versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-12 21:39:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: ♻️ Rewrite build system to fit the monorepo architecture
Some checks failed
Mirror to Codeberg / Mirror (push) Failing after 0s
Details
Test Publish / build (client) (push) Failing after 1s
Details
Test Publish / build (sdk) (push) Failing after 0s
Details

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-07-04 06:29:43 +02:00
parent 7de4b573e3
commit 90b6399407
No known key found for this signature in database
217 changed files with 2143 additions and 1858 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/api/app.ts
View file

@ -1,4 +1,4 @@
import { resolve } from "node:path";
import { join } from "node:path";
import { Scalar } from "@scalar/hono-api-reference";
import { config } from "@versia-server/config";
import { ApiError } from "@versia-server/kit";
@ -113,7 +113,7 @@ export const appFactory = async (): Promise<Hono<HonoEnv>> => {
const loader = new PluginLoader();
const plugins = await loader.loadPlugins(
resolve("./plugins"),
join(import.meta.dir, "plugins"),
config.plugins?.autoload ?? true,
config.plugins?.overrides.enabled,
config.plugins?.overrides.disabled,

41
packages/api/build.ts
View file

@ -1,5 +1,6 @@
import { readdir } from "node:fs/promises";
import { $, build } from "bun";
import manifest from "./package.json" with { type: "json" };
import { routes } from "./routes.ts";
console.log("Building...");
@ -11,10 +12,7 @@ const pluginDirs = await readdir("plugins", { withFileTypes: true });
await build({
entrypoints: [
"packages/api/index.ts",
// HACK: Include to avoid cyclical import errors
"packages/config/index.ts",
"cli/index.ts",
...Object.values(manifest.exports).map((entry) => entry.import),
// Force Bun to include endpoints
...Object.values(routes),
// Include all plugins
@ -25,43 +23,24 @@ await build({
outdir: "dist",
target: "bun",
splitting: true,
minify: false,
external: ["acorn", "@bull-board/ui"],
minify: true,
external: [
...Object.keys(manifest.dependencies).filter((dep) =>
dep.startsWith("@versia"),
),
"@bull-board/ui",
],
});
console.log("Copying files...");
// Fix Bun build mistake
await $`sed -i 's/ProxiableUrl, url, sensitiveString, keyPair, exportedConfig/url, sensitiveString, keyPair, exportedConfig/g' dist/packages/config/*.js`;
// Copy Drizzle stuff
await $`mkdir -p dist/packages/plugin-kit/tables`;
await $`cp -rL packages/plugin-kit/tables/migrations dist/packages/plugin-kit/tables`;
// Copy plugin manifests
await $`cp plugins/openid/manifest.json dist/plugins/openid/manifest.json`;
await $`mkdir -p dist/node_modules`;
// Copy Sharp to dist
await $`mkdir -p dist/node_modules/@img`;
await $`cp -rL node_modules/@img/sharp-libvips-linux* dist/node_modules/@img`;
await $`cp -rL node_modules/@img/sharp-linux* dist/node_modules/@img`;
// Copy acorn to dist
await $`cp -rL node_modules/acorn dist/node_modules/acorn`;
// Copy bull-board to dist
await $`mkdir -p dist/node_modules/@bull-board`;
await $`cp -rL node_modules/@bull-board/ui dist/node_modules/@bull-board/ui`;
// Copy the Bee Movie script from pages
await $`cp beemovie.txt dist/beemovie.txt`;
// Copy package.json
await $`cp package.json dist/package.json`;
// Fixes issues with sharp
await $`cp -rL node_modules/detect-libc dist/node_modules/`;
await $`cp -rL ../../node_modules/@bull-board/ui dist/node_modules/@bull-board/ui`;
console.log("Build complete!");

19
packages/api/index.ts
View file

@ -1,19 +0,0 @@
import process from "node:process";
import { config } from "@versia-server/config";
import { Youch } from "youch";
import { createServer } from "@/server";
import { appFactory } from "./app.ts";
process.on("SIGINT", () => {
process.exit();
});
process.on("uncaughtException", async (error) => {
const youch = new Youch();
console.error(await youch.toANSI(error));
});
await import("./setup.ts");
createServer(config, await appFactory());

14
packages/api/package.json
View file

@ -36,11 +36,19 @@
"scripts": {
"dev": "bun run --hot index.ts",
"build": "bun run build.ts",
"schema:generate": "bun run classes/config/to-json-schema.ts > config/config.schema.json && bun run packages/plugin-kit/json-schema.ts > packages/plugin-kit/manifest.schema.json",
"schema:generate": "bun run classes/config/to-json-schema.ts > config/config.schema.json && bun run packages/kit/json-schema.ts > packages/kit/manifest.schema.json",
"docs:dev": "vitepress dev docs",
"docs:build": "vitepress build docs",
"docs:preview": "vitepress preview docs"
},
"exports": {
".": {
"import": "./app.ts"
},
"./setup": {
"import": "./setup.ts"
}
},
"dependencies": {
"@versia-server/config": "workspace:*",
"@versia-server/tests": "workspace:*",
@ -65,10 +73,10 @@
"hono-rate-limiter": "catalog:",
"ip-matching": "catalog:",
"qs": "catalog:",
"magic-regexp": "catalog:",
"altcha-lib": "catalog:",
"@hono/zod-validator": "catalog:",
"zod-validation-error": "catalog:",
"confbox": "catalog:"
"confbox": "catalog:",
"oauth4webapi": "catalog:"
}
}

45
packages/api/plugins/openid/errors.ts Normal file
View file

@ -0,0 +1,45 @@
import type { Context, TypedResponse } from "hono";
export const errors = {
InvalidJWT: ["invalid_request", "Invalid JWT: could not verify"],
MissingJWTFields: [
"invalid_request",
"Invalid JWT: missing required fields (aud, sub, exp, iss)",
],
InvalidSub: ["invalid_request", "Invalid JWT: sub is not a valid user ID"],
UserNotFound: [
"invalid_request",
"Invalid JWT, could not find associated user",
],
MissingOauthPermission: [
"unauthorized",
"User missing required 'oauth' permission",
],
MissingApplication: [
"invalid_request",
"Invalid client_id: no associated API application found",
],
InvalidRedirectUri: [
"invalid_request",
"Invalid redirect_uri: does not match API application's redirect_uri",
],
InvalidScope: [
"invalid_request",
"Invalid scope: not a subset of the application's scopes",
],
};
export const errorRedirect = (
context: Context,
error: (typeof errors)[keyof typeof errors],
extraParams?: URLSearchParams,
): Response & TypedResponse<undefined, 302, "redirect"> => {
const errorSearchParams = new URLSearchParams(extraParams);
errorSearchParams.append("error", error[0]);
errorSearchParams.append("error_description", error[1]);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
};

105
packages/api/plugins/openid/index.ts Normal file
View file

@ -0,0 +1,105 @@
import { RolePermission } from "@versia/client/schemas";
import { keyPair, sensitiveString, url } from "@versia-server/config";
import { ApiError, Hooks, Plugin } from "@versia-server/kit";
import { User } from "@versia-server/kit/db";
import { getCookie } from "hono/cookie";
import { jwtVerify } from "jose";
import { JOSEError, JWTExpired } from "jose/errors";
import { z } from "zod";
import authorizeRoute from "./routes/authorize.ts";
import jwksRoute from "./routes/jwks.ts";
import ssoLoginCallbackRoute from "./routes/oauth/callback.ts";
import tokenRevokeRoute from "./routes/oauth/revoke.ts";
import ssoLoginRoute from "./routes/oauth/sso.ts";
import tokenRoute from "./routes/oauth/token.ts";
import ssoIdRoute from "./routes/sso/:id/index.ts";
import ssoRoute from "./routes/sso/index.ts";
const configSchema = z.object({
forced: z.boolean().default(false),
allow_registration: z.boolean().default(true),
providers: z
.array(
z.object({
name: z.string().min(1),
id: z.string().min(1),
url: z.string().min(1),
client_id: z.string().min(1),
client_secret: sensitiveString,
icon: url.optional(),
}),
)
.default([]),
keys: keyPair,
});
const plugin = new Plugin(configSchema);
// Test hook for screenshots
plugin.registerHandler(Hooks.Response, (req) => {
console.info("Request received:", req);
return req;
});
authorizeRoute(plugin);
ssoRoute(plugin);
ssoIdRoute(plugin);
tokenRoute(plugin);
tokenRevokeRoute(plugin);
jwksRoute(plugin);
ssoLoginRoute(plugin);
ssoLoginCallbackRoute(plugin);
plugin.registerRoute("/admin/queues/api/*", (app) => {
// Check for JWT when accessing the admin panel
app.use("/admin/queues/api/*", async (context, next) => {
const jwtCookie = getCookie(context, "jwt");
if (!jwtCookie) {
throw new ApiError(401, "Missing JWT cookie");
}
const { keys } = context.get("pluginConfig");
const result = await jwtVerify(jwtCookie, keys.public, {
algorithms: ["EdDSA"],
issuer: new URL(context.get("config").http.base_url).origin,
}).catch((error) => {
if (error instanceof JOSEError) {
return error;
}
throw error;
});
if (result instanceof JOSEError) {
if (result instanceof JWTExpired) {
throw new ApiError(401, "JWT has expired");
}
throw new ApiError(401, "Invalid JWT");
}
const {
payload: { sub },
} = result;
if (!sub) {
throw new ApiError(401, "Invalid JWT (no sub)");
}
const user = await User.fromId(sub);
if (!user?.hasPermission(RolePermission.ManageInstanceFederation)) {
throw new ApiError(
403,
`Missing '${RolePermission.ManageInstanceFederation}' permission`,
);
}
await next();
});
});
export type PluginType = typeof plugin;
export default plugin;

17
packages/api/plugins/openid/manifest.json Normal file
View file

@ -0,0 +1,17 @@
{
"$schema": "https://raw.githubusercontent.com/versia-pub/server/refs/heads/main/packages/kit/manifest.schema.json",
"name": "@versia/openid",
"description": "OpenID authentication.",
"version": "0.1.0",
"authors": [
{
"name": "Jesse Wierzbinski",
"email": "contact@cpluspatch.com",
"url": "https://cpluspatch.com"
}
],
"repository": {
"type": "git",
"url": "https://github.com/versia-pub/server.git"
}
}

404
packages/api/plugins/openid/routes/authorize.test.ts Normal file
View file

@ -0,0 +1,404 @@
import { afterAll, describe, expect, test } from "bun:test";
import { RolePermission } from "@versia/client/schemas";
import { config } from "@versia-server/config";
import { Application } from "@versia-server/kit/db";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
import { SignJWT } from "jose";
import { randomString } from "@/math";
const { deleteUsers, tokens, users } = await getTestUsers(1);
const privateKey = await crypto.subtle.importKey(
"pkcs8",
Buffer.from(
config.plugins?.config?.["@versia/openid"].keys.private,
"base64",
),
"Ed25519",
false,
["sign"],
);
const application = await Application.insert({
id: randomUUIDv7(),
clientId: "test-client-id",
redirectUri: "https://example.com/callback",
scopes: "openid profile email",
name: "Test Application",
secret: "test-secret",
});
afterAll(async () => {
await deleteUsers();
await application.delete();
});
describe("/oauth/authorize", () => {
test("should authorize and redirect with valid inputs", async () => {
const jwt = await new SignJWT({
sub: users[0].id,
iss: config.http.base_url.origin,
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(location.origin + location.pathname).toBe(
application.data.redirectUri,
);
expect(params.get("code")).toBeTruthy();
expect(params.get("state")).toBe("test-state");
});
test("should return error for invalid JWT", async () => {
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: "jwt=invalid-jwt",
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid JWT: could not verify",
);
});
test("should return error for missing required fields in JWT", async () => {
const jwt = await new SignJWT({
sub: users[0].id,
iss: config.http.base_url.origin,
aud: application.data.clientId,
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid JWT: missing required fields (aud, sub, exp, iss)",
);
});
test("should return error for user not found", async () => {
const jwt = await new SignJWT({
sub: "non-existent-user",
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iss: config.http.base_url.origin,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid JWT: sub is not a valid user ID",
);
const jwt2 = await new SignJWT({
sub: "23e42862-d5df-49a8-95b5-52d8c6a11aea",
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iss: config.http.base_url.origin,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response2 = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt2}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response2.status).toBe(302);
const location2 = new URL(
response2.headers.get("Location") ?? "",
config.http.base_url,
);
const params2 = new URLSearchParams(location2.search);
expect(params2.get("error")).toBe("invalid_request");
expect(params2.get("error_description")).toBe(
"Invalid JWT, could not find associated user",
);
});
test("should return error for user missing required permissions", async () => {
const oldPermissions = config.permissions.default;
config.permissions.default = [];
const jwt = await new SignJWT({
sub: users[0].id,
iss: config.http.base_url.origin,
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("unauthorized");
expect(params.get("error_description")).toBe(
`User missing required '${RolePermission.OAuth}' permission`,
);
config.permissions.default = oldPermissions;
});
test("should return error for invalid client_id", async () => {
const jwt = await new SignJWT({
sub: users[0].id,
aud: "invalid-client-id",
iss: config.http.base_url.origin,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: "invalid-client-id",
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid client_id: no associated API application found",
);
});
test("should return error for invalid redirect_uri", async () => {
const jwt = await new SignJWT({
sub: users[0].id,
iss: config.http.base_url.origin,
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: "https://invalid.com/callback",
response_type: "code",
scope: application.data.scopes,
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid redirect_uri: does not match API application's redirect_uri",
);
});
test("should return error for invalid scope", async () => {
const jwt = await new SignJWT({
sub: users[0].id,
iss: config.http.base_url.origin,
aud: application.data.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const response = await fakeRequest("/oauth/authorize", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
Cookie: `jwt=${jwt}`,
},
body: JSON.stringify({
client_id: application.data.clientId,
redirect_uri: application.data.redirectUri,
response_type: "code",
scope: "invalid-scope",
state: "test-state",
code_challenge: randomString(43),
code_challenge_method: "S256",
}),
});
expect(response.status).toBe(302);
const location = new URL(
response.headers.get("Location") ?? "",
config.http.base_url,
);
const params = new URLSearchParams(location.search);
expect(params.get("error")).toBe("invalid_request");
expect(params.get("error_description")).toBe(
"Invalid scope: not a subset of the application's scopes",
);
});
});

278
packages/api/plugins/openid/routes/authorize.ts Normal file
View file

@ -0,0 +1,278 @@
import { RolePermission } from "@versia/client/schemas";
import { auth, handleZodError, jsonOrForm } from "@versia-server/kit/api";
import { Application, Token, User } from "@versia-server/kit/db";
import { randomUUIDv7 } from "bun";
import { describeRoute } from "hono-openapi";
import { validator } from "hono-openapi/zod";
import { type JWTPayload, jwtVerify, SignJWT } from "jose";
import { JOSEError } from "jose/errors";
import { z } from "zod";
import { randomString } from "@/math";
import { errorRedirect, errors } from "../errors.ts";
import type { PluginType } from "../index.ts";
export default (plugin: PluginType): void =>
plugin.registerRoute("/oauth/authorize", (app) =>
app.post(
"/oauth/authorize",
describeRoute({
summary: "Main OpenID authorization endpoint",
tags: ["OpenID"],
responses: {
302: {
description: "Redirect to the application",
},
},
}),
plugin.middleware,
auth({
auth: false,
}),
jsonOrForm(),
validator(
"query",
z.object({
prompt: z
.enum(["none", "login", "consent", "select_account"])
.optional()
.default("none"),
max_age: z.coerce
.number()
.int()
.optional()
.default(60 * 60 * 24 * 7),
}),
handleZodError,
),
validator(
"json",
z
.object({
scope: z.string().optional(),
redirect_uri: z
.string()
.url()
.optional()
.or(z.literal("urn:ietf:wg:oauth:2.0:oob")),
response_type: z.enum([
"code",
"token",
"none",
"id_token",
"code id_token",
"code token",
"token id_token",
"code token id_token",
]),
client_id: z.string(),
state: z.string().optional(),
code_challenge: z.string().optional(),
code_challenge_method: z
.enum(["plain", "S256"])
.optional(),
})
.refine(
// Check if redirect_uri is valid for code flow
(data) =>
data.response_type.includes("code")
? data.redirect_uri
: true,
"redirect_uri is required for code flow",
),
// Disable for Mastodon API compatibility
/* .refine(
// Check if code_challenge is valid for code flow
(data) =>
data.response_type.includes("code")
? data.code_challenge
: true,
"code_challenge is required for code flow",
), */
handleZodError,
),
validator(
"cookie",
z.object({
jwt: z.string(),
}),
handleZodError,
),
async (context) => {
const { scope, redirect_uri, client_id, state } =
context.req.valid("json");
const { jwt } = context.req.valid("cookie");
const { keys } = context.get("pluginConfig");
const errorSearchParams = new URLSearchParams(
context.req.valid("json"),
);
const result = await jwtVerify(jwt, keys.public, {
algorithms: ["EdDSA"],
audience: client_id,
issuer: new URL(context.get("config").http.base_url).origin,
}).catch((error) => {
if (error instanceof JOSEError) {
return null;
}
throw error;
});
if (!result) {
return errorRedirect(
context,
errors.InvalidJWT,
errorSearchParams,
);
}
const {
payload: { aud, sub, exp },
} = result;
if (!(aud && sub && exp)) {
return errorRedirect(
context,
errors.MissingJWTFields,
errorSearchParams,
);
}
if (!z.string().uuid().safeParse(sub).success) {
return errorRedirect(
context,
errors.InvalidSub,
errorSearchParams,
);
}
const user = await User.fromId(sub);
if (!user) {
return errorRedirect(
context,
errors.UserNotFound,
errorSearchParams,
);
}
if (!user.hasPermission(RolePermission.OAuth)) {
return errorRedirect(
context,
errors.MissingOauthPermission,
errorSearchParams,
);
}
const application = await Application.fromClientId(client_id);
if (!application) {
return errorRedirect(
context,
errors.MissingApplication,
errorSearchParams,
);
}
if (application.data.redirectUri !== redirect_uri) {
return errorRedirect(
context,
errors.InvalidRedirectUri,
errorSearchParams,
);
}
// Check that scopes are a subset of the application's scopes
if (
scope &&
!scope
.split(" ")
.every((s) => application.data.scopes.includes(s))
) {
return errorRedirect(
context,
errors.InvalidScope,
errorSearchParams,
);
}
const code = randomString(256, "base64url");
let payload: JWTPayload = {};
if (scope) {
if (scope.split(" ").includes("openid")) {
payload = {
...payload,
sub: user.id,
iss: new URL(context.get("config").http.base_url)
.origin,
aud: client_id,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
};
}
if (scope.split(" ").includes("profile")) {
payload = {
...payload,
name: user.data.displayName,
preferred_username: user.data.username,
picture: user.getAvatarUrl().href,
updated_at: new Date(
user.data.updatedAt,
).toISOString(),
};
}
if (scope.split(" ").includes("email")) {
payload = {
...payload,
email: user.data.email,
// TODO: Add verification system
email_verified: true,
};
}
}
const idToken = await new SignJWT(payload)
.setProtectedHeader({ alg: "EdDSA" })
.sign(keys.private);
await Token.insert({
id: randomUUIDv7(),
accessToken: randomString(64, "base64url"),
code,
scope: scope ?? application.data.scopes,
tokenType: "Bearer",
applicationId: application.id,
redirectUri: redirect_uri ?? application.data.redirectUri,
expiresAt: new Date(
Date.now() + 60 * 60 * 24 * 14,
).toISOString(),
idToken: ["profile", "email", "openid"].some((s) =>
scope?.split(" ").includes(s),
)
? idToken
: null,
clientId: client_id,
userId: user.id,
});
const redirectUri =
redirect_uri === "urn:ietf:wg:oauth:2.0:oob"
? new URL(
"/oauth/code",
context.get("config").http.base_url,
)
: new URL(redirect_uri ?? application.data.redirectUri);
redirectUri.searchParams.append("code", code);
state && redirectUri.searchParams.append("state", state);
return context.redirect(redirectUri.toString());
},
),
);

35
packages/api/plugins/openid/routes/jwks.test.ts Normal file
View file

@ -0,0 +1,35 @@
import { afterAll, describe, expect, test } from "bun:test";
import { Application } from "@versia-server/kit/db";
import { fakeRequest } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
const application = await Application.insert({
id: randomUUIDv7(),
clientId: "test-client-id",
redirectUri: "https://example.com/callback",
scopes: "openid profile email",
secret: "test-secret",
name: "Test Application",
});
afterAll(async () => {
await application.delete();
});
describe("/.well-known/jwks", () => {
test("should return JWK set with valid inputs", async () => {
const response = await fakeRequest("/.well-known/jwks", {
method: "GET",
});
expect(response.status).toBe(200);
const body = await response.json();
expect(body.keys).toHaveLength(1);
expect(body.keys[0].kty).toBe("OKP");
expect(body.keys[0].use).toBe("sig");
expect(body.keys[0].alg).toBe("EdDSA");
expect(body.keys[0].kid).toBe("1");
expect(body.keys[0].crv).toBe("Ed25519");
expect(body.keys[0].x).toBeString();
});
});

68
packages/api/plugins/openid/routes/jwks.ts Normal file
View file

@ -0,0 +1,68 @@
import { auth } from "@versia-server/kit/api";
import { describeRoute } from "hono-openapi";
import { resolver } from "hono-openapi/zod";
import { exportJWK } from "jose";
import { z } from "zod";
import type { PluginType } from "../index.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/.well-known/jwks", (app) =>
app.get(
"/.well-known/jwks",
describeRoute({
summary: "JWK Set",
tags: ["OpenID"],
responses: {
200: {
description: "JWK Set",
content: {
"application/json": {
schema: resolver(
z.object({
keys: z.array(
z.object({
kty: z.string().optional(),
use: z.string(),
alg: z.string(),
kid: z.string(),
crv: z.string().optional(),
x: z.string().optional(),
y: z.string().optional(),
}),
),
}),
),
},
},
},
},
}),
auth({
auth: false,
}),
plugin.middleware,
async (context) => {
const jwk = await exportJWK(
context.get("pluginConfig").keys?.public,
);
// Remove the private key 💀
jwk.d = undefined;
return context.json(
{
keys: [
{
...jwk,
use: "sig",
alg: "EdDSA",
kid: "1",
},
],
},
200,
);
},
),
);
};

354
packages/api/plugins/openid/routes/oauth/callback.ts Normal file
View file

@ -0,0 +1,354 @@
import {
Account as AccountSchema,
RolePermission,
} from "@versia/client/schemas";
import { ApiError } from "@versia-server/kit";
import { handleZodError } from "@versia-server/kit/api";
import { db, Media, Token, User } from "@versia-server/kit/db";
import { searchManager } from "@versia-server/kit/search";
import { OpenIdAccounts, Users } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import { and, eq, isNull, type SQL } from "drizzle-orm";
import { setCookie } from "hono/cookie";
import { describeRoute } from "hono-openapi";
import { validator } from "hono-openapi/zod";
import { SignJWT } from "jose";
import { z } from "zod";
import { randomString } from "@/math.ts";
import type { PluginType } from "../../index.ts";
import { automaticOidcFlow } from "../../utils.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/oauth/sso/{issuer}/callback", (app) => {
app.get(
"/oauth/sso/:issuer/callback",
describeRoute({
summary: "SSO callback",
tags: ["OpenID"],
description:
"After the user has authenticated to an external OpenID provider, they are redirected here to complete the OAuth flow and get a code",
responses: {
302: {
description:
"Redirect to frontend's consent route, or redirect to login page with error",
},
},
}),
plugin.middleware,
validator(
"param",
z.object({
issuer: z.string(),
}),
handleZodError,
),
validator(
"query",
z.object({
client_id: z.string().optional(),
flow: z.string(),
link: z
.string()
.transform((v) =>
["true", "1", "on"].includes(v.toLowerCase()),
)
.optional(),
user_id: z.string().uuid().optional(),
}),
handleZodError,
),
async (context) => {
const currentUrl = new URL(context.req.url);
const redirectUrl = new URL(context.req.url);
// Correct some reverse proxies incorrectly setting the protocol as http, even if the original request was https
// Looking at you, Traefik
if (
new URL(context.get("config").http.base_url).protocol ===
"https:" &&
currentUrl.protocol === "http:"
) {
currentUrl.protocol = "https:";
redirectUrl.protocol = "https:";
}
// Remove state query parameter from URL
currentUrl.searchParams.delete("state");
redirectUrl.searchParams.delete("state");
// Remove issuer query parameter from URL (can cause redirect URI mismatches)
redirectUrl.searchParams.delete("iss");
redirectUrl.searchParams.delete("code");
const { issuer: issuerParam } = context.req.valid("param");
const {
flow: flowId,
user_id,
link,
} = context.req.valid("query");
const issuer = context
.get("pluginConfig")
.providers.find((provider) => provider.id === issuerParam);
if (!issuer) {
throw new ApiError(404, "Issuer not found");
}
const userInfo = await automaticOidcFlow(
issuer,
flowId,
currentUrl,
redirectUrl,
(error, message, flow) => {
const errorSearchParams = new URLSearchParams(
Object.entries({
redirect_uri: flow?.application?.redirectUri,
client_id: flow?.application?.clientId,
response_type: "code",
scope: flow?.application?.scopes,
}).filter(([_, value]) => value !== undefined) as [
string,
string,
][],
);
errorSearchParams.append("error", error);
errorSearchParams.append("error_description", message);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
},
);
if (userInfo instanceof Response) {
return userInfo;
}
const { sub, email, preferred_username, picture } =
userInfo.userInfo;
const flow = userInfo.flow;
const errorSearchParams = new URLSearchParams(
Object.entries({
redirect_uri: flow.application?.redirectUri,
client_id: flow.application?.clientId,
response_type: "code",
scope: flow.application?.scopes,
}).filter(([_, value]) => value !== undefined) as [
string,
string,
][],
);
// If linking account
if (link && user_id) {
// Check if userId is equal to application.clientId
if (!flow.application?.clientId.startsWith(user_id)) {
return context.redirect(
`${context.get("config").http.base_url}${
context.get("config").frontend.routes.home
}?${new URLSearchParams({
oidc_account_linking_error:
"Account linking error",
oidc_account_linking_error_message: `User ID does not match application client ID (${user_id} != ${flow.application?.clientId})`,
})}`,
);
}
// Check if account is already linked
const account = await db.query.OpenIdAccounts.findFirst({
where: (account): SQL | undefined =>
and(
eq(account.serverId, sub),
eq(account.issuerId, issuer.id),
),
});
if (account) {
return context.redirect(
`${context.get("config").http.base_url}${
context.get("config").frontend.routes.home
}?${new URLSearchParams({
oidc_account_linking_error:
"Account already linked",
oidc_account_linking_error_message:
"This account has already been linked to this OpenID Connect provider.",
})}`,
);
}
// Link the account
await db.insert(OpenIdAccounts).values({
id: randomUUIDv7(),
serverId: sub,
issuerId: issuer.id,
userId: user_id,
});
return context.redirect(
`${context.get("config").http.base_url}${
context.get("config").frontend.routes.home
}?${new URLSearchParams({
oidc_account_linked: "true",
})}`,
);
}
let userId = (
await db.query.OpenIdAccounts.findFirst({
where: (account): SQL | undefined =>
and(
eq(account.serverId, sub),
eq(account.issuerId, issuer.id),
),
})
)?.userId;
if (!userId) {
// Register new user
if (context.get("pluginConfig").allow_registration) {
let username =
preferred_username ??
email?.split("@")[0] ??
randomString(8, "hex");
const usernameValidator =
AccountSchema.shape.username.refine(
async (value) =>
!(await User.fromSql(
and(
eq(Users.username, value),
isNull(Users.instanceId),
),
)),
);
try {
await usernameValidator.parseAsync(username);
} catch {
username = randomString(8, "hex");
}
const doesEmailExist = email
? !!(await User.fromSql(eq(Users.email, email)))
: false;
const avatar = picture
? await Media.fromUrl(new URL(picture))
: null;
// Create new user
const user = await User.register(username, {
email: doesEmailExist ? undefined : email,
avatar: avatar ?? undefined,
});
// Add to search index
await searchManager.addUser(user);
// Link account
await db.insert(OpenIdAccounts).values({
id: randomUUIDv7(),
serverId: sub,
issuerId: issuer.id,
userId: user.id,
});
userId = user.id;
} else {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
"No user found with that account",
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
}
const user = await User.fromId(userId);
if (!user) {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
"No user found with that account",
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
if (!user.hasPermission(RolePermission.OAuth)) {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
`User does not have the '${RolePermission.OAuth}' permission`,
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
if (!flow.application) {
throw new ApiError(500, "Application not found");
}
const code = randomString(32, "hex");
await Token.insert({
id: randomUUIDv7(),
accessToken: randomString(64, "base64url"),
code,
scope: flow.application.scopes,
tokenType: "Bearer",
userId: user.id,
applicationId: flow.application.id,
});
// Generate JWT
const jwt = await new SignJWT({
sub: user.id,
iss: new URL(context.get("config").http.base_url).origin,
aud: flow.application.clientId,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(context.get("pluginConfig").keys?.private);
// Redirect back to application
setCookie(context, "jwt", jwt, {
httpOnly: true,
secure: true,
sameSite: "strict",
path: "/",
// 2 weeks
maxAge: 60 * 60 * 24 * 14,
});
return context.redirect(
new URL(
`${context.get("config").frontend.routes.consent}?${new URLSearchParams(
{
redirect_uri: flow.application.redirectUri,
code,
client_id: flow.application.clientId,
application: flow.application.name,
website: flow.application.website ?? "",
scope: flow.application.scopes,
response_type: "code",
},
).toString()}`,
context.get("config").http.base_url,
).toString(),
);
},
);
});
};

138
packages/api/plugins/openid/routes/oauth/revoke.test.ts Normal file
View file

@ -0,0 +1,138 @@
import { afterAll, describe, expect, test } from "bun:test";
import { Application, Token } from "@versia-server/kit/db";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
const { deleteUsers, users } = await getTestUsers(1);
const application = await Application.insert({
id: randomUUIDv7(),
clientId: "test-client-id",
redirectUri: "https://example.com/callback",
scopes: "openid profile email",
secret: "test-secret",
name: "Test Application",
});
const token = await Token.insert({
id: randomUUIDv7(),
code: "test-code",
redirectUri: application.data.redirectUri,
clientId: application.data.clientId,
accessToken: "test-access-token",
expiresAt: new Date(Date.now() + 3600 * 1000).toISOString(),
createdAt: new Date().toISOString(),
tokenType: "Bearer",
scope: application.data.scopes,
userId: users[0].id,
applicationId: application.id,
});
afterAll(async () => {
await deleteUsers();
await application.delete();
await token.delete();
});
describe("/oauth/revoke", () => {
test("should revoke token with valid inputs", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
token: "test-access-token",
}),
});
expect(response.status).toBe(200);
const body = await response.json();
expect(body).toEqual({});
});
test("should return error for missing token", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for invalid client credentials", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: "invalid-secret",
token: "test-access-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for token not found", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: application.data.clientId,
client_secret: application.data.secret,
token: "invalid-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
test("should return error for unauthorized client", async () => {
const response = await fakeRequest("/oauth/revoke", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client_id: "unauthorized-client-id",
client_secret: application.data.secret,
token: "test-access-token",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unauthorized_client");
expect(body.error_description).toBe(
"You are not authorized to revoke this token",
);
});
});

92
packages/api/plugins/openid/routes/oauth/revoke.ts Normal file
View file

@ -0,0 +1,92 @@
import { handleZodError, jsonOrForm } from "@versia-server/kit/api";
import { db, Token } from "@versia-server/kit/db";
import { Tokens } from "@versia-server/kit/tables";
import { and, eq } from "drizzle-orm";
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import { z } from "zod";
import type { PluginType } from "../../index.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/oauth/revoke", (app) => {
app.post(
"/oauth/revoke",
describeRoute({
summary: "Revoke token",
tags: ["OpenID"],
responses: {
200: {
description: "Token deleted",
content: {
"application/json": {
schema: resolver(z.object({})),
},
},
},
401: {
description: "Authorization error",
content: {
"application/json": {
schema: resolver(
z.object({
error: z.string(),
error_description: z.string(),
}),
),
},
},
},
},
}),
jsonOrForm(),
plugin.middleware,
validator(
"json",
z.object({
client_id: z.string(),
client_secret: z.string(),
token: z.string().optional(),
}),
handleZodError,
),
async (context) => {
const { client_id, client_secret, token } =
context.req.valid("json");
const foundToken = await Token.fromSql(
and(
eq(Tokens.accessToken, token ?? ""),
eq(Tokens.clientId, client_id),
),
);
if (!(foundToken && token)) {
return context.json(
{
error: "unauthorized_client",
error_description:
"You are not authorized to revoke this token",
},
401,
);
}
// Check if the client secret is correct
if (foundToken.data.application?.secret !== client_secret) {
return context.json(
{
error: "unauthorized_client",
error_description:
"You are not authorized to revoke this token",
},
401,
);
}
await db.delete(Tokens).where(eq(Tokens.accessToken, token));
return context.json({}, 200);
},
);
});
};

137
packages/api/plugins/openid/routes/oauth/sso.ts Normal file
View file

@ -0,0 +1,137 @@
import { handleZodError } from "@versia-server/kit/api";
import { Application, db } from "@versia-server/kit/db";
import { OpenIdLoginFlows } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import { describeRoute } from "hono-openapi";
import { validator } from "hono-openapi/zod";
import {
calculatePKCECodeChallenge,
discoveryRequest,
generateRandomCodeVerifier,
processDiscoveryResponse,
} from "oauth4webapi";
import { z } from "zod";
import type { PluginType } from "../../index.ts";
import { oauthRedirectUri } from "../../utils.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/oauth/sso", (app) => {
app.get(
"/oauth/sso",
describeRoute({
summary: "Initiate SSO login flow",
tags: ["OpenID"],
responses: {
302: {
description:
"Redirect to SSO login, or redirect to login page with error",
},
},
}),
plugin.middleware,
validator(
"query",
z.object({
issuer: z.string(),
client_id: z.string().optional(),
redirect_uri: z.string().url().optional(),
scope: z.string().optional(),
response_type: z.enum(["code"]).optional(),
}),
handleZodError,
),
async (context) => {
// This is the Versia client's client_id, not the external OAuth provider's client_id
const { issuer: issuerId, client_id } =
context.req.valid("query");
const errorSearchParams = new URLSearchParams(
context.req.valid("query"),
);
if (!client_id || client_id === "undefined") {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
"client_id is required",
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
const issuer = context
.get("pluginConfig")
.providers.find((provider) => provider.id === issuerId);
if (!issuer) {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
"issuer is invalid",
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
const issuerUrl = new URL(issuer.url);
const authServer = await discoveryRequest(issuerUrl, {
algorithm: "oidc",
}).then((res) => processDiscoveryResponse(issuerUrl, res));
const codeVerifier = generateRandomCodeVerifier();
const application = await Application.fromClientId(client_id);
if (!application) {
errorSearchParams.append("error", "invalid_request");
errorSearchParams.append(
"error_description",
"client_id is invalid",
);
return context.redirect(
`${context.get("config").frontend.routes.login}?${errorSearchParams.toString()}`,
);
}
// Store into database
const newFlow = (
await db
.insert(OpenIdLoginFlows)
.values({
id: randomUUIDv7(),
codeVerifier,
applicationId: application.id,
issuerId,
})
.returning()
)[0];
const codeChallenge =
await calculatePKCECodeChallenge(codeVerifier);
return context.redirect(
`${authServer.authorization_endpoint}?${new URLSearchParams(
{
client_id: issuer.client_id,
redirect_uri: `${oauthRedirectUri(
context.get("config").http.base_url,
issuerId,
)}?flow=${newFlow.id}`,
response_type: "code",
scope: "openid profile email",
// PKCE
code_challenge_method: "S256",
code_challenge: codeChallenge,
},
).toString()}`,
);
},
);
});
};

181
packages/api/plugins/openid/routes/oauth/token.test.ts Normal file
View file

@ -0,0 +1,181 @@
import { afterAll, describe, expect, test } from "bun:test";
import { Application, Token } from "@versia-server/kit/db";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
import { randomUUIDv7 } from "bun";
const { deleteUsers, users } = await getTestUsers(1);
const application = await Application.insert({
id: randomUUIDv7(),
clientId: "test-client-id",
redirectUri: "https://example.com/callback",
scopes: "openid profile email",
secret: "test-secret",
name: "Test Application",
});
const token = await Token.insert({
id: randomUUIDv7(),
code: "test-code",
redirectUri: application.data.redirectUri,
clientId: application.data.clientId,
accessToken: "test-access-token",
expiresAt: new Date(Date.now() + 3600 * 1000).toISOString(),
createdAt: new Date().toISOString(),
tokenType: "Bearer",
scope: application.data.scopes,
userId: users[0].id,
});
afterAll(async () => {
await deleteUsers();
await application.delete();
await token.delete();
});
describe("/oauth/token", () => {
test("should return token with valid inputs", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "test-code",
redirect_uri: application.data.redirectUri,
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(200);
const body = await response.json();
expect(body.access_token).toBe("test-access-token");
expect(body.token_type).toBe("Bearer");
expect(body.expires_in).toBeGreaterThan(0);
});
test("should return error for missing code", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
redirect_uri: application.data.redirectUri,
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_request");
expect(body.error_description).toBe("Code is required");
});
test("should return error for missing redirect_uri", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "test-code",
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_request");
expect(body.error_description).toBe("Redirect URI is required");
});
test("should return error for missing client_id", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "test-code",
redirect_uri: application.data.redirectUri,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_request");
expect(body.error_description).toBe("Client ID is required");
});
test("should return error for invalid client credentials", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "test-code",
redirect_uri: application.data.redirectUri,
client_id: application.data.clientId,
client_secret: "invalid-secret",
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_client");
expect(body.error_description).toBe("Invalid client credentials");
});
test("should return error for code not found", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code: "invalid-code",
redirect_uri: application.data.redirectUri,
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("invalid_grant");
expect(body.error_description).toBe("Code not found");
});
test("should return error for unsupported grant type", async () => {
const response = await fakeRequest("/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "refresh_token",
code: "test-code",
redirect_uri: application.data.redirectUri,
client_id: application.data.clientId,
client_secret: application.data.secret,
}),
});
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe("unsupported_grant_type");
expect(body.error_description).toBe("Unsupported grant type");
});
});

206
packages/api/plugins/openid/routes/oauth/token.ts Normal file
View file

@ -0,0 +1,206 @@
import { handleZodError, jsonOrForm } from "@versia-server/kit/api";
import { Application, Token } from "@versia-server/kit/db";
import { Tokens } from "@versia-server/kit/tables";
import { and, eq } from "drizzle-orm";
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import { z } from "zod";
import type { PluginType } from "../../index.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/oauth/token", (app) => {
app.post(
"/oauth/token",
describeRoute({
summary: "Get token",
tags: ["OpenID"],
responses: {
200: {
description: "Token",
content: {
"application/json": {
schema: resolver(
z.object({
access_token: z.string(),
token_type: z.string(),
expires_in: z
.number()
.optional()
.nullable(),
id_token: z
.string()
.optional()
.nullable(),
refresh_token: z
.string()
.optional()
.nullable(),
scope: z.string().optional(),
created_at: z.number(),
}),
),
},
},
},
401: {
description: "Authorization error",
content: {
"application/json": {
schema: resolver(
z.object({
error: z.string(),
error_description: z.string(),
}),
),
},
},
},
},
}),
jsonOrForm(),
plugin.middleware,
validator(
"json",
z.object({
code: z.string().optional(),
code_verifier: z.string().optional(),
grant_type: z
.enum([
"authorization_code",
"refresh_token",
"client_credentials",
"password",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:openid:params:grant-type:ciba",
])
.default("authorization_code"),
client_id: z.string().optional(),
client_secret: z.string().optional(),
username: z.string().trim().optional(),
password: z.string().trim().optional(),
redirect_uri: z.string().url().optional(),
refresh_token: z.string().optional(),
scope: z.string().optional(),
assertion: z.string().optional(),
audience: z.string().optional(),
subject_token_type: z.string().optional(),
subject_token: z.string().optional(),
actor_token_type: z.string().optional(),
actor_token: z.string().optional(),
auth_req_id: z.string().optional(),
}),
handleZodError,
),
async (context) => {
const {
grant_type,
code,
redirect_uri,
client_id,
client_secret,
} = context.req.valid("json");
switch (grant_type) {
case "authorization_code": {
if (!code) {
return context.json(
{
error: "invalid_request",
error_description: "Code is required",
},
401,
);
}
if (!redirect_uri) {
return context.json(
{
error: "invalid_request",
error_description:
"Redirect URI is required",
},
401,
);
}
if (!client_id) {
return context.json(
{
error: "invalid_request",
error_description: "Client ID is required",
},
401,
);
}
// Verify the client_secret
const client =
await Application.fromClientId(client_id);
if (!client || client.data.secret !== client_secret) {
return context.json(
{
error: "invalid_client",
error_description:
"Invalid client credentials",
},
401,
);
}
const token = await Token.fromSql(
and(
eq(Tokens.code, code),
eq(Tokens.redirectUri, decodeURI(redirect_uri)),
eq(Tokens.clientId, client_id),
),
);
if (!token) {
return context.json(
{
error: "invalid_grant",
error_description: "Code not found",
},
401,
);
}
// Invalidate the code
await token.update({ code: null });
return context.json(
{
...token.toApi(),
expires_in: token.data.expiresAt
? Math.floor(
(new Date(
token.data.expiresAt,
).getTime() -
Date.now()) /
1000,
)
: null,
id_token: token.data.idToken,
refresh_token: null,
},
200,
);
}
default:
}
return context.json(
{
error: "unsupported_grant_type",
error_description: "Unsupported grant type",
},
401,
);
},
);
});
};

38
packages/api/plugins/openid/routes/sso/:id/index.test.ts Normal file
View file

@ -0,0 +1,38 @@
import { afterAll, describe, expect, test } from "bun:test";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
const { deleteUsers, tokens } = await getTestUsers(1);
afterAll(async () => {
await deleteUsers();
});
// /api/v1/sso/:id
describe("/api/v1/sso/:id", () => {
test("should not find unknown issuer", async () => {
const response = await fakeRequest("/api/v1/sso/unknown", {
method: "GET",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
},
});
expect(response.status).toBe(404);
expect(await response.json()).toMatchObject({
error: "Issuer with ID unknown not found in instance's OpenID configuration",
});
const response2 = await fakeRequest("/api/v1/sso/unknown", {
method: "DELETE",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
});
expect(response2.status).toBe(404);
expect(await response2.json()).toMatchObject({
error: "Issuer with ID unknown not found in instance's OpenID configuration",
});
});
});

152
packages/api/plugins/openid/routes/sso/:id/index.ts Normal file
View file

@ -0,0 +1,152 @@
import { RolePermission } from "@versia/client/schemas";
import { ApiError } from "@versia-server/kit";
import { auth, handleZodError } from "@versia-server/kit/api";
import { db } from "@versia-server/kit/db";
import { OpenIdAccounts } from "@versia-server/kit/tables";
import { and, eq, type SQL } from "drizzle-orm";
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import { z } from "zod";
import type { PluginType } from "../../../index.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/api/v1/sso/:id", (app) => {
app.get(
"/api/v1/sso/:id",
describeRoute({
summary: "Get linked account",
tags: ["SSO"],
responses: {
200: {
description: "Linked account",
content: {
"application/json": {
schema: resolver(
z.object({
id: z.string(),
name: z.string(),
icon: z.string().optional(),
}),
),
},
},
},
404: ApiError.accountNotFound().schema,
},
}),
auth({
auth: true,
permissions: [RolePermission.OAuth],
}),
plugin.middleware,
validator("param", z.object({ id: z.string() }), handleZodError),
async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
const issuer = context
.get("pluginConfig")
.providers.find((provider) => provider.id === issuerId);
if (!issuer) {
return context.json(
{
error: `Issuer with ID ${issuerId} not found in instance's OpenID configuration`,
},
404,
);
}
const account = await db.query.OpenIdAccounts.findFirst({
where: (account): SQL | undefined =>
and(
eq(account.userId, user.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
throw new ApiError(
404,
"Account not found or is not linked to this issuer",
);
}
return context.json(
{
id: issuer.id,
name: issuer.name,
icon: issuer.icon?.proxied,
},
200,
);
},
);
app.delete(
"/api/v1/sso/:id",
describeRoute({
summary: "Unlink account",
tags: ["SSO"],
responses: {
204: {
description: "Account unlinked",
},
404: {
description: "Account not found",
content: {
"application/json": {
schema: resolver(ApiError.zodSchema),
},
},
},
},
}),
auth({
auth: true,
permissions: [RolePermission.OAuth],
}),
plugin.middleware,
validator("param", z.object({ id: z.string() }), handleZodError),
async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
// Check if issuer exists
const issuer = context
.get("pluginConfig")
.providers.find((provider) => provider.id === issuerId);
if (!issuer) {
return context.json(
{
error: `Issuer with ID ${issuerId} not found in instance's OpenID configuration`,
},
404,
);
}
const account = await db.query.OpenIdAccounts.findFirst({
where: (account): SQL | undefined =>
and(
eq(account.userId, user.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
throw new ApiError(
404,
"Account not found or is not linked to this issuer",
);
}
await db
.delete(OpenIdAccounts)
.where(eq(OpenIdAccounts.id, account.id));
return context.body(null, 204);
},
);
});
};

45
packages/api/plugins/openid/routes/sso/index.test.ts Normal file
View file

@ -0,0 +1,45 @@
import { afterAll, describe, expect, test } from "bun:test";
import { fakeRequest, getTestUsers } from "@versia-server/tests";
const { deleteUsers, tokens } = await getTestUsers(1);
afterAll(async () => {
await deleteUsers();
});
describe("/api/v1/sso", () => {
test("should return empty list", async () => {
const response = await fakeRequest("/api/v1/sso", {
method: "GET",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
},
});
expect(response.status).toBe(200);
expect(await response.json()).toMatchObject([]);
});
test("should return an error if provider doesn't exist", async () => {
const response = await fakeRequest("/api/v1/sso", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
issuer: "unknown",
}),
});
expect(response.status).toBe(404);
expect(await response.json()).toMatchObject({
error: "Issuer with ID unknown not found in instance's OpenID configuration",
});
});
/*
Unfortunately, we cannot test actual linking, as it requires a valid OpenID provider
setup in config, which we don't have in tests
*/
});

171
packages/api/plugins/openid/routes/sso/index.ts Normal file
View file

@ -0,0 +1,171 @@
import { RolePermission } from "@versia/client/schemas";
import { ApiError } from "@versia-server/kit";
import { auth, handleZodError } from "@versia-server/kit/api";
import { Application, db } from "@versia-server/kit/db";
import { OpenIdLoginFlows } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import {
calculatePKCECodeChallenge,
generateRandomCodeVerifier,
} from "oauth4webapi";
import { z } from "zod";
import type { PluginType } from "../../index.ts";
import { oauthDiscoveryRequest, oauthRedirectUri } from "../../utils.ts";
export default (plugin: PluginType): void => {
plugin.registerRoute("/api/v1/sso", (app) => {
app.get(
"/api/v1/sso",
describeRoute({
summary: "Get linked accounts",
tags: ["SSO"],
responses: {
200: {
description: "Linked accounts",
content: {
"application/json": {
schema: resolver(
z.array(
z.object({
id: z.string(),
name: z.string(),
icon: z.string().optional(),
}),
),
),
},
},
},
},
}),
auth({
auth: true,
permissions: [RolePermission.OAuth],
}),
plugin.middleware,
async (context) => {
const { user } = context.get("auth");
const linkedAccounts = await user.getLinkedOidcAccounts(
context.get("pluginConfig").providers,
);
return context.json(
linkedAccounts.map((account) => ({
id: account.id,
name: account.name,
icon: account.icon,
})),
200,
);
},
);
app.post(
"/api/v1/sso",
describeRoute({
summary: "Link account",
tags: ["SSO"],
responses: {
302: {
description: "Redirect to OpenID provider",
},
404: {
description: "Issuer not found",
content: {
"application/json": {
schema: resolver(ApiError.zodSchema),
},
},
},
},
}),
auth({
auth: true,
permissions: [RolePermission.OAuth],
}),
plugin.middleware,
validator("json", z.object({ issuer: z.string() }), handleZodError),
async (context) => {
const { user } = context.get("auth");
const { issuer: issuerId } = context.req.valid("json");
const issuer = context
.get("pluginConfig")
.providers.find((provider) => provider.id === issuerId);
if (!issuer) {
return context.json(
{
error: `Issuer with ID ${issuerId} not found in instance's OpenID configuration`,
},
404,
);
}
const authServer = await oauthDiscoveryRequest(
new URL(issuer.url),
);
const codeVerifier = generateRandomCodeVerifier();
const redirectUri = oauthRedirectUri(
context.get("config").http.base_url,
issuerId,
);
const application = await Application.insert({
id: randomUUIDv7(),
clientId:
user.id +
Buffer.from(
crypto.getRandomValues(new Uint8Array(32)),
).toString("base64"),
name: "Versia",
redirectUri: redirectUri.toString(),
scopes: "openid profile email",
secret: "",
});
// Store into database
const newFlow = (
await db
.insert(OpenIdLoginFlows)
.values({
id: randomUUIDv7(),
codeVerifier,
issuerId,
applicationId: application.id,
})
.returning()
)[0];
const codeChallenge =
await calculatePKCECodeChallenge(codeVerifier);
return context.redirect(
`${authServer.authorization_endpoint}?${new URLSearchParams(
{
client_id: issuer.client_id,
redirect_uri: `${redirectUri}?${new URLSearchParams(
{
flow: newFlow.id,
link: "true",
user_id: user.id,
},
)}`,
response_type: "code",
scope: "openid profile email",
// PKCE
code_challenge_method: "S256",
code_challenge: codeChallenge,
},
).toString()}`,
);
},
);
});
};

217
packages/api/plugins/openid/utils.ts Normal file
View file

@ -0,0 +1,217 @@
import { type Application, db } from "@versia-server/kit/db";
import type { OpenIdLoginFlows } from "@versia-server/kit/tables";
import { eq, type InferSelectModel, type SQL } from "drizzle-orm";
import {
type AuthorizationResponseError,
type AuthorizationServer,
authorizationCodeGrantRequest,
ClientSecretPost,
discoveryRequest,
expectNoState,
getValidatedIdTokenClaims,
processAuthorizationCodeResponse,
processDiscoveryResponse,
processUserInfoResponse,
type ResponseBodyError,
type TokenEndpointResponse,
type UserInfoResponse,
userInfoRequest,
validateAuthResponse,
} from "oauth4webapi";
export const oauthDiscoveryRequest = (
issuerUrl: URL,
): Promise<AuthorizationServer> => {
return discoveryRequest(issuerUrl, {
algorithm: "oidc",
}).then((res) => processDiscoveryResponse(issuerUrl, res));
};
export const oauthRedirectUri = (baseUrl: URL, issuer: string): URL =>
new URL(`/oauth/sso/${issuer}/callback`, baseUrl);
const getFlow = (
flowId: string,
): Promise<
| (InferSelectModel<typeof OpenIdLoginFlows> & {
application?: typeof Application.$type | null;
})
| undefined
> => {
return db.query.OpenIdLoginFlows.findFirst({
where: (flow): SQL | undefined => eq(flow.id, flowId),
with: {
application: true,
},
});
};
const getAuthServer = (issuerUrl: URL): Promise<AuthorizationServer> => {
return discoveryRequest(issuerUrl, {
algorithm: "oidc",
}).then((res) => processDiscoveryResponse(issuerUrl, res));
};
const getParameters = (
authServer: AuthorizationServer,
clientId: string,
currentUrl: URL,
): URLSearchParams => {
return validateAuthResponse(
authServer,
{
client_id: clientId,
},
currentUrl,
expectNoState,
);
};
const getOIDCResponse = (
authServer: AuthorizationServer,
clientId: string,
clientSecret: string,
redirectUri: URL,
codeVerifier: string,
parameters: URLSearchParams,
): Promise<Response> => {
return authorizationCodeGrantRequest(
authServer,
{
client_id: clientId,
},
ClientSecretPost(clientSecret),
parameters,
redirectUri.toString(),
codeVerifier,
);
};
const processOIDCResponse = (
authServer: AuthorizationServer,
clientId: string,
oidcResponse: Response,
): Promise<TokenEndpointResponse> => {
return processAuthorizationCodeResponse(
authServer,
{
client_id: clientId,
},
oidcResponse,
);
};
const getUserInfo = (
authServer: AuthorizationServer,
clientId: string,
accessToken: string,
sub: string,
): Promise<UserInfoResponse> => {
return userInfoRequest(
authServer,
{
client_id: clientId,
},
accessToken,
).then(
async (res) =>
await processUserInfoResponse(
authServer,
{
client_id: clientId,
},
sub,
res,
),
);
};
export const automaticOidcFlow = async (
issuer: {
url: string;
client_id: string;
client_secret: string;
},
flowId: string,
currentUrl: URL,
redirectUrl: URL,
errorFn: (
error: string,
message: string,
flow:
| (InferSelectModel<typeof OpenIdLoginFlows> & {
application?: typeof Application.$type | null;
})
| null,
) => Response,
): Promise<
| Response
| {
userInfo: UserInfoResponse;
flow: InferSelectModel<typeof OpenIdLoginFlows> & {
application?: typeof Application.$type | null;
};
claims: Record<string, unknown>;
}
> => {
const flow = await getFlow(flowId);
if (!flow) {
return errorFn("invalid_request", "Invalid flow", null);
}
try {
const issuerUrl = new URL(issuer.url);
const authServer = await getAuthServer(issuerUrl);
const parameters = await getParameters(
authServer,
issuer.client_id,
currentUrl,
);
const oidcResponse = await getOIDCResponse(
authServer,
issuer.client_id,
issuer.client_secret,
redirectUrl,
flow.codeVerifier,
parameters,
);
const result = await processOIDCResponse(
authServer,
issuer.client_id,
oidcResponse,
);
const { access_token } = result;
const claims = getValidatedIdTokenClaims(result);
if (!claims) {
return errorFn("invalid_request", "Invalid claims", flow);
}
const { sub } = claims;
// Validate `sub`
// Later, we'll use this to automatically set the user's data
const userInfo = await getUserInfo(
authServer,
issuer.client_id,
access_token,
sub,
);
return {
userInfo,
flow,
claims,
};
} catch (e) {
const error = e as ResponseBodyError | AuthorizationResponseError;
return errorFn(error.error, error.error_description || "", flow);
}
};

4
packages/api/routes.ts
View file

@ -1,8 +1,10 @@
import { join } from "node:path";
import { FileSystemRouter } from "bun";
// Returns the route filesystem path when given a URL
export const routeMatcher = new FileSystemRouter({
style: "nextjs",
dir: "packages/api/routes",
dir: join(import.meta.dir, "routes"),
fileExtensions: [".ts", ".js"],
});

6
packages/api/routes/api/v1/accounts/index.ts
View file

@ -9,6 +9,7 @@ import {
qsQuery,
} from "@versia-server/kit/api";
import { User } from "@versia-server/kit/db";
import { searchManager } from "@versia-server/kit/search";
import { Users } from "@versia-server/kit/tables";
import { and, eq, isNull } from "drizzle-orm";
import { describeRoute } from "hono-openapi";
@ -419,11 +420,14 @@ export default apiRoute((app) => {
);
}
await User.register(username, {
const user = await User.register(username, {
password,
email,
});
// Add to search index
await searchManager.addUser(user);
return context.text("", 200);
},
);

2
packages/api/routes/api/v1/statuses/[id]/favourite.ts
View file

@ -39,7 +39,7 @@ export default apiRoute((app) =>
const { user } = context.get("auth");
const note = context.get("note");
await user.like(note);
await note.like(user);
await note.reload(user.id);

4
packages/api/routes/api/v1/statuses/[id]/reactions/[name].ts
View file

@ -110,7 +110,7 @@ export default apiRoute((app) => {
emoji = unicodeEmoji;
}
await user.react(note, emoji);
await note.react(user, emoji);
// Reload note to get updated reactions
await note.reload(user.id);
@ -204,7 +204,7 @@ export default apiRoute((app) => {
emoji = unicodeEmoji;
}
await user.unreact(note, emoji);
await note.unreact(user, emoji);
// Reload note to get updated reactions
await note.reload(user.id);

2
packages/api/routes/api/v1/statuses/[id]/reblog.ts
View file

@ -55,7 +55,7 @@ export default apiRoute((app) =>
const { user } = context.get("auth");
const note = context.get("note");
const reblog = await user.reblog(note, visibility);
const reblog = await note.reblog(user, visibility);
return context.json(await reblog.toApi(user), 200);
},

2
packages/api/routes/api/v1/statuses/[id]/unfavourite.ts
View file

@ -40,7 +40,7 @@ export default apiRoute((app) =>
const { user } = context.get("auth");
const note = context.get("note");
await user.unlike(note);
await note.unlike(user);
await note.reload(user.id);

2
packages/api/routes/api/v1/statuses/[id]/unreblog.ts
View file

@ -40,7 +40,7 @@ export default apiRoute((app) =>
const { user } = context.get("auth");
const note = context.get("note");
await user.unreblog(note);
await note.unreblog(user);
const newNote = await Note.fromId(note.data.id, user.id);

2
packages/api/routes/api/v2/search/index.ts
View file

@ -11,12 +11,12 @@ import { ApiError } from "@versia-server/kit";
import { apiRoute, auth, handleZodError } from "@versia-server/kit/api";
import { db, Note, User } from "@versia-server/kit/db";
import { parseUserAddress } from "@versia-server/kit/parsers";
import { searchManager } from "@versia-server/kit/search";
import { Instances, Notes, Users } from "@versia-server/kit/tables";
import { and, eq, inArray, isNull, sql } from "drizzle-orm";
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import { z } from "zod";
import { searchManager } from "~/classes/search/search-manager";
export default apiRoute((app) =>
app.get(

2
packages/api/setup.ts
View file

@ -1,8 +1,8 @@
import { config } from "@versia-server/config";
import { Note, setupDatabase } from "@versia-server/kit/db";
import { connection } from "@versia-server/kit/redis";
import { searchManager } from "@versia-server/kit/search";
import { serverLogger } from "@versia-server/logging";
import { searchManager } from "../../classes/search/search-manager.ts";
const timeAtStart = performance.now();

19
packages/client/build.ts Normal file
View file

@ -0,0 +1,19 @@
import { $, build } from "bun";
import manifest from "./package.json" with { type: "json" };
console.log("Building...");
await $`rm -rf dist && mkdir dist`;
await build({
entrypoints: Object.values(manifest.exports).map((entry) => entry.import),
outdir: "dist",
target: "bun",
splitting: true,
minify: true,
external: [
...Object.keys(manifest.dependencies).filter((dep) =>
dep.startsWith("@versia"),
),
],
});

9
packages/client/package.json
View file

@ -7,6 +7,9 @@
"name": "Jesse Wierzbinski (CPlusPatch)",
"url": "https://cpluspatch.com"
},
"scripts": {
"build": "bun run build.ts"
},
"readme": "README.md",
"repository": {
"type": "git",
@ -41,12 +44,10 @@
},
"exports": {
".": {
"import": "./index.ts",
"default": "./index.ts"
"import": "./index.ts"
},
"./schemas": {
"import": "./schemas.ts",
"default": "./schemas.ts"
"import": "./schemas.ts"
}
},
"funding": {

19
packages/config/build.ts Normal file
View file

@ -0,0 +1,19 @@
import { $, build } from "bun";
import manifest from "./package.json" with { type: "json" };
console.log("Building...");
await $`rm -rf dist && mkdir dist`;
await build({
entrypoints: Object.values(manifest.exports).map((entry) => entry.import),
outdir: "dist",
target: "bun",
splitting: true,
minify: true,
external: [
...Object.keys(manifest.dependencies).filter((dep) =>
dep.startsWith("@versia"),
),
],
});

829
packages/config/index.ts
View file

@ -1,9 +1,829 @@
import { env, file } from "bun";
import { RolePermission } from "@versia/client/schemas";
import { type BunFile, env, file } from "bun";
import chalk from "chalk";
import { parseTOML } from "confbox";
import type { z } from "zod";
import ISO6391 from "iso-639-1";
import { types as mimeTypes } from "mime-types";
import { generateVAPIDKeys } from "web-push";
import { z } from "zod";
import { fromZodError } from "zod-validation-error";
import { ConfigSchema } from "./schema.ts";
export class ProxiableUrl extends URL {
private isAllowedOrigin(): boolean {
const allowedOrigins: URL[] = [exportedConfig.http.base_url].concat(
exportedConfig.s3?.public_url ?? [],
);
return allowedOrigins.some((origin) =>
this.hostname.endsWith(origin.hostname),
);
}
public get proxied(): string {
// Don't proxy from CDN and self, since those sources are trusted
if (this.isAllowedOrigin()) {
return this.href;
}
const urlAsBase64Url = Buffer.from(this.href).toString("base64url");
return new URL(
`/media/proxy/${urlAsBase64Url}`,
exportedConfig.http.base_url,
).href;
}
}
export const DEFAULT_ROLES = [
RolePermission.ManageOwnNotes,
RolePermission.ViewNotes,
RolePermission.ViewNoteLikes,
RolePermission.ViewNoteBoosts,
RolePermission.ManageOwnAccount,
RolePermission.ViewAccountFollows,
RolePermission.ManageOwnLikes,
RolePermission.ManageOwnBoosts,
RolePermission.ViewAccounts,
RolePermission.ManageOwnEmojis,
RolePermission.ViewReactions,
RolePermission.ManageOwnReactions,
RolePermission.ViewEmojis,
RolePermission.ManageOwnMedia,
RolePermission.ManageOwnBlocks,
RolePermission.ManageOwnFilters,
RolePermission.ManageOwnMutes,
RolePermission.ManageOwnReports,
RolePermission.ManageOwnSettings,
RolePermission.ManageOwnNotifications,
RolePermission.ManageOwnFollows,
RolePermission.ManageOwnApps,
RolePermission.Search,
RolePermission.UsePushNotifications,
RolePermission.ViewPublicTimelines,
RolePermission.ViewPrivateTimelines,
RolePermission.OAuth,
];
export const ADMIN_ROLES = [
...DEFAULT_ROLES,
RolePermission.ManageNotes,
RolePermission.ManageAccounts,
RolePermission.ManageLikes,
RolePermission.ManageBoosts,
RolePermission.ManageEmojis,
RolePermission.ManageReactions,
RolePermission.ManageMedia,
RolePermission.ManageBlocks,
RolePermission.ManageFilters,
RolePermission.ManageMutes,
RolePermission.ManageReports,
RolePermission.ManageSettings,
RolePermission.ManageRoles,
RolePermission.ManageNotifications,
RolePermission.ManageFollows,
RolePermission.Impersonate,
RolePermission.IgnoreRateLimits,
RolePermission.ManageInstance,
RolePermission.ManageInstanceFederation,
RolePermission.ManageInstanceSettings,
];
export enum MediaBackendType {
Local = "local",
S3 = "s3",
}
// Need to declare this here instead of importing it otherwise we get cyclical import errors
export const iso631 = z.enum(ISO6391.getAllCodes() as [string, ...string[]]);
export const urlPath = z
.string()
.trim()
.min(1)
// Remove trailing slashes, but keep the root slash
.transform((arg) => (arg === "/" ? arg : arg.replace(/\/$/, "")));
export const url = z
.string()
.trim()
.min(1)
.refine((arg) => URL.canParse(arg), "Invalid url")
.transform((arg) => new ProxiableUrl(arg));
export const unixPort = z
.number()
.int()
.min(1)
.max(2 ** 16 - 1);
const fileFromPathString = (text: string): BunFile => file(text.slice(5));
// Not using .ip() because we allow CIDR ranges and wildcards and such
const ip = z
.string()
.describe("An IPv6/v4 address or CIDR range. Wildcards are also allowed");
const regex = z
.string()
.transform((arg) => new RegExp(arg))
.describe("JavaScript regular expression");
export const sensitiveString = z
.string()
.refine(
(text) =>
text.startsWith("PATH:") ? fileFromPathString(text).exists() : true,
(text) => ({
message: `Path ${
fileFromPathString(text).name
} does not exist, is a directory or is not accessible`,
}),
)
.transform((text) =>
text.startsWith("PATH:") ? fileFromPathString(text).text() : text,
)
.describe("You can use PATH:/path/to/file to load this value from a file");
export const filePathString = z
.string()
.transform((s) => file(s))
.refine(
(file) => file.exists(),
(file) => ({
message: `Path ${file.name} does not exist, is a directory or is not accessible`,
}),
)
.transform(async (file) => ({
content: await file.text(),
file,
}))
.describe("This value must be a file path");
export const keyPair = z
.strictObject({
public: sensitiveString.optional(),
private: sensitiveString.optional(),
})
.optional()
.transform(async (k, ctx) => {
if (!(k?.public && k?.private)) {
const keys = await crypto.subtle.generateKey("Ed25519", true, [
"sign",
"verify",
]);
const privateKey = Buffer.from(
await crypto.subtle.exportKey("pkcs8", keys.privateKey),
).toString("base64");
const publicKey = Buffer.from(
await crypto.subtle.exportKey("spki", keys.publicKey),
).toString("base64");
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `Public and private keys are not set. Here are generated keys for you to copy.\n\nPublic: ${publicKey}\nPrivate: ${privateKey}`,
});
return z.NEVER;
}
let publicKey: CryptoKey;
let privateKey: CryptoKey;
try {
publicKey = await crypto.subtle.importKey(
"spki",
Buffer.from(k.public, "base64"),
"Ed25519",
true,
["verify"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Public key is invalid",
});
return z.NEVER;
}
try {
privateKey = await crypto.subtle.importKey(
"pkcs8",
Buffer.from(k.private, "base64"),
"Ed25519",
true,
["sign"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Private key is invalid",
});
return z.NEVER;
}
return {
public: publicKey,
private: privateKey,
};
});
export const vapidKeyPair = z
.strictObject({
public: sensitiveString.optional(),
private: sensitiveString.optional(),
})
.optional()
.transform((k, ctx) => {
if (!(k?.public && k?.private)) {
const keys = generateVAPIDKeys();
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `VAPID keys are not set. Here are generated keys for you to copy.\n\nPublic: ${keys.publicKey}\nPrivate: ${keys.privateKey}`,
});
return z.NEVER;
}
return k;
});
export const hmacKey = sensitiveString.transform(async (text, ctx) => {
if (!text) {
const key = await crypto.subtle.generateKey(
{
name: "HMAC",
hash: "SHA-256",
},
true,
["sign"],
);
const exported = await crypto.subtle.exportKey("raw", key);
const base64 = Buffer.from(exported).toString("base64");
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `HMAC key is not set. Here is a generated key for you to copy: ${base64}`,
});
return z.NEVER;
}
try {
await crypto.subtle.importKey(
"raw",
Buffer.from(text, "base64"),
{
name: "HMAC",
hash: "SHA-256",
},
true,
["sign"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "HMAC key is invalid",
});
return z.NEVER;
}
return text;
});
export const ConfigSchema = z
.strictObject({
postgres: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(5432),
username: z.string().min(1),
password: sensitiveString.default(""),
database: z.string().min(1).default("versia"),
replicas: z
.array(
z.strictObject({
host: z.string().min(1),
port: unixPort.default(5432),
username: z.string().min(1),
password: sensitiveString.default(""),
database: z.string().min(1).default("versia"),
}),
)
.describe("Additional read-only replicas")
.default([]),
})
.describe("PostgreSQL database configuration"),
redis: z
.strictObject({
queue: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(6379),
password: sensitiveString.default(""),
database: z.number().int().default(0),
})
.describe("A Redis database used for managing queues."),
cache: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(6379),
password: sensitiveString.default(""),
database: z.number().int().default(1),
})
.optional()
.describe(
"A Redis database used for caching SQL queries. Optional.",
),
})
.describe("Redis configuration. Used for queues and caching."),
search: z
.strictObject({
enabled: z
.boolean()
.default(false)
.describe("Enable indexing and searching?"),
sonic: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(7700),
password: sensitiveString,
})
.describe("Sonic database configuration")
.optional(),
})
.refine(
(o) => !o.enabled || o.sonic,
"When search is enabled, Sonic configuration must be set",
)
.describe("Search and indexing configuration"),
registration: z.strictObject({
allow: z
.boolean()
.default(true)
.describe("Can users sign up freely?"),
require_approval: z.boolean().default(false),
message: z
.string()
.optional()
.describe(
"Message to show to users when registration is disabled",
),
}),
http: z.strictObject({
base_url: url.describe(
"URL that the instance will be accessible at",
),
bind: z.string().min(1).default("0.0.0.0"),
bind_port: unixPort.default(8080),
banned_ips: z.array(ip).default([]),
banned_user_agents: z.array(regex).default([]),
proxy_address: url
.optional()
.describe("URL to an eventual HTTP proxy")
.refine(async (url) => {
if (!url) {
return true;
}
// Test the proxy
const response = await fetch(
"https://api.ipify.org?format=json",
{
proxy: url.origin,
},
);
return response.ok;
}, "The HTTP proxy address is not reachable"),
tls: z
.strictObject({
key: filePathString,
cert: filePathString,
passphrase: sensitiveString.optional(),
ca: filePathString.optional(),
})
.describe(
"TLS configuration. You should probably be using a reverse proxy instead of this",
)
.optional(),
}),
frontend: z.strictObject({
enabled: z.boolean().default(true),
path: z.string().default(env.VERSIA_FRONTEND_PATH || "frontend"),
routes: z.strictObject({
home: urlPath.default("/"),
login: urlPath.default("/oauth/authorize"),
consent: urlPath.default("/oauth/consent"),
register: urlPath.default("/register"),
password_reset: urlPath.default("/oauth/reset"),
}),
settings: z.record(z.string(), z.any()).default({}),
}),
email: z
.strictObject({
send_emails: z.boolean().default(false),
smtp: z
.strictObject({
server: z.string().min(1),
port: unixPort.default(465),
username: z.string().min(1),
password: sensitiveString.optional(),
tls: z.boolean().default(true),
})
.optional(),
})
.refine(
(o) => o.send_emails || !o.smtp,
"When send_emails is enabled, SMTP configuration must be set",
),
media: z.strictObject({
backend: z
.nativeEnum(MediaBackendType)
.default(MediaBackendType.Local),
uploads_path: z.string().min(1).default("uploads"),
conversion: z.strictObject({
convert_images: z.boolean().default(false),
convert_to: z.string().default("image/webp"),
convert_vectors: z.boolean().default(false),
}),
}),
s3: z
.strictObject({
endpoint: url,
access_key: sensitiveString,
secret_access_key: sensitiveString,
region: z.string().optional(),
bucket_name: z.string().optional(),
public_url: url.describe(
"Public URL that uploaded media will be accessible at",
),
path: z.string().optional(),
path_style: z.boolean().default(true),
})
.optional(),
validation: z.strictObject({
accounts: z.strictObject({
max_displayname_characters: z
.number()
.int()
.nonnegative()
.default(50),
max_username_characters: z
.number()
.int()
.nonnegative()
.default(30),
max_bio_characters: z
.number()
.int()
.nonnegative()
.default(5000),
max_avatar_bytes: z
.number()
.int()
.nonnegative()
.default(5_000_000),
max_header_bytes: z
.number()
.int()
.nonnegative()
.default(5_000_000),
disallowed_usernames: z
.array(regex)
.default([
"well-known",
"about",
"activities",
"api",
"auth",
"dev",
"inbox",
"internal",
"main",
"media",
"nodeinfo",
"notice",
"oauth",
"objects",
"proxy",
"push",
"registration",
"relay",
"settings",
"status",
"tag",
"users",
"web",
"search",
"mfa",
]),
max_field_count: z.number().int().default(10),
max_field_name_characters: z.number().int().default(1000),
max_field_value_characters: z.number().int().default(1000),
max_pinned_notes: z.number().int().default(20),
}),
notes: z.strictObject({
max_characters: z.number().int().nonnegative().default(5000),
allowed_url_schemes: z
.array(z.string())
.default([
"http",
"https",
"ftp",
"dat",
"dweb",
"gopher",
"hyper",
"ipfs",
"ipns",
"irc",
"xmpp",
"ircs",
"magnet",
"mailto",
"mumble",
"ssb",
"gemini",
]),
max_attachments: z.number().int().default(16),
}),
media: z.strictObject({
max_bytes: z.number().int().nonnegative().default(40_000_000),
max_description_characters: z
.number()
.int()
.nonnegative()
.default(1000),
allowed_mime_types: z
.array(z.string())
.default(Object.values(mimeTypes)),
}),
emojis: z.strictObject({
max_bytes: z.number().int().nonnegative().default(1_000_000),
max_shortcode_characters: z
.number()
.int()
.nonnegative()
.default(100),
max_description_characters: z
.number()
.int()
.nonnegative()
.default(1_000),
}),
polls: z.strictObject({
max_options: z.number().int().nonnegative().default(20),
max_option_characters: z
.number()
.int()
.nonnegative()
.default(500),
min_duration_seconds: z
.number()
.int()
.nonnegative()
.default(60),
max_duration_seconds: z
.number()
.int()
.nonnegative()
.default(100 * 24 * 60 * 60),
}),
emails: z.strictObject({
disallow_tempmail: z
.boolean()
.default(false)
.describe("Blocks over 10,000 common tempmail domains"),
disallowed_domains: z.array(regex).default([]),
}),
challenges: z
.strictObject({
difficulty: z.number().int().positive().default(50000),
expiration: z.number().int().positive().default(300),
key: hmacKey,
})
.optional()
.describe(
"CAPTCHA challenge configuration. Challenges are disabled if not provided.",
),
filters: z
.strictObject({
note_content: z.array(regex).default([]),
emoji_shortcode: z.array(regex).default([]),
username: z.array(regex).default([]),
displayname: z.array(regex).default([]),
bio: z.array(regex).default([]),
})
.describe(
"Block content that matches these regular expressions",
),
}),
notifications: z.strictObject({
push: z
.strictObject({
vapid_keys: vapidKeyPair,
subject: z
.string()
.optional()
.describe(
"Subject field embedded in the push notification. Example: 'mailto:contact@example.com'",
),
})
.describe(
"Web Push Notifications configuration. Leave out to disable.",
)
.optional(),
}),
defaults: z.strictObject({
visibility: z
.enum(["public", "unlisted", "private", "direct"])
.default("public"),
language: z.string().default("en"),
avatar: url.optional(),
header: url.optional(),
placeholder_style: z
.string()
.default("thumbs")
.describe("A style name from https://www.dicebear.com/styles"),
}),
federation: z.strictObject({
blocked: z.array(z.string()).default([]),
followers_only: z.array(z.string()).default([]),
discard: z.strictObject({
reports: z.array(z.string()).default([]),
deletes: z.array(z.string()).default([]),
updates: z.array(z.string()).default([]),
media: z.array(z.string()).default([]),
follows: z.array(z.string()).default([]),
likes: z.array(z.string()).default([]),
reactions: z.array(z.string()).default([]),
banners: z.array(z.string()).default([]),
avatars: z.array(z.string()).default([]),
}),
bridge: z
.strictObject({
software: z.enum(["versia-ap"]).or(z.string()),
allowed_ips: z.array(ip).default([]),
token: sensitiveString,
url,
})
.optional(),
}),
queues: z.record(
z.enum(["delivery", "inbox", "fetch", "push", "media"]),
z.strictObject({
remove_after_complete_seconds: z
.number()
.int()
.nonnegative()
// 1 year
.default(60 * 60 * 24 * 365),
remove_after_failure_seconds: z
.number()
.int()
.nonnegative()
// 1 year
.default(60 * 60 * 24 * 365),
}),
),
instance: z.strictObject({
name: z.string().min(1).default("Versia Server"),
description: z.string().min(1).default("A Versia instance"),
extended_description_path: filePathString.optional(),
tos_path: filePathString.optional(),
privacy_policy_path: filePathString.optional(),
branding: z.strictObject({
logo: url.optional(),
banner: url.optional(),
}),
languages: z
.array(iso631)
.describe("Primary instance languages. ISO 639-1 codes."),
contact: z.strictObject({
email: z
.string()
.email()
.describe("Email to contact the instance administration"),
}),
rules: z
.array(
z.strictObject({
text: z
.string()
.min(1)
.max(255)
.describe("Short description of the rule"),
hint: z
.string()
.min(1)
.max(4096)
.optional()
.describe(
"Longer version of the rule with additional information",
),
}),
)
.default([]),
keys: keyPair,
}),
permissions: z.strictObject({
anonymous: z
.array(z.nativeEnum(RolePermission))
.default(DEFAULT_ROLES),
default: z
.array(z.nativeEnum(RolePermission))
.default(DEFAULT_ROLES),
admin: z.array(z.nativeEnum(RolePermission)).default(ADMIN_ROLES),
}),
logging: z.strictObject({
file: z
.strictObject({
path: z.string().default("logs/versia.log"),
rotation: z
.strictObject({
max_size: z
.number()
.int()
.nonnegative()
.default(10_000_000), // 10 MB
max_files: z
.number()
.int()
.nonnegative()
.default(10),
})
.optional(),
log_level: z
.enum([
"trace",
"debug",
"info",
"warning",
"error",
"fatal",
])
.default("info"),
})
.optional(),
sentry: z
.strictObject({
dsn: url,
debug: z.boolean().default(false),
sample_rate: z.number().min(0).max(1.0).default(1.0),
traces_sample_rate: z.number().min(0).max(1.0).default(1.0),
trace_propagation_targets: z.array(z.string()).default([]),
max_breadcrumbs: z.number().default(100),
environment: z.string().optional(),
log_level: z
.enum([
"trace",
"debug",
"info",
"warning",
"error",
"fatal",
])
.default("info"),
})
.optional(),
log_level: z
.enum(["trace", "debug", "info", "warning", "error", "fatal"])
.default("info"),
}),
debug: z
.strictObject({
federation: z.boolean().default(false),
})
.optional(),
plugins: z.strictObject({
autoload: z.boolean().default(true),
overrides: z
.strictObject({
enabled: z.array(z.string()).default([]),
disabled: z.array(z.string()).default([]),
})
.refine(
// Only one of enabled or disabled can be set
(arg) =>
arg.enabled.length === 0 || arg.disabled.length === 0,
"Only one of enabled or disabled can be set",
),
config: z.record(z.string(), z.any()).optional(),
}),
})
.refine(
// If media backend is S3, s3 config must be set
(arg) => arg.media.backend === MediaBackendType.Local || !!arg.s3,
"When media backend is S3, S3 configuration must be set",
);
const CONFIG_LOCATION = env.CONFIG_LOCATION ?? "./config/config.toml";
const configFile = file(CONFIG_LOCATION);
@ -15,7 +835,7 @@ if (!(await configFile.exists())) {
}
const configText = await configFile.text();
const config = await parseTOML<z.infer<typeof ConfigSchema>>(configText);
const config = parseTOML<z.infer<typeof ConfigSchema>>(configText);
const parsed = await ConfigSchema.safeParseAsync(config);
@ -38,5 +858,4 @@ if (!parsed.success) {
const exportedConfig = parsed.data;
export { ProxiableUrl } from "./url.ts";
export { exportedConfig as config };

10
packages/config/package.json
View file

@ -4,14 +4,12 @@
"type": "module",
"version": "0.0.1",
"private": true,
"scripts": {
"build": "bun run build.ts"
},
"exports": {
".": {
"import": "./index.ts",
"default": "./index.ts"
},
"./schema": {
"import": "./schema.ts",
"default": "./schema.ts"
"import": "./index.ts"
}
},
"dependencies": {

798
packages/config/schema.ts
View file

@ -1,798 +0,0 @@
import { RolePermission } from "@versia/client/schemas";
import { type BunFile, env, file } from "bun";
import ISO6391 from "iso-639-1";
import { types as mimeTypes } from "mime-types";
import { generateVAPIDKeys } from "web-push";
import { z } from "zod";
import { ProxiableUrl } from "./url.ts";
export const DEFAULT_ROLES = [
RolePermission.ManageOwnNotes,
RolePermission.ViewNotes,
RolePermission.ViewNoteLikes,
RolePermission.ViewNoteBoosts,
RolePermission.ManageOwnAccount,
RolePermission.ViewAccountFollows,
RolePermission.ManageOwnLikes,
RolePermission.ManageOwnBoosts,
RolePermission.ViewAccounts,
RolePermission.ManageOwnEmojis,
RolePermission.ViewReactions,
RolePermission.ManageOwnReactions,
RolePermission.ViewEmojis,
RolePermission.ManageOwnMedia,
RolePermission.ManageOwnBlocks,
RolePermission.ManageOwnFilters,
RolePermission.ManageOwnMutes,
RolePermission.ManageOwnReports,
RolePermission.ManageOwnSettings,
RolePermission.ManageOwnNotifications,
RolePermission.ManageOwnFollows,
RolePermission.ManageOwnApps,
RolePermission.Search,
RolePermission.UsePushNotifications,
RolePermission.ViewPublicTimelines,
RolePermission.ViewPrivateTimelines,
RolePermission.OAuth,
];
export const ADMIN_ROLES = [
...DEFAULT_ROLES,
RolePermission.ManageNotes,
RolePermission.ManageAccounts,
RolePermission.ManageLikes,
RolePermission.ManageBoosts,
RolePermission.ManageEmojis,
RolePermission.ManageReactions,
RolePermission.ManageMedia,
RolePermission.ManageBlocks,
RolePermission.ManageFilters,
RolePermission.ManageMutes,
RolePermission.ManageReports,
RolePermission.ManageSettings,
RolePermission.ManageRoles,
RolePermission.ManageNotifications,
RolePermission.ManageFollows,
RolePermission.Impersonate,
RolePermission.IgnoreRateLimits,
RolePermission.ManageInstance,
RolePermission.ManageInstanceFederation,
RolePermission.ManageInstanceSettings,
];
export enum MediaBackendType {
Local = "local",
S3 = "s3",
}
// Need to declare this here instead of importing it otherwise we get cyclical import errors
export const iso631 = z.enum(ISO6391.getAllCodes() as [string, ...string[]]);
export const urlPath = z
.string()
.trim()
.min(1)
// Remove trailing slashes, but keep the root slash
.transform((arg) => (arg === "/" ? arg : arg.replace(/\/$/, "")));
export const url = z
.string()
.trim()
.min(1)
.refine((arg) => URL.canParse(arg), "Invalid url")
.transform((arg) => new ProxiableUrl(arg));
export const unixPort = z
.number()
.int()
.min(1)
.max(2 ** 16 - 1);
const fileFromPathString = (text: string): BunFile => file(text.slice(5));
// Not using .ip() because we allow CIDR ranges and wildcards and such
const ip = z
.string()
.describe("An IPv6/v4 address or CIDR range. Wildcards are also allowed");
const regex = z
.string()
.transform((arg) => new RegExp(arg))
.describe("JavaScript regular expression");
export const sensitiveString = z
.string()
.refine(
(text) =>
text.startsWith("PATH:") ? fileFromPathString(text).exists() : true,
(text) => ({
message: `Path ${
fileFromPathString(text).name
} does not exist, is a directory or is not accessible`,
}),
)
.transform((text) =>
text.startsWith("PATH:") ? fileFromPathString(text).text() : text,
)
.describe("You can use PATH:/path/to/file to load this value from a file");
export const filePathString = z
.string()
.transform((s) => file(s))
.refine(
(file) => file.exists(),
(file) => ({
message: `Path ${file.name} does not exist, is a directory or is not accessible`,
}),
)
.transform(async (file) => ({
content: await file.text(),
file,
}))
.describe("This value must be a file path");
export const keyPair = z
.strictObject({
public: sensitiveString.optional(),
private: sensitiveString.optional(),
})
.optional()
.transform(async (k, ctx) => {
if (!(k?.public && k?.private)) {
const keys = await crypto.subtle.generateKey("Ed25519", true, [
"sign",
"verify",
]);
const privateKey = Buffer.from(
await crypto.subtle.exportKey("pkcs8", keys.privateKey),
).toString("base64");
const publicKey = Buffer.from(
await crypto.subtle.exportKey("spki", keys.publicKey),
).toString("base64");
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `Public and private keys are not set. Here are generated keys for you to copy.\n\nPublic: ${publicKey}\nPrivate: ${privateKey}`,
});
return z.NEVER;
}
let publicKey: CryptoKey;
let privateKey: CryptoKey;
try {
publicKey = await crypto.subtle.importKey(
"spki",
Buffer.from(k.public, "base64"),
"Ed25519",
true,
["verify"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Public key is invalid",
});
return z.NEVER;
}
try {
privateKey = await crypto.subtle.importKey(
"pkcs8",
Buffer.from(k.private, "base64"),
"Ed25519",
true,
["sign"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Private key is invalid",
});
return z.NEVER;
}
return {
public: publicKey,
private: privateKey,
};
});
export const vapidKeyPair = z
.strictObject({
public: sensitiveString.optional(),
private: sensitiveString.optional(),
})
.optional()
.transform((k, ctx) => {
if (!(k?.public && k?.private)) {
const keys = generateVAPIDKeys();
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `VAPID keys are not set. Here are generated keys for you to copy.\n\nPublic: ${keys.publicKey}\nPrivate: ${keys.privateKey}`,
});
return z.NEVER;
}
return k;
});
export const hmacKey = sensitiveString.transform(async (text, ctx) => {
if (!text) {
const key = await crypto.subtle.generateKey(
{
name: "HMAC",
hash: "SHA-256",
},
true,
["sign"],
);
const exported = await crypto.subtle.exportKey("raw", key);
const base64 = Buffer.from(exported).toString("base64");
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: `HMAC key is not set. Here is a generated key for you to copy: ${base64}`,
});
return z.NEVER;
}
try {
await crypto.subtle.importKey(
"raw",
Buffer.from(text, "base64"),
{
name: "HMAC",
hash: "SHA-256",
},
true,
["sign"],
);
} catch {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "HMAC key is invalid",
});
return z.NEVER;
}
return text;
});
export const ConfigSchema = z
.strictObject({
postgres: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(5432),
username: z.string().min(1),
password: sensitiveString.default(""),
database: z.string().min(1).default("versia"),
replicas: z
.array(
z.strictObject({
host: z.string().min(1),
port: unixPort.default(5432),
username: z.string().min(1),
password: sensitiveString.default(""),
database: z.string().min(1).default("versia"),
}),
)
.describe("Additional read-only replicas")
.default([]),
})
.describe("PostgreSQL database configuration"),
redis: z
.strictObject({
queue: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(6379),
password: sensitiveString.default(""),
database: z.number().int().default(0),
})
.describe("A Redis database used for managing queues."),
cache: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(6379),
password: sensitiveString.default(""),
database: z.number().int().default(1),
})
.optional()
.describe(
"A Redis database used for caching SQL queries. Optional.",
),
})
.describe("Redis configuration. Used for queues and caching."),
search: z
.strictObject({
enabled: z
.boolean()
.default(false)
.describe("Enable indexing and searching?"),
sonic: z
.strictObject({
host: z.string().min(1).default("localhost"),
port: unixPort.default(7700),
password: sensitiveString,
})
.describe("Sonic database configuration")
.optional(),
})
.refine(
(o) => !o.enabled || o.sonic,
"When search is enabled, Sonic configuration must be set",
)
.describe("Search and indexing configuration"),
registration: z.strictObject({
allow: z
.boolean()
.default(true)
.describe("Can users sign up freely?"),
require_approval: z.boolean().default(false),
message: z
.string()
.optional()
.describe(
"Message to show to users when registration is disabled",
),
}),
http: z.strictObject({
base_url: url.describe(
"URL that the instance will be accessible at",
),
bind: z.string().min(1).default("0.0.0.0"),
bind_port: unixPort.default(8080),
banned_ips: z.array(ip).default([]),
banned_user_agents: z.array(regex).default([]),
proxy_address: url
.optional()
.describe("URL to an eventual HTTP proxy")
.refine(async (url) => {
if (!url) {
return true;
}
// Test the proxy
const response = await fetch(
"https://api.ipify.org?format=json",
{
proxy: url.origin,
},
);
return response.ok;
}, "The HTTP proxy address is not reachable"),
tls: z
.strictObject({
key: filePathString,
cert: filePathString,
passphrase: sensitiveString.optional(),
ca: filePathString.optional(),
})
.describe(
"TLS configuration. You should probably be using a reverse proxy instead of this",
)
.optional(),
}),
frontend: z.strictObject({
enabled: z.boolean().default(true),
path: z.string().default(env.VERSIA_FRONTEND_PATH || "frontend"),
routes: z.strictObject({
home: urlPath.default("/"),
login: urlPath.default("/oauth/authorize"),
consent: urlPath.default("/oauth/consent"),
register: urlPath.default("/register"),
password_reset: urlPath.default("/oauth/reset"),
}),
settings: z.record(z.string(), z.any()).default({}),
}),
email: z
.strictObject({
send_emails: z.boolean().default(false),
smtp: z
.strictObject({
server: z.string().min(1),
port: unixPort.default(465),
username: z.string().min(1),
password: sensitiveString.optional(),
tls: z.boolean().default(true),
})
.optional(),
})
.refine(
(o) => o.send_emails || !o.smtp,
"When send_emails is enabled, SMTP configuration must be set",
),
media: z.strictObject({
backend: z
.nativeEnum(MediaBackendType)
.default(MediaBackendType.Local),
uploads_path: z.string().min(1).default("uploads"),
conversion: z.strictObject({
convert_images: z.boolean().default(false),
convert_to: z.string().default("image/webp"),
convert_vectors: z.boolean().default(false),
}),
}),
s3: z
.strictObject({
endpoint: url,
access_key: sensitiveString,
secret_access_key: sensitiveString,
region: z.string().optional(),
bucket_name: z.string().optional(),
public_url: url.describe(
"Public URL that uploaded media will be accessible at",
),
path: z.string().optional(),
path_style: z.boolean().default(true),
})
.optional(),
validation: z.strictObject({
accounts: z.strictObject({
max_displayname_characters: z
.number()
.int()
.nonnegative()
.default(50),
max_username_characters: z
.number()
.int()
.nonnegative()
.default(30),
max_bio_characters: z
.number()
.int()
.nonnegative()
.default(5000),
max_avatar_bytes: z
.number()
.int()
.nonnegative()
.default(5_000_000),
max_header_bytes: z
.number()
.int()
.nonnegative()
.default(5_000_000),
disallowed_usernames: z
.array(regex)
.default([
"well-known",
"about",
"activities",
"api",
"auth",
"dev",
"inbox",
"internal",
"main",
"media",
"nodeinfo",
"notice",
"oauth",
"objects",
"proxy",
"push",
"registration",
"relay",
"settings",
"status",
"tag",
"users",
"web",
"search",
"mfa",
]),
max_field_count: z.number().int().default(10),
max_field_name_characters: z.number().int().default(1000),
max_field_value_characters: z.number().int().default(1000),
max_pinned_notes: z.number().int().default(20),
}),
notes: z.strictObject({
max_characters: z.number().int().nonnegative().default(5000),
allowed_url_schemes: z
.array(z.string())
.default([
"http",
"https",
"ftp",
"dat",
"dweb",
"gopher",
"hyper",
"ipfs",
"ipns",
"irc",
"xmpp",
"ircs",
"magnet",
"mailto",
"mumble",
"ssb",
"gemini",
]),
max_attachments: z.number().int().default(16),
}),
media: z.strictObject({
max_bytes: z.number().int().nonnegative().default(40_000_000),
max_description_characters: z
.number()
.int()
.nonnegative()
.default(1000),
allowed_mime_types: z
.array(z.string())
.default(Object.values(mimeTypes)),
}),
emojis: z.strictObject({
max_bytes: z.number().int().nonnegative().default(1_000_000),
max_shortcode_characters: z
.number()
.int()
.nonnegative()
.default(100),
max_description_characters: z
.number()
.int()
.nonnegative()
.default(1_000),
}),
polls: z.strictObject({
max_options: z.number().int().nonnegative().default(20),
max_option_characters: z
.number()
.int()
.nonnegative()
.default(500),
min_duration_seconds: z
.number()
.int()
.nonnegative()
.default(60),
max_duration_seconds: z
.number()
.int()
.nonnegative()
.default(100 * 24 * 60 * 60),
}),
emails: z.strictObject({
disallow_tempmail: z
.boolean()
.default(false)
.describe("Blocks over 10,000 common tempmail domains"),
disallowed_domains: z.array(regex).default([]),
}),
challenges: z
.strictObject({
difficulty: z.number().int().positive().default(50000),
expiration: z.number().int().positive().default(300),
key: hmacKey,
})
.optional()
.describe(
"CAPTCHA challenge configuration. Challenges are disabled if not provided.",
),
filters: z
.strictObject({
note_content: z.array(regex).default([]),
emoji_shortcode: z.array(regex).default([]),
username: z.array(regex).default([]),
displayname: z.array(regex).default([]),
bio: z.array(regex).default([]),
})
.describe(
"Block content that matches these regular expressions",
),
}),
notifications: z.strictObject({
push: z
.strictObject({
vapid_keys: vapidKeyPair,
subject: z
.string()
.optional()
.describe(
"Subject field embedded in the push notification. Example: 'mailto:contact@example.com'",
),
})
.describe(
"Web Push Notifications configuration. Leave out to disable.",
)
.optional(),
}),
defaults: z.strictObject({
visibility: z
.enum(["public", "unlisted", "private", "direct"])
.default("public"),
language: z.string().default("en"),
avatar: url.optional(),
header: url.optional(),
placeholder_style: z
.string()
.default("thumbs")
.describe("A style name from https://www.dicebear.com/styles"),
}),
federation: z.strictObject({
blocked: z.array(z.string()).default([]),
followers_only: z.array(z.string()).default([]),
discard: z.strictObject({
reports: z.array(z.string()).default([]),
deletes: z.array(z.string()).default([]),
updates: z.array(z.string()).default([]),
media: z.array(z.string()).default([]),
follows: z.array(z.string()).default([]),
likes: z.array(z.string()).default([]),
reactions: z.array(z.string()).default([]),
banners: z.array(z.string()).default([]),
avatars: z.array(z.string()).default([]),
}),
bridge: z
.strictObject({
software: z.enum(["versia-ap"]).or(z.string()),
allowed_ips: z.array(ip).default([]),
token: sensitiveString,
url,
})
.optional(),
}),
queues: z.record(
z.enum(["delivery", "inbox", "fetch", "push", "media"]),
z.strictObject({
remove_after_complete_seconds: z
.number()
.int()
.nonnegative()
// 1 year
.default(60 * 60 * 24 * 365),
remove_after_failure_seconds: z
.number()
.int()
.nonnegative()
// 1 year
.default(60 * 60 * 24 * 365),
}),
),
instance: z.strictObject({
name: z.string().min(1).default("Versia Server"),
description: z.string().min(1).default("A Versia instance"),
extended_description_path: filePathString.optional(),
tos_path: filePathString.optional(),
privacy_policy_path: filePathString.optional(),
branding: z.strictObject({
logo: url.optional(),
banner: url.optional(),
}),
languages: z
.array(iso631)
.describe("Primary instance languages. ISO 639-1 codes."),
contact: z.strictObject({
email: z
.string()
.email()
.describe("Email to contact the instance administration"),
}),
rules: z
.array(
z.strictObject({
text: z
.string()
.min(1)
.max(255)
.describe("Short description of the rule"),
hint: z
.string()
.min(1)
.max(4096)
.optional()
.describe(
"Longer version of the rule with additional information",
),
}),
)
.default([]),
keys: keyPair,
}),
permissions: z.strictObject({
anonymous: z
.array(z.nativeEnum(RolePermission))
.default(DEFAULT_ROLES),
default: z
.array(z.nativeEnum(RolePermission))
.default(DEFAULT_ROLES),
admin: z.array(z.nativeEnum(RolePermission)).default(ADMIN_ROLES),
}),
logging: z.strictObject({
file: z
.strictObject({
path: z.string().default("logs/versia.log"),
rotation: z
.strictObject({
max_size: z
.number()
.int()
.nonnegative()
.default(10_000_000), // 10 MB
max_files: z
.number()
.int()
.nonnegative()
.default(10),
})
.optional(),
log_level: z
.enum([
"trace",
"debug",
"info",
"warning",
"error",
"fatal",
])
.default("info"),
})
.optional(),
sentry: z
.strictObject({
dsn: url,
debug: z.boolean().default(false),
sample_rate: z.number().min(0).max(1.0).default(1.0),
traces_sample_rate: z.number().min(0).max(1.0).default(1.0),
trace_propagation_targets: z.array(z.string()).default([]),
max_breadcrumbs: z.number().default(100),
environment: z.string().optional(),
log_level: z
.enum([
"trace",
"debug",
"info",
"warning",
"error",
"fatal",
])
.default("info"),
})
.optional(),
log_level: z
.enum(["trace", "debug", "info", "warning", "error", "fatal"])
.default("info"),
}),
debug: z
.strictObject({
federation: z.boolean().default(false),
})
.optional(),
plugins: z.strictObject({
autoload: z.boolean().default(true),
overrides: z
.strictObject({
enabled: z.array(z.string()).default([]),
disabled: z.array(z.string()).default([]),
})
.refine(
// Only one of enabled or disabled can be set
(arg) =>
arg.enabled.length === 0 || arg.disabled.length === 0,
"Only one of enabled or disabled can be set",
),
config: z.record(z.string(), z.any()).optional(),
}),
})
.refine(
// If media backend is S3, s3 config must be set
(arg) => arg.media.backend === MediaBackendType.Local || !!arg.s3,
"When media backend is S3, S3 configuration must be set",
);

2
packages/config/to-json-schema.ts
View file

@ -1,5 +1,5 @@
import { zodToJsonSchema } from "zod-to-json-schema";
import { ConfigSchema } from "./schema.ts";
import { ConfigSchema } from "./index.ts";
const jsonSchema = zodToJsonSchema(ConfigSchema, {});

25
packages/config/url.ts
View file

@ -1,25 +0,0 @@
import { config } from "./index.ts";
export class ProxiableUrl extends URL {
private isAllowedOrigin(): boolean {
const allowedOrigins: URL[] = [config.http.base_url].concat(
config.s3?.public_url ?? [],
);
return allowedOrigins.some((origin) =>
this.hostname.endsWith(origin.hostname),
);
}
public get proxied(): string {
// Don't proxy from CDN and self, since those sources are trusted
if (this.isAllowedOrigin()) {
return this.href;
}
const urlAsBase64Url = Buffer.from(this.href).toString("base64url");
return new URL(`/media/proxy/${urlAsBase64Url}`, config.http.base_url)
.href;
}
}

0
packages/plugin-kit/api-error.ts → packages/kit/api-error.ts
View file

0
packages/plugin-kit/api.ts → packages/kit/api.ts
View file

41
packages/kit/build.ts Normal file
View file

@ -0,0 +1,41 @@
import { $, build } from "bun";
import manifest from "./package.json" with { type: "json" };
console.log("Building...");
await $`rm -rf dist && mkdir dist`;
await build({
entrypoints: Object.values(manifest.exports).map((entry) => entry.import),
outdir: "dist",
target: "bun",
splitting: true,
minify: true,
external: [
...Object.keys(manifest.dependencies).filter((dep) =>
dep.startsWith("@versia"),
),
"acorn",
],
});
console.log("Copying files...");
// Copy Drizzle stuff
// Copy to dist instead of dist/tables because the built files are at the top-level
await $`cp -rL tables/migrations dist`;
await $`mkdir -p dist/node_modules`;
// Copy Sharp to dist
await $`mkdir -p dist/node_modules/@img`;
await $`cp -rL ../../node_modules/@img/sharp-libvips-linux* dist/node_modules/@img`;
await $`cp -rL ../../node_modules/@img/sharp-linux* dist/node_modules/@img`;
// Copy acorn to dist
await $`cp -rL ../../node_modules/acorn dist/node_modules/acorn`;
// Fixes issues with sharp
await $`cp -rL ../../node_modules/detect-libc dist/node_modules/`;
console.log("Build complete!");

5
packages/plugin-kit/db/application.ts → packages/kit/db/application.ts
View file

@ -2,8 +2,6 @@ import type {
Application as ApplicationSchema,
CredentialApplication,
} from "@versia/client/schemas";
import { db, Token } from "@versia-server/kit/db";
import { Applications } from "@versia-server/kit/tables";
import {
desc,
eq,
@ -13,7 +11,10 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { Applications } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { Token } from "./token.ts";
type ApplicationType = InferSelectModel<typeof Applications>;

0
packages/plugin-kit/db/base.ts → packages/kit/db/base.ts
View file

6
packages/plugin-kit/db/emoji.ts → packages/kit/db/emoji.ts
View file

@ -5,8 +5,6 @@ import {
} from "@versia/client/schemas";
import * as VersiaEntities from "@versia/sdk/entities";
import type { ImageContentFormatSchema } from "@versia/sdk/schemas";
import { db, type Instance, Media } from "@versia-server/kit/db";
import { Emojis, type Instances, type Medias } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import {
and,
@ -19,7 +17,11 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { Emojis, type Instances, type Medias } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import type { Instance } from "./instance.ts";
import { Media } from "./media.ts";
type EmojiType = InferSelectModel<typeof Emojis> & {
media: InferSelectModel<typeof Medias>;

0
packages/plugin-kit/db/index.ts → packages/kit/db/index.ts
View file

17
packages/plugin-kit/db/instance.ts → packages/kit/db/instance.ts
View file

@ -1,8 +1,6 @@
import * as VersiaEntities from "@versia/sdk/entities";
import { FederationRequester } from "@versia/sdk/http";
import { config } from "@versia-server/config";
import { ApiError } from "@versia-server/kit";
import { db } from "@versia-server/kit/db";
import { Instances } from "@versia-server/kit/tables";
import {
federationMessagingLogger,
federationResolversLogger,
@ -17,8 +15,11 @@ import {
inArray,
type SQL,
} from "drizzle-orm";
import { ApiError } from "../api-error.ts";
import { db } from "../tables/db.ts";
import { Instances } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { User } from "./user.ts";
import type { User } from "./user.ts";
type InstanceType = InferSelectModel<typeof Instances>;
@ -146,10 +147,10 @@ export class Instance extends BaseInterface<typeof Instances> {
const wellKnownUrl = new URL("/.well-known/versia", origin);
try {
const metadata = await User.federationRequester.fetchEntity(
wellKnownUrl,
VersiaEntities.InstanceMetadata,
);
const metadata = await new FederationRequester(
config.instance.keys.private,
config.http.base_url,
).fetchEntity(wellKnownUrl, VersiaEntities.InstanceMetadata);
return { metadata, protocol: "versia" };
} catch {

14
packages/plugin-kit/db/like.ts → packages/kit/db/like.ts
View file

@ -1,12 +1,5 @@
import * as VersiaEntities from "@versia/sdk/entities";
import { config } from "@versia-server/config";
import { db } from "@versia-server/kit/db";
import {
Likes,
type Notes,
Notifications,
type Users,
} from "@versia-server/kit/tables";
import {
and,
desc,
@ -16,6 +9,13 @@ import {
inArray,
type SQL,
} from "drizzle-orm";
import { db } from "../tables/db.ts";
import {
Likes,
type Notes,
Notifications,
type Users,
} from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { User } from "./user.ts";

11
packages/plugin-kit/db/media.ts → packages/kit/db/media.ts
View file

@ -5,11 +5,7 @@ import type {
ContentFormatSchema,
ImageContentFormatSchema,
} from "@versia/sdk/schemas";
import { config, ProxiableUrl } from "@versia-server/config";
import { MediaBackendType } from "@versia-server/config/schema";
import { ApiError } from "@versia-server/kit";
import { db } from "@versia-server/kit/db";
import { Medias } from "@versia-server/kit/tables";
import { config, MediaBackendType, ProxiableUrl } from "@versia-server/config";
import { randomUUIDv7, S3Client, SHA256, write } from "bun";
import {
desc,
@ -23,7 +19,10 @@ import sharp from "sharp";
import type { z } from "zod";
import { mimeLookup } from "@/content_types.ts";
import { getMediaHash } from "../../../classes/media/media-hasher.ts";
import { MediaJobType, mediaQueue } from "../queues/media.ts";
import { ApiError } from "../api-error.ts";
import { MediaJobType, mediaQueue } from "../queues/media/queue.ts";
import { db } from "../tables/db.ts";
import { Medias } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
type MediaType = InferSelectModel<typeof Medias>;

353
packages/plugin-kit/db/note.ts → packages/kit/db/note.ts
View file

@ -1,18 +1,11 @@
import type { NoteReactionWithAccounts, Status } from "@versia/client/schemas";
import type {
NoteReactionWithAccounts,
Status as StatusSchema,
} from "@versia/client/schemas";
import * as VersiaEntities from "@versia/sdk/entities";
import { FederationRequester } from "@versia/sdk/http";
import type { NonTextContentFormatSchema } from "@versia/sdk/schemas";
import { config } from "@versia-server/config";
import { db, Instance, type Reaction } from "@versia-server/kit/db";
import { versiaTextToHtml } from "@versia-server/kit/parsers";
import { uuid } from "@versia-server/kit/regex";
import {
EmojiToNote,
Likes,
MediasToNotes,
Notes,
NoteToMentions,
Users,
} from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import {
and,
@ -30,11 +23,26 @@ import { createRegExp, exactly, global } from "magic-regexp";
import type { z } from "zod";
import { mergeAndDeduplicate } from "@/lib.ts";
import { sanitizedHtmlStrip } from "@/sanitization";
import { DeliveryJobType, deliveryQueue } from "../queues/delivery.ts";
import { versiaTextToHtml } from "../parsers.ts";
import { DeliveryJobType, deliveryQueue } from "../queues/delivery/queue.ts";
import { uuid } from "../regex.ts";
import { db } from "../tables/db.ts";
import {
EmojiToNote,
Likes,
MediasToNotes,
Notes,
NoteToMentions,
Notifications,
Users,
} from "../tables/schema.ts";
import { Application } from "./application.ts";
import { BaseInterface } from "./base.ts";
import { Emoji } from "./emoji.ts";
import { Instance } from "./instance.ts";
import { Like } from "./like.ts";
import { Media } from "./media.ts";
import { Reaction } from "./reaction.ts";
import {
transformOutputToUserWithRelations,
User,
@ -475,6 +483,315 @@ export class Note extends BaseInterface<typeof Notes, NoteTypeWithRelations> {
);
}
/**
* Reblog a note.
*
* If the note is already reblogged, it will return the existing reblog. Also creates a notification for the author of the note.
* @param reblogger The user reblogging the note
* @param visibility The visibility of the reblog
* @param uri The URI of the reblog, if it is remote
* @returns The reblog object created or the existing reblog
*/
public async reblog(
reblogger: User,
visibility: z.infer<typeof StatusSchema.shape.visibility>,
uri?: URL,
): Promise<Note> {
const existingReblog = await Note.fromSql(
and(eq(Notes.authorId, reblogger.id), eq(Notes.reblogId, this.id)),
undefined,
reblogger.id,
);
if (existingReblog) {
return existingReblog;
}
const newReblog = await Note.insert({
id: randomUUIDv7(),
authorId: reblogger.id,
reblogId: this.id,
visibility,
sensitive: false,
updatedAt: new Date().toISOString(),
applicationId: null,
uri: uri?.href,
});
await this.recalculateReblogCount();
// Refetch the note *again* to get the proper value of .reblogged
await newReblog.reload(reblogger?.id);
if (!newReblog) {
throw new Error("Failed to reblog");
}
if (this.author.local) {
// Notify the user that their post has been reblogged
await this.author.notify("reblog", reblogger, newReblog);
}
if (reblogger.local) {
const federatedUsers = await reblogger.federateToFollowers(
newReblog.toVersiaShare(),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await reblogger.federateToUser(
newReblog.toVersiaShare(),
this.author,
);
}
}
return newReblog;
}
/**
* Unreblog a note.
*
* If the note is not reblogged, it will return without doing anything. Also removes any notifications for this reblog.
* @param unreblogger The user unreblogging the note
* @returns
*/
public async unreblog(unreblogger: User): Promise<void> {
const reblogToDelete = await Note.fromSql(
and(
eq(Notes.authorId, unreblogger.id),
eq(Notes.reblogId, this.id),
),
undefined,
unreblogger.id,
);
if (!reblogToDelete) {
return;
}
await reblogToDelete.delete();
await this.recalculateReblogCount();
if (this.author.local) {
// Remove any eventual notifications for this reblog
await db
.delete(Notifications)
.where(
and(
eq(Notifications.accountId, this.id),
eq(Notifications.type, "reblog"),
eq(Notifications.notifiedId, unreblogger.id),
eq(Notifications.noteId, this.id),
),
);
}
if (this.local) {
const federatedUsers = await unreblogger.federateToFollowers(
reblogToDelete.toVersiaUnshare(),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await unreblogger.federateToUser(
reblogToDelete.toVersiaUnshare(),
this.author,
);
}
}
}
/**
* Like a note.
*
* If the note is already liked, it will return the existing like. Also creates a notification for the author of the note.
* @param liker The user liking the note
* @param uri The URI of the like, if it is remote
* @returns The like object created or the existing like
*/
public async like(liker: User, uri?: URL): Promise<Like> {
// Check if the user has already liked the note
const existingLike = await Like.fromSql(
and(eq(Likes.likerId, liker.id), eq(Likes.likedId, this.id)),
);
if (existingLike) {
return existingLike;
}
const newLike = await Like.insert({
id: randomUUIDv7(),
likerId: liker.id,
likedId: this.id,
uri: uri?.href,
});
await this.recalculateLikeCount();
if (this.author.local) {
// Notify the user that their post has been favourited
await this.author.notify("favourite", liker, this);
}
if (liker.local) {
const federatedUsers = await liker.federateToFollowers(
newLike.toVersia(),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await liker.federateToUser(newLike.toVersia(), this.author);
}
}
return newLike;
}
/**
* Unlike a note.
*
* If the note is not liked, it will return without doing anything. Also removes any notifications for this like.
* @param unliker The user unliking the note
* @returns
*/
public async unlike(unliker: User): Promise<void> {
const likeToDelete = await Like.fromSql(
and(eq(Likes.likerId, unliker.id), eq(Likes.likedId, this.id)),
);
if (!likeToDelete) {
return;
}
await likeToDelete.delete();
await this.recalculateLikeCount();
if (this.author.local) {
// Remove any eventual notifications for this like
await likeToDelete.clearRelatedNotifications();
}
if (unliker.local) {
const federatedUsers = await unliker.federateToFollowers(
likeToDelete.unlikeToVersia(unliker),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await unliker.federateToUser(
likeToDelete.unlikeToVersia(unliker),
this.author,
);
}
}
}
/**
* Add an emoji reaction to a note
* @param reacter - The author of the reaction
* @param emoji - The emoji to react with (Emoji object for custom emojis, or Unicode emoji)
* @returns The created reaction
*/
public async react(reacter: User, emoji: Emoji | string): Promise<void> {
const existingReaction = await Reaction.fromEmoji(emoji, reacter, this);
if (existingReaction) {
return; // Reaction already exists, don't create duplicate
}
// Create the reaction
const reaction = await Reaction.insert({
id: randomUUIDv7(),
authorId: reacter.id,
noteId: this.id,
emojiText: emoji instanceof Emoji ? null : emoji,
emojiId: emoji instanceof Emoji ? emoji.id : null,
});
await this.reload(reacter.id);
if (this.author.local) {
// Notify the user that their post has been reacted to
await this.author.notify("reaction", reacter, this);
}
if (reacter.local) {
const federatedUsers = await reacter.federateToFollowers(
reaction.toVersia(),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await reacter.federateToUser(reaction.toVersia(), this.author);
}
}
}
/**
* Remove an emoji reaction from a note
* @param unreacter - The author of the reaction
* @param emoji - The emoji to remove reaction for (Emoji object for custom emojis, or Unicode emoji)
*/
public async unreact(
unreacter: User,
emoji: Emoji | string,
): Promise<void> {
const reactionToDelete = await Reaction.fromEmoji(
emoji,
unreacter,
this,
);
if (!reactionToDelete) {
return; // Reaction doesn't exist, nothing to delete
}
await reactionToDelete.delete();
if (this.author.local) {
// Remove any eventual notifications for this reaction
await db
.delete(Notifications)
.where(
and(
eq(Notifications.accountId, unreacter.id),
eq(Notifications.type, "reaction"),
eq(Notifications.notifiedId, this.data.authorId),
eq(Notifications.noteId, this.id),
),
);
}
if (unreacter.local) {
const federatedUsers = await unreacter.federateToFollowers(
reactionToDelete.toVersiaUnreact(),
);
if (
this.remote &&
!federatedUsers.find((u) => u.id === this.author.id)
) {
await unreacter.federateToUser(
reactionToDelete.toVersiaUnreact(),
this.author,
);
}
}
}
/**
* Get the children of this note (replies)
* @param userId - The ID of the user requesting the note (used to check visibility of the note)
@ -637,10 +954,10 @@ export class Note extends BaseInterface<typeof Notes, NoteTypeWithRelations> {
): Promise<Note> {
if (versiaNote instanceof URL) {
// No bridge support for notes yet
const note = await User.federationRequester.fetchEntity(
versiaNote,
VersiaEntities.Note,
);
const note = await new FederationRequester(
config.instance.keys.private,
config.http.base_url,
).fetchEntity(versiaNote, VersiaEntities.Note);
return Note.fromVersia(note);
}
@ -805,7 +1122,7 @@ export class Note extends BaseInterface<typeof Notes, NoteTypeWithRelations> {
*/
public async toApi(
userFetching?: User | null,
): Promise<z.infer<typeof Status>> {
): Promise<z.infer<typeof StatusSchema>> {
const data = this.data;
// Convert mentions of local users from @username@host to @username

11
packages/plugin-kit/db/notification.ts → packages/kit/db/notification.ts
View file

@ -1,6 +1,4 @@
import type { Notification as NotificationSchema } from "@versia/client/schemas";
import { db, Note, User } from "@versia-server/kit/db";
import { Notifications } from "@versia-server/kit/tables";
import {
desc,
eq,
@ -10,8 +8,15 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { Notifications } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { transformOutputToUserWithRelations, userRelations } from "./user.ts";
import { Note } from "./note.ts";
import {
transformOutputToUserWithRelations,
User,
userRelations,
} from "./user.ts";
export type NotificationType = InferSelectModel<typeof Notifications> & {
status: typeof Note.$type | null;

6
packages/plugin-kit/db/pushsubscription.ts → packages/kit/db/pushsubscription.ts
View file

@ -1,6 +1,4 @@
import type { WebPushSubscription as WebPushSubscriptionSchema } from "@versia/client/schemas";
import { db, type Token, type User } from "@versia-server/kit/db";
import { PushSubscriptions, Tokens } from "@versia-server/kit/tables";
import {
desc,
eq,
@ -10,7 +8,11 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { PushSubscriptions, Tokens } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import type { Token } from "./token.ts";
import type { User } from "./user.ts";
type PushSubscriptionType = InferSelectModel<typeof PushSubscriptions>;

8
packages/plugin-kit/db/reaction.ts → packages/kit/db/reaction.ts
View file

@ -1,7 +1,5 @@
import * as VersiaEntities from "@versia/sdk/entities";
import { config } from "@versia-server/config";
import { db, Emoji, Instance, type Note, User } from "@versia-server/kit/db";
import { type Notes, Reactions, type Users } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import {
and,
@ -13,7 +11,13 @@ import {
isNull,
type SQL,
} from "drizzle-orm";
import { db } from "../tables/db.ts";
import { type Notes, Reactions, type Users } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { Emoji } from "./emoji.ts";
import { Instance } from "./instance.ts";
import type { Note } from "./note.ts";
import { User } from "./user.ts";
type ReactionType = InferSelectModel<typeof Reactions> & {
emoji: typeof Emoji.$type | null;

4
packages/plugin-kit/db/relationship.ts → packages/kit/db/relationship.ts
View file

@ -1,6 +1,4 @@
import type { Relationship as RelationshipSchema } from "@versia/client/schemas";
import { db } from "@versia-server/kit/db";
import { Relationships, Users } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import {
and,
@ -13,6 +11,8 @@ import {
sql,
} from "drizzle-orm";
import { z } from "zod";
import { db } from "../tables/db.ts";
import { Relationships, Users } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import type { User } from "./user.ts";

4
packages/plugin-kit/db/role.ts → packages/kit/db/role.ts
View file

@ -3,8 +3,6 @@ import type {
Role as RoleSchema,
} from "@versia/client/schemas";
import { config, ProxiableUrl } from "@versia-server/config";
import { db } from "@versia-server/kit/db";
import { Roles, RoleToUsers } from "@versia-server/kit/tables";
import {
and,
desc,
@ -15,6 +13,8 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { Roles, RoleToUsers } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
type RoleType = InferSelectModel<typeof Roles>;

2
packages/plugin-kit/db/timeline.ts → packages/kit/db/timeline.ts
View file

@ -1,6 +1,6 @@
import { config } from "@versia-server/config";
import { Notes, Notifications, Users } from "@versia-server/kit/tables";
import { gt, type SQL } from "drizzle-orm";
import { Notes, Notifications, Users } from "../tables/schema.ts";
import { Note } from "./note.ts";
import { Notification } from "./notification.ts";
import { User } from "./user.ts";

6
packages/plugin-kit/db/token.ts → packages/kit/db/token.ts
View file

@ -1,6 +1,4 @@
import type { Token as TokenSchema } from "@versia/client/schemas";
import { type Application, db, User } from "@versia-server/kit/db";
import { Tokens } from "@versia-server/kit/tables";
import {
desc,
eq,
@ -10,7 +8,11 @@ import {
type SQL,
} from "drizzle-orm";
import type { z } from "zod";
import { db } from "../tables/db.ts";
import { Tokens } from "../tables/schema.ts";
import type { Application } from "./application.ts";
import { BaseInterface } from "./base.ts";
import { User } from "./user.ts";
type TokenType = InferSelectModel<typeof Tokens> & {
application: typeof Application.$type | null;

380
packages/plugin-kit/db/user.ts → packages/kit/db/user.ts
View file

@ -3,31 +3,12 @@ import type {
Mention as MentionSchema,
RolePermission,
Source,
Status as StatusSchema,
} from "@versia/client/schemas";
import { sign } from "@versia/sdk/crypto";
import * as VersiaEntities from "@versia/sdk/entities";
import { FederationRequester } from "@versia/sdk/http";
import type { ImageContentFormatSchema } from "@versia/sdk/schemas";
import { config, ProxiableUrl } from "@versia-server/config";
import {
db,
Media,
Notification,
PushSubscription,
Reaction,
} from "@versia-server/kit/db";
import { uuid } from "@versia-server/kit/regex";
import {
EmojiToUser,
Likes,
Notes,
NoteToMentions,
Notifications,
Relationships,
Users,
UserToPinnedNotes,
} from "@versia-server/kit/tables";
import {
federationDeliveryLogger,
federationResolversLogger,
@ -52,15 +33,26 @@ import { htmlToText } from "html-to-text";
import type { z } from "zod";
import { getBestContentType } from "@/content_types";
import { randomString } from "@/math";
import { searchManager } from "~/classes/search/search-manager";
import type { HttpVerb, KnownEntity } from "~/types/api.ts";
import { DeliveryJobType, deliveryQueue } from "../queues/delivery.ts";
import { PushJobType, pushQueue } from "../queues/push.ts";
import { DeliveryJobType, deliveryQueue } from "../queues/delivery/queue.ts";
import { PushJobType, pushQueue } from "../queues/push/queue.ts";
import { uuid } from "../regex.ts";
import { db } from "../tables/db.ts";
import {
EmojiToUser,
Notes,
NoteToMentions,
Notifications,
Relationships,
Users,
UserToPinnedNotes,
} from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";
import { Emoji } from "./emoji.ts";
import { Instance } from "./instance.ts";
import { Like } from "./like.ts";
import { Note } from "./note.ts";
import { Media } from "./media.ts";
import type { Note } from "./note.ts";
import { PushSubscription } from "./pushsubscription.ts";
import { Relationship } from "./relationship.ts";
import { Role } from "./role.ts";
@ -571,127 +563,6 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
.filter((x) => x !== null);
}
/**
* Reblog a note.
*
* If the note is already reblogged, it will return the existing reblog. Also creates a notification for the author of the note.
* @param note The note to reblog
* @param visibility The visibility of the reblog
* @param uri The URI of the reblog, if it is remote
* @returns The reblog object created or the existing reblog
*/
public async reblog(
note: Note,
visibility: z.infer<typeof StatusSchema.shape.visibility>,
uri?: URL,
): Promise<Note> {
const existingReblog = await Note.fromSql(
and(eq(Notes.authorId, this.id), eq(Notes.reblogId, note.id)),
undefined,
this.id,
);
if (existingReblog) {
return existingReblog;
}
const newReblog = await Note.insert({
id: randomUUIDv7(),
authorId: this.id,
reblogId: note.id,
visibility,
sensitive: false,
updatedAt: new Date().toISOString(),
applicationId: null,
uri: uri?.href,
});
await note.recalculateReblogCount();
// Refetch the note *again* to get the proper value of .reblogged
const finalNewReblog = await Note.fromId(newReblog.id, this?.id);
if (!finalNewReblog) {
throw new Error("Failed to reblog");
}
if (note.author.local) {
// Notify the user that their post has been reblogged
await note.author.notify("reblog", this, finalNewReblog);
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
finalNewReblog.toVersiaShare(),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(
finalNewReblog.toVersiaShare(),
note.author,
);
}
}
return finalNewReblog;
}
/**
* Unreblog a note.
*
* If the note is not reblogged, it will return without doing anything. Also removes any notifications for this reblog.
* @param note The note to unreblog
* @returns
*/
public async unreblog(note: Note): Promise<void> {
const reblogToDelete = await Note.fromSql(
and(eq(Notes.authorId, this.id), eq(Notes.reblogId, note.id)),
undefined,
this.id,
);
if (!reblogToDelete) {
return;
}
await reblogToDelete.delete();
await note.recalculateReblogCount();
if (note.author.local) {
// Remove any eventual notifications for this reblog
await db
.delete(Notifications)
.where(
and(
eq(Notifications.accountId, this.id),
eq(Notifications.type, "reblog"),
eq(Notifications.notifiedId, note.data.authorId),
eq(Notifications.noteId, note.id),
),
);
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
reblogToDelete.toVersiaUnshare(),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(
reblogToDelete.toVersiaUnshare(),
note.author,
);
}
}
}
public async recalculateFollowerCount(): Promise<void> {
const followerCount = await db.$count(
Relationships,
@ -731,188 +602,6 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
});
}
/**
* Like a note.
*
* If the note is already liked, it will return the existing like. Also creates a notification for the author of the note.
* @param note The note to like
* @param uri The URI of the like, if it is remote
* @returns The like object created or the existing like
*/
public async like(note: Note, uri?: URL): Promise<Like> {
// Check if the user has already liked the note
const existingLike = await Like.fromSql(
and(eq(Likes.likerId, this.id), eq(Likes.likedId, note.id)),
);
if (existingLike) {
return existingLike;
}
const newLike = await Like.insert({
id: randomUUIDv7(),
likerId: this.id,
likedId: note.id,
uri: uri?.href,
});
await note.recalculateLikeCount();
if (note.author.local) {
// Notify the user that their post has been favourited
await note.author.notify("favourite", this, note);
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
newLike.toVersia(),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(newLike.toVersia(), note.author);
}
}
return newLike;
}
/**
* Unlike a note.
*
* If the note is not liked, it will return without doing anything. Also removes any notifications for this like.
* @param note The note to unlike
* @returns
*/
public async unlike(note: Note): Promise<void> {
const likeToDelete = await Like.fromSql(
and(eq(Likes.likerId, this.id), eq(Likes.likedId, note.id)),
);
if (!likeToDelete) {
return;
}
await likeToDelete.delete();
await note.recalculateLikeCount();
if (note.author.local) {
// Remove any eventual notifications for this like
await likeToDelete.clearRelatedNotifications();
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
likeToDelete.unlikeToVersia(this),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(
likeToDelete.unlikeToVersia(this),
note.author,
);
}
}
}
/**
* Add an emoji reaction to a note
* @param note - The note to react to
* @param emoji - The emoji to react with (Emoji object for custom emojis, or Unicode emoji)
* @returns The created reaction
*/
public async react(note: Note, emoji: Emoji | string): Promise<void> {
const existingReaction = await Reaction.fromEmoji(emoji, this, note);
if (existingReaction) {
return; // Reaction already exists, don't create duplicate
}
// Create the reaction
const reaction = await Reaction.insert({
id: randomUUIDv7(),
authorId: this.id,
noteId: note.id,
emojiText: emoji instanceof Emoji ? null : emoji,
emojiId: emoji instanceof Emoji ? emoji.id : null,
});
const finalNote = await Note.fromId(note.id, this.id);
if (!finalNote) {
throw new Error("Failed to fetch note after reaction");
}
if (note.author.local) {
// Notify the user that their post has been reacted to
await note.author.notify("reaction", this, finalNote);
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
reaction.toVersia(),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(reaction.toVersia(), note.author);
}
}
}
/**
* Remove an emoji reaction from a note
* @param note - The note to remove reaction from
* @param emoji - The emoji to remove reaction for (Emoji object for custom emojis, or Unicode emoji)
*/
public async unreact(note: Note, emoji: Emoji | string): Promise<void> {
const reactionToDelete = await Reaction.fromEmoji(emoji, this, note);
if (!reactionToDelete) {
return; // Reaction doesn't exist, nothing to delete
}
await reactionToDelete.delete();
if (note.author.local) {
// Remove any eventual notifications for this reaction
await db
.delete(Notifications)
.where(
and(
eq(Notifications.accountId, this.id),
eq(Notifications.type, "reaction"),
eq(Notifications.notifiedId, note.data.authorId),
eq(Notifications.noteId, note.id),
),
);
}
if (this.local) {
const federatedUsers = await this.federateToFollowers(
reactionToDelete.toVersiaUnreact(),
);
if (
note.remote &&
!federatedUsers.find((u) => u.id === note.author.id)
) {
await this.federateToUser(
reactionToDelete.toVersiaUnreact(),
note.author,
);
}
}
}
public async notify(
type:
| "mention"
@ -924,13 +613,18 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
relatedUser: User,
note?: Note,
): Promise<void> {
const notification = await Notification.insert({
id: randomUUIDv7(),
accountId: relatedUser.id,
type,
notifiedId: this.id,
noteId: note?.id ?? null,
});
const notification = (
await db
.insert(Notifications)
.values({
id: randomUUIDv7(),
accountId: relatedUser.id,
type,
notifiedId: this.id,
noteId: note?.id ?? null,
})
.returning()
)[0];
// Also do push notifications
if (config.notifications.push) {
@ -1046,10 +740,10 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
);
}
const user = await User.federationRequester.fetchEntity(
uri,
VersiaEntities.User,
);
const user = await new FederationRequester(
config.instance.keys.private,
config.http.base_url,
).fetchEntity(uri, VersiaEntities.User);
return User.fromVersia(user);
}
@ -1266,9 +960,6 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
} as z.infer<typeof Source>,
});
// Add to search index
await searchManager.addUser(user);
return user;
}
@ -1332,13 +1023,6 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
return updated.data;
}
public static get federationRequester(): FederationRequester {
return new FederationRequester(
config.instance.keys.private,
config.http.base_url,
);
}
public get federationRequester(): Promise<FederationRequester> {
return crypto.subtle
.importKey(

0
packages/plugin-kit/example.ts → packages/kit/example.ts
View file

0
packages/plugin-kit/hooks.ts → packages/kit/hooks.ts
View file

26
packages/plugin-kit/inbox-processor.ts → packages/kit/inbox-processor.ts
View file

@ -2,16 +2,6 @@ import { EntitySorter, type JSONObject } from "@versia/sdk";
import { verify } from "@versia/sdk/crypto";
import * as VersiaEntities from "@versia/sdk/entities";
import { config } from "@versia-server/config";
import { ApiError } from "@versia-server/kit";
import {
type Instance,
Like,
Note,
Reaction,
Relationship,
User,
} from "@versia-server/kit/db";
import { Likes, Notes } from "@versia-server/kit/tables";
import { federationInboxLogger } from "@versia-server/logging";
import type { SocketAddress } from "bun";
import { Glob } from "bun";
@ -19,6 +9,14 @@ import chalk from "chalk";
import { and, eq } from "drizzle-orm";
import { matches } from "ip-matching";
import { isValidationError } from "zod-validation-error";
import { ApiError } from "./api-error.ts";
import type { Instance } from "./db/instance.ts";
import { Like } from "./db/like.ts";
import { Note } from "./db/note.ts";
import { Reaction } from "./db/reaction.ts";
import { Relationship } from "./db/relationship.ts";
import { User } from "./db/user.ts";
import { Likes, Notes } from "./tables/schema.ts";
/**
* Checks if the hostname is defederated using glob matching.
@ -439,7 +437,7 @@ export class InboxProcessor {
throw new ApiError(404, "Shared Note not found");
}
await author.reblog(sharedNote, "public", new URL(share.data.uri));
await sharedNote.reblog(author, "public", new URL(share.data.uri));
}
/**
@ -515,7 +513,7 @@ export class InboxProcessor {
throw new ApiError(404, "Like author not found");
}
await likeAuthor.unlike(liked);
await liked.unlike(likeAuthor);
return;
}
@ -547,7 +545,7 @@ export class InboxProcessor {
);
}
await author.unreblog(reblogged);
await reblogged.unreblog(author);
return;
}
default: {
@ -579,7 +577,7 @@ export class InboxProcessor {
throw new ApiError(404, "Liked Note not found");
}
await author.like(likedNote, new URL(like.data.uri));
await likedNote.like(author, new URL(like.data.uri));
}
/**

0
packages/plugin-kit/index.ts → packages/kit/index.ts
View file

0
packages/plugin-kit/json-schema.ts → packages/kit/json-schema.ts
View file

0
packages/plugin-kit/manifest.schema.json → packages/kit/manifest.schema.json
View file

0
packages/plugin-kit/markdown.ts → packages/kit/markdown.ts
View file

71
packages/plugin-kit/package.json → packages/kit/package.json
View file

@ -9,6 +9,9 @@
"name": "CPlusPatch",
"url": "https://cpluspatch.com"
},
"scripts": {
"build": "bun run build.ts"
},
"bugs": {
"url": "https://github.com/versia-pub/server/issues"
},
@ -58,47 +61,75 @@
"@hackmd/markdown-it-task-lists": "catalog:",
"bullmq": "catalog:",
"web-push": "catalog:",
"ip-matching": "catalog:"
"ip-matching": "catalog:",
"sonic-channel": "catalog:"
},
"files": [
"tables/migrations"
],
"exports": {
".": {
"import": "./index.ts",
"default": "./index.ts"
"import": "./index.ts"
},
"./db": {
"import": "./db/index.ts",
"default": "./db/index.ts"
"import": "./db/index.ts"
},
"./tables": {
"import": "./tables/schema.ts",
"default": "./tables/schema.ts"
"import": "./tables/schema.ts"
},
"./api": {
"import": "./api.ts",
"default": "./api.ts"
"import": "./api.ts"
},
"./redis": {
"import": "./redis.ts",
"default": "./redis.ts"
"import": "./redis.ts"
},
"./regex": {
"import": "./regex.ts",
"default": "./regex.ts"
"import": "./regex.ts"
},
"./queues/*": {
"import": "./queues/*.ts",
"default": "./queues/*.ts"
"./queues/delivery": {
"import": "./queues/delivery/queue.ts"
},
"./queues/delivery/worker": {
"import": "./queues/delivery/worker.ts"
},
"./queues/fetch": {
"import": "./queues/fetch/queue.ts"
},
"./queues/fetch/worker": {
"import": "./queues/fetch/worker.ts"
},
"./queues/inbox": {
"import": "./queues/inbox/queue.ts"
},
"./queues/inbox/worker": {
"import": "./queues/inbox/worker.ts"
},
"./queues/media": {
"import": "./queues/media/queue.ts"
},
"./queues/media/worker": {
"import": "./queues/media/worker.ts"
},
"./queues/push": {
"import": "./queues/push/queue.ts"
},
"./queues/push/worker": {
"import": "./queues/push/worker.ts"
},
"./queues/relationships": {
"import": "./queues/relationships/queue.ts"
},
"./queues/relationships/worker": {
"import": "./queues/relationships/worker.ts"
},
"./markdown": {
"import": "./markdown.ts",
"default": "./markdown.ts"
"import": "./markdown.ts"
},
"./parsers": {
"import": "./parsers.ts",
"default": "./parsers.ts"
"import": "./parsers.ts"
},
"./search": {
"import": "./search-manager.ts"
}
}
}

0
packages/plugin-kit/parsers.ts → packages/kit/parsers.ts
View file

0
packages/plugin-kit/plugin.ts → packages/kit/plugin.ts
View file

20
packages/kit/queues/delivery/queue.ts Normal file
View file

@ -0,0 +1,20 @@
import type { JSONObject } from "@versia/sdk";
import { Queue } from "bullmq";
import { connection } from "../../redis.ts";
export enum DeliveryJobType {
FederateEntity = "federateEntity",
}
export type DeliveryJobData = {
entity: JSONObject;
recipientId: string;
senderId: string;
};
export const deliveryQueue = new Queue<DeliveryJobData, void, DeliveryJobType>(
"delivery",
{
connection,
},
);

29
packages/plugin-kit/queues/delivery.ts → packages/kit/queues/delivery/worker.ts
View file

@ -1,27 +1,14 @@
import type { JSONObject } from "@versia/sdk";
import * as VersiaEntities from "@versia/sdk/entities";
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import { Worker } from "bullmq";
import chalk from "chalk";
import { User } from "../db/user.ts";
import { connection } from "../redis.ts";
export enum DeliveryJobType {
FederateEntity = "federateEntity",
}
export type DeliveryJobData = {
entity: JSONObject;
recipientId: string;
senderId: string;
};
export const deliveryQueue = new Queue<DeliveryJobData, void, DeliveryJobType>(
"delivery",
{
connection,
},
);
import { User } from "../../db/user.ts";
import { connection } from "../../redis.ts";
import {
type DeliveryJobData,
DeliveryJobType,
deliveryQueue,
} from "./queue.ts";
export const getDeliveryWorker = (): Worker<
DeliveryJobData,

17
packages/kit/queues/fetch/queue.ts Normal file
View file

@ -0,0 +1,17 @@
import { Queue } from "bullmq";
import { connection } from "../../redis.ts";
export enum FetchJobType {
Instance = "instance",
User = "user",
Note = "user",
}
export type FetchJobData = {
uri: string;
refetcher?: string;
};
export const fetchQueue = new Queue<FetchJobData, void, FetchJobType>("fetch", {
connection,
});

24
packages/plugin-kit/queues/fetch.ts → packages/kit/queues/fetch/worker.ts
View file

@ -1,24 +1,10 @@
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import { Worker } from "bullmq";
import { eq } from "drizzle-orm";
import { Instance } from "../db/instance.ts";
import { connection } from "../redis.ts";
import { Instances } from "../tables/schema.ts";
export enum FetchJobType {
Instance = "instance",
User = "user",
Note = "user",
}
export type FetchJobData = {
uri: string;
refetcher?: string;
};
export const fetchQueue = new Queue<FetchJobData, void, FetchJobType>("fetch", {
connection,
});
import { Instance } from "../../db/instance.ts";
import { connection } from "../../redis.ts";
import { Instances } from "../../tables/schema.ts";
import { type FetchJobData, FetchJobType, fetchQueue } from "./queue.ts";
export const getFetchWorker = (): Worker<FetchJobData, void, FetchJobType> =>
new Worker<FetchJobData, void, FetchJobType>(

31
packages/kit/queues/inbox/queue.ts Normal file
View file

@ -0,0 +1,31 @@
import type { JSONObject } from "@versia/sdk";
import { Queue } from "bullmq";
import type { SocketAddress } from "bun";
import { connection } from "../../redis.ts";
export enum InboxJobType {
ProcessEntity = "processEntity",
}
export type InboxJobData = {
data: JSONObject;
headers: {
"versia-signature"?: string;
"versia-signed-at"?: number;
"versia-signed-by"?: string;
authorization?: string;
};
request: {
url: string;
method: string;
body: string;
};
ip: SocketAddress | null;
};
export const inboxQueue = new Queue<InboxJobData, Response, InboxJobType>(
"inbox",
{
connection,
},
);

42
packages/plugin-kit/queues/inbox.ts → packages/kit/queues/inbox/worker.ts
View file

@ -1,39 +1,11 @@
import type { JSONObject } from "@versia/sdk";
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import type { SocketAddress } from "bun";
import { ApiError } from "../api-error.ts";
import { Instance } from "../db/instance.ts";
import { User } from "../db/user.ts";
import { InboxProcessor } from "../inbox-processor.ts";
import { connection } from "../redis.ts";
export enum InboxJobType {
ProcessEntity = "processEntity",
}
export type InboxJobData = {
data: JSONObject;
headers: {
"versia-signature"?: string;
"versia-signed-at"?: number;
"versia-signed-by"?: string;
authorization?: string;
};
request: {
url: string;
method: string;
body: string;
};
ip: SocketAddress | null;
};
export const inboxQueue = new Queue<InboxJobData, Response, InboxJobType>(
"inbox",
{
connection,
},
);
import { Worker } from "bullmq";
import { ApiError } from "../../api-error.ts";
import { Instance } from "../../db/instance.ts";
import { User } from "../../db/user.ts";
import { InboxProcessor } from "../../inbox-processor.ts";
import { connection } from "../../redis.ts";
import { type InboxJobData, InboxJobType, inboxQueue } from "./queue.ts";
export const getInboxWorker = (): Worker<InboxJobData, void, InboxJobType> =>
new Worker<InboxJobData, void, InboxJobType>(

16
packages/kit/queues/media/queue.ts Normal file
View file

@ -0,0 +1,16 @@
import { Queue } from "bullmq";
import { connection } from "../../redis.ts";
export enum MediaJobType {
ConvertMedia = "convertMedia",
CalculateMetadata = "calculateMetadata",
}
export type MediaJobData = {
attachmentId: string;
filename: string;
};
export const mediaQueue = new Queue<MediaJobData, void, MediaJobType>("media", {
connection,
});

25
packages/plugin-kit/queues/media.ts → packages/kit/queues/media/worker.ts
View file

@ -1,23 +1,10 @@
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import { calculateBlurhash } from "../../../classes/media/preprocessors/blurhash.ts";
import { convertImage } from "../../../classes/media/preprocessors/image-conversion.ts";
import { Media } from "../db/media.ts";
import { connection } from "../redis.ts";
export enum MediaJobType {
ConvertMedia = "convertMedia",
CalculateMetadata = "calculateMetadata",
}
export type MediaJobData = {
attachmentId: string;
filename: string;
};
export const mediaQueue = new Queue<MediaJobData, void, MediaJobType>("media", {
connection,
});
import { Worker } from "bullmq";
import { calculateBlurhash } from "../../../../classes/media/preprocessors/blurhash.ts";
import { convertImage } from "../../../../classes/media/preprocessors/image-conversion.ts";
import { Media } from "../../db/media.ts";
import { connection } from "../../redis.ts";
import { type MediaJobData, MediaJobType, mediaQueue } from "./queue.ts";
export const getMediaWorker = (): Worker<MediaJobData, void, MediaJobType> =>
new Worker<MediaJobData, void, MediaJobType>(

18
packages/kit/queues/push/queue.ts Normal file
View file

@ -0,0 +1,18 @@
import { Queue } from "bullmq";
import { connection } from "../../redis.ts";
export enum PushJobType {
Notify = "notify",
}
export type PushJobData = {
psId: string;
type: string;
relatedUserId: string;
noteId?: string;
notificationId: string;
};
export const pushQueue = new Queue<PushJobData, void, PushJobType>("push", {
connection,
});

29
packages/plugin-kit/queues/push.ts → packages/kit/queues/push/worker.ts
View file

@ -1,28 +1,13 @@
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import { Worker } from "bullmq";
import { sendNotification } from "web-push";
import { htmlToText } from "@/content_types.ts";
import { Note } from "../db/note.ts";
import { PushSubscription } from "../db/pushsubscription.ts";
import { Token } from "../db/token.ts";
import { User } from "../db/user.ts";
import { connection } from "../redis.ts";
export enum PushJobType {
Notify = "notify",
}
export type PushJobData = {
psId: string;
type: string;
relatedUserId: string;
noteId?: string;
notificationId: string;
};
export const pushQueue = new Queue<PushJobData, void, PushJobType>("push", {
connection,
});
import { Note } from "../../db/note.ts";
import { PushSubscription } from "../../db/pushsubscription.ts";
import { Token } from "../../db/token.ts";
import { User } from "../../db/user.ts";
import { connection } from "../../redis.ts";
import { type PushJobData, type PushJobType, pushQueue } from "./queue.ts";
export const getPushWorker = (): Worker<PushJobData, void, PushJobType> =>
new Worker<PushJobData, void, PushJobType>(

19
packages/kit/queues/relationships/queue.ts Normal file
View file

@ -0,0 +1,19 @@
import { Queue } from "bullmq";
import { connection } from "../../redis.ts";
export enum RelationshipJobType {
Unmute = "unmute",
}
export type RelationshipJobData = {
ownerId: string;
subjectId: string;
};
export const relationshipQueue = new Queue<
RelationshipJobData,
void,
RelationshipJobType
>("relationships", {
connection,
});

30
packages/plugin-kit/queues/relationships.ts → packages/kit/queues/relationships/worker.ts
View file

@ -1,25 +1,13 @@
import { config } from "@versia-server/config";
import { Queue, Worker } from "bullmq";
import { Relationship } from "../db/relationship.ts";
import { User } from "../db/user.ts";
import { connection } from "../redis.ts";
export enum RelationshipJobType {
Unmute = "unmute",
}
export type RelationshipJobData = {
ownerId: string;
subjectId: string;
};
export const relationshipQueue = new Queue<
RelationshipJobData,
void,
RelationshipJobType
>("relationships", {
connection,
});
import { Worker } from "bullmq";
import { Relationship } from "../../db/relationship.ts";
import { User } from "../../db/user.ts";
import { connection } from "../../redis.ts";
import {
type RelationshipJobData,
RelationshipJobType,
relationshipQueue,
} from "./queue.ts";
export const getRelationshipWorker = (): Worker<
RelationshipJobData,

0
packages/plugin-kit/redis.ts → packages/kit/redis.ts
View file

0
packages/plugin-kit/regex.ts → packages/kit/regex.ts
View file

0
packages/plugin-kit/schema.ts → packages/kit/schema.ts
View file

311
packages/kit/search-manager.ts Normal file
View file

@ -0,0 +1,311 @@
/**
* @file search-manager.ts
* @description Sonic search integration for indexing and searching accounts and statuses
*/
import { config } from "@versia-server/config";
import { sonicLogger } from "@versia-server/logging";
import type { SQL, ValueOrArray } from "drizzle-orm";
import {
Ingest as SonicChannelIngest,
Search as SonicChannelSearch,
} from "sonic-channel";
import { Note } from "./db/note.ts";
import { User } from "./db/user.ts";
import { db } from "./tables/db.ts";
/**
* Enum for Sonic index types
*/
export enum SonicIndexType {
Accounts = "accounts",
Statuses = "statuses",
}
/**
* Class for managing Sonic search operations
*/
export class SonicSearchManager {
private searchChannel: SonicChannelSearch;
private ingestChannel: SonicChannelIngest;
private connected = false;
/**
* @param config Configuration for Sonic
*/
public constructor() {
if (!config.search.sonic) {
throw new Error("Sonic configuration is missing");
}
this.searchChannel = new SonicChannelSearch({
host: config.search.sonic.host,
port: config.search.sonic.port,
auth: config.search.sonic.password,
});
this.ingestChannel = new SonicChannelIngest({
host: config.search.sonic.host,
port: config.search.sonic.port,
auth: config.search.sonic.password,
});
}
/**
* Connect to Sonic
*/
public async connect(silent = false): Promise<void> {
if (!config.search.enabled) {
!silent && sonicLogger.info`Sonic search is disabled`;
return;
}
if (this.connected) {
return;
}
!silent && sonicLogger.info`Connecting to Sonic...`;
// Connect to Sonic
await new Promise<boolean>((resolve, reject) => {
this.searchChannel.connect({
connected: (): void => {
!silent &&
sonicLogger.info`Connected to Sonic Search Channel`;
resolve(true);
},
disconnected: (): void =>
sonicLogger.error`Disconnected from Sonic Search Channel. You might be using an incorrect password.`,
timeout: (): void =>
sonicLogger.error`Sonic Search Channel connection timed out`,
retrying: (): void =>
sonicLogger.warn`Retrying connection to Sonic Search Channel`,
error: (error): void => {
sonicLogger.error`Failed to connect to Sonic Search Channel: ${error}`;
reject(error);
},
});
});
await new Promise<boolean>((resolve, reject) => {
this.ingestChannel.connect({
connected: (): void => {
!silent &&
sonicLogger.info`Connected to Sonic Ingest Channel`;
resolve(true);
},
disconnected: (): void =>
sonicLogger.error`Disconnected from Sonic Ingest Channel`,
timeout: (): void =>
sonicLogger.error`Sonic Ingest Channel connection timed out`,
retrying: (): void =>
sonicLogger.warn`Retrying connection to Sonic Ingest Channel`,
error: (error): void => {
sonicLogger.error`Failed to connect to Sonic Ingest Channel: ${error}`;
reject(error);
},
});
});
try {
await Promise.all([
this.searchChannel.ping(),
this.ingestChannel.ping(),
]);
this.connected = true;
!silent && sonicLogger.info`Connected to Sonic`;
} catch (error) {
sonicLogger.fatal`Error while connecting to Sonic: ${error}`;
throw error;
}
}
/**
* Add a user to Sonic
* @param user User to add
*/
public async addUser(user: User): Promise<void> {
if (!config.search.enabled) {
return;
}
try {
await this.ingestChannel.push(
SonicIndexType.Accounts,
"users",
user.id,
`${user.data.username} ${user.data.displayName} ${user.data.note}`,
);
} catch (error) {
sonicLogger.error`Failed to add user to Sonic: ${error}`;
}
}
/**
* Get a batch of accounts from the database
* @param n Batch number
* @param batchSize Size of the batch
*/
private static getNthDatabaseAccountBatch(
n: number,
batchSize = 1000,
): Promise<Record<string, string | null | Date>[]> {
return db.query.Users.findMany({
offset: n * batchSize,
limit: batchSize,
columns: {
id: true,
username: true,
displayName: true,
note: true,
createdAt: true,
},
orderBy: (user, { asc }): ValueOrArray<SQL> => asc(user.createdAt),
});
}
/**
* Get a batch of statuses from the database
* @param n Batch number
* @param batchSize Size of the batch
*/
private static getNthDatabaseStatusBatch(
n: number,
batchSize = 1000,
): Promise<Record<string, string | Date>[]> {
return db.query.Notes.findMany({
offset: n * batchSize,
limit: batchSize,
columns: {
id: true,
content: true,
createdAt: true,
},
orderBy: (status, { asc }): ValueOrArray<SQL> =>
asc(status.createdAt),
});
}
/**
* Rebuild search indexes
* @param indexes Indexes to rebuild
* @param batchSize Size of each batch
* @param progressCallback Callback for progress updates
*/
public async rebuildSearchIndexes(
indexes: SonicIndexType[],
batchSize = 100,
progressCallback?: (progress: number) => void,
): Promise<void> {
for (const index of indexes) {
if (index === SonicIndexType.Accounts) {
await this.rebuildAccountsIndex(batchSize, progressCallback);
} else if (index === SonicIndexType.Statuses) {
await this.rebuildStatusesIndex(batchSize, progressCallback);
}
}
}
/**
* Rebuild accounts index
* @param batchSize Size of each batch
* @param progressCallback Callback for progress updates
*/
private async rebuildAccountsIndex(
batchSize: number,
progressCallback?: (progress: number) => void,
): Promise<void> {
const accountCount = await User.getCount();
const batchCount = Math.ceil(accountCount / batchSize);
for (let i = 0; i < batchCount; i++) {
const accounts =
await SonicSearchManager.getNthDatabaseAccountBatch(
i,
batchSize,
);
await Promise.all(
accounts.map((account) =>
this.ingestChannel.push(
SonicIndexType.Accounts,
"users",
account.id as string,
`${account.username} ${account.displayName} ${account.note}`,
),
),
);
progressCallback?.((i + 1) / batchCount);
}
}
/**
* Rebuild statuses index
* @param batchSize Size of each batch
* @param progressCallback Callback for progress updates
*/
private async rebuildStatusesIndex(
batchSize: number,
progressCallback?: (progress: number) => void,
): Promise<void> {
const statusCount = await Note.getCount();
const batchCount = Math.ceil(statusCount / batchSize);
for (let i = 0; i < batchCount; i++) {
const statuses = await SonicSearchManager.getNthDatabaseStatusBatch(
i,
batchSize,
);
await Promise.all(
statuses.map((status) =>
this.ingestChannel.push(
SonicIndexType.Statuses,
"notes",
status.id as string,
status.content as string,
),
),
);
progressCallback?.((i + 1) / batchCount);
}
}
/**
* Search for accounts
* @param query Search query
* @param limit Maximum number of results
* @param offset Offset for pagination
*/
public searchAccounts(
query: string,
limit = 10,
offset = 0,
): Promise<string[]> {
return this.searchChannel.query(
SonicIndexType.Accounts,
"users",
query,
{ limit, offset },
);
}
/**
* Search for statuses
* @param query Search query
* @param limit Maximum number of results
* @param offset Offset for pagination
*/
public searchStatuses(
query: string,
limit = 10,
offset = 0,
): Promise<string[]> {
return this.searchChannel.query(
SonicIndexType.Statuses,
"notes",
query,
{ limit, offset },
);
}
}
export const searchManager = new SonicSearchManager();

3
packages/plugin-kit/tables/db.ts → packages/kit/tables/db.ts
View file

@ -1,3 +1,4 @@
import { join } from "node:path";
import { config } from "@versia-server/config";
import { databaseLogger } from "@versia-server/logging";
import { SQL } from "bun";
@ -67,7 +68,7 @@ export const setupDatabase = async (info = true): Promise<void> => {
try {
await migrate(db, {
migrationsFolder: "./packages/plugin-kit/tables/migrations",
migrationsFolder: join(import.meta.dir, "migrations"),
});
} catch (e) {
databaseLogger.fatal`Failed to migrate database. Please check your configuration.`;

0
packages/plugin-kit/tables/migrations/0000_illegal_living_lightning.sql → packages/kit/tables/migrations/0000_illegal_living_lightning.sql
View file

0
packages/plugin-kit/tables/migrations/0001_salty_night_thrasher.sql → packages/kit/tables/migrations/0001_salty_night_thrasher.sql
View file

0
packages/plugin-kit/tables/migrations/0002_stiff_ares.sql → packages/kit/tables/migrations/0002_stiff_ares.sql
View file

0
packages/plugin-kit/tables/migrations/0003_spicy_arachne.sql → packages/kit/tables/migrations/0003_spicy_arachne.sql
View file

0
packages/plugin-kit/tables/migrations/0004_burly_lockjaw.sql → packages/kit/tables/migrations/0004_burly_lockjaw.sql
View file

0
packages/plugin-kit/tables/migrations/0005_sleepy_puma.sql → packages/kit/tables/migrations/0005_sleepy_puma.sql
View file

0
packages/plugin-kit/tables/migrations/0006_messy_network.sql → packages/kit/tables/migrations/0006_messy_network.sql
View file

0
packages/plugin-kit/tables/migrations/0007_naive_sleeper.sql → packages/kit/tables/migrations/0007_naive_sleeper.sql
View file

0
packages/plugin-kit/tables/migrations/0008_flawless_brother_voodoo.sql → packages/kit/tables/migrations/0008_flawless_brother_voodoo.sql
View file

0
packages/plugin-kit/tables/migrations/0009_easy_slyde.sql → packages/kit/tables/migrations/0009_easy_slyde.sql
View file

0
packages/plugin-kit/tables/migrations/0010_daffy_frightful_four.sql → packages/kit/tables/migrations/0010_daffy_frightful_four.sql
View file

0
packages/plugin-kit/tables/migrations/0011_special_the_fury.sql → packages/kit/tables/migrations/0011_special_the_fury.sql
View file

0
packages/plugin-kit/tables/migrations/0012_certain_thor_girl.sql → packages/kit/tables/migrations/0012_certain_thor_girl.sql
View file

0
packages/plugin-kit/tables/migrations/0013_wandering_celestials.sql → packages/kit/tables/migrations/0013_wandering_celestials.sql
View file

0
packages/plugin-kit/tables/migrations/0014_wonderful_sandman.sql → packages/kit/tables/migrations/0014_wonderful_sandman.sql
View file

Some files were not shown because too many files have changed in this diff Show more