diff --git a/packages/backend/src/core/RemoteUserResolveService.ts b/packages/backend/src/core/RemoteUserResolveService.ts index df2c307780..3d21cb92a9 100644 --- a/packages/backend/src/core/RemoteUserResolveService.ts +++ b/packages/backend/src/core/RemoteUserResolveService.ts @@ -17,12 +17,18 @@ import { RemoteLoggerService } from '@/core/RemoteLoggerService.js'; import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js'; import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js'; import { TimeService } from '@/global/TimeService.js'; +import { CacheService } from '@/core/CacheService.js'; +import { IdentifiableError } from '@/misc/identifiable-error.js'; +import { InternalEventService } from '@/global/InternalEventService.js'; +import * as Acct from '@/misc/acct.js'; +import { isRemoteUser } from '@/models/User.js'; import { bindThis } from '@/decorators.js'; import { renderInlineError } from '@/misc/render-inline-error.js'; @Injectable() export class RemoteUserResolveService { private logger: Logger; + private readonly selfHost: string; constructor( @Inject(DI.config) @@ -36,88 +42,112 @@ export class RemoteUserResolveService { private remoteLoggerService: RemoteLoggerService, private apDbResolverService: ApDbResolverService, private apPersonService: ApPersonService, + private readonly cacheService: CacheService, + private readonly internalEventService: InternalEventService, private readonly timeService: TimeService, ) { this.logger = this.remoteLoggerService.logger.createSubLogger('resolve-user'); + this.selfHost = this.utilityService.toPuny(this.config.host); } @bindThis public async resolveUser(username: string, host: string | null): Promise { - const usernameLower = username.toLowerCase(); + // Normalize inputs + username = username.toLowerCase(); + host = host ? this.utilityService.toPuny(host) : null; // unicode -> punycode + host = host !== this.selfHost ? host : null; // self-host -> null + const acct = Acct.toString({ username, host }); // username+host -> acct (handle) - if (host == null) { - return await this.usersRepository.findOneByOrFail({ usernameLower, host: IsNull() }) as MiLocalUser; + // Try fetch from DB + let user = await this.cacheService.findUserByAcct(acct).catch(() => null); // Error is expected if the user doesn't exist yet + + // Opportunistically update remote users + if (user != null && isRemoteUser(user)) { + user = await this.tryUpdateUser(user, acct); } - host = this.utilityService.toPuny(host); - - if (host === this.utilityService.toPuny(this.config.host)) { - return await this.usersRepository.findOneByOrFail({ usernameLower, host: IsNull() }) as MiLocalUser; + // Try resolve from AP + if (user == null && host != null) { + user = await this.tryCreateUser(acct); } - const user = await this.usersRepository.findOneBy({ usernameLower, host }) as MiRemoteUser | null; - - const acctLower = `${usernameLower}@${host}`; - + // Failed to fetch or resolve if (user == null) { - const self = await this.resolveSelf(acctLower); + throw new IdentifiableError('15348ddd-432d-49c2-8a5a-8069753becff', `Could not resolve user ${acct}`); + } + + return user as MiLocalUser | MiRemoteUser; + } + + @bindThis + private async tryCreateUser(acct: string): Promise { + try { + const self = await this.resolveSelf(acct); if (this.utilityService.isUriLocal(self.href)) { - const local = this.apDbResolverService.parseUri(self.href); - if (local.local && local.type === 'users') { - // the LR points to local - return (await this.apDbResolverService - .getUserFromApId(self.href) - .then((u) => { - if (u == null) { - throw new Error(`local user not found: ${self.href}`); - } else { - return u; - } - })) as MiLocalUser; - } + this.logger.warn(`Ignoring WebFinger response for ${chalk.magenta(acct)}: remote URI points to a local user.`); + return null; } - this.logger.info(`Fetching new remote user ${chalk.magenta(acctLower)} from ${self.href}`); + this.logger.info(`Fetching new remote user ${chalk.magenta(acct)} from ${self.href}`); return await this.apPersonService.createPerson(self.href); + } catch (err) { + this.logger.warn(`Failed to resolve user ${acct}: ${renderInlineError(err)}`); + return null; + } + } + + @bindThis + private async tryUpdateUser(user: MiRemoteUser, acctLower: string): Promise { + // Don't update unless the user is at least 24 hours outdated. + // ユーザー情報が古い場合は、WebFingerからやりなおして返す + if (user.lastFetchedAt != null && this.timeService.now - user.lastFetchedAt.getTime() <= 1000 * 60 * 60 * 24) { + return user; } - // ユーザー情報が古い場合は、WebFingerからやりなおして返す - if (user.lastFetchedAt == null || this.timeService.now - user.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) { + try { + // Resolve via webfinger + const self = await this.resolveSelf(acctLower); + + // Update the user + await this.tryUpdateUri(user, acctLower, self.href); + await this.apPersonService.updatePerson(self.href); + } catch (err) { + this.logger.warn(`Could not update user ${acctLower}; will continue with outdated local copy: ${renderInlineError(err)}`); + } finally { + // Always mark as updated so we don't get stuck here for missing remote users. // 繋がらないインスタンスに何回も試行するのを防ぐ, 後続の同様処理の連続試行を防ぐ ため 試行前にも更新する await this.usersRepository.update(user.id, { lastFetchedAt: this.timeService.date, }); - - const self = await this.resolveSelf(acctLower); - - if (user.uri !== self.href) { - // if uri mismatch, Fix (user@host <=> AP's Person id(RemoteUser.uri)) mapping. - this.logger.warn(`Detected URI mismatch for ${acctLower}`); - - // validate uri - const uriHost = this.utilityService.extractDbHost(self.href); - if (uriHost !== host) { - throw new Error(`Failed to correct URI for ${acctLower}: new URI ${self.href} has different host from previous URI ${user.uri}`); - } - - await this.usersRepository.update({ - usernameLower, - host: host, - }, { - uri: self.href, - }); - await this.apPersonService.uriPersonCache.delete(user.uri); // Unmap the old URI - } - - this.logger.info(`Corrected URI for ${acctLower} from ${user.uri} to ${self.href}`); - - await this.apPersonService.updatePerson(self.href); - - return await this.usersRepository.findOneByOrFail({ uri: self.href }) as MiLocalUser | MiRemoteUser; } - return user; + // Reload user + return await this.cacheService.findRemoteUserById(user.id); + } + + @bindThis + private async tryUpdateUri(user: MiRemoteUser, acct: string, href: string): Promise { + // Only update if there's actually a mismatch + if (user.uri === href) { + return; + } + + // if uri mismatch, Fix (user@host <=> AP's Person id(RemoteUser.uri)) mapping. + this.logger.warn(`Detected URI mismatch for ${acct}`); + + // validate uri + const uriHost = this.utilityService.extractDbHost(href); + if (uriHost !== user.host) { + throw new Error(`Failed to correct URI for ${acct}: new URI ${href} has different host from previous URI ${user.uri}`); + } + + // Update URI + await this.usersRepository.update({ id: user.id }, { uri: href }); // Update the user + await this.apPersonService.uriPersonCache.delete(user.uri); // Unmap the old URI + await this.internalEventService.emit('remoteUserUpdated', { id: user.id }); // Update caches + + this.logger.info(`Corrected URI for ${acct} from ${user.uri} to ${href}`); } @bindThis diff --git a/packages/backend/src/core/UtilityService.ts b/packages/backend/src/core/UtilityService.ts index 8ebf7e6f52..4a8145bddd 100644 --- a/packages/backend/src/core/UtilityService.ts +++ b/packages/backend/src/core/UtilityService.ts @@ -15,6 +15,23 @@ import type { MiMeta, SoftwareSuspension } from '@/models/Meta.js'; import type { MiInstance } from '@/models/Instance.js'; import { IdentifiableError } from '@/misc/identifiable-error.js'; import { EnvService } from '@/global/EnvService.js'; +import { getApId, type IObject } from '@/core/activitypub/type.js'; + +export type UriParseResult = { + /** wether the URI was generated by us */ + local: true; + /** id in DB */ + id: string; + /** hint of type, e.g. "notes", "users" */ + type: string; + /** any remaining text after type and id, not including the slash after id. undefined if empty */ + rest?: string; +} | { + /** wether the URI was generated by us */ + local: false; + /** uri in DB */ + uri: string; +}; @Injectable() export class UtilityService { @@ -302,4 +319,24 @@ export class UtilityService { return false; } } + + // Moved from ApPersonService to avoid circular dependency + @bindThis + public parseUri(value: string | IObject | [string | IObject]): UriParseResult { + const separator = '/'; + + const apId = getApId(value); + const uri = new URL(apId); + if (this.toPuny(uri.host) !== this.toPuny(this.config.host)) { + return { local: false, uri: apId }; + } + + const [, type, id, ...rest] = uri.pathname.split(separator); + return { + local: true, + type, + id, + rest: rest.length === 0 ? undefined : rest.join(separator), + }; + } } diff --git a/packages/backend/src/core/activitypub/ApDbResolverService.ts b/packages/backend/src/core/activitypub/ApDbResolverService.ts index a5eb851d6c..87e3b7ed5f 100644 --- a/packages/backend/src/core/activitypub/ApDbResolverService.ts +++ b/packages/backend/src/core/activitypub/ApDbResolverService.ts @@ -19,21 +19,7 @@ import { getApId } from './type.js'; import { ApPersonService } from './models/ApPersonService.js'; import type { IObject } from './type.js'; -export type UriParseResult = { - /** wether the URI was generated by us */ - local: true; - /** id in DB */ - id: string; - /** hint of type, e.g. "notes", "users" */ - type: string; - /** any remaining text after type and id, not including the slash after id. undefined if empty */ - rest?: string; -} | { - /** wether the URI was generated by us */ - local: false; - /** uri in DB */ - uri: string; -}; +export type { UriParseResult } from '@/core/UtilityService.js'; @Injectable() export class ApDbResolverService implements OnApplicationShutdown { @@ -58,23 +44,10 @@ export class ApDbResolverService implements OnApplicationShutdown { // Caches moved to ApPersonService to avoid circular dependency } + // Moved to UtilityService to avoid circular dependency @bindThis - public parseUri(value: string | IObject | [string | IObject]): UriParseResult { - const separator = '/'; - - const apId = getApId(value); - const uri = new URL(apId); - if (this.utilityService.toPuny(uri.host) !== this.utilityService.toPuny(this.config.host)) { - return { local: false, uri: apId }; - } - - const [, type, id, ...rest] = uri.pathname.split(separator); - return { - local: true, - type, - id, - rest: rest.length === 0 ? undefined : rest.join(separator), - }; + public parseUri(value: string | IObject | [string | IObject]) { + return this.utilityService.parseUri(value); } /** @@ -102,31 +75,8 @@ export class ApDbResolverService implements OnApplicationShutdown { */ @bindThis public async getUserFromApId(value: string | IObject | [string | IObject]): Promise { - const parsed = this.parseUri(value); - - if (parsed.local) { - if (parsed.type !== 'users') return null; - - const u = await this.cacheService.findOptionalUserById(parsed.id); - - if (u == null || u.isDeleted) { - return null; - } - - return u as MiLocalUser | MiRemoteUser; - } else { - const uid = await this.apPersonService.uriPersonCache.fetchMaybe(parsed.uri); - if (uid == null) { - return null; - } - - const u = await this.cacheService.findOptionalUserById(uid); - if (u == null || u.isDeleted) { - return null; - } - - return u as MiLocalUser | MiRemoteUser; - } + const uri = getApId(value); + return await this.apPersonService.fetchPerson(uri); } /** diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index e2ecea939d..4ce0e8db3f 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -295,28 +295,38 @@ export class ApPersonService implements OnModuleInit { * Misskeyに対象のPersonが登録されていればそれを返し、登録がなければnullを返します。 */ @bindThis - public async fetchPerson(uri: string): Promise { - const cached = await this.uriPersonCache.fetchMaybe(uri); - if (cached) return await this.cacheService.findOptionalUserById(cached) as MiRemoteUser | MiLocalUser | undefined ?? null; + public async fetchPerson(uri: string, opts?: { withDeleted?: boolean, withSuspended?: boolean }): Promise { + const _opts = { + withDeleted: opts?.withDeleted ?? false, + withSuspended: opts?.withSuspended ?? true, + }; - // URIがこのサーバーを指しているならデータベースからフェッチ - if (uri.startsWith(`${this.config.url}/`)) { - const id = uri.split('/').pop(); - const u = await this.usersRepository.findOneBy({ id }) as MiLocalUser | null; - if (u) await this.uriPersonCache.set(uri, u.id); - return u; + let userId; + + // Resolve URI -> User ID + const parsed = this.utilityService.parseUri(uri); + if (parsed.local) { + userId = parsed.type === 'users' ? parsed.id : null; + } else { + userId = await this.uriPersonCache.fetch(uri).catch(() => null); } - //#region このサーバーに既に登録されていたらそれを返す - const exist = await this.usersRepository.findOneBy({ uri }) as MiLocalUser | MiRemoteUser | null; - - if (exist) { - await this.uriPersonCache.set(uri, exist.id); - return exist; + // No match + if (!userId) { + return null; } - //#endregion - return null; + const user = await this.cacheService.findUserById(userId) + .catch(() => null) as MiLocalUser | MiRemoteUser | null; + + if (user?.isDeleted && !_opts.withDeleted) { + return null; + } + if (user?.isSuspended && !_opts.withSuspended) { + return null; + } + + return user; } private async resolveAvatarAndBanner(user: MiRemoteUser, icon: any, image: any, bgimg: any): Promise>> { @@ -853,7 +863,7 @@ export class ApPersonService implements OnModuleInit { } //#region このサーバーに既に登録されていたらそれを返す - const exist = await this.fetchPerson(uri); + const exist = await this.fetchPerson(uri, { withDeleted: true }); if (exist) return exist; //#endregion diff --git a/packages/backend/src/server/SkRateLimiterService.ts b/packages/backend/src/server/SkRateLimiterService.ts index 212f00c86a..377da6605d 100644 --- a/packages/backend/src/server/SkRateLimiterService.ts +++ b/packages/backend/src/server/SkRateLimiterService.ts @@ -8,11 +8,24 @@ import Redis from 'ioredis'; import type { MiUser } from '@/models/_.js'; import { TimeService } from '@/global/TimeService.js'; import { EnvService } from '@/global/EnvService.js'; -import { BucketRateLimit, LegacyRateLimit, LimitInfo, RateLimit, hasMinLimit, isLegacyRateLimit, Keyed, hasMaxLimit, disabledLimitInfo, MaxLegacyLimit, MinLegacyLimit } from '@/misc/rate-limit-utils.js'; +import { + type BucketRateLimit, + type LegacyRateLimit, + type LimitInfo, + type RateLimit, + type Keyed, + type MaxLegacyLimit, + type MinLegacyLimit, + hasMinLimit, + isLegacyRateLimit, + hasMaxLimit, + disabledLimitInfo, +} from '@/misc/rate-limit-utils.js'; import { RoleService } from '@/core/RoleService.js'; import { CacheManagementService, type ManagedMemoryKVCache } from '@/global/CacheManagementService.js'; import { ConflictError } from '@/misc/errors/ConflictError.js'; import { DI } from '@/di-symbols.js'; +import { bindThis } from '@/decorators.js'; // Sentinel value used for caching the default role template. // Required because MemoryKVCache doesn't support null keys. @@ -64,6 +77,7 @@ export class SkRateLimiterService { * @param limit The limit definition * @param actorOrUser authenticated client user or IP hash */ + @bindThis public async limit(limit: Keyed, actorOrUser: string | MiUser): Promise { if (this.disabled) { return disabledLimitInfo; diff --git a/packages/backend/src/server/api/endpoints/users/show.ts b/packages/backend/src/server/api/endpoints/users/show.ts index 30b4719e09..1733c5e460 100644 --- a/packages/backend/src/server/api/endpoints/users/show.ts +++ b/packages/backend/src/server/api/endpoints/users/show.ts @@ -13,7 +13,7 @@ import { RemoteUserResolveService } from '@/core/RemoteUserResolveService.js'; import { DI } from '@/di-symbols.js'; import PerUserPvChart from '@/core/chart/charts/per-user-pv.js'; import { RoleService } from '@/core/RoleService.js'; -import { renderInlineError } from '@/misc/render-inline-error.js'; +import { CacheService } from '@/core/CacheService.js'; import { ApiError } from '../../error.js'; import { ApiLoggerService } from '../../ApiLoggerService.js'; import type { FindOptionsWhere } from 'typeorm'; @@ -103,6 +103,7 @@ export default class extends Endpoint { // eslint- private roleService: RoleService, private perUserPvChart: PerUserPvChart, private apiLoggerService: ApiLoggerService, + private readonly cacheService: CacheService, ) { super(meta, paramDef, async (ps, me, _1, _2, _3, ip) => { let user; @@ -115,19 +116,18 @@ export default class extends Endpoint { // eslint- return []; } - const users = await this.usersRepository.findBy(isModerator ? { - id: In(ps.userIds), - } : { - id: In(ps.userIds), - isSuspended: false, - }); + const users = await this.cacheService.findUsersById(ps.userIds); // リクエストされた通りに並べ替え // 順番は保持されるけど数は減ってる可能性がある const _users: MiUser[] = []; for (const id of ps.userIds) { - const user = users.find(x => x.id === id); - if (user != null) _users.push(user); + const user = users.get(id); + if (user != null) { + if (isModerator || !user.isSuspended) { + _users.push(user); + } + } } const _userMap = await this.userEntityService.packMany(_users, me, { schema: ps.detail ? 'UserDetailed' : 'UserLite' }) @@ -135,17 +135,14 @@ export default class extends Endpoint { // eslint- return _users.map(u => _userMap.get(u.id)!); } else { // Lookup user - if (typeof ps.host === 'string' && typeof ps.username === 'string') { - user = await this.remoteUserResolveService.resolveUser(ps.username, ps.host).catch(err => { - this.apiLoggerService.logger.warn(`failed to resolve remote user: ${renderInlineError(err)}`); - throw new ApiError(meta.errors.failedToResolveRemoteUser); - }); - } else { - const q: FindOptionsWhere = ps.userId != null - ? { id: ps.userId } - : { usernameLower: ps.username!.toLowerCase(), host: IsNull() }; + if (ps.username) { + user = await this.remoteUserResolveService.resolveUser(ps.username, ps.host ?? null).catch(() => null); + } else if (ps.userId != null) { + user = await this.cacheService.findUserById(ps.userId).catch(() => null); + } - user = await this.usersRepository.findOneBy(q); + if (user == null && ps.host != null) { + throw new ApiError(meta.errors.failedToResolveRemoteUser); } if (user == null || (!isModerator && user.isSuspended)) {