gancio-upstream/server/federation/helpers.js

const axios = require('axios')
const crypto = require('crypto')
const config = require('../config')
const httpSignature = require('@peertube/http-signature')

const { APUser, Instance } = require('../api/models/models')

const url = require('url')
const settingsController = require('../api/controller/settings')
const log = require('../log')

const Helpers = {

  // ignore unimplemented ping url from fediverse
  spamFilter (req, res, next) {
    const urlToIgnore = [
      '/api/v1/instance',
      '/api/meta',
      '/api/statusnet/version.json',
      '/api/gnusocial/version.json',
      '/api/statusnet/config.json',
      '/status.php',
      '/siteinfo.json',
      '/friendika/json',
      '/friendica/json',
      '/poco'
    ]
    if (urlToIgnore.includes(req.path)) {
      log.debug(`Ignore noisy fediverse ${req.path}`)
      return res.status(404).send('Not Found')
    }
    next()
  },

  async signAndSend (message, inbox, method='post') {
    log.debug('[FEDI] Sign and send %s to %s', message, inbox)
    const inboxUrl = new url.URL(inbox)
    const privkey = settingsController.secretSettings.privateKey
    const signer = crypto.createSign('sha256')
    const d = new Date()

    let header
    let digest
    if (method === 'post') {
      digest = crypto.createHash('sha256')
        .update(message)
        .digest('base64')
      const stringToSign = `(request-target): post ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`
      signer.update(stringToSign)
      signer.end()
      const signature = signer.sign(privkey)
      const signature_b64 = signature.toString('base64')
      header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="${signature_b64}"`
    } else {
      const stringToSign = `(request-target): get ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}`
      signer.update(stringToSign)
      signer.end()
      const signature = signer.sign(privkey)
      const signature_b64 = signature.toString('base64')
      header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}#main-key",algorithm="rsa-sha256",headers="(request-target) host date",signature="${signature_b64}"`
    }
    try {
      const ret = await axios(inbox, {
        headers: {
          Host: inboxUrl.hostname,
          Date: d.toUTCString(),
          Signature: header,
          ...(method === 'post' && ({ Digest: `SHA-256=${digest}` })),
          'Content-Type': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
          Accept: 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
        },
        method,
        ...( method === 'post' && ({ data: message}))
      })
      log.debug(`[FEDI] signed ${ret.status} => %s`, ret.data)
      return ret.data
    } catch (e) {
      log.error("[FEDI] Error in sign and send [%s]: %s", inbox, e?.response?.data?.error ?? e?.response?.statusMessage + ' ' + String(e))
    }
  },

  async sendEvent (event, type = 'Create') {
    if (!settingsController.settings.enable_federation) {
      log.info('event not send, federation disabled')
      return
    }

    const followers = await APUser.findAll({ where: { follower: true } })
    log.debug("[FEDI] Sending to [%s]", followers.map(f => f.ap_id).join(', '))
    const recipients = {}
    followers.forEach(follower => {
      const sharedInbox = follower?.object?.endpoints?.sharedInbox ?? follower?.object?.inbox
      if (!recipients[sharedInbox]) { recipients[sharedInbox] = [] }
      recipients[sharedInbox].push(follower.ap_id)
    })

    for (const sharedInbox in recipients) {
      log.debug(`Notify ${sharedInbox} with event ${event.title} cc => ${recipients[sharedInbox].length}`)
      const body = {
        id: `${config.baseurl}/federation/m/${event.id}#create`,
        type,
        to: ['https://www.w3.org/ns/activitystreams#Public'],
        cc: [...recipients[sharedInbox], `${config.baseurl}/federation/u/${settingsController.settings.instance_name}/followers`],
        actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
        object: event.toAP(settingsController.settings, recipients[sharedInbox])
      }
      body['@context'] = [
        'https://www.w3.org/ns/activitystreams',
        'https://w3id.org/security/v1',
        {
          Hashtag: 'as:Hashtag',
          focalPoint: { '@container': '@list', '@id': 'toot:focalPoint' }
        }]
      await Helpers.signAndSend(JSON.stringify(body), sharedInbox)
    }
  },

  async followActor (actor) {
    log.debug(`Following actor ${actor.ap_id}`)
    const body = {
      '@context': 'https://www.w3.org/ns/activitystreams',
      id: `${config.baseurl}/federation/m/${actor.ap_id}#follow`,
      type: 'Follow',
      actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
      object: actor.ap_id
    }

    await Helpers.signAndSend(JSON.stringify(body), actor.object.endpoints?.sharedInbox || actor.object.inbox)
    await actor.update({ following: 1 })
  },

  async unfollowActor (actor) {
    log.debug(`Unfollowing actor ${actor.ap_id}`)
    const body = {
      '@context': 'https://www.w3.org/ns/activitystreams',
      id: `${config.baseurl}/federation/m/${actor.ap_id}#follow`,
      type: 'Unfollow',
      actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
      object: actor.ap_id
    }
    await Helpers.signAndSend(JSON.stringify(body), actor.object.endpoints?.sharedInbox || actor.object.inbox)
    return actor.update({ following: 0 })
  },

  async getActor (URL, instance, force = false) {
    let fedi_user

    // try with cache first
    if (!force) {
      fedi_user = await APUser.findByPk(URL, { include: Instance })
      if (fedi_user) {
        if (!fedi_user.instances) {
          fedi_user.setInstance(instance)
        }
        return fedi_user
      }
    }

      fedi_user = await Helpers.signAndSend('', URL, 'get')
      .catch(e => {
        log.error(`[FEDI] getActor ${URL}: %s`, e?.response?.data?.error ?? String(e) )
        return false
      })

    if (fedi_user) {
      log.info(`Create a new AP User => ${URL}`)
      fedi_user = await APUser.create({ ap_id: URL, object: fedi_user })
    }
    return fedi_user
  },


  async getNodeInfo (instance_url) {
    const versions = await axios.get(`${instance_url}/.well-known/nodeinfo`, { headers: { Accept: 'application/json' } }).then(res => res.data)
    console.error(versions)
    if (versions.links) {
      const choosen = versions.links.find(l => l.rel === 'http://nodeinfo.diaspora.software/ns/schema/2.1' || 'http://nodeinfo.diaspora.software/ns/schema/2.0')
      console.error(choosen)
      if (!choosen) {
        throw new Error('Not found!')
      }
      const data = await axios.get(choosen.href).then(res => res.data)
      console.error('INSTANCE', data)
      return data
    }
  },

  async getInstance (actor_url, force = false) {
    log.debug(`[FEDI] getInstance ${actor_url}`)
    actor_url = new url.URL(actor_url)
    const domain = actor_url.host
    const instance_url = `${actor_url.protocol}//${actor_url.host}`
    log.debug(`getInstance ${domain}`)
    let instance
    if (!force) {
      instance = await Instance.findByPk(domain)
      if (instance) { return instance }
    }

    try {
      instance = await Helpers.getNodeInfo(instance_url)
      return Instance.create({ name: instance?.metadata?.nodeLabel || instance?.metadata?.nodeName || domain, domain, data: instance, blocked: false })
    } catch(e) {
      log.error('NodeInfo not supported', e)
      return Instance.create({ name: domain, domain, blocked: false })
    }
  },

  // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
  async verifySignature (req, res, next) {
    // TODO: why do I need instance?
    const instance = await Helpers.getInstance(req.body.actor)
    if (!instance) {
      log.warn(`Verify Signature: Instance not found ${req.body.actor}`)
      return res.status(401).send('Instance not found')
    }
    if (instance.blocked) {
      log.warn(`Instance ${instance.domain} blocked`)
      return res.status(401).send('Instance blocked')
    }

    let user = await Helpers.getActor(req.body.actor, instance)
    if (!user) {
      log.info(`Actor ${req.body.actor} not found`)
      if (req.body.type === 'Delete') {
        return res.sendStatus(201)
      }
      return res.status(401).send('Actor not found')
    }
    if (user.blocked) {
      log.info(`User ${user.ap_id} blocked`)
      return res.status(401).send('User blocked')
    }

    res.locals.fedi_user = user

    // TODO: check Digest // cannot do this with json bodyparser
    // const digest = crypto.createHash('sha256')
    //   .update(req.body)
    //   .digest('base64')
    // if (`SHA-256=${digest}` !== req.headers.signature) {
    //   log.warn(`Signature mismatch ${req.headers.signature} - ${digest}`)
    //   return res.status(401).send('Signature mismatch')
    // }

    // another little hack :/
    // https://github.com/joyent/node-http-signature/issues/87
    req.url = '/federation' + req.url
    const parsed = httpSignature.parseRequest(req)
    if (httpSignature.verifySignature(parsed, user.object.publicKey.publicKeyPem)) { return next() }

    // signature not valid, try without cache
    user = await Helpers.getActor(req.body.actor, instance, true)
    if (!user) {
      log.info(`Actor ${req.body.actor} not found`)
      return res.status(401).send('Actor not found')
    }
    if (httpSignature.verifySignature(parsed, user.object.publicKey.publicKeyPem)) {
      log.debug(`Valid signature from ${req.body.actor} `)
      return next()
    }

    // still not valid
    log.info(`Invalid signature from user ${req.body.actor}`)
    res.send('Request signature could not be verified', 401)
  }
}

module.exports = Helpers
fix fediverse fetch/axios 2020-02-05 00:48:55 +01:00			`const axios = require('axios')`
. 2019-07-31 02:01:21 +02:00			`const crypto = require('crypto')`
whole new conf/setup method 2021-09-27 10:42:17 +02:00			`const config = require('../config')`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`const httpSignature = require('@peertube/http-signature')`
models initialization refactored, better dev experience as backend hmr is working 2022-12-23 01:08:14 +01:00
			`const { APUser, Instance } = require('../api/models/models')`

[AP] unfollow, tags, attachment, sign 2019-09-11 12:00:13 +02:00			`const url = require('url')`
refactorin docker files 2019-09-25 14:38:16 +02:00			`const settingsController = require('../api/controller/settings')`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`const log = require('../log')`
cleaning federation 2019-07-30 18:32:26 +02:00
			`const Helpers = {`
ignore unimplemented ping url from fediverse 2019-09-13 11:08:18 +02:00
			`// ignore unimplemented ping url from fediverse`
[lint] linting 2019-10-28 17:33:20 +01:00			`spamFilter (req, res, next) {`
ignore unimplemented ping url from fediverse 2019-09-13 11:08:18 +02:00			`const urlToIgnore = [`
			`'/api/v1/instance',`
			`'/api/meta',`
better SEO 2019-09-18 12:55:33 +02:00			`'/api/statusnet/version.json',`
			`'/api/gnusocial/version.json',`
ignore unimplemented ping url from fediverse 2019-09-13 11:08:18 +02:00			`'/api/statusnet/config.json',`
ignore other fedi urls 2020-01-30 15:33:12 +01:00			`'/status.php',`
			`'/siteinfo.json',`
			`'/friendika/json',`
			`'/friendica/json',`
[lint] linting 2019-10-28 17:33:20 +01:00			`'/poco'`
ignore unimplemented ping url from fediverse 2019-09-13 11:08:18 +02:00			`]`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`if (urlToIgnore.includes(req.path)) {`
			log.debug(`Ignore noisy fediverse ${req.path}`)
			`return res.status(404).send('Not Found')`
			`}`
ignore unimplemented ping url from fediverse 2019-09-13 11:08:18 +02:00			`next()`
			`},`

fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`async signAndSend (message, inbox, method='post') {`
			`log.debug('[FEDI] Sign and send %s to %s', message, inbox)`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`const inboxUrl = new url.URL(inbox)`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`const privkey = settingsController.secretSettings.privateKey`
cleaning federation 2019-07-30 18:32:26 +02:00			`const signer = crypto.createSign('sha256')`
.. 2019-07-31 01:43:08 +02:00			`const d = new Date()`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00
			`let header`
			`let digest`
			`if (method === 'post') {`
			`digest = crypto.createHash('sha256')`
			`.update(message)`
			`.digest('base64')`
			const stringToSign = `(request-target): post ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`
			`signer.update(stringToSign)`
			`signer.end()`
			`const signature = signer.sign(privkey)`
			`const signature_b64 = signature.toString('base64')`
			header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="${signature_b64}"`
			`} else {`
			const stringToSign = `(request-target): get ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}`
			`signer.update(stringToSign)`
			`signer.end()`
			`const signature = signer.sign(privkey)`
			`const signature_b64 = signature.toString('base64')`
			header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}#main-key",algorithm="rsa-sha256",headers="(request-target) host date",signature="${signature_b64}"`
			`}`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`try {`
fix fediverse fetch/axios 2020-02-05 00:48:55 +01:00			`const ret = await axios(inbox, {`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`headers: {`
			`Host: inboxUrl.hostname,`
			`Date: d.toUTCString(),`
			`Signature: header,`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			...(method === 'post' && ({ Digest: `SHA-256=${digest}` })),
			`'Content-Type': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',`
			`Accept: 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`},`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`method,`
			`...( method === 'post' && ({ data: message}))`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`})`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			log.debug(`[FEDI] signed ${ret.status} => %s`, ret.data)
			`return ret.data`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`} catch (e) {`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`log.error("[FEDI] Error in sign and send [%s]: %s", inbox, e?.response?.data?.error ?? e?.response?.statusMessage + ' ' + String(e))`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`}`
.. 2019-07-31 01:43:08 +02:00			`},`
[AP] unfollow, tags, attachment, sign 2019-09-11 12:00:13 +02:00
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`async sendEvent (event, type = 'Create') {`
refactorin docker files 2019-09-25 14:38:16 +02:00			`if (!settingsController.settings.enable_federation) {`
improve logging 2021-04-28 12:44:26 +02:00			`log.info('event not send, federation disabled')`
use sharedInbox to send events, fix #19 2019-09-13 10:17:44 +02:00			`return`
			`}`

[fix] fedi followers 2019-12-06 00:49:44 +01:00			`const followers = await APUser.findAll({ where: { follower: true } })`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`log.debug("[FEDI] Sending to [%s]", followers.map(f => f.ap_id).join(', '))`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`const recipients = {}`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`followers.forEach(follower => {`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`const sharedInbox = follower?.object?.endpoints?.sharedInbox ?? follower?.object?.inbox`
[lint] linting 2019-10-28 17:33:20 +01:00			`if (!recipients[sharedInbox]) { recipients[sharedInbox] = [] }`
better SEO 2019-09-18 12:55:33 +02:00			`recipients[sharedInbox].push(follower.ap_id)`
use sharedInbox to send events, fix #19 2019-09-13 10:17:44 +02:00			`})`

[lint] linting 2019-10-28 17:33:20 +01:00			`for (const sharedInbox in recipients) {`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			log.debug(`Notify ${sharedInbox} with event ${event.title} cc => ${recipients[sharedInbox].length}`)
[AP] cleaner add and remove comments 2019-09-11 13:12:05 +02:00			`const body = {`
debugging fedi & upgrade 2019-09-11 21:20:44 +02:00			id: `${config.baseurl}/federation/m/${event.id}#create`,
[feat] add actions to notifications (add/del/update) 2019-10-02 21:04:03 +02:00			`type,`
cleaning 2020-11-06 11:05:05 +01:00			`to: ['https://www.w3.org/ns/activitystreams#Public'],`
			cc: [...recipients[sharedInbox], `${config.baseurl}/federation/u/${settingsController.settings.instance_name}/followers`],
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
use luxon instead of dayjs server side too 2023-03-28 19:02:08 +02:00			`object: event.toAP(settingsController.settings, recipients[sharedInbox])`
[AP] cleaner add and remove comments 2019-09-11 13:12:05 +02:00			`}`
[fedi] toot as admin only 2019-09-26 22:46:04 +02:00			`body['@context'] = [`
			`'https://www.w3.org/ns/activitystreams',`
			`'https://w3id.org/security/v1',`
cleaning 2020-11-06 11:05:05 +01:00			`{`
add attachment with focalPoint to AP 2021-07-19 12:29:35 +02:00			`Hashtag: 'as:Hashtag',`
			`focalPoint: { '@container': '@list', '@id': 'toot:focalPoint' }`
cleaning 2020-11-06 11:05:05 +01:00			`}]`
testing new Digest sign header 2021-03-18 17:15:50 +01:00			`await Helpers.signAndSend(JSON.stringify(body), sharedInbox)`
[AP] unfollow, tags, attachment, sign 2019-09-11 12:00:13 +02:00			`}`
ego 2019-08-02 13:43:28 +02:00			`},`

feat: retrieve fedi instance info via nodeinfo 2023-11-21 22:12:21 +01:00			`async followActor (actor) {`
			log.debug(`Following actor ${actor.ap_id}`)
			`const body = {`
			`'@context': 'https://www.w3.org/ns/activitystreams',`
			id: `${config.baseurl}/federation/m/${actor.ap_id}#follow`,
			`type: 'Follow',`
			actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
			`object: actor.ap_id`
			`}`

			`await Helpers.signAndSend(JSON.stringify(body), actor.object.endpoints?.sharedInbox \|\| actor.object.inbox)`
			`await actor.update({ following: 1 })`
			`},`

			`async unfollowActor (actor) {`
			log.debug(`Unfollowing actor ${actor.ap_id}`)
			`const body = {`
			`'@context': 'https://www.w3.org/ns/activitystreams',`
			id: `${config.baseurl}/federation/m/${actor.ap_id}#follow`,
			`type: 'Unfollow',`
			actor: `${config.baseurl}/federation/u/${settingsController.settings.instance_name}`,
			`object: actor.ap_id`
			`}`
			`await Helpers.signAndSend(JSON.stringify(body), actor.object.endpoints?.sharedInbox \|\| actor.object.inbox)`
			`return actor.update({ following: 0 })`
			`},`

[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`async getActor (URL, instance, force = false) {`
fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`let fedi_user`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
cleaning and use nuxt-express 2019-08-09 01:58:11 +02:00			`// try with cache first`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`if (!force) {`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`fedi_user = await APUser.findByPk(URL, { include: Instance })`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`if (fedi_user) {`
			`if (!fedi_user.instances) {`
			`fedi_user.setInstance(instance)`
			`}`
[fedi] comment/instance/user moderation 2019-11-13 10:56:01 +01:00			`return fedi_user`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`}`
			`}`
fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			`fedi_user = await Helpers.signAndSend('', URL, 'get')`
[fedi] handle when actor is Gone 2020-06-01 19:14:46 +02:00			`.catch(e => {`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			log.error(`[FEDI] getActor ${URL}: %s`, e?.response?.data?.error ?? String(e) )
[fedi] handle when actor is Gone 2020-06-01 19:14:46 +02:00			`return false`
			`})`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`if (fedi_user) {`
improve logging 2021-04-28 12:44:26 +02:00			log.info(`Create a new AP User => ${URL}`)
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`fedi_user = await APUser.create({ ap_id: URL, object: fedi_user })`
fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`}`
			`return fedi_user`
ego 2019-08-02 13:43:28 +02:00			`},`

feat: retrieve fedi instance info via nodeinfo 2023-11-21 22:12:21 +01:00
			`async getNodeInfo (instance_url) {`
			const versions = await axios.get(`${instance_url}/.well-known/nodeinfo`, { headers: { Accept: 'application/json' } }).then(res => res.data)
			`console.error(versions)`
			`if (versions.links) {`
			`const choosen = versions.links.find(l => l.rel === 'http://nodeinfo.diaspora.software/ns/schema/2.1' \|\| 'http://nodeinfo.diaspora.software/ns/schema/2.0')`
			`console.error(choosen)`
			`if (!choosen) {`
			`throw new Error('Not found!')`
			`}`
			`const data = await axios.get(choosen.href).then(res => res.data)`
			`console.error('INSTANCE', data)`
			`return data`
			`}`
			`},`

[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`async getInstance (actor_url, force = false) {`
fix(AP): improve interaction with AP, #322 - use @peertube/http-signature to implement hs2019 support. - parse ld+json in body - http-signature GET request too 2023-12-20 21:57:30 +01:00			log.debug(`[FEDI] getInstance ${actor_url}`)
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`actor_url = new url.URL(actor_url)`
			`const domain = actor_url.host`
			const instance_url = `${actor_url.protocol}//${actor_url.host}`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			log.debug(`getInstance ${domain}`)
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`let instance`
			`if (!force) {`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`instance = await Instance.findByPk(domain)`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`if (instance) { return instance }`
			`}`

feat: retrieve fedi instance info via nodeinfo 2023-11-21 22:12:21 +01:00			`try {`
			`instance = await Helpers.getNodeInfo(instance_url)`
			`return Instance.create({ name: instance?.metadata?.nodeLabel \|\| instance?.metadata?.nodeName \|\| domain, domain, data: instance, blocked: false })`
			`} catch(e) {`
			`log.error('NodeInfo not supported', e)`
			`return Instance.create({ name: domain, domain, blocked: false })`
			`}`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`},`

correctly verify http-signature 2019-08-02 17:29:55 +02:00			`// ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/`
linting 2019-09-11 19:12:24 +02:00			`async verifySignature (req, res, next) {`
create instance in any case 2021-04-26 11:25:35 +02:00			`// TODO: why do I need instance?`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`const instance = await Helpers.getInstance(req.body.actor)`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`if (!instance) {`
create instance in any case 2021-04-26 11:25:35 +02:00			log.warn(`Verify Signature: Instance not found ${req.body.actor}`)
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`return res.status(401).send('Instance not found')`
			`}`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`if (instance.blocked) {`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			log.warn(`Instance ${instance.domain} blocked`)
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`return res.status(401).send('Instance blocked')`
			`}`

			`let user = await Helpers.getActor(req.body.actor, instance)`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`if (!user) {`
Delete AP Action is ok when Actor is not found 2021-12-02 11:39:27 +01:00			log.info(`Actor ${req.body.actor} not found`)
			`if (req.body.type === 'Delete') {`
			`return res.sendStatus(201)`
			`}`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`return res.status(401).send('Actor not found')`
			`}`
[fedi] comment/instance/user moderation 2019-11-13 10:56:01 +01:00			`if (user.blocked) {`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			log.info(`User ${user.ap_id} blocked`)
[fedi] comment/instance/user moderation 2019-11-13 10:56:01 +01:00			`return res.status(401).send('User blocked')`
			`}`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
refactor res.locals and settings 2022-02-26 21:27:40 +01:00			`res.locals.fedi_user = user`
fix verification of http-signature in federation msg 2019-08-08 17:48:12 +02:00
create instance in any case 2021-04-26 11:25:35 +02:00			`// TODO: check Digest // cannot do this with json bodyparser`
			`// const digest = crypto.createHash('sha256')`
			`// .update(req.body)`
			`// .digest('base64')`
			// if (`SHA-256=${digest}` !== req.headers.signature) {
minor on dialog layout / authorize form 2021-07-04 00:46:08 +02:00			// log.warn(`Signature mismatch ${req.headers.signature} - ${digest}`)
create instance in any case 2021-04-26 11:25:35 +02:00			`// return res.status(401).send('Signature mismatch')`
			`// }`

linting 2019-09-11 19:12:24 +02:00			`// another little hack :/`
fix verification of http-signature in federation msg 2019-08-08 17:48:12 +02:00			`// https://github.com/joyent/node-http-signature/issues/87`
			`req.url = '/federation' + req.url`
correctly verify http-signature 2019-08-02 17:29:55 +02:00			`const parsed = httpSignature.parseRequest(req)`
[fedi] comment/instance/user moderation 2019-11-13 10:56:01 +01:00			`if (httpSignature.verifySignature(parsed, user.object.publicKey.publicKeyPem)) { return next() }`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
correctly verify http-signature 2019-08-02 17:29:55 +02:00			`// signature not valid, try without cache`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00			`user = await Helpers.getActor(req.body.actor, instance, true)`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`if (!user) {`
improve logging 2021-04-28 12:44:26 +02:00			log.info(`Actor ${req.body.actor} not found`)
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`return res.status(401).send('Actor not found')`
			`}`
minor 2021-06-25 11:43:50 +02:00			`if (httpSignature.verifySignature(parsed, user.object.publicKey.publicKeyPem)) {`
			log.debug(`Valid signature from ${req.body.actor} `)
			`return next()`
			`}`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
correctly verify http-signature 2019-08-02 17:29:55 +02:00			`// still not valid`
improve logging 2021-04-28 12:44:26 +02:00			log.info(`Invalid signature from user ${req.body.actor}`)
fix verification of http-signature in federation msg 2019-08-08 17:48:12 +02:00			`res.send('Request signature could not be verified', 401)`
cleaning federation 2019-07-30 18:32:26 +02:00			`}`
			`}`

minor 2019-07-30 18:57:45 +02:00			`module.exports = Helpers`