FoundKey/src/queue/processors/http/process-inbox.ts

import * as bq from 'bee-queue';
import * as debug from 'debug';

const httpSignature = require('http-signature');
import parseAcct from '../../../misc/acct/parse';
import User, { IRemoteUser } from '../../../models/user';
import perform from '../../../remote/activitypub/perform';
import { resolvePerson, updatePerson } from '../../../remote/activitypub/models/person';
import { toUnicode } from 'punycode';
import { URL } from 'url';
import { publishApLogStream } from '../../../stream';

const log = debug('misskey:queue:inbox');

// ユーザーのinboxにアクティビティが届いた時の処理
export default async (job: bq.Job, done: any): Promise<void> => {
	const signature = job.data.signature;
	const activity = job.data.activity;

	//#region Log
	const info = Object.assign({}, activity);
	delete info['@context'];
	delete info['signature'];
	log(info);
	//#endregion

	const keyIdLower = signature.keyId.toLowerCase();
	let user: IRemoteUser;

	if (keyIdLower.startsWith('acct:')) {
		const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
		if (host === null) {
			console.warn(`request was made by local user: @${username}`);
			done();
			return;
		}

		// アクティビティ内のホストの検証
		try {
			ValidateActivity(activity, host);
		} catch (e) {
			console.warn(e.message);
			done();
			return;
		}

		user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;
	} else {
		// アクティビティ内のホストの検証
		const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());
		try {
			ValidateActivity(activity, host);
		} catch (e) {
			console.warn(e.message);
			done();
			return;
		}

		user = await User.findOne({
			host: { $ne: null },
			'publicKey.id': signature.keyId
		}) as IRemoteUser;
	}

	// Update activityの場合は、ここで署名検証/更新処理まで実施して終了
	if (activity.type === 'Update') {
		if (activity.object && activity.object.type === 'Person') {
			if (user == null) {
				console.warn('Update activity received, but user not registed.');
			} else if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
				console.warn('Update activity received, but signature verification failed.');
			} else {
				updatePerson(activity.actor, null, activity.object);
			}
		}
		done();
		return;
	}

	// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する
	if (user === null) {
		user = await resolvePerson(activity.actor) as IRemoteUser;
	}

	if (user === null) {
		done(new Error('failed to resolve user'));
		return;
	}

	if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
		console.warn('signature verification failed');
		done();
		return;
	}
	
	//#region Log
	publishApLogStream({
		direction: 'in',
		activity: activity.type,
		host: user.host,
		actor: user.username
	});
	//#endregion

	// アクティビティを処理
	try {
		await perform(user, activity);
		done();
	} catch (e) {
		done(e);
	}
};

/**
 * Validate host in activity
 * @param activity Activity
 * @param host Expect host
 */
function ValidateActivity(activity: any, host: string) {
	// id (if exists)
	if (typeof activity.id === 'string') {
		const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());
		if (host !== uriHost) {
			const diag = activity.signature ? '. Has LD-Signature. Forwarded?' : '';
			throw new Error(`activity.id(${activity.id}) has different host(${host})${diag}`);
		}
	}

	// actor (if exists)
	if (typeof activity.actor === 'string') {
		const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());
		if (host !== uriHost) throw new Error('activity.actor has different host');
	}

	// For Create activity
	if (activity.type === 'Create' && activity.object) {
		// object.id (if exists)
		if (typeof activity.object.id === 'string') {
			const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());
			if (host !== uriHost) throw new Error('activity.object.id has different host');
		}

		// object.attributedTo (if exists)
		if (typeof activity.object.attributedTo === 'string') {
			const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());
			if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');
		}
	}
}
Use bee-queue instead of Kue 2018-07-25 23:11:47 +00:00			`import * as bq from 'bee-queue';`
Log 2018-04-06 13:40:06 +00:00			`import * as debug from 'debug';`
wip 2018-04-04 14:12:35 +00:00
Fix bug 2018-04-15 03:51:05 +00:00			`const httpSignature = require('http-signature');`
Refactorng 2018-07-07 10:19:00 +00:00			`import parseAcct from '../../../misc/acct/parse';`
wip 2018-04-04 16:24:01 +00:00			`import User, { IRemoteUser } from '../../../models/user';`
wip 2018-04-08 19:08:56 +00:00			`import perform from '../../../remote/activitypub/perform';`
Receive Update activity 2018-09-01 08:53:38 +00:00			`import { resolvePerson, updatePerson } from '../../../remote/activitypub/models/person';`
Validate host in activity 2018-08-30 11:53:41 +00:00			`import { toUnicode } from 'punycode';`
			`import { URL } from 'url';`
Improve admin dashboard 2018-11-03 02:38:00 +00:00			`import { publishApLogStream } from '../../../stream';`
wip 2018-04-04 14:12:35 +00:00
Log 2018-04-06 13:40:06 +00:00			`const log = debug('misskey:queue:inbox');`

wip 2018-04-04 14:12:35 +00:00			`// ユーザーのinboxにアクティビティが届いた時の処理`
Use bee-queue instead of Kue 2018-07-25 23:11:47 +00:00			`export default async (job: bq.Job, done: any): Promise<void> => {`
wip 2018-04-04 14:12:35 +00:00			`const signature = job.data.signature;`
			`const activity = job.data.activity;`

Log 2018-04-06 13:40:06 +00:00			`//#region Log`
			`const info = Object.assign({}, activity);`
			`delete info['@context'];`
			`delete info['signature'];`
			`log(info);`
			`//#endregion`

wip 2018-04-04 14:12:35 +00:00			`const keyIdLower = signature.keyId.toLowerCase();`
yatta 2018-06-18 05:28:43 +00:00			`let user: IRemoteUser;`
wip 2018-04-04 14:12:35 +00:00
			`if (keyIdLower.startsWith('acct:')) {`
			`const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));`
			`if (host === null) {`
			console.warn(`request was made by local user: @${username}`);
			`done();`
Fix bug 2018-04-06 05:35:17 +00:00			`return;`
wip 2018-04-04 14:12:35 +00:00			`}`

Validate host in activity 2018-08-30 11:53:41 +00:00			`// アクティビティ内のホストの検証`
			`try {`
			`ValidateActivity(activity, host);`
			`} catch (e) {`
Improve validation error message 2018-08-31 07:46:24 +00:00			`console.warn(e.message);`
Validate host in activity 2018-08-30 11:53:41 +00:00			`done();`
			`return;`
			`}`

hostLowerは廃止してhostにlowerしたものを入れるように 2018-04-14 05:39:07 +00:00			`user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;`
wip 2018-04-04 14:12:35 +00:00			`} else {`
Validate host in activity 2018-08-30 11:53:41 +00:00			`// アクティビティ内のホストの検証`
			`const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());`
			`try {`
			`ValidateActivity(activity, host);`
			`} catch (e) {`
Improve validation error message 2018-08-31 07:46:24 +00:00			`console.warn(e.message);`
Validate host in activity 2018-08-30 11:53:41 +00:00			`done();`
			`return;`
			`}`

wip 2018-04-04 14:12:35 +00:00			`user = await User.findOne({`
			`host: { $ne: null },`
Some bug fixes 2018-04-07 18:58:11 +00:00			`'publicKey.id': signature.keyId`
wip 2018-04-04 14:12:35 +00:00			`}) as IRemoteUser;`
Receive Update activity 2018-09-01 08:53:38 +00:00			`}`
wip 2018-04-04 14:12:35 +00:00
Receive Update activity 2018-09-01 08:53:38 +00:00			`// Update activityの場合は、ここで署名検証/更新処理まで実施して終了`
			`if (activity.type === 'Update') {`
			`if (activity.object && activity.object.type === 'Person') {`
			`if (user == null) {`
			`console.warn('Update activity received, but user not registed.');`
			`} else if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {`
			`console.warn('Update activity received, but signature verification failed.');`
			`} else {`
			`updatePerson(activity.actor, null, activity.object);`
			`}`
wip 2018-04-04 14:12:35 +00:00			`}`
Receive Update activity 2018-09-01 08:53:38 +00:00			`done();`
			`return;`
			`}`

			`// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する`
			`if (user === null) {`
			`user = await resolvePerson(activity.actor) as IRemoteUser;`
wip 2018-04-04 14:12:35 +00:00			`}`

			`if (user === null) {`
			`done(new Error('failed to resolve user'));`
			`return;`
			`}`

Fix bug 2018-04-15 03:51:05 +00:00			`if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {`
Fix bug 2018-04-06 05:35:17 +00:00			`console.warn('signature verification failed');`
			`done();`
wip 2018-04-04 14:12:35 +00:00			`return;`
			`}`
Fix bug 2018-11-05 10:40:09 +00:00
			`//#region Log`
			`publishApLogStream({`
			`direction: 'in',`
			`activity: activity.type,`
			`host: user.host,`
			`actor: user.username`
			`});`
			`//#endregion`
wip 2018-04-04 14:12:35 +00:00
			`// アクティビティを処理`
			`try {`
wip 2018-04-08 19:08:56 +00:00			`await perform(user, activity);`
wip 2018-04-04 14:12:35 +00:00			`done();`
			`} catch (e) {`
			`done(e);`
			`}`
			`};`
Validate host in activity 2018-08-30 11:53:41 +00:00
			`/**`
			`* Validate host in activity`
			`* @param activity Activity`
			`* @param host Expect host`
			`*/`
			`function ValidateActivity(activity: any, host: string) {`
			`// id (if exists)`
			`if (typeof activity.id === 'string') {`
			`const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());`
Improve validation error message 2018-08-31 07:46:24 +00:00			`if (host !== uriHost) {`
			`const diag = activity.signature ? '. Has LD-Signature. Forwarded?' : '';`
			throw new Error(`activity.id(${activity.id}) has different host(${host})${diag}`);
			`}`
Validate host in activity 2018-08-30 11:53:41 +00:00			`}`

			`// actor (if exists)`
			`if (typeof activity.actor === 'string') {`
			`const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());`
			`if (host !== uriHost) throw new Error('activity.actor has different host');`
			`}`

			`// For Create activity`
			`if (activity.type === 'Create' && activity.object) {`
			`// object.id (if exists)`
			`if (typeof activity.object.id === 'string') {`
			`const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());`
			`if (host !== uriHost) throw new Error('activity.object.id has different host');`
			`}`

			`// object.attributedTo (if exists)`
			`if (typeof activity.object.attributedTo === 'string') {`
			`const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());`
			`if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');`
			`}`
			`}`
			`}`