mirror/ditto
mirror/ditto
1
0
Fork 0
mirror of https://gitlab.com/soapbox-pub/ditto.git synced 2025-12-06 11:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into fix-statuses-posts-pagination

Browse source
This commit is contained in:
P. Reis 2024-10-27 15:39:39 -03:00
commit a690a2ff6f
9 changed files with 67 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitlab-ci.yml
View file

@ -1,4 +1,4 @@
image: denoland/deno:2.0.2
image: denoland/deno:2.0.3
default:
interruptible: true

2
.tool-versions
View file

@ -1 +1 @@
deno 2.0.2
deno 2.0.3

4
Dockerfile
View file

@ -1,10 +1,10 @@
FROM denoland/deno:2.0.0
FROM denoland/deno:2.0.3
ENV PORT 5000
WORKDIR /app
RUN mkdir -p data && chown -R deno data
COPY . .
RUN deno cache src/server.ts
RUN deno cache --allow-import src/server.ts
RUN apt-get update && apt-get install -y unzip curl
RUN deno task soapbox
CMD deno task start

8
src/controllers/api/oauth.ts
View file

@ -111,7 +111,7 @@ const revokeTokenController: AppController = async (c) => {
};
async function getToken(
{ pubkey, secret, relays = [] }: { pubkey: string; secret?: string; relays?: string[] },
{ pubkey: bunkerPubkey, secret, relays = [] }: { pubkey: string; secret?: string; relays?: string[] },
): Promise<`token1${string}`> {
const kysely = await Storages.kysely();
const { token, hash } = await generateToken();
@ -119,17 +119,19 @@ async function getToken(
const nip46Seckey = generateSecretKey();
const signer = new NConnectSigner({
pubkey,
pubkey: bunkerPubkey,
signer: new NSecSigner(nip46Seckey),
relay: await Storages.pubsub(), // TODO: Use the relays from the request.
timeout: 60_000,
});
await signer.connect(secret);
const userPubkey = await signer.getPublicKey();
await kysely.insertInto('auth_tokens').values({
token_hash: hash,
pubkey,
pubkey: userPubkey,
bunker_pubkey: bunkerPubkey,
nip46_sk_enc: await aesEncrypt(Conf.seckey, nip46Seckey),
nip46_relays: relays,
created_at: new Date(),

1
src/db/DittoTables.ts
View file

@ -37,6 +37,7 @@ interface EventStatsRow {
interface AuthTokenRow {
token_hash: Uint8Array;
pubkey: string;
bunker_pubkey: string;
nip46_sk_enc: Uint8Array;
nip46_relays: string[];
created_at: Date;

22
src/db/migrations/040_add_bunker_pubkey.ts Normal file
View file

@ -0,0 +1,22 @@
import { Kysely } from 'kysely';
export async function up(db: Kysely<any>): Promise<void> {
await db.schema
.alterTable('auth_tokens')
.addColumn('bunker_pubkey', 'char(64)')
.execute();
await db.updateTable('auth_tokens').set((eb) => ({ bunker_pubkey: eb.ref('pubkey') })).execute();
await db.schema
.alterTable('auth_tokens')
.alterColumn('bunker_pubkey', (col) => col.setNotNull())
.execute();
}
export async function down(db: Kysely<any>): Promise<void> {
await db.schema
.alterTable('auth_tokens')
.dropColumn('bunker_pubkey')
.execute();
}

14
src/middleware/signerMiddleware.ts
View file

@ -26,15 +26,23 @@ export const signerMiddleware: AppMiddleware = async (c, next) => {
const kysely = await Storages.kysely();
const tokenHash = await getTokenHash(bech32 as `token1${string}`);
const { pubkey, nip46_sk_enc, nip46_relays } = await kysely
const { pubkey: userPubkey, bunker_pubkey: bunkerPubkey, nip46_sk_enc, nip46_relays } = await kysely
.selectFrom('auth_tokens')
.select(['pubkey', 'nip46_sk_enc', 'nip46_relays'])
.select(['pubkey', 'bunker_pubkey', 'nip46_sk_enc', 'nip46_relays'])
.where('token_hash', '=', tokenHash)
.executeTakeFirstOrThrow();
const nep46Seckey = await aesDecrypt(Conf.seckey, nip46_sk_enc);
c.set('signer', new ConnectSigner(pubkey, new NSecSigner(nep46Seckey), nip46_relays));
c.set(
'signer',
new ConnectSigner({
bunkerPubkey,
userPubkey,
signer: new NSecSigner(nep46Seckey),
relays: nip46_relays,
}),
);
} catch {
throw new HTTPException(401);
}

37
src/signers/ConnectSigner.ts
View file

@ -4,6 +4,13 @@ import { NConnectSigner, NostrEvent, NostrSigner } from '@nostrify/nostrify';
import { Storages } from '@/storages.ts';
interface ConnectSignerOpts {
bunkerPubkey: string;
userPubkey: string;
signer: NostrSigner;
relays?: string[];
}
/**
* NIP-46 signer.
*
@ -12,13 +19,13 @@ import { Storages } from '@/storages.ts';
export class ConnectSigner implements NostrSigner {
private signer: Promise<NConnectSigner>;
constructor(private pubkey: string, signer: NostrSigner, private relays?: string[]) {
this.signer = this.init(signer);
constructor(private opts: ConnectSignerOpts) {
this.signer = this.init(opts.signer);
}
async init(signer: NostrSigner): Promise<NConnectSigner> {
return new NConnectSigner({
pubkey: this.pubkey,
pubkey: this.opts.bunkerPubkey,
// TODO: use a remote relay for `nprofile` signing (if present and `Conf.relay` isn't already in the list)
relay: await Storages.pubsub(),
signer,
@ -30,8 +37,8 @@ export class ConnectSigner implements NostrSigner {
const signer = await this.signer;
try {
return await signer.signEvent(event);
} catch (e: any) {
if (e.name === 'AbortError') {
} catch (e) {
if (e instanceof Error && e.name === 'AbortError') {
throw new HTTPException(408, { message: 'The event was not signed quickly enough' });
} else {
throw e;
@ -44,8 +51,8 @@ export class ConnectSigner implements NostrSigner {
const signer = await this.signer;
try {
return await signer.nip04.encrypt(pubkey, plaintext);
} catch (e: any) {
if (e.name === 'AbortError') {
} catch (e) {
if (e instanceof Error && e.name === 'AbortError') {
throw new HTTPException(408, {
message: 'Text was not encrypted quickly enough',
});
@ -59,8 +66,8 @@ export class ConnectSigner implements NostrSigner {
const signer = await this.signer;
try {
return await signer.nip04.decrypt(pubkey, ciphertext);
} catch (e: any) {
if (e.name === 'AbortError') {
} catch (e) {
if (e instanceof Error && e.name === 'AbortError') {
throw new HTTPException(408, {
message: 'Text was not decrypted quickly enough',
});
@ -76,8 +83,8 @@ export class ConnectSigner implements NostrSigner {
const signer = await this.signer;
try {
return await signer.nip44.encrypt(pubkey, plaintext);
} catch (e: any) {
if (e.name === 'AbortError') {
} catch (e) {
if (e instanceof Error && e.name === 'AbortError') {
throw new HTTPException(408, {
message: 'Text was not encrypted quickly enough',
});
@ -91,8 +98,8 @@ export class ConnectSigner implements NostrSigner {
const signer = await this.signer;
try {
return await signer.nip44.decrypt(pubkey, ciphertext);
} catch (e: any) {
if (e.name === 'AbortError') {
} catch (e) {
if (e instanceof Error && e.name === 'AbortError') {
throw new HTTPException(408, {
message: 'Text was not decrypted quickly enough',
});
@ -105,12 +112,12 @@ export class ConnectSigner implements NostrSigner {
// Prevent unnecessary NIP-46 round-trips.
async getPublicKey(): Promise<string> {
return this.pubkey;
return this.opts.userPubkey;
}
/** Get the user's relays if they passed in an `nprofile` auth token. */
async getRelays(): Promise<Record<string, { read: boolean; write: boolean }>> {
return this.relays?.reduce<Record<string, { read: boolean; write: boolean }>>((acc, relay) => {
return this.opts.relays?.reduce<Record<string, { read: boolean; write: boolean }>>((acc, relay) => {
acc[relay] = { read: true, write: true };
return acc;
}, {}) ?? {};

4
src/storages/EventsDB.ts
View file

@ -321,13 +321,13 @@ class EventsDB extends NPostgres {
}
if (domains.size) {
const query = this.opts.kysely
let query = this.opts.kysely
.selectFrom('pubkey_domains')
.select('pubkey')
.where('domain', 'in', [...domains]);
if (filter.authors) {
query.where('pubkey', 'in', filter.authors); // isn't Kysely immutable?
query = query.where('pubkey', 'in', filter.authors);
}
const pubkeys = await query.execute().then((rows) => rows.map((row) => row.pubkey));