versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 16:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor(api): ♻️ More OpenAPI refactoring work

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-09-16 15:29:09 +02:00
parent 6d9e385a04
commit 5aa1c4e625
No known key found for this signature in database
35 changed files with 4883 additions and 1815 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

310
api/api/v1/emojis/:id/index.ts
View file

@ -1,13 +1,6 @@
import { import { apiRoute, applyConfig, auth, emojiValidator, jsonOrForm } from "@/api";
apiRoute,
applyConfig,
auth,
emojiValidator,
handleZodError,
jsonOrForm,
} from "@/api";
import { mimeLookup } from "@/content_types"; import { mimeLookup } from "@/content_types";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { MediaManager } from "~/classes/media/media-manager"; import { MediaManager } from "~/classes/media/media-manager";
@ -16,6 +9,7 @@ import { Emojis, RolePermissions } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { Attachment } from "~/packages/database-interface/attachment"; import { Attachment } from "~/packages/database-interface/attachment";
import { Emoji } from "~/packages/database-interface/emoji"; import { Emoji } from "~/packages/database-interface/emoji";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["DELETE", "GET", "PATCH"], allowedMethods: ["DELETE", "GET", "PATCH"],
@ -62,19 +56,181 @@ export const schemas = {
.or(z.boolean()) .or(z.boolean())
.optional(), .optional(),
}) })
.partial() .partial(),
.optional(),
}; };
export default apiRoute((app) => const routeGet = createRoute({
app.on( method: "get",
meta.allowedMethods, path: "/api/v1/emojis/{id}",
meta.route, summary: "Get emoji data",
jsonOrForm(), middleware: [auth(meta.auth, meta.permissions)],
zValidator("param", schemas.param, handleZodError), request: {
zValidator("json", schemas.json, handleZodError), params: schemas.param,
auth(meta.auth, meta.permissions), },
async (context) => { responses: {
200: {
description: "Emoji",
content: {
"application/json": {
schema: Emoji.schema,
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Insufficient credentials",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Emoji not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routePatch = createRoute({
method: "patch",
path: "/api/v1/emojis/{id}",
summary: "Modify emoji",
middleware: [auth(meta.auth, meta.permissions), jsonOrForm()],
request: {
params: schemas.param,
body: {
content: {
"application/json": {
schema: schemas.json,
},
"application/x-www-form-urlencoded": {
schema: schemas.json,
},
"multipart/form-data": {
schema: schemas.json,
},
},
},
},
responses: {
200: {
description: "Emoji modified",
content: {
"application/json": {
schema: Emoji.schema,
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Insufficient credentials",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Emoji not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
422: {
description: "Invalid form data",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routeDelete = createRoute({
method: "delete",
path: "/api/v1/emojis/{id}",
summary: "Delete emoji",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Emoji deleted",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Emoji not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { id } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const emoji = await Emoji.fromId(id);
if (!emoji) {
return context.json({ error: "Emoji not found" }, 404);
}
// Check if user is admin
if (
!user.hasPermission(RolePermissions.ManageEmojis) &&
emoji.data.ownerId !== user.data.id
) {
return context.json(
{
error: `You cannot modify this emoji, as it is either global, not owned by you, or you do not have the '${RolePermissions.ManageEmojis}' permission to manage global emojis`,
},
403,
);
}
return context.json(emoji.toApi(), 200);
});
app.openapi(routePatch, async (context) => {
const { id } = context.req.valid("param"); const { id } = context.req.valid("param");
const { user } = context.get("auth"); const { user } = context.get("auth");
@ -103,48 +259,15 @@ export default apiRoute((app) =>
const mediaManager = new MediaManager(config); const mediaManager = new MediaManager(config);
switch (context.req.method) { const {
case "DELETE": { global: emojiGlobal,
await mediaManager.deleteFileByUrl(emoji.data.url); alt,
category,
element,
shortcode,
} = context.req.valid("json");
await db.delete(Emojis).where(eq(Emojis.id, id)); if (!user.hasPermission(RolePermissions.ManageEmojis) && emojiGlobal) {
return context.newResponse(null, 204);
}
case "PATCH": {
const form = context.req.valid("json");
if (!form) {
return context.json(
{
error: "Invalid form data (must supply at least one of: shortcode, element, alt, category)",
},
422,
);
}
if (
!(
form.shortcode ||
form.element ||
form.alt ||
form.category
) &&
form.global === undefined
) {
return context.json(
{
error: "Invalid form data (must supply at least one of: shortcode, element, alt, category)",
},
422,
);
}
if (
!user.hasPermission(RolePermissions.ManageEmojis) &&
form.global
) {
return context.json( return context.json(
{ {
error: `Only users with the '${RolePermissions.ManageEmojis}' permission can make an emoji global or not`, error: `Only users with the '${RolePermissions.ManageEmojis}' permission can make an emoji global or not`,
@ -155,12 +278,12 @@ export default apiRoute((app) =>
const modified = structuredClone(emoji.data); const modified = structuredClone(emoji.data);
if (form.element) { if (element) {
// Check of emoji is an image // Check of emoji is an image
let contentType = let contentType =
form.element instanceof File element instanceof File
? form.element.type ? element.type
: await mimeLookup(form.element); : await mimeLookup(element);
if (!contentType.startsWith("image/")) { if (!contentType.startsWith("image/")) {
return context.json( return context.json(
@ -173,35 +296,62 @@ export default apiRoute((app) =>
let url = ""; let url = "";
if (form.element instanceof File) { if (element instanceof File) {
const uploaded = await mediaManager.addFile( const uploaded = await mediaManager.addFile(element);
form.element,
);
url = uploaded.path; url = uploaded.path;
contentType = uploaded.uploadedFile.type; contentType = uploaded.uploadedFile.type;
} else { } else {
url = form.element; url = element;
} }
modified.url = Attachment.getUrl(url); modified.url = Attachment.getUrl(url);
modified.contentType = contentType; modified.contentType = contentType;
} }
modified.shortcode = form.shortcode ?? modified.shortcode; modified.shortcode = shortcode ?? modified.shortcode;
modified.alt = form.alt ?? modified.alt; modified.alt = alt ?? modified.alt;
modified.category = form.category ?? modified.category; modified.category = category ?? modified.category;
modified.ownerId = form.global ? null : user.data.id; modified.ownerId = emojiGlobal ? null : user.data.id;
await emoji.update(modified); await emoji.update(modified);
return context.json(emoji.toApi()); return context.json(emoji.toApi(), 200);
});
app.openapi(routeDelete, async (context) => {
const { id } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
} }
case "GET": { const emoji = await Emoji.fromId(id);
return context.json(emoji.toApi());
} if (!emoji) {
return context.json({ error: "Emoji not found" }, 404);
} }
// Check if user is admin
if (
!user.hasPermission(RolePermissions.ManageEmojis) &&
emoji.data.ownerId !== user.data.id
) {
return context.json(
{
error: `You cannot delete this emoji, as it is either global, not owned by you, or you do not have the '${RolePermissions.ManageEmojis}' permission to manage global emojis`,
}, },
), 403,
); );
}
const mediaManager = new MediaManager(config);
await mediaManager.deleteFileByUrl(emoji.data.url);
await db.delete(Emojis).where(eq(Emojis.id, id));
return context.newResponse(null, 204);
});
});

36
api/api/v1/instance/extended_description.ts
View file

@ -1,5 +1,6 @@
import { apiRoute, applyConfig, auth } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { renderMarkdownInPath } from "@/markdown"; import { renderMarkdownInPath } from "@/markdown";
import { createRoute, z } from "@hono/zod-openapi";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
export const meta = applyConfig({ export const meta = applyConfig({
@ -14,21 +15,38 @@ export const meta = applyConfig({
}, },
}); });
const route = createRoute({
method: "get",
path: "/api/v1/instance/extended_description",
summary: "Get extended description",
responses: {
200: {
description: "Extended description",
content: {
"application/json": {
schema: z.object({
updated_at: z.string(),
content: z.string(),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
auth(meta.auth, meta.permissions),
async (context) => {
const { content, lastModified } = await renderMarkdownInPath( const { content, lastModified } = await renderMarkdownInPath(
config.instance.extended_description_path ?? "", config.instance.extended_description_path ?? "",
"This is a [Versia](https://versia.pub) server with the default extended description.", "This is a [Versia](https://versia.pub) server with the default extended description.",
); );
return context.json({ return context.json(
{
updated_at: lastModified.toISOString(), updated_at: lastModified.toISOString(),
content, content,
});
}, },
), 200,
);
}),
); );

2
api/api/v1/notifications/index.test.ts
View file

@ -160,6 +160,6 @@ describe(meta.route, () => {
}, },
); );
expect(filterDeleteResponse.status).toBe(200); expect(filterDeleteResponse.status).toBe(204);
}); });
}); });

2
api/api/v1/timelines/home.test.ts
View file

@ -190,7 +190,7 @@ describe(meta.route, () => {
}, },
); );
expect(filterDeleteResponse.status).toBe(200); expect(filterDeleteResponse.status).toBe(204);
}); });
}); });
}); });

2
api/api/v1/timelines/public.test.ts
View file

@ -234,6 +234,6 @@ describe(meta.route, () => {
}, },
); );
expect(filterDeleteResponse.status).toBe(200); expect(filterDeleteResponse.status).toBe(204);
}); });
}); });

2
api/api/v2/filters/:id/index.test.ts
View file

@ -154,7 +154,7 @@ describe(meta.route, () => {
}, },
); );
expect(response.status).toBe(200); expect(response.status).toBe(204);
// Try to GET the filter again // Try to GET the filter again
const getResponse = await fakeRequest( const getResponse = await fakeRequest(

203
api/api/v2/filters/:id/index.ts
View file

@ -1,9 +1,10 @@
import { apiRoute, applyConfig, auth, handleZodError, jsonOrForm } from "@/api"; import { apiRoute, applyConfig, auth, jsonOrForm } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { and, eq, inArray } from "drizzle-orm"; import { and, eq, inArray } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { db } from "~/drizzle/db"; import { db } from "~/drizzle/db";
import { FilterKeywords, Filters, RolePermissions } from "~/drizzle/schema"; import { FilterKeywords, Filters, RolePermissions } from "~/drizzle/schema";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET", "PUT", "DELETE"], allowedMethods: ["GET", "PUT", "DELETE"],
@ -68,15 +69,134 @@ export const schemas = {
}), }),
}; };
export default apiRoute((app) => const filterSchema = z.object({
app.on( id: z.string(),
meta.allowedMethods, title: z.string(),
meta.route, context: z.array(z.string()),
jsonOrForm(), expires_at: z.string().nullable(),
zValidator("param", schemas.param, handleZodError), filter_action: z.enum(["warn", "hide"]),
zValidator("json", schemas.json, handleZodError), keywords: z.array(
auth(meta.auth, meta.permissions), z.object({
async (context) => { id: z.string(),
keyword: z.string(),
whole_word: z.boolean(),
}),
),
statuses: z.array(z.string()),
});
const routeGet = createRoute({
method: "get",
path: "/api/v2/filters/{id}",
summary: "Get filter",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
200: {
description: "Filter",
content: {
"application/json": {
schema: filterSchema,
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Filter not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routePut = createRoute({
method: "put",
path: "/api/v2/filters/{id}",
summary: "Update filter",
middleware: [auth(meta.auth, meta.permissions), jsonOrForm()],
request: {
params: schemas.param,
body: {
content: {
"application/json": {
schema: schemas.json,
},
},
},
},
responses: {
200: {
description: "Filter updated",
content: {
"application/json": {
schema: filterSchema,
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Filter not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routeDelete = createRoute({
method: "delete",
path: "/api/v2/filters/{id}",
summary: "Delete filter",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Filter deleted",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Filter not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { user } = context.get("auth"); const { user } = context.get("auth");
const { id } = context.req.valid("param"); const { id } = context.req.valid("param");
@ -96,9 +216,8 @@ export default apiRoute((app) =>
return context.json({ error: "Filter not found" }, 404); return context.json({ error: "Filter not found" }, 404);
} }
switch (context.req.method) { return context.json(
case "GET": { {
return context.json({
id: userFilter.id, id: userFilter.id,
title: userFilter.title, title: userFilter.title,
context: userFilter.context, context: userFilter.context,
@ -112,9 +231,14 @@ export default apiRoute((app) =>
whole_word: keyword.wholeWord, whole_word: keyword.wholeWord,
})), })),
statuses: [], statuses: [],
},
200,
);
}); });
}
case "PUT": { app.openapi(routePut, async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
const { const {
title, title,
context: ctx, context: ctx,
@ -123,6 +247,10 @@ export default apiRoute((app) =>
keywords_attributes, keywords_attributes,
} = context.req.valid("json"); } = context.req.valid("json");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
await db await db
.update(Filters) .update(Filters)
.set({ .set({
@ -133,12 +261,7 @@ export default apiRoute((app) =>
Date.now() + (expires_in ?? 0), Date.now() + (expires_in ?? 0),
).toISOString(), ).toISOString(),
}) })
.where( .where(and(eq(Filters.userId, user.id), eq(Filters.id, id)));
and(
eq(Filters.userId, user.id),
eq(Filters.id, id),
),
);
const toUpdate = keywords_attributes const toUpdate = keywords_attributes
?.filter((keyword) => keyword.id && !keyword._destroy) ?.filter((keyword) => keyword.id && !keyword._destroy)
@ -186,13 +309,11 @@ export default apiRoute((app) =>
}); });
if (!updatedFilter) { if (!updatedFilter) {
return context.json( throw new Error("Failed to update filter");
{ error: "Failed to update filter" },
500,
);
} }
return context.json({ return context.json(
{
id: updatedFilter.id, id: updatedFilter.id,
title: updatedFilter.title, title: updatedFilter.title,
context: updatedFilter.context, context: updatedFilter.context,
@ -206,21 +327,23 @@ export default apiRoute((app) =>
whole_word: keyword.wholeWord, whole_word: keyword.wholeWord,
})), })),
statuses: [], statuses: [],
},
200,
);
}); });
app.openapi(routeDelete, async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
} }
case "DELETE": {
await db await db
.delete(Filters) .delete(Filters)
.where( .where(and(eq(Filters.userId, user.id), eq(Filters.id, id)));
and(
eq(Filters.userId, user.id),
eq(Filters.id, id),
),
);
return context.json({}); return context.newResponse(null, 204);
} });
} });
},
),
);

151
api/api/v2/filters/index.ts
View file

@ -1,8 +1,9 @@
import { apiRoute, applyConfig, auth, handleZodError, jsonOrForm } from "@/api"; import { apiRoute, applyConfig, auth, jsonOrForm } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { z } from "zod"; import { z } from "zod";
import { db } from "~/drizzle/db"; import { db } from "~/drizzle/db";
import { FilterKeywords, Filters, RolePermissions } from "~/drizzle/schema"; import { FilterKeywords, Filters, RolePermissions } from "~/drizzle/schema";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET", "POST"], allowedMethods: ["GET", "POST"],
route: "/api/v2/filters", route: "/api/v2/filters",
@ -19,9 +20,8 @@ export const meta = applyConfig({
}); });
export const schemas = { export const schemas = {
json: z json: z.object({
.object({ title: z.string().trim().min(1).max(100),
title: z.string().trim().min(1).max(100).optional(),
context: z context: z
.array( .array(
z.enum([ z.enum([
@ -32,7 +32,7 @@ export const schemas = {
"account", "account",
]), ]),
) )
.optional(), .min(1),
filter_action: z.enum(["warn", "hide"]).optional().default("warn"), filter_action: z.enum(["warn", "hide"]).optional().default("warn"),
expires_in: z.coerce expires_in: z.coerce
.number() .number()
@ -53,25 +53,92 @@ export const schemas = {
}), }),
) )
.optional(), .optional(),
}) }),
.optional(),
}; };
export default apiRoute((app) => const filterSchema = z.object({
app.on( id: z.string(),
meta.allowedMethods, title: z.string(),
meta.route, context: z.array(z.string()),
jsonOrForm(), expires_at: z.string().nullable(),
zValidator("json", schemas.json, handleZodError), filter_action: z.enum(["warn", "hide"]),
auth(meta.auth, meta.permissions), keywords: z.array(
async (context) => { z.object({
id: z.string(),
keyword: z.string(),
whole_word: z.boolean(),
}),
),
statuses: z.array(z.string()),
});
const routeGet = createRoute({
method: "get",
path: "/api/v2/filters",
summary: "Get filters",
middleware: [auth(meta.auth, meta.permissions), jsonOrForm()],
responses: {
200: {
description: "Filters",
content: {
"application/json": {
schema: z.array(filterSchema),
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routePost = createRoute({
method: "post",
path: "/api/v2/filters",
summary: "Create filter",
middleware: [auth(meta.auth, meta.permissions), jsonOrForm()],
request: {
body: {
content: {
"application/json": {
schema: schemas.json,
},
},
},
},
responses: {
200: {
description: "Filter created",
content: {
"application/json": {
schema: filterSchema,
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { user } = context.get("auth"); const { user } = context.get("auth");
if (!user) { if (!user) {
return context.json({ error: "Unauthorized" }, 401); return context.json({ error: "Unauthorized" }, 401);
} }
switch (context.req.method) {
case "GET": {
const userFilters = await db.query.Filters.findMany({ const userFilters = await db.query.Filters.findMany({
where: (filter, { eq }) => eq(filter.userId, user.id), where: (filter, { eq }) => eq(filter.userId, user.id),
with: { with: {
@ -85,9 +152,7 @@ export default apiRoute((app) =>
title: filter.title, title: filter.title,
context: filter.context, context: filter.context,
expires_at: filter.expireAt expires_at: filter.expireAt
? new Date( ? new Date(Date.now() + filter.expireAt).toISOString()
Date.now() + filter.expireAt,
).toISOString()
: null, : null,
filter_action: filter.filterAction, filter_action: filter.filterAction,
keywords: filter.keywords.map((keyword) => ({ keywords: filter.keywords.map((keyword) => ({
@ -97,32 +162,22 @@ export default apiRoute((app) =>
})), })),
statuses: [], statuses: [],
})), })),
200,
); );
} });
case "POST": {
const form = context.req.valid("json");
if (!form) {
return context.json(
{ error: "Missing required fields" },
422,
);
}
app.openapi(routePost, async (context) => {
const { user } = context.get("auth");
const { const {
title, title,
context: ctx, context: ctx,
filter_action, filter_action,
expires_in, expires_in,
keywords_attributes, keywords_attributes,
} = form; } = context.req.valid("json");
if (!title || ctx?.length === 0) { if (!user) {
return context.json( return context.json({ error: "Unauthorized" }, 401);
{
error: "Missing required fields (title and context)",
},
422,
);
} }
const newFilter = ( const newFilter = (
@ -141,10 +196,7 @@ export default apiRoute((app) =>
)[0]; )[0];
if (!newFilter) { if (!newFilter) {
return context.json( throw new Error("Failed to create filter");
{ error: "Failed to create filter" },
500,
);
} }
const insertedKeywords = const insertedKeywords =
@ -155,14 +207,14 @@ export default apiRoute((app) =>
keywords_attributes?.map((keyword) => ({ keywords_attributes?.map((keyword) => ({
filterId: newFilter.id, filterId: newFilter.id,
keyword: keyword.keyword, keyword: keyword.keyword,
wholeWord: wholeWord: keyword.whole_word ?? false,
keyword.whole_word ?? false,
})) ?? [], })) ?? [],
) )
.returning() .returning()
: []; : [];
return context.json({ return context.json(
{
id: newFilter.id, id: newFilter.id,
title: newFilter.title, title: newFilter.title,
context: newFilter.context, context: newFilter.context,
@ -188,9 +240,8 @@ export default apiRoute((app) =>
whole_word: boolean; whole_word: boolean;
}[]; }[];
statuses: []; statuses: [];
});
}
}
}, },
), 200,
); );
});
});

108
api/api/v2/instance/index.ts
View file

@ -1,6 +1,6 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { proxyUrl } from "@/response"; import { proxyUrl } from "@/response";
import type { Instance as ApiInstance } from "@versia/client/types"; import { createRoute, z } from "@hono/zod-openapi";
import { and, eq, isNull } from "drizzle-orm"; import { and, eq, isNull } from "drizzle-orm";
import { Users } from "~/drizzle/schema"; import { Users } from "~/drizzle/schema";
import manifest from "~/package.json"; import manifest from "~/package.json";
@ -19,8 +19,110 @@ export const meta = applyConfig({
}, },
}); });
const route = createRoute({
method: "get",
path: "/api/v2/instance",
summary: "Get instance metadata",
responses: {
200: {
description: "Instance metadata",
content: {
"application/json": {
schema: z.object({
domain: z.string(),
title: z.string(),
version: z.string(),
versia_version: z.string(),
source_url: z.string(),
description: z.string(),
usage: z.object({
users: z.object({
active_month: z.number(),
}),
}),
thumbnail: z.object({
url: z.string().nullable(),
}),
banner: z.object({
url: z.string().nullable(),
}),
languages: z.array(z.string()),
configuration: z.object({
urls: z.object({
streaming: z.string().nullable(),
status: z.string().nullable(),
}),
accounts: z.object({
max_featured_tags: z.number(),
max_displayname_characters: z.number(),
avatar_size_limit: z.number(),
header_size_limit: z.number(),
max_fields_name_characters: z.number(),
max_fields_value_characters: z.number(),
max_fields: z.number(),
max_username_characters: z.number(),
max_note_characters: z.number(),
}),
statuses: z.object({
max_characters: z.number(),
max_media_attachments: z.number(),
characters_reserved_per_url: z.number(),
}),
media_attachments: z.object({
supported_mime_types: z.array(z.string()),
image_size_limit: z.number(),
image_matrix_limit: z.number(),
video_size_limit: z.number(),
video_frame_rate_limit: z.number(),
video_matrix_limit: z.number(),
max_description_characters: z.number(),
}),
polls: z.object({
max_characters_per_option: z.number(),
max_expiration: z.number(),
max_options: z.number(),
min_expiration: z.number(),
}),
translation: z.object({
enabled: z.boolean(),
}),
}),
registrations: z.object({
enabled: z.boolean(),
approval_required: z.boolean(),
message: z.string().nullable(),
url: z.string().nullable(),
}),
contact: z.object({
email: z.string().nullable(),
account: User.schema.nullable(),
}),
rules: z.array(
z.object({
id: z.string(),
text: z.string(),
hint: z.string(),
}),
),
sso: z.object({
forced: z.boolean(),
providers: z.array(
z.object({
name: z.string(),
icon: z.string(),
id: z.string(),
}),
),
}),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, async (context) => { app.openapi(route, async (context) => {
// Get software version from package.json // Get software version from package.json
const version = manifest.version; const version = manifest.version;
@ -122,6 +224,6 @@ export default apiRoute((app) =>
id: p.id, id: p.id,
})), })),
}, },
} satisfies ApiInstance); });
}), }),
); );

69
api/api/v2/media/index.ts
View file

@ -1,11 +1,12 @@
import { apiRoute, applyConfig, auth, handleZodError } from "@/api"; import { apiRoute, applyConfig, auth } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import sharp from "sharp"; import sharp from "sharp";
import { z } from "zod"; import { z } from "zod";
import { MediaManager } from "~/classes/media/media-manager"; import { MediaManager } from "~/classes/media/media-manager";
import { RolePermissions } from "~/drizzle/schema"; import { RolePermissions } from "~/drizzle/schema";
import { config } from "~/packages/config-manager/index"; import { config } from "~/packages/config-manager/index";
import { Attachment } from "~/packages/database-interface/attachment"; import { Attachment } from "~/packages/database-interface/attachment";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["POST"], allowedMethods: ["POST"],
@ -35,13 +36,50 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "post",
path: "/api/v2/media",
summary: "Upload media",
middleware: [auth(meta.auth, meta.permissions)],
request: {
body: {
content: {
"multipart/form-data": {
schema: schemas.form,
},
},
},
},
responses: {
200: {
description: "Uploaded media",
content: {
"application/json": {
schema: Attachment.schema,
},
},
},
413: {
description: "Payload too large",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
415: {
description: "Unsupported media type",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("form", schemas.form, handleZodError),
auth(meta.auth, meta.permissions),
async (context) => {
const { file, thumbnail, description } = context.req.valid("form"); const { file, thumbnail, description } = context.req.valid("form");
if (file.size > config.validation.max_media_size) { if (file.size > config.validation.max_media_size) {
@ -96,17 +134,6 @@ export default apiRoute((app) =>
// TODO: Add job to process videos and other media // TODO: Add job to process videos and other media
if (isImage) { return context.json(newAttachment.toApi(), 200);
return context.json(newAttachment.toApi()); }),
}
return context.json(
{
...newAttachment.toApi(),
url: null,
},
202,
);
},
),
); );

95
api/api/v2/search/index.ts
View file

@ -2,11 +2,10 @@ import {
apiRoute, apiRoute,
applyConfig, applyConfig,
auth, auth,
handleZodError,
parseUserAddress, parseUserAddress,
userAddressValidator, userAddressValidator,
} from "@/api"; } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { and, eq, inArray, sql } from "drizzle-orm"; import { and, eq, inArray, sql } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { searchManager } from "~/classes/search/search-manager"; import { searchManager } from "~/classes/search/search-manager";
@ -15,6 +14,7 @@ import { Instances, Notes, RolePermissions, Users } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { Note } from "~/packages/database-interface/note"; import { Note } from "~/packages/database-interface/note";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -38,7 +38,7 @@ export const meta = applyConfig({
export const schemas = { export const schemas = {
query: z.object({ query: z.object({
q: z.string().trim().optional(), q: z.string().trim(),
type: z.string().optional(), type: z.string().optional(),
resolve: z.coerce.boolean().optional(), resolve: z.coerce.boolean().optional(),
following: z.coerce.boolean().optional(), following: z.coerce.boolean().optional(),
@ -50,13 +50,49 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/api/v2/search",
summary: "Instance database search",
middleware: [auth(meta.auth, meta.permissions)],
request: {
query: schemas.query,
},
responses: {
200: {
description: "Search results",
content: {
"application/json": {
schema: z.object({
accounts: z.array(User.schema),
statuses: z.array(Note.schema),
hashtags: z.array(z.string()),
}),
},
},
},
401: {
description:
"Cannot use resolve or offset without being authenticated",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
501: {
description: "Search is not enabled on this server",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("query", schemas.query, handleZodError),
auth(meta.auth, meta.permissions),
async (context) => {
const { user: self } = context.get("auth"); const { user: self } = context.get("auth");
const { q, type, resolve, following, account_id, limit, offset } = const { q, type, resolve, following, account_id, limit, offset } =
context.req.valid("query"); context.req.valid("query");
@ -70,10 +106,6 @@ export default apiRoute((app) =>
); );
} }
if (!q) {
return context.json({ error: "Query is required" }, 400);
}
if (!config.sonic.enabled) { if (!config.sonic.enabled) {
return context.json( return context.json(
{ error: "Search is not enabled on this server" }, { error: "Search is not enabled on this server" },
@ -103,10 +135,7 @@ export default apiRoute((app) =>
id: Users.id, id: Users.id,
}) })
.from(Users) .from(Users)
.leftJoin( .leftJoin(Instances, eq(Users.instanceId, Instances.id))
Instances,
eq(Users.instanceId, Instances.id),
)
.where( .where(
and( and(
eq(Users.username, username), eq(Users.username, username),
@ -115,16 +144,17 @@ export default apiRoute((app) =>
) )
)[0]?.id; )[0]?.id;
const account = accountId const account = accountId ? await User.fromId(accountId) : null;
? await User.fromId(accountId)
: null;
if (account) { if (account) {
return context.json({ return context.json(
{
accounts: [account.toApi()], accounts: [account.toApi()],
statuses: [], statuses: [],
hashtags: [], hashtags: [],
}); },
200,
);
} }
if (resolve) { if (resolve) {
@ -132,20 +162,19 @@ export default apiRoute((app) =>
self ?? User self ?? User
).getFederationRequester(); ).getFederationRequester();
const uri = await User.webFinger( const uri = await User.webFinger(manager, username, domain);
manager,
username,
domain,
);
const newUser = await User.resolve(uri); const newUser = await User.resolve(uri);
if (newUser) { if (newUser) {
return context.json({ return context.json(
{
accounts: [newUser.toApi()], accounts: [newUser.toApi()],
statuses: [], statuses: [],
hashtags: [], hashtags: [],
}); },
200,
);
} }
} }
} }
@ -210,13 +239,15 @@ export default apiRoute((app) =>
) )
: []; : [];
return context.json({ return context.json(
{
accounts: accounts.map((account) => account.toApi()), accounts: accounts.map((account) => account.toApi()),
statuses: await Promise.all( statuses: await Promise.all(
statuses.map((status) => status.toApi(self)), statuses.map((status) => status.toApi(self)),
), ),
hashtags: [], hashtags: [],
});
}, },
), 200,
);
}),
); );

46
api/media/:hash/:name/index.ts
View file

@ -1,6 +1,7 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { z } from "zod"; import { z } from "zod";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -24,13 +25,36 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/media/{hash}/{name}",
summary: "Get media file by hash and name",
request: {
params: schemas.param,
headers: schemas.header,
},
responses: {
200: {
description: "Media",
content: {
"*": {
schema: z.any(),
},
},
},
404: {
description: "File not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
zValidator("header", schemas.header, handleZodError),
async (context) => {
const { hash, name } = context.req.valid("param"); const { hash, name } = context.req.valid("param");
const { range } = context.req.valid("header"); const { range } = context.req.valid("header");
@ -57,7 +81,7 @@ export default apiRoute((app) =>
"Content-Type": file.type || "application/octet-stream", "Content-Type": file.type || "application/octet-stream",
"Content-Length": `${file.size - start}`, "Content-Length": `${file.size - start}`,
"Content-Range": `bytes ${start}-${end}/${file.size}`, "Content-Range": `bytes ${start}-${end}/${file.size}`,
}); // biome-ignore lint/suspicious/noExplicitAny: Hono doesn't type this response so this has a TS error
}, }) as any;
), }),
); );

47
api/media/proxy/:id.ts
View file

@ -1,8 +1,9 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import type { StatusCode } from "hono/utils/http-status"; import type { StatusCode } from "hono/utils/http-status";
import { z } from "zod"; import { z } from "zod";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -24,12 +25,35 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/media/proxy/{id}",
summary: "Proxy media through the server",
request: {
params: schemas.param,
},
responses: {
200: {
description: "Media",
content: {
"*": {
schema: z.any(),
},
},
},
400: {
description: "Invalid URL to proxy",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
async (context) => {
const { id } = context.req.valid("param"); const { id } = context.req.valid("param");
// Check if URL is valid // Check if URL is valid
@ -64,14 +88,13 @@ export default apiRoute((app) =>
return context.newResponse(media.body, media.status as StatusCode, { return context.newResponse(media.body, media.status as StatusCode, {
"Content-Type": "Content-Type":
media.headers.get("Content-Type") || media.headers.get("Content-Type") || "application/octet-stream",
"application/octet-stream",
"Content-Length": media.headers.get("Content-Length") || "0", "Content-Length": media.headers.get("Content-Length") || "0",
"Content-Security-Policy": "", "Content-Security-Policy": "",
"Content-Encoding": "", "Content-Encoding": "",
// Real filename // Real filename
"Content-Disposition": `inline; filename="${realFilename}"`, "Content-Disposition": `inline; filename="${realFilename}"`,
}); // biome-ignore lint/suspicious/noExplicitAny: Hono doesn't type this response so this has a TS error
}, }) as any;
), }),
); );

45
api/oauth/sso/:issuer/callback/index.ts
View file

@ -1,7 +1,7 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { randomString } from "@/math"; import { randomString } from "@/math";
import { setCookie } from "@hono/hono/cookie"; import { setCookie } from "@hono/hono/cookie";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { and, eq, isNull } from "drizzle-orm"; import { and, eq, isNull } from "drizzle-orm";
import type { Context } from "hono"; import type { Context } from "hono";
import { SignJWT } from "jose"; import { SignJWT } from "jose";
@ -40,6 +40,24 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/oauth/sso/{issuer}/callback",
summary: "SSO callback",
description:
"After the user has authenticated to an external OpenID provider, they are redirected here to complete the OAuth flow and get a code",
request: {
query: schemas.query,
params: schemas.param,
},
responses: {
302: {
description:
"Redirect to frontend's consent route, or redirect to login page with error",
},
},
});
const returnError = ( const returnError = (
context: Context, context: Context,
query: object, query: object,
@ -63,18 +81,8 @@ const returnError = (
); );
}; };
/**
* OAuth Callback endpoint
* After the user has authenticated to an external OpenID provider,
* they are redirected here to complete the OAuth flow and get a code
*/
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("query", schemas.query, handleZodError),
zValidator("param", schemas.param, handleZodError),
async (context) => {
const currentUrl = new URL(context.req.url); const currentUrl = new URL(context.req.url);
const redirectUrl = new URL(context.req.url); const redirectUrl = new URL(context.req.url);
@ -116,8 +124,7 @@ export default apiRoute((app) =>
return userInfo; return userInfo;
} }
const { sub, email, preferred_username, picture } = const { sub, email, preferred_username, picture } = userInfo.userInfo;
userInfo.userInfo;
const flow = userInfo.flow; const flow = userInfo.flow;
// If linking account // If linking account
@ -137,10 +144,7 @@ export default apiRoute((app) =>
if (!userId) { if (!userId) {
// Register new user // Register new user
if ( if (config.signups.registration && config.oidc.allow_registration) {
config.signups.registration &&
config.oidc.allow_registration
) {
let username = let username =
preferred_username ?? preferred_username ??
email?.split("@")[0] ?? email?.split("@")[0] ??
@ -298,6 +302,5 @@ export default apiRoute((app) =>
config.http.base_url, config.http.base_url,
).toString(), ).toString(),
); );
}, }),
),
); );

34
api/oauth/sso/index.ts
View file

@ -1,6 +1,6 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { oauthRedirectUri } from "@/constants"; import { oauthRedirectUri } from "@/constants";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import type { Context } from "hono"; import type { Context } from "hono";
import { import {
calculatePKCECodeChallenge, calculatePKCECodeChallenge,
@ -35,6 +35,21 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/oauth/sso",
summary: "Initiate SSO login flow",
request: {
query: schemas.query,
},
responses: {
302: {
description:
"Redirect to SSO login, or redirect to login page with error",
},
},
});
const returnError = ( const returnError = (
context: Context, context: Context,
query: object, query: object,
@ -59,11 +74,7 @@ const returnError = (
}; };
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("query", schemas.query, handleZodError),
async (context) => {
// This is the Versia client's client_id, not the external OAuth provider's client_id // This is the Versia client's client_id, not the external OAuth provider's client_id
const { issuer: issuerId, client_id } = context.req.valid("query"); const { issuer: issuerId, client_id } = context.req.valid("query");
const body = await context.req.query(); const body = await context.req.query();
@ -99,8 +110,7 @@ export default apiRoute((app) =>
const codeVerifier = generateRandomCodeVerifier(); const codeVerifier = generateRandomCodeVerifier();
const application = await db.query.Applications.findFirst({ const application = await db.query.Applications.findFirst({
where: (application, { eq }) => where: (application, { eq }) => eq(application.clientId, client_id),
eq(application.clientId, client_id),
}); });
if (!application) { if (!application) {
@ -124,8 +134,7 @@ export default apiRoute((app) =>
.returning() .returning()
)[0]; )[0];
const codeChallenge = const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
await calculatePKCECodeChallenge(codeVerifier);
return context.redirect( return context.redirect(
`${authServer.authorization_endpoint}?${new URLSearchParams({ `${authServer.authorization_endpoint}?${new URLSearchParams({
@ -140,6 +149,5 @@ export default apiRoute((app) =>
code_challenge: codeChallenge, code_challenge: codeChallenge,
}).toString()}`, }).toString()}`,
); );
}, }),
),
); );

72
api/oauth/token/index.ts
View file

@ -1,5 +1,5 @@
import { apiRoute, applyConfig, handleZodError, jsonOrForm } from "@/api"; import { apiRoute, applyConfig, jsonOrForm } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { db } from "~/drizzle/db"; import { db } from "~/drizzle/db";
@ -50,13 +50,59 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "post",
path: "/oauth/token",
summary: "Get token",
middleware: [jsonOrForm()],
request: {
body: {
content: {
"application/json": {
schema: schemas.json,
},
"application/x-www-form-urlencoded": {
schema: schemas.json,
},
"multipart/form-data": {
schema: schemas.json,
},
},
},
},
responses: {
200: {
description: "Token",
content: {
"application/json": {
schema: z.object({
access_token: z.string(),
token_type: z.string(),
expires_in: z.number().optional().nullable(),
id_token: z.string().optional().nullable(),
refresh_token: z.string().optional().nullable(),
scope: z.string().optional(),
created_at: z.number(),
}),
},
},
},
401: {
description: "Authorization error",
content: {
"application/json": {
schema: z.object({
error: z.string(),
error_description: z.string(),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
jsonOrForm(),
zValidator("json", schemas.json, handleZodError),
async (context) => {
const { grant_type, code, redirect_uri, client_id, client_secret } = const { grant_type, code, redirect_uri, client_id, client_secret } =
context.req.valid("json"); context.req.valid("json");
@ -133,7 +179,8 @@ export default apiRoute((app) =>
.set({ code: null }) .set({ code: null })
.where(eq(Tokens.id, token.id)); .where(eq(Tokens.id, token.id));
return context.json({ return context.json(
{
access_token: token.accessToken, access_token: token.accessToken,
token_type: "Bearer", token_type: "Bearer",
expires_in: token.expiresAt expires_in: token.expiresAt
@ -149,7 +196,9 @@ export default apiRoute((app) =>
created_at: Math.floor( created_at: Math.floor(
new Date(token.createdAt).getTime() / 1000, new Date(token.createdAt).getTime() / 1000,
), ),
}); },
200,
);
} }
} }
@ -160,6 +209,5 @@ export default apiRoute((app) =>
}, },
401, 401,
); );
}, }),
),
); );

60
api/objects/:id/index.ts
View file

@ -1,5 +1,9 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import {
LikeExtension as LikeSchema,
Note as NoteSchema,
} from "@versia/federation/schemas";
import { and, eq, inArray, sql } from "drizzle-orm"; import { and, eq, inArray, sql } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { type LikeType, likeToVersia } from "~/classes/functions/like"; import { type LikeType, likeToVersia } from "~/classes/functions/like";
@ -8,7 +12,7 @@ import { Notes } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { Note } from "~/packages/database-interface/note"; import { Note } from "~/packages/database-interface/note";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import type { KnownEntity } from "~/types/api"; import { ErrorSchema, type KnownEntity } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -28,12 +32,43 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/objects/{id}",
summary: "Get object",
request: {
params: schemas.param,
},
responses: {
200: {
description: "Object",
content: {
"application/json": {
schema: NoteSchema.or(LikeSchema),
},
},
},
404: {
description: "Object not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Cannot view objects from remote instances",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
async (context) => {
const { id } = context.req.valid("param"); const { id } = context.req.valid("param");
let foundObject: Note | LikeType | null = null; let foundObject: Note | LikeType | null = null;
@ -92,13 +127,8 @@ export default apiRoute((app) =>
reqUrl.protocol = "https:"; reqUrl.protocol = "https:";
} }
const { headers } = await foundAuthor.sign( const { headers } = await foundAuthor.sign(apiObject, reqUrl, "GET");
apiObject,
reqUrl,
"GET",
);
return context.json(apiObject, 200, headers.toJSON()); return context.json(apiObject, 200, headers.toJSON());
}, }),
),
); );

157
api/users/:uuid/inbox/index.ts
View file

@ -1,6 +1,6 @@
import { apiRoute, applyConfig, debugRequest, handleZodError } from "@/api"; import { apiRoute, applyConfig, debugRequest } from "@/api";
import { sentry } from "@/sentry"; import { sentry } from "@/sentry";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { getLogger } from "@logtape/logtape"; import { getLogger } from "@logtape/logtape";
import { import {
EntityValidator, EntityValidator,
@ -8,7 +8,6 @@ import {
SignatureValidator, SignatureValidator,
} from "@versia/federation"; } from "@versia/federation";
import type { Entity } from "@versia/federation/types"; import type { Entity } from "@versia/federation/types";
import type { SocketAddress } from "bun";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { matches } from "ip-matching"; import { matches } from "ip-matching";
import { z } from "zod"; import { z } from "zod";
@ -20,6 +19,7 @@ import { config } from "~/packages/config-manager";
import { Note } from "~/packages/database-interface/note"; import { Note } from "~/packages/database-interface/note";
import { Relationship } from "~/packages/database-interface/relationship"; import { Relationship } from "~/packages/database-interface/relationship";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["POST"], allowedMethods: ["POST"],
@ -46,14 +46,76 @@ export const schemas = {
body: z.any(), body: z.any(),
}; };
const route = createRoute({
method: "post",
path: "/users/{uuid}/inbox",
summary: "Receive federation inbox",
request: {
params: schemas.param,
headers: schemas.header,
body: {
content: {
"application/json": {
schema: schemas.body,
},
},
},
},
responses: {
200: {
description: "Request processed",
},
201: {
description: "Request accepted",
},
400: {
description: "Bad request",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
401: {
description: "Signature could not be verified",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Cannot view users from remote instances",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
500: {
description: "Internal server error",
content: {
"application/json": {
schema: z.object({
error: z.string(),
message: z.string(),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
zValidator("header", schemas.header, handleZodError),
zValidator("json", schemas.body, handleZodError),
async (context) => {
const { uuid } = context.req.valid("param"); const { uuid } = context.req.valid("param");
const { const {
"x-signature": signature, "x-signature": signature,
@ -89,11 +151,7 @@ export default apiRoute((app) =>
); );
} }
// @ts-expect-error IP attribute is not in types const requestIp = context.env?.ip;
const requestIp = context.env?.ip as
| SocketAddress
| undefined
| null;
let checkSignature = true; let checkSignature = true;
@ -147,8 +205,7 @@ export default apiRoute((app) =>
if ( if (
config.federation.blocked.find( config.federation.blocked.find(
(blocked) => (blocked) =>
blocked.includes(hostname) || blocked.includes(hostname) || hostname.includes(blocked),
hostname.includes(blocked),
) )
) { ) {
// Pretend to accept request // Pretend to accept request
@ -158,10 +215,7 @@ export default apiRoute((app) =>
// Verify request signature // Verify request signature
if (checkSignature) { if (checkSignature) {
if (!sender) { if (!sender) {
return context.json( return context.json({ error: "Could not resolve sender" }, 400);
{ error: "Could not resolve sender" },
400,
);
} }
if (config.debug.federation) { if (config.debug.federation) {
@ -191,7 +245,10 @@ export default apiRoute((app) =>
}); });
if (!isValid) { if (!isValid) {
return context.json({ error: "Invalid signature" }, 401); return context.json(
{ error: "Signature could not be verified" },
401,
);
} }
} }
@ -204,10 +261,7 @@ export default apiRoute((app) =>
const account = await User.resolve(note.author); const account = await User.resolve(note.author);
if (!account) { if (!account) {
return context.json( return context.json({ error: "Author not found" }, 404);
{ error: "Author not found" },
404,
);
} }
const newStatus = await Note.fromVersia( const newStatus = await Note.fromVersia(
@ -232,17 +286,11 @@ export default apiRoute((app) =>
const account = await User.resolve(follow.author); const account = await User.resolve(follow.author);
if (!account) { if (!account) {
return context.json( return context.json({ error: "Author not found" }, 400);
{ error: "Author not found" },
400,
);
} }
const foundRelationship = const foundRelationship =
await Relationship.fromOwnerAndSubject( await Relationship.fromOwnerAndSubject(account, user);
account,
user,
);
if (foundRelationship.data.following) { if (foundRelationship.data.following) {
return context.text("Already following", 200); return context.text("Already following", 200);
@ -258,9 +306,7 @@ export default apiRoute((app) =>
await db.insert(Notifications).values({ await db.insert(Notifications).values({
accountId: account.id, accountId: account.id,
type: user.data.isLocked type: user.data.isLocked ? "follow_request" : "follow",
? "follow_request"
: "follow",
notifiedId: user.id, notifiedId: user.id,
}); });
@ -274,17 +320,11 @@ export default apiRoute((app) =>
const account = await User.resolve(followAccept.author); const account = await User.resolve(followAccept.author);
if (!account) { if (!account) {
return context.json( return context.json({ error: "Author not found" }, 400);
{ error: "Author not found" },
400,
);
} }
const foundRelationship = const foundRelationship =
await Relationship.fromOwnerAndSubject( await Relationship.fromOwnerAndSubject(user, account);
user,
account,
);
if (!foundRelationship.data.requested) { if (!foundRelationship.data.requested) {
return context.text( return context.text(
@ -304,17 +344,11 @@ export default apiRoute((app) =>
const account = await User.resolve(followReject.author); const account = await User.resolve(followReject.author);
if (!account) { if (!account) {
return context.json( return context.json({ error: "Author not found" }, 400);
{ error: "Author not found" },
400,
);
} }
const foundRelationship = const foundRelationship =
await Relationship.fromOwnerAndSubject( await Relationship.fromOwnerAndSubject(user, account);
user,
account,
);
if (!foundRelationship.data.requested) { if (!foundRelationship.data.requested) {
return context.text( return context.text(
@ -356,10 +390,7 @@ export default apiRoute((app) =>
if (otherUser.id === user.id) { if (otherUser.id === user.id) {
// Delete own account // Delete own account
await user.delete(); await user.delete();
return context.text( return context.text("Account deleted", 200);
"Account deleted",
200,
);
} }
return context.json( return context.json(
{ {
@ -388,9 +419,7 @@ export default apiRoute((app) =>
}, },
user: async (user) => { user: async (user) => {
// Refetch user to ensure we have the latest data // Refetch user to ensure we have the latest data
const updatedAccount = await User.saveFromRemote( const updatedAccount = await User.saveFromRemote(user.uri);
user.uri,
);
if (!updatedAccount) { if (!updatedAccount) {
return context.json( return context.json(
@ -402,10 +431,7 @@ export default apiRoute((app) =>
return context.text("User refreshed", 200); return context.text("User refreshed", 200);
}, },
unknown: () => { unknown: () => {
return context.json( return context.json({ error: "Unknown entity type" }, 400);
{ error: "Unknown entity type" },
400,
);
}, },
}); });
} catch (e) { } catch (e) {
@ -428,6 +454,5 @@ export default apiRoute((app) =>
500, 500,
); );
} }
}, }),
),
); );

65
api/users/:uuid/index.ts
View file

@ -1,7 +1,9 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { User as UserSchema } from "@versia/federation/schemas";
import { z } from "zod"; import { z } from "zod";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -21,12 +23,47 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/users/{uuid}",
summary: "Get user data",
request: {
params: schemas.param,
},
responses: {
200: {
description: "User data",
content: {
"application/json": {
schema: UserSchema,
},
},
},
301: {
description:
"Redirect to user profile (for web browsers). Uses user-agent for detection.",
},
404: {
description: "User not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Cannot view users from remote instances",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
async (context) => {
const { uuid } = context.req.valid("param"); const { uuid } = context.req.valid("param");
const user = await User.fromId(uuid); const user = await User.fromId(uuid);
@ -43,22 +80,14 @@ export default apiRoute((app) =>
} }
// Try to detect a web browser and redirect to the user's profile page // Try to detect a web browser and redirect to the user's profile page
if ( if (context.req.header("user-agent")?.includes("Mozilla")) {
context.req.header("user-agent")?.includes("Mozilla") &&
uuid !== "actor"
) {
return context.redirect(user.toApi().url); return context.redirect(user.toApi().url);
} }
const userJson = user.toVersia(); const userJson = user.toVersia();
const { headers } = await user.sign( const { headers } = await user.sign(userJson, context.req.url, "GET");
userJson,
context.req.url,
"GET",
);
return context.json(userJson, 200, headers.toJSON()); return context.json(userJson, 200, headers.toJSON());
}, }),
),
); );

60
api/users/:uuid/outbox/index.ts
View file

@ -1,6 +1,9 @@
import { apiRoute, applyConfig, handleZodError } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import type { Collection } from "@versia/federation/types"; import {
Collection as CollectionSchema,
Note as NoteSchema,
} from "@versia/federation/schemas";
import { and, count, eq, inArray } from "drizzle-orm"; import { and, count, eq, inArray } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { db } from "~/drizzle/db"; import { db } from "~/drizzle/db";
@ -8,6 +11,7 @@ import { Notes } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { Note } from "~/packages/database-interface/note"; import { Note } from "~/packages/database-interface/note";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -30,15 +34,48 @@ export const schemas = {
}), }),
}; };
const route = createRoute({
method: "get",
path: "/users/{uuid}/outbox",
summary: "Get user outbox",
request: {
params: schemas.param,
query: schemas.query,
},
responses: {
200: {
description: "User outbox",
content: {
"application/json": {
schema: CollectionSchema.extend({
items: z.array(NoteSchema),
}),
},
},
},
404: {
description: "User not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Cannot view users from remote instances",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const NOTES_PER_PAGE = 20; const NOTES_PER_PAGE = 20;
export default apiRoute((app) => export default apiRoute((app) =>
app.on( app.openapi(route, async (context) => {
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
zValidator("query", schemas.query, handleZodError),
async (context) => {
const { uuid } = context.req.valid("param"); const { uuid } = context.req.valid("param");
const author = await User.fromId(uuid); const author = await User.fromId(uuid);
@ -108,11 +145,10 @@ export default apiRoute((app) =>
).toString() ).toString()
: null, : null,
items: notes.map((note) => note.toVersia()), items: notes.map((note) => note.toVersia()),
} satisfies Collection; };
const { headers } = await author.sign(json, context.req.url, "GET"); const { headers } = await author.sign(json, context.req.url, "GET");
return context.json(json, 200, headers.toJSON()); return context.json(json, 200, headers.toJSON());
}, }),
),
); );

25
api/well-known/host-meta/index.ts
View file

@ -1,4 +1,5 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
export const meta = applyConfig({ export const meta = applyConfig({
@ -13,14 +14,34 @@ export const meta = applyConfig({
route: "/.well-known/host-meta", route: "/.well-known/host-meta",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/host-meta",
summary: "Well-known host-meta",
responses: {
200: {
description: "Host-meta",
content: {
"application/xrd+xml": {
schema: z.any(),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, (context) => { app.openapi(route, (context) => {
context.header("Content-Type", "application/xrd+xml"); context.header("Content-Type", "application/xrd+xml");
context.status(200);
return context.body( return context.body(
`<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="${new URL( `<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="${new URL(
"/.well-known/webfinger", "/.well-known/webfinger",
config.http.base_url, config.http.base_url,
).toString()}?resource={uri}"/></XRD>`, ).toString()}?resource={uri}"/></XRD>`,
); 200,
// biome-ignore lint/suspicious/noExplicitAny: Hono doesn't type this response so this has a TS error, it's joever
) as any;
}), }),
); );

38
api/well-known/jwks/index.ts
View file

@ -1,4 +1,5 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { exportJWK } from "jose"; import { exportJWK } from "jose";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
@ -14,8 +15,36 @@ export const meta = applyConfig({
route: "/.well-known/jwks", route: "/.well-known/jwks",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/jwks",
summary: "JWK Set",
responses: {
200: {
description: "JWK Set",
content: {
"application/json": {
schema: z.object({
keys: z.array(
z.object({
kty: z.string(),
use: z.string(),
alg: z.string(),
kid: z.string(),
crv: z.string().optional(),
x: z.string().optional(),
y: z.string().optional(),
}),
),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, async (context) => { app.openapi(route, async (context) => {
const publicKey = await crypto.subtle.importKey( const publicKey = await crypto.subtle.importKey(
"spki", "spki",
Buffer.from(config.oidc.keys?.public ?? "", "base64"), Buffer.from(config.oidc.keys?.public ?? "", "base64"),
@ -29,7 +58,8 @@ export default apiRoute((app) =>
// Remove the private key // Remove the private key
jwk.d = undefined; jwk.d = undefined;
return context.json({ return context.json(
{
keys: [ keys: [
{ {
...jwk, ...jwk,
@ -38,6 +68,8 @@ export default apiRoute((app) =>
kid: "1", kid: "1",
}, },
], ],
}); },
200,
);
}), }),
); );

40
api/well-known/nodeinfo/2.0/index.ts
View file

@ -1,4 +1,5 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import manifest from "~/package.json"; import manifest from "~/package.json";
export const meta = applyConfig({ export const meta = applyConfig({
@ -13,8 +14,45 @@ export const meta = applyConfig({
route: "/.well-known/nodeinfo/2.0", route: "/.well-known/nodeinfo/2.0",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/nodeinfo/2.0",
summary: "Well-known nodeinfo 2.0",
responses: {
200: {
description: "Nodeinfo 2.0",
content: {
"application/json": {
schema: z.object({
version: z.string(),
software: z.object({
name: z.string(),
version: z.string(),
}),
protocols: z.array(z.string()),
services: z.object({
outbound: z.array(z.string()),
inbound: z.array(z.string()),
}),
usage: z.object({
users: z.object({
total: z.number(),
activeMonth: z.number(),
activeHalfyear: z.number(),
}),
localPosts: z.number(),
}),
openRegistrations: z.boolean(),
metadata: z.object({}),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, (context) => { app.openapi(route, (context) => {
return context.json({ return context.json({
version: "2.0", version: "2.0",
software: { name: "versia-server", version: manifest.version }, software: { name: "versia-server", version: manifest.version },

14
api/well-known/nodeinfo/index.ts
View file

@ -1,4 +1,5 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { createRoute } from "@hono/zod-openapi";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
export const meta = applyConfig({ export const meta = applyConfig({
@ -13,8 +14,19 @@ export const meta = applyConfig({
route: "/.well-known/nodeinfo", route: "/.well-known/nodeinfo",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/nodeinfo",
summary: "Well-known nodeinfo",
responses: {
301: {
description: "Redirect to 2.0 Nodeinfo",
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, (context) => { app.openapi(route, (context) => {
return context.redirect( return context.redirect(
new URL( new URL(
"/.well-known/nodeinfo/2.0", "/.well-known/nodeinfo/2.0",

42
api/well-known/openid-configuration/index.ts
View file

@ -1,4 +1,5 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
export const meta = applyConfig({ export const meta = applyConfig({
@ -13,10 +14,43 @@ export const meta = applyConfig({
route: "/.well-known/openid-configuration", route: "/.well-known/openid-configuration",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/openid-configuration",
summary: "OpenID Configuration",
responses: {
200: {
description: "OpenID Configuration",
content: {
"application/json": {
schema: z.object({
issuer: z.string(),
authorization_endpoint: z.string(),
token_endpoint: z.string(),
userinfo_endpoint: z.string(),
jwks_uri: z.string(),
response_types_supported: z.array(z.string()),
subject_types_supported: z.array(z.string()),
id_token_signing_alg_values_supported: z.array(
z.string(),
),
scopes_supported: z.array(z.string()),
token_endpoint_auth_methods_supported: z.array(
z.string(),
),
claims_supported: z.array(z.string()),
}),
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, (context) => { app.openapi(route, (context) => {
const baseUrl = new URL(config.http.base_url); const baseUrl = new URL(config.http.base_url);
return context.json({ return context.json(
{
issuer: baseUrl.origin.toString(), issuer: baseUrl.origin.toString(),
authorization_endpoint: `${baseUrl.origin}/oauth/authorize`, authorization_endpoint: `${baseUrl.origin}/oauth/authorize`,
token_endpoint: `${baseUrl.origin}/oauth/token`, token_endpoint: `${baseUrl.origin}/oauth/token`,
@ -28,6 +62,8 @@ export default apiRoute((app) =>
scopes_supported: ["openid", "profile", "email"], scopes_supported: ["openid", "profile", "email"],
token_endpoint_auth_methods_supported: ["client_secret_basic"], token_endpoint_auth_methods_supported: ["client_secret_basic"],
claims_supported: ["sub"], claims_supported: ["sub"],
}); },
200,
);
}), }),
); );

42
api/well-known/versia.ts
View file

@ -1,8 +1,12 @@
import { apiRoute, applyConfig } from "@/api"; import { apiRoute, applyConfig } from "@/api";
import { urlToContentFormat } from "@/content_types"; import { urlToContentFormat } from "@/content_types";
import type { InstanceMetadata } from "@versia/federation/types"; import { createRoute } from "@hono/zod-openapi";
import { InstanceMetadata as InstanceMetadataSchema } from "@versia/federation/schemas";
import { asc } from "drizzle-orm";
import { Users } from "~/drizzle/schema";
import pkg from "~/package.json"; import pkg from "~/package.json";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { User } from "~/packages/database-interface/user";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -16,10 +20,30 @@ export const meta = applyConfig({
route: "/.well-known/versia", route: "/.well-known/versia",
}); });
const route = createRoute({
method: "get",
path: "/.well-known/versia",
summary: "Get instance metadata",
responses: {
200: {
description: "Instance metadata",
content: {
"application/json": {
schema: InstanceMetadataSchema,
},
},
},
},
});
export default apiRoute((app) => export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, (context) => { app.openapi(route, async (context) => {
return context.json({ // Get date of first user creation
type: "InstanceMetadata", const firstUser = await User.fromSql(undefined, asc(Users.createdAt));
return context.json(
{
type: "InstanceMetadata" as const,
compatibility: { compatibility: {
extensions: ["pub.versia:custom_emojis"], extensions: ["pub.versia:custom_emojis"],
versions: ["0.4.0"], versions: ["0.4.0"],
@ -29,7 +53,7 @@ export default apiRoute((app) =>
description: config.instance.description, description: config.instance.description,
public_key: { public_key: {
key: config.instance.keys.public, key: config.instance.keys.public,
algorithm: "ed25519", algorithm: "ed25519" as const,
}, },
software: { software: {
name: "Versia Server", name: "Versia Server",
@ -37,7 +61,11 @@ export default apiRoute((app) =>
}, },
banner: urlToContentFormat(config.instance.banner), banner: urlToContentFormat(config.instance.banner),
logo: urlToContentFormat(config.instance.logo), logo: urlToContentFormat(config.instance.logo),
created_at: "2021-10-01T00:00:00Z", created_at: new Date(
} satisfies InstanceMetadata); firstUser?.data.createdAt ?? 0,
).toISOString(),
},
200,
);
}), }),
); );

104
api/well-known/webfinger/index.ts
View file

@ -1,11 +1,5 @@
import { import { apiRoute, applyConfig, idValidator, webfingerMention } from "@/api";
apiRoute, import { createRoute } from "@hono/zod-openapi";
applyConfig,
handleZodError,
idValidator,
webfingerMention,
} from "@/api";
import { zValidator } from "@hono/zod-validator";
import { getLogger } from "@logtape/logtape"; import { getLogger } from "@logtape/logtape";
import type { ResponseError } from "@versia/federation"; import type { ResponseError } from "@versia/federation";
import { and, eq, isNull } from "drizzle-orm"; import { and, eq, isNull } from "drizzle-orm";
@ -14,6 +8,7 @@ import { z } from "zod";
import { Users } from "~/drizzle/schema"; import { Users } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { User } from "~/packages/database-interface/user"; import { User } from "~/packages/database-interface/user";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -29,27 +24,58 @@ export const meta = applyConfig({
export const schemas = { export const schemas = {
query: z.object({ query: z.object({
resource: z.string().trim().min(1).max(512).startsWith("acct:"), resource: z
.string()
.trim()
.min(1)
.max(512)
.startsWith("acct:")
.regex(
webfingerMention,
"Invalid resource (should be acct:(id or username)@domain)",
),
}), }),
}; };
export default apiRoute((app) => const route = createRoute({
app.on( method: "get",
meta.allowedMethods, path: "/.well-known/webfinger",
meta.route, summary: "Get user information",
zValidator("query", schemas.query, handleZodError), request: {
async (context) => { query: schemas.query,
const { resource } = context.req.valid("query");
// Check if resource is in the correct format (acct:uuid/username@domain)
if (!resource.match(webfingerMention)) {
return context.json(
{
error: "Invalid resource (should be acct:(id or username)@domain)",
}, },
400, responses: {
); 200: {
} description: "User information",
content: {
"application/json": {
schema: z.object({
subject: z.string(),
links: z.array(
z.object({
rel: z.string(),
type: z.string(),
href: z.string(),
}),
),
}),
},
},
},
404: {
description: "User not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { resource } = context.req.valid("query");
const requestedUser = resource.split("acct:")[1]; const requestedUser = resource.split("acct:")[1];
@ -96,19 +122,20 @@ export default apiRoute((app) =>
} }
} }
return context.json({ return context.json(
subject: `acct:${ {
isUuid ? user.id : user.data.username subject: `acct:${isUuid ? user.id : user.data.username}@${host}`,
}@${host}`,
links: [ links: [
// Keep the ActivityPub link first, because Misskey only searches // Keep the ActivityPub link first, because Misskey only searches
// for the first link with rel="self" and doesn't check the type. // for the first link with rel="self" and doesn't check the type.
activityPubUrl && { activityPubUrl
? {
rel: "self", rel: "self",
type: "application/activity+json", type: "application/activity+json",
href: activityPubUrl, href: activityPubUrl,
}, }
: undefined,
{ {
rel: "self", rel: "self",
type: "application/json", type: "application/json",
@ -119,11 +146,18 @@ export default apiRoute((app) =>
}, },
{ {
rel: "avatar", rel: "avatar",
type: lookup(user.getAvatarUrl(config)), type:
lookup(user.getAvatarUrl(config)) ??
"application/octet-stream",
href: user.getAvatarUrl(config), href: user.getAvatarUrl(config),
}, },
].filter(Boolean), ].filter(Boolean) as {
}); rel: string;
type: string;
href: string;
}[],
}, },
), 200,
);
}),
); );

BIN
bun.lockb
View file

Binary file not shown.

1
drizzle/migrations/0033_panoramic_sister_grimm.sql Normal file
View file

@ -0,0 +1 @@
ALTER TABLE "Filters" ALTER COLUMN "context" SET NOT NULL;

2126
drizzle/migrations/meta/0033_snapshot.json Normal file
View file

File diff suppressed because it is too large Load diff

7
drizzle/migrations/meta/_journal.json
View file

@ -232,6 +232,13 @@
"when": 1724073118382, "when": 1724073118382,
"tag": "0032_ambiguous_sue_storm", "tag": "0032_ambiguous_sue_storm",
"breakpoints": true "breakpoints": true
},
{
"idx": 33,
"version": "7",
"when": 1726491670160,
"tag": "0033_panoramic_sister_grimm",
"breakpoints": true
} }
] ]
} }

1
drizzle/schema.ts
View file

@ -61,6 +61,7 @@ export const Filters = pgTable("Filters", {
}), }),
context: text("context") context: text("context")
.array() .array()
.notNull()
.$type< .$type<
("home" | "notifications" | "public" | "thread" | "account")[] ("home" | "notifications" | "public" | "thread" | "account")[]
>(), >(),

2
package.json
View file

@ -111,7 +111,7 @@
"@sentry/bun": "^8.30.0", "@sentry/bun": "^8.30.0",
"@tufjs/canonical-json": "^2.0.0", "@tufjs/canonical-json": "^2.0.0",
"@versia/client": "^0.1.0", "@versia/client": "^0.1.0",
"@versia/federation": "^0.1.0", "@versia/federation": "^0.1.1-rc.0",
"altcha-lib": "^1.1.0", "altcha-lib": "^1.1.0",
"blurhash": "^2.0.5", "blurhash": "^2.0.5",
"bullmq": "^5.13.0", "bullmq": "^5.13.0",

2
tests/api/statuses.test.ts
View file

@ -34,7 +34,7 @@ describe("API Tests", () => {
body: formData, body: formData,
}); });
expect(response.status).toBe(202); expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain( expect(response.headers.get("content-type")).toContain(
"application/json", "application/json",
); );

4
types/api.ts
View file

@ -11,6 +11,7 @@ import type {
Unfollow, Unfollow,
User, User,
} from "@versia/federation/types"; } from "@versia/federation/types";
import type { SocketAddress } from "bun";
import { z } from "zod"; import { z } from "zod";
import type { Application } from "~/classes/functions/application"; import type { Application } from "~/classes/functions/application";
import type { RolePermissions } from "~/drizzle/schema"; import type { RolePermissions } from "~/drizzle/schema";
@ -59,6 +60,9 @@ export type HonoEnv = {
application: Application | null; application: Application | null;
}; };
}; };
Bindings: {
ip?: SocketAddress | null;
};
}; };
export interface ApiRouteExports { export interface ApiRouteExports {