Merge remote-tracking branch 'origin/main' into nip05-request
This commit is contained in:
commit
8e5fa9eece
|
@ -22,7 +22,7 @@
|
|||
"@db/sqlite": "jsr:@db/sqlite@^0.11.1",
|
||||
"@isaacs/ttlcache": "npm:@isaacs/ttlcache@^1.4.1",
|
||||
"@noble/secp256k1": "npm:@noble/secp256k1@^2.0.0",
|
||||
"@nostrify/nostrify": "jsr:@nostrify/nostrify@^0.22.5",
|
||||
"@nostrify/nostrify": "jsr:@nostrify/nostrify@^0.23.0",
|
||||
"@scure/base": "npm:@scure/base@^1.1.6",
|
||||
"@sentry/deno": "https://deno.land/x/sentry@7.112.2/index.mjs",
|
||||
"@soapbox/kysely-deno-sqlite": "jsr:@soapbox/kysely-deno-sqlite@^2.1.0",
|
||||
|
|
29
deno.lock
29
deno.lock
|
@ -10,6 +10,7 @@
|
|||
"jsr:@nostrify/nostrify@^0.22.1": "jsr:@nostrify/nostrify@0.22.5",
|
||||
"jsr:@nostrify/nostrify@^0.22.4": "jsr:@nostrify/nostrify@0.22.4",
|
||||
"jsr:@nostrify/nostrify@^0.22.5": "jsr:@nostrify/nostrify@0.22.5",
|
||||
"jsr:@nostrify/nostrify@^0.23.0": "jsr:@nostrify/nostrify@0.23.0",
|
||||
"jsr:@soapbox/kysely-deno-sqlite@^2.1.0": "jsr:@soapbox/kysely-deno-sqlite@2.2.0",
|
||||
"jsr:@soapbox/stickynotes@^0.4.0": "jsr:@soapbox/stickynotes@0.4.0",
|
||||
"jsr:@std/assert@^0.217.0": "jsr:@std/assert@0.217.0",
|
||||
|
@ -17,6 +18,7 @@
|
|||
"jsr:@std/assert@^0.224.0": "jsr:@std/assert@0.224.0",
|
||||
"jsr:@std/assert@^0.225.1": "jsr:@std/assert@0.225.3",
|
||||
"jsr:@std/bytes@^0.224.0": "jsr:@std/bytes@0.224.0",
|
||||
"jsr:@std/bytes@^1.0.0-rc.3": "jsr:@std/bytes@1.0.0",
|
||||
"jsr:@std/crypto@^0.224.0": "jsr:@std/crypto@0.224.0",
|
||||
"jsr:@std/dotenv@^0.224.0": "jsr:@std/dotenv@0.224.0",
|
||||
"jsr:@std/encoding@^0.221.0": "jsr:@std/encoding@0.221.0",
|
||||
|
@ -25,7 +27,7 @@
|
|||
"jsr:@std/fmt@^0.221.0": "jsr:@std/fmt@0.221.0",
|
||||
"jsr:@std/fs@^0.221.0": "jsr:@std/fs@0.221.0",
|
||||
"jsr:@std/internal@^1.0.0": "jsr:@std/internal@1.0.0",
|
||||
"jsr:@std/io@^0.224": "jsr:@std/io@0.224.0",
|
||||
"jsr:@std/io@^0.224": "jsr:@std/io@0.224.1",
|
||||
"jsr:@std/media-types@^0.224.1": "jsr:@std/media-types@0.224.1",
|
||||
"jsr:@std/path@0.217": "jsr:@std/path@0.217.0",
|
||||
"jsr:@std/path@^0.221.0": "jsr:@std/path@0.221.0",
|
||||
|
@ -119,6 +121,20 @@
|
|||
"npm:zod@^3.23.8"
|
||||
]
|
||||
},
|
||||
"@nostrify/nostrify@0.23.0": {
|
||||
"integrity": "8636c0322885707d6a7b342ef55f70debf399a1eb65b83abcce7972d69e30920",
|
||||
"dependencies": [
|
||||
"jsr:@std/encoding@^0.224.1",
|
||||
"npm:@scure/base@^1.1.6",
|
||||
"npm:@scure/bip32@^1.4.0",
|
||||
"npm:@scure/bip39@^1.3.0",
|
||||
"npm:kysely@^0.27.3",
|
||||
"npm:lru-cache@^10.2.0",
|
||||
"npm:nostr-tools@^2.7.0",
|
||||
"npm:websocket-ts@^2.1.5",
|
||||
"npm:zod@^3.23.8"
|
||||
]
|
||||
},
|
||||
"@soapbox/kysely-deno-sqlite@2.2.0": {
|
||||
"integrity": "668ec94600bc4b4d7bd618dd7ca65d4ef30ee61c46ffcb379b6f45203c08517a",
|
||||
"dependencies": [
|
||||
|
@ -146,6 +162,9 @@
|
|||
"@std/bytes@0.224.0": {
|
||||
"integrity": "a2250e1d0eb7d1c5a426f21267ab9bdeac2447fa87a3d0d1a467d3f7a6058e49"
|
||||
},
|
||||
"@std/bytes@1.0.0": {
|
||||
"integrity": "9392e72af80adccaa1197912fa19990ed091cb98d5c9c4344b0c301b22d7c632"
|
||||
},
|
||||
"@std/crypto@0.224.0": {
|
||||
"integrity": "154ef3ff08ef535562ef1a718718c5b2c5fc3808f0f9100daad69e829bfcdf2d",
|
||||
"dependencies": [
|
||||
|
@ -181,6 +200,12 @@
|
|||
"jsr:@std/bytes@^0.224.0"
|
||||
]
|
||||
},
|
||||
"@std/io@0.224.1": {
|
||||
"integrity": "73de242551a5c0965eb33e36b1fc7df4834ffbc836a1a643a410ccd11253d6be",
|
||||
"dependencies": [
|
||||
"jsr:@std/bytes@^1.0.0-rc.3"
|
||||
]
|
||||
},
|
||||
"@std/media-types@0.224.1": {
|
||||
"integrity": "9e69a5daed37c5b5c6d3ce4731dc191f80e67f79bed392b0957d1d03b87f11e1"
|
||||
},
|
||||
|
@ -1318,7 +1343,7 @@
|
|||
"dependencies": [
|
||||
"jsr:@bradenmacdonald/s3-lite-client@^0.7.4",
|
||||
"jsr:@db/sqlite@^0.11.1",
|
||||
"jsr:@nostrify/nostrify@^0.22.5",
|
||||
"jsr:@nostrify/nostrify@^0.23.0",
|
||||
"jsr:@soapbox/kysely-deno-sqlite@^2.1.0",
|
||||
"jsr:@soapbox/stickynotes@^0.4.0",
|
||||
"jsr:@std/assert@^0.225.1",
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
# Ditto custom events
|
||||
|
||||
Instead of using database tables, the Ditto server publishes Nostr events that describe its state. It then reads these events using Nostr filters.
|
||||
|
||||
## Ditto User (kind 30361)
|
||||
|
||||
The Ditto server publishes kind `30361` events to represent users. These events are parameterized replaceable events of kind `30361` where the `d` tag is a pubkey. These events are published by Ditto's internal admin keypair.
|
||||
|
||||
User events have the following tags:
|
||||
|
||||
- `d` - pubkey of the user.
|
||||
- `role` - one of `admin` or `user`.
|
||||
|
||||
Example:
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "d6ae2f320ae163612bf28080e7c6e55b228ee39bfa04ad50baab2e51022d4d59",
|
||||
"kind": 30361,
|
||||
"pubkey": "4cfc6ceb07bbe2f5e75f746f3e6f0eda53973e0374cd6bdbce7a930e10437e06",
|
||||
"content": "",
|
||||
"created_at": 1691568245,
|
||||
"tags": [
|
||||
["d", "79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6"],
|
||||
["role", "user"],
|
||||
["alt", "User's account was updated by the admins of ditto.ngrok.app"]
|
||||
],
|
||||
"sig": "fc12db77b1c8f8aa86c73b617f0cd4af1e6ba244239eaf3164a292de6d39363f32d6b817ffff796ace7a103d75e1d8e6a0fb7f618819b32d81a953b4a75d7507"
|
||||
}
|
||||
```
|
||||
|
||||
## NIP-78
|
||||
|
||||
[NIP-78](https://github.com/nostr-protocol/nips/blob/master/78.md) defines events of kind `30078` with a globally unique `d` tag. These events are queried by the `d` tag, which allows Ditto to store custom data on relays. Ditto uses reverse DNS names like `pub.ditto.<thing>` for `d` tags.
|
||||
|
||||
The sections below describe the `content` field. Some are encrypted and some are not, depending on whether the data should be public. Also, some events are user events, and some are admin events.
|
||||
|
||||
### `pub.ditto.pleroma.config`
|
||||
|
||||
NIP-04 encrypted JSON array of Pleroma ConfigDB objects. Pleroma admin API endpoints set this config, and Ditto reads from it.
|
|
@ -1,15 +0,0 @@
|
|||
{
|
||||
"id": "d6ae2f320ae163612bf28080e7c6e55b228ee39bfa04ad50baab2e51022d4d59",
|
||||
"kind": 30361,
|
||||
"pubkey": "4cfc6ceb07bbe2f5e75f746f3e6f0eda53973e0374cd6bdbce7a930e10437e06",
|
||||
"content": "",
|
||||
"created_at": 1691568245,
|
||||
"tags": [
|
||||
["d", "79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6"],
|
||||
["name", "alex"],
|
||||
["role", "user"],
|
||||
["origin", "https://ditto.ngrok.app"],
|
||||
["alt", "@alex@ditto.ngrok.app's account was updated by the admins of ditto.ngrok.app"]
|
||||
],
|
||||
"sig": "fc12db77b1c8f8aa86c73b617f0cd4af1e6ba244239eaf3164a292de6d39363f32d6b817ffff796ace7a103d75e1d8e6a0fb7f618819b32d81a953b4a75d7507"
|
||||
}
|
|
@ -1,7 +1,6 @@
|
|||
import { NSchema } from '@nostrify/nostrify';
|
||||
|
||||
import { DittoDB } from '@/db/DittoDB.ts';
|
||||
import { Conf } from '@/config.ts';
|
||||
import { AdminSigner } from '@/signers/AdminSigner.ts';
|
||||
import { EventsDB } from '@/storages/EventsDB.ts';
|
||||
import { nostrNow } from '@/utils.ts';
|
||||
|
@ -21,14 +20,39 @@ if (!['admin', 'user'].includes(role)) {
|
|||
Deno.exit(1);
|
||||
}
|
||||
|
||||
const event = await new AdminSigner().signEvent({
|
||||
kind: 30361,
|
||||
tags: [
|
||||
const signer = new AdminSigner();
|
||||
const admin = await signer.getPublicKey();
|
||||
|
||||
const [existing] = await eventsDB.query([{
|
||||
kinds: [30382],
|
||||
authors: [admin],
|
||||
'#d': [pubkey],
|
||||
limit: 1,
|
||||
}]);
|
||||
|
||||
const prevTags = (existing?.tags ?? []).filter(([name, value]) => {
|
||||
if (name === 'd') {
|
||||
return false;
|
||||
}
|
||||
if (name === 'n' && value === 'admin') {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
});
|
||||
|
||||
const tags: string[][] = [
|
||||
['d', pubkey],
|
||||
['role', role],
|
||||
// NIP-31: https://github.com/nostr-protocol/nips/blob/master/31.md
|
||||
['alt', `User's account was updated by the admins of ${Conf.url.host}`],
|
||||
],
|
||||
];
|
||||
|
||||
if (role === 'admin') {
|
||||
tags.push(['n', 'admin']);
|
||||
}
|
||||
|
||||
tags.push(...prevTags);
|
||||
|
||||
const event = await signer.signEvent({
|
||||
kind: 30382,
|
||||
tags,
|
||||
content: '',
|
||||
created_at: nostrNow(),
|
||||
});
|
||||
|
|
13
src/app.ts
13
src/app.ts
|
@ -26,7 +26,7 @@ import {
|
|||
updateCredentialsController,
|
||||
verifyCredentialsController,
|
||||
} from '@/controllers/api/accounts.ts';
|
||||
import { adminAccountAction, adminAccountsController } from '@/controllers/api/admin.ts';
|
||||
import { adminAccountsController, adminActionController } from '@/controllers/api/admin.ts';
|
||||
import { appCredentialsController, createAppController } from '@/controllers/api/apps.ts';
|
||||
import { blocksController } from '@/controllers/api/blocks.ts';
|
||||
import { bookmarksController } from '@/controllers/api/bookmarks.ts';
|
||||
|
@ -42,6 +42,10 @@ import {
|
|||
configController,
|
||||
frontendConfigController,
|
||||
pleromaAdminDeleteStatusController,
|
||||
pleromaAdminSuggestController,
|
||||
pleromaAdminTagController,
|
||||
pleromaAdminUnsuggestController,
|
||||
pleromaAdminUntagController,
|
||||
updateConfigController,
|
||||
} from '@/controllers/api/pleroma.ts';
|
||||
import { preferencesController } from '@/controllers/api/preferences.ts';
|
||||
|
@ -252,7 +256,12 @@ app.post(
|
|||
adminReportResolveController,
|
||||
);
|
||||
|
||||
app.post('/api/v1/admin/accounts/:id{[0-9a-f]{64}}/action', requireSigner, requireRole('admin'), adminAccountAction);
|
||||
app.post('/api/v1/admin/accounts/:id{[0-9a-f]{64}}/action', requireSigner, requireRole('admin'), adminActionController);
|
||||
|
||||
app.put('/api/v1/pleroma/admin/users/tag', requireRole('admin'), pleromaAdminTagController);
|
||||
app.delete('/api/v1/pleroma/admin/users/tag', requireRole('admin'), pleromaAdminUntagController);
|
||||
app.patch('/api/v1/pleroma/admin/users/suggest', requireRole('admin'), pleromaAdminSuggestController);
|
||||
app.patch('/api/v1/pleroma/admin/users/unsuggest', requireRole('admin'), pleromaAdminUnsuggestController);
|
||||
|
||||
// Not (yet) implemented.
|
||||
app.get('/api/v1/custom_emojis', emptyArrayController);
|
||||
|
|
|
@ -5,8 +5,7 @@ import { type AppController } from '@/app.ts';
|
|||
import { Conf } from '@/config.ts';
|
||||
import { booleanParamSchema } from '@/schema.ts';
|
||||
import { Storages } from '@/storages.ts';
|
||||
import { paginated, paginationSchema, parseBody, updateListAdminEvent } from '@/utils/api.ts';
|
||||
import { addTag } from '@/utils/tags.ts';
|
||||
import { paginated, paginationSchema, parseBody, updateUser } from '@/utils/api.ts';
|
||||
import { renderAdminAccount, renderAdminAccountFromPubkey } from '@/views/mastodon/admin-accounts.ts';
|
||||
import { hydrateEvents } from '@/storages/hydrate.ts';
|
||||
|
||||
|
@ -91,7 +90,7 @@ const adminAccountActionSchema = z.object({
|
|||
type: z.enum(['none', 'sensitive', 'disable', 'silence', 'suspend']),
|
||||
});
|
||||
|
||||
const adminAccountAction: AppController = async (c) => {
|
||||
const adminActionController: AppController = async (c) => {
|
||||
const body = await parseBody(c.req.raw);
|
||||
const result = adminAccountActionSchema.safeParse(body);
|
||||
const authorId = c.req.param('id');
|
||||
|
@ -102,17 +101,24 @@ const adminAccountAction: AppController = async (c) => {
|
|||
|
||||
const { data } = result;
|
||||
|
||||
if (data.type !== 'disable') {
|
||||
return c.json({ error: 'Record invalid' }, 422);
|
||||
const n: Record<string, boolean> = {};
|
||||
|
||||
if (data.type === 'sensitive') {
|
||||
n.sensitive = true;
|
||||
}
|
||||
if (data.type === 'disable') {
|
||||
n.disable = true;
|
||||
}
|
||||
if (data.type === 'silence') {
|
||||
n.silence = true;
|
||||
}
|
||||
if (data.type === 'suspend') {
|
||||
n.suspend = true;
|
||||
}
|
||||
|
||||
await updateListAdminEvent(
|
||||
{ kinds: [10000], authors: [Conf.pubkey], limit: 1 },
|
||||
(tags) => addTag(tags, ['p', authorId]),
|
||||
c,
|
||||
);
|
||||
await updateUser(authorId, n, c);
|
||||
|
||||
return c.json({}, 200);
|
||||
};
|
||||
|
||||
export { adminAccountAction, adminAccountsController };
|
||||
export { adminAccountsController, adminActionController };
|
||||
|
|
|
@ -6,7 +6,8 @@ import { Conf } from '@/config.ts';
|
|||
import { configSchema, elixirTupleSchema, type PleromaConfig } from '@/schemas/pleroma-api.ts';
|
||||
import { AdminSigner } from '@/signers/AdminSigner.ts';
|
||||
import { Storages } from '@/storages.ts';
|
||||
import { createAdminEvent } from '@/utils/api.ts';
|
||||
import { createAdminEvent, updateAdminEvent, updateUser } from '@/utils/api.ts';
|
||||
import { lookupPubkey } from '@/utils/lookup.ts';
|
||||
|
||||
const frontendConfigController: AppController = async (c) => {
|
||||
const store = await Storages.db();
|
||||
|
@ -87,4 +88,100 @@ async function getConfigs(store: NStore, signal: AbortSignal): Promise<PleromaCo
|
|||
}
|
||||
}
|
||||
|
||||
export { configController, frontendConfigController, pleromaAdminDeleteStatusController, updateConfigController };
|
||||
const pleromaAdminTagSchema = z.object({
|
||||
nicknames: z.string().array(),
|
||||
tags: z.string().array(),
|
||||
});
|
||||
|
||||
const pleromaAdminTagController: AppController = async (c) => {
|
||||
const params = pleromaAdminTagSchema.parse(await c.req.json());
|
||||
|
||||
for (const nickname of params.nicknames) {
|
||||
const pubkey = await lookupPubkey(nickname);
|
||||
if (!pubkey) continue;
|
||||
|
||||
await updateAdminEvent(
|
||||
{ kinds: [30382], authors: [Conf.pubkey], '#d': [pubkey], limit: 1 },
|
||||
(prev) => {
|
||||
const tags = prev?.tags ?? [['d', pubkey]];
|
||||
|
||||
for (const tag of params.tags) {
|
||||
const existing = prev?.tags.some(([name, value]) => name === 't' && value === tag);
|
||||
if (!existing) {
|
||||
tags.push(['t', tag]);
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
kind: 30382,
|
||||
content: prev?.content ?? '',
|
||||
tags,
|
||||
};
|
||||
},
|
||||
c,
|
||||
);
|
||||
}
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
};
|
||||
|
||||
const pleromaAdminUntagController: AppController = async (c) => {
|
||||
const params = pleromaAdminTagSchema.parse(await c.req.json());
|
||||
|
||||
for (const nickname of params.nicknames) {
|
||||
const pubkey = await lookupPubkey(nickname);
|
||||
if (!pubkey) continue;
|
||||
|
||||
await updateAdminEvent(
|
||||
{ kinds: [30382], authors: [Conf.pubkey], '#d': [pubkey], limit: 1 },
|
||||
(prev) => ({
|
||||
kind: 30382,
|
||||
content: prev?.content ?? '',
|
||||
tags: (prev?.tags ?? [['d', pubkey]])
|
||||
.filter(([name, value]) => !(name === 't' && params.tags.includes(value))),
|
||||
}),
|
||||
c,
|
||||
);
|
||||
}
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
};
|
||||
|
||||
const pleromaAdminSuggestSchema = z.object({
|
||||
nicknames: z.string().array(),
|
||||
});
|
||||
|
||||
const pleromaAdminSuggestController: AppController = async (c) => {
|
||||
const { nicknames } = pleromaAdminSuggestSchema.parse(await c.req.json());
|
||||
|
||||
for (const nickname of nicknames) {
|
||||
const pubkey = await lookupPubkey(nickname);
|
||||
if (!pubkey) continue;
|
||||
await updateUser(pubkey, { suggest: true }, c);
|
||||
}
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
};
|
||||
|
||||
const pleromaAdminUnsuggestController: AppController = async (c) => {
|
||||
const { nicknames } = pleromaAdminSuggestSchema.parse(await c.req.json());
|
||||
|
||||
for (const nickname of nicknames) {
|
||||
const pubkey = await lookupPubkey(nickname);
|
||||
if (!pubkey) continue;
|
||||
await updateUser(pubkey, { suggest: false }, c);
|
||||
}
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
};
|
||||
|
||||
export {
|
||||
configController,
|
||||
frontendConfigController,
|
||||
pleromaAdminDeleteStatusController,
|
||||
pleromaAdminSuggestController,
|
||||
pleromaAdminTagController,
|
||||
pleromaAdminUnsuggestController,
|
||||
pleromaAdminUntagController,
|
||||
updateConfigController,
|
||||
};
|
||||
|
|
|
@ -31,7 +31,7 @@ async function renderV2Suggestions(c: AppContext, params: PaginatedListParams, s
|
|||
const pubkey = await signer?.getPublicKey();
|
||||
|
||||
const filters: NostrFilter[] = [
|
||||
{ kinds: [3], authors: [Conf.pubkey], limit: 1 },
|
||||
{ kinds: [30382], authors: [Conf.pubkey], '#n': ['suggest'], limit },
|
||||
{ kinds: [1985], '#L': ['pub.ditto.trends'], '#l': [`#p`], authors: [Conf.pubkey], limit: 1 },
|
||||
];
|
||||
|
||||
|
@ -42,8 +42,8 @@ async function renderV2Suggestions(c: AppContext, params: PaginatedListParams, s
|
|||
|
||||
const events = await store.query(filters, { signal });
|
||||
|
||||
const [suggestedEvent, followsEvent, mutesEvent, trendingEvent] = [
|
||||
events.find((event) => matchFilter({ kinds: [3], authors: [Conf.pubkey] }, event)),
|
||||
const [userEvents, followsEvent, mutesEvent, trendingEvent] = [
|
||||
events.filter((event) => matchFilter({ kinds: [30382], authors: [Conf.pubkey], '#n': ['suggest'] }, event)),
|
||||
pubkey ? events.find((event) => matchFilter({ kinds: [3], authors: [pubkey] }, event)) : undefined,
|
||||
pubkey ? events.find((event) => matchFilter({ kinds: [10000], authors: [pubkey] }, event)) : undefined,
|
||||
events.find((event) =>
|
||||
|
@ -51,8 +51,13 @@ async function renderV2Suggestions(c: AppContext, params: PaginatedListParams, s
|
|||
),
|
||||
];
|
||||
|
||||
const [suggested, trending, follows, mutes] = [
|
||||
getTagSet(suggestedEvent?.tags ?? [], 'p'),
|
||||
const suggested = new Set(
|
||||
userEvents
|
||||
.map((event) => event.tags.find(([name]) => name === 'd')?.[1])
|
||||
.filter((pubkey): pubkey is string => !!pubkey),
|
||||
);
|
||||
|
||||
const [trending, follows, mutes] = [
|
||||
getTagSet(trendingEvent?.tags ?? [], 'p'),
|
||||
getTagSet(followsEvent?.tags ?? [], 'p'),
|
||||
getTagSet(mutesEvent?.tags ?? [], 'p'),
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
import { NostrFilter } from '@nostrify/nostrify';
|
||||
import Debug from '@soapbox/stickynotes/debug';
|
||||
|
||||
import { Conf } from '@/config.ts';
|
||||
import * as pipeline from '@/pipeline.ts';
|
||||
import { AdminSigner } from '@/signers/AdminSigner.ts';
|
||||
import { Storages } from '@/storages.ts';
|
||||
|
||||
const debug = Debug('ditto:users');
|
||||
|
||||
interface User {
|
||||
pubkey: string;
|
||||
inserted_at: Date;
|
||||
admin: boolean;
|
||||
}
|
||||
|
||||
function buildUserEvent(user: User) {
|
||||
const { origin, host } = Conf.url;
|
||||
const signer = new AdminSigner();
|
||||
|
||||
return signer.signEvent({
|
||||
kind: 30361,
|
||||
tags: [
|
||||
['d', user.pubkey],
|
||||
['role', user.admin ? 'admin' : 'user'],
|
||||
['origin', origin],
|
||||
// NIP-31: https://github.com/nostr-protocol/nips/blob/master/31.md
|
||||
['alt', `User's account was updated by the admins of ${host}`],
|
||||
],
|
||||
content: '',
|
||||
created_at: Math.floor(user.inserted_at.getTime() / 1000),
|
||||
});
|
||||
}
|
||||
|
||||
/** Adds a user to the database. */
|
||||
async function insertUser(user: User) {
|
||||
debug('insertUser', JSON.stringify(user));
|
||||
const event = await buildUserEvent(user);
|
||||
return pipeline.handleEvent(event, AbortSignal.timeout(1000));
|
||||
}
|
||||
|
||||
/**
|
||||
* Finds a single user based on one or more properties.
|
||||
*
|
||||
* ```ts
|
||||
* await findUser({ username: 'alex' });
|
||||
* ```
|
||||
*/
|
||||
async function findUser(user: Partial<User>, signal?: AbortSignal): Promise<User | undefined> {
|
||||
const filter: NostrFilter = { kinds: [30361], authors: [Conf.pubkey], limit: 1 };
|
||||
|
||||
for (const [key, value] of Object.entries(user)) {
|
||||
switch (key) {
|
||||
case 'pubkey':
|
||||
filter['#d'] = [String(value)];
|
||||
break;
|
||||
case 'admin':
|
||||
filter['#role'] = [value ? 'admin' : 'user'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
const store = await Storages.db();
|
||||
const [event] = await store.query([filter], { signal });
|
||||
|
||||
if (event) {
|
||||
return {
|
||||
pubkey: event.tags.find(([name]) => name === 'd')?.[1]!,
|
||||
inserted_at: new Date(event.created_at * 1000),
|
||||
admin: event.tags.find(([name]) => name === 'role')?.[1] === 'admin',
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export { buildUserEvent, findUser, insertUser, type User };
|
|
@ -2,8 +2,8 @@ import { NostrEvent } from '@nostrify/nostrify';
|
|||
import { HTTPException } from 'hono';
|
||||
|
||||
import { type AppContext, type AppMiddleware } from '@/app.ts';
|
||||
import { findUser, User } from '@/db/users.ts';
|
||||
import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts';
|
||||
import { Storages } from '@/storages.ts';
|
||||
import { localRequest } from '@/utils/api.ts';
|
||||
import {
|
||||
buildAuthEventTemplate,
|
||||
|
@ -11,6 +11,7 @@ import {
|
|||
type ParseAuthRequestOpts,
|
||||
validateAuthEvent,
|
||||
} from '@/utils/nip98.ts';
|
||||
import { Conf } from '@/config.ts';
|
||||
|
||||
/**
|
||||
* NIP-98 auth.
|
||||
|
@ -35,7 +36,14 @@ type UserRole = 'user' | 'admin';
|
|||
/** Require the user to prove their role before invoking the controller. */
|
||||
function requireRole(role: UserRole, opts?: ParseAuthRequestOpts): AppMiddleware {
|
||||
return withProof(async (_c, proof, next) => {
|
||||
const user = await findUser({ pubkey: proof.pubkey });
|
||||
const store = await Storages.db();
|
||||
|
||||
const [user] = await store.query([{
|
||||
kinds: [30382],
|
||||
authors: [Conf.pubkey],
|
||||
'#d': [proof.pubkey],
|
||||
limit: 1,
|
||||
}]);
|
||||
|
||||
if (user && matchesRole(user, role)) {
|
||||
await next();
|
||||
|
@ -53,15 +61,8 @@ function requireProof(opts?: ParseAuthRequestOpts): AppMiddleware {
|
|||
}
|
||||
|
||||
/** Check whether the user fulfills the role. */
|
||||
function matchesRole(user: User, role: UserRole): boolean {
|
||||
switch (role) {
|
||||
case 'user':
|
||||
return true;
|
||||
case 'admin':
|
||||
return user.admin;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
function matchesRole(user: NostrEvent, role: UserRole): boolean {
|
||||
return user.tags.some(([tag, value]) => tag === 'n' && value === role);
|
||||
}
|
||||
|
||||
/** HOC to obtain proof in middleware. */
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
import { NKinds, NostrEvent, NSchema as n } from '@nostrify/nostrify';
|
||||
import { PipePolicy } from '@nostrify/nostrify/policies';
|
||||
import Debug from '@soapbox/stickynotes/debug';
|
||||
import { sql } from 'kysely';
|
||||
import { LRUCache } from 'lru-cache';
|
||||
|
||||
import { Conf } from '@/config.ts';
|
||||
import { DittoDB } from '@/db/DittoDB.ts';
|
||||
import { deleteAttachedMedia } from '@/db/unattached-media.ts';
|
||||
import { DittoEvent } from '@/interfaces/DittoEvent.ts';
|
||||
import { MuteListPolicy } from '@/policies/MuteListPolicy.ts';
|
||||
import { RelayError } from '@/RelayError.ts';
|
||||
import { hydrateEvents } from '@/storages/hydrate.ts';
|
||||
import { Storages } from '@/storages.ts';
|
||||
|
@ -35,6 +32,7 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void
|
|||
}
|
||||
if (!(await verifyEventWorker(event))) return;
|
||||
if (encounterEvent(event)) return;
|
||||
if (await existsInDB(event)) return;
|
||||
debug(`NostrEvent<${event.kind}> ${event.id}`);
|
||||
|
||||
if (event.kind !== 24133) {
|
||||
|
@ -43,6 +41,15 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void
|
|||
|
||||
await hydrateEvent(event, signal);
|
||||
|
||||
const n = getTagSet(event.user?.tags ?? [], 'n');
|
||||
|
||||
if (n.has('disable')) {
|
||||
throw new RelayError('blocked', 'user is disabled');
|
||||
}
|
||||
if (n.has('suspend')) {
|
||||
throw new RelayError('blocked', 'user is suspended');
|
||||
}
|
||||
|
||||
await Promise.all([
|
||||
storeEvent(event, signal),
|
||||
parseMetadata(event, signal),
|
||||
|
@ -54,13 +61,8 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void
|
|||
async function policyFilter(event: NostrEvent): Promise<void> {
|
||||
const debug = Debug('ditto:policy');
|
||||
|
||||
const policy = new PipePolicy([
|
||||
new MuteListPolicy(Conf.pubkey, await Storages.admin()),
|
||||
policyWorker,
|
||||
]);
|
||||
|
||||
try {
|
||||
const result = await policy.call(event);
|
||||
const result = await policyWorker.call(event);
|
||||
debug(JSON.stringify(result));
|
||||
RelayError.assert(result);
|
||||
} catch (e) {
|
||||
|
@ -84,6 +86,13 @@ function encounterEvent(event: NostrEvent): boolean {
|
|||
return encountered;
|
||||
}
|
||||
|
||||
/** Check if the event already exists in the database. */
|
||||
async function existsInDB(event: DittoEvent): Promise<boolean> {
|
||||
const store = await Storages.db();
|
||||
const events = await store.query([{ ids: [event.id], limit: 1 }]);
|
||||
return events.length > 0;
|
||||
}
|
||||
|
||||
/** Hydrate the event with the user, if applicable. */
|
||||
async function hydrateEvent(event: DittoEvent, signal: AbortSignal): Promise<void> {
|
||||
await hydrateEvents({ events: [event], store: await Storages.db(), signal });
|
||||
|
|
|
@ -3,15 +3,15 @@ import { RelayPoolWorker } from 'nostr-relaypool';
|
|||
|
||||
import { Conf } from '@/config.ts';
|
||||
import { DittoDB } from '@/db/DittoDB.ts';
|
||||
import { AdminStore } from '@/storages/AdminStore.ts';
|
||||
import { EventsDB } from '@/storages/EventsDB.ts';
|
||||
import { PoolStore } from '@/storages/pool-store.ts';
|
||||
import { SearchStore } from '@/storages/search-store.ts';
|
||||
import { InternalRelay } from '@/storages/InternalRelay.ts';
|
||||
import { UserStore } from '@/storages/UserStore.ts';
|
||||
|
||||
export class Storages {
|
||||
private static _db: Promise<EventsDB> | undefined;
|
||||
private static _admin: Promise<UserStore> | undefined;
|
||||
private static _admin: Promise<AdminStore> | undefined;
|
||||
private static _client: Promise<PoolStore> | undefined;
|
||||
private static _pubsub: Promise<InternalRelay> | undefined;
|
||||
private static _search: Promise<SearchStore> | undefined;
|
||||
|
@ -28,9 +28,9 @@ export class Storages {
|
|||
}
|
||||
|
||||
/** Admin user storage. */
|
||||
public static async admin(): Promise<UserStore> {
|
||||
public static async admin(): Promise<AdminStore> {
|
||||
if (!this._admin) {
|
||||
this._admin = Promise.resolve(new UserStore(Conf.pubkey, await this.db()));
|
||||
this._admin = Promise.resolve(new AdminStore(await this.db()));
|
||||
}
|
||||
return this._admin;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
import { NostrEvent, NostrFilter, NStore } from '@nostrify/nostrify';
|
||||
|
||||
import { Conf } from '@/config.ts';
|
||||
import { DittoEvent } from '@/interfaces/DittoEvent.ts';
|
||||
import { getTagSet } from '@/utils/tags.ts';
|
||||
|
||||
/** A store that prevents banned users from being displayed. */
|
||||
export class AdminStore implements NStore {
|
||||
constructor(private store: NStore) {}
|
||||
|
||||
async event(event: NostrEvent, opts?: { signal?: AbortSignal }): Promise<void> {
|
||||
return await this.store.event(event, opts);
|
||||
}
|
||||
|
||||
async query(filters: NostrFilter[], opts: { signal?: AbortSignal; limit?: number } = {}): Promise<DittoEvent[]> {
|
||||
const events = await this.store.query(filters, opts);
|
||||
|
||||
const users = await this.store.query([{
|
||||
kinds: [30382],
|
||||
authors: [Conf.pubkey],
|
||||
'#d': events.map((event) => event.pubkey),
|
||||
limit: 1,
|
||||
}]);
|
||||
|
||||
return events.filter((event) => {
|
||||
const user = users.find(
|
||||
({ kind, pubkey, tags }) =>
|
||||
kind === 30382 && pubkey === Conf.pubkey && tags.find(([name]) => name === 'd')?.[1] === event.pubkey,
|
||||
);
|
||||
|
||||
const n = getTagSet(user?.tags ?? [], 'n');
|
||||
|
||||
if (n.has('disable') || n.has('suspend')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
}
|
||||
}
|
|
@ -11,7 +11,6 @@ import { RelayError } from '@/RelayError.ts';
|
|||
import { purifyEvent } from '@/storages/hydrate.ts';
|
||||
import { isNostrId, isURL } from '@/utils.ts';
|
||||
import { abortError } from '@/utils/abort.ts';
|
||||
import { getTagSet } from '@/utils/tags.ts';
|
||||
|
||||
/** Function to decide whether or not to index a tag. */
|
||||
type TagCondition = ({ event, count, value }: {
|
||||
|
@ -27,6 +26,7 @@ class EventsDB implements NStore {
|
|||
|
||||
/** Conditions for when to index certain tags. */
|
||||
static tagConditions: Record<string, TagCondition> = {
|
||||
'a': ({ count }) => count < 15,
|
||||
'd': ({ event, count }) => count === 0 && NKinds.parameterizedReplaceable(event.kind),
|
||||
'e': ({ event, count, value }) => ((event.kind === 10003) || count < 15) && isNostrId(value),
|
||||
'L': ({ event, count }) => event.kind === 1985 || count === 0,
|
||||
|
@ -39,8 +39,6 @@ class EventsDB implements NStore {
|
|||
'q': ({ event, count, value }) => count === 0 && event.kind === 1 && isNostrId(value),
|
||||
'r': ({ event, count, value }) => (event.kind === 1985 ? count < 20 : count < 3) && isURL(value),
|
||||
't': ({ event, count, value }) => (event.kind === 1985 ? count < 20 : count < 5) && value.length < 50,
|
||||
'name': ({ event, count }) => event.kind === 30361 && count === 0,
|
||||
'role': ({ event, count }) => event.kind === 30361 && count === 0,
|
||||
};
|
||||
|
||||
constructor(private kysely: Kysely<DittoTables>) {
|
||||
|
@ -77,17 +75,62 @@ class EventsDB implements NStore {
|
|||
|
||||
/** Check if an event has been deleted by the admin. */
|
||||
private async isDeletedAdmin(event: NostrEvent): Promise<boolean> {
|
||||
const [deletion] = await this.query([
|
||||
const filters: NostrFilter[] = [
|
||||
{ kinds: [5], authors: [Conf.pubkey], '#e': [event.id], limit: 1 },
|
||||
]);
|
||||
return !!deletion;
|
||||
];
|
||||
|
||||
if (NKinds.replaceable(event.kind) || NKinds.parameterizedReplaceable(event.kind)) {
|
||||
const d = event.tags.find(([tag]) => tag === 'd')?.[1] ?? '';
|
||||
|
||||
filters.push({
|
||||
kinds: [5],
|
||||
authors: [Conf.pubkey],
|
||||
'#a': [`${event.kind}:${event.pubkey}:${d}`],
|
||||
since: event.created_at,
|
||||
limit: 1,
|
||||
});
|
||||
}
|
||||
|
||||
const events = await this.query(filters);
|
||||
return events.length > 0;
|
||||
}
|
||||
|
||||
/** The DITTO_NSEC can delete any event from the database. NDatabase already handles user deletions. */
|
||||
private async deleteEventsAdmin(event: NostrEvent): Promise<void> {
|
||||
if (event.kind === 5 && event.pubkey === Conf.pubkey) {
|
||||
const ids = getTagSet(event.tags, 'e');
|
||||
await this.remove([{ ids: [...ids] }]);
|
||||
const ids = new Set(event.tags.filter(([name]) => name === 'e').map(([_name, value]) => value));
|
||||
const addrs = new Set(event.tags.filter(([name]) => name === 'a').map(([_name, value]) => value));
|
||||
|
||||
const filters: NostrFilter[] = [];
|
||||
|
||||
if (ids.size) {
|
||||
filters.push({ ids: [...ids] });
|
||||
}
|
||||
|
||||
for (const addr of addrs) {
|
||||
const [k, pubkey, d] = addr.split(':');
|
||||
const kind = Number(k);
|
||||
|
||||
if (!(Number.isInteger(kind) && kind >= 0)) continue;
|
||||
if (!isNostrId(pubkey)) continue;
|
||||
if (d === undefined) continue;
|
||||
|
||||
const filter: NostrFilter = {
|
||||
kinds: [kind],
|
||||
authors: [pubkey],
|
||||
until: event.created_at,
|
||||
};
|
||||
|
||||
if (d) {
|
||||
filter['#d'] = [d];
|
||||
}
|
||||
|
||||
filters.push(filter);
|
||||
}
|
||||
|
||||
if (filters.length) {
|
||||
await this.remove(filters);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ export function assembleEvents(
|
|||
|
||||
for (const event of a) {
|
||||
event.author = b.find((e) => matchFilter({ kinds: [0], authors: [event.pubkey] }, e));
|
||||
event.user = b.find((e) => matchFilter({ kinds: [30361], authors: [admin], '#d': [event.pubkey] }, e));
|
||||
event.user = b.find((e) => matchFilter({ kinds: [30382], authors: [admin], '#d': [event.pubkey] }, e));
|
||||
|
||||
if (event.kind === 1) {
|
||||
const id = findQuoteTag(event.tags)?.[1] || findQuoteInContent(event.content);
|
||||
|
@ -201,7 +201,7 @@ function gatherUsers({ events, store, signal }: HydrateOpts): Promise<DittoEvent
|
|||
const pubkeys = new Set(events.map((event) => event.pubkey));
|
||||
|
||||
return store.query(
|
||||
[{ kinds: [30361], authors: [Conf.pubkey], '#d': [...pubkeys], limit: pubkeys.size }],
|
||||
[{ kinds: [30382], authors: [Conf.pubkey], '#d': [...pubkeys], limit: pubkeys.size }],
|
||||
{ signal },
|
||||
);
|
||||
}
|
||||
|
|
|
@ -107,6 +107,36 @@ async function updateAdminEvent<E extends EventStub>(
|
|||
return createAdminEvent(fn(prev), c);
|
||||
}
|
||||
|
||||
async function updateUser(pubkey: string, n: Record<string, boolean>, c: AppContext): Promise<NostrEvent> {
|
||||
const signer = new AdminSigner();
|
||||
const admin = await signer.getPublicKey();
|
||||
|
||||
return updateAdminEvent(
|
||||
{ kinds: [30382], authors: [admin], '#d': [pubkey], limit: 1 },
|
||||
(prev) => {
|
||||
const prevNames = prev?.tags.reduce((acc, [name, value]) => {
|
||||
if (name === 'n') acc[value] = true;
|
||||
return acc;
|
||||
}, {} as Record<string, boolean>);
|
||||
|
||||
const names = { ...prevNames, ...n };
|
||||
const nTags = Object.entries(names).filter(([, value]) => value).map(([name]) => ['n', name]);
|
||||
const other = prev?.tags.filter(([name]) => !['d', 'n'].includes(name)) ?? [];
|
||||
|
||||
return {
|
||||
kind: 30382,
|
||||
content: prev?.content ?? '',
|
||||
tags: [
|
||||
['d', pubkey],
|
||||
...nTags,
|
||||
...other,
|
||||
],
|
||||
};
|
||||
},
|
||||
c,
|
||||
);
|
||||
}
|
||||
|
||||
/** Push the event through the pipeline, rethrowing any RelayError. */
|
||||
async function publishEvent(event: NostrEvent, c: AppContext): Promise<NostrEvent> {
|
||||
debug('EVENT', event);
|
||||
|
@ -264,7 +294,9 @@ export {
|
|||
type PaginationParams,
|
||||
paginationSchema,
|
||||
parseBody,
|
||||
updateAdminEvent,
|
||||
updateEvent,
|
||||
updateListAdminEvent,
|
||||
updateListEvent,
|
||||
updateUser,
|
||||
};
|
||||
|
|
|
@ -6,6 +6,7 @@ import { Conf } from '@/config.ts';
|
|||
import { type DittoEvent } from '@/interfaces/DittoEvent.ts';
|
||||
import { getLnurl } from '@/utils/lnurl.ts';
|
||||
import { nip05Cache } from '@/utils/nip05.ts';
|
||||
import { getTagSet } from '@/utils/tags.ts';
|
||||
import { Nip05, nostrDate, nostrNow, parseNip05 } from '@/utils.ts';
|
||||
import { renderEmojis } from '@/views/mastodon/emojis.ts';
|
||||
|
||||
|
@ -33,7 +34,7 @@ async function renderAccount(
|
|||
|
||||
const npub = nip19.npubEncode(pubkey);
|
||||
const parsed05 = await parseAndVerifyNip05(nip05, pubkey);
|
||||
const role = event.user?.tags.find(([name]) => name === 'role')?.[1] ?? 'user';
|
||||
const names = getTagSet(event.user?.tags ?? [], 'n');
|
||||
|
||||
return {
|
||||
id: pubkey,
|
||||
|
@ -74,13 +75,14 @@ async function renderAccount(
|
|||
username: parsed05?.nickname || npub.substring(0, 8),
|
||||
ditto: {
|
||||
accepts_zaps: Boolean(getLnurl({ lud06, lud16 })),
|
||||
is_registered: Boolean(event.user),
|
||||
},
|
||||
pleroma: {
|
||||
is_admin: role === 'admin',
|
||||
is_moderator: ['admin', 'moderator'].includes(role),
|
||||
is_admin: names.has('admin'),
|
||||
is_moderator: names.has('admin') || names.has('moderator'),
|
||||
is_suggested: names.has('suggest'),
|
||||
is_local: parsed05?.domain === Conf.url.host,
|
||||
settings_store: undefined as unknown,
|
||||
tags: [...getTagSet(event.user?.tags ?? [], 't')],
|
||||
},
|
||||
nostr: {
|
||||
pubkey,
|
||||
|
|
Loading…
Reference in New Issue