diff --git a/server/api/controller/user.js b/server/api/controller/user.js index 0402b04f..b80e0c94 100644 --- a/server/api/controller/user.js +++ b/server/api/controller/user.js @@ -6,7 +6,7 @@ const { Op } = require('sequelize') const jsonwebtoken = require('jsonwebtoken') const config = require('config') const mail = require('../mail') -const { user: User, event: Event, tag: Tag, place: Place } = require('../models') +const { user: User, event: Event, tag: Tag, place: Place, fed_users: FedUsers } = require('../models') const settingsController = require('./settings') const federation = require('../../federation/helpers') @@ -207,8 +207,10 @@ const userController = { } }, - current (req, res) { - if (req.user) { res.json(req.user) } else { res.sendStatus(404) } + async current (req, res) { + if (!req.user) return res.status(400).send('Not logged') + const user = await User.findByPk(req.user.id, { include: [ FedUsers ]}) + res.json(user) }, async getAll (req, res) { diff --git a/server/api/models/fed_users.js b/server/api/models/fed_users.js new file mode 100644 index 00000000..7b478052 --- /dev/null +++ b/server/api/models/fed_users.js @@ -0,0 +1,13 @@ +module.exports = (sequelize, DataTypes) => { + const fed_users = sequelize.define('fed_users', { + ap_id: { + type: DataTypes.STRING, + primaryKey: true + }, + object: DataTypes.JSON + }, {}) + fed_users.associate = function(models) { + // associations can be defined here + }; + return fed_users +} \ No newline at end of file diff --git a/server/api/models/user.js b/server/api/models/user.js index 809d9430..ffc608a5 100644 --- a/server/api/models/user.js +++ b/server/api/models/user.js @@ -28,10 +28,6 @@ module.exports = (sequelize, DataTypes) => { is_admin: DataTypes.BOOLEAN, is_active: DataTypes.BOOLEAN, rsa: DataTypes.JSON, - followers: { - type: DataTypes.JSON, - defaultValue: [] - } }, { scopes: { withoutPassword: { @@ -43,6 +39,7 @@ module.exports = (sequelize, DataTypes) => { user.associate = function (models) { // associations can be defined here user.hasMany(models.event) + user.belongsToMany(models.fed_users, { through: 'user_followers' }) } user.prototype.comparePassword = async function (pwd) { diff --git a/server/federation/follows.js b/server/federation/follows.js index 4fe8facf..5d6cf4b6 100644 --- a/server/federation/follows.js +++ b/server/federation/follows.js @@ -1,6 +1,6 @@ const config = require('config') const Helpers = require('./helpers') -const { user: User } = require('../api/models') +const { user: User, fed_users: FedUsers } = require('../api/models') const crypto = require('crypto') const debug = require('debug')('federation:follows') @@ -10,13 +10,14 @@ module.exports = { const body = req.body if (typeof body.object !== 'string') { return } const username = body.object.replace(`${config.baseurl}/federation/u/`, '') - const user = await User.findOne({ where: { username } }) + const user = await User.findOne({ where: { username }, include: [ FedUsers ] }) if (!user) { return res.status(404).send('User not found') } // check for duplicate - if (!user.followers.includes(body.actor)) { - await user.update({ followers: [...user.followers, body.actor] }) - debug('%s followed by %s (%d)', username, body.actor, user.followers.length) + if (!user.fed_users.includes(body.actor)) { + await user.addFed_users([req.fedi_user.id]) + // await user.update({ followers: [...user.followers, body.actor] }) + debug('%s followed by %s (%d)', username, body.actor, user.fed_users.length+1) } else { debug('duplicate %s followed by %s', username, body.actor) } @@ -39,13 +40,13 @@ module.exports = { const user = await User.findOne({ where: { username } }) if (!user) { return res.status(404).send('User not found') } - if (body.actor !== body.object.actor) { + if (body.actor !== body.object.actor || body.actor !== req.fedi_user.id) { debug('Unfollow an user created by a different actor !?!?') return res.status(400).send('Bad things') } - const followers = user.followers.filter(follower => follower !== body.actor) - await user.update({ followers }) - debug('%s unfollowed by %s (%d)', username, body.actor, user.followers.length) + + if (req.fedi_user) await user.removeFed_users(req.fedi_user.id) + debug('%s unfollowed by %s', username, body.actor) res.sendStatus(200) } } diff --git a/server/federation/helpers.js b/server/federation/helpers.js index c780c6d0..abf58382 100644 --- a/server/federation/helpers.js +++ b/server/federation/helpers.js @@ -4,7 +4,7 @@ const crypto = require('crypto') const config = require('config') const httpSignature = require('http-signature') const debug = require('debug')('federation:helpers') -const { user: User } = require('../api/models') +const { user: User, fed_users: FedUsers } = require('../api/models') const url = require('url') const actorCache = [] @@ -40,13 +40,15 @@ const Helpers = { }, async sendEvent (event, user) { - // TODO: has to use sharedInbox! // event is sent by user that published it and by the admin instance - const instanceAdmin = await User.findOne({ where: { email: config.admin } }) + // collect followers from admin and user + const instanceAdmin = await User.findOne({ where: { email: config.admin, include: FedUsers } }) if (!instanceAdmin || !instanceAdmin.username) { debug('Instance admin not found (there is no user with email => %s)', config.admin) return } + console.error(instanceAdmin) + return for (const follower of instanceAdmin.followers) { debug('Notify %s with event %s (from admin user %s)', follower, event.title, instanceAdmin.username) @@ -89,18 +91,23 @@ const Helpers = { } }, - async getFederatedUser (address) { - address = address.trim() - const [ username, host ] = address.split('@') - const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}` - return Helpers.getActor(url) - }, + // DO NOT USE THIS! (why is this needed btw?) + // async getFederatedUser (address) { + // address = address.trim() + // const [ username, host ] = address.split('@') + // const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}` + // return Helpers.getActor(url) + // }, // TODO: cache async getActor (url, force = false) { + let fedi_user + // try with cache first - if (!force && actorCache[url]) { return actorCache[url] } - const user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } }) + if (!force) fedi_user = await FedUsers.findByPk(url) + + if (fedi_user) return fedi_user.object + fedi_user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } }) .then(res => { if (!res.ok) { debug('[ERR] Actor %s => %s', url, res.statusText) @@ -108,32 +115,37 @@ const Helpers = { } return res.json() }) - actorCache[url] = user - return user + if (fedi_user) { + await FedUsers.create({ap_id: url, object: fedi_user}) + } + return fedi_user }, // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/ async verifySignature (req, res, next) { let user = await Helpers.getActor(req.body.actor) if (!user) { return res.status(401).send('Actor not found') } - + // little hack -> https://github.com/joyent/node-http-signature/pull/83 req.headers.authorization = 'Signature ' + req.headers.signature + + req.fedi_user = user // another little hack :/ // https://github.com/joyent/node-http-signature/issues/87 req.url = '/federation' + req.url const parsed = httpSignature.parseRequest(req) if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() } - + // signature not valid, try without cache user = await Helpers.getActor(req.body.actor, true) if (!user) { return res.status(401).send('Actor not found') } if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() } - + // still not valid debug('Invalid signature from user %s', req.body.actor) res.send('Request signature could not be verified', 401) + } } diff --git a/server/federation/users.js b/server/federation/users.js index 4e9a1df4..79db6778 100644 --- a/server/federation/users.js +++ b/server/federation/users.js @@ -1,4 +1,4 @@ -const { user: User, event: Event, place: Place, tag: Tag } = require('../api/models') +const { user: User, event: Event, place: Place, tag: Tag, fed_users: FedUsers } = require('../api/models') const config = require('config') const get = require('lodash/get') const debug = require('debug')('fediverse:user') @@ -45,7 +45,7 @@ module.exports = { const page = req.query.page debug('Retrieve %s followers', name) if (!name) return res.status(400).send('Bad request.') - const user = await User.findOne({where: { username: name }}) + const user = await User.findOne({where: { username: name }, include: [FedUsers]}) if (!user) return res.status(404).send(`No record found for ${name}`) res.type('application/activity+json; charset=utf-8') diff --git a/server/migrations/20190911204228-recurrent.js b/server/migrations/20190911204228-recurrent.js new file mode 100644 index 00000000..d119ede8 --- /dev/null +++ b/server/migrations/20190911204228-recurrent.js @@ -0,0 +1,27 @@ +'use strict'; + +module.exports = { + up: (queryInterface, Sequelize) => { + return queryInterface.addColumn('events', 'recurrent', { + type: Sequelize.JSON + }) + + /* + Add altering commands here. + Return a promise to correctly handle asynchronicity. + + Example: + return queryInterface.createTable('users', { id: Sequelize.INTEGER }); + */ + }, + + down: (queryInterface, Sequelize) => { + /* + Add reverting commands here. + Return a promise to correctly handle asynchronicity. + + Example: + return queryInterface.dropTable('users'); + */ + } +}; diff --git a/server/migrations/20190912093154-create-fed-users.js b/server/migrations/20190912093154-create-fed-users.js new file mode 100644 index 00000000..524cef53 --- /dev/null +++ b/server/migrations/20190912093154-create-fed-users.js @@ -0,0 +1,25 @@ +'use strict'; +module.exports = { + up: (queryInterface, Sequelize) => { + return queryInterface.createTable('fed_users', { + ap_id: { + type: Sequelize.STRING, + primaryKey: true + }, + object: { + type: Sequelize.JSON + }, + createdAt: { + allowNull: false, + type: Sequelize.DATE + }, + updatedAt: { + allowNull: false, + type: Sequelize.DATE + } + }); + }, + down: (queryInterface, Sequelize) => { + return queryInterface.dropTable('fed_users'); + } +}; \ No newline at end of file diff --git a/server/migrations/20190912093645-fedi_followers.js b/server/migrations/20190912093645-fedi_followers.js new file mode 100644 index 00000000..0394b8ed --- /dev/null +++ b/server/migrations/20190912093645-fedi_followers.js @@ -0,0 +1,47 @@ +'use strict'; + +module.exports = { + up: (queryInterface, Sequelize) => { + return Promise.all([ + queryInterface.removeColumn('users', 'followers'), + queryInterface.createTable('user_followers', { + userId: { + type: Sequelize.INTEGER, + references: { + model: 'users', + key: 'id' + }, + primaryKey: true, + allowNull: false + }, + fedUserApId: { + primaryKey: true, + type: Sequelize.STRING, + references: { + model: 'fed_users', + key: 'ap_id' + } + }, + createdAt: { type: Sequelize.DATE, allowNull: false }, + updatedAt: { type: Sequelize.DATE, allowNull: false } + }) + ])}, + + down: (queryInterface, Sequelize) => { + return Promise.all([ + queryInterface.addColumn( + 'users', 'followers', { + type: JSON, + defaultValue: [] + }), + queryInterface.dropTable('user_followers') + ]) + /* + Add reverting commands here. + Return a promise to correctly handle asynchronicity. + + Example: + return queryInterface.dropTable('users'); + */ + } +};