Merge branch 'develop'

author: syuilo <syuilotan@yahoo.co.jp> 2019-04-14 20:38:55 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2019-04-14 20:38:55 +0900
commit: d66e4b7ff97d512e2a2523815e2eef170456b37f (patch)
tree: 59ae1a102d88b5c2c2236b734ea4a584b4f9ba46 /src/queue/processors/inbox.ts
parent: 10.100.0 (diff)
parent: 11.0.0 (diff)
download: misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.tar.gz
misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.tar.bz2
misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.zip
1 files changed, 43 insertions, 31 deletions
diff --git a/src/queue/processors/inbox.ts b/src/queue/processors/inbox.ts
index 436f3335c8..05fed0566d 100644
--- a/src/queue/processors/inbox.ts
+++ b/src/queue/processors/inbox.ts
@@ -1,16 +1,20 @@
 import * as Bull from 'bull';
 import * as httpSignature from 'http-signature';
 import parseAcct from '../../misc/acct/parse';
-import User, { IRemoteUser } from '../../models/user';
+import { IRemoteUser } from '../../models/entities/user';
 import perform from '../../remote/activitypub/perform';
 import { resolvePerson, updatePerson } from '../../remote/activitypub/models/person';
-import { toUnicode } from 'punycode';
 import { URL } from 'url';
 import { publishApLogStream } from '../../services/stream';
 import Logger from '../../services/logger';
 import { registerOrFetchInstanceDoc } from '../../services/register-or-fetch-instance-doc';
-import Instance from '../../models/instance';
-import instanceChart from '../../services/chart/instance';
+import { Instances, Users, UserPublickeys } from '../../models';
+import { instanceChart } from '../../services/chart';
+import { UserPublickey } from '../../models/entities/user-publickey';
+import fetchMeta from '../../misc/fetch-meta';
+import { toPuny, toPunyNullable } from '../../misc/convert-host';
+import { validActor } from '../../remote/activitypub/type';
+import { ensure } from '../../prelude/ensure';
 
 const logger = new Logger('inbox');
 
@@ -28,9 +32,13 @@ export default async (job: Bull.Job): Promise<void> => {
 
 	const keyIdLower = signature.keyId.toLowerCase();
 	let user: IRemoteUser;
+	let key: UserPublickey;
 
 	if (keyIdLower.startsWith('acct:')) {
-		const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
+		const acct = parseAcct(keyIdLower.slice('acct:'.length));
+		const host = toPunyNullable(acct.host);
+		const username = toPuny(acct.username);
+
 		if (host === null) {
 			logger.warn(`request was made by local user: @${username}`);
 			return;
@@ -46,16 +54,21 @@ export default async (job: Bull.Job): Promise<void> => {
 
 		// ブロックしてたら中断
 		// TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく
-		const instance = await Instance.findOne({ host: host.toLowerCase() });
-		if (instance && instance.isBlocked) {
+		const meta = await fetchMeta();
+		if (meta.blockedHosts.includes(host)) {
 			logger.info(`Blocked request: ${host}`);
 			return;
 		}
 
-		user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;
+		user = await Users.findOne({
+			usernameLower: username.toLowerCase(),
+			host: host
+		}) as IRemoteUser;
+
+		key = await UserPublickeys.findOne(user.id).then(ensure);
 	} else {
 		// アクティビティ内のホストの検証
-		const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());
+		const host = toPuny(new URL(signature.keyId).hostname);
 		try {
 			ValidateActivity(activity, host);
 		} catch (e) {
@@ -65,24 +78,25 @@ export default async (job: Bull.Job): Promise<void> => {
 
 		// ブロックしてたら中断
 		// TODO: いちいちデータベースにアクセスするのはコスト高そうなのでどっかにキャッシュしておく
-		const instance = await Instance.findOne({ host: host.toLowerCase() });
-		if (instance && instance.isBlocked) {
-			logger.warn(`Blocked request: ${host}`);
+		const meta = await fetchMeta();
+		if (meta.blockedHosts.includes(host)) {
+			logger.info(`Blocked request: ${host}`);
 			return;
 		}
 
-		user = await User.findOne({
-			host: { $ne: null },
-			'publicKey.id': signature.keyId
-		}) as IRemoteUser;
+		key = await UserPublickeys.findOne({
+			keyId: signature.keyId
+		}).then(ensure);
+
+		user = await Users.findOne(key.userId) as IRemoteUser;
 	}
 
 	// Update Person activityの場合は、ここで署名検証/更新処理まで実施して終了
 	if (activity.type === 'Update') {
-		if (activity.object && activity.object.type === 'Person') {
+		if (activity.object && validActor.includes(activity.object.type)) {
 			if (user == null) {
 				logger.warn('Update activity received, but user not registed.');
-			} else if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
+			} else if (!httpSignature.verifySignature(signature, key.keyPem)) {
 				logger.warn('Update activity received, but signature verification failed.');
 			} else {
 				updatePerson(activity.actor, null, activity.object);
@@ -92,15 +106,15 @@ export default async (job: Bull.Job): Promise<void> => {
 	}
 
 	// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する
-	if (user === null) {
+	if (user == null) {
 		user = await resolvePerson(activity.actor) as IRemoteUser;
 	}
 
-	if (user === null) {
+	if (user == null) {
 		throw new Error('failed to resolve user');
 	}
 
-	if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
+	if (!httpSignature.verifySignature(signature, key.keyPem)) {
 		logger.error('signature verification failed');
 		return;
 	}
@@ -116,12 +130,10 @@ export default async (job: Bull.Job): Promise<void> => {
 
 	// Update stats
 	registerOrFetchInstanceDoc(user.host).then(i => {
-		Instance.update({ _id: i._id }, {
-			$set: {
-				latestRequestReceivedAt: new Date(),
-				lastCommunicatedAt: new Date(),
-				isNotResponding: false
-			}
+		Instances.update(i.id, {
+			latestRequestReceivedAt: new Date(),
+			lastCommunicatedAt: new Date(),
+			isNotResponding: false
 		});
 
 		instanceChart.requestReceived(i.host);
@@ -139,7 +151,7 @@ export default async (job: Bull.Job): Promise<void> => {
 function ValidateActivity(activity: any, host: string) {
 	// id (if exists)
 	if (typeof activity.id === 'string') {
-		const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());
+		const uriHost = toPuny(new URL(activity.id).hostname);
 		if (host !== uriHost) {
 			const diag = activity.signature ? '. Has LD-Signature. Forwarded?' : '';
 			throw new Error(`activity.id(${activity.id}) has different host(${host})${diag}`);
@@ -148,7 +160,7 @@ function ValidateActivity(activity: any, host: string) {
 
 	// actor (if exists)
 	if (typeof activity.actor === 'string') {
-		const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());
+		const uriHost = toPuny(new URL(activity.actor).hostname);
 		if (host !== uriHost) throw new Error('activity.actor has different host');
 	}
 
@@ -156,13 +168,13 @@ function ValidateActivity(activity: any, host: string) {
 	if (activity.type === 'Create' && activity.object) {
 		// object.id (if exists)
 		if (typeof activity.object.id === 'string') {
-			const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());
+			const uriHost = toPuny(new URL(activity.object.id).hostname);
 			if (host !== uriHost) throw new Error('activity.object.id has different host');
 		}
 
 		// object.attributedTo (if exists)
 		if (typeof activity.object.attributedTo === 'string') {
-			const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());
+			const uriHost = toPuny(new URL(activity.object.attributedTo).hostname);
 			if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');
 		}
 	}
author	syuilo <syuilotan@yahoo.co.jp>	2019-04-14 20:38:55 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2019-04-14 20:38:55 +0900
commit	d66e4b7ff97d512e2a2523815e2eef170456b37f (patch)
tree	59ae1a102d88b5c2c2236b734ea4a584b4f9ba46 /src/queue/processors/inbox.ts
parent	10.100.0 (diff)
parent	11.0.0 (diff)
download	misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.tar.gz misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.tar.bz2 misskey-d66e4b7ff97d512e2a2523815e2eef170456b37f.zip