fix #18, cache users from fediverse
This commit is contained in:
les
@@ -1,6 +1,6 @@
|
||||
const config = require('config')
|
||||
const Helpers = require('./helpers')
|
||||
const { user: User } = require('../api/models')
|
||||
const { user: User, fed_users: FedUsers } = require('../api/models')
|
||||
const crypto = require('crypto')
|
||||
const debug = require('debug')('federation:follows')
|
||||
|
||||
@@ -10,13 +10,14 @@ module.exports = {
|
||||
const body = req.body
|
||||
if (typeof body.object !== 'string') { return }
|
||||
const username = body.object.replace(`${config.baseurl}/federation/u/`, '')
|
||||
const user = await User.findOne({ where: { username } })
|
||||
const user = await User.findOne({ where: { username }, include: [ FedUsers ] })
|
||||
if (!user) { return res.status(404).send('User not found') }
|
||||
|
||||
// check for duplicate
|
||||
if (!user.followers.includes(body.actor)) {
|
||||
await user.update({ followers: [...user.followers, body.actor] })
|
||||
debug('%s followed by %s (%d)', username, body.actor, user.followers.length)
|
||||
if (!user.fed_users.includes(body.actor)) {
|
||||
await user.addFed_users([req.fedi_user.id])
|
||||
// await user.update({ followers: [...user.followers, body.actor] })
|
||||
debug('%s followed by %s (%d)', username, body.actor, user.fed_users.length+1)
|
||||
} else {
|
||||
debug('duplicate %s followed by %s', username, body.actor)
|
||||
}
|
||||
@@ -39,13 +40,13 @@ module.exports = {
|
||||
const user = await User.findOne({ where: { username } })
|
||||
if (!user) { return res.status(404).send('User not found') }
|
||||
|
||||
if (body.actor !== body.object.actor) {
|
||||
if (body.actor !== body.object.actor || body.actor !== req.fedi_user.id) {
|
||||
debug('Unfollow an user created by a different actor !?!?')
|
||||
return res.status(400).send('Bad things')
|
||||
}
|
||||
const followers = user.followers.filter(follower => follower !== body.actor)
|
||||
await user.update({ followers })
|
||||
debug('%s unfollowed by %s (%d)', username, body.actor, user.followers.length)
|
||||
|
||||
if (req.fedi_user) await user.removeFed_users(req.fedi_user.id)
|
||||
debug('%s unfollowed by %s', username, body.actor)
|
||||
res.sendStatus(200)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ const crypto = require('crypto')
|
||||
const config = require('config')
|
||||
const httpSignature = require('http-signature')
|
||||
const debug = require('debug')('federation:helpers')
|
||||
const { user: User } = require('../api/models')
|
||||
const { user: User, fed_users: FedUsers } = require('../api/models')
|
||||
const url = require('url')
|
||||
|
||||
const actorCache = []
|
||||
@@ -40,13 +40,15 @@ const Helpers = {
|
||||
},
|
||||
|
||||
async sendEvent (event, user) {
|
||||
// TODO: has to use sharedInbox!
|
||||
// event is sent by user that published it and by the admin instance
|
||||
const instanceAdmin = await User.findOne({ where: { email: config.admin } })
|
||||
// collect followers from admin and user
|
||||
const instanceAdmin = await User.findOne({ where: { email: config.admin, include: FedUsers } })
|
||||
if (!instanceAdmin || !instanceAdmin.username) {
|
||||
debug('Instance admin not found (there is no user with email => %s)', config.admin)
|
||||
return
|
||||
}
|
||||
console.error(instanceAdmin)
|
||||
return
|
||||
|
||||
for (const follower of instanceAdmin.followers) {
|
||||
debug('Notify %s with event %s (from admin user %s)', follower, event.title, instanceAdmin.username)
|
||||
@@ -89,18 +91,23 @@ const Helpers = {
|
||||
}
|
||||
},
|
||||
|
||||
async getFederatedUser (address) {
|
||||
address = address.trim()
|
||||
const [ username, host ] = address.split('@')
|
||||
const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}`
|
||||
return Helpers.getActor(url)
|
||||
},
|
||||
// DO NOT USE THIS! (why is this needed btw?)
|
||||
// async getFederatedUser (address) {
|
||||
// address = address.trim()
|
||||
// const [ username, host ] = address.split('@')
|
||||
// const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}`
|
||||
// return Helpers.getActor(url)
|
||||
// },
|
||||
|
||||
// TODO: cache
|
||||
async getActor (url, force = false) {
|
||||
let fedi_user
|
||||
|
||||
// try with cache first
|
||||
if (!force && actorCache[url]) { return actorCache[url] }
|
||||
const user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
|
||||
if (!force) fedi_user = await FedUsers.findByPk(url)
|
||||
|
||||
if (fedi_user) return fedi_user.object
|
||||
fedi_user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
|
||||
.then(res => {
|
||||
if (!res.ok) {
|
||||
debug('[ERR] Actor %s => %s', url, res.statusText)
|
||||
@@ -108,32 +115,37 @@ const Helpers = {
|
||||
}
|
||||
return res.json()
|
||||
})
|
||||
actorCache[url] = user
|
||||
return user
|
||||
if (fedi_user) {
|
||||
await FedUsers.create({ap_id: url, object: fedi_user})
|
||||
}
|
||||
return fedi_user
|
||||
},
|
||||
|
||||
// ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
|
||||
async verifySignature (req, res, next) {
|
||||
let user = await Helpers.getActor(req.body.actor)
|
||||
if (!user) { return res.status(401).send('Actor not found') }
|
||||
|
||||
|
||||
// little hack -> https://github.com/joyent/node-http-signature/pull/83
|
||||
req.headers.authorization = 'Signature ' + req.headers.signature
|
||||
|
||||
req.fedi_user = user
|
||||
|
||||
// another little hack :/
|
||||
// https://github.com/joyent/node-http-signature/issues/87
|
||||
req.url = '/federation' + req.url
|
||||
const parsed = httpSignature.parseRequest(req)
|
||||
if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
|
||||
|
||||
|
||||
// signature not valid, try without cache
|
||||
user = await Helpers.getActor(req.body.actor, true)
|
||||
if (!user) { return res.status(401).send('Actor not found') }
|
||||
if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
|
||||
|
||||
|
||||
// still not valid
|
||||
debug('Invalid signature from user %s', req.body.actor)
|
||||
res.send('Request signature could not be verified', 401)
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
const { user: User, event: Event, place: Place, tag: Tag } = require('../api/models')
|
||||
const { user: User, event: Event, place: Place, tag: Tag, fed_users: FedUsers } = require('../api/models')
|
||||
const config = require('config')
|
||||
const get = require('lodash/get')
|
||||
const debug = require('debug')('fediverse:user')
|
||||
@@ -45,7 +45,7 @@ module.exports = {
|
||||
const page = req.query.page
|
||||
debug('Retrieve %s followers', name)
|
||||
if (!name) return res.status(400).send('Bad request.')
|
||||
const user = await User.findOne({where: { username: name }})
|
||||
const user = await User.findOne({where: { username: name }, include: [FedUsers]})
|
||||
if (!user) return res.status(404).send(`No record found for ${name}`)
|
||||
|
||||
res.type('application/activity+json; charset=utf-8')
|
||||
|
||||
Reference in New Issue
Block a user