2024-11-01 20:42:32 +01:00
|
|
|
import { apiRoute, applyConfig } from "@/api";
|
2024-09-16 15:29:09 +02:00
|
|
|
import { createRoute } from "@hono/zod-openapi";
|
2024-11-01 20:42:32 +01:00
|
|
|
import { getLogger } from "@logtape/logtape";
|
|
|
|
|
import type { Entity } from "@versia/federation/types";
|
2024-11-23 23:02:18 +01:00
|
|
|
import { Instance, User } from "@versia/kit/db";
|
2024-05-06 09:16:33 +02:00
|
|
|
import { z } from "zod";
|
2024-11-01 20:42:32 +01:00
|
|
|
import { InboxProcessor } from "~/classes/inbox/processor";
|
2024-09-16 15:29:09 +02:00
|
|
|
import { ErrorSchema } from "~/types/api";
|
2024-05-06 09:16:33 +02:00
|
|
|
|
|
|
|
|
export const meta = applyConfig({
|
|
|
|
|
auth: {
|
|
|
|
|
required: false,
|
|
|
|
|
},
|
|
|
|
|
ratelimits: {
|
|
|
|
|
duration: 60,
|
|
|
|
|
max: 500,
|
|
|
|
|
},
|
2024-05-17 09:51:49 +02:00
|
|
|
route: "/users/:uuid/inbox",
|
2024-05-06 09:16:33 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export const schemas = {
|
|
|
|
|
param: z.object({
|
|
|
|
|
uuid: z.string().uuid(),
|
|
|
|
|
}),
|
|
|
|
|
header: z.object({
|
2024-11-23 23:02:18 +01:00
|
|
|
"x-signature": z.string().optional(),
|
|
|
|
|
"x-nonce": z.string().optional(),
|
2024-11-24 16:40:23 +01:00
|
|
|
"x-signed-by": z
|
|
|
|
|
.string()
|
|
|
|
|
.url()
|
|
|
|
|
.or(z.string().startsWith("instance "))
|
|
|
|
|
.optional(),
|
2024-05-22 02:59:03 +02:00
|
|
|
authorization: z.string().optional(),
|
2024-05-06 09:16:33 +02:00
|
|
|
}),
|
2024-05-17 10:37:06 +02:00
|
|
|
body: z.any(),
|
2024-05-06 09:16:33 +02:00
|
|
|
};
|
|
|
|
|
|
2024-09-16 15:29:09 +02:00
|
|
|
const route = createRoute({
|
|
|
|
|
method: "post",
|
|
|
|
|
path: "/users/{uuid}/inbox",
|
|
|
|
|
summary: "Receive federation inbox",
|
|
|
|
|
request: {
|
|
|
|
|
params: schemas.param,
|
|
|
|
|
headers: schemas.header,
|
|
|
|
|
body: {
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: schemas.body,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
responses: {
|
|
|
|
|
200: {
|
|
|
|
|
description: "Request processed",
|
|
|
|
|
},
|
|
|
|
|
201: {
|
|
|
|
|
description: "Request accepted",
|
|
|
|
|
},
|
|
|
|
|
400: {
|
|
|
|
|
description: "Bad request",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
401: {
|
|
|
|
|
description: "Signature could not be verified",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
403: {
|
|
|
|
|
description: "Cannot view users from remote instances",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
404: {
|
|
|
|
|
description: "Not found",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
500: {
|
|
|
|
|
description: "Internal server error",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: z.object({
|
|
|
|
|
error: z.string(),
|
|
|
|
|
message: z.string(),
|
2024-05-22 02:59:03 +02:00
|
|
|
}),
|
2024-09-16 15:29:09 +02:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
});
|
2024-05-17 19:56:13 +02:00
|
|
|
|
2024-09-16 15:29:09 +02:00
|
|
|
export default apiRoute((app) =>
|
|
|
|
|
app.openapi(route, async (context) => {
|
|
|
|
|
const {
|
|
|
|
|
"x-signature": signature,
|
|
|
|
|
"x-nonce": nonce,
|
|
|
|
|
"x-signed-by": signedBy,
|
|
|
|
|
authorization,
|
|
|
|
|
} = context.req.valid("header");
|
|
|
|
|
|
2024-11-01 20:42:32 +01:00
|
|
|
const logger = getLogger(["federation", "inbox"]);
|
2024-09-16 15:29:09 +02:00
|
|
|
const body: Entity = await context.req.valid("json");
|
|
|
|
|
|
2024-11-24 16:40:23 +01:00
|
|
|
if (authorization) {
|
|
|
|
|
const processor = new InboxProcessor(
|
|
|
|
|
context,
|
|
|
|
|
body,
|
|
|
|
|
null,
|
|
|
|
|
{
|
|
|
|
|
signature,
|
|
|
|
|
nonce,
|
|
|
|
|
authorization,
|
|
|
|
|
},
|
|
|
|
|
logger,
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return await processor.process();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If not potentially from bridge, check for required headers
|
|
|
|
|
if (!(signature && nonce && signedBy)) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: "Missing required headers: x-signature, x-nonce, or x-signed-by",
|
|
|
|
|
},
|
|
|
|
|
400,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-16 15:29:09 +02:00
|
|
|
const sender = await User.resolve(signedBy);
|
|
|
|
|
|
2024-11-23 23:02:18 +01:00
|
|
|
if (!(sender || signedBy.startsWith("instance "))) {
|
2024-10-28 13:13:50 +01:00
|
|
|
return context.json(
|
2024-11-23 23:02:18 +01:00
|
|
|
{ error: `Couldn't resolve sender URI ${signedBy}` },
|
2024-10-28 13:13:50 +01:00
|
|
|
404,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-16 15:29:09 +02:00
|
|
|
if (sender?.isLocal()) {
|
|
|
|
|
return context.json(
|
2024-11-23 23:02:18 +01:00
|
|
|
{
|
|
|
|
|
error: "Cannot process federation requests from local users",
|
|
|
|
|
},
|
2024-09-16 15:29:09 +02:00
|
|
|
400,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-23 23:02:18 +01:00
|
|
|
const remoteInstance = sender
|
|
|
|
|
? await Instance.fromUser(sender)
|
|
|
|
|
: await Instance.resolveFromHost(signedBy.split(" ")[1]);
|
|
|
|
|
|
|
|
|
|
if (!remoteInstance) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{ error: "Could not resolve the remote instance." },
|
|
|
|
|
500,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-01 20:42:32 +01:00
|
|
|
const processor = new InboxProcessor(
|
|
|
|
|
context,
|
|
|
|
|
body,
|
2024-11-23 23:02:18 +01:00
|
|
|
remoteInstance,
|
2024-11-01 20:42:32 +01:00
|
|
|
{
|
2024-10-28 13:13:50 +01:00
|
|
|
signature,
|
|
|
|
|
nonce,
|
2024-11-01 20:42:32 +01:00
|
|
|
authorization,
|
2024-10-28 13:13:50 +01:00
|
|
|
},
|
2024-11-01 20:42:32 +01:00
|
|
|
logger,
|
2024-10-28 13:13:50 +01:00
|
|
|
);
|
|
|
|
|
|
2024-11-01 20:42:32 +01:00
|
|
|
return await processor.process();
|
|
|
|
|
}),
|
|
|
|
|
);
|
