wip

2018-04-13 06:06:18 +09:00 · 2018-04-13 06:06:18 +09:00 · 3368fe8552
commit 3368fe8552
parent a3bd4ba426
20 changed files with 582 additions and 609 deletions
--- a/package.json
+++ b/package.json
@ -30,6 +30,7 @@
 		"@fortawesome/fontawesome-free-brands": "5.0.2",
 		"@fortawesome/fontawesome-free-regular": "5.0.2",
 		"@fortawesome/fontawesome-free-solid": "5.0.2",
 		"@koa/cors": "^2.2.1",
 		"@prezzemolo/rap": "0.1.2",
 		"@prezzemolo/zip": "0.0.3",
 		"@types/bcryptjs": "2.4.1",
@ -58,7 +59,12 @@
 		"@types/js-yaml": "3.11.1",
 		"@types/koa": "^2.0.45",
 		"@types/koa-bodyparser": "^4.2.0",
 		"@types/koa-favicon": "^2.0.19",
 		"@types/koa-mount": "^3.0.1",
 		"@types/koa-multer": "^1.0.0",
 		"@types/koa-router": "^7.0.27",
 		"@types/koa-send": "^4.1.1",
 		"@types/koa__cors": "^2.2.2",
 		"@types/kue": "^0.11.8",
 		"@types/license-checker": "15.0.0",
 		"@types/mkdirp": "0.5.2",
@ -144,7 +150,11 @@
 		"js-yaml": "3.11.0",
 		"jsdom": "11.7.0",
 		"koa": "^2.5.0",
 		"koa-favicon": "^2.0.1",
 		"koa-mount": "^3.0.0",
 		"koa-multer": "^1.0.2",
 		"koa-router": "^7.4.0",
 		"koa-send": "^4.1.3",
 		"kue": "0.11.6",
 		"license-checker": "18.0.0",
 		"loader-utils": "1.1.0",
--- a/src/client/app/boot.js
+++ b/src/client/app/boot.js
@ -97,6 +97,8 @@
 		// Compare versions
 		if (meta.version != ver) {
 			localStorage.setItem('v', meta.version);
 			alert(
 				'Misskeyの新しいバージョンがあります。ページを再度読み込みします。' +
 				'\n\n' +
--- a/src/client/assets/404.js
+++ b/src/client/assets/404.js
@ -1,25 +0,0 @@
 const yn = window.confirm(
 	'サーバー上に存在しないスクリプトがリクエストされました。お使いのMisskeyのバージョンが古いことが原因の可能性があります。Misskeyを更新しますか？\n\nA script that does not exist on the server was requested. It may be caused by an old version of Misskey you’re using. Do you want to delete the cache?');
 const langYn = window.confirm('また、言語を日本語に設定すると解決する場合があります。日本語に設定しますか？\n\nAlso, setting the language to Japanese may solve the problem. Would you like to set it to Japanese?');
 if (langYn) {
 	localStorage.setItem('lang', 'ja');
 }
 if (yn) {
 	// Clear cache (serive worker)
 	try {
 		navigator.serviceWorker.controller.postMessage('clear');
 		navigator.serviceWorker.getRegistrations().then(registrations => {
 			registrations.forEach(registration => registration.unregister());
 		});
 	} catch (e) {
 		console.error(e);
 	}
 	localStorage.removeItem('v');
 	location.reload(true);
 }
--- a/src/index.ts
+++ b/src/index.ts
@ -10,7 +10,6 @@ import * as debug from 'debug';
 import chalk from 'chalk';
 // import portUsed = require('tcp-port-used');
 import isRoot = require('is-root');
 import { master } from 'accesses';
 import Xev from 'xev';
 import Logger from './utils/logger';
@ -73,11 +72,6 @@ async function masterMain(opt) {
 	Logger.info(chalk.green('Successfully initialized :)'));
 	// Init accesses
 	if (config.accesses && config.accesses.enable) {
 		master();
 	}
 	spawnWorkers(() => {
 		if (!opt['only-processor']) {
 			Logger.info(chalk.bold.green(
--- a/src/server/api/api-handler.ts
+++ b/src/server/api/api-handler.ts
@ -1,4 +1,4 @@
-import * as express from 'express';
+import * as Koa from 'koa';
 import { Endpoint } from './endpoints';
 import authenticate from './authenticate';
@ -6,16 +6,17 @@ import call from './call';
 import { IUser } from '../../models/user';
 import { IApp } from '../../models/app';
-export default async (endpoint: Endpoint, req: express.Request, res: express.Response) => {
+export default async (endpoint: Endpoint, ctx: Koa.Context) => {
 	const reply = (x?: any, y?: any) => {
 		if (x === undefined) {
-			res.sendStatus(204);
+			ctx.status = 204;
 		} else if (typeof x === 'number') {
-			res.status(x).send({
+			ctx.status = x;
 			ctx.body = {
 				error: x === 500 ? 'INTERNAL_ERROR' : y
-			});
+			};
 		} else {
-			res.send(x);
+			ctx.body = x;
 		}
 	};
@ -24,11 +25,11 @@ export default async (endpoint: Endpoint, req: express.Request, res: express.Res
 	// Authentication
 	try {
-		[user, app] = await authenticate(req.body['i']);
+		[user, app] = await authenticate(ctx.body['i']);
 	} catch (e) {
 		return reply(403, 'AUTHENTICATION_FAILED');
 	}
 	// API invoking
-	call(endpoint, user, app, req.body, req).then(reply).catch(e => reply(400, e));
+	call(endpoint, user, app, ctx.body, ctx.req).then(reply).catch(e => reply(400, e));
 };
--- a/src/server/api/bot/interfaces/line.ts
+++ b/src/server/api/bot/interfaces/line.ts
@ -1,5 +1,5 @@
 import * as EventEmitter from 'events';
-import * as express from 'express';
+import * as Router from 'koa-router';
 import * as request from 'request';
 import * as crypto from 'crypto';
 import User from '../../../../models/user';
@ -158,9 +158,6 @@ class LineBot extends BotCore {
 	}
 }
 module.exports = async (app: express.Application) => {
 	if (config.line_bot == null) return;
 const handler = new EventEmitter();
 handler.on('event', async (ev) => {
@ -215,25 +212,27 @@ module.exports = async (app: express.Application) => {
 	bot.react(ev);
 });
-	app.post('/hooks/line', (req, res, next) => {
+// Init router
-		// req.headers['x-line-signature'] は常に string ですが、型定義の都合上
+const router = new Router();
-		// string | string[] になっているので string を明示しています
+
-		const sig1 = req.headers['x-line-signature'] as string;
+if (config.line_bot) {
 	router.post('/hooks/line', ctx => {
 		const sig1 = ctx.headers['x-line-signature'];
 		const hash = crypto.createHmac('SHA256', config.line_bot.channel_secret)
-			.update((req as any).rawBody);
+			.update(ctx.request.rawBody);
 		const sig2 = hash.digest('base64');
 		// シグネチャ比較
 		if (sig1 === sig2) {
-			req.body.events.forEach(ev => {
+			ctx.body.events.forEach(ev => {
 				handler.emit('event', ev);
 			});
 			res.sendStatus(200);
 		} else {
-			res.sendStatus(400);
+			ctx.status = 400;
 		}
 	});
-};
+}
 module.exports = router;
--- a/src/server/api/call.ts
+++ b/src/server/api/call.ts
@ -1,11 +1,12 @@
-import * as express from 'express';
+import * as http from 'http';
 import * as multer from 'koa-multer';
 import endpoints, { Endpoint } from './endpoints';
 import limitter from './limitter';
 import { IUser } from '../../models/user';
 import { IApp } from '../../models/app';
-export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: express.Request) => new Promise(async (ok, rej) => {
+export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => {
 	const isSecure = user != null && app == null;
 	//console.log(endpoint, user, app, data);
@ -38,7 +39,7 @@ export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any,
 	let exec = require(`${__dirname}/endpoints/${ep.name}`);
 	if (ep.withFile && req) {
-		exec = exec.bind(null, req.file);
+		exec = exec.bind(null, (req as multer.MulterIncomingMessage).file);
 	}
 	let res;
--- a/src/server/api/common/signin.ts
+++ b/src/server/api/common/signin.ts
@ -1,19 +1,20 @@
-import config from '../../../config';
+import * as Koa from 'koa';
-export default function(res, user, redirect: boolean) {
+import config from '../../../config';
 import { ILocalUser } from '../../../models/user';
 export default function(ctx: Koa.Context, user: ILocalUser, redirect: boolean) {
 	const expires = 1000 * 60 * 60 * 24 * 365; // One Year
-	res.cookie('i', user.token, {
+	ctx.cookies.set('i', user.token, {
 		path: '/',
-		domain: `.${config.hostname}`,
+		domain: config.hostname,
-		secure: config.url.substr(0, 5) === 'https',
+		secure: config.url.startsWith('https'),
 		httpOnly: false,
 		expires: new Date(Date.now() + expires),
 		maxAge: expires
 	});
 	if (redirect) {
-		res.redirect(config.url);
+		ctx.redirect(config.url);
 	} else {
 		res.sendStatus(204);
 	}
 }
--- a/src/server/api/index.ts
+++ b/src/server/api/index.ts
@ -2,53 +2,41 @@
 * API Server
 */
-import * as express from 'express';
+import * as Koa from 'koa';
-import * as bodyParser from 'body-parser';
+import * as Router from 'koa-router';
-import * as cors from 'cors';
+import * as multer from 'koa-multer';
 import * as multer from 'multer';
 import endpoints from './endpoints';
-/**
+const handler = require('./api-handler').default;
 * Init app
 */
 const app = express();
-app.disable('x-powered-by');
+// Init app
-app.set('etag', false);
+const app = new Koa();
 app.use(bodyParser.urlencoded({ extended: true }));
 app.use(bodyParser.json({
 	type: ['application/json', 'text/plain'],
 	verify: (req, res, buf, encoding) => {
 		if (buf && buf.length) {
 			(req as any).rawBody = buf.toString(encoding || 'utf8');
 		}
 	}
 }));
 app.use(cors());
-app.get('/', (req, res) => {
+// Init multer instance
-	res.send('YEE HAW');
+const upload = multer({
 	storage: multer.diskStorage({})
 });
 // Init router
 const router = new Router();
 /**
 * Register endpoint handlers
 */
-endpoints.forEach(endpoint =>
+endpoints.forEach(endpoint => endpoint.withFile
-	endpoint.withFile ?
+	? router.post(`/${endpoint.name}`, upload.single('file'), handler.bind(null, endpoint))
-		app.post(`/${endpoint.name}`,
+	: router.post(`/${endpoint.name}`, handler.bind(null, endpoint))
 			endpoint.withFile ? multer({ storage: multer.diskStorage({}) }).single('file') : null,
 			require('./api-handler').default.bind(null, endpoint)) :
 		app.post(`/${endpoint.name}`,
 			require('./api-handler').default.bind(null, endpoint))
 );
-app.post('/signup', require('./private/signup').default);
+router.post('/signup', require('./private/signup').default);
-app.post('/signin', require('./private/signin').default);
+router.post('/signin', require('./private/signin').default);
-require('./service/github')(app);
+router.use(require('./service/github').routes());
-require('./service/twitter')(app);
+router.use(require('./service/twitter').routes());
 router.use(require('./bot/interfaces/line').routes());
-require('./bot/interfaces/line')(app);
+// Register router
 app.use(router.routes());
 module.exports = app;
--- a/src/server/api/private/signin.ts
+++ b/src/server/api/private/signin.ts
@ -1,4 +1,4 @@
-import * as express from 'express';
+import * as Koa from 'koa';
 import * as bcrypt from 'bcryptjs';
 import * as speakeasy from 'speakeasy';
 import User, { ILocalUser } from '../../../models/user';
@ -7,26 +7,26 @@ import event from '../../../publishers/stream';
 import signin from '../common/signin';
 import config from '../../../config';
-export default async (req: express.Request, res: express.Response) => {
+export default async (ctx: Koa.Context) => {
-	res.header('Access-Control-Allow-Origin', config.url);
+	ctx.set('Access-Control-Allow-Origin', config.url);
-	res.header('Access-Control-Allow-Credentials', 'true');
+	ctx.set('Access-Control-Allow-Credentials', 'true');
-	const username = req.body['username'];
+	const username = ctx.body['username'];
-	const password = req.body['password'];
+	const password = ctx.body['password'];
-	const token = req.body['token'];
+	const token = ctx.body['token'];
 	if (typeof username != 'string') {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
 	if (typeof password != 'string') {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
 	if (token != null && typeof token != 'string') {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
@ -37,12 +37,12 @@ export default async (req: express.Request, res: express.Response) => {
 	}, {
 		fields: {
 			data: false,
-			'profile': false
+			profile: false
 		}
 	}) as ILocalUser;
 	if (user === null) {
-		res.status(404).send({
+		ctx.throw(404, {
 			error: 'user not found'
 		});
 		return;
@ -60,17 +60,17 @@ export default async (req: express.Request, res: express.Response) => {
 			});
 			if (verified) {
-				signin(res, user, false);
+				signin(ctx, user, false);
 			} else {
-				res.status(400).send({
+				ctx.throw(400, {
 					error: 'invalid token'
 				});
 			}
 		} else {
-			signin(res, user, false);
+			signin(ctx, user, false);
 		}
 	} else {
-		res.status(400).send({
+		ctx.throw(400, {
 			error: 'incorrect password'
 		});
 	}
@ -79,8 +79,8 @@ export default async (req: express.Request, res: express.Response) => {
 	const record = await Signin.insert({
 		createdAt: new Date(),
 		userId: user._id,
-		ip: req.ip,
+		ip: ctx.ip,
-		headers: req.headers,
+		headers: ctx.headers,
 		success: same
 	});
--- a/src/server/api/private/signup.ts
+++ b/src/server/api/private/signup.ts
@ -1,5 +1,5 @@
 import * as uuid from 'uuid';
-import * as express from 'express';
+import * as Koa from 'koa';
 import * as bcrypt from 'bcryptjs';
 import { generate as generateKeypair } from '../../../crypto_key';
 import recaptcha = require('recaptcha-promise');
@ -33,30 +33,30 @@ const home = {
 	]
 };
-export default async (req: express.Request, res: express.Response) => {
+export default async (ctx: Koa.Context) => {
 	// Verify recaptcha
 	// ただしテスト時はこの機構は障害となるため無効にする
 	if (process.env.NODE_ENV !== 'test') {
-		const success = await recaptcha(req.body['g-recaptcha-response']);
+		const success = await recaptcha(ctx.body['g-recaptcha-response']);
 		if (!success) {
-			res.status(400).send('recaptcha-failed');
+			ctx.throw(400, 'recaptcha-failed');
 			return;
 		}
 	}
-	const username = req.body['username'];
+	const username = ctx.body['username'];
-	const password = req.body['password'];
+	const password = ctx.body['password'];
 	// Validate username
 	if (!validateUsername(username)) {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
 	// Validate password
 	if (!validatePassword(password)) {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
@ -71,7 +71,7 @@ export default async (req: express.Request, res: express.Response) => {
 	// Check username already used
 	if (usernameExist !== 0) {
-		res.sendStatus(400);
+		ctx.status = 400;
 		return;
 	}
@ -143,5 +143,5 @@ export default async (req: express.Request, res: express.Response) => {
 	});
 	// Response
-	res.send(await pack(account));
+	ctx.body = await pack(account);
 };
--- a/src/server/api/service/github.ts
+++ b/src/server/api/service/github.ts
@ -1,39 +1,52 @@
 import * as EventEmitter from 'events';
-import * as express from 'express';
+import * as Router from 'koa-router';
 import * as request from 'request';
 const crypto = require('crypto');
-import User from '../../../models/user';
+import User, { IUser } from '../../../models/user';
 import createNote from '../../../services/note/create';
 import config from '../../../config';
-module.exports = async (app: express.Application) => {
+const handler = new EventEmitter();
 	if (config.github_bot == null) return;
-	const bot = await User.findOne({
+let bot: IUser;
 const post = async text => {
 	if (bot == null) {
 		const account = await User.findOne({
 			usernameLower: config.github_bot.username.toLowerCase()
 		});
-	if (bot == null) {
+		if (account == null) {
 			console.warn(`GitHub hook bot specified, but not found: @${config.github_bot.username}`);
 			return;
 		} else {
 			bot = account;
 		}
 	}
-	const post = text => createNote(bot, { text });
+	createNote(bot, { text });
 };
-	const handler = new EventEmitter();
+// Init router
 const router = new Router();
-	app.post('/hooks/github', (req, res, next) => {
+if (config.github_bot != null) {
-		// req.headers['x-hub-signature'] および
+	const secret = config.github_bot.hook_secret;
-		// req.headers['x-github-event'] は常に string ですが、型定義の都合上
+
-		// string | string[] になっているので string を明示しています
+	router.post('/hooks/github', ctx => {
-		if ((new Buffer(req.headers['x-hub-signature'] as string)).equals(new Buffer(`sha1=${crypto.createHmac('sha1', config.github_bot.hook_secret).update(JSON.stringify(req.body)).digest('hex')}`))) {
+		const sig1 = new Buffer(ctx.headers['x-hub-signature']);
-			handler.emit(req.headers['x-github-event'] as string, req.body);
+		const sig2 = new Buffer(`sha1=${crypto.createHmac('sha1', secret).update(JSON.stringify(ctx.body)).digest('hex')}`);
-			res.sendStatus(200);
+		if (sig1.equals(sig2)) {
 			handler.emit(ctx.headers['x-github-event'], ctx.body);
 			ctx.status = 204;
 		} else {
-			res.sendStatus(400);
+			ctx.status = 400;
 		}
 	});
 }
 module.exports = router;
 handler.on('status', event => {
 	const state = event.state;
@ -137,4 +150,3 @@ module.exports = async (app: express.Application) => {
 	}
 	post(text);
 });
 };
--- a/src/server/api/service/twitter.ts
+++ b/src/server/api/service/twitter.ts
@ -1,42 +1,41 @@
-import * as express from 'express';
+import * as Koa from 'koa';
-import * as cookie from 'cookie';
+import * as Router from 'koa-router';
 import * as uuid from 'uuid';
 // import * as Twitter from 'twitter';
 // const Twitter = require('twitter');
 import autwh from 'autwh';
 import redis from '../../../db/redis';
-import User, { pack } from '../../../models/user';
+import User, { pack, ILocalUser } from '../../../models/user';
 import event from '../../../publishers/stream';
 import config from '../../../config';
 import signin from '../common/signin';
-module.exports = (app: express.Application) => {
+function getUserToken(ctx: Koa.Context) {
-	function getUserToken(req: express.Request) {
+	return ((ctx.headers['cookie'] || '').match(/i=(!\w+)/) || [null, null])[1];
 		// req.headers['cookie'] は常に string ですが、型定義の都合上
 		// string | string[] になっているので string を明示しています
 		return ((req.headers['cookie'] as string || '').match(/i=(!\w+)/) || [null, null])[1];
 }
-	function compareOrigin(req: express.Request) {
+function compareOrigin(ctx: Koa.Context) {
 	function normalizeUrl(url: string) {
 		return url[url.length - 1] === '/' ? url.substr(0, url.length - 1) : url;
 	}
-		// req.headers['referer'] は常に string ですが、型定義の都合上
+	const referer = ctx.headers['referer'];
 		// string | string[] になっているので string を明示しています
 		const referer = req.headers['referer'] as string;
 	return (normalizeUrl(referer) == normalizeUrl(config.url));
 }
-	app.get('/disconnect/twitter', async (req, res): Promise<any> => {
+// Init router
-		if (!compareOrigin(req)) {
+const router = new Router();
-			res.status(400).send('invalid origin');
+
 router.get('/disconnect/twitter', async ctx => {
 	if (!compareOrigin(ctx)) {
 		ctx.throw(400, 'invalid origin');
 		return;
 	}
-		const userToken = getUserToken(req);
+	const userToken = getUserToken(ctx);
-		if (userToken == null) return res.send('plz signin');
+	if (userToken == null) {
 		ctx.throw(400, 'signin required');
 		return;
 	}
 	const user = await User.findOneAndUpdate({
 		host: null,
@ -47,7 +46,7 @@ module.exports = (app: express.Application) => {
 		}
 	});
-		res.send(`Twitterの連携を解除しました :v:`);
+	ctx.body = `Twitterの連携を解除しました :v:`;
 	// Publish i updated event
 	event(user._id, 'i_updated', await pack(user, user, {
@ -57,104 +56,100 @@ module.exports = (app: express.Application) => {
 });
 if (config.twitter == null) {
-		app.get('/connect/twitter', (req, res) => {
+	router.get('/connect/twitter', ctx => {
-			res.send('現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)');
+		ctx.body = '現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)';
 	});
-		app.get('/signin/twitter', (req, res) => {
+	router.get('/signin/twitter', ctx => {
-			res.send('現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)');
+		ctx.body = '現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)';
 	});
-
+} else {
 		return;
 	}
 	const twAuth = autwh({
 		consumerKey: config.twitter.consumer_key,
 		consumerSecret: config.twitter.consumer_secret,
 		callbackUrl: `${config.url}/api/tw/cb`
 	});
-	app.get('/connect/twitter', async (req, res): Promise<any> => {
+	router.get('/connect/twitter', async ctx => {
-		if (!compareOrigin(req)) {
+		if (!compareOrigin(ctx)) {
-			res.status(400).send('invalid origin');
+			ctx.throw(400, 'invalid origin');
 			return;
 		}
-		const userToken = getUserToken(req);
+		const userToken = getUserToken(ctx);
-		if (userToken == null) return res.send('plz signin');
+		if (userToken == null) {
 			ctx.throw(400, 'signin required');
 			return;
 		}
-		const ctx = await twAuth.begin();
+		const twCtx = await twAuth.begin();
-		redis.set(userToken, JSON.stringify(ctx));
+		redis.set(userToken, JSON.stringify(twCtx));
-		res.redirect(ctx.url);
+		ctx.redirect(twCtx.url);
 	});
-	app.get('/signin/twitter', async (req, res): Promise<any> => {
+	router.get('/signin/twitter', async ctx => {
-		const ctx = await twAuth.begin();
+		const twCtx = await twAuth.begin();
 		const sessid = uuid();
-		redis.set(sessid, JSON.stringify(ctx));
+		redis.set(sessid, JSON.stringify(twCtx));
 		const expires = 1000 * 60 * 60; // 1h
-		res.cookie('signin_with_twitter_session_id', sessid, {
+		ctx.cookies.set('signin_with_twitter_session_id', sessid, {
 			path: '/',
-			domain: `.${config.host}`,
+			domain: config.host,
-			secure: config.url.substr(0, 5) === 'https',
+			secure: config.url.startsWith('https'),
 			httpOnly: true,
 			expires: new Date(Date.now() + expires),
 			maxAge: expires
 		});
-		res.redirect(ctx.url);
+		ctx.redirect(twCtx.url);
 	});
-	app.get('/tw/cb', (req, res): any => {
+	router.get('/tw/cb', ctx => {
-		const userToken = getUserToken(req);
+		const userToken = getUserToken(ctx);
 		if (userToken == null) {
-			// req.headers['cookie'] は常に string ですが、型定義の都合上
+			const sessid = ctx.cookies.get('signin_with_twitter_session_id');
 			// string | string[] になっているので string を明示しています
 			const cookies = cookie.parse((req.headers['cookie'] as string || ''));
-			const sessid = cookies['signin_with_twitter_session_id'];
+			if (sessid == null) {
-
+				ctx.throw(400, 'invalid session');
 			if (sessid == undefined) {
 				res.status(400).send('invalid session');
 				return;
 			}
-			redis.get(sessid, async (_, ctx) => {
+			redis.get(sessid, async (_, twCtx) => {
-				const result = await twAuth.done(JSON.parse(ctx), req.query.oauth_verifier);
+				const result = await twAuth.done(JSON.parse(twCtx), ctx.query.oauth_verifier);
 				const user = await User.findOne({
 					host: null,
 					'twitter.userId': result.userId
-				});
+				}) as ILocalUser;
 				if (user == null) {
-					res.status(404).send(`@${result.screenName}と連携しているMisskeyアカウントはありませんでした...`);
+					ctx.throw(404, `@${result.screenName}と連携しているMisskeyアカウントはありませんでした...`);
 					return;
 				}
-				signin(res, user, true);
+				signin(ctx, user, true);
 			});
 		} else {
-			const verifier = req.query.oauth_verifier;
+			const verifier = ctx.query.oauth_verifier;
 			if (verifier == null) {
-				res.status(400).send('invalid session');
+				ctx.throw(400, 'invalid session');
 				return;
 			}
-			redis.get(userToken, async (_, ctx) => {
+			redis.get(userToken, async (_, twCtx) => {
-				const result = await twAuth.done(JSON.parse(ctx), verifier);
+				const result = await twAuth.done(JSON.parse(twCtx), verifier);
 				const user = await User.findOneAndUpdate({
 					host: null,
-					'token': userToken
+					token: userToken
 				}, {
 					$set: {
-						'twitter': {
+						twitter: {
 							accessToken: result.accessToken,
 							accessTokenSecret: result.accessTokenSecret,
 							userId: result.userId,
@ -163,7 +158,7 @@ module.exports = (app: express.Application) => {
 					}
 				});
-				res.send(`Twitter: @${result.screenName} を、Misskey: @${user.username} に接続しました！`);
+				ctx.body = `Twitter: @${result.screenName} を、Misskey: @${user.username} に接続しました！`;
 				// Publish i updated event
 				event(user._id, 'i_updated', await pack(user, user, {
@ -173,4 +168,6 @@ module.exports = (app: express.Application) => {
 			});
 		}
 	});
-};
+}
 module.exports = router;
--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@ -3,171 +3,33 @@
 */
 import * as fs from 'fs';
-import * as express from 'express';
+import * as Koa from 'koa';
-import * as bodyParser from 'body-parser';
+import * as cors from '@koa/cors';
-import * as cors from 'cors';
+import * as Router from 'koa-router';
-import * as mongodb from 'mongodb';
+import pour from './pour';
-import * as _gm from 'gm';
+import sendDriveFile from './send-drive-file';
 import * as stream from 'stream';
-import DriveFile, { getGridFSBucket } from '../../models/drive-file';
+// Init app
-
+const app = new Koa();
 const gm = _gm.subClass({
 	imageMagick: true
 });
 /**
 * Init app
 */
 const app = express();
 app.disable('x-powered-by');
 app.locals.cache = true;
 app.use(bodyParser.urlencoded({ extended: true }));
 app.use(cors());
-/**
+// Init router
- * Statics
+const router = new Router();
 */
 app.use('/assets', express.static(`${__dirname}/assets`, {
 	maxAge: 1000 * 60 * 60 * 24 * 365 // 一年
 }));
-app.get('/', (req, res) => {
+router.get('/default-avatar.jpg', ctx => {
 	res.send('yee haw');
 });
 app.get('/default-avatar.jpg', (req, res) => {
 	const file = fs.createReadStream(`${__dirname}/assets/avatar.jpg`);
-	send(file, 'image/jpeg', req, res);
+	pour(file, 'image/jpeg', ctx);
 });
-app.get('/app-default.jpg', (req, res) => {
+router.get('/app-default.jpg', ctx => {
 	const file = fs.createReadStream(`${__dirname}/assets/dummy.png`);
-	send(file, 'image/png', req, res);
+	pour(file, 'image/png', ctx);
 });
-interface ISend {
+router.get('/:id', sendDriveFile);
-	contentType: string;
+router.get('/:id/:name', sendDriveFile);
 	stream: stream.Readable;
 }
-function thumbnail(data: stream.Readable, type: string, resize: number): ISend {
+// Register router
-	const readable: stream.Readable = (() => {
+app.use(router.routes());
 		// 動画であれば
 		if (/^video\/.*$/.test(type)) {
 			// TODO
 			// 使わないことになったストリームはしっかり取り壊す
 			data.destroy();
 			return fs.createReadStream(`${__dirname}/assets/thumbnail-not-available.png`);
 		// 画像であれば
 		// Note: SVGはapplication/xml
 		} else if (/^image\/.*$/.test(type) || type == 'application/xml') {
 			// 0フレーム目を送る
 			try {
 				return gm(data).selectFrame(0).stream();
 			// だめだったら
 			} catch (e) {
 				// 使わないことになったストリームはしっかり取り壊す
 				data.destroy();
 				return fs.createReadStream(`${__dirname}/assets/thumbnail-not-available.png`);
 			}
 		// 動画か画像以外
 		} else {
 			data.destroy();
 			return fs.createReadStream(`${__dirname}/assets/not-an-image.png`);
 		}
 	})();
 	let g = gm(readable);
 	if (resize) {
 		g = g.resize(resize, resize);
 	}
 	const stream = g
 		.compress('jpeg')
 		.quality(80)
 		.interlace('line')
 		.stream();
 	return {
 		contentType: 'image/jpeg',
 		stream
 	};
 }
 const commonReadableHandlerGenerator = (req: express.Request, res: express.Response) => (e: Error): void => {
 	console.dir(e);
 	req.destroy();
 	res.destroy(e);
 };
 function send(readable: stream.Readable, type: string, req: express.Request, res: express.Response): void {
 	readable.on('error', commonReadableHandlerGenerator(req, res));
 	const data = ((): ISend => {
 		if (req.query.thumbnail !== undefined) {
 			return thumbnail(readable, type, req.query.size);
 		}
 		return {
 			contentType: type,
 			stream: readable
 		};
 	})();
 	if (readable !== data.stream) {
 		data.stream.on('error', commonReadableHandlerGenerator(req, res));
 	}
 	if (req.query.download !== undefined) {
 		res.header('Content-Disposition', 'attachment');
 	}
 	res.header('Content-Type', data.contentType);
 	data.stream.pipe(res);
 	data.stream.on('end', () => {
 		res.end();
 	});
 }
 async function sendFileById(req: express.Request, res: express.Response): Promise<void> {
 	// Validate id
 	if (!mongodb.ObjectID.isValid(req.params.id)) {
 		res.status(400).send('incorrect id');
 		return;
 	}
 	const fileId = new mongodb.ObjectID(req.params.id);
 	// Fetch (drive) file
 	const file = await DriveFile.findOne({ _id: fileId });
 	// validate name
 	if (req.params.name !== undefined && req.params.name !== file.filename) {
 		res.status(404).send('there is no file has given name');
 		return;
 	}
 	if (file == null) {
 		res.status(404).sendFile(`${__dirname}/assets/dummy.png`);
 		return;
 	}
 	const bucket = await getGridFSBucket();
 	const readable = bucket.openDownloadStream(fileId);
 	send(readable, file.contentType, req, res);
 }
 /**
 * Routing
 */
 app.get('/:id', sendFileById);
 app.get('/:id/:name', sendFileById);
 module.exports = app;
--- a/src/server/file/pour.ts
+++ b/src/server/file/pour.ts
@ -0,0 +1,93 @@
 import * as fs from 'fs';
 import * as stream from 'stream';
 import * as Koa from 'koa';
 import * as Gm from 'gm';
 const gm = Gm.subClass({
 	imageMagick: true
 });
 interface ISend {
 	contentType: string;
 	stream: stream.Readable;
 }
 function thumbnail(data: stream.Readable, type: string, resize: number): ISend {
 	const readable: stream.Readable = (() => {
 		// 動画であれば
 		if (/^video\/.*$/.test(type)) {
 			// TODO
 			// 使わないことになったストリームはしっかり取り壊す
 			data.destroy();
 			return fs.createReadStream(`${__dirname}/assets/thumbnail-not-available.png`);
 		// 画像であれば
 		// Note: SVGはapplication/xml
 		} else if (/^image\/.*$/.test(type) || type == 'application/xml') {
 			// 0フレーム目を送る
 			try {
 				return gm(data).selectFrame(0).stream();
 			// だめだったら
 			} catch (e) {
 				// 使わないことになったストリームはしっかり取り壊す
 				data.destroy();
 				return fs.createReadStream(`${__dirname}/assets/thumbnail-not-available.png`);
 			}
 		// 動画か画像以外
 		} else {
 			data.destroy();
 			return fs.createReadStream(`${__dirname}/assets/not-an-image.png`);
 		}
 	})();
 	let g = gm(readable);
 	if (resize) {
 		g = g.resize(resize, resize);
 	}
 	const stream = g
 		.compress('jpeg')
 		.quality(80)
 		.interlace('line')
 		.stream();
 	return {
 		contentType: 'image/jpeg',
 		stream
 	};
 }
 const commonReadableHandlerGenerator = (ctx: Koa.Context) => (e: Error): void => {
 	console.error(e);
 	ctx.status = 500;
 };
 export default function(readable: stream.Readable, type: string, ctx: Koa.Context): void {
 	readable.on('error', commonReadableHandlerGenerator(ctx));
 	const data = ((): ISend => {
 		if (ctx.query.thumbnail !== undefined) {
 			return thumbnail(readable, type, ctx.query.size);
 		}
 		return {
 			contentType: type,
 			stream: readable
 		};
 	})();
 	if (readable !== data.stream) {
 		data.stream.on('error', commonReadableHandlerGenerator(ctx));
 	}
 	if (ctx.query.download !== undefined) {
 		ctx.header('Content-Disposition', 'attachment');
 	}
 	ctx.header('Content-Type', data.contentType);
 	data.stream.pipe(ctx.res);
 	data.stream.on('end', () => {
 		ctx.res.end();
 	});
 }
--- a/src/server/file/send-drive-file.ts
+++ b/src/server/file/send-drive-file.ts
@ -0,0 +1,30 @@
 import * as Koa from 'koa';
 import * as send from 'koa-send';
 import * as mongodb from 'mongodb';
 import DriveFile, { getGridFSBucket } from '../../models/drive-file';
 import pour from './pour';
 export default async function(ctx: Koa.Context) {
 	// Validate id
 	if (!mongodb.ObjectID.isValid(ctx.params.id)) {
 		ctx.throw(400, 'incorrect id');
 		return;
 	}
 	const fileId = new mongodb.ObjectID(ctx.params.id);
 	// Fetch drive file
 	const file = await DriveFile.findOne({ _id: fileId });
 	if (file == null) {
 		ctx.status = 404;
 		await send(ctx, `${__dirname}/assets/dummy.png`);
 		return;
 	}
 	const bucket = await getGridFSBucket();
 	const readable = bucket.openDownloadStream(fileId);
 	pour(readable, file.contentType, ctx);
 }
--- a/src/server/index.ts
+++ b/src/server/index.ts
@ -13,7 +13,7 @@ import activityPub from './activitypub';
 import webFinger from './webfinger';
 import config from '../config';
-// Init server
+// Init app
 const app = new Koa();
 app.proxy = true;
 app.use(bodyParser);
@ -46,9 +46,9 @@ function createServer() {
 		Object.keys(config.https).forEach(k => {
 			certs[k] = fs.readFileSync(config.https[k]);
 		});
-		return https.createServer(certs, app);
+		return https.createServer(certs, app.callback);
 	} else {
-		return http.createServer(app);
+		return http.createServer(app.callback);
 	}
 }
--- a/src/server/web/docs.ts
+++ b/src/server/web/docs.ts
@ -1,24 +1,21 @@
 /**
- * Docs Server
+ * Docs
 */
 import * as path from 'path';
-import * as express from 'express';
+import * as Router from 'koa-router';
 import * as send from 'koa-send';
 const docs = path.resolve(`${__dirname}/../../client/docs/`);
-/**
+const router = new Router();
 * Init app
 */
 const app = express();
 app.disable('x-powered-by');
-app.use('/assets', express.static(`${docs}/assets`));
+router.get('/assets', async ctx => {
 	await send(ctx, `${docs}/assets`);
 });
-/**
+router.get(/^\/([a-z_\-\/]+?)$/, async ctx => {
- * Routing
+	await send(ctx, `${docs}/${ctx.params[0]}.html`);
- */
+});
 app.get(/^\/([a-z_\-\/]+?)$/, (req, res) =>
 	res.sendFile(`${docs}/${req.params[0]}.html`));
-module.exports = app;
+module.exports = router;
--- a/src/server/web/index.ts
+++ b/src/server/web/index.ts
@ -5,60 +5,71 @@
 import * as path from 'path';
 import ms = require('ms');
-// express modules
+import * as Koa from 'koa';
-import * as express from 'express';
+import * as Router from 'koa-router';
-import * as bodyParser from 'body-parser';
+import * as send from 'koa-send';
-import * as favicon from 'serve-favicon';
+import * as favicon from 'koa-favicon';
 import * as compression from 'compression';
 const client = path.resolve(`${__dirname}/../../client/`);
-// Create server
+// Init app
-const app = express();
+const app = new Koa();
 app.disable('x-powered-by');
-app.use('/docs', require('./docs'));
+// Serve favicon
 app.use(favicon(`${client}/assets/favicon.ico`));
-app.use(bodyParser.urlencoded({ extended: true }));
+// Common request handler
-app.use(bodyParser.json({
+app.use((ctx, next) => {
-	type: ['application/json', 'text/plain']
+	// IFrameの中に入れられないようにする
-}));
+	ctx.set('X-Frame-Options', 'DENY');
 app.use(compression());
 app.use((req, res, next) => {
 	res.header('X-Frame-Options', 'DENY');
 	next();
 });
 // Init router
 const router = new Router();
 //#region static assets
-app.use(favicon(`${client}/assets/favicon.ico`));
+router.get('/assets', async ctx => {
-app.get('/apple-touch-icon.png', (req, res) => res.sendFile(`${client}/assets/apple-touch-icon.png`));
+	await send(ctx, ctx.path, {
-app.use('/assets', express.static(`${client}/assets`, {
+		root: `${client}/assets`,
-	maxAge: ms('7 days')
+		maxage: ms('7 days'),
-}));
+		immutable: true
-app.use('/assets/*.js', (req, res) => res.sendFile(`${client}/assets/404.js`));
+	});
-app.use('/assets', (req, res) => {
+});
-	res.sendStatus(404);
+
 // Apple touch icon
 router.get('/apple-touch-icon.png', async ctx => {
 	await send(ctx, `${client}/assets/apple-touch-icon.png`);
 });
 // ServiceWroker
-app.get(/^\/sw\.(.+?)\.js$/, (req, res) =>
+router.get(/^\/sw\.(.+?)\.js$/, async ctx => {
-	res.sendFile(`${client}/assets/sw.${req.params[0]}.js`));
+	await send(ctx, `${client}/assets/sw.${ctx.params[0]}.js`);
 });
 // Manifest
-app.get('/manifest.json', (req, res) =>
+router.get('/manifest.json', async ctx => {
-	res.sendFile(`${client}/assets/manifest.json`));
+	await send(ctx, `${client}/assets/manifest.json`);
 });
 //#endregion
-app.get(/\/api:url/, require('./url-preview'));
+// Docs
 router.use('/docs', require('./docs').routes());
 // URL preview endpoint
 router.get('url', require('./url-preview'));
 // Render base html for all requests
-app.get('*', (req, res) => {
+router.get('*', async ctx => {
-	res.sendFile(path.resolve(`${client}/app/base.html`), {
+	await send(ctx, `${client}/app/base.html`, {
-		maxAge: ms('7 days')
+		maxage: ms('7 days'),
 		immutable: true
 	});
 });
 // Register router
 app.use(router.routes());
 module.exports = app;
--- a/src/server/web/url-preview.ts
+++ b/src/server/web/url-preview.ts
@ -1,11 +1,11 @@
-import * as express from 'express';
+import * as Koa from 'koa';
 import summaly from 'summaly';
-module.exports = async (req: express.Request, res: express.Response) => {
+module.exports = async (ctx: Koa.Context) => {
-	const summary = await summaly(req.query.url);
+	const summary = await summaly(ctx.query.url);
 	summary.icon = wrap(summary.icon);
 	summary.thumbnail = wrap(summary.thumbnail);
-	res.send(summary);
+	ctx.body = summary;
 };
 function wrap(url: string): string {