enhance: account migration (#10592)

* copy block and mute then create follow and unfollow jobs

* copy block and mute and update lists when detecting an account has moved

* no need to care promise orders

* refactor updating actor and target

* automatically accept if a locked account had accepted an old account

* fix exception format

* prevent the old account from calling some endpoints

* do not unfollow when moving

* adjust following and follower counts

* check movedToUri when receiving a follow request

* skip if no need to adjust

* Revert "disable account migration"

This reverts commit 2321214c98.

* fix translation specifier

* fix checking alsoKnownAs and uri

* fix updating account

* fix refollowing locked account

* decrease followersCount if followed by the old account

* adjust following and followers counts when unfollowing

* fix copying mutings

* prohibit moved account from moving again

* fix move service

* allow app creation after moving

* fix lint

* remove unnecessary field

* fix cache update

* add e2e test

* add e2e test of accepting the new account automatically

* force follow if any error happens

* remove unnecessary joins

* use Array.map instead of for const of

* ユーザーリストの移行は追加のみを行う

* nanka iroiro

* fix misskey-js?

* ✌️

* 移行を行ったアカウントからのフォローリクエストの自動許可を調整

* newUriを外に出す

* newUriを外に出す2

* clean up

* fix newUri

* prevent moving if the destination account has already moved

* set alsoKnownAs via /i/update

* fix database initialization

* add return type

* prohibit updating alsoKnownAs after moving

* skip to add to alsoKnownAs if toUrl is known

* skip adding to the list if it already has

* use Acct.parse instead

* rename error code

* 🎨

* 制限を5から10に緩和

* movedTo(Uri), alsoKnownAsはユーザーidを返すように

* test api res

* fix

* 元アカウントはミュートし続ける

* 🎨

* unfollow

* fix

* getUserUriをUserEntityServiceに

* ?

* job!

* 🎨

* instance => server

* accountMovedShort, forbiddenBecauseYouAreMigrated

* accountMovedShort

* fix test

* import, pin禁止

* 実績を凍結する

* clean up

* ✌️

* change message

* ブロック, フォロー, ミュート, リストのインポートファイルの制限を32MiBに

* Revert "ブロック, フォロー, ミュート, リストのインポートファイルの制限を32MiBに"

This reverts commit 3bd7be35d8aa455cb01ae58f8172a71a50485db1.

* validateAlsoKnownAs

* 移行後2時間以内はインポート可能なファイルサイズを拡大

* clean up

* どうせactorをupdatePersonで更新するならupdatePersonしか移行処理を発行しないことにする

* handle error?

* リモートからの移行処理の条件を是正

* log, port

* fix

* fix

* enhance(dev): non-production環境でhttpサーバー間でもユーザー、ノートの連合が可能なように

* refactor (use checkHttps)

* MISSKEY_WEBFINGER_USE_HTTP

* Environment Variable readme

* NEVER USE IN PRODUCTION

* fix punyHost

* fix indent

* fix

* experimental

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>

packages/backend/test/e2e/endpoints.ts

@@ -4,8 +4,9 @@ import * as assert from 'assert';
 // node-fetch only supports it's own Blob yet
 // https://github.com/node-fetch/node-fetch/pull/1664
 import { Blob } from 'node-fetch';
-import { startServer, signup, post, api, uploadFile, simpleGet } from '../utils.js';
+import { startServer, signup, post, api, uploadFile, simpleGet, initTestDb } from '../utils.js';
 import type { INestApplicationContext } from '@nestjs/common';
+import { User } from '@/models/index.js';
 
 describe('Endpoints', () => {
 	let app: INestApplicationContext;
@@ -289,6 +290,16 @@ describe('Endpoints', () => {
 			}, bob);
 
 			assert.strictEqual(res.status, 200);
+
+			const connection = await initTestDb(true);
+			const Users = connection.getRepository(User);
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.followersCount, 0);
+			assert.strictEqual(newBob.followingCount, 1);
+			const newAlice = await Users.findOneByOrFail({ id: alice.id });
+			assert.strictEqual(newAlice.followersCount, 1);
+			assert.strictEqual(newAlice.followingCount, 0);
+			connection.destroy();
 		});
 
 		test('既にフォローしている場合は怒る', async () => {
@@ -341,6 +352,16 @@ describe('Endpoints', () => {
 			}, bob);
 
 			assert.strictEqual(res.status, 200);
+
+			const connection = await initTestDb(true);
+			const Users = connection.getRepository(User);
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.followersCount, 0);
+			assert.strictEqual(newBob.followingCount, 0);
+			const newAlice = await Users.findOneByOrFail({ id: alice.id });
+			assert.strictEqual(newAlice.followersCount, 0);
+			assert.strictEqual(newAlice.followingCount, 0);
+			connection.destroy();
 		});
 
 		test('フォローしていない場合は怒る', async () => {

packages/backend/test/e2e/move.ts

@@ -0,0 +1,455 @@
+process.env.NODE_ENV = 'test';
+
+import * as assert from 'assert';
+import rndstr from 'rndstr';
+import { loadConfig } from '@/config.js';
+import { User, UsersRepository } from '@/models/index.js';
+import { jobQueue } from '@/boot/common.js';
+import { uploadFile, signup, startServer, initTestDb, api, sleep, successfulApiCall } from '../utils.js';
+import type { INestApplicationContext } from '@nestjs/common';
+
+describe('Account Move', () => {
+	let app: INestApplicationContext;
+	let url: URL;
+
+	let root: any;
+	let alice: any;
+	let bob: any;
+	let carol: any;
+	let dave: any;
+	let eve: any;
+	let frank: any;
+
+	let Users: UsersRepository;
+
+	beforeAll(async () => {
+		app = await startServer();
+		await jobQueue();
+		const config = loadConfig();
+		url = new URL(config.url);
+		const connection = await initTestDb(false);
+		root = await signup({ username: 'root' });
+		alice = await signup({ username: 'alice' });
+		bob = await signup({ username: 'bob' });
+		carol = await signup({ username: 'carol' });
+		dave = await signup({ username: 'dave' });
+		eve = await signup({ username: 'eve' });
+		frank = await signup({ username: 'frank' });
+		Users = connection.getRepository(User);
+	}, 1000 * 60 * 2);
+
+	afterAll(async () => {
+		await app.close();
+	});
+
+	describe('Create Alias', () => {
+		afterEach(async () => {
+			await Users.update(bob.id, { alsoKnownAs: null });
+		}, 1000 * 10);
+
+		test('Able to create an alias', async () => {
+			const res = await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`],
+			}, bob);
+
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.alsoKnownAs?.length, 1);
+			assert.strictEqual(newBob.alsoKnownAs[0], `${url.origin}/users/${alice.id}`);
+			assert.strictEqual(res.body.alsoKnownAs?.length, 1);
+			assert.strictEqual(res.body.alsoKnownAs[0], alice.id);
+		});
+
+		test('Able to create a local alias without hostname', async () => {
+			await api('/i/update', {
+				alsoKnownAs: ['@alice'],
+			}, bob);
+
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.alsoKnownAs?.length, 1);
+			assert.strictEqual(newBob.alsoKnownAs[0], `${url.origin}/users/${alice.id}`);
+		});
+
+		test('Able to create a local alias without @', async () => {
+			await api('/i/update', {
+				alsoKnownAs: ['alice'],
+			}, bob);
+
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.alsoKnownAs?.length, 1);
+			assert.strictEqual(newBob.alsoKnownAs[0], `${url.origin}/users/${alice.id}`);
+		});
+
+		test('Able to set remote user (but may fail)', async () => {
+			const res = await api('/i/update', {
+				alsoKnownAs: ['@syuilo@example.com'],
+			}, bob);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'NO_SUCH_USER');
+			assert.strictEqual(res.body.error.id, 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5');
+		});
+
+		test('Unable to add duplicated aliases to alsoKnownAs', async () => {
+			const res = await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`, `@alice@${url.hostname}`],
+			}, bob);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'INVALID_PARAM');
+			assert.strictEqual(res.body.error.id, '3d81ceae-475f-4600-b2a8-2bc116157532');
+		});
+
+		test('Unable to add itself', async () => {
+			const res = await api('/i/update', {
+				alsoKnownAs: [`@bob@${url.hostname}`],
+			}, bob);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'FORBIDDEN_TO_SET_YOURSELF');
+			assert.strictEqual(res.body.error.id, '25c90186-4ab0-49c8-9bba-a1fa6c202ba4');
+		});
+
+		test('Unable to add a nonexisting local account to alsoKnownAs', async () => {
+			const res1 = await api('/i/update', {
+				alsoKnownAs: [`@nonexist@${url.hostname}`],
+			}, bob);
+
+			assert.strictEqual(res1.status, 400);
+			assert.strictEqual(res1.body.error.code, 'NO_SUCH_USER');
+			assert.strictEqual(res1.body.error.id, 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5');
+
+			const res2 = await api('/i/update', {
+				alsoKnownAs: ['@alice', 'nonexist'],
+			}, bob);
+
+			assert.strictEqual(res2.status, 400);
+			assert.strictEqual(res2.body.error.code, 'NO_SUCH_USER');
+			assert.strictEqual(res2.body.error.id, 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5');
+		});
+
+		test('Able to add two existing local account to alsoKnownAs', async () => {
+			await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`, `@carol@${url.hostname}`],
+			}, bob);
+
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.alsoKnownAs?.length, 2);
+			assert.strictEqual(newBob.alsoKnownAs[0], `${url.origin}/users/${alice.id}`);
+			assert.strictEqual(newBob.alsoKnownAs[1], `${url.origin}/users/${carol.id}`);
+		});
+
+		test('Able to properly overwrite alsoKnownAs', async () => {
+			await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`],
+			}, bob);
+			await api('/i/update', {
+				alsoKnownAs: [`@carol@${url.hostname}`, `@dave@${url.hostname}`],
+			}, bob);
+
+			const newBob = await Users.findOneByOrFail({ id: bob.id });
+			assert.strictEqual(newBob.alsoKnownAs?.length, 2);
+			assert.strictEqual(newBob.alsoKnownAs[0], `${url.origin}/users/${carol.id}`);
+			assert.strictEqual(newBob.alsoKnownAs[1], `${url.origin}/users/${dave.id}`);
+		});
+	});
+
+	describe('Local to Local', () => {
+		let antennaId = '';
+
+		beforeAll(async () => {
+			await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`],
+			}, root);
+			const listRoot = await api('/users/lists/create', {
+				name: rndstr('0-9a-z', 8),
+			}, root);
+			await api('/users/lists/push', {
+				listId: listRoot.body.id,
+				userId: alice.id,
+			}, root);
+
+			await api('/following/create', {
+				userId: root.id,
+			}, alice);
+			await api('/following/create', {
+				userId: eve.id,
+			}, alice);
+			const antenna = await api('/antennas/create', {
+				name: rndstr('0-9a-z', 8),
+				src: 'home',
+				keywords: [rndstr('0-9a-z', 8)],
+				excludeKeywords: [],
+				users: [],
+				caseSensitive: false,
+				withReplies: false,
+				withFile: false,
+				notify: false,
+			}, alice);
+			antennaId = antenna.body.id;
+
+			await api('/i/update', {
+				alsoKnownAs: [`@alice@${url.hostname}`],
+			}, bob);
+
+			await api('/following/create', {
+				userId: alice.id,
+			}, carol);
+
+			await api('/mute/create', {
+				userId: alice.id,
+			}, dave);
+			await api('/blocking/create', {
+				userId: alice.id,
+			}, dave);
+			await api('/following/create', {
+				userId: eve.id,
+			}, dave);
+
+			await api('/following/create', {
+				userId: dave.id,
+			}, eve);
+			const listEve = await api('/users/lists/create', {
+				name: rndstr('0-9a-z', 8),
+			}, eve);
+			await api('/users/lists/push', {
+				listId: listEve.body.id,
+				userId: bob.id,
+			}, eve);
+
+			await api('/i/update', {
+				isLocked: true,
+			}, frank);
+			await api('/following/create', {
+				userId: frank.id,
+			}, alice);
+			await api('/following/requests/accept', {
+				userId: alice.id,
+			}, frank);
+		}, 1000 * 10);
+
+		test('Prohibit the root account from moving', async () => {
+			const res = await api('/i/move', {
+				moveToAccount: `@bob@${url.hostname}`,
+			}, root);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'NOT_ROOT_FORBIDDEN');
+			assert.strictEqual(res.body.error.id, '4362e8dc-731f-4ad8-a694-be2a88922a24');
+		});
+
+		test('Unable to move to a nonexisting local account', async () => {
+			const res = await api('/i/move', {
+				moveToAccount: `@nonexist@${url.hostname}`,
+			}, alice);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'NO_SUCH_USER');
+			assert.strictEqual(res.body.error.id, 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5');
+		});
+
+		test('Unable to move if alsoKnownAs is invalid', async () => {
+			const res = await api('/i/move', {
+				moveToAccount: `@carol@${url.hostname}`,
+			}, alice);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'DESTINATION_ACCOUNT_FORBIDS');
+			assert.strictEqual(res.body.error.id, 'b5c90186-4ab0-49c8-9bba-a1f766282ba4');
+		});
+
+		test('Relationships have been properly migrated', async () => {
+			const move = await api('/i/move', {
+				moveToAccount: `@bob@${url.hostname}`,
+			}, alice);
+
+			assert.strictEqual(move.status, 200);
+
+			await sleep(1000 * 3); // wait for jobs to finish
+
+			// Unfollow delayed?
+			const aliceFollowings = await api('/users/following', {
+				userId: alice.id,
+			}, alice);
+			assert.strictEqual(aliceFollowings.status, 200);
+			assert.strictEqual(aliceFollowings.body.length, 3);
+
+			const carolFollowings = await api('/users/following', {
+				userId: carol.id,
+			}, carol);
+			assert.strictEqual(carolFollowings.status, 200);
+			assert.strictEqual(carolFollowings.body.length, 2);
+			assert.strictEqual(carolFollowings.body[0].followeeId, bob.id);
+			assert.strictEqual(carolFollowings.body[1].followeeId, alice.id);
+
+			const blockings = await api('/blocking/list', {}, dave);
+			assert.strictEqual(blockings.status, 200);
+			assert.strictEqual(blockings.body.length, 2);
+			assert.strictEqual(blockings.body[0].blockeeId, bob.id);
+			assert.strictEqual(blockings.body[1].blockeeId, alice.id);
+
+			const mutings = await api('/mute/list', {}, dave);
+			assert.strictEqual(mutings.status, 200);
+			assert.strictEqual(mutings.body.length, 2);
+			assert.strictEqual(mutings.body[0].muteeId, bob.id);
+			assert.strictEqual(mutings.body[1].muteeId, alice.id);
+
+			const rootLists = await api('/users/lists/list', {}, root);
+			assert.strictEqual(rootLists.status, 200);
+			assert.strictEqual(rootLists.body[0].userIds.length, 2);
+			assert.ok(rootLists.body[0].userIds.find((id: string) => id === bob.id));
+			assert.ok(rootLists.body[0].userIds.find((id: string) => id === alice.id));
+
+			const eveLists = await api('/users/lists/list', {}, eve);
+			assert.strictEqual(eveLists.status, 200);
+			assert.strictEqual(eveLists.body[0].userIds.length, 1);
+			assert.ok(eveLists.body[0].userIds.find((id: string) => id === bob.id));
+		});
+
+		test('A locked account automatically accept the follow request if it had already accepted the old account.', async () => {
+			await successfulApiCall({
+				endpoint: '/following/create',
+				parameters: {
+					userId: frank.id,
+				},
+				user: bob,
+			});
+			const followers = await api('/users/followers', {
+				userId: frank.id,
+			}, frank);
+
+			assert.strictEqual(followers.status, 200);
+			assert.strictEqual(followers.body.length, 2);
+			assert.strictEqual(followers.body[0].followerId, bob.id);
+		});
+
+		test('Unfollowed after 10 sec (24 hours in production).', async () => {
+			await sleep(1000 * 8);
+
+			const following = await api('/users/following', {
+				userId: alice.id,
+			}, alice);
+
+			assert.strictEqual(following.status, 200);
+			assert.strictEqual(following.body.length, 0);
+		});
+
+		test('Unable to move if the destination account has already moved.', async () => {
+			const res = await api('/i/move', {
+				moveToAccount: `@alice@${url.hostname}`,
+			}, bob);
+
+			assert.strictEqual(res.status, 400);
+			assert.strictEqual(res.body.error.code, 'DESTINATION_ACCOUNT_FORBIDS');
+			assert.strictEqual(res.body.error.id, 'b5c90186-4ab0-49c8-9bba-a1f766282ba4');
+		});
+
+		test('Follow and follower counts are properly adjusted', async () => {
+			await api('/following/create', {
+				userId: alice.id,
+			}, eve);
+			const newAlice = await Users.findOneByOrFail({ id: alice.id });
+			const newCarol = await Users.findOneByOrFail({ id: carol.id });
+			let newEve = await Users.findOneByOrFail({ id: eve.id });
+			assert.strictEqual(newAlice.movedToUri, `${url.origin}/users/${bob.id}`);
+			assert.strictEqual(newAlice.followingCount, 0);
+			assert.strictEqual(newAlice.followersCount, 0);
+			assert.strictEqual(newCarol.followingCount, 1);
+			assert.strictEqual(newEve.followingCount, 1);
+			assert.strictEqual(newEve.followersCount, 1);
+
+			await api('/following/delete', {
+				userId: alice.id,
+			}, eve);
+			newEve = await Users.findOneByOrFail({ id: eve.id });
+			assert.strictEqual(newEve.followingCount, 1);
+			assert.strictEqual(newEve.followersCount, 1);
+		});
+
+		test.each([
+			'/antennas/create',
+			'/channels/create',
+			'/channels/favorite',
+			'/channels/follow',
+			'/channels/unfavorite',
+			'/channels/unfollow',
+			'/clips/add-note',
+			'/clips/create',
+			'/clips/favorite',
+			'/clips/remove-note',
+			'/clips/unfavorite',
+			'/clips/update',
+			'/drive/files/upload-from-url',
+			'/flash/create',
+			'/flash/like',
+			'/flash/unlike',
+			'/flash/update',
+			'/following/create',
+			'/gallery/posts/create',
+			'/gallery/posts/like',
+			'/gallery/posts/unlike',
+			'/gallery/posts/update',
+			'/i/claim-achievement',
+			'/i/move',
+			'/i/import-blocking',
+			'/i/import-following',
+			'/i/import-muting',
+			'/i/import-user-lists',
+			'/i/pin',
+			'/mute/create',
+			'/notes/create',
+			'/notes/favorites/create',
+			'/notes/polls/vote',
+			'/notes/reactions/create',
+			'/pages/create',
+			'/pages/like',
+			'/pages/unlike',
+			'/pages/update',
+			'/renote-mute/create',
+			'/users/lists/create',
+			'/users/lists/pull',
+			'/users/lists/push',
+		])('Prohibit access after moving: %s', async (endpoint) => {
+			const res = await api(endpoint, {}, alice);
+			assert.strictEqual(res.status, 403);
+			assert.strictEqual(res.body.error.code, 'YOUR_ACCOUNT_MOVED');
+			assert.strictEqual(res.body.error.id, '56f20ec9-fd06-4fa5-841b-edd6d7d4fa31');
+		});
+
+		test('Prohibit access after moving: /antennas/update', async () => {
+			const res = await api('/antennas/update', {
+				antennaId,
+				name: rndstr('0-9a-z', 8),
+				src: 'users',
+				keywords: [rndstr('0-9a-z', 8)],
+				excludeKeywords: [],
+				users: [eve.id],
+				caseSensitive: false,
+				withReplies: false,
+				withFile: false,
+				notify: false,
+			}, alice);
+
+			assert.strictEqual(res.status, 403);
+			assert.strictEqual(res.body.error.code, 'YOUR_ACCOUNT_MOVED');
+			assert.strictEqual(res.body.error.id, '56f20ec9-fd06-4fa5-841b-edd6d7d4fa31');
+		});
+
+		test('Prohibit access after moving: /drive/files/create', async () => {
+			const res = await uploadFile(alice);
+
+			assert.strictEqual(res.status, 403);
+			assert.strictEqual(res.body.error.code, 'YOUR_ACCOUNT_MOVED');
+			assert.strictEqual(res.body.error.id, '56f20ec9-fd06-4fa5-841b-edd6d7d4fa31');
+		});
+
+		test('Prohibit updating alsoKnownAs after moving', async () => {
+			const res = await api('/i/update', {
+				alsoKnownAs: [`@eve@${url.hostname}`],
+			}, alice);
+
+			assert.strictEqual(res.status, 403);
+			assert.strictEqual(res.body.error.code, 'YOUR_ACCOUNT_MOVED');
+			assert.strictEqual(res.body.error.id, '56f20ec9-fd06-4fa5-841b-edd6d7d4fa31');
+		});
+	});
+});

packages/backend/test/e2e/users.ts

@@ -83,7 +83,7 @@ describe('ユーザー', () => {
 			...userLite(user),
 			url: user.url,
 			uri: user.uri,
-			movedToUri: user.movedToUri,
+			movedTo: user.movedTo,
 			alsoKnownAs: user.alsoKnownAs,
 			createdAt: user.createdAt,
 			updatedAt: user.updatedAt,
@@ -348,7 +348,7 @@ describe('ユーザー', () => {
 		// UserDetailedNotMeOnly
 		assert.strictEqual(response.url, null);
 		assert.strictEqual(response.uri, null);
-		assert.strictEqual(response.movedToUri, null);
+		assert.strictEqual(response.movedTo, null);
 		assert.strictEqual(response.alsoKnownAs, null);
 		assert.strictEqual(response.createdAt, new Date(response.createdAt).toISOString());
 		assert.strictEqual(response.updatedAt, null);