[fedi] instances moderation

components/admin/Federation.vue

@@ -1,21 +1,60 @@
 <template lang="pug">
   div
-    el-form(inline label-width='400px')
+    el-form(inline label-width='200px')
       el-form-item(:label="$t('admin.enable_federation')")
         el-switch(v-model='enable_federation')
       el-form-item(:label="$t('admin.enable_comments')")
         el-switch(v-model='enable_comments')
       el-form-item(:label="$t('admin.disable_gamification')")
         el-switch(v-model='disable_gamification')
+
+      el-divider {{$t('common.instances')}}
+      el-table(:data='paginatedInstances' small)
+        el-table-column(label='Domain' width='250')
+          template(slot-scope='data')
+            span(slot='reference') <img class='instance_thumb' :src="data.row.data.thumbnail"/> {{data.row.domain}}
+        el-table-column(label='Name' width='150')
+          template(slot-scope='data')
+            span(slot='reference') {{data.row.name}}
+        el-table-column(label='Users' width='150')
+          template(slot-scope='data')
+            span(slot='reference') {{data.row.users}}
+        el-table-column(:label="$t('common.actions')" width='300')
+          template(slot-scope='data')
+            el-button-group
+              el-button(size='mini'
+                :type='data.row.blocked?"danger":"warning"'
+                @click='toggleBlock(data.row)') {{data.row.blocked?$t('admin.unblock_instance'):$t('admin.block_instance')}}
+
+      client-only
+        el-pagination(:page-size='perPage' :currentPage.sync='instancePage' :total='instances.length')
+
 </template>
 <script>
 import { mapState, mapActions } from 'vuex'
 
 export default {
   name: 'Federation',
-  methods: mapActions(['setSetting']),
+  props: ['instances'],
+  data () {
+    return {
+      perPage: 10,
+      instancePage: 1
+    }
+  },
+  methods: {
+    ...mapActions(['setSetting']),
+    async toggleBlock (instance) {
+      await this.$axios.post('/instances/toggle_block', { instance: instance.domain, blocked: !instance.blocked })
+      instance.blocked = !instance.blocked
+    }
+  },
   computed: {
     ...mapState(['settings']),
+    paginatedInstances () {
+      return this.instances.slice((this.instancePage - 1) * this.perPage,
+        this.instancePage * this.perPage)
+    },
     enable_federation: {
       get () { return this.settings.enable_federation },
       set (value) { this.setSetting({ key: 'enable_federation', value }) }
@@ -31,3 +70,8 @@ export default {
   }
 }
 </script>
+<style lang="less">
+.instance_thumb {
+  height: 20px;
+}
+</style>

components/admin/Settings.vue

@@ -3,11 +3,11 @@
     el-form(inline label-width="400px")
       //- select timezone
       client-only
-      el-form-item(:label="$t('admin.select_instance_timezone')")
+        el-form-item(:label="$t('admin.select_instance_timezone')")
-        el-select(v-model='instance_timezone' filterable)
+          el-select(v-model='instance_timezone' filterable)
-          el-option(v-for='timezone in timezones' :key='timezone.value' :value='timezone.value')
+            el-option(v-for='timezone in timezones' :key='timezone.value' :value='timezone.value')
-            span.float-left {{timezone.value}}
+              span.float-left {{timezone.value}}
-            small.float-right.text-danger {{timezone.offset}}
+              small.float-right.text-danger {{timezone.offset}}
 
       //- allow open registration
       el-form-item(:label="$t('admin.allow_registration_description')")

pages/add/_edit.vue

@@ -194,9 +194,7 @@ export default {
       data.event.description = event.description.replace(/(<([^>]+)>)/ig, '')
       data.event.id = event.id
       data.event.recurrent = {}
-      if (event.tags) {
+      data.event.tags = event.tags
-        data.event.tags = event.tags.map(t => t.tag)
-      }
       return data
     }
     return {}

pages/admin.vue

@@ -48,7 +48,7 @@
         template(slot='label')
           v-icon(name='network-wired')
           span.ml-1 {{$t('common.federation')}}
-        Federation
+        Federation(:instances='instances')
 
 </template>
 <script>
@@ -65,6 +65,7 @@ export default {
   middleware: ['auth'],
   data () {
     return {
+      instances: [],
       perPage: 10,
       eventPage: 1,
       description: '',
@@ -81,7 +82,8 @@ export default {
     try {
       const users = await $axios.$get('/users')
       const events = await $axios.$get('/event/unconfirmed')
-      return { users, events, mastodon_instance: store.state.settings.mastodon_instance }
+      const instances = await $axios.$get('/instances')
+      return { users, events, instances, mastodon_instance: store.state.settings.mastodon_instance }
     } catch (e) {
       console.error(e)
     }

server/api/controller/event.js

@@ -73,15 +73,6 @@ const eventController = {
     return ret
   },
 
-  async updateTag (req, res) {
-    const tag = await Tag.findByPk(req.body.tag)
-    if (tag) {
-      res.json(await tag.update(req.body))
-    } else {
-      res.sendStatus(404)
-    }
-  },
-
   async updatePlace (req, res) {
     const place = await Place.findByPk(req.body.id)
     await place.update(req.body)

server/api/controller/export.js

@@ -29,7 +29,7 @@ const exportController = {
         start_datetime: { [Op.gte]: yesterday },
         ...where
       },
-      include: [ { model: Tag, ...where_tags }, { model: Place, attributes: ['name', 'id', 'address'] }]
+      include: [{ model: Tag, ...where_tags }, { model: Place, attributes: ['name', 'id', 'address'] }]
     })
 
     switch (type) {

server/api/controller/instances.js

@@ -0,0 +1,23 @@
+const Sequelize = require('sequelize')
+const { fed_users: FedUsers, instances: Instances } = require('../models')
+
+const instancesController = {
+  async getAll (req, res) {
+    const instances = await Instances.findAll({
+      attributes: {
+        include: [[Sequelize.fn('count', Sequelize.col('domain')), 'users']]
+      },
+      group: ['domain'],
+      include: [{ model: FedUsers, attributes: [] }]
+    })
+    return res.json(instances)
+  },
+  async toggleBlock (req, res) {
+    const instance = await Instances.findByPk(req.body.instance)
+    if (!instance) { return res.status(404).send('Not found') }
+    await instance.update({ blocked: req.body.blocked })
+    return res.json(instance)
+  }
+}
+
+module.exports = instancesController

server/api/index.js

@@ -2,14 +2,13 @@ const express = require('express')
 const multer = require('multer')
 const cookieParser = require('cookie-parser')
 const bodyParser = require('body-parser')
-const expressJwt = require('express-jwt')
-const config = require('config')
 
 const { isAuth, isAdmin } = require('./auth')
 const eventController = require('./controller/event')
 const exportController = require('./controller/export')
 const userController = require('./controller/user')
 const settingsController = require('./controller/settings')
+const instancesController = require('./controller/instances')
 
 const storage = require('./storage')
 const upload = multer({ storage })
@@ -84,6 +83,9 @@ api.get('/export/:type', exportController.export)
 // get events in this range
 api.get('/event/:month/:year', eventController.getAll)
 
+api.get('/instances', isAdmin, instancesController.getAll)
+api.post('/instances/toggle_block', isAdmin, instancesController.toggleBlock)
+
 // Handle 404
 api.use((req, res) => {
   debug('404 Page not found: %s', req.path)

server/api/models/instances.js

@@ -1,7 +1,11 @@
 'use strict'
 module.exports = (sequelize, DataTypes) => {
   const instances = sequelize.define('instances', {
-    domain: DataTypes.STRING,
+    domain: {
+      primaryKey: true,
+      allowNull: false,
+      type: DataTypes.STRING
+    },
     name: DataTypes.STRING,
     blocked: DataTypes.BOOLEAN,
     data: DataTypes.JSON

server/api/models/user.js

@@ -15,7 +15,10 @@ module.exports = (sequelize, DataTypes) => {
       allowNull: false
     },
     display_name: DataTypes.STRING,
-    settings: DataTypes.JSON,
+    settings: {
+      type: DataTypes.JSON,
+      defaultValue: '{}'
+    },
     email: {
       type: DataTypes.STRING,
       unique: { msg: 'error.email_taken' },

server/federation/helpers.js

@@ -4,7 +4,7 @@ const crypto = require('crypto')
 const config = require('config')
 const httpSignature = require('http-signature')
 const debug = require('debug')('federation:helpers')
-const { user: User, fed_users: FedUsers } = require('../api/models')
+const { user: User, fed_users: FedUsers, instances: Instances } = require('../api/models')
 const url = require('url')
 const settingsController = require('../api/controller/settings')
 
@@ -26,7 +26,7 @@ const Helpers = {
 
   async signAndSend (message, user, inbox) {
     // get the URI of the actor object and append 'inbox' to it
-    const inboxUrl = url.parse(inbox)
+    const inboxUrl = new url.URL(inbox)
     // const toPath = toOrigin.path + '/inbox'
     // get the private key
     const privkey = user.rsa.privateKey
@@ -66,7 +66,7 @@ const Helpers = {
       return
     }
 
-    let recipients = {}
+    const recipients = {}
     instanceAdmin.followers.forEach(follower => {
       const sharedInbox = follower.object.endpoints.sharedInbox
       if (!recipients[sharedInbox]) { recipients[sharedInbox] = [] }
@@ -92,70 +92,113 @@ const Helpers = {
       Helpers.signAndSend(body, instanceAdmin, sharedInbox)
     }
 
-    return 
     // TODO
     // in case the event is published by the Admin itself do not add user
-    if (instanceAdmin.id === user.id) {
+    // if (instanceAdmin.id === user.id) {
-      debug('Event published by instance Admin')
+    //   debug('Event published by instance Admin')
-      return
+    //   return
-    } 
+    // }
-    if (!user.settings.enable_federation || !user.username) {
+    // if (!user.settings.enable_federation || !user.username) {
-      debug('Federation disabled for user %d (%s)', user.id, user.username)
+    //   debug('Federation disabled for user %d (%s)', user.id, user.username)
-      return
+    //   return
-    }
+    // }
 
-    debug('Sending to user followers => ', user.username)
+    // debug('Sending to user followers => ', user.username)
-    user = await User.findByPk( user.id, { include: { model: FedUsers, as: 'followers' }})
+    // user = await User.findByPk(user.id, { include: { model: FedUsers, as: 'followers' } })
-    debug('Sending to user followers => ', user.followers.length)
+    // debug('Sending to user followers => ', user.followers.length)
-    recipients = {}
+    // recipients = {}
-    user.followers.forEach(follower => {
+    // user.followers.forEach(follower => {
-      const sharedInbox = follower.object.endpoints.sharedInbox
+    //   const sharedInbox = follower.object.endpoints.sharedInbox
-      if (!recipients[sharedInbox]) recipients[sharedInbox] = []
+    //   if (!recipients[sharedInbox]) { recipients[sharedInbox] = [] }
-      recipients[sharedInbox].push(follower.ap_id)
+    //   recipients[sharedInbox].push(follower.ap_id)
-    })
+    // })
-
-    for(const sharedInbox in recipients) {
-      debug('Notify %s with event %s (from user %s) cc => %d', sharedInbox, event.title, user.username, recipients[sharedInbox].length)
-      const body = {
-        id: `${config.baseurl}/federation/m/${event.id}#create`,
-        type: 'Create',
-        to: ['https://www.w3.org/ns/activitystreams#Public'],
-        cc: [`${config.baseurl}/federation/u/${user.username}/followers`, ...recipients[sharedInbox]],
-        //cc: recipients[sharedInbox],
-        actor: `${config.baseurl}/federation/u/${user.username}`,
-        // object: event.toAP(user.username, [`${config.baseurl}/federation/u/${user.username}/followers`, ...recipients[sharedInbox]])
-        object: event.toAP(user.username, recipients[sharedInbox])
-      }
-      body['@context'] = 'https://www.w3.org/ns/activitystreams'
-      Helpers.signAndSend(body, user, sharedInbox)
-    }
 
+    // for (const sharedInbox in recipients) {
+    //   debug('Notify %s with event %s (from user %s) cc => %d', sharedInbox, event.title, user.username, recipients[sharedInbox].length)
+    //   const body = {
+    //     id: `${config.baseurl}/federation/m/${event.id}#create`,
+    //     type: 'Create',
+    //     to: ['https://www.w3.org/ns/activitystreams#Public'],
+    //     cc: [`${config.baseurl}/federation/u/${user.username}/followers`, ...recipients[sharedInbox]],
+    //     // cc: recipients[sharedInbox],
+    //     actor: `${config.baseurl}/federation/u/${user.username}`,
+    //     // object: event.toAP(user.username, [`${config.baseurl}/federation/u/${user.username}/followers`, ...recipients[sharedInbox]])
+    //     object: event.toAP(user.username, recipients[sharedInbox])
+    //   }
+    //   body['@context'] = 'https://www.w3.org/ns/activitystreams'
+    //   Helpers.signAndSend(body, user, sharedInbox)
+    // }
   },
 
-  async getActor (url, force = false) {
+  async getActor (URL, instance, force = false) {
     let fedi_user
 
     // try with cache first
-    if (!force) fedi_user = await FedUsers.findByPk(url)
+    if (!force) {
+      fedi_user = await FedUsers.findByPk(URL, { include: Instances })
+      if (fedi_user) {
+        debug(fedi_user)
+        if (!fedi_user.instances) {
+          debug(fedi_user.instances)
+          debug(instance.name)
+          fedi_user.setInstance(instance)
+        }
+        return fedi_user.object
+      }
+    }
 
-    if (fedi_user) return fedi_user.object
+    fedi_user = await fetch(URL, { headers: { 'Accept': 'application/jrd+json, application/json' } })
-    fedi_user = await fetch(url, { headers: { 'Accept': 'application/jrd+json, application/json' } })
       .then(res => {
         if (!res.ok) {
-          debug('[ERR] Actor %s => %s', url, res.statusText)
+          debug('[ERR] Actor %s => %s', URL, res.statusText)
           return false
         }
         return res.json()
       })
+
     if (fedi_user) {
-      await FedUsers.create({ap_id: url, object: fedi_user})
+      await FedUsers.create({ ap_id: URL, object: fedi_user })
     }
     return fedi_user
   },
 
+  async getInstance (actor_url, force = false) {
+    actor_url = new url.URL(actor_url)
+    const domain = actor_url.host
+    const instance_url = `${actor_url.protocol}//${actor_url.host}`
+    debug('getInstance %s', domain)
+    let instance
+    if (!force) {
+      instance = await Instances.findByPk(domain)
+      if (instance) { return instance }
+    }
+
+    instance = await fetch(`${instance_url}/api/v1/instance`, { headers: { 'Accept': 'application/json' } })
+      .then(res => res.json())
+      .then(instance => {
+        const data = {
+          stats: instance.stats,
+          thumbnail: instance.thumbnail
+        }
+        return Instances.create({ name: instance.title, domain, data, blocked: false })
+      })
+      .catch(e => {
+        debug(e)
+        return false
+      })
+    return instance
+  },
+
   // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
   async verifySignature (req, res, next) {
-    let user = await Helpers.getActor(req.body.actor)
+    const instance = await Helpers.getInstance(req.body.actor)
+    if (!instance) { return res.status(401).send('Instance not found') }
+    if (instance.blocked) {
+      debug('Instance %s blocked', instance.domain)
+      return res.status(401).send('Instance blocked')
+    }
+
+    let user = await Helpers.getActor(req.body.actor, instance)
     if (!user) { return res.status(401).send('Actor not found') }
 
     // little hack -> https://github.com/joyent/node-http-signature/pull/83
@@ -170,14 +213,13 @@ const Helpers = {
     if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
 
     // signature not valid, try without cache
-    user = await Helpers.getActor(req.body.actor, true)
+    user = await Helpers.getActor(req.body.actor, instance, true)
     if (!user) { return res.status(401).send('Actor not found') }
     if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) { return next() }
 
     // still not valid
     debug('Invalid signature from user %s', req.body.actor)
     res.send('Request signature could not be verified', 401)
-
   }
 }
 

server/migrations/20191027130750-create-instances.js

@@ -2,13 +2,9 @@
 module.exports = {
   up: (queryInterface, Sequelize) => {
     return queryInterface.createTable('instances', {
-      id: {
-        allowNull: false,
-        autoIncrement: true,
-        primaryKey: true,
-        type: Sequelize.INTEGER
-      },
       domain: {
+        allowNull: false,
+        primaryKey: true,
         type: Sequelize.STRING
       },
       name: {

server/migrations/20191027132035-fed_users_instances.js

@@ -2,11 +2,11 @@
 
 module.exports = {
   up: (queryInterface, Sequelize) => {
-    return queryInterface.addColumn('fed_users', 'instanceId', {
+    return queryInterface.addColumn('fed_users', 'instanceDomain', {
-      type: Sequelize.INTEGER,
+      type: Sequelize.STRING,
       references: {
         model: 'instances',
-        key: 'id'
+        key: 'domain'
       },
       onUpdate: 'CASCADE',
       onDelete: 'CASCADE'
@@ -14,6 +14,6 @@ module.exports = {
   },
 
   down: (queryInterface, Sequelize) => {
-    return queryInterface.dropColumn('fed_users', 'instanceId')
+    return queryInterface.removeColumn('fed_users', 'instanceDomain')
   }
 }