egirlskey/packages/backend/src/core/activitypub/ApRequestService.ts

/*
 * SPDX-FileCopyrightText: syuilo and other misskey contributors
 * SPDX-License-Identifier: AGPL-3.0-only
 */

import * as crypto from 'node:crypto';
import { URL } from 'node:url';
import { Inject, Injectable } from '@nestjs/common';
import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js';
import type { User } from '@/models/entities/User.js';
import { UserKeypairService } from '@/core/UserKeypairService.js';
import { HttpRequestService } from '@/core/HttpRequestService.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import type Logger from '@/logger.js';

type Request = {
	url: string;
	method: string;
	headers: Record<string, string>;
};

type Signed = {
	request: Request;
	signingString: string;
	signature: string;
	signatureHeader: string;
};

type PrivateKey = {
	privateKeyPem: string;
	keyId: string;
};

export class ApRequestCreator {
	static createSignedPost(args: { key: PrivateKey, url: string, body: string, additionalHeaders: Record<string, string> }): Signed {
		const u = new URL(args.url);
		const digestHeader = `SHA-256=${crypto.createHash('sha256').update(args.body).digest('base64')}`;

		const request: Request = {
			url: u.href,
			method: 'POST',
			headers: this.#objectAssignWithLcKey({
				'Date': new Date().toUTCString(),
				'Host': u.host,
				'Content-Type': 'application/activity+json',
				'Digest': digestHeader,
			}, args.additionalHeaders),
		};

		const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);

		return {
			request,
			signingString: result.signingString,
			signature: result.signature,
			signatureHeader: result.signatureHeader,
		};
	}

	static createSignedGet(args: { key: PrivateKey, url: string, additionalHeaders: Record<string, string> }): Signed {
		const u = new URL(args.url);

		const request: Request = {
			url: u.href,
			method: 'GET',
			headers: this.#objectAssignWithLcKey({
				'Accept': 'application/activity+json, application/ld+json',
				'Date': new Date().toUTCString(),
				'Host': new URL(args.url).host,
			}, args.additionalHeaders),
		};

		const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);

		return {
			request,
			signingString: result.signingString,
			signature: result.signature,
			signatureHeader: result.signatureHeader,
		};
	}

	static #signToRequest(request: Request, key: PrivateKey, includeHeaders: string[]): Signed {
		const signingString = this.#genSigningString(request, includeHeaders);
		const signature = crypto.sign('sha256', Buffer.from(signingString), key.privateKeyPem).toString('base64');
		const signatureHeader = `keyId="${key.keyId}",algorithm="rsa-sha256",headers="${includeHeaders.join(' ')}",signature="${signature}"`;

		request.headers = this.#objectAssignWithLcKey(request.headers, {
			Signature: signatureHeader,
		});
		// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
		delete request.headers['host'];

		return {
			request,
			signingString,
			signature,
			signatureHeader,
		};
	}

	static #genSigningString(request: Request, includeHeaders: string[]): string {
		request.headers = this.#lcObjectKey(request.headers);

		const results: string[] = [];

		for (const key of includeHeaders.map(x => x.toLowerCase())) {
			if (key === '(request-target)') {
				results.push(`(request-target): ${request.method.toLowerCase()} ${new URL(request.url).pathname}`);
			} else {
				results.push(`${key}: ${request.headers[key]}`);
			}
		}

		return results.join('\n');
	}

	static #lcObjectKey(src: Record<string, string>): Record<string, string> {
		const dst: Record<string, string> = {};
		for (const key of Object.keys(src).filter(x => x !== '__proto__' && typeof src[x] === 'string')) dst[key.toLowerCase()] = src[key];
		return dst;
	}

	static #objectAssignWithLcKey(a: Record<string, string>, b: Record<string, string>): Record<string, string> {
		return Object.assign(this.#lcObjectKey(a), this.#lcObjectKey(b));
	}
}

@Injectable()
export class ApRequestService {
	private logger: Logger;

	constructor(
		@Inject(DI.config)
		private config: Config,

		private userKeypairService: UserKeypairService,
		private httpRequestService: HttpRequestService,
		private loggerService: LoggerService,
	) {
		// eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
		this.logger = this.loggerService?.getLogger('ap-request'); // なぜか TypeError: Cannot read properties of undefined (reading 'getLogger') と言われる
	}

	@bindThis
	public async signedPost(user: { id: User['id'] }, url: string, object: unknown): Promise<void> {
		const body = JSON.stringify(object);

		const keypair = await this.userKeypairService.getUserKeypair(user.id);

		const req = ApRequestCreator.createSignedPost({
			key: {
				privateKeyPem: keypair.privateKey,
				keyId: `${this.config.url}/users/${user.id}#main-key`,
			},
			url,
			body,
			additionalHeaders: {
			},
		});

		await this.httpRequestService.send(url, {
			method: req.request.method,
			headers: req.request.headers,
			body,
		});
	}

	/**
	 * Get AP object with http-signature
	 * @param user http-signature user
	 * @param url URL to fetch
	 */
	@bindThis
	public async signedGet(url: string, user: { id: User['id'] }): Promise<unknown> {
		const keypair = await this.userKeypairService.getUserKeypair(user.id);

		const req = ApRequestCreator.createSignedGet({
			key: {
				privateKeyPem: keypair.privateKey,
				keyId: `${this.config.url}/users/${user.id}#main-key`,
			},
			url,
			additionalHeaders: {
			},
		});

		const res = await this.httpRequestService.send(url, {
			method: req.request.method,
			headers: req.request.headers,
		});

		return await res.json();
	}
}
chore: 著作権とライセンスについての情報を各ファイルに追加する (#11348) * chore: Add the SPDX information to each file Add copyright and licensing information as defined in version 3.0 of the REUSE Specification. * tweak format --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-27 05:31:52 +00:00			`/*`
			`* SPDX-FileCopyrightText: syuilo and other misskey contributors`
			`* SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`import * as crypto from 'node:crypto';`
			`import { URL } from 'node:url';`
			`import { Inject, Injectable } from '@nestjs/common';`
			`import { DI } from '@/di-symbols.js';`
fix import type 2022-09-20 20:33:11 +00:00			`import type { Config } from '@/config.js';`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`import type { User } from '@/models/entities/User.js';`
enhance(backend): improve userkeypair cache 2023-04-05 03:10:40 +00:00			`import { UserKeypairService } from '@/core/UserKeypairService.js';`
fix(server): node-fetchおよびgotを使う以前の実装に戻す see #9710 2023-01-25 03:00:04 +00:00			`import { HttpRequestService } from '@/core/HttpRequestService.js';`
perf(backend): Use undici instead of node-fetch and got (#9459) * Implement? HttpFetchService * :v: * remove node-fetch * fix * refactor * fix * gateway timeout * UndiciFetcherクラスを追加 (仮コミット, ビルドもstartもさせていない) * fix * add logger and fix url preview * fix ip check * enhance logger and error handling * fix * fix * clean up * Use custom fetcher for ApRequest / ApResolver * bypassProxyはproxyBypassHostsに判断を委譲するように * set maxRedirections (default 3, ApRequest/ApResolver: 0) * fix comment * handle error s3 upload * add debug message * no return await * Revert "no return await" This reverts commit b5b0dc58a342393d260492e3a6f58304372f53b2. * reduce maxSockets * apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger * Revert "apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger" This reverts commit 997243915c8e1f8472da64f607f88c36cb1d5cb4. * add logger * fix * change logger name * safe * デフォルトでUser-Agentを設定 2023-01-12 12:03:02 +00:00			`import { LoggerService } from '@/core/LoggerService.js';`
refactor: introduce bindThis decorator to bind this automaticaly 2022-12-04 06:03:09 +00:00			`import { bindThis } from '@/decorators.js';`
perf(backend): Use undici instead of node-fetch and got (#9459) * Implement? HttpFetchService * :v: * remove node-fetch * fix * refactor * fix * gateway timeout * UndiciFetcherクラスを追加 (仮コミット, ビルドもstartもさせていない) * fix * add logger and fix url preview * fix ip check * enhance logger and error handling * fix * fix * clean up * Use custom fetcher for ApRequest / ApResolver * bypassProxyはproxyBypassHostsに判断を委譲するように * set maxRedirections (default 3, ApRequest/ApResolver: 0) * fix comment * handle error s3 upload * add debug message * no return await * Revert "no return await" This reverts commit b5b0dc58a342393d260492e3a6f58304372f53b2. * reduce maxSockets * apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger * Revert "apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger" This reverts commit 997243915c8e1f8472da64f607f88c36cb1d5cb4. * add logger * fix * change logger name * safe * デフォルトでUser-Agentを設定 2023-01-12 12:03:02 +00:00			`import type Logger from '@/logger.js';`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`type Request = {`
			`url: string;`
fix(server): node-fetchおよびgotを使う以前の実装に戻す see #9710 2023-01-25 03:00:04 +00:00			`method: string;`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`headers: Record<string, string>;`
			`};`

			`type Signed = {`
			`request: Request;`
			`signingString: string;`
			`signature: string;`
			`signatureHeader: string;`
			`};`

			`type PrivateKey = {`
			`privateKeyPem: string;`
			`keyId: string;`
			`};`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`export class ApRequestCreator {`
			`static createSignedPost(args: { key: PrivateKey, url: string, body: string, additionalHeaders: Record<string, string> }): Signed {`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`const u = new URL(args.url);`
			const digestHeader = `SHA-256=${crypto.createHash('sha256').update(args.body).digest('base64')}`;

			`const request: Request = {`
			`url: u.href,`
			`method: 'POST',`
test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`headers: this.#objectAssignWithLcKey({`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`'Date': new Date().toUTCString(),`
ApRequestService: don't generate our own Host header (#9378) 2023-01-16 17:21:15 +00:00			`'Host': u.host,`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`'Content-Type': 'application/activity+json',`
			`'Digest': digestHeader,`
			`}, args.additionalHeaders),`
			`};`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`return {`
			`request,`
			`signingString: result.signingString,`
			`signature: result.signature,`
			`signatureHeader: result.signatureHeader,`
			`};`
			`}`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`static createSignedGet(args: { key: PrivateKey, url: string, additionalHeaders: Record<string, string> }): Signed {`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`const u = new URL(args.url);`

			`const request: Request = {`
			`url: u.href,`
			`method: 'GET',`
test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`headers: this.#objectAssignWithLcKey({`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`'Accept': 'application/activity+json, application/ld+json',`
			`'Date': new Date().toUTCString(),`
ApRequestService: don't generate our own Host header (#9378) 2023-01-16 17:21:15 +00:00			`'Host': new URL(args.url).host,`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`}, args.additionalHeaders),`
			`};`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`return {`
			`request,`
			`signingString: result.signingString,`
			`signature: result.signature,`
			`signatureHeader: result.signatureHeader,`
			`};`
			`}`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`static #signToRequest(request: Request, key: PrivateKey, includeHeaders: string[]): Signed {`
			`const signingString = this.#genSigningString(request, includeHeaders);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`const signature = crypto.sign('sha256', Buffer.from(signingString), key.privateKeyPem).toString('base64');`
			const signatureHeader = `keyId="${key.keyId}",algorithm="rsa-sha256",headers="${includeHeaders.join(' ')}",signature="${signature}"`;

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`request.headers = this.#objectAssignWithLcKey(request.headers, {`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`Signature: signatureHeader,`
			`});`
ApRequestService: don't generate our own Host header (#9378) 2023-01-16 17:21:15 +00:00			`// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!`
			`delete request.headers['host'];`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`return {`
			`request,`
			`signingString,`
			`signature,`
			`signatureHeader,`
			`};`
			`}`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`static #genSigningString(request: Request, includeHeaders: string[]): string {`
			`request.headers = this.#lcObjectKey(request.headers);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`const results: string[] = [];`

			`for (const key of includeHeaders.map(x => x.toLowerCase())) {`
			`if (key === '(request-target)') {`
			results.push(`(request-target): ${request.method.toLowerCase()} ${new URL(request.url).pathname}`);
			`} else {`
			results.push(`${key}: ${request.headers[key]}`);
			`}`
			`}`

			`return results.join('\n');`
			`}`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`static #lcObjectKey(src: Record<string, string>): Record<string, string> {`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`const dst: Record<string, string> = {};`
			`for (const key of Object.keys(src).filter(x => x !== '__proto__' && typeof src[x] === 'string')) dst[key.toLowerCase()] = src[key];`
			`return dst;`
			`}`

test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`static #objectAssignWithLcKey(a: Record<string, string>, b: Record<string, string>): Record<string, string> {`
			`return Object.assign(this.#lcObjectKey(a), this.#lcObjectKey(b));`
			`}`
			`}`

			`@Injectable()`
			`export class ApRequestService {`
			`private logger: Logger;`

			`constructor(`
			`@Inject(DI.config)`
			`private config: Config,`

enhance(backend): improve userkeypair cache 2023-04-05 03:10:40 +00:00			`private userKeypairService: UserKeypairService,`
test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`private httpRequestService: HttpRequestService,`
			`private loggerService: LoggerService,`
			`) {`
			`// eslint-disable-next-line @typescript-eslint/no-unnecessary-condition`
			`this.logger = this.loggerService?.getLogger('ap-request'); // なぜか TypeError: Cannot read properties of undefined (reading 'getLogger') と言われる`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`}`

refactor: introduce bindThis decorator to bind this automaticaly 2022-12-04 06:03:09 +00:00			`@bindThis`
refactor(backend): `core/activitypub` (#11247) * eslint: `explicit-function-return-type` * eslint: `no-unnecessary-condition` * eslint: `eslint-disable-next-line` * eslint: `no-unused-vars` * eslint: `comma-dangle` * eslint: `import/order` * cleanup: unnecessary non-null assertion * cleanup: `IActivity`に`actor`は常に存在するようなので * cleanup: unnecessary `as` * cleanup: unnecessary `Promise.resolve` * cleanup * refactor: `String.prototype.match()`である必要がない部分をよりシンプルな書き方に変更 * refactor: よりよい型定義 * refactor: よりよい型定義 - `LdSignature`の`normalize`メソッドでの使われ方から、 - `data`引数の型定義を`any`から`JsonLdDocument`へ修正 - `getLoader`メソッドの返り値の型定義の一部を`any`から`RemoteDocument`へ修正 - `contextUrl`が不正な値（`null`）となっていたことが判明したため`undefined`へ修正 - `document`の型と合わせるために`CONTEXTS`の型定義の一部を`unknown`から`JsonLd`へ修正 - とりあえず`satisfies`を使用 - `document`の型と合わせるために`fetchDocument`メソッドの返り値の型定義の一部を`unknown`から`JsonLd`へ修正 - どうしようもなく`as`を使用 * refactor: 型ガードを使うことでnon-null assertionをやめた * refactor: non-null assertionをやめた `.filter()`で行っている型ガードなどの文脈から、より適しているだろうと思われる書き方に変更した。 * refactor: 型ガードを使うことで`as`をやめた * refactor: `as`をやめた * refactor: よりよい型定義 - `id`は`null`とのunionになっていたが、`null`を渡している場面はなかった - またおそらくこのメソッドは`IOrderedCollection`を返すため、そちらに合わせて`null`とのunionをやめた - `IOrderedCollection`とはまだ型に相違がある - `totalItems`をコメントや使われ方を元に`number`へ推論 * refactor: `for-of` -> `Array.prototype.map` * refactor: `delete`演算子を使わない形に 2023-07-13 03:48:34 +00:00			`public async signedPost(user: { id: User['id'] }, url: string, object: unknown): Promise<void> {`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`const body = JSON.stringify(object);`

enhance(backend): improve userkeypair cache 2023-04-05 03:10:40 +00:00			`const keypair = await this.userKeypairService.getUserKeypair(user.id);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`const req = ApRequestCreator.createSignedPost({`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`key: {`
			`privateKeyPem: keypair.privateKey,`
			keyId: `${this.config.url}/users/${user.id}#main-key`,
			`},`
			`url,`
			`body,`
			`additionalHeaders: {`
			`},`
			`});`

fix(server): node-fetchおよびgotを使う以前の実装に戻す see #9710 2023-01-25 03:00:04 +00:00			`await this.httpRequestService.send(url, {`
			`method: req.request.method,`
			`headers: req.request.headers,`
			`body,`
			`});`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`}`

			`/**`
			`* Get AP object with http-signature`
			`* @param user http-signature user`
			`* @param url URL to fetch`
			`*/`
refactor: introduce bindThis decorator to bind this automaticaly 2022-12-04 06:03:09 +00:00			`@bindThis`
refactor(backend): `core/activitypub` (#11247) * eslint: `explicit-function-return-type` * eslint: `no-unnecessary-condition` * eslint: `eslint-disable-next-line` * eslint: `no-unused-vars` * eslint: `comma-dangle` * eslint: `import/order` * cleanup: unnecessary non-null assertion * cleanup: `IActivity`に`actor`は常に存在するようなので * cleanup: unnecessary `as` * cleanup: unnecessary `Promise.resolve` * cleanup * refactor: `String.prototype.match()`である必要がない部分をよりシンプルな書き方に変更 * refactor: よりよい型定義 * refactor: よりよい型定義 - `LdSignature`の`normalize`メソッドでの使われ方から、 - `data`引数の型定義を`any`から`JsonLdDocument`へ修正 - `getLoader`メソッドの返り値の型定義の一部を`any`から`RemoteDocument`へ修正 - `contextUrl`が不正な値（`null`）となっていたことが判明したため`undefined`へ修正 - `document`の型と合わせるために`CONTEXTS`の型定義の一部を`unknown`から`JsonLd`へ修正 - とりあえず`satisfies`を使用 - `document`の型と合わせるために`fetchDocument`メソッドの返り値の型定義の一部を`unknown`から`JsonLd`へ修正 - どうしようもなく`as`を使用 * refactor: 型ガードを使うことでnon-null assertionをやめた * refactor: non-null assertionをやめた `.filter()`で行っている型ガードなどの文脈から、より適しているだろうと思われる書き方に変更した。 * refactor: 型ガードを使うことで`as`をやめた * refactor: `as`をやめた * refactor: よりよい型定義 - `id`は`null`とのunionになっていたが、`null`を渡している場面はなかった - またおそらくこのメソッドは`IOrderedCollection`を返すため、そちらに合わせて`null`とのunionをやめた - `IOrderedCollection`とはまだ型に相違がある - `totalItems`をコメントや使われ方を元に`number`へ推論 * refactor: `for-of` -> `Array.prototype.map` * refactor: `delete`演算子を使わない形に 2023-07-13 03:48:34 +00:00			`public async signedGet(url: string, user: { id: User['id'] }): Promise<unknown> {`
enhance(backend): improve userkeypair cache 2023-04-05 03:10:40 +00:00			`const keypair = await this.userKeypairService.getUserKeypair(user.id);`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
test(backend): restore ap-request tests (#9997) Co-authored-by: tamaina <tamaina@hotmail.co.jp> 2023-02-24 07:10:48 +00:00			`const req = ApRequestCreator.createSignedGet({`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00			`key: {`
			`privateKeyPem: keypair.privateKey,`
			keyId: `${this.config.url}/users/${user.id}#main-key`,
			`},`
			`url,`
			`additionalHeaders: {`
			`},`
			`});`

fix(server): node-fetchおよびgotを使う以前の実装に戻す see #9710 2023-01-25 03:00:04 +00:00			`const res = await this.httpRequestService.send(url, {`
			`method: req.request.method,`
			`headers: req.request.headers,`
			`});`
なんかもうめっちゃ変えた 2022-09-17 18:27:08 +00:00
			`return await res.json();`
			`}`
			`}`