server/server/api/users/[uuid]/inbox/index.ts

import { apiRoute, applyConfig } from "@api";
import { errorResponse, response } from "@response";
import { eq } from "drizzle-orm";
import type * as Lysand from "lysand-types";
import { resolveStatus } from "~database/entities/Status";
import {
    findFirstUser,
    getRelationshipToOtherUser,
    resolveUser,
    sendFollowAccept,
} from "~database/entities/User";
import { db } from "~drizzle/db";
import { notification, relationship } from "~drizzle/schema";

export const meta = applyConfig({
    allowedMethods: ["POST"],
    auth: {
        required: false,
    },
    ratelimits: {
        duration: 60,
        max: 500,
    },
    route: "/users/:uuid",
});

export default apiRoute(async (req, matchedRoute, extraData) => {
    const uuid = matchedRoute.params.uuid;

    const user = await findFirstUser({
        where: (user, { eq }) => eq(user.id, uuid),
    });

    if (!user) {
        return errorResponse("User not found", 404);
    }

    // Process incoming request
    const body = extraData.parsedRequest as Lysand.Entity;

    // Verify request signature
    // TODO: Check if instance is defederated
    // biome-ignore lint/correctness/noConstantCondition: Temporary
    if (true) {
        // request is a Request object containing the previous request

        const signatureHeader = req.headers.get("Signature");
        const origin = req.headers.get("Origin");
        const date = req.headers.get("Date");

        if (!signatureHeader) {
            return errorResponse("Missing Signature header", 400);
        }

        if (!origin) {
            return errorResponse("Missing Origin header", 400);
        }

        if (!date) {
            return errorResponse("Missing Date header", 400);
        }

        const signature = signatureHeader
            .split("signature=")[1]
            .replace(/"/g, "");

        const digest = await crypto.subtle.digest(
            "SHA-256",
            new TextEncoder().encode(JSON.stringify(body)),
        );

        const keyId = signatureHeader
            .split("keyId=")[1]
            .split(",")[0]
            .replace(/"/g, "");

        console.log(`Resolving keyId ${keyId}`);

        const sender = await resolveUser(keyId);

        if (!sender) {
            return errorResponse("Invalid keyId", 400);
        }

        const public_key = await crypto.subtle.importKey(
            "spki",
            Uint8Array.from(atob(sender.publicKey), (c) => c.charCodeAt(0)),
            "Ed25519",
            false,
            ["verify"],
        );

        const expectedSignedString =
            `(request-target): ${req.method.toLowerCase()} ${
                new URL(req.url).pathname
            }\n` +
            `host: ${new URL(req.url).host}\n` +
            `date: ${date}\n` +
            `digest: SHA-256=${btoa(
                String.fromCharCode(...new Uint8Array(digest)),
            )}\n`;

        // Check if signed string is valid
        const isValid = await crypto.subtle.verify(
            "Ed25519",
            public_key,
            Uint8Array.from(atob(signature), (c) => c.charCodeAt(0)),
            new TextEncoder().encode(expectedSignedString),
        );

        if (!isValid) {
            return errorResponse("Invalid signature", 400);
        }
    }

    // Add sent data to database
    switch (body.type) {
        case "Note": {
            const note = body as Lysand.Note;

            const account = await resolveUser(note.author);

            if (!account) {
                return errorResponse("Author not found", 400);
            }

            const newStatus = await resolveStatus(undefined, note).catch(
                (e) => {
                    console.error(e);
                    return null;
                },
            );

            if (!newStatus) {
                return errorResponse("Failed to add status", 500);
            }

            return response("Note created", 201);
        }
        case "Follow": {
            const follow = body as Lysand.Follow;

            const account = await resolveUser(follow.author);

            if (!account) {
                return errorResponse("Author not found", 400);
            }

            const foundRelationship = await getRelationshipToOtherUser(
                account,
                user,
            );

            // Check if already following
            if (foundRelationship.following) {
                return response("Already following", 200);
            }

            await db
                .update(relationship)
                .set({
                    following: !user.isLocked,
                    requested: user.isLocked,
                    showingReblogs: true,
                    notifying: true,
                    languages: [],
                })
                .where(eq(relationship.id, foundRelationship.id));

            await db.insert(notification).values({
                accountId: account.id,
                type: user.isLocked ? "follow_request" : "follow",
                notifiedId: user.id,
            });

            if (!user.isLocked) {
                // Federate FollowAccept
                await sendFollowAccept(account, user);
            }

            return response("Follow request sent", 200);
        }
        case "FollowAccept": {
            const followAccept = body as Lysand.FollowAccept;

            console.log(followAccept);

            const account = await resolveUser(followAccept.author);

            if (!account) {
                return errorResponse("Author not found", 400);
            }

            console.log(account);

            const foundRelationship = await getRelationshipToOtherUser(
                user,
                account,
            );

            console.log(foundRelationship);

            if (!foundRelationship.requested) {
                return response("There is no follow request to accept", 200);
            }

            await db
                .update(relationship)
                .set({
                    following: true,
                    requested: false,
                })
                .where(eq(relationship.id, foundRelationship.id));

            return response("Follow request accepted", 200);
        }
        case "FollowReject": {
            const followReject = body as Lysand.FollowReject;

            const account = await resolveUser(followReject.author);

            if (!account) {
                return errorResponse("Author not found", 400);
            }

            const foundRelationship = await getRelationshipToOtherUser(
                user,
                account,
            );

            if (!foundRelationship.requested) {
                return response("There is no follow request to reject", 200);
            }

            await db
                .update(relationship)
                .set({
                    requested: false,
                    following: false,
                })
                .where(eq(relationship.id, foundRelationship.id));

            return response("Follow request rejected", 200);
        }
        default: {
            return errorResponse("Unknown object type", 400);
        }
    }

    //return jsonResponse(userToLysand(user));
});
Begin work on refactoring every single route to use new subsystems 2024-03-10 23:48:14 +01:00			`import { apiRoute, applyConfig } from "@api";`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`import { errorResponse, response } from "@response";`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`import { eq } from "drizzle-orm";`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`import type * as Lysand from "lysand-types";`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`import { resolveStatus } from "~database/entities/Status";`
Add following 2024-04-10 07:51:00 +02:00			`import {`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`findFirstUser,`
Add following 2024-04-10 07:51:00 +02:00			`getRelationshipToOtherUser,`
			`resolveUser,`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`sendFollowAccept,`
Add following 2024-04-10 07:51:00 +02:00			`} from "~database/entities/User";`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`import { db } from "~drizzle/db";`
			`import { notification, relationship } from "~drizzle/schema";`
More work on converting to the Lysand protocol 2023-11-04 04:34:31 +01:00
			`export const meta = applyConfig({`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`allowedMethods: ["POST"],`
			`auth: {`
			`required: false,`
			`},`
			`ratelimits: {`
			`duration: 60,`
			`max: 500,`
			`},`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`route: "/users/:uuid",`
More work on converting to the Lysand protocol 2023-11-04 04:34:31 +01:00			`});`

Begin work on refactoring every single route to use new subsystems 2024-03-10 23:48:14 +01:00			`export default apiRoute(async (req, matchedRoute, extraData) => {`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`const uuid = matchedRoute.params.uuid;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`const user = await findFirstUser({`
			`where: (user, { eq }) => eq(user.id, uuid),`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`});`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!user) {`
			`return errorResponse("User not found", 404);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`// Process incoming request`
			`const body = extraData.parsedRequest as Lysand.Entity;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`// Verify request signature`
			`// TODO: Check if instance is defederated`
			`// biome-ignore lint/correctness/noConstantCondition: Temporary`
			`if (true) {`
			`// request is a Request object containing the previous request`

			`const signatureHeader = req.headers.get("Signature");`
			`const origin = req.headers.get("Origin");`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`const date = req.headers.get("Date");`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!signatureHeader) {`
			`return errorResponse("Missing Signature header", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!origin) {`
			`return errorResponse("Missing Origin header", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!date) {`
			`return errorResponse("Missing Date header", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`

			`const signature = signatureHeader`
			`.split("signature=")[1]`
			`.replace(/"/g, "");`

			`const digest = await crypto.subtle.digest(`
			`"SHA-256",`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`new TextEncoder().encode(JSON.stringify(body)),`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`);`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`const keyId = signatureHeader`
			`.split("keyId=")[1]`
			`.split(",")[0]`
			`.replace(/"/g, "");`

Logging 2024-04-10 09:04:46 +02:00			console.log(`Resolving keyId ${keyId}`);

Resolve user if not found when verifying signing 2024-04-10 07:59:36 +02:00			`const sender = await resolveUser(keyId);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!sender) {`
			`return errorResponse("Invalid keyId", 400);`
			`}`

			`const public_key = await crypto.subtle.importKey(`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`"spki",`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`Uint8Array.from(atob(sender.publicKey), (c) => c.charCodeAt(0)),`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`"Ed25519",`
			`false,`
			`["verify"],`
			`);`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`const expectedSignedString =`
			`(request-target): ${req.method.toLowerCase()} ${
			`new URL(req.url).pathname`
			}\n` +
			`host: ${new URL(req.url).host}\n` +
			`date: ${date}\n` +
			`digest: SHA-256=${btoa(
			`String.fromCharCode(...new Uint8Array(digest)),`
			)}\n`;

Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`// Check if signed string is valid`
			`const isValid = await crypto.subtle.verify(`
			`"Ed25519",`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`public_key,`
			`Uint8Array.from(atob(signature), (c) => c.charCodeAt(0)),`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`new TextEncoder().encode(expectedSignedString),`
			`);`

			`if (!isValid) {`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`return errorResponse("Invalid signature", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`}`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`// Add sent data to database`
			`switch (body.type) {`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`case "Note": {`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`const note = body as Lysand.Note;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Add following 2024-04-10 07:51:00 +02:00			`const account = await resolveUser(note.author);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`if (!account) {`
			`return errorResponse("Author not found", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`

Add resolving of threads, mentions and quote posts 2024-04-10 10:37:58 +02:00			`const newStatus = await resolveStatus(undefined, note).catch(`
			`(e) => {`
			`console.error(e);`
			`return null;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`},`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`);`

Add resolving of threads, mentions and quote posts 2024-04-10 10:37:58 +02:00			`if (!newStatus) {`
			`return errorResponse("Failed to add status", 500);`
			`}`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`return response("Note created", 201);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`
Add following 2024-04-10 07:51:00 +02:00			`case "Follow": {`
			`const follow = body as Lysand.Follow;`

			`const account = await resolveUser(follow.author);`

			`if (!account) {`
			`return errorResponse("Author not found", 400);`
			`}`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`const foundRelationship = await getRelationshipToOtherUser(`
Add following 2024-04-10 07:51:00 +02:00			`account,`
			`user,`
			`);`

			`// Check if already following`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`if (foundRelationship.following) {`
Add following 2024-04-10 07:51:00 +02:00			`return response("Already following", 200);`
			`}`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`await db`
			`.update(relationship)`
			`.set({`
Add following 2024-04-10 07:51:00 +02:00			`following: !user.isLocked,`
			`requested: user.isLocked,`
			`showingReblogs: true,`
			`notifying: true,`
			`languages: [],`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`})`
			`.where(eq(relationship.id, foundRelationship.id));`
Add following 2024-04-10 07:51:00 +02:00
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`await db.insert(notification).values({`
			`accountId: account.id,`
			`type: user.isLocked ? "follow_request" : "follow",`
			`notifiedId: user.id,`
Add following 2024-04-10 07:51:00 +02:00			`});`

			`if (!user.isLocked) {`
			`// Federate FollowAccept`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`await sendFollowAccept(account, user);`
Add following 2024-04-10 07:51:00 +02:00			`}`

			`return response("Follow request sent", 200);`
			`}`
Add FollowAccept handling 2024-04-10 09:24:23 +02:00			`case "FollowAccept": {`
			`const followAccept = body as Lysand.FollowAccept;`

going hogwild with the logging 2024-04-10 09:45:20 +02:00			`console.log(followAccept);`

Add FollowAccept handling 2024-04-10 09:24:23 +02:00			`const account = await resolveUser(followAccept.author);`

			`if (!account) {`
			`return errorResponse("Author not found", 400);`
			`}`

going hogwild with the logging 2024-04-10 09:45:20 +02:00			`console.log(account);`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`const foundRelationship = await getRelationshipToOtherUser(`
Add FollowAccept handling 2024-04-10 09:24:23 +02:00			`user,`
			`account,`
			`);`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`console.log(foundRelationship);`
going hogwild with the logging 2024-04-10 09:45:20 +02:00
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`if (!foundRelationship.requested) {`
Add FollowAccept handling 2024-04-10 09:24:23 +02:00			`return response("There is no follow request to accept", 200);`
			`}`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`await db`
			`.update(relationship)`
			`.set({`
Add FollowAccept handling 2024-04-10 09:24:23 +02:00			`following: true,`
			`requested: false,`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`})`
			`.where(eq(relationship.id, foundRelationship.id));`
Add FollowAccept handling 2024-04-10 09:24:23 +02:00
			`return response("Follow request accepted", 200);`
			`}`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`case "FollowReject": {`
			`const followReject = body as Lysand.FollowReject;`

			`const account = await resolveUser(followReject.author);`

			`if (!account) {`
			`return errorResponse("Author not found", 400);`
			`}`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`const foundRelationship = await getRelationshipToOtherUser(`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`user,`
			`account,`
			`);`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`if (!foundRelationship.requested) {`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`return response("There is no follow request to reject", 200);`
			`}`

Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`await db`
			`.update(relationship)`
			`.set({`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00			`requested: false,`
			`following: false,`
Convert remaining routes to Drizzle 2024-04-14 02:07:05 +02:00			`})`
			`.where(eq(relationship.id, foundRelationship.id));`
Add ability to accept and reject remote follows if account is locked 2024-04-10 10:07:03 +02:00
			`return response("Follow request rejected", 200);`
			`}`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`default: {`
Implement federation of statuses 2024-04-10 04:05:02 +02:00			`return errorResponse("Unknown object type", 400);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`}`
			`}`

Implement federation of statuses 2024-04-10 04:05:02 +02:00			`//return jsonResponse(userToLysand(user));`
Begin work on refactoring every single route to use new subsystems 2024-03-10 23:48:14 +01:00			`});`