2018-07-25 18:11:47 -05:00
|
|
|
import * as bq from 'bee-queue';
|
2018-04-06 08:40:06 -05:00
|
|
|
import * as debug from 'debug';
|
2018-04-04 09:12:35 -05:00
|
|
|
|
2018-04-14 22:51:05 -05:00
|
|
|
const httpSignature = require('http-signature');
|
2018-07-07 05:19:00 -05:00
|
|
|
import parseAcct from '../../../misc/acct/parse';
|
2018-04-04 11:24:01 -05:00
|
|
|
import User, { IRemoteUser } from '../../../models/user';
|
2018-04-08 14:08:56 -05:00
|
|
|
import perform from '../../../remote/activitypub/perform';
|
2018-09-01 03:53:38 -05:00
|
|
|
import { resolvePerson, updatePerson } from '../../../remote/activitypub/models/person';
|
2018-08-30 06:53:41 -05:00
|
|
|
import { toUnicode } from 'punycode';
|
|
|
|
import { URL } from 'url';
|
2018-04-04 09:12:35 -05:00
|
|
|
|
2018-04-06 08:40:06 -05:00
|
|
|
const log = debug('misskey:queue:inbox');
|
|
|
|
|
2018-04-04 09:12:35 -05:00
|
|
|
// ユーザーのinboxにアクティビティが届いた時の処理
|
2018-07-25 18:11:47 -05:00
|
|
|
export default async (job: bq.Job, done: any): Promise<void> => {
|
2018-04-04 09:12:35 -05:00
|
|
|
const signature = job.data.signature;
|
|
|
|
const activity = job.data.activity;
|
|
|
|
|
2018-04-06 08:40:06 -05:00
|
|
|
//#region Log
|
|
|
|
const info = Object.assign({}, activity);
|
|
|
|
delete info['@context'];
|
|
|
|
delete info['signature'];
|
|
|
|
log(info);
|
|
|
|
//#endregion
|
|
|
|
|
2018-04-04 09:12:35 -05:00
|
|
|
const keyIdLower = signature.keyId.toLowerCase();
|
2018-06-18 00:28:43 -05:00
|
|
|
let user: IRemoteUser;
|
2018-04-04 09:12:35 -05:00
|
|
|
|
|
|
|
if (keyIdLower.startsWith('acct:')) {
|
|
|
|
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
|
|
|
if (host === null) {
|
|
|
|
console.warn(`request was made by local user: @${username}`);
|
|
|
|
done();
|
2018-04-06 00:35:17 -05:00
|
|
|
return;
|
2018-04-04 09:12:35 -05:00
|
|
|
}
|
|
|
|
|
2018-08-30 06:53:41 -05:00
|
|
|
// アクティビティ内のホストの検証
|
|
|
|
try {
|
|
|
|
ValidateActivity(activity, host);
|
|
|
|
} catch (e) {
|
2018-08-31 02:46:24 -05:00
|
|
|
console.warn(e.message);
|
2018-08-30 06:53:41 -05:00
|
|
|
done();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-04-14 00:39:07 -05:00
|
|
|
user = await User.findOne({ usernameLower: username, host: host.toLowerCase() }) as IRemoteUser;
|
2018-04-04 09:12:35 -05:00
|
|
|
} else {
|
2018-08-30 06:53:41 -05:00
|
|
|
// アクティビティ内のホストの検証
|
|
|
|
const host = toUnicode(new URL(signature.keyId).hostname.toLowerCase());
|
|
|
|
try {
|
|
|
|
ValidateActivity(activity, host);
|
|
|
|
} catch (e) {
|
2018-08-31 02:46:24 -05:00
|
|
|
console.warn(e.message);
|
2018-08-30 06:53:41 -05:00
|
|
|
done();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-04-04 09:12:35 -05:00
|
|
|
user = await User.findOne({
|
|
|
|
host: { $ne: null },
|
2018-04-07 13:58:11 -05:00
|
|
|
'publicKey.id': signature.keyId
|
2018-04-04 09:12:35 -05:00
|
|
|
}) as IRemoteUser;
|
2018-09-01 03:53:38 -05:00
|
|
|
}
|
2018-04-04 09:12:35 -05:00
|
|
|
|
2018-09-01 03:53:38 -05:00
|
|
|
// Update activityの場合は、ここで署名検証/更新処理まで実施して終了
|
|
|
|
if (activity.type === 'Update') {
|
|
|
|
if (activity.object && activity.object.type === 'Person') {
|
|
|
|
if (user == null) {
|
|
|
|
console.warn('Update activity received, but user not registed.');
|
|
|
|
} else if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
|
|
|
|
console.warn('Update activity received, but signature verification failed.');
|
|
|
|
} else {
|
|
|
|
updatePerson(activity.actor, null, activity.object);
|
|
|
|
}
|
2018-04-04 09:12:35 -05:00
|
|
|
}
|
2018-09-01 03:53:38 -05:00
|
|
|
done();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// アクティビティを送信してきたユーザーがまだMisskeyサーバーに登録されていなかったら登録する
|
|
|
|
if (user === null) {
|
|
|
|
user = await resolvePerson(activity.actor) as IRemoteUser;
|
2018-04-04 09:12:35 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
if (user === null) {
|
|
|
|
done(new Error('failed to resolve user'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-04-14 22:51:05 -05:00
|
|
|
if (!httpSignature.verifySignature(signature, user.publicKey.publicKeyPem)) {
|
2018-04-06 00:35:17 -05:00
|
|
|
console.warn('signature verification failed');
|
|
|
|
done();
|
2018-04-04 09:12:35 -05:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// アクティビティを処理
|
|
|
|
try {
|
2018-04-08 14:08:56 -05:00
|
|
|
await perform(user, activity);
|
2018-04-04 09:12:35 -05:00
|
|
|
done();
|
|
|
|
} catch (e) {
|
|
|
|
done(e);
|
|
|
|
}
|
|
|
|
};
|
2018-08-30 06:53:41 -05:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Validate host in activity
|
|
|
|
* @param activity Activity
|
|
|
|
* @param host Expect host
|
|
|
|
*/
|
|
|
|
function ValidateActivity(activity: any, host: string) {
|
|
|
|
// id (if exists)
|
|
|
|
if (typeof activity.id === 'string') {
|
|
|
|
const uriHost = toUnicode(new URL(activity.id).hostname.toLowerCase());
|
2018-08-31 02:46:24 -05:00
|
|
|
if (host !== uriHost) {
|
|
|
|
const diag = activity.signature ? '. Has LD-Signature. Forwarded?' : '';
|
|
|
|
throw new Error(`activity.id(${activity.id}) has different host(${host})${diag}`);
|
|
|
|
}
|
2018-08-30 06:53:41 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// actor (if exists)
|
|
|
|
if (typeof activity.actor === 'string') {
|
|
|
|
const uriHost = toUnicode(new URL(activity.actor).hostname.toLowerCase());
|
|
|
|
if (host !== uriHost) throw new Error('activity.actor has different host');
|
|
|
|
}
|
|
|
|
|
|
|
|
// For Create activity
|
|
|
|
if (activity.type === 'Create' && activity.object) {
|
|
|
|
// object.id (if exists)
|
|
|
|
if (typeof activity.object.id === 'string') {
|
|
|
|
const uriHost = toUnicode(new URL(activity.object.id).hostname.toLowerCase());
|
|
|
|
if (host !== uriHost) throw new Error('activity.object.id has different host');
|
|
|
|
}
|
|
|
|
|
|
|
|
// object.attributedTo (if exists)
|
|
|
|
if (typeof activity.object.attributedTo === 'string') {
|
|
|
|
const uriHost = toUnicode(new URL(activity.object.attributedTo).hostname.toLowerCase());
|
|
|
|
if (host !== uriHost) throw new Error('activity.object.attributedTo has different host');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|