fix #18, cache users from fediverse

2019-09-12 14:59:51 +02:00
parent fca3b8739d
commit cf5c09e3b1
9 changed files with 158 additions and 34 deletions
--- a/server/api/controller/user.js
+++ b/server/api/controller/user.js
@@ -6,7 +6,7 @@ const { Op } = require('sequelize')
 const jsonwebtoken = require('jsonwebtoken')
 const config = require('config')
 const mail = require('../mail')
-const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
+const { user: User, event: Event, tag: Tag, place: Place, fed_users: FedUsers } = require('../models')
 const settingsController = require('./settings')
 const federation = require('../../federation/helpers')

@@ -207,8 +207,10 @@ const userController = {
    }
  },

-  current (req, res) {
-    if (req.user) { res.json(req.user) } else { res.sendStatus(404) }
+  async current (req, res) {
+    if (!req.user) return res.status(400).send('Not logged')
+    const user = await User.findByPk(req.user.id, { include: [ FedUsers ]})
+    res.json(user) 
  },

  async getAll (req, res) {
--- a/server/api/models/fed_users.js
+++ b/server/api/models/fed_users.js
@@ -0,0 +1,13 @@
+module.exports = (sequelize, DataTypes) => {
+  const fed_users = sequelize.define('fed_users', {
+    ap_id: {
+      type: DataTypes.STRING,
+      primaryKey: true
+    },
+    object: DataTypes.JSON
+  }, {})
+  fed_users.associate = function(models) {
+    // associations can be defined here
+  };
+  return fed_users
+}
--- a/server/api/models/user.js
+++ b/server/api/models/user.js
@@ -28,10 +28,6 @@ module.exports = (sequelize, DataTypes) => {
    is_admin: DataTypes.BOOLEAN,
    is_active: DataTypes.BOOLEAN,
    rsa: DataTypes.JSON,
-    followers: {
-      type: DataTypes.JSON,
-      defaultValue: []
-    }
  }, {
    scopes: {
      withoutPassword: {
@@ -43,6 +39,7 @@ module.exports = (sequelize, DataTypes) => {
  user.associate = function (models) {
    // associations can be defined here
    user.hasMany(models.event)
+    user.belongsToMany(models.fed_users, { through: 'user_followers' })
  }

  user.prototype.comparePassword = async function (pwd) {
--- a/server/federation/follows.js
+++ b/server/federation/follows.js
@@ -1,6 +1,6 @@
 const config = require('config')
 const Helpers = require('./helpers')
-const { user: User } = require('../api/models')
+const { user: User, fed_users: FedUsers } = require('../api/models')
 const crypto = require('crypto')
 const debug = require('debug')('federation:follows')

@@ -10,13 +10,14 @@ module.exports = {
    const body = req.body
    if (typeof body.object !== 'string') { return }
    const username = body.object.replace(`${config.baseurl}/federation/u/`, '')
-    const user = await User.findOne({ where: { username } })
+    const user = await User.findOne({ where: { username }, include: [ FedUsers ] })
    if (!user) { return res.status(404).send('User not found') }

    // check for duplicate
-    if (!user.followers.includes(body.actor)) {
-      await user.update({ followers: [...user.followers, body.actor] })
-      debug('%s followed by %s (%d)', username, body.actor, user.followers.length)
+    if (!user.fed_users.includes(body.actor)) {
+      await user.addFed_users([req.fedi_user.id])
+      // await user.update({ followers: [...user.followers, body.actor] })
+      debug('%s followed by %s (%d)', username, body.actor, user.fed_users.length+1)
    } else {
      debug('duplicate %s followed by %s', username, body.actor)
    }
@@ -39,13 +40,13 @@ module.exports = {
    const user = await User.findOne({ where: { username } })
    if (!user) { return res.status(404).send('User not found') }

-    if (body.actor !== body.object.actor) {
+    if (body.actor !== body.object.actor || body.actor !== req.fedi_user.id) {
      debug('Unfollow an user created by a different actor !?!?')
      return res.status(400).send('Bad things')
    }
-    const followers = user.followers.filter(follower => follower !== body.actor)
-    await user.update({ followers })
-    debug('%s unfollowed by %s (%d)', username, body.actor, user.followers.length)
+
+    if (req.fedi_user) await user.removeFed_users(req.fedi_user.id)
+    debug('%s unfollowed by %s', username, body.actor)
    res.sendStatus(200)
  }
 }
--- a/server/federation/helpers.js
+++ b/server/federation/helpers.js
@@ -4,7 +4,7 @@ const crypto = require('crypto')
 const config = require('config')
 const httpSignature = require('http-signature')
 const debug = require('debug')('federation:helpers')
-const { user: User } = require('../api/models')
+const { user: User, fed_users: FedUsers } = require('../api/models')
 const url = require('url')

 const actorCache = []
@@ -40,13 +40,15 @@ const Helpers = {
  },

  async sendEvent (event, user) {
-    // TODO: has to use sharedInbox!
    // event is sent by user that published it and by the admin instance
-    const instanceAdmin = await User.findOne({ where: { email: config.admin } })
+    // collect followers from admin and user
+    const instanceAdmin = await User.findOne({ where: { email: config.admin, include: FedUsers } })
    if (!instanceAdmin || !instanceAdmin.username) {
      debug('Instance admin not found (there is no user with email => %s)', config.admin)
      return
    }
+    console.error(instanceAdmin)
+    return

    for (const follower of instanceAdmin.followers) {
      debug('Notify %s with event %s (from admin user %s)', follower, event.title, instanceAdmin.username)
@@ -89,18 +91,23 @@ const Helpers = {
    }
  },

-  async getFederatedUser (address) {
-    address = address.trim()
-    const [ username, host ] = address.split('@')
-    const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}`
-    return Helpers.getActor(url)
-  },
+  // DO NOT USE THIS! (why is this needed btw?)
+  // async getFederatedUser (address) {
+  //   address = address.trim()
+  //   const [ username, host ] = address.split('@')
+  //   const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}`
+  //   return Helpers.getActor(url)
+  // },

  // TODO: cache
  async getActor (url, force = false) {
+    let fedi_user
+    
    // try with cache first
-    if (!force && actorCache[url]) { return actorCache[url] }
-    const user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
+    if (!force) fedi_user = await FedUsers.findByPk(url)
+
+    if (fedi_user) return fedi_user.object
+    fedi_user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
      .then(res => {
        if (!res.ok) {
          debug('[ERR] Actor %s => %s', url, res.statusText)
@@ -108,32 +115,37 @@ const Helpers = {
        }
        return res.json()
      })
-    actorCache[url] = user
-    return user
+    if (fedi_user) {
+      await FedUsers.create({ap_id: url, object: fedi_user})
+    }
+    return fedi_user
  },

  // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
  async verifySignature (req, res, next) {
    let user = await Helpers.getActor(req.body.actor)
    if (!user) { return res.status(401).send('Actor not found') }
-
+    
    // little hack -> https://github.com/joyent/node-http-signature/pull/83
    req.headers.authorization = 'Signature ' + req.headers.signature
+    
+    req.fedi_user = user

    // another little hack :/
    // https://github.com/joyent/node-http-signature/issues/87
    req.url = '/federation' + req.url
    const parsed = httpSignature.parseRequest(req)
    if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
-
+    
    // signature not valid, try without cache
    user = await Helpers.getActor(req.body.actor, true)
    if (!user) { return res.status(401).send('Actor not found') }
    if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
-
+    
    // still not valid
    debug('Invalid signature from user %s', req.body.actor)
    res.send('Request signature could not be verified', 401)
+
  }
 }

--- a/server/federation/users.js
+++ b/server/federation/users.js
@@ -1,4 +1,4 @@
-const { user: User, event: Event, place: Place, tag: Tag } = require('../api/models')
+const { user: User, event: Event, place: Place, tag: Tag, fed_users: FedUsers } = require('../api/models')
 const config = require('config')
 const get = require('lodash/get')
 const debug = require('debug')('fediverse:user')
@@ -45,7 +45,7 @@ module.exports = {
    const page = req.query.page
    debug('Retrieve %s followers', name)
    if (!name) return res.status(400).send('Bad request.')
-    const user = await User.findOne({where: { username: name }})
+    const user = await User.findOne({where: { username: name }, include: [FedUsers]})
    if (!user) return res.status(404).send(`No record found for ${name}`)

    res.type('application/activity+json; charset=utf-8')
--- a/server/migrations/20190911204228-recurrent.js
+++ b/server/migrations/20190911204228-recurrent.js
@@ -0,0 +1,27 @@
+'use strict';
+
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    return queryInterface.addColumn('events', 'recurrent', {
+      type: Sequelize.JSON
+    })
+
+    /*
+      Add altering commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.createTable('users', { id: Sequelize.INTEGER });
+    */
+  },
+
+  down: (queryInterface, Sequelize) => {
+    /*
+      Add reverting commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.dropTable('users');
+    */
+  }
+};
--- a/server/migrations/20190912093154-create-fed-users.js
+++ b/server/migrations/20190912093154-create-fed-users.js
@@ -0,0 +1,25 @@
+'use strict';
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    return queryInterface.createTable('fed_users', {
+      ap_id: {
+        type: Sequelize.STRING,
+        primaryKey: true
+      },
+      object: {
+        type: Sequelize.JSON
+      },
+      createdAt: {
+        allowNull: false,
+        type: Sequelize.DATE
+      },
+      updatedAt: {
+        allowNull: false,
+        type: Sequelize.DATE
+      }
+    });
+  },
+  down: (queryInterface, Sequelize) => {
+    return queryInterface.dropTable('fed_users');
+  }
+};
--- a/server/migrations/20190912093645-fedi_followers.js
+++ b/server/migrations/20190912093645-fedi_followers.js
@@ -0,0 +1,47 @@
+'use strict';
+
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    return Promise.all([
+      queryInterface.removeColumn('users', 'followers'),
+      queryInterface.createTable('user_followers', {
+        userId: {
+          type: Sequelize.INTEGER,
+          references: {
+            model: 'users',
+            key: 'id'
+          },
+          primaryKey: true,
+          allowNull: false
+        },
+        fedUserApId: {
+          primaryKey: true,
+          type: Sequelize.STRING,
+          references: {
+            model: 'fed_users',
+            key: 'ap_id'
+          }
+        },
+        createdAt: { type: Sequelize.DATE, allowNull: false },
+        updatedAt: { type: Sequelize.DATE, allowNull: false }        
+      })
+  ])},
+
+  down: (queryInterface, Sequelize) => {
+    return Promise.all([
+      queryInterface.addColumn(
+      'users', 'followers', {
+        type: JSON,
+        defaultValue: []
+      }),
+      queryInterface.dropTable('user_followers')
+    ])
+    /*
+      Add reverting commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.dropTable('users');
+    */
+  }
+};