Merge branch 'main' into unfavourite

.gitlab-ci.yml

@@ -1,4 +1,4 @@
-image: denoland/deno:2.2.0
+image: denoland/deno:2.2.2
 
 default:
   interruptible: true
@@ -12,7 +12,7 @@ test:
     - deno fmt --check
     - deno task lint
     - deno task check
-    - deno task test --coverage=cov_profile
+    - deno task test --ignore=packages/transcode --coverage=cov_profile
     - deno coverage cov_profile
   coverage: /All files[^\|]*\|[^\|]*\s+([\d\.]+)/
   services:

.tool-versions

@@ -1 +1 @@
-deno 2.2.0
+deno 2.2.2

Dockerfile

@@ -1,4 +1,4 @@
-FROM denoland/deno:2.2.0
+FROM denoland/deno:2.2.2
 ENV PORT 5000
 
 WORKDIR /app

deno.json

@@ -1,6 +1,7 @@
 {
   "version": "1.1.0",
   "workspace": [
+    "./packages/captcha",
     "./packages/conf",
     "./packages/db",
     "./packages/ditto",
@@ -10,6 +11,7 @@
     "./packages/nip98",
     "./packages/policies",
     "./packages/ratelimiter",
+    "./packages/transcode",
     "./packages/translators",
     "./packages/uploaders"
   ],
@@ -72,6 +74,7 @@
     "@soapbox/logi": "jsr:@soapbox/logi@^0.3.0",
     "@soapbox/safe-fetch": "jsr:@soapbox/safe-fetch@^2.0.0",
     "@std/assert": "jsr:@std/assert@^0.225.1",
+    "@std/async": "jsr:@std/async@^1.0.10",
     "@std/cli": "jsr:@std/cli@^0.223.0",
     "@std/crypto": "jsr:@std/crypto@^0.224.0",
     "@std/encoding": "jsr:@std/encoding@^0.224.0",

deno.lock

@@ -58,6 +58,7 @@
     "jsr:@std/assert@^1.0.10": "1.0.11",
     "jsr:@std/assert@~0.213.1": "0.213.1",
     "jsr:@std/assert@~0.225.1": "0.225.3",
+    "jsr:@std/async@^1.0.10": "1.0.10",
     "jsr:@std/bytes@0.223": "0.223.0",
     "jsr:@std/bytes@0.224": "0.224.0",
     "jsr:@std/bytes@0.224.0": "0.224.0",
@@ -604,6 +605,9 @@
         "jsr:@std/internal@^1.0.5"
       ]
     },
+    "@std/async@1.0.10": {
+      "integrity": "2ff1b1c7d33d1416159989b0f69e59ec7ee8cb58510df01e454def2108b3dbec"
+    },
     "@std/bytes@0.223.0": {
       "integrity": "84b75052cd8680942c397c2631318772b295019098f40aac5c36cead4cba51a8"
     },
@@ -2489,6 +2493,7 @@
       "jsr:@soapbox/logi@0.3",
       "jsr:@soapbox/safe-fetch@2",
       "jsr:@std/assert@~0.225.1",
+      "jsr:@std/async@^1.0.10",
       "jsr:@std/cli@0.223",
       "jsr:@std/crypto@0.224",
       "jsr:@std/encoding@0.224",

packages/captcha/assets.test.ts

@@ -0,0 +1,9 @@
+import { assert } from '@std/assert';
+
+import { getCaptchaImages } from './assets.ts';
+
+Deno.test('getCaptchaImages', async () => {
+  // If this function runs at all, it most likely worked.
+  const { bgImages } = await getCaptchaImages();
+  assert(bgImages.length);
+});

packages/captcha/assets.ts

@@ -0,0 +1,36 @@
+import { type Image, loadImage } from '@gfx/canvas-wasm';
+
+export interface CaptchaImages {
+  bgImages: Image[];
+  puzzleMask: Image;
+  puzzleHole: Image;
+}
+
+export async function getCaptchaImages(): Promise<CaptchaImages> {
+  const bgImages = await getBackgroundImages();
+
+  const puzzleMask = await loadImage(
+    await Deno.readFile(new URL('./assets/puzzle/puzzle-mask.png', import.meta.url)),
+  );
+  const puzzleHole = await loadImage(
+    await Deno.readFile(new URL('./assets/puzzle/puzzle-hole.png', import.meta.url)),
+  );
+
+  return { bgImages, puzzleMask, puzzleHole };
+}
+
+async function getBackgroundImages(): Promise<Image[]> {
+  const path = new URL('./assets/bg/', import.meta.url);
+
+  const images: Image[] = [];
+
+  for await (const dirEntry of Deno.readDir(path)) {
+    if (dirEntry.isFile && dirEntry.name.endsWith('.jpg')) {
+      const file = await Deno.readFile(new URL(dirEntry.name, path));
+      const image = await loadImage(file);
+      images.push(image);
+    }
+  }
+
+  return images;
+}

packages/captcha/canvas.test.ts

@@ -0,0 +1,22 @@
+import { createCanvas } from '@gfx/canvas-wasm';
+import { assertNotEquals } from '@std/assert';
+import { encodeHex } from '@std/encoding/hex';
+
+import { addNoise } from './canvas.ts';
+
+// This is almost impossible to truly test,
+// but we can at least check that the image on the canvas changes.
+Deno.test('addNoise', async () => {
+  const canvas = createCanvas(100, 100);
+  const ctx = canvas.getContext('2d');
+
+  const dataBefore = ctx.getImageData(0, 0, canvas.width, canvas.height);
+  const hashBefore = await crypto.subtle.digest('SHA-256', dataBefore.data);
+
+  addNoise(ctx, canvas.width, canvas.height);
+
+  const dataAfter = ctx.getImageData(0, 0, canvas.width, canvas.height);
+  const hashAfter = await crypto.subtle.digest('SHA-256', dataAfter.data);
+
+  assertNotEquals(encodeHex(hashBefore), encodeHex(hashAfter));
+});

packages/captcha/canvas.ts

@@ -0,0 +1,21 @@
+import type { CanvasRenderingContext2D } from '@gfx/canvas-wasm';
+
+/**
+ * Add a small amount of noise to the image.
+ * This protects against an attacker pregenerating every possible solution and then doing a reverse-lookup.
+ */
+export function addNoise(ctx: CanvasRenderingContext2D, width: number, height: number): void {
+  const imageData = ctx.getImageData(0, 0, width, height);
+
+  // Loop over every pixel.
+  for (let i = 0; i < imageData.data.length; i += 4) {
+    // Add/subtract a small amount from each color channel.
+    // We skip i+3 because that's the alpha channel, which we don't want to modify.
+    for (let j = 0; j < 3; j++) {
+      const alteration = Math.floor(Math.random() * 11) - 5; // Vary between -5 and +5
+      imageData.data[i + j] = Math.min(Math.max(imageData.data[i + j] + alteration, 0), 255);
+    }
+  }
+
+  ctx.putImageData(imageData, 0, 0);
+}

packages/captcha/captcha.test.ts

@@ -0,0 +1,12 @@
+import { getCaptchaImages } from './assets.ts';
+import { generateCaptcha, verifyCaptchaSolution } from './captcha.ts';
+
+Deno.test('generateCaptcha', async () => {
+  const images = await getCaptchaImages();
+  generateCaptcha(images, { w: 370, h: 400 }, { w: 65, h: 65 });
+});
+
+Deno.test('verifyCaptchaSolution', () => {
+  verifyCaptchaSolution({ w: 65, h: 65 }, { x: 0, y: 0 }, { x: 0, y: 0 });
+  verifyCaptchaSolution({ w: 65, h: 65 }, { x: 0, y: 0 }, { x: 10, y: 10 });
+});

packages/captcha/captcha.ts

@@ -0,0 +1,60 @@
+import { createCanvas, type EmulatedCanvas2D } from '@gfx/canvas-wasm';
+
+import { addNoise } from './canvas.ts';
+import { areIntersecting, type Dimensions, type Point } from './geometry.ts';
+
+import type { CaptchaImages } from './assets.ts';
+
+/** Generate a puzzle captcha, returning canvases for the board and piece. */
+export function generateCaptcha(
+  { bgImages, puzzleMask, puzzleHole }: CaptchaImages,
+  bgSize: Dimensions,
+  puzzleSize: Dimensions,
+): {
+  bg: EmulatedCanvas2D;
+  puzzle: EmulatedCanvas2D;
+  solution: Point;
+} {
+  const bg = createCanvas(bgSize.w, bgSize.h);
+  const puzzle = createCanvas(puzzleSize.w, puzzleSize.h);
+
+  const ctx = bg.getContext('2d');
+  const pctx = puzzle.getContext('2d');
+
+  const solution = generateSolution(bgSize, puzzleSize);
+  const bgImage = bgImages[Math.floor(Math.random() * bgImages.length)];
+
+  // Draw the background image.
+  ctx.drawImage(bgImage, 0, 0, bg.width, bg.height);
+  addNoise(ctx, bg.width, bg.height);
+
+  // Draw the puzzle piece.
+  pctx.drawImage(puzzleMask, 0, 0, puzzle.width, puzzle.height);
+  pctx.globalCompositeOperation = 'source-in';
+  pctx.drawImage(bg, solution.x, solution.y, puzzle.width, puzzle.height, 0, 0, puzzle.width, puzzle.height);
+
+  // Draw the hole.
+  ctx.globalCompositeOperation = 'source-atop';
+  ctx.drawImage(puzzleHole, solution.x, solution.y, puzzle.width, puzzle.height);
+
+  return {
+    bg,
+    puzzle,
+    solution,
+  };
+}
+
+export function verifyCaptchaSolution(puzzleSize: Dimensions, point: Point, solution: Point): boolean {
+  return areIntersecting(
+    { ...point, ...puzzleSize },
+    { ...solution, ...puzzleSize },
+  );
+}
+
+/** Random coordinates such that the piece fits within the canvas. */
+function generateSolution(bgSize: Dimensions, puzzleSize: Dimensions): Point {
+  return {
+    x: Math.floor(Math.random() * (bgSize.w - puzzleSize.w)),
+    y: Math.floor(Math.random() * (bgSize.h - puzzleSize.h)),
+  };
+}

packages/captcha/deno.json

@@ -0,0 +1,7 @@
+{
+  "name": "@ditto/captcha",
+  "version": "0.1.0",
+  "exports": {
+    ".": "./mod.ts"
+  }
+}

packages/captcha/geometry.test.ts

@@ -0,0 +1,8 @@
+import { assertEquals } from '@std/assert';
+
+import { areIntersecting } from './geometry.ts';
+
+Deno.test('areIntersecting', () => {
+  assertEquals(areIntersecting({ x: 0, y: 0, w: 10, h: 10 }, { x: 5, y: 5, w: 10, h: 10 }), true);
+  assertEquals(areIntersecting({ x: 0, y: 0, w: 10, h: 10 }, { x: 15, y: 15, w: 10, h: 10 }), false);
+});

packages/captcha/geometry.ts

@@ -0,0 +1,27 @@
+export interface Point {
+  x: number;
+  y: number;
+}
+
+export interface Dimensions {
+  w: number;
+  h: number;
+}
+
+type Rectangle = Point & Dimensions;
+
+/** Check if the two rectangles intersect by at least `threshold` percent. */
+export function areIntersecting(rect1: Rectangle, rect2: Rectangle, threshold = 0.5): boolean {
+  const r1cx = rect1.x + rect1.w / 2;
+  const r2cx = rect2.x + rect2.w / 2;
+
+  const r1cy = rect1.y + rect1.h / 2;
+  const r2cy = rect2.y + rect2.h / 2;
+
+  const dist = Math.sqrt((r2cx - r1cx) ** 2 + (r2cy - r1cy) ** 2);
+
+  const e1 = Math.sqrt(rect1.h ** 2 + rect1.w ** 2) / 2;
+  const e2 = Math.sqrt(rect2.h ** 2 + rect2.w ** 2) / 2;
+
+  return dist <= (e1 + e2) * threshold;
+}

packages/captcha/mod.ts

@@ -0,0 +1,2 @@
+export { getCaptchaImages } from './assets.ts';
+export { generateCaptcha, verifyCaptchaSolution } from './captcha.ts';

packages/conf/DittoConf.test.ts

@@ -29,3 +29,26 @@ Deno.test('DittoConfig defaults', async (t) => {
     assertEquals(config.port, 4036);
   });
 });
+
+Deno.test('DittoConfig with insecure media host', () => {
+  const env = new Map<string, string>([
+    ['LOCAL_DOMAIN', 'https://ditto.test'],
+    ['MEDIA_DOMAIN', 'https://ditto.test'],
+  ]);
+
+  assertThrows(
+    () => new DittoConf(env),
+    Error,
+    'For security reasons, MEDIA_DOMAIN cannot be on the same host as LOCAL_DOMAIN',
+  );
+});
+
+Deno.test('DittoConfig with insecure media host and precheck disabled', () => {
+  const env = new Map<string, string>([
+    ['LOCAL_DOMAIN', 'https://ditto.test'],
+    ['MEDIA_DOMAIN', 'https://ditto.test'],
+    ['DITTO_PRECHECK', 'false'],
+  ]);
+
+  new DittoConf(env);
+});

packages/conf/DittoConf.ts

@@ -13,7 +13,17 @@ import { mergeURLPath } from './utils/url.ts';
 
 /** Ditto application-wide configuration. */
 export class DittoConf {
-  constructor(private env: { get(key: string): string | undefined }) {}
+  constructor(private env: { get(key: string): string | undefined }) {
+    if (this.precheck) {
+      const mediaUrl = new URL(this.mediaDomain);
+
+      if (this.url.host === mediaUrl.host) {
+        throw new Error(
+          'For security reasons, MEDIA_DOMAIN cannot be on the same host as LOCAL_DOMAIN.\n\nTo disable this check, set DITTO_PRECHECK="false"',
+        );
+      }
+    }
+  }
 
   /** Cached parsed admin signer. */
   private _signer: NSecSigner | undefined;
@@ -269,6 +279,11 @@ export class DittoConf {
     return optionalBooleanSchema.parse(this.env.get('MEDIA_ANALYZE')) ?? false;
   }
 
+  /** Whether to transcode uploaded video files with ffmpeg. */
+  get mediaTranscode(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('MEDIA_TRANSCODE')) ?? false;
+  }
+
   /** Max upload size for files in number of bytes. Default 100MiB. */
   get maxUploadSize(): number {
     return Number(this.env.get('MAX_UPLOAD_SIZE') || 100 * 1024 * 1024);
@@ -465,4 +480,19 @@ export class DittoConf {
   get streakWindow(): number {
     return Number(this.env.get('STREAK_WINDOW') || 129600);
   }
+
+  /** Whether to perform security/configuration checks on startup. */
+  get precheck(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('DITTO_PRECHECK')) ?? true;
+  }
+
+  /** Path to `ffmpeg` executable. */
+  get ffmpegPath(): string {
+    return this.env.get('FFMPEG_PATH') || 'ffmpeg';
+  }
+
+  /** Path to `ffprobe` executable. */
+  get ffprobePath(): string {
+    return this.env.get('FFPROBE_PATH') || 'ffprobe';
+  }
 }

packages/conf/deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@ditto/conf",
-  "version": "1.1.0",
+  "version": "0.1.0",
   "exports": {
     ".": "./mod.ts"
   }

packages/db/adapters/TestDB.test.ts

@@ -0,0 +1,25 @@
+import { DittoConf } from '@ditto/conf';
+import { NPostgres } from '@nostrify/db';
+import { genEvent } from '@nostrify/nostrify/test';
+import { assertEquals } from '@std/assert';
+
+import { DittoPolyPg } from './DittoPolyPg.ts';
+import { TestDB } from './TestDB.ts';
+
+Deno.test('TestDB', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+  await store.event(genEvent());
+
+  assertEquals((await store.count([{}])).count, 1);
+
+  await db.clear();
+
+  assertEquals((await store.count([{}])).count, 0);
+});

packages/db/adapters/TestDB.ts

@@ -0,0 +1,49 @@
+import { type Kysely, sql } from 'kysely';
+
+import type { DittoDB } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+/** Wraps another DittoDB implementation to clear all data when disposed. */
+export class TestDB implements DittoDB {
+  constructor(private db: DittoDB) {}
+
+  get kysely(): Kysely<DittoTables> {
+    return this.db.kysely;
+  }
+
+  get poolSize(): number {
+    return this.db.poolSize;
+  }
+
+  get availableConnections(): number {
+    return this.db.availableConnections;
+  }
+
+  migrate(): Promise<void> {
+    return this.db.migrate();
+  }
+
+  listen(channel: string, callback: (payload: string) => void): void {
+    return this.db.listen(channel, callback);
+  }
+
+  /** Truncate all tables. */
+  async clear(): Promise<void> {
+    const query = sql<{ tablename: string }>`select tablename from pg_tables where schemaname = current_schema()`;
+
+    const { rows } = await query.execute(this.db.kysely);
+
+    for (const { tablename } of rows) {
+      if (tablename.startsWith('kysely_')) {
+        continue; // Skip Kysely's internal tables
+      } else {
+        await sql`truncate table ${sql.ref(tablename)} cascade`.execute(this.db.kysely);
+      }
+    }
+  }
+
+  async [Symbol.asyncDispose](): Promise<void> {
+    await this.clear();
+    await this.db[Symbol.asyncDispose]();
+  }
+}

packages/db/deno.json

@@ -1,5 +1,6 @@
 {
   "name": "@ditto/db",
+  "version": "0.1.0",
   "exports": {
     ".": "./mod.ts"
   }

packages/db/mod.ts

@@ -2,6 +2,7 @@ export { DittoPglite } from './adapters/DittoPglite.ts';
 export { DittoPolyPg } from './adapters/DittoPolyPg.ts';
 export { DittoPostgres } from './adapters/DittoPostgres.ts';
 export { DummyDB } from './adapters/DummyDB.ts';
+export { TestDB } from './adapters/TestDB.ts';
 
 export type { DittoDB } from './DittoDB.ts';
 export type { DittoTables } from './DittoTables.ts';

packages/ditto/DittoPush.ts

@@ -14,10 +14,10 @@ export class DittoPush {
   private server: Promise<ApplicationServer | undefined>;
 
   constructor(opts: DittoPushOpts) {
-    const { conf, relay } = opts;
+    const { conf } = opts;
 
     this.server = (async () => {
-      const meta = await getInstanceMetadata(relay);
+      const meta = await getInstanceMetadata(opts);
       const keys = await conf.vapidKeys;
 
       if (keys) {

packages/ditto/app.ts

@@ -1,5 +1,5 @@
 import { DittoConf } from '@ditto/conf';
-import { DittoDB, DittoPolyPg } from '@ditto/db';
+import { DittoPolyPg } from '@ditto/db';
 import { paginationMiddleware, tokenMiddleware, userMiddleware } from '@ditto/mastoapi/middleware';
 import { DittoApp, type DittoEnv } from '@ditto/mastoapi/router';
 import { relayPoolRelaysSizeGauge, relayPoolSubscriptionsSizeGauge } from '@ditto/metrics';
@@ -12,6 +12,7 @@ import { NostrEvent, NostrSigner, NRelay, NUploader } from '@nostrify/nostrify';
 
 import { cron } from '@/cron.ts';
 import { startFirehose } from '@/firehose.ts';
+import { startSentry } from '@/sentry.ts';
 import { DittoAPIStore } from '@/storages/DittoAPIStore.ts';
 import { DittoPgStore } from '@/storages/DittoPgStore.ts';
 import { DittoPool } from '@/storages/DittoPool.ts';
@@ -54,8 +55,6 @@ import {
   adminSetRelaysController,
   deleteZapSplitsController,
   getZapSplitsController,
-  nameRequestController,
-  nameRequestsController,
   statusZapSplitsController,
   updateInstanceController,
   updateZapSplitsController,
@@ -148,24 +147,20 @@ import { rateLimitMiddleware } from '@/middleware/rateLimitMiddleware.ts';
 import { uploaderMiddleware } from '@/middleware/uploaderMiddleware.ts';
 import { translatorMiddleware } from '@/middleware/translatorMiddleware.ts';
 import { logiMiddleware } from '@/middleware/logiMiddleware.ts';
+import dittoNamesRoute from '@/routes/dittoNamesRoute.ts';
+import pleromaAdminPermissionGroupsRoute from '@/routes/pleromaAdminPermissionGroupsRoute.ts';
 import { DittoRelayStore } from '@/storages/DittoRelayStore.ts';
 
 export interface AppEnv extends DittoEnv {
-  Variables: {
-    conf: DittoConf;
+  Variables: DittoEnv['Variables'] & {
     /** Uploader for the user to upload files. */
     uploader?: NUploader;
     /** NIP-98 signed event proving the pubkey is owned by the user. */
     proof?: NostrEvent;
-    /** Kysely instance for the database. */
-    db: DittoDB;
-    /** Base database store. No content filtering. */
-    relay: NRelay;
     /** Normalized pagination params. */
     pagination: { since?: number; until?: number; limit: number };
     /** Translation service. */
     translator?: DittoTranslator;
-    signal: AbortSignal;
     user?: {
       /** Signer to get the logged-in user's pubkey, relays, and to sign events, or `undefined` if the user isn't logged in. */
       signer: NostrSigner;
@@ -182,6 +177,8 @@ type AppController<P extends string = any> = Handler<AppEnv, P, HonoInput, Respo
 
 const conf = new DittoConf(Deno.env);
 
+startSentry(conf);
+
 const db = new DittoPolyPg(conf.databaseUrl, {
   poolSize: conf.pg.poolSize,
   debug: conf.pgliteDebug,
@@ -191,15 +188,15 @@ await db.migrate();
 
 const pgstore = new DittoPgStore({
   db,
-  pubkey: await conf.signer.getPublicKey(),
+  conf,
   timeout: conf.db.timeouts.default,
   notify: conf.notifyEnabled,
 });
 
 const pool = new DittoPool({ conf, relay: pgstore });
-const relay = new DittoRelayStore({ db, conf, relay: pgstore });
+const relay = new DittoRelayStore({ db, conf, pool, relay: pgstore });
 
-await seedZapSplits(relay);
+await seedZapSplits({ conf, relay });
 
 if (conf.firehoseEnabled) {
   startFirehose({
@@ -214,7 +211,7 @@ if (conf.cronEnabled) {
   cron({ conf, db, relay });
 }
 
-const app = new DittoApp({ conf, db, relay }, { strict: false });
+const app = new DittoApp({ conf, db, relay, strict: false });
 
 /** User-provided files in the gitignored `public/` directory. */
 const publicFiles = serveStatic({ root: './public/' });
@@ -443,14 +440,14 @@ app.delete('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions/:emoji', userMi
 app.get('/api/v1/pleroma/admin/config', userMiddleware({ role: 'admin' }), configController);
 app.post('/api/v1/pleroma/admin/config', userMiddleware({ role: 'admin' }), updateConfigController);
 app.delete('/api/v1/pleroma/admin/statuses/:id', userMiddleware({ role: 'admin' }), pleromaAdminDeleteStatusController);
+app.route('/api/v1/pleroma/admin/users/permission_group', pleromaAdminPermissionGroupsRoute);
 
 app.get('/api/v1/admin/ditto/relays', userMiddleware({ role: 'admin' }), adminRelaysController);
 app.put('/api/v1/admin/ditto/relays', userMiddleware({ role: 'admin' }), adminSetRelaysController);
 
 app.put('/api/v1/admin/ditto/instance', userMiddleware({ role: 'admin' }), updateInstanceController);
 
-app.post('/api/v1/ditto/names', userMiddleware(), nameRequestController);
-app.get('/api/v1/ditto/names', userMiddleware(), nameRequestsController);
+app.route('/api/v1/ditto/names', dittoNamesRoute);
 
 app.get('/api/v1/ditto/captcha', rateLimitMiddleware(3, Time.minutes(1)), captchaController);
 app.post(

packages/ditto/caches/pipelineEncounters.ts

@@ -1,3 +0,0 @@
-import { LRUCache } from 'lru-cache';
-
-export const pipelineEncounters = new LRUCache<string, true>({ max: 5000 });

packages/ditto/caches/translationCache.ts

@@ -1,8 +1,8 @@
+import { MastodonTranslation } from '@ditto/mastoapi/types';
 import { LanguageCode } from 'iso-639-1';
 import { LRUCache } from 'lru-cache';
 
 import { Conf } from '@/config.ts';
-import { MastodonTranslation } from '@/entities/MastodonTranslation.ts';
 
 /** Translations LRU cache. */
 export const translationCache = new LRUCache<`${LanguageCode}-${string}`, MastodonTranslation>({

packages/ditto/controllers/api/accounts.ts

@@ -19,7 +19,8 @@ import { hydrateEvents } from '@/storages/hydrate.ts';
 import { bech32ToPubkey } from '@/utils.ts';
 import { addTag, deleteTag, findReplyTag, getTagSet } from '@/utils/tags.ts';
 import { getPubkeysBySearch } from '@/utils/search.ts';
-import { MastodonAccount } from '@/entities/MastodonAccount.ts';
+
+import type { MastodonAccount } from '@ditto/mastoapi/types';
 
 const createAccountSchema = z.object({
   username: z.string().min(1).max(30).regex(/^[a-z0-9_]+$/i),

packages/ditto/controllers/api/admin.ts

@@ -128,7 +128,7 @@ const adminAccountActionSchema = z.object({
 });
 
 const adminActionController: AppController = async (c) => {
-  const { conf, relay } = c.var;
+  const { conf, relay, requestId } = c.var;
 
   const body = await parseBody(c.req.raw);
   const result = adminAccountActionSchema.safeParse(body);
@@ -155,16 +155,17 @@ const adminActionController: AppController = async (c) => {
     n.disabled = true;
     n.suspended = true;
     relay.remove!([{ authors: [authorId] }]).catch((e: unknown) => {
-      logi({ level: 'error', ns: 'ditto.api.admin.account.action', type: data.type, error: errorJson(e) });
+      logi({ level: 'error', ns: 'ditto.api.admin.account.action', type: data.type, requestId, error: errorJson(e) });
     });
   }
   if (data.type === 'revoke_name') {
     n.revoke_name = true;
-    relay.remove!([{ kinds: [30360], authors: [await conf.signer.getPublicKey()], '#p': [authorId] }]).catch(
-      (e: unknown) => {
-        logi({ level: 'error', ns: 'ditto.api.admin.account.action', type: data.type, error: errorJson(e) });
-      },
-    );
+    try {
+      await relay.remove!([{ kinds: [30360], authors: [await conf.signer.getPublicKey()], '#p': [authorId] }]);
+    } catch (e) {
+      logi({ level: 'error', ns: 'ditto.api.admin.account.action', type: data.type, requestId, error: errorJson(e) });
+      return c.json({ error: 'Unexpected runtime error' }, 500);
+    }
   }
 
   await updateUser(authorId, n, c);

packages/ditto/controllers/api/captcha.ts

@@ -1,4 +1,4 @@
-import { CanvasRenderingContext2D, createCanvas, Image, loadImage } from '@gfx/canvas-wasm';
+import { generateCaptcha, getCaptchaImages, verifyCaptchaSolution } from '@ditto/captcha';
 import TTLCache from '@isaacs/ttlcache';
 import { z } from 'zod';
 
@@ -10,13 +10,13 @@ interface Point {
   y: number;
 }
 
-interface Dimensions {
-  w: number;
-  h: number;
-}
+const pointSchema: z.ZodType<Point> = z.object({
+  x: z.number(),
+  y: z.number(),
+});
 
 const captchas = new TTLCache<string, Point>();
-const imagesAsync = getImages();
+const imagesAsync = getCaptchaImages();
 
 const BG_SIZE = { w: 370, h: 400 };
 const PUZZLE_SIZE = { w: 65, h: 65 };
@@ -47,109 +47,6 @@ export const captchaController: AppController = async (c) => {
   });
 };
 
-interface CaptchaImages {
-  bgImages: Image[];
-  puzzleMask: Image;
-  puzzleHole: Image;
-}
-
-async function getImages(): Promise<CaptchaImages> {
-  const bgImages = await getBackgroundImages();
-
-  const puzzleMask = await loadImage(
-    await Deno.readFile(new URL('../../assets/captcha/puzzle-mask.png', import.meta.url)),
-  );
-  const puzzleHole = await loadImage(
-    await Deno.readFile(new URL('../../assets/captcha/puzzle-hole.png', import.meta.url)),
-  );
-
-  return { bgImages, puzzleMask, puzzleHole };
-}
-
-async function getBackgroundImages(): Promise<Image[]> {
-  const path = new URL('../../assets/captcha/bg/', import.meta.url);
-
-  const images: Image[] = [];
-
-  for await (const dirEntry of Deno.readDir(path)) {
-    if (dirEntry.isFile && dirEntry.name.endsWith('.jpg')) {
-      const file = await Deno.readFile(new URL(dirEntry.name, path));
-      const image = await loadImage(file);
-      images.push(image);
-    }
-  }
-
-  return images;
-}
-
-/** Generate a puzzle captcha, returning canvases for the board and piece. */
-function generateCaptcha(
-  { bgImages, puzzleMask, puzzleHole }: CaptchaImages,
-  bgSize: Dimensions,
-  puzzleSize: Dimensions,
-) {
-  const bg = createCanvas(bgSize.w, bgSize.h);
-  const puzzle = createCanvas(puzzleSize.w, puzzleSize.h);
-
-  const ctx = bg.getContext('2d');
-  const pctx = puzzle.getContext('2d');
-
-  const solution = generateSolution(bgSize, puzzleSize);
-  const bgImage = bgImages[Math.floor(Math.random() * bgImages.length)];
-
-  // Draw the background image.
-  ctx.drawImage(bgImage, 0, 0, bg.width, bg.height);
-  addNoise(ctx, bg.width, bg.height);
-
-  // Draw the puzzle piece.
-  pctx.drawImage(puzzleMask, 0, 0, puzzle.width, puzzle.height);
-  pctx.globalCompositeOperation = 'source-in';
-  pctx.drawImage(bg, solution.x, solution.y, puzzle.width, puzzle.height, 0, 0, puzzle.width, puzzle.height);
-
-  // Draw the hole.
-  ctx.globalCompositeOperation = 'source-atop';
-  ctx.drawImage(puzzleHole, solution.x, solution.y, puzzle.width, puzzle.height);
-
-  return {
-    bg,
-    puzzle,
-    solution,
-  };
-}
-
-/**
- * Add a small amount of noise to the image.
- * This protects against an attacker pregenerating every possible solution and then doing a reverse-lookup.
- */
-function addNoise(ctx: CanvasRenderingContext2D, width: number, height: number): void {
-  const imageData = ctx.getImageData(0, 0, width, height);
-
-  // Loop over every pixel.
-  for (let i = 0; i < imageData.data.length; i += 4) {
-    // Add/subtract a small amount from each color channel.
-    // We skip i+3 because that's the alpha channel, which we don't want to modify.
-    for (let j = 0; j < 3; j++) {
-      const alteration = Math.floor(Math.random() * 11) - 5; // Vary between -5 and +5
-      imageData.data[i + j] = Math.min(Math.max(imageData.data[i + j] + alteration, 0), 255);
-    }
-  }
-
-  ctx.putImageData(imageData, 0, 0);
-}
-
-/** Random coordinates such that the piece fits within the canvas. */
-function generateSolution(bgSize: Dimensions, puzzleSize: Dimensions): Point {
-  return {
-    x: Math.floor(Math.random() * (bgSize.w - puzzleSize.w)),
-    y: Math.floor(Math.random() * (bgSize.h - puzzleSize.h)),
-  };
-}
-
-const pointSchema = z.object({
-  x: z.number(),
-  y: z.number(),
-});
-
 /** Verify the captcha solution and sign an event in the database. */
 export const captchaVerifyController: AppController = async (c) => {
   const { user } = c.var;
@@ -168,7 +65,7 @@ export const captchaVerifyController: AppController = async (c) => {
     return c.json({ error: 'Captcha expired' }, { status: 410 });
   }
 
-  const solved = verifySolution(PUZZLE_SIZE, result.data, solution);
+  const solved = verifyCaptchaSolution(PUZZLE_SIZE, result.data, solution);
 
   if (solved) {
     captchas.delete(id);
@@ -178,23 +75,3 @@ export const captchaVerifyController: AppController = async (c) => {
 
   return c.json({ error: 'Incorrect solution' }, { status: 400 });
 };
-
-function verifySolution(puzzleSize: Dimensions, point: Point, solution: Point): boolean {
-  return areIntersecting(
-    { ...point, ...puzzleSize },
-    { ...solution, ...puzzleSize },
-  );
-}
-
-type Rectangle = Point & Dimensions;
-
-function areIntersecting(rect1: Rectangle, rect2: Rectangle, threshold = 0.5) {
-  const r1cx = rect1.x + rect1.w / 2;
-  const r2cx = rect2.x + rect2.w / 2;
-  const r1cy = rect1.y + rect1.h / 2;
-  const r2cy = rect2.y + rect2.h / 2;
-  const dist = Math.sqrt((r2cx - r1cx) ** 2 + (r2cy - r1cy) ** 2);
-  const e1 = Math.sqrt(rect1.h ** 2 + rect1.w ** 2) / 2;
-  const e2 = Math.sqrt(rect2.h ** 2 + rect2.w ** 2) / 2;
-  return dist < (e1 + e2) * threshold;
-}

packages/ditto/controllers/api/cashu.ts

@@ -103,7 +103,7 @@ route.put('/wallet', userMiddleware({ enc: 'nip44' }), async (c) => {
 
 /** Gets a wallet, if it exists. */
 route.get('/wallet', userMiddleware({ enc: 'nip44' }), swapNutzapsMiddleware, async (c) => {
-  const { conf, relay, user, signal } = c.var;
+  const { conf, relay, user, signal, requestId } = c.var;
 
   const pubkey = await user.signer.getPublicKey();
 
@@ -139,7 +139,7 @@ route.get('/wallet', userMiddleware({ enc: 'nip44' }), swapNutzapsMiddleware, as
         return accumulator + current.amount;
       }, 0);
     } catch (e) {
-      logi({ level: 'error', ns: 'ditto.api.cashu.wallet.swap', error: errorJson(e) });
+      logi({ level: 'error', ns: 'ditto.api.cashu.wallet.swap', requestId, error: errorJson(e) });
     }
   }
 

packages/ditto/controllers/api/ditto.ts

@@ -1,19 +1,17 @@
-import { paginated } from '@ditto/mastoapi/pagination';
-import { NostrEvent, NostrFilter, NSchema as n } from '@nostrify/nostrify';
+import { NostrEvent, NSchema as n } from '@nostrify/nostrify';
 import { z } from 'zod';
 
 import { AppController } from '@/app.ts';
 import { DittoEvent } from '@/interfaces/DittoEvent.ts';
 import { getAuthor } from '@/queries.ts';
 import { addTag } from '@/utils/tags.ts';
-import { createEvent, parseBody, updateAdminEvent } from '@/utils/api.ts';
+import { parseBody, updateAdminEvent } from '@/utils/api.ts';
 import { getInstanceMetadata } from '@/utils/instance.ts';
 import { deleteTag } from '@/utils/tags.ts';
 import { DittoZapSplits, getZapSplits } from '@/utils/zap-split.ts';
 import { screenshotsSchema } from '@/schemas/nostr.ts';
-import { booleanParamSchema, percentageSchema } from '@/schema.ts';
+import { percentageSchema } from '@/schema.ts';
 import { hydrateEvents } from '@/storages/hydrate.ts';
-import { renderNameRequest } from '@/views/ditto.ts';
 import { accountFromPubkey } from '@/views/mastodon/accounts.ts';
 import { renderAccount } from '@/views/mastodon/accounts.ts';
 import { updateListAdminEvent } from '@/utils/api.ts';
@@ -81,102 +79,6 @@ function renderRelays(event: NostrEvent): RelayEntity[] {
   }, [] as RelayEntity[]);
 }
 
-const nameRequestSchema = z.object({
-  name: z.string().email(),
-  reason: z.string().max(500).optional(),
-});
-
-export const nameRequestController: AppController = async (c) => {
-  const { conf, relay, user } = c.var;
-
-  const pubkey = await user!.signer.getPublicKey();
-  const result = nameRequestSchema.safeParse(await c.req.json());
-
-  if (!result.success) {
-    return c.json({ error: 'Invalid username', schema: result.error }, 400);
-  }
-
-  const { name, reason } = result.data;
-
-  const [existing] = await relay.query([{ kinds: [3036], authors: [pubkey], '#r': [name.toLowerCase()], limit: 1 }]);
-  if (existing) {
-    return c.json({ error: 'Name request already exists' }, 400);
-  }
-
-  const r: string[][] = [['r', name]];
-
-  if (name !== name.toLowerCase()) {
-    r.push(['r', name.toLowerCase()]);
-  }
-
-  const event = await createEvent({
-    kind: 3036,
-    content: reason,
-    tags: [
-      ...r,
-      ['L', 'nip05.domain'],
-      ['l', name.split('@')[1], 'nip05.domain'],
-      ['p', await conf.signer.getPublicKey()],
-    ],
-  }, c);
-
-  await hydrateEvents({ ...c.var, events: [event] });
-
-  const nameRequest = await renderNameRequest(event);
-  return c.json(nameRequest);
-};
-
-const nameRequestsSchema = z.object({
-  approved: booleanParamSchema.optional(),
-  rejected: booleanParamSchema.optional(),
-});
-
-export const nameRequestsController: AppController = async (c) => {
-  const { conf, relay, user } = c.var;
-  const pubkey = await user!.signer.getPublicKey();
-
-  const params = c.get('pagination');
-  const { approved, rejected } = nameRequestsSchema.parse(c.req.query());
-
-  const filter: NostrFilter = {
-    kinds: [30383],
-    authors: [await conf.signer.getPublicKey()],
-    '#k': ['3036'],
-    '#p': [pubkey],
-    ...params,
-  };
-
-  if (approved) {
-    filter['#n'] = ['approved'];
-  }
-  if (rejected) {
-    filter['#n'] = ['rejected'];
-  }
-
-  const orig = await relay.query([filter]);
-  const ids = new Set<string>();
-
-  for (const event of orig) {
-    const d = event.tags.find(([name]) => name === 'd')?.[1];
-    if (d) {
-      ids.add(d);
-    }
-  }
-
-  if (!ids.size) {
-    return c.json([]);
-  }
-
-  const events = await relay.query([{ kinds: [3036], ids: [...ids], authors: [pubkey] }])
-    .then((events) => hydrateEvents({ ...c.var, events }));
-
-  const nameRequests = await Promise.all(
-    events.map((event) => renderNameRequest(event)),
-  );
-
-  return paginated(c, orig, nameRequests);
-};
-
 const zapSplitSchema = z.record(
   n.id(),
   z.object({
@@ -186,7 +88,8 @@ const zapSplitSchema = z.record(
 );
 
 export const updateZapSplitsController: AppController = async (c) => {
-  const { conf, relay } = c.var;
+  const { conf } = c.var;
+
   const body = await parseBody(c.req.raw);
   const result = zapSplitSchema.safeParse(body);
 
@@ -196,7 +99,7 @@ export const updateZapSplitsController: AppController = async (c) => {
 
   const adminPubkey = await conf.signer.getPublicKey();
 
-  const dittoZapSplit = await getZapSplits(relay, adminPubkey);
+  const dittoZapSplit = await getZapSplits(adminPubkey, c.var);
   if (!dittoZapSplit) {
     return c.json({ error: 'Zap split not activated, restart the server.' }, 404);
   }
@@ -223,7 +126,8 @@ export const updateZapSplitsController: AppController = async (c) => {
 const deleteZapSplitSchema = z.array(n.id()).min(1);
 
 export const deleteZapSplitsController: AppController = async (c) => {
-  const { conf, relay } = c.var;
+  const { conf } = c.var;
+
   const body = await parseBody(c.req.raw);
   const result = deleteZapSplitSchema.safeParse(body);
 
@@ -233,7 +137,7 @@ export const deleteZapSplitsController: AppController = async (c) => {
 
   const adminPubkey = await conf.signer.getPublicKey();
 
-  const dittoZapSplit = await getZapSplits(relay, adminPubkey);
+  const dittoZapSplit = await getZapSplits(adminPubkey, c.var);
   if (!dittoZapSplit) {
     return c.json({ error: 'Zap split not activated, restart the server.' }, 404);
   }
@@ -253,9 +157,9 @@ export const deleteZapSplitsController: AppController = async (c) => {
 };
 
 export const getZapSplitsController: AppController = async (c) => {
-  const { conf, relay } = c.var;
+  const { conf } = c.var;
 
-  const dittoZapSplit: DittoZapSplits | undefined = await getZapSplits(relay, await conf.signer.getPublicKey()) ?? {};
+  const dittoZapSplit: DittoZapSplits | undefined = await getZapSplits(await conf.signer.getPublicKey(), c.var) ?? {};
   if (!dittoZapSplit) {
     return c.json({ error: 'Zap split not activated, restart the server.' }, 404);
   }
@@ -325,7 +229,7 @@ const updateInstanceSchema = z.object({
 });
 
 export const updateInstanceController: AppController = async (c) => {
-  const { conf, relay, signal } = c.var;
+  const { conf } = c.var;
 
   const body = await parseBody(c.req.raw);
   const result = updateInstanceSchema.safeParse(body);
@@ -335,7 +239,7 @@ export const updateInstanceController: AppController = async (c) => {
     return c.json(result.error, 422);
   }
 
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   await updateAdminEvent(
     { kinds: [0], authors: [pubkey], limit: 1 },

packages/ditto/controllers/api/instance.ts

@@ -15,9 +15,9 @@ const features = [
 ];
 
 const instanceV1Controller: AppController = async (c) => {
-  const { conf, relay, signal } = c.var;
+  const { conf } = c.var;
   const { host, protocol } = conf.url;
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   /** Protocol to use for WebSocket URLs, depending on the protocol of the `LOCAL_DOMAIN`. */
   const wsProtocol = protocol === 'http:' ? 'ws:' : 'wss:';
@@ -75,9 +75,9 @@ const instanceV1Controller: AppController = async (c) => {
 };
 
 const instanceV2Controller: AppController = async (c) => {
-  const { conf, relay, signal } = c.var;
+  const { conf } = c.var;
   const { host, protocol } = conf.url;
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   /** Protocol to use for WebSocket URLs, depending on the protocol of the `LOCAL_DOMAIN`. */
   const wsProtocol = protocol === 'http:' ? 'ws:' : 'wss:';
@@ -164,9 +164,7 @@ const instanceV2Controller: AppController = async (c) => {
 };
 
 const instanceDescriptionController: AppController = async (c) => {
-  const { relay, signal } = c.var;
-
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   return c.json({
     content: meta.about,

packages/ditto/controllers/api/media.ts

@@ -21,7 +21,7 @@ const mediaUpdateSchema = z.object({
 });
 
 const mediaController: AppController = async (c) => {
-  const { user, signal } = c.var;
+  const { user, signal, requestId } = c.var;
 
   const pubkey = await user!.signer.getPublicKey();
   const result = mediaBodySchema.safeParse(await parseBody(c.req.raw));
@@ -35,7 +35,7 @@ const mediaController: AppController = async (c) => {
     const media = await uploadFile(c, file, { pubkey, description }, signal);
     return c.json(renderAttachment(media));
   } catch (e) {
-    logi({ level: 'error', ns: 'ditto.api.media', error: errorJson(e) });
+    logi({ level: 'error', ns: 'ditto.api.media', requestId, error: errorJson(e) });
     return c.json({ error: 'Failed to upload file.' }, 500);
   }
 };

packages/ditto/controllers/api/pleroma.ts

@@ -1,15 +1,13 @@
 import { z } from 'zod';
 
 import { type AppController } from '@/app.ts';
-import { configSchema, elixirTupleSchema } from '@/schemas/pleroma-api.ts';
 import { createAdminEvent, updateAdminEvent, updateUser } from '@/utils/api.ts';
 import { lookupPubkey } from '@/utils/lookup.ts';
 import { getPleromaConfigs } from '@/utils/pleroma.ts';
+import { configSchema, elixirTupleSchema } from '@/schemas/pleroma-api.ts';
 
 const frontendConfigController: AppController = async (c) => {
-  const { relay, signal } = c.var;
-
-  const configDB = await getPleromaConfigs(relay, signal);
+  const configDB = await getPleromaConfigs(c.var);
   const frontendConfig = configDB.get(':pleroma', ':frontend_configurations');
 
   if (frontendConfig) {
@@ -25,17 +23,15 @@ const frontendConfigController: AppController = async (c) => {
 };
 
 const configController: AppController = async (c) => {
-  const { relay, signal } = c.var;
-
-  const configs = await getPleromaConfigs(relay, signal);
+  const configs = await getPleromaConfigs(c.var);
   return c.json({ configs, need_reboot: false });
 };
 
 /** Pleroma admin config controller. */
 const updateConfigController: AppController = async (c) => {
-  const { conf, relay, signal } = c.var;
+  const { conf } = c.var;
 
-  const configs = await getPleromaConfigs(relay, signal);
+  const configs = await getPleromaConfigs(c.var);
   const { configs: newConfigs } = z.object({ configs: z.array(configSchema) }).parse(await c.req.json());
 
   configs.merge(newConfigs);

packages/ditto/controllers/api/statuses.ts

@@ -196,7 +196,7 @@ const createStatusController: AppController = async (c) => {
   if (conf.zapSplitsEnabled) {
     const meta = n.json().pipe(n.metadata()).catch({}).parse(author?.content);
     const lnurl = getLnurl(meta);
-    const dittoZapSplit = await getZapSplits(relay, await conf.signer.getPublicKey());
+    const dittoZapSplit = await getZapSplits(await conf.signer.getPublicKey(), c.var);
     if (lnurl && dittoZapSplit) {
       const totalSplit = Object.values(dittoZapSplit).reduce((total, { weight }) => total + weight, 0);
       for (const zapPubkey in dittoZapSplit) {

packages/ditto/controllers/api/streaming.ts

@@ -65,7 +65,8 @@ const limiter = new TTLCache<string, number>();
 const connections = new Set<WebSocket>();
 
 const streamingController: AppController = async (c) => {
-  const { conf, relay, user } = c.var;
+  const { conf, relay, user, requestId } = c.var;
+
   const upgrade = c.req.header('upgrade');
   const token = c.req.header('sec-websocket-protocol');
   const stream = streamSchema.optional().catch(undefined).parse(c.req.query('stream'));
@@ -122,7 +123,7 @@ const streamingController: AppController = async (c) => {
         }
       }
     } catch (e) {
-      logi({ level: 'error', ns: 'ditto.streaming', msg: 'Error in streaming', error: errorJson(e) });
+      logi({ level: 'error', ns: 'ditto.streaming', msg: 'Error in streaming', requestId, error: errorJson(e) });
     }
   }
 

packages/ditto/controllers/api/translate.ts

@@ -1,11 +1,11 @@
 import { cachedTranslationsSizeGauge } from '@ditto/metrics';
+import { MastodonTranslation } from '@ditto/mastoapi/types';
 import { logi } from '@soapbox/logi';
 import { LanguageCode } from 'iso-639-1';
 import { z } from 'zod';
 
 import { AppController } from '@/app.ts';
 import { translationCache } from '@/caches/translationCache.ts';
-import { MastodonTranslation } from '@/entities/MastodonTranslation.ts';
 import { getEvent } from '@/queries.ts';
 import { localeSchema } from '@/schema.ts';
 import { parseBody } from '@/utils/api.ts';
@@ -17,7 +17,7 @@ const translateSchema = z.object({
 });
 
 const translateController: AppController = async (c) => {
-  const { relay, user, signal } = c.var;
+  const { relay, user, signal, requestId } = c.var;
 
   const result = translateSchema.safeParse(await parseBody(c.req.raw));
 
@@ -143,7 +143,7 @@ const translateController: AppController = async (c) => {
     if (e instanceof Error && e.message.includes('not supported')) {
       return c.json({ error: `Translation of source language '${event.language}' not supported` }, 422);
     }
-    logi({ level: 'error', ns: 'ditto.translate', error: errorJson(e) });
+    logi({ level: 'error', ns: 'ditto.translate', requestId, error: errorJson(e) });
     return c.json({ error: 'Service Unavailable' }, 503);
   }
 };

packages/ditto/controllers/api/trends.ts

@@ -7,10 +7,12 @@ import { z } from 'zod';
 import { AppController } from '@/app.ts';
 import { hydrateEvents } from '@/storages/hydrate.ts';
 import { generateDateRange, Time } from '@/utils/time.ts';
-import { PreviewCard, unfurlCardCached } from '@/utils/unfurl.ts';
+import { unfurlCardCached } from '@/utils/unfurl.ts';
 import { errorJson } from '@/utils/log.ts';
 import { renderStatus } from '@/views/mastodon/statuses.ts';
 
+import type { MastodonPreviewCard } from '@ditto/mastoapi/types';
+
 interface TrendHistory {
   day: string;
   accounts: string;
@@ -23,7 +25,7 @@ interface TrendingHashtag {
   history: TrendHistory[];
 }
 
-interface TrendingLink extends PreviewCard {
+interface TrendingLink extends MastodonPreviewCard {
   history: TrendHistory[];
 }
 

packages/ditto/controllers/error.ts

@@ -4,7 +4,10 @@ import { logi } from '@soapbox/logi';
 
 import { errorJson } from '@/utils/log.ts';
 
-export const errorHandler: ErrorHandler = (err, c) => {
+import type { DittoEnv } from '@ditto/mastoapi/router';
+
+export const errorHandler: ErrorHandler<DittoEnv> = (err, c) => {
+  const { requestId } = c.var;
   const { method } = c.req;
   const { pathname } = new URL(c.req.url);
 
@@ -22,7 +25,15 @@ export const errorHandler: ErrorHandler = (err, c) => {
     return c.json({ error: 'The server was unable to respond in a timely manner' }, 500);
   }
 
-  logi({ level: 'error', ns: 'ditto.http', msg: 'Unhandled error', method, pathname, error: errorJson(err) });
+  logi({
+    level: 'error',
+    ns: 'ditto.http',
+    msg: 'Unhandled error',
+    method,
+    pathname,
+    requestId,
+    error: errorJson(err),
+  });
 
   return c.json({ error: 'Something went wrong' }, 500);
 };

packages/ditto/controllers/frontend.ts

@@ -14,6 +14,8 @@ import { renderAccount } from '@/views/mastodon/accounts.ts';
 const META_PLACEHOLDER = '<!--server-generated-meta-->' as const;
 
 export const frontendController: AppMiddleware = async (c) => {
+  const { requestId } = c.var;
+
   c.header('Cache-Control', 'max-age=86400, s-maxage=30, public, stale-if-error=604800');
 
   try {
@@ -26,7 +28,7 @@ export const frontendController: AppMiddleware = async (c) => {
         const meta = renderMetadata(c.req.url, entities);
         return c.html(content.replace(META_PLACEHOLDER, meta));
       } catch (e) {
-        logi({ level: 'error', ns: 'ditto.frontend', msg: 'Error building meta tags', error: errorJson(e) });
+        logi({ level: 'error', ns: 'ditto.frontend', msg: 'Error building meta tags', requestId, error: errorJson(e) });
         return c.html(content);
       }
     }
@@ -40,7 +42,7 @@ async function getEntities(c: AppContext, params: { acct?: string; statusId?: st
   const { relay } = c.var;
 
   const entities: MetadataEntities = {
-    instance: await getInstanceMetadata(relay),
+    instance: await getInstanceMetadata(c.var),
   };
 
   if (params.statusId) {

packages/ditto/controllers/manifest.ts

@@ -3,9 +3,7 @@ import { WebManifestCombined } from '@/types/webmanifest.ts';
 import { getInstanceMetadata } from '@/utils/instance.ts';
 
 export const manifestController: AppController = async (c) => {
-  const { relay, signal } = c.var;
-
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   const manifest: WebManifestCombined = {
     description: meta.about,

packages/ditto/controllers/nostr/relay-info.ts

@@ -4,9 +4,9 @@ import { AppController } from '@/app.ts';
 import { getInstanceMetadata } from '@/utils/instance.ts';
 
 const relayInfoController: AppController = async (c) => {
-  const { conf, relay, signal } = c.var;
+  const { conf } = c.var;
 
-  const meta = await getInstanceMetadata(relay, signal);
+  const meta = await getInstanceMetadata(c.var);
 
   c.res.headers.set('access-control-allow-origin', '*');
 

packages/ditto/controllers/nostr/relay.ts

@@ -11,6 +11,7 @@ import {
   NostrClientMsg,
   NostrClientREQ,
   NostrRelayMsg,
+  NRelay,
   NSchema as n,
 } from '@nostrify/nostrify';
 
@@ -40,8 +41,17 @@ const limiters = {
 /** Connections for metrics purposes. */
 const connections = new Set<WebSocket>();
 
+interface ConnectStreamOpts {
+  conf: DittoConf;
+  relay: NRelay;
+  requestId: string;
+}
+
 /** Set up the Websocket connection. */
-function connectStream(conf: DittoConf, relay: DittoPgStore, socket: WebSocket, ip: string | undefined) {
+function connectStream(socket: WebSocket, ip: string | undefined, opts: ConnectStreamOpts): void {
+  const { conf, requestId } = opts;
+  const relay = opts.relay as DittoPgStore;
+
   const controllers = new Map<string, AbortController>();
 
   if (ip) {
@@ -74,7 +84,7 @@ function connectStream(conf: DittoConf, relay: DittoPgStore, socket: WebSocket,
       const msg = result.data;
       const verb = msg[0];
 
-      logi({ level: 'trace', ns: 'ditto.relay.msg', verb, msg: msg as JsonValue, ip });
+      logi({ level: 'trace', ns: 'ditto.relay.msg', verb, msg: msg as JsonValue, ip, requestId });
       relayMessagesCounter.inc({ verb });
 
       handleMsg(result.data);
@@ -165,7 +175,7 @@ function connectStream(conf: DittoConf, relay: DittoPgStore, socket: WebSocket,
         send(['OK', event.id, false, e.message]);
       } else {
         send(['OK', event.id, false, 'error: something went wrong']);
-        logi({ level: 'error', ns: 'ditto.relay', msg: 'Error in relay', error: errorJson(e), ip });
+        logi({ level: 'error', ns: 'ditto.relay', msg: 'Error in relay', error: errorJson(e), ip, requestId });
       }
     }
   }
@@ -195,7 +205,8 @@ function connectStream(conf: DittoConf, relay: DittoPgStore, socket: WebSocket,
 }
 
 const relayController: AppController = (c, next) => {
-  const { conf, relay } = c.var;
+  const { conf } = c.var;
+
   const upgrade = c.req.header('upgrade');
 
   // NIP-11: https://github.com/nostr-protocol/nips/blob/master/11.md
@@ -214,7 +225,7 @@ const relayController: AppController = (c, next) => {
   }
 
   const { socket, response } = Deno.upgradeWebSocket(c.req.raw);
-  connectStream(conf, relay as DittoPgStore, socket, ip);
+  connectStream(socket, ip, c.var);
 
   return response;
 };

packages/ditto/controllers/well-known/nostr.ts

@@ -5,27 +5,23 @@ import { AppController } from '@/app.ts';
 import { localNip05Lookup } from '@/utils/nip05.ts';
 
 const nameSchema = z.string().min(1).regex(/^[\w.-]+$/);
-const emptyResult: NostrJson = { names: {}, relays: {} };
 
 /**
  * Serves NIP-05's nostr.json.
  * https://github.com/nostr-protocol/nips/blob/master/05.md
  */
 const nostrController: AppController = async (c) => {
-  // If there are no query parameters, this will always return an empty result.
-  if (!Object.entries(c.req.queries()).length) {
-    c.header('Cache-Control', 'max-age=31536000, public, immutable, stale-while-revalidate=86400');
-    return c.json(emptyResult);
+  const result = nameSchema.safeParse(c.req.query('name'));
+
+  if (!result.success) {
+    return c.json({ error: 'Invalid name parameter' }, { status: 422 });
   }
 
-  const result = nameSchema.safeParse(c.req.query('name'));
-  const name = result.success ? result.data : undefined;
+  const name = result.data;
   const pointer = name ? await localNip05Lookup(name, c.var) : undefined;
 
-  if (!name || !pointer) {
-    // Not found, cache for 5 minutes.
-    c.header('Cache-Control', 'max-age=300, public, stale-while-revalidate=30');
-    return c.json(emptyResult);
+  if (!pointer) {
+    return c.json({ names: {}, relays: {} } satisfies NostrJson, { status: 404 });
   }
 
   const { pubkey, relays = [] } = pointer;

packages/ditto/deno.json

@@ -1,5 +1,6 @@
 {
   "name": "@ditto/ditto",
+  "version": "1.1.0",
   "exports": {},
   "imports": {
     "@/": "./",

packages/ditto/middleware/cspMiddleware.ts

@@ -9,7 +9,7 @@ export const cspMiddleware = (): AppMiddleware => {
     const { conf, relay } = c.var;
 
     if (!configDBCache) {
-      configDBCache = getPleromaConfigs(relay);
+      configDBCache = getPleromaConfigs({ conf, relay });
     }
 
     const { host, protocol, origin } = conf.url;

packages/ditto/middleware/logiMiddleware.ts

@@ -1,11 +1,15 @@
-import { MiddlewareHandler } from '@hono/hono';
 import { logi } from '@soapbox/logi';
 
-export const logiMiddleware: MiddlewareHandler = async (c, next) => {
+import type { DittoMiddleware } from '@ditto/mastoapi/router';
+
+export const logiMiddleware: DittoMiddleware = async (c, next) => {
+  const { requestId } = c.var;
   const { method } = c.req;
   const { pathname } = new URL(c.req.url);
 
-  logi({ level: 'info', ns: 'ditto.http.request', method, pathname });
+  const ip = c.req.header('x-real-ip');
+
+  logi({ level: 'info', ns: 'ditto.http.request', method, pathname, ip, requestId });
 
   const start = new Date();
 
@@ -15,5 +19,5 @@ export const logiMiddleware: MiddlewareHandler = async (c, next) => {
   const duration = (end.getTime() - start.getTime()) / 1000;
   const level = c.res.status >= 500 ? 'error' : 'info';
 
-  logi({ level, ns: 'ditto.http.response', method, pathname, status: c.res.status, duration });
+  logi({ level, ns: 'ditto.http.response', method, pathname, status: c.res.status, duration, ip, requestId });
 };

packages/ditto/precheck.ts

@@ -1,22 +0,0 @@
-import { Conf } from '@/config.ts';
-
-/** Ensure the media URL is not on the same host as the local domain. */
-function checkMediaHost() {
-  const { url, mediaDomain } = Conf;
-  const mediaUrl = new URL(mediaDomain);
-
-  if (url.host === mediaUrl.host) {
-    throw new PrecheckError('For security reasons, MEDIA_DOMAIN cannot be on the same host as LOCAL_DOMAIN.');
-  }
-}
-
-/** Error class for precheck errors. */
-class PrecheckError extends Error {
-  constructor(message: string) {
-    super(`${message}\nTo disable this check, set DITTO_PRECHECK="false"`);
-  }
-}
-
-if (Deno.env.get('DITTO_PRECHECK') !== 'false') {
-  checkMediaHost();
-}

packages/ditto/routes/dittoNamesRoute.test.ts

@@ -0,0 +1,59 @@
+import { TestApp } from '@ditto/mastoapi/test';
+import { assertEquals } from '@std/assert';
+
+import route from './dittoNamesRoute.ts';
+
+Deno.test('POST / creates a name request event', async () => {
+  await using app = new TestApp(route);
+  const { conf, relay } = app.var;
+
+  const user = app.user();
+
+  const response = await app.api.post('/', { name: 'Alex@Ditto.pub', reason: 'for testing' });
+
+  assertEquals(response.status, 200);
+
+  const [event] = await relay.query([{ kinds: [3036], authors: [await user.signer.getPublicKey()] }]);
+
+  assertEquals(event?.tags, [
+    ['r', 'Alex@Ditto.pub'],
+    ['r', 'alex@ditto.pub'],
+    ['L', 'nip05.domain'],
+    ['l', 'ditto.pub', 'nip05.domain'],
+    ['p', await conf.signer.getPublicKey()],
+  ]);
+
+  assertEquals(event?.content, 'for testing');
+});
+
+Deno.test('POST / can be called multiple times with the same name', async () => {
+  await using app = new TestApp(route);
+
+  app.user();
+
+  const response1 = await app.api.post('/', { name: 'alex@ditto.pub' });
+  const response2 = await app.api.post('/', { name: 'alex@ditto.pub' });
+
+  assertEquals(response1.status, 200);
+  assertEquals(response2.status, 200);
+});
+
+Deno.test('POST / returns 400 if the name has already been granted', async () => {
+  await using app = new TestApp(route);
+  const { conf, relay } = app.var;
+
+  app.user();
+
+  const grant = await conf.signer.signEvent({
+    kind: 30360,
+    tags: [['d', 'alex@ditto.pub']],
+    content: '',
+    created_at: 0,
+  });
+
+  await relay.event(grant);
+
+  const response = await app.api.post('/', { name: 'alex@ditto.pub' });
+
+  assertEquals(response.status, 400);
+});

packages/ditto/routes/dittoNamesRoute.ts

@@ -0,0 +1,130 @@
+import { paginationMiddleware, userMiddleware } from '@ditto/mastoapi/middleware';
+import { DittoRoute } from '@ditto/mastoapi/router';
+import { z } from 'zod';
+
+import { createEvent } from '@/utils/api.ts';
+import { hydrateEvents } from '@/storages/hydrate.ts';
+import { renderNameRequest } from '@/views/ditto.ts';
+import { booleanParamSchema } from '@/schema.ts';
+import { NostrFilter } from '@nostrify/nostrify';
+
+const nameRequestSchema = z.object({
+  name: z.string().email(),
+  reason: z.string().max(500).optional(),
+});
+
+const route = new DittoRoute();
+
+route.post('/', userMiddleware(), async (c) => {
+  const { conf, relay, user } = c.var;
+
+  const result = nameRequestSchema.safeParse(await c.req.json());
+
+  if (!result.success) {
+    return c.json({ error: 'Invalid username', schema: result.error }, 422);
+  }
+
+  const pubkey = await user.signer.getPublicKey();
+  const adminPubkey = await conf.signer.getPublicKey();
+
+  const { name, reason } = result.data;
+  const [_localpart, domain] = name.split('@');
+
+  if (domain.toLowerCase() !== conf.url.host.toLowerCase()) {
+    return c.json({ error: 'Unsupported domain' }, 422);
+  }
+
+  const d = name.toLowerCase();
+
+  const [grant] = await relay.query([{ kinds: [30360], authors: [adminPubkey], '#d': [d] }]);
+  if (grant) {
+    return c.json({ error: 'Name has already been granted' }, 400);
+  }
+
+  const [pending] = await relay.query([{
+    kinds: [30383],
+    authors: [adminPubkey],
+    '#p': [pubkey],
+    '#k': ['3036'],
+    '#r': [d],
+    '#n': ['pending'],
+    limit: 1,
+  }]);
+  if (pending) {
+    return c.json({ error: 'You have already requested that name, and it is pending approval by staff' }, 400);
+  }
+
+  const tags: string[][] = [['r', name]];
+
+  if (name !== name.toLowerCase()) {
+    tags.push(['r', name.toLowerCase()]);
+  }
+
+  const event = await createEvent({
+    kind: 3036,
+    content: reason,
+    tags: [
+      ...tags,
+      ['L', 'nip05.domain'],
+      ['l', domain.toLowerCase(), 'nip05.domain'],
+      ['p', await conf.signer.getPublicKey()],
+    ],
+  }, c);
+
+  await hydrateEvents({ ...c.var, events: [event] });
+
+  const nameRequest = await renderNameRequest(event);
+  return c.json(nameRequest);
+});
+
+const nameRequestsSchema = z.object({
+  approved: booleanParamSchema.optional(),
+  rejected: booleanParamSchema.optional(),
+});
+
+route.get('/', paginationMiddleware(), userMiddleware(), async (c) => {
+  const { conf, relay, user, pagination } = c.var;
+  const pubkey = await user!.signer.getPublicKey();
+
+  const { approved, rejected } = nameRequestsSchema.parse(c.req.query());
+
+  const filter: NostrFilter = {
+    kinds: [30383],
+    authors: [await conf.signer.getPublicKey()],
+    '#k': ['3036'],
+    '#p': [pubkey],
+    ...pagination,
+  };
+
+  if (approved) {
+    filter['#n'] = ['approved'];
+  }
+  if (rejected) {
+    filter['#n'] = ['rejected'];
+  }
+
+  const orig = await relay.query([filter]);
+  const ids = new Set<string>();
+
+  for (const event of orig) {
+    const d = event.tags.find(([name]) => name === 'd')?.[1];
+    if (d) {
+      ids.add(d);
+    }
+  }
+
+  if (!ids.size) {
+    return c.json([]);
+  }
+
+  const events = await relay.query([{ kinds: [3036], ids: [...ids], authors: [pubkey] }])
+    .then((events) => hydrateEvents({ ...c.var, events }));
+
+  const nameRequests = await Promise.all(
+    events.map((event) => renderNameRequest(event)),
+  );
+
+  return c.var.paginate(orig, nameRequests);
+});
+
+export default route;

packages/ditto/routes/pleromaAdminPermissionGroupsRoute.test.ts

@@ -0,0 +1,68 @@
+import { TestApp } from '@ditto/mastoapi/test';
+import { assertEquals } from '@std/assert';
+import { nip19 } from 'nostr-tools';
+
+import route from './pleromaAdminPermissionGroupsRoute.ts';
+
+Deno.test('POST /admin returns 403 if user is not an admin', async () => {
+  await using app = new TestApp(route);
+
+  app.user();
+
+  const response = await app.api.post('/admin', { nicknames: ['alex@ditto.pub'] });
+
+  assertEquals(response.status, 403);
+});
+
+Deno.test('POST /admin promotes to admin', async () => {
+  await using app = new TestApp(route);
+  const { conf, relay } = app.var;
+
+  await app.admin();
+
+  const pawn = app.createUser();
+  const pubkey = await pawn.signer.getPublicKey();
+
+  const response = await app.api.post('/admin', { nicknames: [nip19.npubEncode(pubkey)] });
+  const json = await response.json();
+
+  assertEquals(response.status, 200);
+  assertEquals(json, { is_admin: true });
+
+  const [event] = await relay.query([{ kinds: [30382], authors: [await conf.signer.getPublicKey()], '#d': [pubkey] }]);
+
+  assertEquals(event.tags, [['d', pubkey], ['n', 'admin']]);
+});
+
+Deno.test('POST /moderator promotes to moderator', async () => {
+  await using app = new TestApp(route);
+  const { conf, relay } = app.var;
+
+  await app.admin();
+
+  const pawn = app.createUser();
+  const pubkey = await pawn.signer.getPublicKey();
+
+  const response = await app.api.post('/moderator', { nicknames: [nip19.npubEncode(pubkey)] });
+  const json = await response.json();
+
+  assertEquals(response.status, 200);
+  assertEquals(json, { is_moderator: true });
+
+  const [event] = await relay.query([{ kinds: [30382], authors: [await conf.signer.getPublicKey()], '#d': [pubkey] }]);
+
+  assertEquals(event.tags, [['d', pubkey], ['n', 'moderator']]);
+});
+
+Deno.test('POST /:group with an invalid group returns 422', async () => {
+  await using app = new TestApp(route);
+
+  await app.admin();
+
+  const pawn = app.createUser();
+  const pubkey = await pawn.signer.getPublicKey();
+
+  const response = await app.api.post('/yolo', { nicknames: [nip19.npubEncode(pubkey)] });
+
+  assertEquals(response.status, 422);
+});

packages/ditto/routes/pleromaAdminPermissionGroupsRoute.ts

@@ -0,0 +1,40 @@
+import { userMiddleware } from '@ditto/mastoapi/middleware';
+import { DittoRoute } from '@ditto/mastoapi/router';
+import { z } from 'zod';
+
+import { parseBody, updateUser } from '@/utils/api.ts';
+import { lookupPubkey } from '@/utils/lookup.ts';
+
+const route = new DittoRoute();
+
+const pleromaPromoteAdminSchema = z.object({
+  nicknames: z.string().array(),
+});
+
+route.post('/:group', userMiddleware({ role: 'admin' }), async (c) => {
+  const body = await parseBody(c.req.raw);
+  const result = pleromaPromoteAdminSchema.safeParse(body);
+  const group = c.req.param('group');
+
+  if (!result.success) {
+    return c.json({ error: 'Bad request', schema: result.error }, 422);
+  }
+
+  if (!['admin', 'moderator'].includes(group)) {
+    return c.json({ error: 'Bad request', schema: 'Invalid group' }, 422);
+  }
+
+  const { data } = result;
+  const { nicknames } = data;
+
+  for (const nickname of nicknames) {
+    const pubkey = await lookupPubkey(nickname, c.var);
+    if (pubkey) {
+      await updateUser(pubkey, { [group]: true }, c);
+    }
+  }
+
+  return c.json({ [`is_${group}`]: true }, 200);
+});
+
+export default route;

packages/ditto/sentry.ts

@@ -1,15 +1,14 @@
 import * as Sentry from '@sentry/deno';
 import { logi } from '@soapbox/logi';
 
-import { Conf } from '@/config.ts';
+import type { DittoConf } from '@ditto/conf';
 
-// Sentry
-if (Conf.sentryDsn) {
-  logi({ level: 'info', ns: 'ditto.sentry', msg: 'Sentry enabled.', enabled: true });
-  Sentry.init({
-    dsn: Conf.sentryDsn,
-    tracesSampleRate: 1.0,
-  });
-} else {
-  logi({ level: 'info', ns: 'ditto.sentry', msg: 'Sentry not configured. Skipping.', enabled: false });
+/** Start Sentry, if configured. */
+export function startSentry(conf: DittoConf): void {
+  if (conf.sentryDsn) {
+    logi({ level: 'info', ns: 'ditto.sentry', msg: 'Sentry enabled.', enabled: true });
+    Sentry.init({ dsn: conf.sentryDsn });
+  } else {
+    logi({ level: 'info', ns: 'ditto.sentry', msg: 'Sentry not configured. Skipping.', enabled: false });
+  }
 }

packages/ditto/server.ts

@@ -1,13 +1,12 @@
+import { DittoConf } from '@ditto/conf';
 import { logi } from '@soapbox/logi';
 
-import '@/precheck.ts';
-import '@/sentry.ts';
-import '@/nostr-wasm.ts';
 import app from '@/app.ts';
-import { Conf } from '@/config.ts';
+
+const conf = new DittoConf(Deno.env);
 
 Deno.serve({
-  port: Conf.port,
+  port: conf.port,
   onListen({ hostname, port }): void {
     logi({ level: 'info', ns: 'ditto.server', msg: `Listening on http://${hostname}:${port}`, hostname, port });
   },

packages/ditto/storages/DittoPgStore.test.ts

@@ -5,7 +5,6 @@ import { generateSecretKey } from 'nostr-tools';
 
 import { RelayError } from '@/RelayError.ts';
 import { eventFixture } from '@/test.ts';
-import { Conf } from '@/config.ts';
 import { DittoPgStore } from '@/storages/DittoPgStore.ts';
 import { createTestDB } from '@/test.ts';
 
@@ -152,7 +151,7 @@ Deno.test("user cannot delete another user's event", async () => {
 
 Deno.test('admin can delete any event', async () => {
   await using db = await createTestDB({ pure: true });
-  const { store } = db;
+  const { conf, store } = db;
 
   const sk = generateSecretKey();
 
@@ -168,7 +167,7 @@ Deno.test('admin can delete any event', async () => {
   assertEquals(await store.query([{ kinds: [1] }]), [two, one]);
 
   await store.event(
-    genEvent({ kind: 5, tags: [['e', one.id]] }, Conf.seckey), // admin sk
+    genEvent({ kind: 5, tags: [['e', one.id]] }, conf.seckey), // admin sk
   );
 
   assertEquals(await store.query([{ kinds: [1] }]), [two]);
@@ -176,12 +175,12 @@ Deno.test('admin can delete any event', async () => {
 
 Deno.test('throws a RelayError when inserting an event deleted by the admin', async () => {
   await using db = await createTestDB({ pure: true });
-  const { store } = db;
+  const { conf, store } = db;
 
   const event = genEvent();
   await store.event(event);
 
-  const deletion = genEvent({ kind: 5, tags: [['e', event.id]] }, Conf.seckey);
+  const deletion = genEvent({ kind: 5, tags: [['e', event.id]] }, conf.seckey);
   await store.event(deletion);
 
   await assertRejects(

packages/ditto/storages/DittoPgStore.ts

@@ -1,5 +1,6 @@
 // deno-lint-ignore-file require-await
 
+import { type DittoConf } from '@ditto/conf';
 import { type DittoDB, type DittoTables } from '@ditto/db';
 import { detectLanguage } from '@ditto/lang';
 import { NPostgres, NPostgresSchema } from '@nostrify/db';
@@ -52,8 +53,8 @@ interface TagConditionOpts {
 interface DittoPgStoreOpts {
   /** Kysely instance to use. */
   db: DittoDB;
-  /** Pubkey of the admin account. */
-  pubkey: string;
+  /** Ditto configuration. */
+  conf: DittoConf;
   /** Timeout in milliseconds for database queries. */
   timeout?: number;
   /** Whether the event returned should be a Nostr event or a Ditto event. Defaults to false. */
@@ -169,9 +170,10 @@ export class DittoPgStore extends NPostgres {
     event: NostrEvent,
     opts: { signal?: AbortSignal; timeout?: number } = {},
   ): Promise<undefined> {
+    const { conf } = this.opts;
     try {
       await super.transaction(async (relay, kysely) => {
-        await updateStats({ event, relay, kysely: kysely as unknown as Kysely<DittoTables> });
+        await updateStats({ conf, relay, kysely: kysely as unknown as Kysely<DittoTables>, event });
         await relay.event(event, opts);
       });
     } catch (e) {
@@ -229,8 +231,11 @@ export class DittoPgStore extends NPostgres {
 
   /** Check if an event has been deleted by the admin. */
   private async isDeletedAdmin(event: NostrEvent): Promise<boolean> {
+    const { conf } = this.opts;
+    const adminPubkey = await conf.signer.getPublicKey();
+
     const filters: NostrFilter[] = [
-      { kinds: [5], authors: [this.opts.pubkey], '#e': [event.id], limit: 1 },
+      { kinds: [5], authors: [adminPubkey], '#e': [event.id], limit: 1 },
     ];
 
     if (NKinds.replaceable(event.kind) || NKinds.parameterizedReplaceable(event.kind)) {
@@ -238,7 +243,7 @@ export class DittoPgStore extends NPostgres {
 
       filters.push({
         kinds: [5],
-        authors: [this.opts.pubkey],
+        authors: [adminPubkey],
         '#a': [`${event.kind}:${event.pubkey}:${d}`],
         since: event.created_at,
         limit: 1,
@@ -251,7 +256,10 @@ export class DittoPgStore extends NPostgres {
 
   /** The DITTO_NSEC can delete any event from the database. NDatabase already handles user deletions. */
   private async deleteEventsAdmin(event: NostrEvent): Promise<void> {
-    if (event.kind === 5 && event.pubkey === this.opts.pubkey) {
+    const { conf } = this.opts;
+    const adminPubkey = await conf.signer.getPublicKey();
+
+    if (event.kind === 5 && event.pubkey === adminPubkey) {
       const ids = new Set(event.tags.filter(([name]) => name === 'e').map(([_name, value]) => value));
       const addrs = new Set(event.tags.filter(([name]) => name === 'a').map(([_name, value]) => value));
 

packages/ditto/storages/DittoRelayStore.test.ts

@@ -2,12 +2,39 @@ import { DittoPolyPg } from '@ditto/db';
 import { DittoConf } from '@ditto/conf';
 import { genEvent, MockRelay } from '@nostrify/nostrify/test';
 import { assertEquals } from '@std/assert';
+import { waitFor } from '@std/async/unstable-wait-for';
 import { generateSecretKey, getPublicKey } from 'nostr-tools';
 
 import { DittoRelayStore } from './DittoRelayStore.ts';
 
 import type { NostrMetadata } from '@nostrify/types';
 
+Deno.test('generates set event for nip05 request', async () => {
+  await using test = setupTest();
+
+  const admin = await test.conf.signer.getPublicKey();
+  const event = genEvent({ kind: 3036, tags: [['r', 'alex@gleasonator.dev'], ['p', admin]] });
+
+  await test.store.event(event);
+
+  const filter = { kinds: [30383], authors: [admin], '#d': [event.id] };
+
+  await waitFor(async () => {
+    const { count } = await test.store.count([filter]);
+    return count > 0;
+  }, 3000);
+
+  const [result] = await test.store.query([filter]);
+
+  assertEquals(result?.tags, [
+    ['d', event.id],
+    ['p', event.pubkey],
+    ['k', '3036'],
+    ['r', 'alex@gleasonator.dev'],
+    ['n', 'pending'],
+  ]);
+});
+
 Deno.test('updateAuthorData sets nip05', async () => {
   const alex = generateSecretKey();
 
@@ -38,20 +65,46 @@ Deno.test('updateAuthorData sets nip05', async () => {
   assertEquals(row?.nip05_hostname, 'gleasonator.dev');
 });
 
-function setupTest(cb: (req: Request) => Response | Promise<Response>) {
+Deno.test('fetchRelated', async () => {
+  await using test = setupTest();
+  const { pool, store } = test;
+
+  const post = genEvent({ kind: 1, content: 'hi' });
+  const reply = genEvent({ kind: 1, content: 'wussup?', tags: [['e', post.id], ['p', post.pubkey]] });
+
+  await pool.event(post);
+  await pool.event(reply);
+
+  await store.event(reply);
+
+  await waitFor(async () => {
+    const { count } = await test.store.count([{ ids: [post.id] }]);
+    return count > 0;
+  }, 3000);
+});
+
+function setupTest(cb?: (req: Request) => Response | Promise<Response>) {
   const conf = new DittoConf(Deno.env);
   const db = new DittoPolyPg(conf.databaseUrl);
+
+  const pool = new MockRelay();
   const relay = new MockRelay();
 
   const mockFetch: typeof fetch = async (input, init) => {
     const req = new Request(input, init);
-    return await cb(req);
+    if (cb) {
+      return await cb(req);
+    } else {
+      return new Response('Not mocked', { status: 404 });
+    }
   };
 
-  const store = new DittoRelayStore({ conf, db, relay, fetch: mockFetch });
+  const store = new DittoRelayStore({ conf, db, pool, relay, fetch: mockFetch });
 
   return {
     db,
+    conf,
+    pool,
     store,
     [Symbol.asyncDispose]: async () => {
       await store[Symbol.asyncDispose]();

packages/ditto/storages/DittoRelayStore.ts

@@ -28,7 +28,7 @@ import { DittoPush } from '@/DittoPush.ts';
 import { DittoEvent } from '@/interfaces/DittoEvent.ts';
 import { RelayError } from '@/RelayError.ts';
 import { hydrateEvents } from '@/storages/hydrate.ts';
-import { eventAge, nostrNow, Time } from '@/utils.ts';
+import { eventAge, isNostrId, nostrNow, Time } from '@/utils.ts';
 import { getAmount } from '@/utils/bolt11.ts';
 import { errorJson } from '@/utils/log.ts';
 import { purifyEvent } from '@/utils/purify.ts';
@@ -46,6 +46,7 @@ import { nip19 } from 'nostr-tools';
 interface DittoRelayStoreOpts {
   db: DittoDB;
   conf: DittoConf;
+  pool: NRelay;
   relay: NRelay;
   fetch?: typeof fetch;
 }
@@ -192,7 +193,12 @@ export class DittoRelayStore implements NRelay {
         this.prewarmLinkPreview(event, signal),
         this.generateSetEvents(event),
       ])
-        .then(() => this.webPush(event))
+        .then(() =>
+          Promise.allSettled([
+            this.webPush(event),
+            this.fetchRelated(event),
+          ])
+        )
         .catch(() => {});
     }
   }
@@ -323,8 +329,42 @@ export class DittoRelayStore implements NRelay {
     }
   }
 
+  private async fetchRelated(event: NostrEvent): Promise<void> {
+    const ids = new Set<string>();
+
+    for (const tag of event.tags) {
+      const [name, value] = tag;
+
+      if ((name === 'e' || name === 'q') && isNostrId(value) && !this.encounters.has(value)) {
+        ids.add(value);
+      }
+    }
+
+    const { db, pool } = this.opts;
+
+    if (ids.size) {
+      const query = db.kysely
+        .selectFrom('nostr_events')
+        .select('id')
+        .where('id', 'in', [...ids]);
+
+      for (const row of await query.execute().catch(() => [])) {
+        ids.delete(row.id);
+      }
+    }
+
+    if (ids.size) {
+      const signal = AbortSignal.timeout(1000);
+
+      for (const event of await pool.query([{ ids: [...ids] }], { signal }).catch(() => [])) {
+        await this.event(event).catch(() => {});
+      }
+    }
+  }
+
   private async prewarmLinkPreview(event: NostrEvent, signal?: AbortSignal): Promise<void> {
-    const { firstUrl } = parseNoteContent(stripimeta(event.content, event.tags), []);
+    const { firstUrl } = parseNoteContent(stripimeta(event.content, event.tags), [], this.opts);
+
     if (firstUrl) {
       await unfurlCardCached(firstUrl, signal);
     }
@@ -357,19 +397,24 @@ export class DittoRelayStore implements NRelay {
     }
 
     if (event.kind === 3036 && tagsAdmin) {
-      const rel = await signer.signEvent({
-        kind: 30383,
-        content: '',
-        tags: [
-          ['d', event.id],
-          ['p', event.pubkey],
-          ['k', '3036'],
-          ['n', 'pending'],
-        ],
-        created_at: Math.floor(Date.now() / 1000),
-      });
+      const r = event.tags.find(([name]) => name === 'r')?.[1];
 
-      await this.event(rel, { signal: AbortSignal.timeout(1000) });
+      if (r) {
+        const rel = await signer.signEvent({
+          kind: 30383,
+          content: '',
+          tags: [
+            ['d', event.id],
+            ['p', event.pubkey],
+            ['k', '3036'],
+            ['r', r.toLowerCase()],
+            ['n', 'pending'],
+          ],
+          created_at: Math.floor(Date.now() / 1000),
+        });
+
+        await this.event(rel, { signal: AbortSignal.timeout(1000) });
+      }
     }
   }
 

packages/ditto/storages/hydrate.ts

@@ -58,17 +58,19 @@ async function hydrateEvents(opts: HydrateOpts): Promise<DittoEvent[]> {
     return result;
   }, new Set<string>());
 
-  const favicons = (
-    await db.kysely
-      .selectFrom('domain_favicons')
-      .select(['domain', 'favicon'])
-      .where('domain', 'in', [...domains])
-      .execute()
-  )
-    .reduce((result, { domain, favicon }) => {
-      result[domain] = favicon;
-      return result;
-    }, {} as Record<string, string>);
+  const favicons: Record<string, string> = domains.size
+    ? (
+      await db.kysely
+        .selectFrom('domain_favicons')
+        .select(['domain', 'favicon'])
+        .where('domain', 'in', [...domains])
+        .execute()
+    )
+      .reduce((result, { domain, favicon }) => {
+        result[domain] = favicon;
+        return result;
+      }, {} as Record<string, string>)
+    : {};
 
   const stats = {
     authors: authorStats,

packages/ditto/test.ts

@@ -1,7 +1,7 @@
+import { DittoConf } from '@ditto/conf';
 import { DittoPolyPg } from '@ditto/db';
 import { NostrEvent } from '@nostrify/nostrify';
 
-import { Conf } from '@/config.ts';
 import { DittoPgStore } from '@/storages/DittoPgStore.ts';
 import { sql } from 'kysely';
 
@@ -13,13 +13,14 @@ export async function eventFixture(name: string): Promise<NostrEvent> {
 
 /** Create a database for testing. It uses `DATABASE_URL`, or creates an in-memory database by default. */
 export async function createTestDB(opts?: { pure?: boolean }) {
-  const db = new DittoPolyPg(Conf.databaseUrl, { poolSize: 1 });
+  const conf = new DittoConf(Deno.env);
+  const db = new DittoPolyPg(conf.databaseUrl, { poolSize: 1 });
   await db.migrate();
 
   const store = new DittoPgStore({
     db,
-    timeout: Conf.db.timeouts.default,
-    pubkey: await Conf.signer.getPublicKey(),
+    conf,
+    timeout: conf.db.timeouts.default,
     pure: opts?.pure ?? false,
     notify: true,
   });
@@ -28,6 +29,7 @@ export async function createTestDB(opts?: { pure?: boolean }) {
     db,
     ...db,
     store,
+    conf,
     kysely: db.kysely,
     [Symbol.asyncDispose]: async () => {
       const { rows } = await sql<

packages/ditto/utils/api.ts

@@ -27,10 +27,10 @@ async function createEvent<E extends (DittoEnv & { Variables: { user?: User } })
   }
 
   const event = await user.signer.signEvent({
-    content: '',
-    created_at: nostrNow(),
-    tags: [],
     ...t,
+    content: t.content ?? '',
+    created_at: t.created_at ?? nostrNow(),
+    tags: t.tags ?? [],
   });
 
   await relay.event(event, { signal, publish: true });
@@ -118,7 +118,7 @@ async function updateAdminEvent<E extends EventStub>(
   return createAdminEvent(fn(prev), c);
 }
 
-function updateUser(pubkey: string, n: Record<string, boolean>, c: AppContext): Promise<NostrEvent> {
+function updateUser(pubkey: string, n: Record<string, boolean>, c: Context): Promise<NostrEvent> {
   return updateNames(30382, pubkey, n, c);
 }
 

packages/ditto/utils/instance.ts

@@ -1,9 +1,10 @@
 import { NostrEvent, NostrMetadata, NSchema as n, NStore } from '@nostrify/nostrify';
 import { z } from 'zod';
 
-import { Conf } from '@/config.ts';
 import { screenshotsSchema, serverMetaSchema } from '@/schemas/nostr.ts';
 
+import type { DittoConf } from '@ditto/conf';
+
 /** Like NostrMetadata, but some fields are required and also contains some extra fields. */
 export interface InstanceMetadata extends NostrMetadata {
   about: string;
@@ -15,10 +16,18 @@ export interface InstanceMetadata extends NostrMetadata {
   screenshots: z.infer<typeof screenshotsSchema>;
 }
 
+interface GetInstanceMetadataOpts {
+  conf: DittoConf;
+  relay: NStore;
+  signal?: AbortSignal;
+}
+
 /** Get and parse instance metadata from the kind 0 of the admin user. */
-export async function getInstanceMetadata(store: NStore, signal?: AbortSignal): Promise<InstanceMetadata> {
-  const [event] = await store.query(
-    [{ kinds: [0], authors: [await Conf.signer.getPublicKey()], limit: 1 }],
+export async function getInstanceMetadata(opts: GetInstanceMetadataOpts): Promise<InstanceMetadata> {
+  const { conf, relay, signal } = opts;
+
+  const [event] = await relay.query(
+    [{ kinds: [0], authors: [await conf.signer.getPublicKey()], limit: 1 }],
     { signal },
   );
 
@@ -33,8 +42,8 @@ export async function getInstanceMetadata(store: NStore, signal?: AbortSignal):
     name: meta.name ?? 'Ditto',
     about: meta.about ?? 'Nostr community server',
     tagline: meta.tagline ?? meta.about ?? 'Nostr community server',
-    email: meta.email ?? `postmaster@${Conf.url.host}`,
-    picture: meta.picture ?? Conf.local('/images/thumbnail.png'),
+    email: meta.email ?? `postmaster@${conf.url.host}`,
+    picture: meta.picture ?? conf.local('/images/thumbnail.png'),
     event,
     screenshots: meta.screenshots ?? [],
   };

packages/ditto/utils/note.test.ts

@@ -1,26 +1,35 @@
+import { DittoConf } from '@ditto/conf';
 import { assertEquals } from '@std/assert';
 
 import { eventFixture } from '@/test.ts';
 import { getMediaLinks, parseNoteContent, stripimeta } from '@/utils/note.ts';
 
 Deno.test('parseNoteContent', () => {
-  const { html, links, firstUrl } = parseNoteContent('Hello, world!', []);
+  const conf = new DittoConf(new Map());
+  const { html, links, firstUrl } = parseNoteContent('Hello, world!', [], { conf });
+
   assertEquals(html, 'Hello, world!');
   assertEquals(links, []);
   assertEquals(firstUrl, undefined);
 });
 
 Deno.test('parseNoteContent parses URLs', () => {
-  const { html } = parseNoteContent('check out my website: https://alexgleason.me', []);
+  const conf = new DittoConf(new Map());
+  const { html } = parseNoteContent('check out my website: https://alexgleason.me', [], { conf });
+
   assertEquals(html, 'check out my website: <a href="https://alexgleason.me">https://alexgleason.me</a>');
 });
 
 Deno.test('parseNoteContent parses bare URLs', () => {
-  const { html } = parseNoteContent('have you seen ditto.pub?', []);
+  const conf = new DittoConf(new Map());
+  const { html } = parseNoteContent('have you seen ditto.pub?', [], { conf });
+
   assertEquals(html, 'have you seen <a href="http://ditto.pub">ditto.pub</a>?');
 });
 
 Deno.test('parseNoteContent parses mentions with apostrophes', () => {
+  const conf = new DittoConf(new Map());
+
   const { html } = parseNoteContent(
     `did you see nostr:nprofile1qqsqgc0uhmxycvm5gwvn944c7yfxnnxm0nyh8tt62zhrvtd3xkj8fhgprdmhxue69uhkwmr9v9ek7mnpw3hhytnyv4mz7un9d3shjqgcwaehxw309ahx7umywf5hvefwv9c8qtmjv4kxz7gpzemhxue69uhhyetvv9ujumt0wd68ytnsw43z7s3al0v's speech?`,
     [{
@@ -29,7 +38,9 @@ Deno.test('parseNoteContent parses mentions with apostrophes', () => {
       acct: 'alex@gleasonator.dev',
       url: 'https://gleasonator.dev/@alex',
     }],
+    { conf },
   );
+
   assertEquals(
     html,
     'did you see <span class="h-card"><a class="u-url mention" href="https://gleasonator.dev/@alex" rel="ugc">@<span>alex@gleasonator.dev</span></a></span>&apos;s speech?',
@@ -37,6 +48,8 @@ Deno.test('parseNoteContent parses mentions with apostrophes', () => {
 });
 
 Deno.test('parseNoteContent parses mentions with commas', () => {
+  const conf = new DittoConf(new Map());
+
   const { html } = parseNoteContent(
     `Sim. Hi nostr:npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p and nostr:npub1gujeqakgt7fyp6zjggxhyy7ft623qtcaay5lkc8n8gkry4cvnrzqd3f67z, any chance to have Cobrafuma as PWA?`,
     [{
@@ -50,7 +63,9 @@ Deno.test('parseNoteContent parses mentions with commas', () => {
       acct: 'patrick@patrickdosreis.com',
       url: 'https://gleasonator.dev/@patrick@patrickdosreis.com',
     }],
+    { conf },
   );
+
   assertEquals(
     html,
     'Sim. Hi <span class="h-card"><a class="u-url mention" href="https://gleasonator.dev/@alex" rel="ugc">@<span>alex@gleasonator.dev</span></a></span> and <span class="h-card"><a class="u-url mention" href="https://gleasonator.dev/@patrick@patrickdosreis.com" rel="ugc">@<span>patrick@patrickdosreis.com</span></a></span>, any chance to have Cobrafuma as PWA?',
@@ -58,19 +73,26 @@ Deno.test('parseNoteContent parses mentions with commas', () => {
 });
 
 Deno.test("parseNoteContent doesn't parse invalid nostr URIs", () => {
-  const { html } = parseNoteContent('nip19 has URIs like nostr:npub and nostr:nevent, etc.', []);
+  const conf = new DittoConf(new Map());
+  const { html } = parseNoteContent('nip19 has URIs like nostr:npub and nostr:nevent, etc.', [], { conf });
   assertEquals(html, 'nip19 has URIs like nostr:npub and nostr:nevent, etc.');
 });
 
 Deno.test('parseNoteContent renders empty for non-profile nostr URIs', () => {
+  const conf = new DittoConf(new Map());
+
   const { html } = parseNoteContent(
     'nostr:nevent1qgsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz3mhxue69uhhztnnwashymtnw3ezucm0d5qzqru8mkz2q4gzsxg99q7pdneyx7n8p5u0afe3ntapj4sryxxmg4gpcdvgce',
     [],
+    { conf },
   );
+
   assertEquals(html, '');
 });
 
 Deno.test("parseNoteContent doesn't fuck up links to my own post", () => {
+  const conf = new DittoConf(new Map());
+
   const { html } = parseNoteContent(
     'Check this post: https://gleasonator.dev/@alex@gleasonator.dev/posts/a8badb480d88f9e7b6a090342279ef47ed0e0a3989ed85f898dfedc6be94225f',
     [{
@@ -79,7 +101,9 @@ Deno.test("parseNoteContent doesn't fuck up links to my own post", () => {
       acct: 'alex@gleasonator.dev',
       url: 'https://gleasonator.dev/@alex',
     }],
+    { conf },
   );
+
   assertEquals(
     html,
     'Check this post: <a href="https://gleasonator.dev/@alex@gleasonator.dev/posts/a8badb480d88f9e7b6a090342279ef47ed0e0a3989ed85f898dfedc6be94225f">https://gleasonator.dev/@alex@gleasonator.dev/posts/a8badb480d88f9e7b6a090342279ef47ed0e0a3989ed85f898dfedc6be94225f</a>',

packages/ditto/utils/note.ts

@@ -3,11 +3,12 @@ import linkifyStr from 'linkify-string';
 import linkify from 'linkifyjs';
 import { nip19, nip27 } from 'nostr-tools';
 
-import { Conf } from '@/config.ts';
-import { MastodonMention } from '@/entities/MastodonMention.ts';
 import { html } from '@/utils/html.ts';
 import { getUrlMediaType, isPermittedMediaType } from '@/utils/media.ts';
 
+import type { DittoConf } from '@ditto/conf';
+import type { MastodonMention } from '@ditto/mastoapi/types';
+
 linkify.registerCustomProtocol('nostr', true);
 linkify.registerCustomProtocol('wss');
 
@@ -20,8 +21,14 @@ interface ParsedNoteContent {
   firstUrl: string | undefined;
 }
 
+interface ParseNoteContentOpts {
+  conf: DittoConf;
+}
+
 /** Convert Nostr content to Mastodon API HTML. Also return parsed data. */
-function parseNoteContent(content: string, mentions: MastodonMention[]): ParsedNoteContent {
+function parseNoteContent(content: string, mentions: MastodonMention[], opts: ParseNoteContentOpts): ParsedNoteContent {
+  const { conf } = opts;
+
   const links = linkify.find(content).filter(({ type }) => type === 'url');
   const firstUrl = links.find(isNonMediaLink)?.href;
 
@@ -29,7 +36,7 @@ function parseNoteContent(content: string, mentions: MastodonMention[]): ParsedN
     render: {
       hashtag: ({ content }) => {
         const tag = content.replace(/^#/, '');
-        const href = Conf.local(`/tags/${tag}`);
+        const href = conf.local(`/tags/${tag}`);
         return html`<a class="mention hashtag" href="${href}" rel="tag"><span>#</span>${tag}</a>`;
       },
       url: ({ attributes, content }) => {
@@ -48,7 +55,7 @@ function parseNoteContent(content: string, mentions: MastodonMention[]): ParsedN
                 const npub = nip19.npubEncode(pubkey);
                 const acct = mention?.acct ?? npub;
                 const name = mention?.acct ?? npub.substring(0, 8);
-                const href = mention?.url ?? Conf.local(`/@${acct}`);
+                const href = mention?.url ?? conf.local(`/@${acct}`);
                 return html`<span class="h-card"><a class="u-url mention" href="${href}" rel="ugc">@<span>${name}</span></a></span>${extra}`;
               } else {
                 return '';

packages/ditto/utils/og-metadata.ts

@@ -1,10 +1,10 @@
 import { nip19 } from 'nostr-tools';
 import { match } from 'path-to-regexp';
 
-import { MastodonAccount } from '@/entities/MastodonAccount.ts';
-import { MastodonStatus } from '@/entities/MastodonStatus.ts';
 import { InstanceMetadata } from '@/utils/instance.ts';
 
+import type { MastodonAccount, MastodonStatus } from '@ditto/mastoapi/types';
+
 export interface MetadataEntities {
   status?: MastodonStatus;
   account?: MastodonAccount;

packages/ditto/utils/pleroma.ts

@@ -1,14 +1,23 @@
 import { NSchema as n, NStore } from '@nostrify/nostrify';
 
-import { Conf } from '@/config.ts';
 import { configSchema } from '@/schemas/pleroma-api.ts';
 import { PleromaConfigDB } from '@/utils/PleromaConfigDB.ts';
 
-export async function getPleromaConfigs(store: NStore, signal?: AbortSignal): Promise<PleromaConfigDB> {
-  const signer = Conf.signer;
+import type { DittoConf } from '@ditto/conf';
+
+interface GetPleromaConfigsOpts {
+  conf: DittoConf;
+  relay: NStore;
+  signal?: AbortSignal;
+}
+
+export async function getPleromaConfigs(opts: GetPleromaConfigsOpts): Promise<PleromaConfigDB> {
+  const { conf, relay, signal } = opts;
+
+  const signer = conf.signer;
   const pubkey = await signer.getPublicKey();
 
-  const [event] = await store.query([{
+  const [event] = await relay.query([{
     kinds: [30078],
     authors: [pubkey],
     '#d': ['pub.ditto.pleroma.config'],

packages/ditto/utils/stats.test.ts

@@ -23,7 +23,7 @@ Deno.test('updateStats with kind 1 increments notes count', async () => {
 
 Deno.test('updateStats with kind 1 increments replies count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const sk = generateSecretKey();
 
@@ -42,7 +42,7 @@ Deno.test('updateStats with kind 1 increments replies count', async () => {
 
 Deno.test('updateStats with kind 5 decrements notes count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const sk = generateSecretKey();
   const pubkey = getPublicKey(sk);
@@ -74,7 +74,7 @@ Deno.test('updateStats with kind 3 increments followers count', async () => {
 
 Deno.test('updateStats with kind 3 decrements followers count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const sk = generateSecretKey();
   const follow = genEvent({ kind: 3, tags: [['p', 'alex']], created_at: 0 }, sk);
@@ -101,7 +101,7 @@ Deno.test('getFollowDiff returns added and removed followers', () => {
 
 Deno.test('updateStats with kind 6 increments reposts count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const note = genEvent({ kind: 1 });
   await updateStats({ ...test, event: note });
@@ -118,7 +118,7 @@ Deno.test('updateStats with kind 6 increments reposts count', async () => {
 
 Deno.test('updateStats with kind 5 decrements reposts count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const note = genEvent({ kind: 1 });
   await updateStats({ ...test, event: note });
@@ -138,7 +138,7 @@ Deno.test('updateStats with kind 5 decrements reposts count', async () => {
 
 Deno.test('updateStats with kind 7 increments reactions count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const note = genEvent({ kind: 1 });
   await updateStats({ ...test, event: note });
@@ -155,7 +155,7 @@ Deno.test('updateStats with kind 7 increments reactions count', async () => {
 
 Deno.test('updateStats with kind 5 decrements reactions count', async () => {
   await using test = await setupTest();
-  const { relay, kysely } = test;
+  const { kysely, relay } = test;
 
   const note = genEvent({ kind: 1 });
   await updateStats({ ...test, event: note });
@@ -175,7 +175,7 @@ Deno.test('updateStats with kind 5 decrements reactions count', async () => {
 
 Deno.test('countAuthorStats counts author stats from the database', async () => {
   await using test = await setupTest();
-  const { relay } = test;
+  const { kysely, relay } = test;
 
   const sk = generateSecretKey();
   const pubkey = getPublicKey(sk);
@@ -184,7 +184,7 @@ Deno.test('countAuthorStats counts author stats from the database', async () =>
   await relay.event(genEvent({ kind: 1, content: 'yolo' }, sk));
   await relay.event(genEvent({ kind: 3, tags: [['p', pubkey]] }));
 
-  await test.kysely.insertInto('author_stats').values({
+  await kysely.insertInto('author_stats').values({
     pubkey,
     search: 'Yolo Lolo',
     notes_count: 0,
@@ -193,7 +193,7 @@ Deno.test('countAuthorStats counts author stats from the database', async () =>
   }).onConflict((oc) => oc.column('pubkey').doUpdateSet({ 'search': 'baka' }))
     .execute();
 
-  const stats = await countAuthorStats({ ...test, pubkey });
+  const stats = await countAuthorStats({ ...test, kysely, pubkey });
 
   assertEquals(stats!.notes_count, 2);
   assertEquals(stats!.followers_count, 1);
@@ -206,9 +206,10 @@ async function setupTest() {
   await db.migrate();
 
   const { kysely } = db;
-  const relay = new NPostgres(kysely);
+  const relay = new NPostgres(db.kysely);
 
   return {
+    conf,
     relay,
     kysely,
     [Symbol.asyncDispose]: async () => {

packages/ditto/utils/stats.ts

@@ -4,40 +4,46 @@ import { Insertable, Kysely, UpdateObject } from 'kysely';
 import { SetRequired } from 'type-fest';
 import { z } from 'zod';
 
-import { Conf } from '@/config.ts';
 import { findQuoteTag, findReplyTag, getTagSet } from '@/utils/tags.ts';
 
+import type { DittoConf } from '@ditto/conf';
+
 interface UpdateStatsOpts {
-  kysely: Kysely<DittoTables>;
+  conf: DittoConf;
   relay: NStore;
+  kysely: Kysely<DittoTables>;
   event: NostrEvent;
   x?: 1 | -1;
 }
 
 /** Handle one event at a time and update relevant stats for it. */
 // deno-lint-ignore require-await
-export async function updateStats({ event, kysely, relay, x = 1 }: UpdateStatsOpts): Promise<void> {
+export async function updateStats(opts: UpdateStatsOpts): Promise<void> {
+  const { event } = opts;
+
   switch (event.kind) {
     case 1:
     case 20:
     case 1111:
     case 30023:
-      return handleEvent1(kysely, event, x);
+      return handleEvent1(opts);
     case 3:
-      return handleEvent3(kysely, event, x, relay);
+      return handleEvent3(opts);
     case 5:
-      return handleEvent5(kysely, event, -1, relay);
+      return handleEvent5(opts);
     case 6:
-      return handleEvent6(kysely, event, x);
+      return handleEvent6(opts);
     case 7:
-      return handleEvent7(kysely, event, x);
+      return handleEvent7(opts);
     case 9735:
-      return handleEvent9735(kysely, event);
+      return handleEvent9735(opts);
   }
 }
 
 /** Update stats for kind 1 event. */
-async function handleEvent1(kysely: Kysely<DittoTables>, event: NostrEvent, x: number): Promise<void> {
+async function handleEvent1(opts: UpdateStatsOpts): Promise<void> {
+  const { conf, kysely, event, x = 1 } = opts;
+
   await updateAuthorStats(kysely, event.pubkey, (prev) => {
     const now = event.created_at;
 
@@ -47,7 +53,7 @@ async function handleEvent1(kysely: Kysely<DittoTables>, event: NostrEvent, x: n
     if (start && end) { // Streak exists.
       if (now <= end) {
         // Streak cannot go backwards in time. Skip it.
-      } else if (now - end > Conf.streakWindow) {
+      } else if (now - end > conf.streakWindow) {
         // Streak is broken. Start a new streak.
         start = now;
         end = now;
@@ -88,7 +94,9 @@ async function handleEvent1(kysely: Kysely<DittoTables>, event: NostrEvent, x: n
 }
 
 /** Update stats for kind 3 event. */
-async function handleEvent3(kysely: Kysely<DittoTables>, event: NostrEvent, x: number, relay: NStore): Promise<void> {
+async function handleEvent3(opts: UpdateStatsOpts): Promise<void> {
+  const { relay, kysely, event, x = 1 } = opts;
+
   const following = getTagSet(event.tags, 'p');
 
   await updateAuthorStats(kysely, event.pubkey, () => ({ following_count: following.size }));
@@ -117,26 +125,34 @@ async function handleEvent3(kysely: Kysely<DittoTables>, event: NostrEvent, x: n
 }
 
 /** Update stats for kind 5 event. */
-async function handleEvent5(kysely: Kysely<DittoTables>, event: NostrEvent, x: -1, relay: NStore): Promise<void> {
+async function handleEvent5(opts: UpdateStatsOpts): Promise<void> {
+  const { relay, event, x = -1 } = opts;
+
   const id = event.tags.find(([name]) => name === 'e')?.[1];
+
   if (id) {
     const [target] = await relay.query([{ ids: [id], authors: [event.pubkey], limit: 1 }]);
     if (target) {
-      await updateStats({ event: target, kysely, relay, x });
+      await updateStats({ ...opts, event: target, x });
     }
   }
 }
 
 /** Update stats for kind 6 event. */
-async function handleEvent6(kysely: Kysely<DittoTables>, event: NostrEvent, x: number): Promise<void> {
+async function handleEvent6(opts: UpdateStatsOpts): Promise<void> {
+  const { kysely, event, x = 1 } = opts;
+
   const id = event.tags.find(([name]) => name === 'e')?.[1];
+
   if (id) {
     await updateEventStats(kysely, id, ({ reposts_count }) => ({ reposts_count: Math.max(0, reposts_count + x) }));
   }
 }
 
 /** Update stats for kind 7 event. */
-async function handleEvent7(kysely: Kysely<DittoTables>, event: NostrEvent, x: number): Promise<void> {
+async function handleEvent7(opts: UpdateStatsOpts): Promise<void> {
+  const { kysely, event, x = 1 } = opts;
+
   const id = event.tags.findLast(([name]) => name === 'e')?.[1];
   const emoji = event.content;
 
@@ -166,12 +182,15 @@ async function handleEvent7(kysely: Kysely<DittoTables>, event: NostrEvent, x: n
 }
 
 /** Update stats for kind 9735 event. */
-async function handleEvent9735(kysely: Kysely<DittoTables>, event: NostrEvent): Promise<void> {
+async function handleEvent9735(opts: UpdateStatsOpts): Promise<void> {
+  const { kysely, event } = opts;
+
   // https://github.com/nostr-protocol/nips/blob/master/57.md#appendix-f-validating-zap-receipts
   const id = event.tags.find(([name]) => name === 'e')?.[1];
   if (!id) return;
 
   const amountSchema = z.coerce.number().int().nonnegative().catch(0);
+
   let amount = 0;
   try {
     const zapRequest = n.json().pipe(n.event()).parse(event.tags.find(([name]) => name === 'description')?.[1]);

packages/ditto/utils/unfurl.ts

@@ -6,10 +6,11 @@ import DOMPurify from 'isomorphic-dompurify';
 import { unfurl } from 'unfurl.js';
 
 import { Conf } from '@/config.ts';
-import { PreviewCard } from '@/entities/PreviewCard.ts';
 import { errorJson } from '@/utils/log.ts';
 
-async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard | null> {
+import type { MastodonPreviewCard } from '@ditto/mastoapi/types';
+
+async function unfurlCard(url: string, signal: AbortSignal): Promise<MastodonPreviewCard | null> {
   try {
     const result = await unfurl(url, {
       fetch: (url) =>
@@ -55,10 +56,10 @@ async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard
 }
 
 /** TTL cache for preview cards. */
-const previewCardCache = new TTLCache<string, Promise<PreviewCard | null>>(Conf.caches.linkPreview);
+const previewCardCache = new TTLCache<string, Promise<MastodonPreviewCard | null>>(Conf.caches.linkPreview);
 
 /** Unfurl card from cache if available, otherwise fetch it. */
-function unfurlCardCached(url: string, signal = AbortSignal.timeout(1000)): Promise<PreviewCard | null> {
+export function unfurlCardCached(url: string, signal = AbortSignal.timeout(1000)): Promise<MastodonPreviewCard | null> {
   const cached = previewCardCache.get(url);
   if (cached !== undefined) {
     return cached;
@@ -69,5 +70,3 @@ function unfurlCardCached(url: string, signal = AbortSignal.timeout(1000)): Prom
     return card;
   }
 }
-
-export { type PreviewCard, unfurlCardCached };

packages/ditto/utils/upload.ts

@@ -1,3 +1,5 @@
+import { analyzeFile, extractVideoFrame, transcodeVideo } from '@ditto/transcode';
+import { ScopedPerformance } from '@esroyo/scoped-performance';
 import { HTTPException } from '@hono/hono/http-exception';
 import { logi } from '@soapbox/logi';
 import { crypto } from '@std/crypto';
@@ -6,7 +8,6 @@ import { encode } from 'blurhash';
 import sharp from 'sharp';
 
 import { AppContext } from '@/app.ts';
-import { Conf } from '@/config.ts';
 import { DittoUpload, dittoUploads } from '@/DittoUploads.ts';
 import { errorJson } from '@/utils/log.ts';
 
@@ -22,7 +23,12 @@ export async function uploadFile(
   meta: FileMeta,
   signal?: AbortSignal,
 ): Promise<DittoUpload> {
-  const uploader = c.get('uploader');
+  using perf = new ScopedPerformance();
+  perf.mark('start');
+
+  const { conf, uploader } = c.var;
+  const { ffmpegPath, ffprobePath, mediaAnalyze, mediaTranscode } = conf;
+
   if (!uploader) {
     throw new HTTPException(500, {
       res: c.json({ error: 'No uploader configured.' }),
@@ -31,11 +37,47 @@ export async function uploadFile(
 
   const { pubkey, description } = meta;
 
-  if (file.size > Conf.maxUploadSize) {
+  if (file.size > conf.maxUploadSize) {
     throw new Error('File size is too large.');
   }
 
+  const [baseType] = file.type.split('/');
+
+  perf.mark('probe-start');
+  const probe = mediaTranscode ? await analyzeFile(file.stream(), { ffprobePath }).catch(() => null) : null;
+  const video = probe?.streams.find((stream) => stream.codec_type === 'video');
+  perf.mark('probe-end');
+
+  perf.mark('transcode-start');
+  if (baseType === 'video' && mediaTranscode) {
+    let needsTranscode = false;
+
+    for (const stream of probe?.streams ?? []) {
+      if (stream.codec_type === 'video' && stream.codec_name !== 'h264') {
+        needsTranscode = true;
+        break;
+      }
+      if (stream.codec_type === 'audio' && stream.codec_name !== 'aac') {
+        needsTranscode = true;
+        break;
+      }
+    }
+
+    if (needsTranscode) {
+      const tmp = new URL('file://' + await Deno.makeTempFile());
+      await Deno.writeFile(tmp, file.stream());
+      const stream = transcodeVideo(tmp, { ffmpegPath });
+      const transcoded = await new Response(stream).bytes();
+      file = new File([transcoded], file.name, { type: 'video/mp4' });
+      await Deno.remove(tmp);
+    }
+  }
+  perf.mark('transcode-end');
+
+  perf.mark('upload-start');
   const tags = await uploader.upload(file, { signal });
+  perf.mark('upload-end');
+
   const url = tags[0][1];
 
   if (description) {
@@ -46,6 +88,8 @@ export async function uploadFile(
   const m = tags.find(([key]) => key === 'm')?.[1];
   const dim = tags.find(([key]) => key === 'dim')?.[1];
   const size = tags.find(([key]) => key === 'size')?.[1];
+  const image = tags.find(([key]) => key === 'image')?.[1];
+  const thumb = tags.find(([key]) => key === 'thumb')?.[1];
   const blurhash = tags.find(([key]) => key === 'blurhash')?.[1];
 
   if (!x) {
@@ -61,34 +105,50 @@ export async function uploadFile(
     tags.push(['size', file.size.toString()]);
   }
 
-  // If the uploader didn't already, try to get a blurhash and media dimensions.
-  // This requires `MEDIA_ANALYZE=true` to be configured because it comes with security tradeoffs.
-  if (Conf.mediaAnalyze && (!blurhash || !dim)) {
+  perf.mark('analyze-start');
+
+  if (baseType === 'video' && mediaAnalyze && mediaTranscode && video && (!image || !thumb)) {
     try {
-      const bytes = await new Response(file.stream()).bytes();
-      const img = sharp(bytes);
+      const tmp = new URL('file://' + await Deno.makeTempFile());
+      await Deno.writeFile(tmp, file.stream());
+      const frame = await extractVideoFrame(tmp, '00:00:01', { ffmpegPath });
+      await Deno.remove(tmp);
+      const [[, url]] = await uploader.upload(new File([frame], 'thumb.jpg', { type: 'image/jpeg' }), { signal });
 
-      const { width, height } = await img.metadata();
-
-      if (!dim && (width && height)) {
-        tags.push(['dim', `${width}x${height}`]);
+      if (!image) {
+        tags.push(['image', url]);
       }
 
-      if (!blurhash && (width && height)) {
-        const pixels = await img
-          .raw()
-          .ensureAlpha()
-          .toBuffer({ resolveWithObject: false })
-          .then((buffer) => new Uint8ClampedArray(buffer));
+      if (!dim) {
+        tags.push(['dim', await getImageDim(frame)]);
+      }
 
-        const blurhash = encode(pixels, width, height, 4, 4);
-        tags.push(['blurhash', blurhash]);
+      if (!blurhash) {
+        tags.push(['blurhash', await getBlurhash(frame)]);
       }
     } catch (e) {
       logi({ level: 'error', ns: 'ditto.upload.analyze', error: errorJson(e) });
     }
   }
 
+  if (baseType === 'image' && mediaAnalyze && (!blurhash || !dim)) {
+    try {
+      const bytes = await new Response(file.stream()).bytes();
+
+      if (!dim) {
+        tags.push(['dim', await getImageDim(bytes)]);
+      }
+
+      if (!blurhash) {
+        tags.push(['blurhash', await getBlurhash(bytes)]);
+      }
+    } catch (e) {
+      logi({ level: 'error', ns: 'ditto.upload.analyze', error: errorJson(e) });
+    }
+  }
+
+  perf.mark('analyze-end');
+
   const upload = {
     id: crypto.randomUUID(),
     url,
@@ -99,5 +159,62 @@ export async function uploadFile(
 
   dittoUploads.set(upload.id, upload);
 
+  const timing = [
+    perf.measure('probe', 'probe-start', 'probe-end'),
+    perf.measure('transcode', 'transcode-start', 'transcode-end'),
+    perf.measure('upload', 'upload-start', 'upload-end'),
+    perf.measure('analyze', 'analyze-start', 'analyze-end'),
+  ].reduce<Record<string, number>>((acc, m) => {
+    const name = m.name.split('::')[1]; // ScopedPerformance uses `::` to separate the name.
+    acc[name] = m.duration / 1000; // Convert to seconds for logging.
+    return acc;
+  }, {});
+
+  perf.mark('end');
+
+  logi({
+    level: 'info',
+    ns: 'ditto.upload',
+    upload: { ...upload, uploadedAt: upload.uploadedAt.toISOString() },
+    timing,
+    duration: perf.measure('total', 'start', 'end').duration / 1000,
+  });
+
   return upload;
 }
+
+async function getImageDim(bytes: Uint8Array): Promise<`${number}x${number}`> {
+  const img = sharp(bytes);
+  const { width, height } = await img.metadata();
+
+  if (!width || !height) {
+    throw new Error('Image metadata is missing.');
+  }
+
+  return `${width}x${height}`;
+}
+
+/** Get a blurhash from an image file. */
+async function getBlurhash(bytes: Uint8Array, maxDim = 64): Promise<string> {
+  const img = sharp(bytes);
+
+  const { width, height } = await img.metadata();
+
+  if (!width || !height) {
+    throw new Error('Image metadata is missing.');
+  }
+
+  const { data, info } = await img
+    .raw()
+    .ensureAlpha()
+    .resize({
+      width: width > height ? undefined : maxDim,
+      height: height > width ? undefined : maxDim,
+      fit: 'inside',
+    })
+    .toBuffer({ resolveWithObject: true });
+
+  const pixels = new Uint8ClampedArray(data);
+
+  return encode(pixels, info.width, info.height, 4, 4);
+}

packages/ditto/utils/zap-split.ts

@@ -1,8 +1,9 @@
-import { Conf } from '@/config.ts';
 import { NSchema as n, NStore } from '@nostrify/nostrify';
 import { nostrNow } from '@/utils.ts';
 import { percentageSchema } from '@/schema.ts';
 
+import type { DittoConf } from '@ditto/conf';
+
 type Pubkey = string;
 type ExtraMessage = string;
 /** Number from 1 to 100, stringified. */
@@ -12,11 +13,18 @@ export type DittoZapSplits = {
   [key: Pubkey]: { weight: splitPercentages; message: ExtraMessage };
 };
 
+interface GetZapSplitsOpts {
+  conf: DittoConf;
+  relay: NStore;
+}
+
 /** Gets zap splits from NIP-78 in DittoZapSplits format. */
-export async function getZapSplits(store: NStore, pubkey: string): Promise<DittoZapSplits | undefined> {
+export async function getZapSplits(pubkey: string, opts: GetZapSplitsOpts): Promise<DittoZapSplits | undefined> {
+  const { relay } = opts;
+
   const zapSplits: DittoZapSplits = {};
 
-  const [event] = await store.query([{
+  const [event] = await relay.query([{
     authors: [pubkey],
     kinds: [30078],
     '#d': ['pub.ditto.zapSplits'],
@@ -36,15 +44,17 @@ export async function getZapSplits(store: NStore, pubkey: string): Promise<Ditto
   return zapSplits;
 }
 
-export async function seedZapSplits(store: NStore) {
-  const zapSplit: DittoZapSplits | undefined = await getZapSplits(store, await Conf.signer.getPublicKey());
+export async function seedZapSplits(opts: GetZapSplitsOpts): Promise<void> {
+  const { conf, relay } = opts;
+
+  const pubkey = await conf.signer.getPublicKey();
+  const zapSplit: DittoZapSplits | undefined = await getZapSplits(pubkey, opts);
 
   if (!zapSplit) {
     const dittoPubkey = '781a1527055f74c1f70230f10384609b34548f8ab6a0a6caa74025827f9fdae5';
     const dittoMsg = 'Official Ditto Account';
 
-    const signer = Conf.signer;
-    const event = await signer.signEvent({
+    const event = await conf.signer.signEvent({
       content: '',
       created_at: nostrNow(),
       kind: 30078,
@@ -54,6 +64,6 @@ export async function seedZapSplits(store: NStore) {
       ],
     });
 
-    await store.event(event);
+    await relay.event(event);
   }
 }

packages/ditto/views/mastodon/accounts.ts

@@ -2,7 +2,6 @@ import { NSchema as n } from '@nostrify/nostrify';
 import { nip19, UnsignedEvent } from 'nostr-tools';
 
 import { Conf } from '@/config.ts';
-import { MastodonAccount } from '@/entities/MastodonAccount.ts';
 import { type DittoEvent } from '@/interfaces/DittoEvent.ts';
 import { metadataSchema } from '@/schemas/nostr.ts';
 import { getLnurl } from '@/utils/lnurl.ts';
@@ -11,6 +10,8 @@ import { getTagSet } from '@/utils/tags.ts';
 import { nostrDate, nostrNow, parseNip05 } from '@/utils.ts';
 import { renderEmojis } from '@/views/mastodon/emojis.ts';
 
+import type { MastodonAccount } from '@ditto/mastoapi/types';
+
 type ToAccountOpts = {
   withSource: true;
   settingsStore: Record<string, unknown> | undefined;
@@ -47,7 +48,7 @@ function renderAccount(event: Omit<DittoEvent, 'id' | 'sig'>, opts: ToAccountOpt
   const parsed05 = stats?.nip05 ? parseNip05(stats.nip05) : undefined;
   const acct = parsed05?.handle || npub;
 
-  const { html } = parseNoteContent(about || '', []);
+  const { html } = parseNoteContent(about || '', [], { conf: Conf });
 
   const fields = _fields
     ?.slice(0, Conf.profileFields.maxFields)
@@ -83,7 +84,7 @@ function renderAccount(event: Omit<DittoEvent, 'id' | 'sig'>, opts: ToAccountOpt
     discoverable: true,
     display_name: name ?? '',
     emojis: renderEmojis(event),
-    fields: fields.map((field) => ({ ...field, value: parseNoteContent(field.value, []).html })),
+    fields: fields.map((field) => ({ ...field, value: parseNoteContent(field.value, [], { conf: Conf }).html })),
     follow_requests_count: 0,
     followers_count: stats?.followers_count ?? 0,
     following_count: stats?.following_count ?? 0,

packages/ditto/views/mastodon/attachments.ts

@@ -1,4 +1,5 @@
-import { MastodonAttachment } from '@/entities/MastodonAttachment.ts';
+import { MastodonAttachment } from '@ditto/mastoapi/types';
+
 import { getUrlMediaType } from '@/utils/media.ts';
 
 /** Render Mastodon media attachment. */
@@ -13,6 +14,8 @@ function renderAttachment(
   const alt = tags.find(([name]) => name === 'alt')?.[1];
   const cid = tags.find(([name]) => name === 'cid')?.[1];
   const dim = tags.find(([name]) => name === 'dim')?.[1];
+  const image = tags.find(([key]) => key === 'image')?.[1];
+  const thumb = tags.find(([key]) => key === 'thumb')?.[1];
   const blurhash = tags.find(([name]) => name === 'blurhash')?.[1];
 
   if (!url) return;
@@ -33,7 +36,7 @@ function renderAttachment(
     id: id ?? url,
     type: getAttachmentType(m ?? ''),
     url,
-    preview_url: url,
+    preview_url: image ?? thumb ?? url,
     remote_url: null,
     description: alt ?? '',
     blurhash: blurhash || null,

packages/ditto/views/mastodon/statuses.ts

@@ -2,9 +2,6 @@ import { NostrEvent, NStore } from '@nostrify/nostrify';
 import { nip19 } from 'nostr-tools';
 
 import { Conf } from '@/config.ts';
-import { MastodonAttachment } from '@/entities/MastodonAttachment.ts';
-import { MastodonMention } from '@/entities/MastodonMention.ts';
-import { MastodonStatus } from '@/entities/MastodonStatus.ts';
 import { type DittoEvent } from '@/interfaces/DittoEvent.ts';
 import { nostrDate } from '@/utils.ts';
 import { getMediaLinks, parseNoteContent, stripimeta } from '@/utils/note.ts';
@@ -14,6 +11,8 @@ import { accountFromPubkey, renderAccount } from '@/views/mastodon/accounts.ts';
 import { renderAttachment } from '@/views/mastodon/attachments.ts';
 import { renderEmojis } from '@/views/mastodon/emojis.ts';
 
+import { MastodonAttachment, MastodonMention, MastodonStatus } from '@ditto/mastoapi/types';
+
 interface RenderStatusOpts {
   viewerPubkey?: string;
   depth?: number;
@@ -43,7 +42,7 @@ async function renderStatus(
 
   const mentions = event.mentions?.map((event) => renderMention(event)) ?? [];
 
-  const { html, links, firstUrl } = parseNoteContent(stripimeta(event.content, event.tags), mentions);
+  const { html, links, firstUrl } = parseNoteContent(stripimeta(event.content, event.tags), mentions, { conf: Conf });
 
   const [card, relatedEvents] = await Promise
     .all([

packages/ditto/workers/policy.test.ts

@@ -0,0 +1,14 @@
+import { DittoConf } from '@ditto/conf';
+import { generateSecretKey, nip19 } from 'nostr-tools';
+
+import { PolicyWorker } from './policy.ts';
+
+Deno.test('PolicyWorker', () => {
+  const conf = new DittoConf(
+    new Map([
+      ['DITTO_NSEC', nip19.nsecEncode(generateSecretKey())],
+    ]),
+  );
+
+  new PolicyWorker(conf);
+});

packages/ditto/workers/policy.ts

@@ -3,6 +3,8 @@ import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/nostrify';
 import { logi } from '@soapbox/logi';
 import * as Comlink from 'comlink';
 
+import { errorJson } from '@/utils/log.ts';
+
 import type { CustomPolicy } from '@/workers/policy.worker.ts';
 
 export class PolicyWorker implements NPolicy {
@@ -85,6 +87,15 @@ export class PolicyWorker implements NPolicy {
         return;
       }
 
+      logi({
+        level: 'error',
+        ns: 'ditto.system.policy',
+        msg: 'Failed to load custom policy',
+        path: conf.policy,
+        error: errorJson(e),
+        enabled: false,
+      });
+
       throw new Error(`DITTO_POLICY (error importing policy): ${conf.policy}`);
     }
   }

packages/ditto/workers/policy.worker.ts

@@ -1,9 +1,11 @@
+import { DittoConf } from '@ditto/conf';
 import { DittoPolyPg } from '@ditto/db';
 import '@soapbox/safe-fetch/load';
 import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/nostrify';
 import { ReadOnlyPolicy } from '@nostrify/policies';
 import * as Comlink from 'comlink';
 
+import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts';
 import { DittoPgStore } from '@/storages/DittoPgStore.ts';
 
 // @ts-ignore Don't try to access the env from this worker.
@@ -32,9 +34,18 @@ export class CustomPolicy implements NPolicy {
 
     const db = new DittoPolyPg(databaseUrl, { poolSize: 1 });
 
+    const conf = new Proxy(new DittoConf(new Map()), {
+      get(target, prop) {
+        if (prop === 'signer') {
+          return new ReadOnlySigner(pubkey);
+        }
+        return Reflect.get(target, prop);
+      },
+    });
+
     const store = new DittoPgStore({
       db,
-      pubkey,
+      conf,
       timeout: 5_000,
     });
 

packages/ditto/workers/verify.worker.ts

@@ -3,7 +3,6 @@ import * as Comlink from 'comlink';
 import { VerifiedEvent, verifyEvent } from 'nostr-tools';
 
 import '@/nostr-wasm.ts';
-import '@/sentry.ts';
 
 export const VerifyWorker = {
   verifyEvent(event: NostrEvent): event is VerifiedEvent {

packages/lang/deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@ditto/lang",
-  "version": "1.1.0",
+  "version": "0.1.0",
   "exports": {
     ".": "./language.ts"
   }

packages/mastoapi/deno.json

@@ -1,10 +1,11 @@
 {
   "name": "@ditto/mastoapi",
-  "version": "1.1.0",
+  "version": "0.1.0",
   "exports": {
     "./middleware": "./middleware/mod.ts",
     "./pagination": "./pagination/mod.ts",
     "./router": "./router/mod.ts",
-    "./test": "./test.ts"
+    "./test": "./test.ts",
+    "./types": "./types/mod.ts"
   }
 }

packages/mastoapi/middleware/userMiddleware.test.ts

@@ -1,21 +1,26 @@
-import { setUser, testApp } from '@ditto/mastoapi/test';
+import { TestApp } from '@ditto/mastoapi/test';
 import { assertEquals } from '@std/assert';
 
 import { userMiddleware } from './userMiddleware.ts';
 import { ReadOnlySigner } from '../signers/ReadOnlySigner.ts';
 
 Deno.test('no user 401', async () => {
-  const { app } = testApp();
+  await using app = new TestApp();
   const response = await app.use(userMiddleware()).request('/');
   assertEquals(response.status, 401);
 });
 
 Deno.test('unsupported signer 400', async () => {
-  const { app, relay } = testApp();
-  const signer = new ReadOnlySigner('0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd');
+  await using app = new TestApp();
+
+  const user = {
+    signer: new ReadOnlySigner('0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd'),
+    relay: app.var.relay,
+  };
+
+  app.user(user);
 
   const response = await app
-    .use(setUser({ signer, relay }))
     .use(userMiddleware({ enc: 'nip44' }))
     .use((c, next) => {
       c.var.user.signer.nip44.encrypt; // test that the type is set
@@ -27,10 +32,11 @@ Deno.test('unsupported signer 400', async () => {
 });
 
 Deno.test('with user 200', async () => {
-  const { app, user } = testApp();
+  await using app = new TestApp();
+
+  app.user();
 
   const response = await app
-    .use(setUser(user))
     .use(userMiddleware())
     .get('/', (c) => c.text('ok'))
     .request('/');
@@ -39,10 +45,11 @@ Deno.test('with user 200', async () => {
 });
 
 Deno.test('user and role 403', async () => {
-  const { app, user } = testApp();
+  await using app = new TestApp();
+
+  app.user();
 
   const response = await app
-    .use(setUser(user))
     .use(userMiddleware({ role: 'admin' }))
     .request('/');
 
@@ -50,7 +57,10 @@ Deno.test('user and role 403', async () => {
 });
 
 Deno.test('admin role 200', async () => {
-  const { conf, app, user, relay } = testApp();
+  await using app = new TestApp();
+  const { conf, relay } = app.var;
+
+  const user = app.user();
 
   const event = await conf.signer.signEvent({
     kind: 30382,
@@ -65,7 +75,6 @@ Deno.test('admin role 200', async () => {
   await relay.event(event);
 
   const response = await app
-    .use(setUser(user))
     .use(userMiddleware({ role: 'admin' }))
     .get('/', (c) => c.text('ok'))
     .request('/');