encrypt/gancio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix #18, cache users from fediverse

Browse Source
This commit is contained in:
les
2019-09-12 14:59:51 +02:00
parent fca3b8739d
commit cf5c09e3b1
9 changed files with 158 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/api/controller/user.js
View File

@@ -6,7 +6,7 @@ const { Op } = require('sequelize')
const jsonwebtoken = require('jsonwebtoken') const jsonwebtoken = require('jsonwebtoken')
const config = require('config') const config = require('config')
const mail = require('../mail') const mail = require('../mail')
const { user: User, event: Event, tag: Tag, place: Place } = require('../models') const { user: User, event: Event, tag: Tag, place: Place, fed_users: FedUsers } = require('../models')
const settingsController = require('./settings') const settingsController = require('./settings')
const federation = require('../../federation/helpers') const federation = require('../../federation/helpers')
@@ -207,8 +207,10 @@ const userController = {
} }
}, },
current (req, res) { async current (req, res) {
if (req.user) { res.json(req.user) } else { res.sendStatus(404) } if (!req.user) return res.status(400).send('Not logged')
const user = await User.findByPk(req.user.id, { include: [ FedUsers ]})
res.json(user)
}, },
async getAll (req, res) { async getAll (req, res) {

13
server/api/models/fed_users.js Normal file
View File

@@ -0,0 +1,13 @@
module.exports = (sequelize, DataTypes) => {
const fed_users = sequelize.define('fed_users', {
ap_id: {
type: DataTypes.STRING,
primaryKey: true
},
object: DataTypes.JSON
}, {})
fed_users.associate = function(models) {
// associations can be defined here
};
return fed_users
}

5
server/api/models/user.js
View File

@@ -28,10 +28,6 @@ module.exports = (sequelize, DataTypes) => {
is_admin: DataTypes.BOOLEAN, is_admin: DataTypes.BOOLEAN,
is_active: DataTypes.BOOLEAN, is_active: DataTypes.BOOLEAN,
rsa: DataTypes.JSON, rsa: DataTypes.JSON,
followers: {
type: DataTypes.JSON,
defaultValue: []
}
}, { }, {
scopes: { scopes: {
withoutPassword: { withoutPassword: {
@@ -43,6 +39,7 @@ module.exports = (sequelize, DataTypes) => {
user.associate = function (models) { user.associate = function (models) {
// associations can be defined here // associations can be defined here
user.hasMany(models.event) user.hasMany(models.event)
user.belongsToMany(models.fed_users, { through: 'user_followers' })
} }
user.prototype.comparePassword = async function (pwd) { user.prototype.comparePassword = async function (pwd) {

19
server/federation/follows.js
View File

@@ -1,6 +1,6 @@
const config = require('config') const config = require('config')
const Helpers = require('./helpers') const Helpers = require('./helpers')
const { user: User } = require('../api/models') const { user: User, fed_users: FedUsers } = require('../api/models')
const crypto = require('crypto') const crypto = require('crypto')
const debug = require('debug')('federation:follows') const debug = require('debug')('federation:follows')
@@ -10,13 +10,14 @@ module.exports = {
const body = req.body const body = req.body
if (typeof body.object !== 'string') { return } if (typeof body.object !== 'string') { return }
const username = body.object.replace(`${config.baseurl}/federation/u/`, '') const username = body.object.replace(`${config.baseurl}/federation/u/`, '')
const user = await User.findOne({ where: { username } }) const user = await User.findOne({ where: { username }, include: [ FedUsers ] })
if (!user) { return res.status(404).send('User not found') } if (!user) { return res.status(404).send('User not found') }
// check for duplicate // check for duplicate
if (!user.followers.includes(body.actor)) { if (!user.fed_users.includes(body.actor)) {
await user.update({ followers: [...user.followers, body.actor] }) await user.addFed_users([req.fedi_user.id])
debug('%s followed by %s (%d)', username, body.actor, user.followers.length) // await user.update({ followers: [...user.followers, body.actor] })
debug('%s followed by %s (%d)', username, body.actor, user.fed_users.length+1)
} else { } else {
debug('duplicate %s followed by %s', username, body.actor) debug('duplicate %s followed by %s', username, body.actor)
} }
@@ -39,13 +40,13 @@ module.exports = {
const user = await User.findOne({ where: { username } }) const user = await User.findOne({ where: { username } })
if (!user) { return res.status(404).send('User not found') } if (!user) { return res.status(404).send('User not found') }
if (body.actor !== body.object.actor) { if (body.actor !== body.object.actor || body.actor !== req.fedi_user.id) {
debug('Unfollow an user created by a different actor !?!?') debug('Unfollow an user created by a different actor !?!?')
return res.status(400).send('Bad things') return res.status(400).send('Bad things')
} }
const followers = user.followers.filter(follower => follower !== body.actor)
await user.update({ followers }) if (req.fedi_user) await user.removeFed_users(req.fedi_user.id)
debug('%s unfollowed by %s (%d)', username, body.actor, user.followers.length) debug('%s unfollowed by %s', username, body.actor)
res.sendStatus(200) res.sendStatus(200)
} }
} }

44
server/federation/helpers.js
View File

@@ -4,7 +4,7 @@ const crypto = require('crypto')
const config = require('config') const config = require('config')
const httpSignature = require('http-signature') const httpSignature = require('http-signature')
const debug = require('debug')('federation:helpers') const debug = require('debug')('federation:helpers')
const { user: User } = require('../api/models') const { user: User, fed_users: FedUsers } = require('../api/models')
const url = require('url') const url = require('url')
const actorCache = [] const actorCache = []
@@ -40,13 +40,15 @@ const Helpers = {
}, },
async sendEvent (event, user) { async sendEvent (event, user) {
// TODO: has to use sharedInbox!
// event is sent by user that published it and by the admin instance // event is sent by user that published it and by the admin instance
const instanceAdmin = await User.findOne({ where: { email: config.admin } }) // collect followers from admin and user
const instanceAdmin = await User.findOne({ where: { email: config.admin, include: FedUsers } })
if (!instanceAdmin || !instanceAdmin.username) { if (!instanceAdmin || !instanceAdmin.username) {
debug('Instance admin not found (there is no user with email => %s)', config.admin) debug('Instance admin not found (there is no user with email => %s)', config.admin)
return return
} }
console.error(instanceAdmin)
return
for (const follower of instanceAdmin.followers) { for (const follower of instanceAdmin.followers) {
debug('Notify %s with event %s (from admin user %s)', follower, event.title, instanceAdmin.username) debug('Notify %s with event %s (from admin user %s)', follower, event.title, instanceAdmin.username)
@@ -89,18 +91,23 @@ const Helpers = {
} }
}, },
async getFederatedUser (address) { // DO NOT USE THIS! (why is this needed btw?)
address = address.trim() // async getFederatedUser (address) {
const [ username, host ] = address.split('@') // address = address.trim()
const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}` // const [ username, host ] = address.split('@')
return Helpers.getActor(url) // const url = `https://${host}/.well-known/webfinger?resource=acct:${username}@${host}`
}, // return Helpers.getActor(url)
// },
// TODO: cache // TODO: cache
async getActor (url, force = false) { async getActor (url, force = false) {
let fedi_user
// try with cache first // try with cache first
if (!force && actorCache[url]) { return actorCache[url] } if (!force) fedi_user = await FedUsers.findByPk(url)
const user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
if (fedi_user) return fedi_user.object
fedi_user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
.then(res => { .then(res => {
if (!res.ok) { if (!res.ok) {
debug('[ERR] Actor %s => %s', url, res.statusText) debug('[ERR] Actor %s => %s', url, res.statusText)
@@ -108,32 +115,37 @@ const Helpers = {
} }
return res.json() return res.json()
}) })
actorCache[url] = user if (fedi_user) {
return user await FedUsers.create({ap_id: url, object: fedi_user})
}
return fedi_user
}, },
// ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/ // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
async verifySignature (req, res, next) { async verifySignature (req, res, next) {
let user = await Helpers.getActor(req.body.actor) let user = await Helpers.getActor(req.body.actor)
if (!user) { return res.status(401).send('Actor not found') } if (!user) { return res.status(401).send('Actor not found') }
// little hack -> https://github.com/joyent/node-http-signature/pull/83 // little hack -> https://github.com/joyent/node-http-signature/pull/83
req.headers.authorization = 'Signature ' + req.headers.signature req.headers.authorization = 'Signature ' + req.headers.signature
req.fedi_user = user
// another little hack :/ // another little hack :/
// https://github.com/joyent/node-http-signature/issues/87 // https://github.com/joyent/node-http-signature/issues/87
req.url = '/federation' + req.url req.url = '/federation' + req.url
const parsed = httpSignature.parseRequest(req) const parsed = httpSignature.parseRequest(req)
if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() } if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
// signature not valid, try without cache // signature not valid, try without cache
user = await Helpers.getActor(req.body.actor, true) user = await Helpers.getActor(req.body.actor, true)
if (!user) { return res.status(401).send('Actor not found') } if (!user) { return res.status(401).send('Actor not found') }
if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() } if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
// still not valid // still not valid
debug('Invalid signature from user %s', req.body.actor) debug('Invalid signature from user %s', req.body.actor)
res.send('Request signature could not be verified', 401) res.send('Request signature could not be verified', 401)
} }
} }

4
server/federation/users.js
View File

@@ -1,4 +1,4 @@
const { user: User, event: Event, place: Place, tag: Tag } = require('../api/models') const { user: User, event: Event, place: Place, tag: Tag, fed_users: FedUsers } = require('../api/models')
const config = require('config') const config = require('config')
const get = require('lodash/get') const get = require('lodash/get')
const debug = require('debug')('fediverse:user') const debug = require('debug')('fediverse:user')
@@ -45,7 +45,7 @@ module.exports = {
const page = req.query.page const page = req.query.page
debug('Retrieve %s followers', name) debug('Retrieve %s followers', name)
if (!name) return res.status(400).send('Bad request.') if (!name) return res.status(400).send('Bad request.')
const user = await User.findOne({where: { username: name }}) const user = await User.findOne({where: { username: name }, include: [FedUsers]})
if (!user) return res.status(404).send(`No record found for ${name}`) if (!user) return res.status(404).send(`No record found for ${name}`)
res.type('application/activity+json; charset=utf-8') res.type('application/activity+json; charset=utf-8')

27
server/migrations/20190911204228-recurrent.js Normal file
View File

@@ -0,0 +1,27 @@
'use strict';
module.exports = {
up: (queryInterface, Sequelize) => {
return queryInterface.addColumn('events', 'recurrent', {
type: Sequelize.JSON
})
/*
Add altering commands here.
Return a promise to correctly handle asynchronicity.
Example:
return queryInterface.createTable('users', { id: Sequelize.INTEGER });
*/
},
down: (queryInterface, Sequelize) => {
/*
Add reverting commands here.
Return a promise to correctly handle asynchronicity.
Example:
return queryInterface.dropTable('users');
*/
}
};

25
server/migrations/20190912093154-create-fed-users.js Normal file
View File

@@ -0,0 +1,25 @@
'use strict';
module.exports = {
up: (queryInterface, Sequelize) => {
return queryInterface.createTable('fed_users', {
ap_id: {
type: Sequelize.STRING,
primaryKey: true
},
object: {
type: Sequelize.JSON
},
createdAt: {
allowNull: false,
type: Sequelize.DATE
},
updatedAt: {
allowNull: false,
type: Sequelize.DATE
}
});
},
down: (queryInterface, Sequelize) => {
return queryInterface.dropTable('fed_users');
}
};

47
server/migrations/20190912093645-fedi_followers.js Normal file
View File

@@ -0,0 +1,47 @@
'use strict';
module.exports = {
up: (queryInterface, Sequelize) => {
return Promise.all([
queryInterface.removeColumn('users', 'followers'),
queryInterface.createTable('user_followers', {
userId: {
type: Sequelize.INTEGER,
references: {
model: 'users',
key: 'id'
},
primaryKey: true,
allowNull: false
},
fedUserApId: {
primaryKey: true,
type: Sequelize.STRING,
references: {
model: 'fed_users',
key: 'ap_id'
}
},
createdAt: { type: Sequelize.DATE, allowNull: false },
updatedAt: { type: Sequelize.DATE, allowNull: false }
})
])},
down: (queryInterface, Sequelize) => {
return Promise.all([
queryInterface.addColumn(
'users', 'followers', {
type: JSON,
defaultValue: []
}),
queryInterface.dropTable('user_followers')
])
/*
Add reverting commands here.
Return a promise to correctly handle asynchronicity.
Example:
return queryInterface.dropTable('users');
*/
}
};