22 files changed, 223 insertions, 199 deletions
diff --git a/src/client/app/common/mios.ts b/src/client/app/common/mios.ts
index 7baf974adf..5e0c7d2f3b 100644
--- a/src/client/app/common/mios.ts
+++ b/src/client/app/common/mios.ts
@@ -444,23 +444,28 @@ export default class MiOS extends EventEmitter {
 		// Append a credential
 		if (this.isSignedIn) (data as any).i = this.i.token;
 
-		// TODO
-		//const viaStream = localStorage.getItem('enableExperimental') == 'true';
+		const viaStream = localStorage.getItem('enableExperimental') == 'true';
 
 		return new Promise((resolve, reject) => {
-			/*if (viaStream) {
+			if (viaStream) {
 				const stream = this.stream.borrow();
 				const id = Math.random().toString();
+
 				stream.once(`api-res:${id}`, res => {
-					resolve(res);
+					if (res.res) {
+						resolve(res.res);
+					} else {
+						reject(res.e);
+					}
 				});
+
 				stream.send({
 					type: 'api',
 					id,
 					endpoint,
 					data
 				});
-			} else {*/
+			} else {
 				const req = {
 					id: uuid(),
 					date: new Date(),
diff --git a/src/client/app/common/views/components/signup.vue b/src/client/app/common/views/components/signup.vue
index 30fe7b7ad0..40262b54d3 100644
--- a/src/client/app/common/views/components/signup.vue
+++ b/src/client/app/common/views/components/signup.vue
@@ -77,7 +77,7 @@ export default Vue.extend({
 
 			const err =
 				!this.username.match(/^[a-zA-Z0-9_]+$/) ? 'invalid-format' :
-				this.username.length < 3 ? 'min-range' :
+				this.username.length < 1 ? 'min-range' :
 				this.username.length > 20 ? 'max-range' :
 				null;
 
diff --git a/src/client/app/sw.js b/src/client/app/sw.js
index 669703b16c..ac7ea20acf 100644
--- a/src/client/app/sw.js
+++ b/src/client/app/sw.js
@@ -43,8 +43,6 @@ self.addEventListener('fetch', ev => {
 
 // プッシュ通知を受け取ったとき
 self.addEventListener('push', ev => {
-	console.log('pushed');
-
 	// クライアント取得
 	ev.waitUntil(self.clients.matchAll({
 		includeUncontrolled: true
@@ -54,8 +52,6 @@ self.addEventListener('push', ev => {
 
 		const { type, body } = ev.data.json();
 
-		console.log(type, body);
-
 		const n = composeNotification(type, body);
 		return self.registration.showNotification(n.title, {
 			body: n.body,
diff --git a/src/client/assets/404.js b/src/client/assets/404.js
index f897f0db6b..9e498fe7c2 100644
--- a/src/client/assets/404.js
+++ b/src/client/assets/404.js
@@ -1,5 +1,11 @@
 const yn = window.confirm(
-	'サーバー上に存在しないスクリプトがリクエストされました。お使いのMisskeyのバージョンが古いことが原因の可能性があります。Misskeyを更新しますか？');
+	'サーバー上に存在しないスクリプトがリクエストされました。お使いのMisskeyのバージョンが古いことが原因の可能性があります。Misskeyを更新しますか？\n\nA script that does not exist on the server was requested. It may be caused by an old version of Misskey you’re using. Do you want to delete the cache?');
+
+const langYn = window.confirm('また、言語を日本語に設定すると解決する場合があります。日本語に設定しますか？\n\nAlso, setting the language to Japanese may solve the problem. Would you like to set it to Japanese?');
+
+if (langYn) {
+	localStorage.setItem('lang', 'ja');
+}
 
 if (yn) {
 	// Clear cache (serive worker)
@@ -16,6 +22,4 @@ if (yn) {
 	localStorage.removeItem('v');
 
 	location.reload(true);
-} else {
-	alert('問題が解決しない場合はサーバー管理者までお問い合せください。');
 }
diff --git a/src/client/assets/version.html b/src/client/assets/version.html
index f80cbcbd19..d8a98279a6 100644
--- a/src/client/assets/version.html
+++ b/src/client/assets/version.html
@@ -5,15 +5,19 @@
 		<meta charset="utf-8">
 		<title>Misskeyのリカバリ</title>
 		<script>
-			const v = window.prompt('Enter version');
+			const v = window.prompt('Enter version:');
 			if (v) {
 				localStorage.setItem('v', v);
-				setTimeout(() => {
-					location.reload(true);
-				}, 500);
-			} else {
-				location.href = '/';
 			}
+
+			const lang = window.prompt('Enter language (optional):');
+			if (lang && lang.length > 0) {
+				localStorage.setItem('lang', lang);
+			}
+
+			setTimeout(() => {
+				location.href = '/';
+			}, 500);
 		</script>
 	</head>
 </html>
diff --git a/src/models/app.ts b/src/models/app.ts
index 446f0c62f4..45c95d92d8 100644
--- a/src/models/app.ts
+++ b/src/models/app.ts
@@ -19,7 +19,7 @@ export type IApp = {
 	nameId: string;
 	nameIdLower: string;
 	description: string;
-	permission: string;
+	permission: string[];
 	callbackUrl: string;
 };
 
diff --git a/src/models/note.ts b/src/models/note.ts
index f509fa66c8..a11da196cd 100644
--- a/src/models/note.ts
+++ b/src/models/note.ts
@@ -69,6 +69,38 @@ export type INote = {
 	};
 };
 
+// TODO
+export async function physicalDelete(note: string | mongo.ObjectID | INote) {
+	let n: INote;
+
+	// Populate
+	if (mongo.ObjectID.prototype.isPrototypeOf(note)) {
+		n = await Note.findOne({
+			_id: note
+		});
+	} else if (typeof note === 'string') {
+		n = await Note.findOne({
+			_id: new mongo.ObjectID(note)
+		});
+	} else {
+		n = note as INote;
+	}
+
+	if (n == null) return;
+
+	// この投稿の返信をすべて削除
+	const replies = await Note.find({
+		replyId: n._id
+	});
+	await Promise.all(replies.map(r => physicalDelete(r)));
+
+	// この投稿のWatchをすべて削除
+
+	// この投稿のReactionをすべて削除
+
+	// この投稿に対するFavoriteをすべて削除
+}
+
 /**
  * Pack a note for API response
  *
diff --git a/src/models/user.ts b/src/models/user.ts
index adc9e6da99..a2800a3808 100644
--- a/src/models/user.ts
+++ b/src/models/user.ts
@@ -2,7 +2,7 @@ import * as mongo from 'mongodb';
 import deepcopy = require('deepcopy');
 import rap from '@prezzemolo/rap';
 import db from '../db/mongodb';
-import { INote, pack as packNote } from './note';
+import Note, { INote, pack as packNote, physicalDelete as physicalDeleteNote } from './note';
 import Following from './following';
 import Mute from './mute';
 import getFriends from '../server/api/common/get-friends';
@@ -121,6 +121,40 @@ export function init(user): IUser {
 	return user;
 }
 
+// TODO
+export async function physicalDelete(user: string | mongo.ObjectID | IUser) {
+	let u: IUser;
+
+	// Populate
+	if (mongo.ObjectID.prototype.isPrototypeOf(user)) {
+		u = await User.findOne({
+			_id: user
+		});
+	} else if (typeof user === 'string') {
+		u = await User.findOne({
+			_id: new mongo.ObjectID(user)
+		});
+	} else {
+		u = user as IUser;
+	}
+
+	if (u == null) return;
+
+	// このユーザーが行った投稿をすべて削除
+	const notes = await Note.find({ userId: u._id });
+	await Promise.all(notes.map(n => physicalDeleteNote(n)));
+
+	// このユーザーのお気に入りをすべて削除
+
+	// このユーザーが行ったメッセージをすべて削除
+
+	// このユーザーのドライブのファイルをすべて削除
+
+	// このユーザーに関するfollowingをすべて削除
+
+	// このユーザーを削除
+}
+
 /**
  * Pack a user for API response
  *
diff --git a/src/server/api/api-handler.ts b/src/server/api/api-handler.ts
index fb603a0e2a..409069b6a0 100644
--- a/src/server/api/api-handler.ts
+++ b/src/server/api/api-handler.ts
@@ -2,55 +2,33 @@ import * as express from 'express';
 
 import { Endpoint } from './endpoints';
 import authenticate from './authenticate';
-import { IAuthContext } from './authenticate';
-import _reply from './reply';
-import limitter from './limitter';
+import call from './call';
+import { IUser } from '../../models/user';
+import { IApp } from '../../models/app';
 
 export default async (endpoint: Endpoint, req: express.Request, res: express.Response) => {
-	const reply = _reply.bind(null, res);
-	let ctx: IAuthContext;
+	const reply = (x?: any, y?: any) => {
+		if (x === undefined) {
+			res.sendStatus(204);
+		} else if (typeof x === 'number') {
+			res.status(x).send({
+				error: x === 500 ? 'INTERNAL_ERROR' : y
+			});
+		} else {
+			res.send(x);
+		}
+	};
+
+	let user: IUser;
+	let app: IApp;
 
 	// Authentication
 	try {
-		ctx = await authenticate(req);
+		[user, app] = await authenticate(req.body['i']);
 	} catch (e) {
 		return reply(403, 'AUTHENTICATION_FAILED');
 	}
 
-	if (endpoint.secure && !ctx.isSecure) {
-		return reply(403, 'ACCESS_DENIED');
-	}
-
-	if (endpoint.withCredential && ctx.user == null) {
-		return reply(401, 'PLZ_SIGNIN');
-	}
-
-	if (ctx.app && endpoint.kind) {
-		if (!ctx.app.permission.some(p => p === endpoint.kind)) {
-			return reply(403, 'ACCESS_DENIED');
-		}
-	}
-
-	if (endpoint.withCredential && endpoint.limit) {
-		try {
-			await limitter(endpoint, ctx); // Rate limit
-		} catch (e) {
-			// drop request if limit exceeded
-			return reply(429);
-		}
-	}
-
-	let exec = require(`${__dirname}/endpoints/${endpoint.name}`);
-
-	if (endpoint.withFile) {
-		exec = exec.bind(null, req.file);
-	}
-
 	// API invoking
-	try {
-		const res = await exec(req.body, ctx.user, ctx.app, ctx.isSecure);
-		reply(res);
-	} catch (e) {
-		reply(400, e);
-	}
+	call(endpoint, user, app, req.body, req).then(reply).catch(e => reply(400, e));
 };
diff --git a/src/server/api/authenticate.ts b/src/server/api/authenticate.ts
index adbeeb3b34..836fb7cfe8 100644
--- a/src/server/api/authenticate.ts
+++ b/src/server/api/authenticate.ts
@@ -1,50 +1,24 @@
-import * as express from 'express';
-import App from '../../models/app';
+import App, { IApp } from '../../models/app';
 import { default as User, IUser } from '../../models/user';
 import AccessToken from '../../models/access-token';
 import isNativeToken from './common/is-native-token';
 
-export interface IAuthContext {
-	/**
-	 * App which requested
-	 */
-	app: any;
-
-	/**
-	 * Authenticated user
-	 */
-	user: IUser;
-
-	/**
-	 * Whether requested with a User-Native Token
-	 */
-	isSecure: boolean;
-}
-
-export default (req: express.Request) => new Promise<IAuthContext>(async (resolve, reject) => {
-	const token = req.body['i'] as string;
-
+export default (token: string) => new Promise<[IUser, IApp]>(async (resolve, reject) => {
 	if (token == null) {
-		return resolve({
-			app: null,
-			user: null,
-			isSecure: false
-		});
+		resolve([null, null]);
+		return;
 	}
 
 	if (isNativeToken(token)) {
+		// Fetch user
 		const user: IUser = await User
-			.findOne({ 'token': token });
+			.findOne({ token });
 
 		if (user === null) {
 			return reject('user not found');
 		}
 
-		return resolve({
-			app: null,
-			user: user,
-			isSecure: true
-		});
+		resolve([user, null]);
 	} else {
 		const accessToken = await AccessToken.findOne({
 			hash: token.toLowerCase()
@@ -60,10 +34,6 @@ export default (req: express.Request) => new Promise<IAuthContext>(async (resolv
 		const user = await User
 			.findOne({ _id: accessToken.userId });
 
-		return resolve({
-			app: app,
-			user: user,
-			isSecure: false
-		});
+		resolve([user, app]);
 	}
 });
diff --git a/src/server/api/call.ts b/src/server/api/call.ts
new file mode 100644
index 0000000000..1bfe94bb74
--- /dev/null
+++ b/src/server/api/call.ts
@@ -0,0 +1,55 @@
+import * as express from 'express';
+
+import endpoints, { Endpoint } from './endpoints';
+import limitter from './limitter';
+import { IUser } from '../../models/user';
+import { IApp } from '../../models/app';
+
+export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: express.Request) => new Promise(async (ok, rej) => {
+	const isSecure = user != null && app == null;
+
+	//console.log(endpoint, user, app, data);
+
+	const ep = typeof endpoint == 'string' ? endpoints.find(e => e.name == endpoint) : endpoint;
+
+	if (ep.secure && !isSecure) {
+		return rej('ACCESS_DENIED');
+	}
+
+	if (ep.withCredential && user == null) {
+		return rej('SIGNIN_REQUIRED');
+	}
+
+	if (app && ep.kind) {
+		if (!app.permission.some(p => p === ep.kind)) {
+			return rej('PERMISSION_DENIED');
+		}
+	}
+
+	if (ep.withCredential && ep.limit) {
+		try {
+			await limitter(ep, user); // Rate limit
+		} catch (e) {
+			// drop request if limit exceeded
+			return rej('RATE_LIMIT_EXCEEDED');
+		}
+	}
+
+	let exec = require(`${__dirname}/endpoints/${ep.name}`);
+
+	if (ep.withFile && req) {
+		exec = exec.bind(null, req.file);
+	}
+
+	let res;
+
+	// API invoking
+	try {
+		res = await exec(data, user, app);
+	} catch (e) {
+		rej(e);
+		return;
+	}
+
+	ok(res);
+});
diff --git a/src/server/api/endpoints/app/show.ts b/src/server/api/endpoints/app/show.ts
index 3a3c25f47c..99a2093b68 100644
--- a/src/server/api/endpoints/app/show.ts
+++ b/src/server/api/endpoints/app/show.ts
@@ -36,14 +36,10 @@ import App, { pack } from '../../../../models/app';
 
 /**
  * Show an app
- *
- * @param {any} params
- * @param {any} user
- * @param {any} _
- * @param {any} isSecure
- * @return {Promise<any>}
  */
-module.exports = (params, user, _, isSecure) => new Promise(async (res, rej) => {
+module.exports = (params, user, app) => new Promise(async (res, rej) => {
+	const isSecure = user != null && app == null;
+
 	// Get 'appId' parameter
 	const [appId, appIdErr] = $(params.appId).optional.id().$;
 	if (appIdErr) return rej('invalid appId param');
@@ -57,16 +53,16 @@ module.exports = (params, user, _, isSecure) => new Promise(async (res, rej) =>
 	}
 
 	// Lookup app
-	const app = appId !== undefined
+	const ap = appId !== undefined
 		? await App.findOne({ _id: appId })
 		: await App.findOne({ nameIdLower: nameId.toLowerCase() });
 
-	if (app === null) {
+	if (ap === null) {
 		return rej('app not found');
 	}
 
 	// Send response
-	res(await pack(app, user, {
-		includeSecret: isSecure && app.userId.equals(user._id)
+	res(await pack(ap, user, {
+		includeSecret: isSecure && ap.userId.equals(user._id)
 	}));
 });
diff --git a/src/server/api/endpoints/i.ts b/src/server/api/endpoints/i.ts
index 0be30500c4..379c3c4d88 100644
--- a/src/server/api/endpoints/i.ts
+++ b/src/server/api/endpoints/i.ts
@@ -6,7 +6,9 @@ import User, { pack } from '../../../models/user';
 /**
  * Show myself
  */
-module.exports = (params, user, _, isSecure) => new Promise(async (res, rej) => {
+module.exports = (params, user, app) => new Promise(async (res, rej) => {
+	const isSecure = user != null && app == null;
+
 	// Serialize
 	res(await pack(user, user, {
 		detail: true,
diff --git a/src/server/api/endpoints/i/update.ts b/src/server/api/endpoints/i/update.ts
index 36be2774f6..f3c9d777b5 100644
--- a/src/server/api/endpoints/i/update.ts
+++ b/src/server/api/endpoints/i/update.ts
@@ -7,14 +7,10 @@ import event from '../../../../publishers/stream';
 
 /**
  * Update myself
- *
- * @param {any} params
- * @param {any} user
- * @param {any} _
- * @param {boolean} isSecure
- * @return {Promise<any>}
  */
-module.exports = async (params, user, _, isSecure) => new Promise(async (res, rej) => {
+module.exports = async (params, user, app) => new Promise(async (res, rej) => {
+	const isSecure = user != null && app == null;
+
 	// Get 'name' parameter
 	const [name, nameErr] = $(params.name).optional.nullable.string().pipe(isValidName).$;
 	if (nameErr) return rej('invalid name param');
diff --git a/src/server/api/endpoints/meta.ts b/src/server/api/endpoints/meta.ts
index 8574362fc8..f6a276a2b7 100644
--- a/src/server/api/endpoints/meta.ts
+++ b/src/server/api/endpoints/meta.ts
@@ -35,9 +35,6 @@ import Meta from '../../../models/meta';
 
 /**
  * Show core info
- *
- * @param {any} params
- * @return {Promise<any>}
  */
 module.exports = (params) => new Promise(async (res, rej) => {
 	const meta: any = (await Meta.findOne()) || {};
diff --git a/src/server/api/endpoints/sw/register.ts b/src/server/api/endpoints/sw/register.ts
index ef3428057d..3fe0bda4ee 100644
--- a/src/server/api/endpoints/sw/register.ts
+++ b/src/server/api/endpoints/sw/register.ts
@@ -6,14 +6,8 @@ import Subscription from '../../../../models/sw-subscription';
 
 /**
  * subscribe service worker
- *
- * @param {any} params
- * @param {any} user
- * @param {any} _
- * @param {boolean} isSecure
- * @return {Promise<any>}
  */
-module.exports = async (params, user, _, isSecure) => new Promise(async (res, rej) => {
+module.exports = async (params, user, app) => new Promise(async (res, rej) => {
 	// Get 'endpoint' parameter
 	const [endpoint, endpointErr] = $(params.endpoint).string().$;
 	if (endpointErr) return rej('invalid endpoint param');
diff --git a/src/server/api/endpoints/users/notes.ts b/src/server/api/endpoints/users/notes.ts
index f9f6345e34..e91b75e1d3 100644
--- a/src/server/api/endpoints/users/notes.ts
+++ b/src/server/api/endpoints/users/notes.ts
@@ -8,10 +8,6 @@ import User from '../../../../models/user';
 
 /**
  * Get notes of a user
- *
- * @param {any} params
- * @param {any} me
- * @return {Promise<any>}
  */
 module.exports = (params, me) => new Promise(async (res, rej) => {
 	// Get 'userId' parameter
@@ -118,7 +114,7 @@ module.exports = (params, me) => new Promise(async (res, rej) => {
 	if (withMedia) {
 		query.mediaIds = {
 			$exists: true,
-			$ne: null
+			$ne: []
 		};
 	}
 	//#endregion
diff --git a/src/server/api/index.ts b/src/server/api/index.ts
index e89d196096..5fbacd8a0e 100644
--- a/src/server/api/index.ts
+++ b/src/server/api/index.ts
@@ -7,7 +7,6 @@ import * as bodyParser from 'body-parser';
 import * as cors from 'cors';
 import * as multer from 'multer';
 
-// import authenticate from './authenticate';
 import endpoints from './endpoints';
 
 /**
diff --git a/src/server/api/limitter.ts b/src/server/api/limitter.ts
index 638fac78be..b84e16ecde 100644
--- a/src/server/api/limitter.ts
+++ b/src/server/api/limitter.ts
@@ -2,12 +2,12 @@ import * as Limiter from 'ratelimiter';
 import * as debug from 'debug';
 import limiterDB from '../../db/redis';
 import { Endpoint } from './endpoints';
-import { IAuthContext } from './authenticate';
 import getAcct from '../../acct/render';
+import { IUser } from '../../models/user';
 
 const log = debug('misskey:limitter');
 
-export default (endpoint: Endpoint, ctx: IAuthContext) => new Promise((ok, reject) => {
+export default (endpoint: Endpoint, user: IUser) => new Promise((ok, reject) => {
 	const limitation = endpoint.limit;
 
 	const key = limitation.hasOwnProperty('key')
@@ -32,7 +32,7 @@ export default (endpoint: Endpoint, ctx: IAuthContext) => new Promise((ok, rejec
 	// Short-term limit
 	function min() {
 		const minIntervalLimiter = new Limiter({
-			id: `${ctx.user._id}:${key}:min`,
+			id: `${user._id}:${key}:min`,
 			duration: limitation.minInterval,
 			max: 1,
 			db: limiterDB
@@ -43,7 +43,7 @@ export default (endpoint: Endpoint, ctx: IAuthContext) => new Promise((ok, rejec
 				return reject('ERR');
 			}
 
-			log(`@${getAcct(ctx.user)} ${endpoint.name} min remaining: ${info.remaining}`);
+			log(`@${getAcct(user)} ${endpoint.name} min remaining: ${info.remaining}`);
 
 			if (info.remaining === 0) {
 				reject('BRIEF_REQUEST_INTERVAL');
@@ -60,7 +60,7 @@ export default (endpoint: Endpoint, ctx: IAuthContext) => new Promise((ok, rejec
 	// Long term limit
 	function max() {
 		const limiter = new Limiter({
-			id: `${ctx.user._id}:${key}`,
+			id: `${user._id}:${key}`,
 			duration: limitation.duration,
 			max: limitation.max,
 			db: limiterDB
@@ -71,7 +71,7 @@ export default (endpoint: Endpoint, ctx: IAuthContext) => new Promise((ok, rejec
 				return reject('ERR');
 			}
 
-			log(`@${getAcct(ctx.user)} ${endpoint.name} max remaining: ${info.remaining}`);
+			log(`@${getAcct(user)} ${endpoint.name} max remaining: ${info.remaining}`);
 
 			if (info.remaining === 0) {
 				reject('RATE_LIMIT_EXCEEDED');
diff --git a/src/server/api/reply.ts b/src/server/api/reply.ts
deleted file mode 100644
index e47fc85b9b..0000000000
--- a/src/server/api/reply.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import * as express from 'express';
-
-export default (res: express.Response, x?: any, y?: any) => {
-	if (x === undefined) {
-		res.sendStatus(204);
-	} else if (typeof x === 'number') {
-		res.status(x).send({
-			error: x === 500 ? 'INTERNAL_ERROR' : y
-		});
-	} else {
-		res.send(x);
-	}
-};
diff --git a/src/server/api/stream/home.ts b/src/server/api/stream/home.ts
index 359ef74aff..e9c0924f31 100644
--- a/src/server/api/stream/home.ts
+++ b/src/server/api/stream/home.ts
@@ -2,14 +2,22 @@ import * as websocket from 'websocket';
 import * as redis from 'redis';
 import * as debug from 'debug';
 
-import User from '../../../models/user';
+import User, { IUser } from '../../../models/user';
 import Mute from '../../../models/mute';
 import { pack as packNote } from '../../../models/note';
 import readNotification from '../common/read-notification';
+import call from '../call';
+import { IApp } from '../../../models/app';
 
 const log = debug('misskey');
 
-export default async function(request: websocket.request, connection: websocket.connection, subscriber: redis.RedisClient, user: any) {
+export default async function(
+	request: websocket.request,
+	connection: websocket.connection,
+	subscriber: redis.RedisClient,
+	user: IUser,
+	app: IApp
+) {
 	// Subscribe Home stream channel
 	subscriber.subscribe(`misskey:user-stream:${user._id}`);
 
@@ -67,7 +75,17 @@ export default async function(request: websocket.request, connection: websocket.
 
 		switch (msg.type) {
 			case 'api':
-				// TODO
+				call(msg.endpoint, user, app, msg.data).then(res => {
+					connection.send(JSON.stringify({
+						type: `api-res:${msg.id}`,
+						body: { res }
+					}));
+				}).catch(e => {
+					connection.send(JSON.stringify({
+						type: `api-res:${msg.id}`,
+						body: { e }
+					}));
+				});
 				break;
 
 			case 'alive':
diff --git a/src/server/api/streaming.ts b/src/server/api/streaming.ts
index 26946b524e..d586d7c08f 100644
--- a/src/server/api/streaming.ts
+++ b/src/server/api/streaming.ts
@@ -2,9 +2,6 @@ import * as http from 'http';
 import * as websocket from 'websocket';
 import * as redis from 'redis';
 import config from '../../config';
-import { default as User, IUser } from '../../models/user';
-import AccessToken from '../../models/access-token';
-import isNativeToken from './common/is-native-token';
 
 import homeStream from './stream/home';
 import driveStream from './stream/drive';
@@ -16,6 +13,7 @@ import serverStream from './stream/server';
 import requestsStream from './stream/requests';
 import channelStream from './stream/channel';
 import { ParsedUrlQuery } from 'querystring';
+import authenticate from './authenticate';
 
 module.exports = (server: http.Server) => {
 	/**
@@ -53,7 +51,7 @@ module.exports = (server: http.Server) => {
 		}
 
 		const q = request.resourceURL.query as ParsedUrlQuery;
-		const user = await authenticate(q.i as string);
+		const [user, app] = await authenticate(q.i as string);
 
 		if (request.resourceURL.pathname === '/othello-game') {
 			othelloGameStream(request, connection, subscriber, user);
@@ -75,46 +73,9 @@ module.exports = (server: http.Server) => {
 			null;
 
 		if (channel !== null) {
-			channel(request, connection, subscriber, user);
+			channel(request, connection, subscriber, user, app);
 		} else {
 			connection.close();
 		}
 	});
 };
-
-/**
- * 接続してきたユーザーを取得します
- * @param token 送信されてきたトークン
- */
-function authenticate(token: string): Promise<IUser> {
-	if (token == null) {
-		return Promise.resolve(null);
-	}
-
-	return new Promise(async (resolve, reject) => {
-		if (isNativeToken(token)) {
-			// Fetch user
-			const user: IUser = await User
-				.findOne({
-					host: null,
-					'token': token
-				});
-
-			resolve(user);
-		} else {
-			const accessToken = await AccessToken.findOne({
-				hash: token
-			});
-
-			if (accessToken == null) {
-				return reject('invalid signature');
-			}
-
-			// Fetch user
-			const user: IUser = await User
-				.findOne({ _id: accessToken.userId });
-
-			resolve(user);
-		}
-	});
-}