diff options
Diffstat (limited to 'src/remote/activitypub')
| -rw-r--r-- | src/remote/activitypub/db-resolver.ts | 122 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/accept/follow.ts | 22 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/block/index.ts | 30 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/create/note.ts | 26 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/delete/note.ts | 29 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/follow.ts | 20 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/reject/follow.ts | 20 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/undo/block.ts | 29 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/undo/follow.ts | 24 | ||||
| -rw-r--r-- | src/remote/activitypub/kernel/update/index.ts | 30 | ||||
| -rw-r--r-- | src/remote/activitypub/misc/contexts.ts | 522 | ||||
| -rw-r--r-- | src/remote/activitypub/misc/ld-signature.ts | 133 | ||||
| -rw-r--r-- | src/remote/activitypub/models/note.ts | 24 | ||||
| -rw-r--r-- | src/remote/activitypub/type.ts | 9 |
14 files changed, 903 insertions, 137 deletions
diff --git a/src/remote/activitypub/db-resolver.ts b/src/remote/activitypub/db-resolver.ts new file mode 100644 index 0000000000..6f1cb1e110 --- /dev/null +++ b/src/remote/activitypub/db-resolver.ts @@ -0,0 +1,122 @@ +import config from '../../config'; +import { Note } from '../../models/entities/note'; +import { User, IRemoteUser } from '../../models/entities/user'; +import { UserPublickey } from '../../models/entities/user-publickey'; +import { Notes, Users, UserPublickeys } from '../../models'; +import { IObject, getApId } from './type'; +import { resolvePerson } from './models/person'; +import { ensure } from '../../prelude/ensure'; +import escapeRegexp = require('escape-regexp'); + +export default class DbResolver { + constructor() { + } + + /** + * AP Note => Misskey Note in DB + */ + public async getNoteFromApId(value: string | IObject): Promise<Note | null> { + const parsed = this.parseUri(value); + + if (parsed.id) { + return (await Notes.findOne({ + id: parsed.id + })) || null; + } + + if (parsed.uri) { + return (await Notes.findOne({ + uri: parsed.uri + })) || null; + } + + return null; + } + + /** + * AP Person => Misskey User in DB + */ + public async getUserFromApId(value: string | IObject): Promise<User | null> { + const parsed = this.parseUri(value); + + if (parsed.id) { + return (await Users.findOne({ + id: parsed.id + })) || null; + } + + if (parsed.uri) { + return (await Users.findOne({ + uri: parsed.uri + })) || null; + } + + return null; + } + + /** + * AP KeyId => Misskey User and Key + */ + public async getAuthUserFromKeyId(keyId: string): Promise<AuthUser | null> { + const key = await UserPublickeys.findOne({ + keyId + }); + + if (key == null) return null; + + const user = await Users.findOne(key.userId) as IRemoteUser; + + return { + user, + key + }; + } + + /** + * AP Actor id => Misskey User and Key + */ + public async getAuthUserFromApId(uri: string): Promise<AuthUser | null> { + const user = await resolvePerson(uri) as IRemoteUser; + + if (user == null) return null; + + const key = await UserPublickeys.findOne(user.id).then(ensure); + + return { + user, + key + }; + } + + public parseUri(value: string | IObject): UriParseResult { + const uri = getApId(value); + + const localRegex = new RegExp('^' + escapeRegexp(config.url) + '/' + '(\\w+)' + '/' + '(\\w+)'); + const matchLocal = uri.match(localRegex); + + if (matchLocal) { + return { + type: matchLocal[1], + id: matchLocal[2] + }; + } else { + return { + uri + }; + } + } +} + +export type AuthUser = { + user: IRemoteUser; + key: UserPublickey; +}; + +type UriParseResult = { + /** id in DB (local object only) */ + id?: string; + /** uri in DB (remote object only) */ + uri?: string; + /** hint of type (local object only, ex: notes, users) */ + type?: string +}; diff --git a/src/remote/activitypub/kernel/accept/follow.ts b/src/remote/activitypub/kernel/accept/follow.ts index cf6763186e..c067f7622a 100644 --- a/src/remote/activitypub/kernel/accept/follow.ts +++ b/src/remote/activitypub/kernel/accept/follow.ts @@ -1,28 +1,22 @@ import { IRemoteUser } from '../../../../models/entities/user'; -import config from '../../../../config'; import accept from '../../../../services/following/requests/accept'; import { IFollow } from '../../type'; -import { Users } from '../../../../models'; +import DbResolver from '../../db-resolver'; -export default async (actor: IRemoteUser, activity: IFollow): Promise<void> => { - const id = typeof activity.actor === 'string' ? activity.actor : activity.actor.id; - if (id == null) throw new Error('missing id'); +export default async (actor: IRemoteUser, activity: IFollow): Promise<string> => { + // ※ activityはこっちから投げたフォローリクエストなので、activity.actorは存在するローカルユーザーである必要がある - if (!id.startsWith(config.url + '/')) { - return; - } - - const follower = await Users.findOne({ - id: id.split('/').pop() - }); + const dbResolver = new DbResolver(); + const follower = await dbResolver.getUserFromApId(activity.actor); if (follower == null) { - throw new Error('follower not found'); + return `skip: follower not found`; } if (follower.host != null) { - throw new Error('フォローリクエストしたユーザーはローカルユーザーではありません'); + return `skip: follower is not a local user`; } await accept(actor, follower); + return `ok`; }; diff --git a/src/remote/activitypub/kernel/block/index.ts b/src/remote/activitypub/kernel/block/index.ts index 24bc9d524f..6c794e1250 100644 --- a/src/remote/activitypub/kernel/block/index.ts +++ b/src/remote/activitypub/kernel/block/index.ts @@ -1,32 +1,22 @@ -import config from '../../../../config'; -import { IBlock, getApId } from '../../type'; +import { IBlock } from '../../type'; import block from '../../../../services/blocking/create'; -import { apLogger } from '../../logger'; -import { Users } from '../../../../models'; import { IRemoteUser } from '../../../../models/entities/user'; +import DbResolver from '../../db-resolver'; -const logger = apLogger; +export default async (actor: IRemoteUser, activity: IBlock): Promise<string> => { + // ※ activity.objectにブロック対象があり、それは存在するローカルユーザーのはず -export default async (actor: IRemoteUser, activity: IBlock): Promise<void> => { - const id = getApId(activity.object); - - const uri = getApId(activity); - - logger.info(`Block: ${uri}`); - - if (!id.startsWith(config.url + '/')) { - return; - } - - const blockee = await Users.findOne(id.split('/').pop()); + const dbResolver = new DbResolver(); + const blockee = await dbResolver.getUserFromApId(activity.object); if (blockee == null) { - throw new Error('blockee not found'); + return `skip: blockee not found`; } if (blockee.host != null) { - throw new Error('ブロックしようとしているユーザーはローカルユーザーではありません'); + return `skip: ブロックしようとしているユーザーはローカルユーザーではありません`; } - block(actor, blockee); + await block(actor, blockee); + return `ok`; }; diff --git a/src/remote/activitypub/kernel/create/note.ts b/src/remote/activitypub/kernel/create/note.ts index d7027b8f3f..f4fb8e5647 100644 --- a/src/remote/activitypub/kernel/create/note.ts +++ b/src/remote/activitypub/kernel/create/note.ts @@ -3,19 +3,39 @@ import { IRemoteUser } from '../../../../models/entities/user'; import { createNote, fetchNote } from '../../models/note'; import { getApId, IObject, ICreate } from '../../type'; import { getApLock } from '../../../../misc/app-lock'; +import { extractDbHost } from '../../../../misc/convert-host'; /** * 投稿作成アクティビティを捌きます */ -export default async function(resolver: Resolver, actor: IRemoteUser, note: IObject, silent = false, activity?: ICreate): Promise<void> { +export default async function(resolver: Resolver, actor: IRemoteUser, note: IObject, silent = false, activity?: ICreate): Promise<string> { const uri = getApId(note); + if (typeof note === 'object') { + if (actor.uri !== note.attributedTo) { + return `skip: actor.uri !== note.attributedTo`; + } + + if (typeof note.id === 'string') { + if (extractDbHost(actor.uri) !== extractDbHost(note.id)) { + return `skip: host in actor.uri !== note.id`; + } + } + } + const unlock = await getApLock(uri); try { const exist = await fetchNote(note); - if (exist == null) { - await createNote(note, resolver, silent); + if (exist) return 'skip: note exists'; + + await createNote(note, resolver, silent); + return 'ok'; + } catch (e) { + if (e.statusCode >= 400 && e.statusCode < 500) { + return `skip ${e.statusCode}`; + } else { + throw e; } } finally { unlock(); diff --git a/src/remote/activitypub/kernel/delete/note.ts b/src/remote/activitypub/kernel/delete/note.ts index b146e68a07..9d7574c29b 100644 --- a/src/remote/activitypub/kernel/delete/note.ts +++ b/src/remote/activitypub/kernel/delete/note.ts @@ -1,22 +1,31 @@ import { IRemoteUser } from '../../../../models/entities/user'; import deleteNode from '../../../../services/note/delete'; import { apLogger } from '../../logger'; -import { Notes } from '../../../../models'; +import DbResolver from '../../db-resolver'; +import { getApLock } from '../../../../misc/app-lock'; const logger = apLogger; -export default async function(actor: IRemoteUser, uri: string): Promise<void> { +export default async function(actor: IRemoteUser, uri: string): Promise<string> { logger.info(`Deleting the Note: ${uri}`); - const note = await Notes.findOne({ uri }); + const unlock = await getApLock(uri); - if (note == null) { - throw new Error('note not found'); - } + try { + const dbResolver = new DbResolver(); + const note = await dbResolver.getNoteFromApId(uri); - if (note.userId !== actor.id) { - throw new Error('投稿を削除しようとしているユーザーは投稿の作成者ではありません'); - } + if (note == null) { + return 'note not found'; + } - await deleteNode(actor, note); + if (note.userId !== actor.id) { + return '投稿を削除しようとしているユーザーは投稿の作成者ではありません'; + } + + await deleteNode(actor, note); + return 'ok: deleted'; + } finally { + unlock(); + } } diff --git a/src/remote/activitypub/kernel/follow.ts b/src/remote/activitypub/kernel/follow.ts index fca6d26ccc..3e2063302a 100644 --- a/src/remote/activitypub/kernel/follow.ts +++ b/src/remote/activitypub/kernel/follow.ts @@ -1,26 +1,20 @@ import { IRemoteUser } from '../../../models/entities/user'; -import config from '../../../config'; import follow from '../../../services/following/create'; import { IFollow } from '../type'; -import { Users } from '../../../models'; +import DbResolver from '../db-resolver'; -export default async (actor: IRemoteUser, activity: IFollow): Promise<void> => { - const id = typeof activity.object === 'string' ? activity.object : activity.object.id; - if (id == null) throw new Error('missing id'); - - if (!id.startsWith(config.url + '/')) { - return; - } - - const followee = await Users.findOne(id.split('/').pop()); +export default async (actor: IRemoteUser, activity: IFollow): Promise<string> => { + const dbResolver = new DbResolver(); + const followee = await dbResolver.getUserFromApId(activity.object); if (followee == null) { - throw new Error('followee not found'); + return `skip: followee not found`; } if (followee.host != null) { - throw new Error('フォローしようとしているユーザーはローカルユーザーではありません'); + return `skip: フォローしようとしているユーザーはローカルユーザーではありません`; } await follow(actor, followee, activity.id); + return `ok`; }; diff --git a/src/remote/activitypub/kernel/reject/follow.ts b/src/remote/activitypub/kernel/reject/follow.ts index bc7d03f9a9..49e82c7afc 100644 --- a/src/remote/activitypub/kernel/reject/follow.ts +++ b/src/remote/activitypub/kernel/reject/follow.ts @@ -1,26 +1,22 @@ import { IRemoteUser } from '../../../../models/entities/user'; -import config from '../../../../config'; import reject from '../../../../services/following/requests/reject'; import { IFollow } from '../../type'; -import { Users } from '../../../../models'; +import DbResolver from '../../db-resolver'; -export default async (actor: IRemoteUser, activity: IFollow): Promise<void> => { - const id = typeof activity.actor === 'string' ? activity.actor : activity.actor.id; - if (id == null) throw new Error('missing id'); +export default async (actor: IRemoteUser, activity: IFollow): Promise<string> => { + // ※ activityはこっちから投げたフォローリクエストなので、activity.actorは存在するローカルユーザーである必要がある - if (!id.startsWith(config.url + '/')) { - return; - } - - const follower = await Users.findOne(id.split('/').pop()); + const dbResolver = new DbResolver(); + const follower = await dbResolver.getUserFromApId(activity.actor); if (follower == null) { - throw new Error('follower not found'); + return `skip: follower not found`; } if (follower.host != null) { - throw new Error('フォローリクエストしたユーザーはローカルユーザーではありません'); + return `skip: follower is not a local user`; } await reject(actor, follower); + return `ok`; }; diff --git a/src/remote/activitypub/kernel/undo/block.ts b/src/remote/activitypub/kernel/undo/block.ts index 17eab0d2d0..73000fc3f1 100644 --- a/src/remote/activitypub/kernel/undo/block.ts +++ b/src/remote/activitypub/kernel/undo/block.ts @@ -1,33 +1,20 @@ -import config from '../../../../config'; import { IBlock } from '../../type'; import unblock from '../../../../services/blocking/delete'; -import { apLogger } from '../../logger'; import { IRemoteUser } from '../../../../models/entities/user'; -import { Users } from '../../../../models'; +import DbResolver from '../../db-resolver'; -const logger = apLogger; - -export default async (actor: IRemoteUser, activity: IBlock): Promise<void> => { - const id = typeof activity.object === 'string' ? activity.object : activity.object.id; - if (id == null) throw new Error('missing id'); - - const uri = activity.id || activity; - - logger.info(`UnBlock: ${uri}`); - - if (!id.startsWith(config.url + '/')) { - return; - } - - const blockee = await Users.findOne(id.split('/').pop()); +export default async (actor: IRemoteUser, activity: IBlock): Promise<string> => { + const dbResolver = new DbResolver(); + const blockee = await dbResolver.getUserFromApId(activity.object); if (blockee == null) { - throw new Error('blockee not found'); + return `skip: blockee not found`; } if (blockee.host != null) { - throw new Error('ブロック解除しようとしているユーザーはローカルユーザーではありません'); + return `skip: ブロック解除しようとしているユーザーはローカルユーザーではありません`; } - unblock(actor, blockee); + await unblock(actor, blockee); + return `ok`; }; diff --git a/src/remote/activitypub/kernel/undo/follow.ts b/src/remote/activitypub/kernel/undo/follow.ts index 2a42f83907..73a164030b 100644 --- a/src/remote/activitypub/kernel/undo/follow.ts +++ b/src/remote/activitypub/kernel/undo/follow.ts @@ -1,26 +1,20 @@ -import config from '../../../../config'; import unfollow from '../../../../services/following/delete'; import cancelRequest from '../../../../services/following/requests/cancel'; import { IFollow } from '../../type'; import { IRemoteUser } from '../../../../models/entities/user'; -import { Users, FollowRequests, Followings } from '../../../../models'; +import { FollowRequests, Followings } from '../../../../models'; +import DbResolver from '../../db-resolver'; -export default async (actor: IRemoteUser, activity: IFollow): Promise<void> => { - const id = typeof activity.object === 'string' ? activity.object : activity.object.id; - if (id == null) throw new Error('missing id'); - - if (!id.startsWith(config.url + '/')) { - return; - } - - const followee = await Users.findOne(id.split('/').pop()); +export default async (actor: IRemoteUser, activity: IFollow): Promise<string> => { + const dbResolver = new DbResolver(); + const followee = await dbResolver.getUserFromApId(activity.object); if (followee == null) { - throw new Error('followee not found'); + return `skip: followee not found`; } if (followee.host != null) { - throw new Error('フォロー解除しようとしているユーザーはローカルユーザーではありません'); + return `skip: フォロー解除しようとしているユーザーはローカルユーザーではありません`; } const req = await FollowRequests.findOne({ @@ -35,9 +29,13 @@ export default async (actor: IRemoteUser, activity: IFollow): Promise<void> => { if (req) { await cancelRequest(followee, actor); + return `ok: follow request canceled`; } if (following) { await unfollow(actor, followee); + return `ok: unfollowed`; } + + return `skip: リクエストもフォローもされていない`; }; diff --git a/src/remote/activitypub/kernel/update/index.ts b/src/remote/activitypub/kernel/update/index.ts index b8dff73395..ea7e6a063e 100644 --- a/src/remote/activitypub/kernel/update/index.ts +++ b/src/remote/activitypub/kernel/update/index.ts @@ -1,28 +1,34 @@ import { IRemoteUser } from '../../../../models/entities/user'; -import { IUpdate, IObject } from '../../type'; +import { IUpdate, validActor } from '../../type'; import { apLogger } from '../../logger'; import { updateQuestion } from '../../models/question'; +import Resolver from '../../resolver'; +import { updatePerson } from '../../models/person'; /** * Updateアクティビティを捌きます */ -export default async (actor: IRemoteUser, activity: IUpdate): Promise<void> => { +export default async (actor: IRemoteUser, activity: IUpdate): Promise<string> => { if ('actor' in activity && actor.uri !== activity.actor) { - throw new Error('invalid actor'); + return `skip: invalid actor`; } apLogger.debug('Update'); - const object = activity.object as IObject; + const resolver = new Resolver(); - switch (object.type) { - case 'Question': - apLogger.debug('Question'); - await updateQuestion(object).catch(e => console.log(e)); - break; + const object = await resolver.resolve(activity.object).catch(e => { + apLogger.error(`Resolution failed: ${e}`); + throw e; + }); - default: - apLogger.warn(`Unknown type: ${object.type}`); - break; + if (validActor.includes(object.type)) { + await updatePerson(actor.uri!, resolver, object); + return `ok: Person updated`; + } else if (object.type === 'Question') { + await updateQuestion(object).catch(e => console.log(e)); + return `ok: Question updated`; + } else { + return `skip: Unknown type: ${object.type}`; } }; diff --git a/src/remote/activitypub/misc/contexts.ts b/src/remote/activitypub/misc/contexts.ts new file mode 100644 index 0000000000..999e3ea5d7 --- /dev/null +++ b/src/remote/activitypub/misc/contexts.ts @@ -0,0 +1,522 @@ +/* tslint:disable:quotemark indent */ +const id_v1 = { + "@context": { + "id": "@id", + "type": "@type", + + "cred": "https://w3id.org/credentials#", + "dc": "http://purl.org/dc/terms/", + "identity": "https://w3id.org/identity#", + "perm": "https://w3id.org/permissions#", + "ps": "https://w3id.org/payswarm#", + "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#", + "rdfs": "http://www.w3.org/2000/01/rdf-schema#", + "sec": "https://w3id.org/security#", + "schema": "http://schema.org/", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "Group": "https://www.w3.org/ns/activitystreams#Group", + + "claim": {"@id": "cred:claim", "@type": "@id"}, + "credential": {"@id": "cred:credential", "@type": "@id"}, + "issued": {"@id": "cred:issued", "@type": "xsd:dateTime"}, + "issuer": {"@id": "cred:issuer", "@type": "@id"}, + "recipient": {"@id": "cred:recipient", "@type": "@id"}, + "Credential": "cred:Credential", + "CryptographicKeyCredential": "cred:CryptographicKeyCredential", + + "about": {"@id": "schema:about", "@type": "@id"}, + "address": {"@id": "schema:address", "@type": "@id"}, + "addressCountry": "schema:addressCountry", + "addressLocality": "schema:addressLocality", + "addressRegion": "schema:addressRegion", + "comment": "rdfs:comment", + "created": {"@id": "dc:created", "@type": "xsd:dateTime"}, + "creator": {"@id": "dc:creator", "@type": "@id"}, + "description": "schema:description", + "email": "schema:email", + "familyName": "schema:familyName", + "givenName": "schema:givenName", + "image": {"@id": "schema:image", "@type": "@id"}, + "label": "rdfs:label", + "name": "schema:name", + "postalCode": "schema:postalCode", + "streetAddress": "schema:streetAddress", + "title": "dc:title", + "url": {"@id": "schema:url", "@type": "@id"}, + "Person": "schema:Person", + "PostalAddress": "schema:PostalAddress", + "Organization": "schema:Organization", + + "identityService": {"@id": "identity:identityService", "@type": "@id"}, + "idp": {"@id": "identity:idp", "@type": "@id"}, + "Identity": "identity:Identity", + + "paymentProcessor": "ps:processor", + "preferences": {"@id": "ps:preferences", "@type": "@vocab"}, + + "cipherAlgorithm": "sec:cipherAlgorithm", + "cipherData": "sec:cipherData", + "cipherKey": "sec:cipherKey", + "digestAlgorithm": "sec:digestAlgorithm", + "digestValue": "sec:digestValue", + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "initializationVector": "sec:initializationVector", + "member": {"@id": "schema:member", "@type": "@id"}, + "memberOf": {"@id": "schema:memberOf", "@type": "@id"}, + "nonce": "sec:nonce", + "normalizationAlgorithm": "sec:normalizationAlgorithm", + "owner": {"@id": "sec:owner", "@type": "@id"}, + "password": "sec:password", + "privateKey": {"@id": "sec:privateKey", "@type": "@id"}, + "privateKeyPem": "sec:privateKeyPem", + "publicKey": {"@id": "sec:publicKey", "@type": "@id"}, + "publicKeyPem": "sec:publicKeyPem", + "publicKeyService": {"@id": "sec:publicKeyService", "@type": "@id"}, + "revoked": {"@id": "sec:revoked", "@type": "xsd:dateTime"}, + "signature": "sec:signature", + "signatureAlgorithm": "sec:signatureAlgorithm", + "signatureValue": "sec:signatureValue", + "CryptographicKey": "sec:Key", + "EncryptedMessage": "sec:EncryptedMessage", + "GraphSignature2012": "sec:GraphSignature2012", + "LinkedDataSignature2015": "sec:LinkedDataSignature2015", + + "accessControl": {"@id": "perm:accessControl", "@type": "@id"}, + "writePermission": {"@id": "perm:writePermission", "@type": "@id"} + } +}; + +const security_v1 = { + "@context": { + "id": "@id", + "type": "@type", + + "dc": "http://purl.org/dc/terms/", + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "EcdsaKoblitzSignature2016": "sec:EcdsaKoblitzSignature2016", + "Ed25519Signature2018": "sec:Ed25519Signature2018", + "EncryptedMessage": "sec:EncryptedMessage", + "GraphSignature2012": "sec:GraphSignature2012", + "LinkedDataSignature2015": "sec:LinkedDataSignature2015", + "LinkedDataSignature2016": "sec:LinkedDataSignature2016", + "CryptographicKey": "sec:Key", + + "authenticationTag": "sec:authenticationTag", + "canonicalizationAlgorithm": "sec:canonicalizationAlgorithm", + "cipherAlgorithm": "sec:cipherAlgorithm", + "cipherData": "sec:cipherData", + "cipherKey": "sec:cipherKey", + "created": {"@id": "dc:created", "@type": "xsd:dateTime"}, + "creator": {"@id": "dc:creator", "@type": "@id"}, + "digestAlgorithm": "sec:digestAlgorithm", + "digestValue": "sec:digestValue", + "domain": "sec:domain", + "encryptionKey": "sec:encryptionKey", + "expiration": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "initializationVector": "sec:initializationVector", + "iterationCount": "sec:iterationCount", + "nonce": "sec:nonce", + "normalizationAlgorithm": "sec:normalizationAlgorithm", + "owner": {"@id": "sec:owner", "@type": "@id"}, + "password": "sec:password", + "privateKey": {"@id": "sec:privateKey", "@type": "@id"}, + "privateKeyPem": "sec:privateKeyPem", + "publicKey": {"@id": "sec:publicKey", "@type": "@id"}, + "publicKeyBase58": "sec:publicKeyBase58", + "publicKeyPem": "sec:publicKeyPem", + "publicKeyWif": "sec:publicKeyWif", + "publicKeyService": {"@id": "sec:publicKeyService", "@type": "@id"}, + "revoked": {"@id": "sec:revoked", "@type": "xsd:dateTime"}, + "salt": "sec:salt", + "signature": "sec:signature", + "signatureAlgorithm": "sec:signingAlgorithm", + "signatureValue": "sec:signatureValue" + } +}; + +const activitystreams = { + "@context": { + "@vocab": "_:", + "xsd": "http://www.w3.org/2001/XMLSchema#", + "as": "https://www.w3.org/ns/activitystreams#", + "ldp": "http://www.w3.org/ns/ldp#", + "vcard": "http://www.w3.org/2006/vcard/ns#", + "id": "@id", + "type": "@type", + "Accept": "as:Accept", + "Activity": "as:Activity", + "IntransitiveActivity": "as:IntransitiveActivity", + "Add": "as:Add", + "Announce": "as:Announce", + "Application": "as:Application", + "Arrive": "as:Arrive", + "Article": "as:Article", + "Audio": "as:Audio", + "Block": "as:Block", + "Collection": "as:Collection", + "CollectionPage": "as:CollectionPage", + "Relationship": "as:Relationship", + "Create": "as:Create", + "Delete": "as:Delete", + "Dislike": "as:Dislike", + "Document": "as:Document", + "Event": "as:Event", + "Follow": "as:Follow", + "Flag": "as:Flag", + "Group": "as:Group", + "Ignore": "as:Ignore", + "Image": "as:Image", + "Invite": "as:Invite", + "Join": "as:Join", + "Leave": "as:Leave", + "Like": "as:Like", + "Link": "as:Link", + "Mention": "as:Mention", + "Note": "as:Note", + "Object": "as:Object", + "Offer": "as:Offer", + "OrderedCollection": "as:OrderedCollection", + "OrderedCollectionPage": "as:OrderedCollectionPage", + "Organization": "as:Organization", + "Page": "as:Page", + "Person": "as:Person", + "Place": "as:Place", + "Profile": "as:Profile", + "Question": "as:Question", + "Reject": "as:Reject", + "Remove": "as:Remove", + "Service": "as:Service", + "TentativeAccept": "as:TentativeAccept", + "TentativeReject": "as:TentativeReject", + "Tombstone": "as:Tombstone", + "Undo": "as:Undo", + "Update": "as:Update", + "Video": "as:Video", + "View": "as:View", + "Listen": "as:Listen", + "Read": "as:Read", + "Move": "as:Move", + "Travel": "as:Travel", + "IsFollowing": "as:IsFollowing", + "IsFollowedBy": "as:IsFollowedBy", + "IsContact": "as:IsContact", + "IsMember": "as:IsMember", + "subject": { + "@id": "as:subject", + "@type": "@id" + }, + "relationship": { + "@id": "as:relationship", + "@type": "@id" + }, + "actor": { + "@id": "as:actor", + "@type": "@id" + }, + "attributedTo": { + "@id": "as:attributedTo", + "@type": "@id" + }, + "attachment": { + "@id": "as:attachment", + "@type": "@id" + }, + "bcc": { + "@id": "as:bcc", + "@type": "@id" + }, + "bto": { + "@id": "as:bto", + "@type": "@id" + }, + "cc": { + "@id": "as:cc", + "@type": "@id" + }, + "context": { + "@id": "as:context", + "@type": "@id" + }, + "current": { + "@id": "as:current", + "@type": "@id" + }, + "first": { + "@id": "as:first", + "@type": "@id" + }, + "generator": { + "@id": "as:generator", + "@type": "@id" + }, + "icon": { + "@id": "as:icon", + "@type": "@id" + }, + "image": { + "@id": "as:image", + "@type": "@id" + }, + "inReplyTo": { + "@id": "as:inReplyTo", + "@type": "@id" + }, + "items": { + "@id": "as:items", + "@type": "@id" + }, + "instrument": { + "@id": "as:instrument", + "@type": "@id" + }, + "orderedItems": { + "@id": "as:items", + "@type": "@id", + "@container": "@list" + }, + "last": { + "@id": "as:last", + "@type": "@id" + }, + "location": { + "@id": "as:location", + "@type": "@id" + }, + "next": { + "@id": "as:next", + "@type": "@id" + }, + "object": { + "@id": "as:object", + "@type": "@id" + }, + "oneOf": { + "@id": "as:oneOf", + "@type": "@id" + }, + "anyOf": { + "@id": "as:anyOf", + "@type": "@id" + }, + "closed": { + "@id": "as:closed", + "@type": "xsd:dateTime" + }, + "origin": { + "@id": "as:origin", + "@type": "@id" + }, + "accuracy": { + "@id": "as:accuracy", + "@type": "xsd:float" + }, + "prev": { + "@id": "as:prev", + "@type": "@id" + }, + "preview": { + "@id": "as:preview", + "@type": "@id" + }, + "replies": { + "@id": "as:replies", + "@type": "@id" + }, + "result": { + "@id": "as:result", + "@type": "@id" + }, + "audience": { + "@id": "as:audience", + "@type": "@id" + }, + "partOf": { + "@id": "as:partOf", + "@type": "@id" + }, + "tag": { + "@id": "as:tag", + "@type": "@id" + }, + "target": { + "@id": "as:target", + "@type": "@id" + }, + "to": { + "@id": "as:to", + "@type": "@id" + }, + "url": { + "@id": "as:url", + "@type": "@id" + }, + "altitude": { + "@id": "as:altitude", + "@type": "xsd:float" + }, + "content": "as:content", + "contentMap": { + "@id": "as:content", + "@container": "@language" + }, + "name": "as:name", + "nameMap": { + "@id": "as:name", + "@container": "@language" + }, + "duration": { + "@id": "as:duration", + "@type": "xsd:duration" + }, + "endTime": { + "@id": "as:endTime", + "@type": "xsd:dateTime" + }, + "height": { + "@id": "as:height", + "@type": "xsd:nonNegativeInteger" + }, + "href": { + "@id": "as:href", + "@type": "@id" + }, + "hreflang": "as:hreflang", + "latitude": { + "@id": "as:latitude", + "@type": "xsd:float" + }, + "longitude": { + "@id": "as:longitude", + "@type": "xsd:float" + }, + "mediaType": "as:mediaType", + "published": { + "@id": "as:published", + "@type": "xsd:dateTime" + }, + "radius": { + "@id": "as:radius", + "@type": "xsd:float" + }, + "rel": "as:rel", + "startIndex": { + "@id": "as:startIndex", + "@type": "xsd:nonNegativeInteger" + }, + "startTime": { + "@id": "as:startTime", + "@type": "xsd:dateTime" + }, + "summary": "as:summary", + "summaryMap": { + "@id": "as:summary", + "@container": "@language" + }, + "totalItems": { + "@id": "as:totalItems", + "@type": "xsd:nonNegativeInteger" + }, + "units": "as:units", + "updated": { + "@id": "as:updated", + "@type": "xsd:dateTime" + }, + "width": { + "@id": "as:width", + "@type": "xsd:nonNegativeInteger" + }, + "describes": { + "@id": "as:describes", + "@type": "@id" + }, + "formerType": { + "@id": "as:formerType", + "@type": "@id" + }, + "deleted": { + "@id": "as:deleted", + "@type": "xsd:dateTime" + }, + "inbox": { + "@id": "ldp:inbox", + "@type": "@id" + }, + "outbox": { + "@id": "as:outbox", + "@type": "@id" + }, + "following": { + "@id": "as:following", + "@type": "@id" + }, + "followers": { + "@id": "as:followers", + "@type": "@id" + }, + "streams": { + "@id": "as:streams", + "@type": "@id" + }, + "preferredUsername": "as:preferredUsername", + "endpoints": { + "@id": "as:endpoints", + "@type": "@id" + }, + "uploadMedia": { + "@id": "as:uploadMedia", + "@type": "@id" + }, + "proxyUrl": { + "@id": "as:proxyUrl", + "@type": "@id" + }, + "liked": { + "@id": "as:liked", + "@type": "@id" + }, + "oauthAuthorizationEndpoint": { + "@id": "as:oauthAuthorizationEndpoint", + "@type": "@id" + }, + "oauthTokenEndpoint": { + "@id": "as:oauthTokenEndpoint", + "@type": "@id" + }, + "provideClientKey": { + "@id": "as:provideClientKey", + "@type": "@id" + }, + "signClientKey": { + "@id": "as:signClientKey", + "@type": "@id" + }, + "sharedInbox": { + "@id": "as:sharedInbox", + "@type": "@id" + }, + "Public": { + "@id": "as:Public", + "@type": "@id" + }, + "source": "as:source", + "likes": { + "@id": "as:likes", + "@type": "@id" + }, + "shares": { + "@id": "as:shares", + "@type": "@id" + } + } +}; + +export const CONTEXTS: Record<string, any> = { + "https://w3id.org/identity/v1": id_v1, + "https://w3id.org/security/v1": security_v1, + "https://www.w3.org/ns/activitystreams": activitystreams, +}; diff --git a/src/remote/activitypub/misc/ld-signature.ts b/src/remote/activitypub/misc/ld-signature.ts new file mode 100644 index 0000000000..d61b430f7a --- /dev/null +++ b/src/remote/activitypub/misc/ld-signature.ts @@ -0,0 +1,133 @@ +import * as crypto from 'crypto'; +import * as jsonld from 'jsonld'; +import { CONTEXTS } from './contexts'; +import fetch from 'node-fetch'; +import { httpAgent, httpsAgent } from '../../../misc/fetch'; + +// RsaSignature2017 based from https://github.com/transmute-industries/RsaSignature2017 + +export class LdSignature { + public debug = false; + public preLoad = true; + public loderTimeout = 10 * 1000; + + constructor() { + } + + public async signRsaSignature2017(data: any, privateKey: string, creator: string, domain?: string, created?: Date): Promise<any> { + const options = { + type: 'RsaSignature2017', + creator, + domain, + nonce: crypto.randomBytes(16).toString('hex'), + created: (created || new Date()).toISOString() + } as { + type: string; + creator: string; + domain: string; + nonce: string; + created: string; + }; + + if (!domain) { + delete options.domain; + } + + const toBeSigned = await this.createVerifyData(data, options); + + const signer = crypto.createSign('sha256'); + signer.update(toBeSigned); + signer.end(); + + const signature = signer.sign(privateKey); + + return { + ...data, + signature: { + ...options, + signatureValue: signature.toString('base64') + } + }; + } + + public async verifyRsaSignature2017(data: any, publicKey: string): Promise<boolean> { + const toBeSigned = await this.createVerifyData(data, data.signature); + const verifier = crypto.createVerify('sha256'); + verifier.update(toBeSigned); + return verifier.verify(publicKey, data.signature.signatureValue, 'base64'); + } + + public async createVerifyData(data: any, options: any) { + const transformedOptions = { + ...options, + '@context': 'https://w3id.org/identity/v1' + }; + delete transformedOptions['type']; + delete transformedOptions['id']; + delete transformedOptions['signatureValue']; + const canonizedOptions = await this.normalize(transformedOptions); + const optionsHash = this.sha256(canonizedOptions); + const transformedData = { ...data }; + delete transformedData['signature']; + const cannonidedData = await this.normalize(transformedData); + const documentHash = this.sha256(cannonidedData); + const verifyData = `${optionsHash}${documentHash}`; + return verifyData; + } + + public async normalize(data: any) { + const customLoader = this.getLoader(); + return await jsonld.normalize(data, { + documentLoader: customLoader + }); + } + + private getLoader() { + return async (url: string): Promise<any> => { + if (!url.match('^https?\:\/\/')) throw `Invalid URL ${url}`; + + if (this.preLoad) { + if (url in CONTEXTS) { + if (this.debug) console.debug(`HIT: ${url}`); + return { + contextUrl: null, + document: CONTEXTS[url], + documentUrl: url + }; + } + } + + if (this.debug) console.debug(`MISS: ${url}`); + const document = await this.fetchDocument(url); + return { + contextUrl: null, + document: document, + documentUrl: url + }; + }; + } + + private async fetchDocument(url: string) { + const json = await fetch(url, { + headers: { + Accept: 'application/ld+json, application/json', + }, + timeout: this.loderTimeout, + agent: u => u.protocol == 'http:' ? httpAgent : httpsAgent, + }).then(res => { + if (!res.ok) { + throw `${res.status} ${res.statusText}`; + } else { + return res.json(); + } + }); + + return json; + } + + public sha256(data: string): string { + const hash = crypto.createHash('sha256'); + hash.update(data); + return hash.digest('hex'); + } +} diff --git a/src/remote/activitypub/models/note.ts b/src/remote/activitypub/models/note.ts index 1556307670..feaee2f630 100644 --- a/src/remote/activitypub/models/note.ts +++ b/src/remote/activitypub/models/note.ts @@ -15,7 +15,7 @@ import { apLogger } from '../logger'; import { DriveFile } from '../../../models/entities/drive-file'; import { deliverQuestionUpdate } from '../../../services/note/polls/update'; import { extractDbHost, toPuny } from '../../../misc/convert-host'; -import { Notes, Emojis, Polls, MessagingMessages } from '../../../models'; +import { Emojis, Polls, MessagingMessages } from '../../../models'; import { Note } from '../../../models/entities/note'; import { IObject, getOneApId, getApId, getOneApHrefNullable, validPost, IPost, isEmoji } from '../type'; import { Emoji } from '../../../models/entities/emoji'; @@ -26,6 +26,7 @@ import { getApLock } from '../../../misc/app-lock'; import { createMessage } from '../../../services/messages/create'; import { parseAudience } from '../audience'; import { extractApMentions } from './mention'; +import DbResolver from '../db-resolver'; const logger = apLogger; @@ -56,24 +57,9 @@ export function validateNote(object: any, uri: string) { * * Misskeyに対象のNoteが登録されていればそれを返します。 */ -export async function fetchNote(value: string | IObject, resolver?: Resolver): Promise<Note | null> { - const uri = getApId(value); - - // URIがこのサーバーを指しているならデータベースからフェッチ - if (uri.startsWith(config.url + '/')) { - const id = uri.split('/').pop(); - return await Notes.findOne(id).then(x => x || null); - } - - //#region このサーバーに既に登録されていたらそれを返す - const exist = await Notes.findOne({ uri }); - - if (exist) { - return exist; - } - //#endregion - - return null; +export async function fetchNote(object: string | IObject): Promise<Note | null> { + const dbResolver = new DbResolver(); + return await dbResolver.getNoteFromApId(object); } /** diff --git a/src/remote/activitypub/type.ts b/src/remote/activitypub/type.ts index ac2b01c474..1a1a9d6475 100644 --- a/src/remote/activitypub/type.ts +++ b/src/remote/activitypub/type.ts @@ -67,6 +67,15 @@ export interface IActivity extends IObject { actor: IObject | string; object: IObject | string; target?: IObject | string; + /** LD-Signature */ + signature?: { + type: string; + created: Date; + creator: string; + domain?: string; + nonce?: string; + signatureValue: string; + }; } export interface ICollection extends IObject { |