
export * as 'admin/roles/create' from './endpoints/admin/roles/create.js';
export * as 'admin/roles/clone' from './endpoints/admin/roles/clone.js';
export * as 'admin/roles/delete' from './endpoints/admin/roles/delete.js';
export * as 'admin/roles/list' from './endpoints/admin/roles/list.js';
export * as 'admin/roles/show' from './endpoints/admin/roles/show.js';
@ -109,6 +116,7 @@ export * as 'admin/unsilence-user' from './endpoints/admin/unsilence-user.js';
export * as 'admin/unsuspend-user' from './endpoints/admin/unsuspend-user.js';
export * as 'admin/update-abuse-user-report' from './endpoints/admin/update-abuse-user-report.js';
export * as 'admin/update-meta' from './endpoints/admin/update-meta.js';
export * as 'admin/update-proxy-account' from './endpoints/admin/update-proxy-account.js';
export * as 'admin/update-user-note' from './endpoints/admin/update-user-note.js';
export * as 'announcements' from './endpoints/announcements.js';
export * as 'announcements/show' from './endpoints/announcements/show.js';
@ -121,6 +129,7 @@ export * as 'antennas/update' from './endpoints/antennas/update.js';
export * as 'ap/get' from './endpoints/ap/get.js';
export * as 'ap/show' from './endpoints/ap/show.js';
export * as 'app/create' from './endpoints/app/create.js';
export * as 'app/current' from './endpoints/app/current.js';
export * as 'app/show' from './endpoints/app/show.js';
export * as 'auth/accept' from './endpoints/auth/accept.js';
export * as 'auth/session/generate' from './endpoints/auth/session/generate.js';
@ -273,7 +282,6 @@ export * as 'i/notifications-grouped' from './endpoints/i/notifications-grouped.
export * as 'i/page-likes' from './endpoints/i/page-likes.js';
export * as 'i/pages' from './endpoints/i/pages.js';
export * as 'i/pin' from './endpoints/i/pin.js';
export * as 'i/read-all-unread-notes' from './endpoints/i/read-all-unread-notes.js';
export * as 'i/read-announcement' from './endpoints/i/read-announcement.js';
export * as 'i/regenerate-token' from './endpoints/i/regenerate-token.js';
export * as 'i/registry/get' from './endpoints/i/registry/get.js';
@ -418,4 +426,28 @@ export * as 'users/search' from './endpoints/users/search.js';
export * as 'users/search-by-username-and-host' from './endpoints/users/search-by-username-and-host.js';
export * as 'users/show' from './endpoints/users/show.js';
export * as 'users/update-memo' from './endpoints/users/update-memo.js';
export * as 'chat/messages/create-to-user' from './endpoints/chat/messages/create-to-user.js';
export * as 'chat/messages/create-to-room' from './endpoints/chat/messages/create-to-room.js';
export * as 'chat/messages/delete' from './endpoints/chat/messages/delete.js';
export * as 'chat/messages/show' from './endpoints/chat/messages/show.js';
export * as 'chat/messages/react' from './endpoints/chat/messages/react.js';
export * as 'chat/messages/unreact' from './endpoints/chat/messages/unreact.js';
export * as 'chat/messages/user-timeline' from './endpoints/chat/messages/user-timeline.js';
export * as 'chat/messages/room-timeline' from './endpoints/chat/messages/room-timeline.js';
export * as 'chat/messages/search' from './endpoints/chat/messages/search.js';
export * as 'chat/rooms/create' from './endpoints/chat/rooms/create.js';
export * as 'chat/rooms/delete' from './endpoints/chat/rooms/delete.js';
export * as 'chat/rooms/join' from './endpoints/chat/rooms/join.js';
export * as 'chat/rooms/leave' from './endpoints/chat/rooms/leave.js';
export * as 'chat/rooms/mute' from './endpoints/chat/rooms/mute.js';
export * as 'chat/rooms/show' from './endpoints/chat/rooms/show.js';
export * as 'chat/rooms/owned' from './endpoints/chat/rooms/owned.js';
export * as 'chat/rooms/joining' from './endpoints/chat/rooms/joining.js';
export * as 'chat/rooms/update' from './endpoints/chat/rooms/update.js';
export * as 'chat/rooms/members' from './endpoints/chat/rooms/members.js';
export * as 'chat/rooms/invitations/create' from './endpoints/chat/rooms/invitations/create.js';
export * as 'chat/rooms/invitations/ignore' from './endpoints/chat/rooms/invitations/ignore.js';
export * as 'chat/rooms/invitations/inbox' from './endpoints/chat/rooms/invitations/inbox.js';
export * as 'chat/rooms/invitations/outbox' from './endpoints/chat/rooms/invitations/outbox.js';
export * as 'chat/history' from './endpoints/chat/history.js';
export * as 'v2/admin/emoji/list' from './endpoints/v2/admin/emoji/list.js';

6
packages/backend/src/server/api/endpoints.ts
View file

@ -40,7 +40,7 @@ interface IEndpointMetaBase {
*/
readonly requireAdmin?: boolean;
readonly requireRolePolicy?: KeyOf<'RolePolicies'>;
readonly requiredRolePolicy?: KeyOf<'RolePolicies'>;
/**
*
@ -92,7 +92,7 @@ export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requir
}) | (Omit<IEndpointMetaBase, 'secure'> & {
secure: true,
}) | (Omit<IEndpointMetaBase, 'requireCredential' | 'kind'> & {
requireCredential: true,
requireCredential: true | 'optional',
kind: (typeof permissions)[number],
}) | (Omit<IEndpointMetaBase, 'requireModerator' | 'kind'> & {
requireModerator: true,
@ -100,7 +100,7 @@ export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requir
}) | (Omit<IEndpointMetaBase, 'requireAdmin' | 'kind'> & {
requireAdmin: true,
kind: (typeof permissions)[number],
})
});
export interface IEndpoint {
name: string;

17
packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts
View file

@ -69,6 +69,11 @@ export const meta = {
nullable: false, optional: false,
ref: 'UserDetailedNotMe',
},
targetInstance: {
type: 'object',
nullable: true, optional: false,
ref: 'FederationInstance',
},
assignee: {
type: 'object',
nullable: true, optional: false,
@ -115,7 +120,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private queryService: QueryService,
) {
super(meta, paramDef, async (ps, me) => {
const query = this.queryService.makePaginationQuery(this.abuseUserReportsRepository.createQueryBuilder('report'), ps.sinceId, ps.untilId);
const query = this.queryService.makePaginationQuery(this.abuseUserReportsRepository.createQueryBuilder('report'), ps.sinceId, ps.untilId)
.leftJoinAndSelect('report.targetUser', 'targetUser')
.leftJoinAndSelect('targetUser.userProfile', 'targetUserProfile')
.leftJoinAndSelect('report.targetUserInstance', 'targetUserInstance')
.leftJoinAndSelect('report.reporter', 'reporter')
.leftJoinAndSelect('reporter.userProfile', 'reporterProfile')
.leftJoinAndSelect('report.assignee', 'assignee')
.leftJoinAndSelect('assignee.userProfile', 'assigneeProfile')
;
switch (ps.state) {
case 'resolved': query.andWhere('report.resolved = TRUE'); break;
@ -134,7 +147,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const reports = await query.limit(ps.limit).getMany();
return await this.abuseUserReportEntityService.packMany(reports);
return await this.abuseUserReportEntityService.packMany(reports, me);
});
}
}

12
packages/backend/src/server/api/endpoints/admin/accounts/create.ts
View file

@ -5,10 +5,9 @@
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository } from '@/models/_.js';
import type { MiMeta, UsersRepository } from '@/models/_.js';
import { SignupService } from '@/core/SignupService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import { localUsernameSchema, passwordSchema } from '@/models/User.js';
import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js';
@ -90,20 +89,21 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@Inject(DI.config)
private config: Config,
@Inject(DI.meta)
private serverSettings: MiMeta,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
private roleService: RoleService,
private userEntityService: UserEntityService,
private signupService: SignupService,
private instanceActorService: InstanceActorService,
private readonly moderationLogService: ModerationLogService,
) {
super(meta, paramDef, async (ps, _me, token) => {
const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
const realUsers = await this.instanceActorService.realLocalUsersPresent();
if (!realUsers && me == null && token == null) {
if (this.serverSettings.rootUserId == null && me == null && token == null) {
// 初回セットアップの場合
if (this.config.setupPassword != null) {
// 初期パスワードが設定されている場合
@ -127,7 +127,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
// Anonymous access is only allowed for initial instance setup (this check may be redundant)
if (!me && realUsers) {
if (!me && this.serverSettings.rootUserId != null) {
throw new ApiError(meta.errors.noCredential);
}
}

4
packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
View file

@ -42,10 +42,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new Error('user not found');
}
if (user.isRoot) {
throw new Error('cannot delete a root account');
}
await this.deleteAccoountService.deleteAccount(user, me);
});
}

4
packages/backend/src/server/api/endpoints/admin/announcements/create.ts
View file

@ -59,8 +59,10 @@ export const paramDef = {
icon: { type: 'string', enum: ['info', 'warning', 'error', 'success'], default: 'info' },
display: { type: 'string', enum: ['normal', 'banner', 'dialog'], default: 'normal' },
forExistingUsers: { type: 'boolean', default: false },
forRoles: { type: 'array', default: [], items: { type: 'string', nullable: false, format: 'misskey:id' }, },
silence: { type: 'boolean', default: false },
needConfirmationToRead: { type: 'boolean', default: false },
confetti: { type: 'boolean', default: false },
userId: { type: 'string', format: 'misskey:id', nullable: true, default: null },
},
required: ['title', 'text', 'imageUrl'],
@ -81,8 +83,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
icon: ps.icon,
display: ps.display,
forExistingUsers: ps.forExistingUsers,
forRoles: ps.forRoles,
silence: ps.silence,
needConfirmationToRead: ps.needConfirmationToRead,
confetti: ps.confetti,
userId: ps.userId,
}, me);

11
packages/backend/src/server/api/endpoints/admin/announcements/list.ts
View file

@ -57,6 +57,15 @@ export const meta = {
type: 'number',
optional: false, nullable: false,
},
forRoles: {
type: 'array',
optional: false, nullable: false,
items: {
type: 'string',
optional: false, nullable: false,
format: 'misskey:id'
}
},
},
},
},
@ -122,8 +131,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
display: announcement.display,
isActive: announcement.isActive,
forExistingUsers: announcement.forExistingUsers,
forRoles: announcement.forRoles,
silence: announcement.silence,
needConfirmationToRead: announcement.needConfirmationToRead,
confetti: announcement.confetti,
userId: announcement.userId,
reads: reads.get(announcement)!,
}));

4
packages/backend/src/server/api/endpoints/admin/announcements/update.ts
View file

@ -36,8 +36,10 @@ export const paramDef = {
icon: { type: 'string', enum: ['info', 'warning', 'error', 'success'] },
display: { type: 'string', enum: ['normal', 'banner', 'dialog'] },
forExistingUsers: { type: 'boolean' },
forRoles: { type: 'array', default: [], items: { type: 'string', nullable: false, format: 'misskey:id' }, },
silence: { type: 'boolean' },
needConfirmationToRead: { type: 'boolean' },
confetti: { type: 'boolean' },
isActive: { type: 'boolean' },
},
required: ['id'],
@ -65,8 +67,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
display: ps.display,
icon: ps.icon,
forExistingUsers: ps.forExistingUsers,
forRoles: ps.forRoles,
silence: ps.silence,
needConfirmationToRead: ps.needConfirmationToRead,
confetti: ps.confetti,
isActive: ps.isActive,
}, me);
});

2
packages/backend/src/server/api/endpoints/admin/approve-user.ts
View file

@ -42,6 +42,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneBy({ userId: ps.userId });
if (user.approved) return;
await this.usersRepository.update(user.id, {
approved: true,
});

2
packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageAvatarDecorations',
requiredRolePolicy: 'canManageAvatarDecorations',
kind: 'write:admin:avatar-decorations',
res: {

2
packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts
View file

@ -13,7 +13,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageAvatarDecorations',
requiredRolePolicy: 'canManageAvatarDecorations',
kind: 'write:admin:avatar-decorations',
errors: {
},

2
packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts
View file

@ -13,7 +13,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageAvatarDecorations',
requiredRolePolicy: 'canManageAvatarDecorations',
kind: 'read:admin:avatar-decorations',
res: {

2
packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts
View file

@ -13,7 +13,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageAvatarDecorations',
requiredRolePolicy: 'canManageAvatarDecorations',
kind: 'write:admin:avatar-decorations',
errors: {

18
packages/backend/src/server/api/endpoints/admin/cw-user.ts
View file

@ -44,16 +44,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
// Skip if there's nothing to do
if (user.mandatoryCW === ps.cw) return;
// Log event first.
// This ensures that we don't "lose" the log if an error occurs
await this.moderationLogService.log(me, 'setMandatoryCW', {
newCW: ps.cw,
oldCW: user.mandatoryCW,
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
await this.usersRepository.update(ps.userId, {
// Collapse empty strings to null
// eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
@ -62,6 +52,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
// Synchronize caches and other processes
this.globalEventService.publishInternalEvent('localUserUpdated', { id: ps.userId });
await this.moderationLogService.log(me, 'setMandatoryCW', {
newCW: ps.cw,
oldCW: user.mandatoryCW,
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
});
}
}

2
packages/backend/src/server/api/endpoints/admin/decline-user.ts
View file

@ -61,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
'Your Account has been declined!');
}
await this.usedUsernamesRepository.delete({ username: user.username });
await this.usedUsernamesRepository.delete({ username: user.username.toLowerCase() });
await this.deleteAccountService.deleteAccount(user);

2
packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
View file

@ -50,7 +50,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
});
for (const file of files) {
this.driveService.deleteFile(file, false, me);
this.driveService.deleteFile(file);
}
});
}

10
packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts
View file

@ -18,7 +18,10 @@ export const meta = {
export const paramDef = {
type: 'object',
properties: {},
properties: {
olderThanSeconds: { type: 'number' },
keepFilesInUse: { type: 'boolean' },
},
required: [],
} as const;
@ -30,7 +33,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
) {
super(meta, paramDef, async (ps, me) => {
await this.moderationLogService.log(me, 'clearRemoteFiles', {});
await this.queueService.createCleanRemoteFilesJob();
await this.queueService.createCleanRemoteFilesJob(
ps.olderThanSeconds ?? 0,
ps.keepFilesInUse ?? false,
);
});
}
}

2
packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/add.ts
View file

@ -16,7 +16,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
errors: {

2
packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
View file

@ -17,7 +17,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
errors: {

2
packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
View file

@ -11,7 +11,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
View file

@ -11,7 +11,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
errors: {

4
packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts
View file

@ -13,7 +13,7 @@ import { DI } from '@/di-symbols.js';
export const meta = {
secure: true,
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
} as const;
export const paramDef = {
@ -33,7 +33,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private readonly driveFilesRepository: DriveFilesRepository,
) {
super(meta, paramDef, async (ps, me) => {
const file = await driveFilesRepository.findOneByOrFail({ id: ps.fileId });
const file = await this.driveFilesRepository.findOneByOrFail({ id: ps.fileId });
await this.moderationLogService.log(me, 'importCustomEmojis', {
fileName: file.name,
});

2
packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
View file

@ -16,7 +16,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'read:admin:emoji',
res: {

2
packages/backend/src/server/api/endpoints/admin/emoji/list.ts
View file

@ -16,7 +16,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'read:admin:emoji',
res: {

2
packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts
View file

@ -12,7 +12,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
} as const;

2
packages/backend/src/server/api/endpoints/admin/emoji/update.ts
View file

@ -14,7 +14,7 @@ export const meta = {
tags: ['admin'],
requireCredential: true,
requireRolePolicy: 'canManageCustomEmojis',
requiredRolePolicy: 'canManageCustomEmojis',
kind: 'write:admin:emoji',
errors: {

4
packages/backend/src/server/api/endpoints/admin/gen-vapid-keys.ts
View file

@ -26,7 +26,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
) {
super(meta, paramDef, async (ps, me) => {
const keys = await generateVAPIDKeys();
// TODO add moderation log
return { public: keys.publicKey, private: keys.privateKey };
});
}

67
packages/backend/src/server/api/endpoints/admin/meta.ts
View file

@ -9,6 +9,8 @@ import { MetaService } from '@/core/MetaService.js';
import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
import { DEFAULT_POLICIES } from '@/core/RoleService.js';
import { instanceUnsignedFetchOptions } from '@/const.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
export const meta = {
tags: ['meta'],
@ -264,7 +266,7 @@ export const meta = {
},
proxyAccountId: {
type: 'string',
optional: false, nullable: true,
optional: false, nullable: false,
format: 'id',
},
email: {
@ -443,6 +445,10 @@ export const meta = {
type: 'string',
optional: false, nullable: true,
},
translationTimeout: {
type: 'number',
optional: false, nullable: false,
},
deeplAuthKey: {
type: 'string',
optional: false, nullable: true,
@ -459,6 +465,14 @@ export const meta = {
type: 'string',
optional: false, nullable: true,
},
libreTranslateURL: {
type: 'string',
optional: false, nullable: true,
},
libreTranslateKey: {
type: 'string',
optional: false, nullable: true,
},
defaultDarkTheme: {
type: 'string',
optional: false, nullable: true,
@ -467,6 +481,10 @@ export const meta = {
type: 'string',
optional: false, nullable: true,
},
defaultLike: {
type: 'string',
optional: false, nullable: false,
},
description: {
type: 'string',
optional: false, nullable: true,
@ -571,6 +589,7 @@ export const meta = {
},
federation: {
type: 'string',
enum: ['all', 'specified', 'none'],
optional: false, nullable: false,
},
federationHosts: {
@ -581,6 +600,37 @@ export const meta = {
optional: false, nullable: false,
},
},
hasLegacyAuthFetchSetting: {
type: 'boolean',
optional: false, nullable: false,
},
allowUnsignedFetch: {
type: 'string',
enum: instanceUnsignedFetchOptions,
optional: false, nullable: false,
},
enableProxyAccount: {
type: 'boolean',
optional: false, nullable: false,
},
deliverSuspendedSoftware: {
type: 'array',
optional: false, nullable: false,
items: {
type: 'object',
optional: false, nullable: false,
properties: {
software: {
type: 'string',
optional: false, nullable: false,
},
versionRange: {
type: 'string',
optional: false, nullable: false,
},
},
},
},
},
},
} as const;
@ -599,10 +649,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private config: Config,
private metaService: MetaService,
private systemAccountService: SystemAccountService,
) {
super(meta, paramDef, async () => {
const instance = await this.metaService.fetch(true);
const proxy = await this.systemAccountService.fetch('proxy');
return {
maintainerName: instance.maintainerName,
maintainerEmail: instance.maintainerEmail,
@ -611,6 +664,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
shortName: instance.shortName,
uri: this.config.url,
description: instance.description,
about: instance.about,
langs: instance.langs,
tosUrl: instance.termsOfServiceUrl,
repositoryUrl: instance.repositoryUrl,
@ -652,7 +706,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
defaultLike: instance.defaultLike,
enableEmail: instance.enableEmail,
enableServiceWorker: instance.enableServiceWorker,
translatorAvailable: instance.deeplAuthKey != null,
translatorAvailable: instance.deeplAuthKey != null || instance.libreTranslateURL != null || instance.deeplFreeMode && instance.deeplFreeInstance != null,
cacheRemoteFiles: instance.cacheRemoteFiles,
cacheRemoteSensitiveFiles: instance.cacheRemoteSensitiveFiles,
pinnedUsers: instance.pinnedUsers,
@ -675,7 +729,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
setSensitiveFlagAutomatically: instance.setSensitiveFlagAutomatically,
enableSensitiveMediaDetectionForVideos: instance.enableSensitiveMediaDetectionForVideos,
enableBotTrending: instance.enableBotTrending,
proxyAccountId: instance.proxyAccountId,
proxyAccountId: proxy.id,
email: instance.email,
smtpSecure: instance.smtpSecure,
smtpHost: instance.smtpHost,
@ -696,10 +750,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
objectStorageUseProxy: instance.objectStorageUseProxy,
objectStorageSetPublicRead: instance.objectStorageSetPublicRead,
objectStorageS3ForcePathStyle: instance.objectStorageS3ForcePathStyle,
translationTimeout: instance.translationTimeout,
deeplAuthKey: instance.deeplAuthKey,
deeplIsPro: instance.deeplIsPro,
deeplFreeMode: instance.deeplFreeMode,
deeplFreeInstance: instance.deeplFreeInstance,
libreTranslateURL: instance.libreTranslateURL,
libreTranslateKey: instance.libreTranslateKey,
enableIpLogging: instance.enableIpLogging,
enableActiveEmailValidation: instance.enableActiveEmailValidation,
enableVerifymailApi: instance.enableVerifymailApi,
@ -735,6 +792,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
trustedLinkUrlPatterns: instance.trustedLinkUrlPatterns,
federation: instance.federation,
federationHosts: instance.federationHosts,
hasLegacyAuthFetchSetting: config.checkActivityPubGetSignature != null,
allowUnsignedFetch: instance.allowUnsignedFetch,
enableProxyAccount: instance.enableProxyAccount,
deliverSuspendedSoftware: instance.deliverSuspendedSoftware,
};
});
}

16
packages/backend/src/server/api/endpoints/admin/nsfw-user.ts
View file

@ -35,19 +35,23 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private readonly cacheService: CacheService,
) {
super(meta, paramDef, async (ps, me) => {
const profile = await this.cacheService.userProfileCache.fetch(ps.userId);
if (profile.alwaysMarkNsfw) return;
const user = await this.cacheService.findUserById(ps.userId);
await this.userProfilesRepository.update(user.id, {
alwaysMarkNsfw: true,
});
await this.cacheService.userProfileCache.delete(ps.userId);
await this.moderationLogService.log(me, 'nsfwUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
await this.userProfilesRepository.update(user.id, {
alwaysMarkNsfw: true,
});
await this.cacheService.userProfileCache.refresh(ps.userId);
});
}
}

11
packages/backend/src/server/api/endpoints/admin/queue/clear.ts
View file

@ -6,7 +6,7 @@
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QueueService } from '@/core/QueueService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
@ -18,8 +18,11 @@ export const meta = {
export const paramDef = {
type: 'object',
properties: {},
required: [],
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
state: { type: 'string', enum: ['*', 'completed', 'wait', 'active', 'paused', 'prioritized', 'delayed', 'failed'] },
},
required: ['queue', 'state'],
} as const;
@Injectable()
@ -29,7 +32,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
this.queueService.destroy();
this.queueService.queueClear(ps.queue, ps.state);
this.moderationLogService.log(me, 'clearQueue');
});

38
packages/backend/src/server/api/endpoints/admin/queue/jobs.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'read:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
state: { type: 'array', items: { type: 'string', enum: ['active', 'paused', 'wait', 'delayed', 'completed', 'failed'] } },
search: { type: 'string' },
},
required: ['queue', 'state'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
return this.queueService.queueGetJobs(ps.queue, ps.state, ps.search);
});
}
}

39
packages/backend/src/server/api/endpoints/admin/queue/promote-jobs.ts Normal file
View file

@ -0,0 +1,39 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'write:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
},
required: ['queue'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private moderationLogService: ModerationLogService,
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
this.queueService.queuePromoteJobs(ps.queue);
this.moderationLogService.log(me, 'promoteQueue');
});
}
}

77
packages/backend/src/server/api/endpoints/admin/queue/promote.ts
View file

@ -1,77 +0,0 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'write:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
type: { type: 'string', enum: ['deliver', 'inbox'] },
},
required: ['type'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private moderationLogService: ModerationLogService,
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
let delayedQueues;
switch (ps.type) {
case 'deliver':
delayedQueues = await this.queueService.deliverQueue.getDelayed();
for (let queueIndex = 0; queueIndex < delayedQueues.length; queueIndex++) {
const queue = delayedQueues[queueIndex];
try {
await queue.promote();
} catch (e) {
if (e instanceof Error) {
if (e.message.indexOf('not in a delayed state') !== -1) {
throw e;
}
} else {
throw e;
}
}
}
break;
case 'inbox':
delayedQueues = await this.queueService.inboxQueue.getDelayed();
for (let queueIndex = 0; queueIndex < delayedQueues.length; queueIndex++) {
const queue = delayedQueues[queueIndex];
try {
await queue.promote();
} catch (e) {
if (e instanceof Error) {
if (e.message.indexOf('not in a delayed state') !== -1) {
throw e;
}
} else {
throw e;
}
}
}
break;
}
this.moderationLogService.log(me, 'promoteQueue');
});
}
}

36
packages/backend/src/server/api/endpoints/admin/queue/queue-stats.ts Normal file
View file

@ -0,0 +1,36 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'read:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
},
required: ['queue'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
return this.queueService.queueGetQueue(ps.queue);
});
}
}

35
packages/backend/src/server/api/endpoints/admin/queue/queues.ts Normal file
View file

@ -0,0 +1,35 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'read:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
},
required: [],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
return this.queueService.queueGetQueues();
});
}
}

38
packages/backend/src/server/api/endpoints/admin/queue/remove-job.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'write:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
jobId: { type: 'string' },
},
required: ['queue', 'jobId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private moderationLogService: ModerationLogService,
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
this.queueService.queueRemoveJob(ps.queue, ps.jobId);
});
}
}

38
packages/backend/src/server/api/endpoints/admin/queue/retry-job.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'write:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
jobId: { type: 'string' },
},
required: ['queue', 'jobId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private moderationLogService: ModerationLogService,
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
this.queueService.queueRetryJob(ps.queue, ps.jobId);
});
}
}

38
packages/backend/src/server/api/endpoints/admin/queue/show-job.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { QUEUE_TYPES, QueueService } from '@/core/QueueService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'read:admin:queue',
} as const;
export const paramDef = {
type: 'object',
properties: {
queue: { type: 'string', enum: QUEUE_TYPES },
jobId: { type: 'string' },
},
required: ['queue', 'jobId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private moderationLogService: ModerationLogService,
private queueService: QueueService,
) {
super(meta, paramDef, async (ps, me) => {
return this.queueService.queueGetJob(ps.queue, ps.jobId);
});
}
}

14
packages/backend/src/server/api/endpoints/admin/reject-quotes.ts
View file

@ -44,20 +44,18 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
// Skip if there's nothing to do
if (user.rejectQuotes === ps.rejectQuotes) return;
// Log event first.
// This ensures that we don't "lose" the log if an error occurs
await this.moderationLogService.log(me, ps.rejectQuotes ? 'rejectQuotesUser' : 'acceptQuotesUser', {
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
await this.usersRepository.update(ps.userId, {
rejectQuotes: ps.rejectQuotes,
});
// Synchronize caches and other processes
this.globalEventService.publishInternalEvent('localUserUpdated', { id: ps.userId });
await this.moderationLogService.log(me, ps.rejectQuotes ? 'rejectQuotesUser' : 'acceptQuotesUser', {
userId: user.id,
userUsername: user.username,
userHost: user.host,
});
});
}
}

7
packages/backend/src/server/api/endpoints/admin/relays/add.ts
View file

@ -68,11 +68,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private readonly moderationLogService: ModerationLogService,
) {
super(meta, paramDef, async (ps, me) => {
try {
if (new URL(ps.inbox).protocol !== 'https:') throw new Error('https only');
} catch {
throw new ApiError(meta.errors.invalidUrl);
}
if (!URL.canParse(ps.inbox)) throw new ApiError(meta.errors.invalidUrl);
if (new URL(ps.inbox).protocol !== 'https:') throw new ApiError(meta.errors.invalidUrl);
await this.moderationLogService.log(me, 'addRelay', {
inbox: ps.inbox,

8
packages/backend/src/server/api/endpoints/admin/reset-password.ts
View file

@ -4,10 +4,9 @@
*/
import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
import type { UsersRepository, UserProfilesRepository, MiMeta } from '@/models/_.js';
import { DI } from '@/di-symbols.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
@ -45,6 +44,9 @@ export const paramDef = {
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.meta)
private serverSettings: MiMeta,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@ -60,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new Error('user not found');
}
if (user.isRoot) {
if (this.serverSettings.rootUserId === user.id) {
throw new Error('cannot reset password of root');
}

65
packages/backend/src/server/api/endpoints/admin/roles/clone.ts Normal file
View file

@ -0,0 +1,65 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { RoleService } from '@/core/RoleService.js';
import { DI } from '@/di-symbols.js';
import type { RolesRepository } from '@/models/_.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ApiError } from '@/server/api/error.js';
import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireAdmin: true,
kind: 'write:admin:roles',
res: {
type: 'object',
optional: false, nullable: false,
ref: 'Role',
},
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: '93cc897a-b5f9-431f-b9b7-ee59035a5aed',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
private roleEntityService: RoleEntityService,
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
const cloned = await this.roleService.clone(role, me);
return this.roleEntityService.pack(cloned, me);
});
}
}

1
packages/backend/src/server/api/endpoints/admin/roles/create.ts
View file

@ -36,6 +36,7 @@ export const paramDef = {
isAdministrator: { type: 'boolean' },
isExplorable: { type: 'boolean', default: false }, // optional for backward compatibility
asBadge: { type: 'boolean' },
preserveAssignmentOnMoveAccount: { type: 'boolean' },
canEditMembersByModerator: { type: 'boolean' },
displayOrder: { type: 'number' },
policies: {

2
packages/backend/src/server/api/endpoints/admin/roles/update.ts
View file

@ -41,6 +41,7 @@ export const paramDef = {
isAdministrator: { type: 'boolean' },
isExplorable: { type: 'boolean' },
asBadge: { type: 'boolean' },
preserveAssignmentOnMoveAccount: { type: 'boolean' },
canEditMembersByModerator: { type: 'boolean' },
displayOrder: { type: 'number' },
policies: {
@ -78,6 +79,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
isAdministrator: ps.isAdministrator,
isExplorable: ps.isExplorable,
asBadge: ps.asBadge,
preserveAssignmentOnMoveAccount: ps.preserveAssignmentOnMoveAccount,
canEditMembersByModerator: ps.canEditMembersByModerator,
displayOrder: ps.displayOrder,
policies: ps.policies,

11
packages/backend/src/server/api/endpoints/admin/roles/users.ts
View file

@ -35,7 +35,7 @@ export const meta = {
properties: {
id: { type: 'string', format: 'misskey:id' },
createdAt: { type: 'string', format: 'date-time' },
user: { ref: 'UserDetailed' },
user: { ref: 'User' },
expiresAt: { type: 'string', format: 'date-time', nullable: true },
},
required: ['id', 'createdAt', 'user'],
@ -50,6 +50,11 @@ export const paramDef = {
sinceId: { type: 'string', format: 'misskey:id' },
untilId: { type: 'string', format: 'misskey:id' },
limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
detail: {
type: 'boolean',
nullable: false,
default: true,
},
},
required: ['roleId'],
} as const;
@ -90,12 +95,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
.getMany();
const _users = assigns.map(({ user, userId }) => user ?? userId);
const _userMap = await this.userEntityService.packMany(_users, me, { schema: 'UserDetailed' })
const _userMap = await this.userEntityService.packMany(_users, me, { schema: ps.detail ? 'UserDetailed' : 'UserLite' })
.then(users => new Map(users.map(u => [u.id, u])));
return await Promise.all(assigns.map(async assign => ({
id: assign.id,
createdAt: this.idService.parse(assign.id).date.toISOString(),
user: _userMap.get(assign.userId) ?? await this.userEntityService.pack(assign.user!, me, { schema: 'UserDetailed' }),
user: _userMap.get(assign.userId) ?? await this.userEntityService.pack(assign.user!, me, { schema: ps.detail ? 'UserDetailed' : 'UserLite' }),
expiresAt: assign.expiresAt?.toISOString() ?? null,
})));
});

50
packages/backend/src/server/api/endpoints/admin/show-user.ts
View file

@ -12,6 +12,7 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
import { IdService } from '@/core/IdService.js';
import { notificationRecieveConfig } from '@/models/json-schema/user.js';
import { isSystemAccount } from '@/misc/is-system-account.js';
import { CacheService } from '@/core/CacheService.js';
export const meta = {
tags: ['admin'],
@ -111,6 +112,7 @@ export const meta = {
receiveFollowRequest: { optional: true, ...notificationRecieveConfig },
followRequestAccepted: { optional: true, ...notificationRecieveConfig },
roleAssigned: { optional: true, ...notificationRecieveConfig },
chatRoomInvitationReceived: { optional: true, ...notificationRecieveConfig },
achievementEarned: { optional: true, ...notificationRecieveConfig },
app: { optional: true, ...notificationRecieveConfig },
test: { optional: true, ...notificationRecieveConfig },
@ -120,6 +122,10 @@ export const meta = {
type: 'boolean',
optional: false, nullable: false,
},
isAdministrator: {
type: 'boolean',
optional: false, nullable: false,
},
isSystem: {
type: 'boolean',
optional: false, nullable: false,
@ -185,6 +191,40 @@ export const meta = {
},
},
},
followStats: {
type: 'object',
optional: false, nullable: false,
properties: {
totalFollowing: {
type: 'number',
optional: false, nullable: false,
},
totalFollowers: {
type: 'number',
optional: false, nullable: false,
},
localFollowing: {
type: 'number',
optional: false, nullable: false,
},
localFollowers: {
type: 'number',
optional: false, nullable: false,
},
remoteFollowing: {
type: 'number',
optional: false, nullable: false,
},
remoteFollowers: {
type: 'number',
optional: false, nullable: false,
},
},
},
signupReason: {
type: 'string',
optional: false, nullable: true,
},
},
},
} as const;
@ -212,6 +252,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private roleService: RoleService,
private roleEntityService: RoleEntityService,
private idService: IdService,
private readonly cacheService: CacheService,
) {
super(meta, paramDef, async (ps, me) => {
const [user, profile] = await Promise.all([
@ -224,6 +265,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
const isModerator = await this.roleService.isModerator(user);
const isAdministrator = await this.roleService.isAdministrator(user);
const isSilenced = user.isSilenced || !(await this.roleService.getUserPolicies(user.id)).canPublicNote;
const _me = await this.usersRepository.findOneByOrFail({ id: me.id });
@ -236,6 +278,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const roleAssigns = await this.roleService.getUserAssigns(user.id);
const roles = await this.roleService.getUserRoles(user.id);
const followStats = await this.cacheService.getFollowStats(user.id);
return {
email: profile.email,
emailVerified: profile.emailVerified,
@ -254,6 +298,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
mutedInstances: profile.mutedInstances,
notificationRecieveConfig: profile.notificationRecieveConfig,
isModerator: isModerator,
isAdministrator: isAdministrator,
isSystem: isSystemAccount(user),
isSilenced: isSilenced,
isSuspended: user.isSuspended,
@ -268,6 +313,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
expiresAt: a.expiresAt ? a.expiresAt.toISOString() : null,
roleId: a.roleId,
})),
followStats: {
...followStats,
totalFollowers: Math.max(user.followersCount, followStats.localFollowers + followStats.remoteFollowers),
totalFollowing: Math.max(user.followingCount, followStats.localFollowing + followStats.remoteFollowing),
},
};
});
}

9
packages/backend/src/server/api/endpoints/admin/show-users.ts
View file

@ -24,7 +24,7 @@ export const meta = {
items: {
type: 'object',
nullable: false, optional: false,
ref: 'UserDetailed',
ref: 'User',
},
},
} as const;
@ -44,6 +44,11 @@ export const paramDef = {
default: null,
description: 'The local host is represented with `null`.',
},
detail: {
type: 'boolean',
nullable: false,
default: true,
},
},
required: [],
} as const;
@ -115,7 +120,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const users = await query.getMany();
return await this.userEntityService.packMany(users, me, { schema: 'UserDetailed' });
return await this.userEntityService.packMany(users, me, { schema: ps.detail ? 'UserDetailed' : 'UserLite' });
});
}
}

12
packages/backend/src/server/api/endpoints/admin/silence-user.ts
View file

@ -45,11 +45,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new Error('cannot silence moderator account');
}
await this.moderationLogService.log(me, 'silenceUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
if (user.isSilenced) return;
await this.usersRepository.update(user.id, {
isSilenced: true,
@ -58,6 +54,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
this.globalEventService.publishInternalEvent(user.host == null ? 'localUserUpdated' : 'remoteUserUpdated', {
id: user.id,
});
await this.moderationLogService.log(me, 'silenceUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
});
}
}

2
packages/backend/src/server/api/endpoints/admin/suspend-user.ts
View file

@ -42,6 +42,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new Error('user not found');
}
if (user.isSuspended) return;
if (await this.roleService.isModerator(user)) {
throw new Error('cannot suspend moderator account');
}

14
packages/backend/src/server/api/endpoints/admin/unnsfw-user.ts
View file

@ -35,17 +35,23 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private readonly userProfilesRepository: UserProfilesRepository,
) {
super(meta, paramDef, async (ps, me) => {
const profile = await this.cacheService.userProfileCache.fetch(ps.userId);
if (!profile.alwaysMarkNsfw) return;
const user = await this.cacheService.findUserById(ps.userId);
await this.userProfilesRepository.update(user.id, {
alwaysMarkNsfw: false,
});
await this.cacheService.userProfileCache.delete(ps.userId);
await this.moderationLogService.log(me, 'unNsfwUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
await this.userProfilesRepository.update(user.id, {
alwaysMarkNsfw: false,
});
});
}
}

12
packages/backend/src/server/api/endpoints/admin/unsilence-user.ts
View file

@ -39,11 +39,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
super(meta, paramDef, async (ps, me) => {
const user = await this.cacheService.findUserById(ps.userId);
await this.moderationLogService.log(me, 'unSilenceUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
if (!user.isSilenced) return;
await this.usersRepository.update(user.id, {
isSilenced: false,
@ -52,6 +48,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
this.globalEventService.publishInternalEvent(user.host == null ? 'localUserUpdated' : 'remoteUserUpdated', {
id: user.id,
});
await this.moderationLogService.log(me, 'unSilenceUser', {
userId: ps.userId,
userUsername: user.username,
userHost: user.host,
});
});
}
}

2
packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts
View file

@ -40,6 +40,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new Error('user not found');
}
if (!user.isSuspended) return;
await this.userSuspendService.unsuspend(user, me);
});
}

102
packages/backend/src/server/api/endpoints/admin/update-meta.ts
View file

@ -8,6 +8,7 @@ import type { MiMeta } from '@/models/Meta.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { MetaService } from '@/core/MetaService.js';
import { instanceUnsignedFetchOptions } from '@/const.js';
export const meta = {
tags: ['admin'],
@ -66,9 +67,10 @@ export const paramDef = {
name: { type: 'string', nullable: true },
shortName: { type: 'string', nullable: true },
description: { type: 'string', nullable: true },
about: { type: 'string', nullable: true },
defaultLightTheme: { type: 'string', nullable: true },
defaultDarkTheme: { type: 'string', nullable: true },
defaultLike: { type: 'string', nullable: true },
defaultLike: { type: 'string' },
cacheRemoteFiles: { type: 'boolean' },
cacheRemoteSensitiveFiles: { type: 'boolean' },
emailRequiredForSignup: { type: 'boolean' },
@ -95,7 +97,6 @@ export const paramDef = {
setSensitiveFlagAutomatically: { type: 'boolean' },
enableSensitiveMediaDetectionForVideos: { type: 'boolean' },
enableBotTrending: { type: 'boolean' },
proxyAccountId: { type: 'string', format: 'misskey:id', nullable: true },
maintainerName: { type: 'string', nullable: true },
maintainerEmail: { type: 'string', nullable: true },
langs: {
@ -103,10 +104,13 @@ export const paramDef = {
type: 'string',
},
},
translationTimeout: { type: 'number' },
deeplAuthKey: { type: 'string', nullable: true },
deeplIsPro: { type: 'boolean' },
deeplFreeMode: { type: 'boolean' },
deeplFreeInstance: { type: 'string', nullable: true },
libreTranslateURL: { type: 'string', nullable: true },
libreTranslateKey: { type: 'string', nullable: true },
enableEmail: { type: 'boolean' },
email: { type: 'string', nullable: true },
smtpSecure: { type: 'boolean' },
@ -127,7 +131,7 @@ export const paramDef = {
useObjectStorage: { type: 'boolean' },
objectStorageBaseUrl: { type: 'string', nullable: true },
objectStorageBucket: { type: 'string', nullable: true },
objectStoragePrefix: { type: 'string', nullable: true },
objectStoragePrefix: { type: 'string', pattern: /^[a-zA-Z0-9-._\/]*$/.source, nullable: true },
objectStorageEndpoint: { type: 'string', nullable: true },
objectStorageRegion: { type: 'string', nullable: true },
objectStoragePort: { type: 'integer', nullable: true },
@ -203,6 +207,26 @@ export const paramDef = {
type: 'string',
},
},
allowUnsignedFetch: {
type: 'string',
enum: instanceUnsignedFetchOptions,
nullable: false,
},
enableProxyAccount: {
type: 'boolean',
nullable: false,
},
deliverSuspendedSoftware: {
type: 'array',
items: {
type: 'object',
properties: {
software: { type: 'string' },
versionRange: { type: 'string' },
},
required: ['software', 'versionRange'],
},
},
},
required: [],
} as const;
@ -317,6 +341,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
set.description = ps.description;
}
if (ps.about !== undefined) {
set.about = ps.about;
}
if (ps.defaultLightTheme !== undefined) {
set.defaultLightTheme = ps.defaultLightTheme;
}
@ -397,14 +425,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
set.turnstileSecretKey = ps.turnstileSecretKey;
}
if (ps.enableFC !== undefined) {
set.enableFC = ps.enableFC;
}
if (ps.enableTestcaptcha !== undefined) {
set.enableTestcaptcha = ps.enableTestcaptcha;
}
if (ps.enableFC !== undefined) {
set.enableFC = ps.enableFC;
}
if (ps.fcSiteKey !== undefined) {
set.fcSiteKey = ps.fcSiteKey;
}
@ -417,10 +445,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
set.enableBotTrending = ps.enableBotTrending;
}
if (ps.proxyAccountId !== undefined) {
set.proxyAccountId = ps.proxyAccountId;
}
if (ps.maintainerName !== undefined) {
set.maintainerName = ps.maintainerName;
}
@ -553,6 +577,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
set.objectStorageS3ForcePathStyle = ps.objectStorageS3ForcePathStyle;
}
if (ps.translationTimeout !== undefined) {
set.translationTimeout = ps.translationTimeout;
}
if (ps.deeplAuthKey !== undefined) {
if (ps.deeplAuthKey === '') {
set.deeplAuthKey = null;
@ -577,6 +605,22 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
}
if (ps.libreTranslateURL !== undefined) {
if (ps.libreTranslateURL === '') {
set.libreTranslateURL = null;
} else {
set.libreTranslateURL = ps.libreTranslateURL;
}
}
if (ps.libreTranslateKey !== undefined) {
if (ps.libreTranslateKey === '') {
set.libreTranslateKey = null;
} else {
set.libreTranslateKey = ps.libreTranslateKey;
}
}
if (ps.enableIpLogging !== undefined) {
set.enableIpLogging = ps.enableIpLogging;
}
@ -731,10 +775,22 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
set.federation = ps.federation;
}
if (ps.deliverSuspendedSoftware !== undefined) {
set.deliverSuspendedSoftware = ps.deliverSuspendedSoftware;
}
if (Array.isArray(ps.federationHosts)) {
set.federationHosts = ps.federationHosts.filter(Boolean).map(x => x.toLowerCase());
}
if (ps.allowUnsignedFetch !== undefined) {
set.allowUnsignedFetch = ps.allowUnsignedFetch;
}
if (ps.enableProxyAccount !== undefined) {
set.enableProxyAccount = ps.enableProxyAccount;
}
const before = await this.metaService.fetch(true);
await this.metaService.update(set);
@ -742,9 +798,29 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const after = await this.metaService.fetch(true);
this.moderationLogService.log(me, 'updateServerSettings', {
before,
after,
before: sanitize(before),
after: sanitize(after),
});
});
}
}
function sanitize(meta: Partial<MiMeta>): Partial<MiMeta> {
return {
...meta,
hcaptchaSecretKey: '<redacted>',
mcaptchaSecretKey: '<redacted>',
recaptchaSecretKey: '<redacted>',
turnstileSecretKey: '<redacted>',
fcSecretKey: '<redacted>',
smtpPass: '<redacted>',
swPrivateKey: '<redacted>',
objectStorageAccessKey: '<redacted>',
objectStorageSecretKey: '<redacted>',
deeplAuthKey: '<redacted>',
libreTranslateKey: '<redacted>',
verifymailAuthKey: '<redacted>',
truemailAuthKey: '<redacted>',
};
}

62
packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts Normal file
View file

@ -0,0 +1,62 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import {
descriptionSchema,
} from '@/models/User.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { ModerationLogService } from '@/core/ModerationLogService.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
export const meta = {
tags: ['admin'],
requireCredential: true,
requireModerator: true,
kind: 'write:admin:account',
res: {
type: 'object',
nullable: false, optional: false,
ref: 'UserDetailed',
},
} as const;
export const paramDef = {
type: 'object',
properties: {
description: { ...descriptionSchema, nullable: true },
},
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private userEntityService: UserEntityService,
private moderationLogService: ModerationLogService,
private systemAccountService: SystemAccountService,
) {
super(meta, paramDef, async (ps, me) => {
const proxy = await this.systemAccountService.updateCorrespondingUserProfile('proxy', {
description: ps.description,
});
const updated = await this.userEntityService.pack(proxy.id, proxy, {
schema: 'MeDetailed',
});
if (ps.description !== undefined) {
this.moderationLogService.log(me, 'updateProxyAccountDescription', {
before: null, //TODO
after: ps.description,
});
}
return updated;
});
}
}

7
packages/backend/src/server/api/endpoints/announcements.ts
View file

@ -7,6 +7,7 @@ import { Inject, Injectable } from '@nestjs/common';
import { Brackets } from 'typeorm';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { QueryService } from '@/core/QueryService.js';
import { RoleService } from '@/core/RoleService.js';
import { AnnouncementEntityService } from '@/core/entities/AnnouncementEntityService.js';
import { DI } from '@/di-symbols.js';
import type { AnnouncementsRepository } from '@/models/_.js';
@ -51,14 +52,20 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private announcementsRepository: AnnouncementsRepository,
private queryService: QueryService,
private roleService: RoleService,
private announcementEntityService: AnnouncementEntityService,
) {
super(meta, paramDef, async (ps, me) => {
const roles = me ? await this.roleService.getUserRoles(me) : [];
const query = this.queryService.makePaginationQuery(this.announcementsRepository.createQueryBuilder('announcement'), ps.sinceId, ps.untilId)
.andWhere('announcement.isActive = :isActive', { isActive: ps.isActive })
.andWhere(new Brackets(qb => {
if (me) qb.orWhere('announcement.userId = :meId', { meId: me.id });
qb.orWhere('announcement.userId IS NULL');
}))
.andWhere(new Brackets(qb => {
if (me) qb.orWhere('announcement.forRoles && :roles', { roles: roles.map((r) => r.id) });
qb.orWhere('announcement.forRoles = \'{}\'');
}));
const announcements = await query.limit(ps.limit).getMany();

2
packages/backend/src/server/api/endpoints/antennas/create.ts
View file

@ -79,6 +79,7 @@ export const paramDef = {
excludeBots: { type: 'boolean' },
withReplies: { type: 'boolean' },
withFile: { type: 'boolean' },
excludeNotesInSensitiveChannel: { type: 'boolean' },
},
required: ['name', 'src', 'keywords', 'excludeKeywords', 'users', 'caseSensitive', 'withReplies', 'withFile'],
} as const;
@ -139,6 +140,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
excludeBots: ps.excludeBots,
withReplies: ps.withReplies,
withFile: ps.withFile,
excludeNotesInSensitiveChannel: ps.excludeNotesInSensitiveChannel,
});
this.globalEventService.publishInternalEvent('antennaCreated', antenna);

29
packages/backend/src/server/api/endpoints/antennas/notes.ts
View file

@ -8,13 +8,13 @@ import * as Redis from 'ioredis';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { NotesRepository, AntennasRepository } from '@/models/_.js';
import { QueryService } from '@/core/QueryService.js';
import { NoteReadService } from '@/core/NoteReadService.js';
import { DI } from '@/di-symbols.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { IdService } from '@/core/IdService.js';
import { FanoutTimelineService } from '@/core/FanoutTimelineService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { trackPromise } from '@/misc/promise-tracker.js';
import ActiveUsersChart from '@/core/chart/charts/active-users.js';
import { ApiError } from '../../error.js';
export const meta = {
@ -65,9 +65,6 @@ export const paramDef = {
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.redisForTimelines)
private redisForTimelines: Redis.Redis,
@Inject(DI.notesRepository)
private notesRepository: NotesRepository,
@ -77,9 +74,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private idService: IdService,
private noteEntityService: NoteEntityService,
private queryService: QueryService,
private noteReadService: NoteReadService,
private fanoutTimelineService: FanoutTimelineService,
private globalEventService: GlobalEventService,
private readonly activeUsersChart: ActiveUsersChart,
) {
super(meta, paramDef, async (ps, me) => {
const untilId = ps.untilId ?? (ps.untilDate ? this.idService.gen(ps.untilDate!) : null);
@ -111,7 +108,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
return [];
}
const query = this.notesRepository.createQueryBuilder('note')
const query = this.queryService.makePaginationQuery(this.notesRepository.createQueryBuilder('note'),
ps.sinceId, ps.untilId)
.where('note.id IN (:...noteIds)', { noteIds: noteIds })
.innerJoinAndSelect('note.user', 'user')
.leftJoinAndSelect('note.reply', 'reply')
@ -119,18 +117,21 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
.leftJoinAndSelect('reply.user', 'replyUser')
.leftJoinAndSelect('renote.user', 'renoteUser');
// NOTE: センシティブ除外の設定はこのエンドポイントでは無視する。
// https://github.com/misskey-dev/misskey/pull/15346#discussion_r1929950255
this.queryService.generateBlockedHostQueryForNote(query);
this.queryService.generateSuspendedUserQueryForNote(query);
this.queryService.generateVisibilityQuery(query, me);
this.queryService.generateMutedUserQuery(query, me);
this.queryService.generateBlockedUserQuery(query, me);
this.queryService.generateMutedUserQueryForNotes(query, me);
this.queryService.generateBlockedUserQueryForNotes(query, me);
this.queryService.generateMutedUserRenotesQueryForNotes(query, me);
const notes = await query.getMany();
if (sinceId != null && untilId == null) {
notes.sort((a, b) => a.id < b.id ? -1 : 1);
} else {
notes.sort((a, b) => a.id > b.id ? -1 : 1);
}
this.noteReadService.read(me.id, notes);
process.nextTick(() => {
this.activeUsersChart.read(me);
});
return await this.noteEntityService.packMany(notes, me);
});

2
packages/backend/src/server/api/endpoints/antennas/update.ts
View file

@ -78,6 +78,7 @@ export const paramDef = {
excludeBots: { type: 'boolean' },
withReplies: { type: 'boolean' },
withFile: { type: 'boolean' },
excludeNotesInSensitiveChannel: { type: 'boolean' },
},
required: ['antennaId'],
} as const;
@ -135,6 +136,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
excludeBots: ps.excludeBots,
withReplies: ps.withReplies,
withFile: ps.withFile,
excludeNotesInSensitiveChannel: ps.excludeNotesInSensitiveChannel,
isActive: true,
lastUsedAt: new Date(),
});

65
packages/backend/src/server/api/endpoints/ap/get.ts
View file

@ -3,10 +3,17 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
import { isCollectionOrOrderedCollection, isOrderedCollection, isOrderedCollectionPage } from '@/core/activitypub/type.js';
import { ApiError } from '@/server/api/error.js';
import { CacheService } from '@/core/CacheService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { DI } from '@/di-symbols.js';
import type { NotesRepository } from '@/models/_.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
export const meta = {
tags: ['federation'],
@ -21,6 +28,16 @@ export const meta = {
},
errors: {
noInputSpecified: {
message: 'uri, userId, or noteId must be specified.',
code: 'NO_INPUT_SPECIFIED',
id: 'b43ff2a7-e7a2-4237-ad7f-7b079563c09e',
},
multipleInputsSpecified: {
message: 'Only one of uri, userId, or noteId can be specified',
code: 'MULTIPLE_INPUTS_SPECIFIED',
id: 'f1aa27ed-8f20-44f3-a92a-fe073c8ca52b',
},
},
res: {
@ -32,19 +49,57 @@ export const meta = {
export const paramDef = {
type: 'object',
properties: {
uri: { type: 'string' },
uri: { type: 'string', nullable: true },
userId: { type: 'string', format: 'misskey:id', nullable: true },
noteId: { type: 'string', format: 'misskey:id', nullable: true },
expandCollectionItems: { type: 'boolean' },
expandCollectionLimit: { type: 'integer', nullable: true },
allowAnonymous: { type: 'boolean' },
},
required: ['uri'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.notesRepository)
private readonly notesRepository: NotesRepository,
private readonly cacheService: CacheService,
private readonly userEntityService: UserEntityService,
private readonly noteEntityService: NoteEntityService,
private apResolverService: ApResolverService,
) {
super(meta, paramDef, async (ps, me) => {
super(meta, paramDef, async (ps) => {
if (ps.uri && ps.userId && ps.noteId) {
throw new ApiError(meta.errors.multipleInputsSpecified);
}
let uri: string;
if (ps.uri) {
uri = ps.uri;
} else if (ps.userId) {
const user = await this.cacheService.findUserById(ps.userId);
uri = user.uri ?? this.userEntityService.genLocalUserUri(ps.userId);
} else if (ps.noteId) {
const note = await this.notesRepository.findOneByOrFail({ id: ps.noteId });
uri = note.uri ?? this.noteEntityService.genLocalNoteUri(ps.noteId);
} else {
throw new ApiError(meta.errors.noInputSpecified);
}
const resolver = this.apResolverService.createResolver();
const object = await resolver.resolve(ps.uri);
const object = await resolver.resolve(uri, ps.allowAnonymous ?? false);
if (ps.expandCollectionItems && isCollectionOrOrderedCollection(object)) {
const items = await resolver.resolveCollectionItems(object, ps.expandCollectionLimit, ps.allowAnonymous ?? false);
if (isOrderedCollection(object) || isOrderedCollectionPage(object)) {
object.orderedItems = items;
} else {
object.items = items;
}
}
return object;
});
}

51
packages/backend/src/server/api/endpoints/ap/show.ts
View file

@ -7,7 +7,7 @@ import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { MiNote } from '@/models/Note.js';
import type { MiLocalUser, MiUser } from '@/models/User.js';
import { isActor, isPost, getApId, getNullableApId } from '@/core/activitypub/type.js';
import { isActor, isPost, getApId } from '@/core/activitypub/type.js';
import type { SchemaType } from '@/misc/json-schema.js';
import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
@ -18,7 +18,7 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { UtilityService } from '@/core/UtilityService.js';
import { bindThis } from '@/decorators.js';
import { ApRequestService } from '@/core/activitypub/ApRequestService.js';
import { InstanceActorService } from '@/core/InstanceActorService.js';
import { SystemAccountService } from '@/core/SystemAccountService.js';
import { ApiError } from '../../error.js';
import { IdentifiableError } from '@/misc/identifiable-error.js';
@ -30,7 +30,8 @@ export const meta = {
// Up to 30 calls, then 1 per 1/2 second
limit: {
max: 30,
type: 'bucket',
size: 30,
dripRate: 500,
},
@ -55,11 +56,6 @@ export const meta = {
code: 'RESPONSE_INVALID',
id: '70193c39-54f3-4813-82f0-70a680f7495b',
},
responseInvalidIdHostNotMatch: {
message: 'Requested URI and response URI host does not match.',
code: 'RESPONSE_INVALID_ID_HOST_NOT_MATCH',
id: 'a2c9c61a-cb72-43ab-a964-3ca5fddb410a',
},
noSuchObject: {
message: 'No such object.',
code: 'NO_SUCH_OBJECT',
@ -123,7 +119,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private apPersonService: ApPersonService,
private apNoteService: ApNoteService,
private readonly apRequestService: ApRequestService,
private readonly instanceActorService: InstanceActorService,
private readonly systemAccountService: SystemAccountService,
) {
super(meta, paramDef, async (ps, me) => {
const object = await this.fetchAny(ps.uri, me);
@ -144,7 +140,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new ApiError(meta.errors.federationNotAllowed);
}
let local = await this.mergePack(me, ...await Promise.all([
const local = await this.mergePack(me, ...await Promise.all([
this.apDbResolverService.getUserFromApId(uri),
this.apDbResolverService.getNoteFromApId(uri),
]));
@ -153,7 +149,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
// No local object found with that uri.
// Before we fetch, resolve the URI in case it has a cross-origin redirect or anything like that.
// Resolver.resolve() uses strict verification, which is overly paranoid for a user-provided lookup.
uri = await this.resolveCanonicalUri(uri); // eslint-disable-line no-param-reassign
uri = await this.resolveCanonicalUri(uri);
if (!this.utilityService.isFederationAllowedUri(uri)) {
throw new ApiError(meta.errors.federationNotAllowed);
}
@ -177,10 +173,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
case '09d79f9e-64f1-4316-9cfa-e75c4d091574':
throw new ApiError(meta.errors.federationNotAllowed);
case '72180409-793c-4973-868e-5a118eb5519b':
case 'ad2dc287-75c1-44c4-839d-3d2e64576675':
case 'd09dc850-b76c-4f45-875a-7389339d78b8':
case 'dc110060-a5f2-461d-808b-39c62702ca64':
case '45793ab7-7648-4886-b503-429f8a0d0f73':
case '4bf8f36b-4d33-4ac9-ad76-63fa11f354e9':
throw new ApiError(meta.errors.responseInvalid);
case 'fd93c2fa-69a8-440f-880b-bf178e0ec877':
throw new ApiError(meta.errors.responseInvalidIdHostNotMatch);
// resolveLocal
case '02b40cd0-fa92-4b0c-acc9-fb2ada952ab8':
@ -196,25 +193,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new ApiError(meta.errors.requestFailed);
});
if (object.id == null) {
throw new ApiError(meta.errors.responseInvalid);
}
// /@user のような正規id以外で取得できるURIが指定されていた場合、ここで初めて正規URIが確定する
// これはDBに存在する可能性があるため再度DB検索
if (uri !== object.id) {
local = await this.mergePack(me, ...await Promise.all([
this.apDbResolverService.getUserFromApId(object.id),
this.apDbResolverService.getNoteFromApId(object.id),
]));
if (local != null) return local;
}
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
// Object is already validated to have a valid id (URI).
// We can pass it through with the same resolver and sentFrom to avoid a duplicate fetch.
// The resolve* methods automatically check for locally cached copies.
return await this.mergePack(
me,
isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null,
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, undefined, true) : null,
isActor(object) ? await this.apPersonService.resolvePerson(object, resolver, uri) : null,
isPost(object) ? await this.apNoteService.resolveNote(object, { resolver, sentFrom: uri }) : null,
);
}
@ -245,8 +230,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
* Resolves an arbitrary URI to its canonical, post-redirect form.
*/
private async resolveCanonicalUri(uri: string): Promise<string> {
const user = await this.instanceActorService.getInstanceActor();
const user = await this.systemAccountService.getInstanceActor();
const res = await this.apRequestService.signedGet(uri, user, true);
return getNullableApId(res) ?? uri;
return getApId(res);
}
}

73
packages/backend/src/server/api/endpoints/app/current.ts Normal file
View file

@ -0,0 +1,73 @@
/*
* SPDX-FileCopyrightText: hazelnoot and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { AppsRepository } from '@/models/_.js';
import { AppEntityService } from '@/core/entities/AppEntityService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '../../error.js';
export const meta = {
tags: ['app'],
errors: {
credentialRequired: {
message: 'Credential required.',
code: 'CREDENTIAL_REQUIRED',
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
httpStatusCode: 401,
},
noAppLogin: {
message: 'Not logged in with an app.',
code: 'NO_APP_LOGIN',
id: '339a4ad2-48c3-47fc-bd9d-2408f05120f8',
},
},
res: {
type: 'object',
optional: false, nullable: false,
ref: 'App',
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {
type: 'object',
properties: {},
required: [],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.appsRepository)
private appsRepository: AppsRepository,
private appEntityService: AppEntityService,
) {
super(meta, paramDef, async (_, user, token) => {
if (!user) {
throw new ApiError(meta.errors.credentialRequired);
}
if (!token || !token.appId) {
throw new ApiError(meta.errors.noAppLogin);
}
const app = token.app ?? await this.appsRepository.findOneByOrFail({ id: token.appId });
return await this.appEntityService.pack(app, user, {
detail: true,
includeSecret: false,
});
});
}
}

10
packages/backend/src/server/api/endpoints/channels/followed.ts
View file

@ -54,7 +54,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private queryService: QueryService,
) {
super(meta, paramDef, async (ps, me) => {
const query = this.queryService.makePaginationQuery(this.channelFollowingsRepository.createQueryBuilder(), ps.sinceId, ps.untilId)
const query = this.queryService
.makePaginationQuery(
this.channelFollowingsRepository.createQueryBuilder(),
ps.sinceId,
ps.untilId,
null,
null,
'followeeId',
)
.andWhere({ followerId: me.id });
const followings = await query

48
packages/backend/src/server/api/endpoints/channels/timeline.ts
View file

@ -13,8 +13,8 @@ import { DI } from '@/di-symbols.js';
import { IdService } from '@/core/IdService.js';
import { FanoutTimelineEndpointService } from '@/core/FanoutTimelineEndpointService.js';
import { MiLocalUser } from '@/models/User.js';
import { CacheService } from '@/core/CacheService.js';
import { ApiError } from '../../error.js';
import { Brackets } from 'typeorm';
export const meta = {
tags: ['notes', 'channels'],
@ -83,6 +83,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private queryService: QueryService,
private fanoutTimelineEndpointService: FanoutTimelineEndpointService,
private activeUsersChart: ActiveUsersChart,
private readonly cacheService: CacheService,
) {
super(meta, paramDef, async (ps, me) => {
const untilId = ps.untilId ?? (ps.untilDate ? this.idService.gen(ps.untilDate!) : null);
@ -96,12 +97,18 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new ApiError(meta.errors.noSuchChannel);
}
if (me) this.activeUsersChart.read(me);
if (me) {
process.nextTick(() => {
this.activeUsersChart.read(me);
});
}
if (!this.serverSettings.enableFanoutTimeline) {
return await this.noteEntityService.packMany(await this.getFromDb({ untilId, sinceId, limit: ps.limit, channelId: channel.id, withFiles: ps.withFiles, withRenotes: ps.withRenotes }, me), me);
}
const threadMutings = me ? await this.cacheService.threadMutingsCache.fetch(me.id) : null;
return await this.fanoutTimelineEndpointService.timeline({
untilId,
sinceId,
@ -115,6 +122,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
dbFallback: async (untilId, sinceId, limit) => {
return await this.getFromDb({ untilId, sinceId, limit, channelId: channel.id, withFiles: ps.withFiles, withRenotes: ps.withRenotes }, me);
},
noteFilter: note => {
if (threadMutings?.has(note.threadId ?? note.id)) {
return false;
}
return true;
},
});
});
}
@ -135,28 +149,30 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
.leftJoinAndSelect('note.renote', 'renote')
.leftJoinAndSelect('reply.user', 'replyUser')
.leftJoinAndSelect('renote.user', 'renoteUser')
.leftJoinAndSelect('note.channel', 'channel');
.leftJoinAndSelect('note.channel', 'channel')
.limit(ps.limit);
this.queryService.generateVisibilityQuery(query, me);
this.queryService.generateBlockedHostQueryForNote(query);
this.queryService.generateSuspendedUserQueryForNote(query);
this.queryService.generateSilencedUserQueryForNotes(query, me);
if (me) {
this.queryService.generateMutedUserQuery(query, me);
this.queryService.generateBlockedUserQuery(query, me);
}
if (ps.withRenotes === false) {
query.andWhere(new Brackets(qb => {
qb.orWhere('note.renoteId IS NULL');
qb.orWhere(new Brackets(qb => {
qb.orWhere('note.text IS NOT NULL');
qb.orWhere('note.fileIds != \'{}\'');
}));
}));
this.queryService.generateMutedUserQueryForNotes(query, me);
this.queryService.generateBlockedUserQueryForNotes(query, me);
this.queryService.generateMutedNoteThreadQuery(query, me);
}
if (ps.withFiles) {
query.andWhere('note.fileIds != \'{}\'');
}
if (!ps.withRenotes) {
this.queryService.generateExcludedRenotesQueryForNotes(query);
} else if (me) {
this.queryService.generateMutedUserRenotesQueryForNotes(query, me);
}
//#endregion
return await query.limit(ps.limit).getMany();
return await query.getMany();
}
}

6
packages/backend/src/server/api/endpoints/charts/active-users.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/ap-request.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/drive.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/federation.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/instance.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/notes.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/user/drive.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

85
packages/backend/src/server/api/endpoints/charts/user/following.ts
View file

@ -8,6 +8,8 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import { getJsonSchema } from '@/core/chart/core.js';
import PerUserFollowingChart from '@/core/chart/charts/per-user-following.js';
import { schema } from '@/core/chart/charts/entities/per-user-following.js';
import { CacheService } from '@/core/CacheService.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['charts', 'users', 'following'],
@ -17,11 +19,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;
@ -40,9 +42,84 @@ export const paramDef = {
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private perUserFollowingChart: PerUserFollowingChart,
private readonly cacheService: CacheService,
private readonly roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
return await this.perUserFollowingChart.getChart(ps.span, ps.limit, ps.offset ? new Date(ps.offset) : null, ps.userId);
const profile = await this.cacheService.userProfileCache.fetch(ps.userId);
// These are structured weird to avoid un-necessary calls to roleService and cacheService
const iAmModeratorOrTarget = me && (me.id === ps.userId || await this.roleService.isModerator(me));
const iAmFollowingOrTarget = me && (me.id === ps.userId || await this.cacheService.isFollowing(me.id, ps.userId));
const canViewFollowing =
profile.followingVisibility === 'public'
|| iAmModeratorOrTarget
|| (profile.followingVisibility === 'followers' && iAmFollowingOrTarget);
const canViewFollowers =
profile.followersVisibility === 'public'
|| iAmModeratorOrTarget
|| (profile.followersVisibility === 'followers' && iAmFollowingOrTarget);
if (!canViewFollowing && !canViewFollowers) {
return {
local: {
followings: {
total: [],
inc: [],
dec: [],
},
followers: {
total: [],
inc: [],
dec: [],
},
},
remote: {
followings: {
total: [],
inc: [],
dec: [],
},
followers: {
total: [],
inc: [],
dec: [],
},
},
};
}
const chart = await this.perUserFollowingChart.getChart(ps.span, ps.limit, ps.offset ? new Date(ps.offset) : null, ps.userId);
if (!canViewFollowers) {
chart.local.followers = {
total: [],
inc: [],
dec: [],
};
chart.remote.followers = {
total: [],
inc: [],
dec: [],
};
}
if (!canViewFollowing) {
chart.local.followings = {
total: [],
inc: [],
dec: [],
};
chart.remote.followings = {
total: [],
inc: [],
dec: [],
};
}
return chart;
});
}
}

6
packages/backend/src/server/api/endpoints/charts/user/notes.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/user/pv.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/user/reactions.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

6
packages/backend/src/server/api/endpoints/charts/users.ts
View file

@ -17,11 +17,11 @@ export const meta = {
allowGet: true,
cacheSec: 60 * 60,
// Burst up to 100, then 2/sec average
// Burst up to 200, then 5/sec average
limit: {
type: 'bucket',
size: 100,
dripRate: 500,
size: 200,
dripRate: 200,
},
} as const;

75
packages/backend/src/server/api/endpoints/chat/history.ts Normal file
View file

@ -0,0 +1,75 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { DI } from '@/di-symbols.js';
import { ChatService } from '@/core/ChatService.js';
import { ChatEntityService } from '@/core/entities/ChatEntityService.js';
import { ApiError } from '@/server/api/error.js';
export const meta = {
tags: ['chat'],
requireCredential: true,
kind: 'read:chat',
res: {
type: 'array',
optional: false, nullable: false,
items: {
type: 'object',
optional: false, nullable: false,
ref: 'ChatMessage',
},
},
errors: {
},
} as const;
export const paramDef = {
type: 'object',
properties: {
limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
room: { type: 'boolean', default: false },
},
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private chatEntityService: ChatEntityService,
private chatService: ChatService,
) {
super(meta, paramDef, async (ps, me) => {
await this.chatService.checkChatAvailability(me.id, 'read');
const history = ps.room ? await this.chatService.roomHistory(me.id, ps.limit) : await this.chatService.userHistory(me.id, ps.limit);
const packedMessages = await this.chatEntityService.packMessagesDetailed(history, me);
if (ps.room) {
const roomIds = history.map(m => m.toRoomId!);
const readStateMap = await this.chatService.getRoomReadStateMap(me.id, roomIds);
for (const message of packedMessages) {
message.isRead = readStateMap[message.toRoomId!] ?? false;
}
} else {
const otherIds = history.map(m => m.fromUserId === me.id ? m.toUserId! : m.fromUserId!);
const readStateMap = await this.chatService.getUserReadStateMap(me.id, otherIds);
for (const message of packedMessages) {
const otherId = message.fromUserId === me.id ? message.toUserId! : message.fromUserId!;
message.isRead = readStateMap[otherId] ?? false;
}
}
return packedMessages;
});
}
}

122
packages/backend/src/server/api/endpoints/chat/messages/create-to-room.ts Normal file
View file

@ -0,0 +1,122 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { GetterService } from '@/server/api/GetterService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { ChatService } from '@/core/ChatService.js';
import type { DriveFilesRepository, MiUser } from '@/models/_.js';
import type { Config } from '@/config.js';
export const meta = {
tags: ['chat'],
requireCredential: true,
prohibitMoved: true,
kind: 'write:chat',
// Up to 10 message burst, then 2/second
limit: {
type: 'bucket',
size: 10,
dripRate: 500,
},
res: {
type: 'object',
optional: false, nullable: false,
ref: 'ChatMessageLiteForRoom',
},
errors: {
noSuchRoom: {
message: 'No such room.',
code: 'NO_SUCH_ROOM',
id: '8098520d-2da5-4e8f-8ee1-df78b55a4ec6',
},
noSuchFile: {
message: 'No such file.',
code: 'NO_SUCH_FILE',
id: 'b6accbd3-1d7b-4d9f-bdb7-eb185bac06db',
},
contentRequired: {
message: 'Content required. You need to set text or fileId.',
code: 'CONTENT_REQUIRED',
id: '340517b7-6d04-42c0-bac1-37ee804e3594',
},
maxLength: {
message: 'You tried posting a message which is too long.',
code: 'MAX_LENGTH',
id: '3ac74a84-8fd5-4bb0-870f-01804f82ce16',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
text: { type: 'string', nullable: true, minLength: 1 },
fileId: { type: 'string', format: 'misskey:id' },
toRoomId: { type: 'string', format: 'misskey:id' },
},
required: ['toRoomId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.driveFilesRepository)
private driveFilesRepository: DriveFilesRepository,
@Inject(DI.config)
private config: Config,
private getterService: GetterService,
private chatService: ChatService,
) {
super(meta, paramDef, async (ps, me) => {
await this.chatService.checkChatAvailability(me.id, 'write');
if (ps.text && ps.text.length > this.config.maxNoteLength) {
throw new ApiError(meta.errors.maxLength);
}
const room = await this.chatService.findRoomById(ps.toRoomId);
if (room == null) {
throw new ApiError(meta.errors.noSuchRoom);
}
let file = null;
if (ps.fileId != null) {
file = await this.driveFilesRepository.findOneBy({
id: ps.fileId,
userId: me.id,
});
if (file == null) {
throw new ApiError(meta.errors.noSuchFile);
}
}
// テキストが無いかつ添付ファイルも無かったらエラー
if (ps.text == null && file == null) {
throw new ApiError(meta.errors.contentRequired);
}
return await this.chatService.createMessageToRoom(me, room, {
text: ps.text,
file: file,
});
});
}
}

139
packages/backend/src/server/api/endpoints/chat/messages/create-to-user.ts Normal file
View file

@ -0,0 +1,139 @@
/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { GetterService } from '@/server/api/GetterService.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { ChatService } from '@/core/ChatService.js';
import type { DriveFilesRepository, MiUser } from '@/models/_.js';
import type { Config } from '@/config.js';
export const meta = {
tags: ['chat'],
requireCredential: true,
prohibitMoved: true,
kind: 'write:chat',
// Up to 10 message burst, then 2/second
limit: {
type: 'bucket',
size: 10,
dripRate: 500,
},
res: {
type: 'object',
optional: false, nullable: false,
ref: 'ChatMessageLiteFor1on1',
},
errors: {
recipientIsYourself: {
message: 'You can not send a message to yourself.',
code: 'RECIPIENT_IS_YOURSELF',
id: '17e2ba79-e22a-4cbc-bf91-d327643f4a7e',
},
noSuchUser: {
message: 'No such user.',
code: 'NO_SUCH_USER',
id: '11795c64-40ea-4198-b06e-3c873ed9039d',
},
noSuchFile: {
message: 'No such file.',
code: 'NO_SUCH_FILE',
id: '4372b8e2-185d-4146-8749-2f68864a3e5f',
},
contentRequired: {
message: 'Content required. You need to set text or fileId.',
code: 'CONTENT_REQUIRED',
id: '25587321-b0e6-449c-9239-f8925092942c',
},
youHaveBeenBlocked: {
message: 'You cannot send a message because you have been blocked by this user.',
code: 'YOU_HAVE_BEEN_BLOCKED',
id: 'c15a5199-7422-4968-941a-2a462c478f7d',
},
maxLength: {
message: 'You tried posting a message which is too long.',
code: 'MAX_LENGTH',
id: '3ac74a84-8fd5-4bb0-870f-01804f82ce16',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
text: { type: 'string', nullable: true, minLength: 1 },
fileId: { type: 'string', format: 'misskey:id' },
toUserId: { type: 'string', format: 'misskey:id' },
},
required: ['toUserId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
@Inject(DI.driveFilesRepository)
private driveFilesRepository: DriveFilesRepository,
@Inject(DI.config)
private config: Config,
private getterService: GetterService,
private chatService: ChatService,
) {
super(meta, paramDef, async (ps, me) => {
await this.chatService.checkChatAvailability(me.id, 'write');
if (ps.text && ps.text.length > this.config.maxNoteLength) {
throw new ApiError(meta.errors.maxLength);
}
let file = null;
if (ps.fileId != null) {
file = await this.driveFilesRepository.findOneBy({
id: ps.fileId,
userId: me.id,
});
if (file == null) {
throw new ApiError(meta.errors.noSuchFile);
}
}
// テキストが無いかつ添付ファイルも無かったらエラー
if (ps.text == null && file == null) {
throw new ApiError(meta.errors.contentRequired);
}
// Myself
if (ps.toUserId === me.id) {
throw new ApiError(meta.errors.recipientIsYourself);
}
const toUser = await this.getterService.getUser(ps.toUserId).catch(err => {
if (err.id === '15348ddd-432d-49c2-8a5a-8069753becff') throw new ApiError(meta.errors.noSuchUser);
throw err;
});
return await this.chatService.createMessageToUser(me, toUser, {
text: ps.text,
file: file,
});
});
}
}

Some files were not shown because too many files have changed in this diff Show more