diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a34ac38d7..b1d52e8b3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -79,7 +79,7 @@ jobs: - run: corepack enable - run: pnpm i --frozen-lockfile - name: Restore eslint cache - uses: actions/cache@v4.2.1 + uses: actions/cache@v4.2.2 with: path: ${{ env.eslint-cache-path }} key: eslint-${{ env.eslint-cache-version }}-${{ matrix.workspace }}-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ github.ref_name }}-${{ github.sha }} diff --git a/.github/workflows/test-federation.yml b/.github/workflows/test-federation.yml index e7b5d7b09..0b71325de 100644 --- a/.github/workflows/test-federation.yml +++ b/.github/workflows/test-federation.yml @@ -62,14 +62,30 @@ jobs: bash ./setup.sh sudo chmod 644 ./certificates/*.test.key - name: Start servers + id: start_servers + continue-on-error: true # https://github.com/docker/compose/issues/1294#issuecomment-374847206 run: | cd packages/backend/test-federation docker compose up -d --scale tester=0 + - name: Print start_servers error + if: ${{ steps.start_servers.outcome == 'failure' }} + run: | + cd packages/backend/test-federation + docker compose logs | tail -n 300 + exit 1 - name: Test + id: test + continue-on-error: true run: | cd packages/backend/test-federation docker compose run --no-deps tester + - name: Log + if: ${{ steps.test.outcome == 'failure' }} + run: | + cd packages/backend/test-federation + docker compose logs + exit 1 - name: Stop servers run: | cd packages/backend/test-federation diff --git a/CHANGELOG.md b/CHANGELOG.md index 53cf1b0cc..197de5aec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,25 @@ +## 2025.3.0 + +### General +- Enhance: プロキシアカウントをシステムアカウントとして作成するように +- Enhance: OAuthで外部アプリからロゴが提供されている場合、それを表示できるように + 書式は https://indieauth.spec.indieweb.org/20220212/#example-2 に準じます。 +- Fix: システムアカウントが削除できる問題を修正 + +### Client +- Enhance: モデレーターがセンシティブ設定を変更する際に確認ダイアログを出すように +- Enhance: 「UIのアニメーションを減らす」で画面上のエフェクトも減らせるように +- Enhance: 投稿フォームにおける、メディアの添付可能個数のカウントを反転しました + - これまでの表示は`添付可能残り個数/上限数`でしたが、`添付個数/上限数`としました +- Fix: フォローされたときのメッセージがちらつくことがある問題を修正 +- Fix: 投稿ダイアログがサイズ限界を超えた際にスクロールできない問題を修正 + +### Server +- Fix: 特定のケースでActivityPubの処理がデッドロックになることがあるのを修正 +- Fix: S3互換オブジェクトストレージでファイルのアップロードに失敗することがある問題を修正 + (Cherry-picked from https://github.com/MisskeyIO/misskey/pull/895) + + ## 2025.2.1 ### General diff --git a/cypress/e2e/basic.cy.ts b/cypress/e2e/basic.cy.ts index d2efbf709..6471f9650 100644 --- a/cypress/e2e/basic.cy.ts +++ b/cypress/e2e/basic.cy.ts @@ -233,7 +233,7 @@ describe('After user setup', () => { cy.get('[data-cy-post-form-text]').type('Hello, Misskey!'); cy.get('[data-cy-open-post-form-submit]').click(); - cy.contains('Hello, Misskey!'); + cy.contains('Hello, Misskey!', { timeout: 15000 }); }); it('open note form with hotkey', () => { diff --git a/locales/ca-ES.yml b/locales/ca-ES.yml index a42ebb0a5..8b52450e9 100644 --- a/locales/ca-ES.yml +++ b/locales/ca-ES.yml @@ -260,7 +260,7 @@ noCustomEmojis: "No hi ha emojis personalitzats" noJobs: "No hi ha feines" federating: "Federant" blocked: "Bloquejat" -suspended: "Suspés" +suspended: "Anul·lar subscripció " all: "tot" subscribing: "Subscrit a" publishing: "S'està publicant" @@ -1311,6 +1311,8 @@ federationSpecified: "Aquest servidor treballa amb una federació de llistes bla federationDisabled: "La unió es troba deshabilitada en aquest servidor. No es pot interactuar amb usuaris d'altres servidors." confirmOnReact: "Confirmar en reaccionar" reactAreYouSure: "Vols reaccionar amb \"{emoji}\"?" +markAsSensitiveConfirm: "Vols marcar aquest contingut com a sensible?" +unmarkAsSensitiveConfirm: "Vols deixar de marcar com a sensible aquest contingut?" _accountSettings: requireSigninToViewContents: "És obligatori l'inici de sessió per poder veure el contingut" requireSigninToViewContentsDescription1: "Es requereix l'inici de sessió per poder veure totes les notes i el contingut que has creat. Amb això esperem evitar que els rastrejadors recopilin informació." @@ -1332,7 +1334,7 @@ _abuseUserReport: resolveTutorial: "Si l'informe és legítim selecciona \"Acceptar\" per resoldre'l positivament. Però si l'informe no és legítim selecciona \"Rebutjar\" per resoldre'l negativament." _delivery: status: "Estat d'entrega " - stop: "Suspés" + stop: "Anul·lar subscripció " resume: "Torna a enviar" _type: none: "S'està publicant" @@ -2594,6 +2596,7 @@ _moderationLogTypes: deletePage: "Esborrar la pàgina" deleteFlash: "Esborrar el guió" deleteGalleryPost: "Esborrar la publicació de la galeria" + updateProxyAccountDescription: "Actualitzar descripció del compte proxy" _fileViewer: title: "Detall del fitxer" type: "Tipus de fitxer" diff --git a/locales/cs-CZ.yml b/locales/cs-CZ.yml index fea8902ab..c0f692229 100644 --- a/locales/cs-CZ.yml +++ b/locales/cs-CZ.yml @@ -5,6 +5,7 @@ introMisskey: "Vítejte! Misskey je otevřený a decentralizovaný microblogový poweredByMisskeyDescription: "{name} je jeden ze serverů využívající open source platformu Misskey (nazývaná \"Misskey instance\")." monthAndDay: "{day}. {month}." search: "Vyhledávání" +reset: "Obnovit" notifications: "Oznámení" username: "Uživatelské jméno" password: "Heslo" @@ -365,8 +366,11 @@ hcaptcha: "hCaptcha" enableHcaptcha: "Aktivovat hCaptchu" hcaptchaSiteKey: "Klíč stránky" hcaptchaSecretKey: "Tajný Klíč (Secret Key)" +mcaptcha: "mCaptcha" +enableMcaptcha: "Aktivovat mCaptchu" mcaptchaSiteKey: "Klíč stránky" mcaptchaSecretKey: "Tajný Klíč (Secret Key)" +mcaptchaInstanceUrl: "URL mCaptcha serveru" recaptcha: "reCAPTCHA" enableRecaptcha: "Zapnout ReCAPTCHu" recaptchaSiteKey: "Klíč stránky" diff --git a/locales/index.d.ts b/locales/index.d.ts index 74e3cdece..947b57779 100644 --- a/locales/index.d.ts +++ b/locales/index.d.ts @@ -5262,6 +5262,14 @@ export interface Locale extends ILocale { * " {emoji} " をリアクションしますか? */ "reactAreYouSure": ParameterizedString<"emoji">; + /** + * このメディアをセンシティブとして設定しますか? + */ + "markAsSensitiveConfirm": string; + /** + * このメディアのセンシティブ指定を解除しますか? + */ + "unmarkAsSensitiveConfirm": string; "_accountSettings": { /** * コンテンツの表示にログインを必須にする @@ -10058,6 +10066,10 @@ export interface Locale extends ILocale { * ギャラリーの投稿を削除 */ "deleteGalleryPost": string; + /** + * プロキシアカウントの説明を更新 + */ + "updateProxyAccountDescription": string; }; "_fileViewer": { /** diff --git a/locales/it-IT.yml b/locales/it-IT.yml index eaf9e81b0..c3a33139b 100644 --- a/locales/it-IT.yml +++ b/locales/it-IT.yml @@ -126,7 +126,7 @@ pinnedNote: "Nota in primo piano" pinned: "Fissa sul profilo" you: "Tu" clickToShow: "Contenuto occultato, cliccare solo se si intende vedere" -sensitive: "Allegato esplicito" +sensitive: "Esplicito" add: "Aggiungi" reaction: "Reazioni" reactions: "Reazioni" @@ -228,7 +228,7 @@ jobQueue: "Coda di lavoro" cpuAndMemory: "CPU e Memoria" network: "Rete" disk: "Disco" -instanceInfo: "Informazioni sull'istanza" +instanceInfo: "Informazioni sul server" statistics: "Statistiche" clearQueue: "Svuota coda" clearQueueConfirmTitle: "Vuoi davvero svuotare la coda?" @@ -445,7 +445,7 @@ exploreFediverse: "Esplora il Fediverso" popularTags: "Hashtag popolari" userList: "Liste" about: "Informazioni" -aboutMisskey: "Informazioni di Misskey" +aboutMisskey: "A proposito di Misskey" administrator: "Amministratore" token: "Token" 2fa: "Autenticazione a due fattori" @@ -893,7 +893,7 @@ searchResult: "Risultati della Ricerca" hashtags: "Hashtag" troubleshooting: "Risoluzione problemi" useBlurEffect: "Utilizza effetto sfocatura" -learnMore: "Più dettagli" +learnMore: "Per saperne di più" misskeyUpdated: "Misskey è stato aggiornato!" whatIsNew: "Informazioni sull'aggiornamento" translate: "Traduci" @@ -901,7 +901,7 @@ translatedFrom: "Traduzione da {x}" accountDeletionInProgress: "È in corso l'eliminazione del profilo" usernameInfo: "Un nome per identificare univocamente il tuo profilo sull'istanza. Puoi utilizzare caratteri alfanumerici maiuscoli, minuscoli e il trattino basso (_). Non potrai cambiare nome utente in seguito." aiChanMode: "Modalità Ai" -devMode: "Modalità sviluppatori" +devMode: "Modalità sviluppo" keepCw: "Mostra i contenuti espliciti" pubSub: "Publish/Subscribe del profilo" lastCommunication: "La comunicazione più recente" @@ -1049,7 +1049,7 @@ permissionDeniedError: "Errore, attività non autorizzata" permissionDeniedErrorDescription: "Non si dispone dell'autorizzazione per eseguire questa operazione." preset: "Preimpostato" selectFromPresets: "Seleziona preimpostato" -achievements: "Obiettivi raggiunti" +achievements: "Conquiste" gotInvalidResponseError: "Risposta del server non valida" gotInvalidResponseErrorDescription: "Il server potrebbe essere irraggiungibile o in manutenzione. Riprova più tardi." thisPostMayBeAnnoying: "Questa nota potrebbe essere offensiva" @@ -1311,6 +1311,8 @@ federationSpecified: "Questo server è federato solo con istanze specifiche del federationDisabled: "Questo server ha la federazione disabilitata. Non puoi interagire con profili provenienti da altri server." confirmOnReact: "Confermare le reazioni" reactAreYouSure: "Vuoi davvero reagire con {emoji} ?" +markAsSensitiveConfirm: "Vuoi davvero indicare questo contenuto multimediale come esplicito?" +unmarkAsSensitiveConfirm: "Vuoi davvero indicare come non esplicito il contenuto multimediale?" _accountSettings: requireSigninToViewContents: "Per vedere il contenuto, è necessaria l'iscrizione" requireSigninToViewContentsDescription1: "Richiedere l'iscrizione per visualizzare tutte le Note e gli altri contenuti che hai creato. Probabilmente l'effetto è impedire la raccolta di informazioni da parte dei bot crawler." @@ -1447,9 +1449,9 @@ _initialTutorial: description: "Queste sono solamente alcune delle funzionalità principali di Misskey. Per ulteriori informazioni, {link}." _timelineDescription: home: "Nella Timeline Home, la tua cronologia principale, puoi vedere le Note provenienti dai profili che segui (Following)." - local: "La Timeline Locale, è una cronologia di Note pubblicate da tutti i profili iscritti su questo server." - social: "La Timeline Sociale, unisce in ordine cronologico l'elenco di Note presenti nella Timeline Home e quella Locale." - global: "La Timeline Federata ti consente di vedere le Note pubblicate dai profili di tutti gli altri server federati a questo." + local: "La Timeline Locale è un flusso di Note pubblicate dai profili iscritti a questo server." + social: "La Timeline Sociale elenca, in ordine cronologico, il flusso di Note nella Timeline Home e Locale." + global: "Nella Timeline Federata trovi il flusso di Note provenienti da profili iscritti ad altri server, federati a questo." _serverRules: description: "In Europa è necessario mostrare l'informativa sul trattamento dei dati personali, prima della registrazione al servizio." _serverSettings: @@ -1474,7 +1476,7 @@ _accountMigration: moveFrom: "Migra un altro profilo dentro a questo" moveFromSub: "Crea un alias verso un altro profilo remoto" moveFromLabel: "Profilo da cui migrare #{n}" - moveFromDescription: "Se desideri spostare i Follower da un altro profilo a questo, devi prima creare un alias qui. Assicurati averlo creato PRIMA di eseguire l'attività! Inserisci l'indirizzo del profilo mittente in questo modo: @persona@istanza.it" + moveFromDescription: "Se desideri spostare i Follower da un altro profilo a questo, devi prima creare un alias qui. Assicurati averlo creato PRIMA di eseguire l'attività! Inserisci l'indirizzo del profilo mittente in questo modo: @persona@vecchia.istanza.it" moveTo: "Migrare questo profilo verso un un altro" moveToLabel: "Profilo verso cui migrare" moveCannotBeUndone: "La migrazione è irreversibile, non può essere interrotta o annullata." @@ -1550,13 +1552,13 @@ _achievements: title: "Principiante III" description: "Hai totalizzato 15 accessi!" _login30: - title: "Misskist I" + title: "Missalcolista I" description: "Hai totalizzato 30 accessi!" _login60: - title: "Misskeist II" + title: "Missalcolista II" description: "Hai totalizzato 60 accessi!" _login100: - title: "Misskeist III" + title: "Missalcolista III" description: "Hai totalizzato 100 accessi!" flavor: "Violent Misskeist" _login200: @@ -1642,10 +1644,10 @@ _achievements: description: "Hai superato i 1.000 profili Follower" _collectAchievements30: title: "Collezionista di successi" - description: "Hai raggiunto 30 obiettivi" + description: "Hai raggiunto 30 conquiste" _viewAchievements3min: title: "Mi piacciono i risultati" - description: "Guarda la tua collezione di obiettivi per almeno 3 minuti" + description: "Ammira la tua collezione di conquiste per almeno 3 minuti" _iLoveMisskey: title: "I LOVE Misskey" description: "Pubblica «I ♥ #Misskey»" @@ -1910,7 +1912,7 @@ _registry: domain: "Dominio" createKey: "Crea chiave" _aboutMisskey: - about: "Misskey è un software libero e open source, sviluppato da syuilo dal 2014." + about: "Misskey è software libero, open source, sviluppato da Syuilo fin dal lontano 2014." contributors: "Principali sostenitori" allContributors: "Tutti i sostenitori" source: "Codice sorgente" @@ -2237,7 +2239,7 @@ _widgets: userList: "Elenco utenti" _userList: chooseList: "Seleziona una lista" - clicker: "Cliccaggio" + clicker: "Cliccheria" birthdayFollowings: "Compleanni del giorno" _cw: hide: "Nascondere" @@ -2300,7 +2302,7 @@ _profile: metadataContent: "Contenuto" changeAvatar: "Modifica immagine profilo" changeBanner: "Cambia intestazione" - verifiedLinkDescription: "Puoi verificare il tuo profilo mostrando una icona. Devi inserire la URL alla pagina che contiene un link al tuo profilo." + verifiedLinkDescription: "Puoi verificare il tuo profilo mostrando una icona. Devi inserire la URL alla pagina che contiene un link al tuo profilo.\nPer verificare il profilo tramite la spunta di conferma, devi inserire la url alla pagina che contiene un link al tuo profilo Misskey. Deve avere attributo rel='me'." avatarDecorationMax: "Puoi aggiungere fino a {max} decorazioni." followedMessage: "Messaggio, quando qualcuno ti segue" followedMessageDescription: "Puoi impostare un breve messaggio da mostrare agli altri profili quando ti seguono." @@ -2594,6 +2596,7 @@ _moderationLogTypes: deletePage: "Pagina eliminata" deleteFlash: "Play eliminato" deleteGalleryPost: "Eliminazione pubblicazione nella Galleria" + updateProxyAccountDescription: "Aggiornata la descrizione del profilo proxy" _fileViewer: title: "Dettagli del file" type: "Tipo di file" @@ -2811,8 +2814,8 @@ _selfXssPrevention: description2: "Se non sai esattamente cosa stai facendo, %c smetti subito e chiudi questa finestra." description3: "Per favore, controlla questo collegamento per avere maggiori dettagli. {link}" _followRequest: - recieved: "Ricezione richiesta di Follow" - sent: "Richiesta di Follow, inviata" + recieved: "Richieste in ingresso" + sent: "Richieste in uscita" _remoteLookupErrors: _federationNotAllowed: title: "Server irraggiungibile" @@ -2857,4 +2860,8 @@ _bootErrors: _search: searchScopeAll: "Tutte" searchScopeLocal: "Locale" + searchScopeServer: "Specifiche del server" searchScopeUser: "Profilo specifico" + pleaseEnterServerHost: "Inserire il nome host" + pleaseSelectUser: "Per favore, seleziona un profilo" + serverHostPlaceholder: "Es: misskey.example.com" diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index 270b5fc26..fbe4d9889 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -1311,6 +1311,8 @@ federationSpecified: "このサーバーはホワイトリスト連合で運用 federationDisabled: "このサーバーは連合が無効化されています。他のサーバーのユーザーとやり取りすることはできません。" confirmOnReact: "リアクションする際に確認する" reactAreYouSure: "\" {emoji} \" をリアクションしますか?" +markAsSensitiveConfirm: "このメディアをセンシティブとして設定しますか?" +unmarkAsSensitiveConfirm: "このメディアのセンシティブ指定を解除しますか?" _accountSettings: requireSigninToViewContents: "コンテンツの表示にログインを必須にする" @@ -2664,6 +2666,7 @@ _moderationLogTypes: deletePage: "ページを削除" deleteFlash: "Playを削除" deleteGalleryPost: "ギャラリーの投稿を削除" + updateProxyAccountDescription: "プロキシアカウントの説明を更新" _fileViewer: title: "ファイルの詳細" diff --git a/locales/zh-CN.yml b/locales/zh-CN.yml index 1599db585..f0df9deee 100644 --- a/locales/zh-CN.yml +++ b/locales/zh-CN.yml @@ -1311,6 +1311,8 @@ federationSpecified: "此服务器已开启联合白名单。只能与管理员 federationDisabled: "此服务器已禁用联合。无法与其它服务器上的用户通信。" confirmOnReact: "发送回应前需要确认" reactAreYouSure: "要用「{emoji}」进行回应吗?" +markAsSensitiveConfirm: "要将此媒体标记为敏感吗?" +unmarkAsSensitiveConfirm: "要将此媒体解除敏感标记吗?" _accountSettings: requireSigninToViewContents: "需要登录才能显示内容" requireSigninToViewContentsDescription1: "您发布的所有帖子将变成需要登入后才会显示。有望防止爬虫收集各种信息。" @@ -2594,6 +2596,7 @@ _moderationLogTypes: deletePage: "删除了页面" deleteFlash: "删除了 Play" deleteGalleryPost: "删除了图库稿件" + updateProxyAccountDescription: "更新代理账户的说明" _fileViewer: title: "文件信息" type: "文件类型" @@ -2857,4 +2860,8 @@ _bootErrors: _search: searchScopeAll: "全部" searchScopeLocal: "本地" - searchScopeUser: "用户指定" + searchScopeServer: "指定服务器" + searchScopeUser: "指定用户" + pleaseEnterServerHost: "请填写服务器主机名" + pleaseSelectUser: "请选择用户" + serverHostPlaceholder: "如:misskey.example.com" diff --git a/locales/zh-TW.yml b/locales/zh-TW.yml index 10079f2be..7c7e29054 100644 --- a/locales/zh-TW.yml +++ b/locales/zh-TW.yml @@ -1311,6 +1311,8 @@ federationSpecified: "此伺服器以白名單聯邦的方式運作。除了管 federationDisabled: "此伺服器未開啟站台聯邦。無法與其他伺服器上的使用者互動。" confirmOnReact: "反應時確認" reactAreYouSure: "用「 {emoji} 」反應嗎?" +markAsSensitiveConfirm: "要將這個媒體設定為敏感嗎?" +unmarkAsSensitiveConfirm: "要解除這個媒體的敏感設定嗎?" _accountSettings: requireSigninToViewContents: "須登入以顯示內容" requireSigninToViewContentsDescription1: "必須登入才會顯示您建立的貼文等內容。可望有效防止資訊被爬蟲蒐集。" @@ -2594,6 +2596,7 @@ _moderationLogTypes: deletePage: "刪除頁面" deleteFlash: "刪除 Play" deleteGalleryPost: "刪除相簿的貼文" + updateProxyAccountDescription: "更新代理帳戶的說明" _fileViewer: title: "檔案詳細資訊" type: "檔案類型 " @@ -2857,4 +2860,8 @@ _bootErrors: _search: searchScopeAll: "全部" searchScopeLocal: "本地" + searchScopeServer: "指定伺服器" searchScopeUser: "指定使用者" + pleaseEnterServerHost: "請輸入伺服器的主機名稱" + pleaseSelectUser: "請選擇使用者" + serverHostPlaceholder: "例:misskey.example.com" diff --git a/package.json b/package.json index 201b30ec3..a3a5924af 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "misskey", - "version": "2025.2.1", + "version": "2025.3.0", "codename": "nasubi", "repository": { "type": "git", @@ -25,7 +25,7 @@ "build-storybook": "pnpm --filter frontend build-storybook", "build-misskey-js-with-types": "pnpm build-pre && pnpm --filter backend... --filter=!misskey-js build && pnpm --filter backend generate-api-json --no-build && ncp packages/backend/built/api.json packages/misskey-js/generator/api.json && pnpm --filter misskey-js update-autogen-code && pnpm --filter misskey-js build && pnpm --filter misskey-js api", "start": "pnpm check:connect && cd packages/backend && node ./built/boot/entry.js", - "start:test": "cd packages/backend && cross-env NODE_ENV=test node ./built/boot/entry.js", + "start:test": "ncp ./.github/misskey/test.yml ./.config/test.yml && cd packages/backend && cross-env NODE_ENV=test node ./built/boot/entry.js", "init": "pnpm migrate", "migrate": "cd packages/backend && pnpm migrate", "revert": "cd packages/backend && pnpm revert", @@ -37,7 +37,7 @@ "cy:open": "pnpm cypress open --browser --e2e --config-file=cypress.config.ts", "cy:run": "pnpm cypress run", "e2e": "pnpm start-server-and-test start:test http://localhost:61812 cy:run", - "e2e-dev-container": "cp ./.config/cypress-devcontainer.yml ./.config/test.yml && pnpm start-server-and-test start:test http://localhost:61812 cy:run", + "e2e-dev-container": "ncp ./.config/cypress-devcontainer.yml ./.config/test.yml && pnpm start-server-and-test start:test http://localhost:61812 cy:run", "jest": "cd packages/backend && pnpm jest", "jest-and-coverage": "cd packages/backend && pnpm jest-and-coverage", "test": "pnpm -r test", diff --git a/packages/backend/migration/1740121393164-system-accounts.js b/packages/backend/migration/1740121393164-system-accounts.js new file mode 100644 index 000000000..9490cb2b6 --- /dev/null +++ b/packages/backend/migration/1740121393164-system-accounts.js @@ -0,0 +1,37 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class SystemAccounts1740121393164 { + name = 'SystemAccounts1740121393164' + + async up(queryRunner) { + await queryRunner.query(`CREATE TABLE "system_account" ("id" character varying(32) NOT NULL, "userId" character varying(32) NOT NULL, "type" character varying(256) NOT NULL, CONSTRAINT "PK_edb56f4aaf9ddd50ee556da97ba" PRIMARY KEY ("id"))`); + await queryRunner.query(`CREATE INDEX "IDX_41a3c87a37aea616ee459369e1" ON "system_account" ("userId") `); + await queryRunner.query(`CREATE UNIQUE INDEX "IDX_c362033aee0ea51011386a5a7e" ON "system_account" ("type") `); + await queryRunner.query(`ALTER TABLE "system_account" ADD CONSTRAINT "FK_41a3c87a37aea616ee459369e12" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`); + + const instanceActor = await queryRunner.query(`SELECT "id" FROM "user" WHERE "username" = 'instance.actor'`); + if (instanceActor.length > 0) { + await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${instanceActor[0].id}', '${instanceActor[0].id}', 'actor')`); + } + + const relayActor = await queryRunner.query(`SELECT "id" FROM "user" WHERE "username" = 'relay.actor'`); + if (relayActor.length > 0) { + await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${relayActor[0].id}', '${relayActor[0].id}', 'relay')`); + } + + const meta = await queryRunner.query(`SELECT "proxyAccountId" FROM "meta" ORDER BY "id" DESC LIMIT 1`); + if (!meta && meta.length >= 1 && meta[0].proxyAccountId) { + await queryRunner.query(`INSERT INTO "system_account" ("id", "userId", "type") VALUES ('${meta[0].proxyAccountId}', '${meta[0].proxyAccountId}', 'proxy')`); + } + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "system_account" DROP CONSTRAINT "FK_41a3c87a37aea616ee459369e12"`); + await queryRunner.query(`DROP INDEX "public"."IDX_c362033aee0ea51011386a5a7e"`); + await queryRunner.query(`DROP INDEX "public"."IDX_41a3c87a37aea616ee459369e1"`); + await queryRunner.query(`DROP TABLE "system_account"`); + } +} diff --git a/packages/backend/migration/1740129169650-system-accounts-2.js b/packages/backend/migration/1740129169650-system-accounts-2.js new file mode 100644 index 000000000..c03f0337a --- /dev/null +++ b/packages/backend/migration/1740129169650-system-accounts-2.js @@ -0,0 +1,22 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class SystemAccounts21740129169650 { + name = 'SystemAccounts21740129169650' + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" DROP CONSTRAINT "FK_ab1bc0c1e209daa77b8e8d212ad"`); + await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "proxyAccountId"`); + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" ADD "proxyAccountId" character varying(32)`); + const proxyAccountId = await queryRunner.query(`SELECT "userId" FROM "system_account" WHERE "type" = 'proxy' ORDER BY "id" DESC LIMIT 1`); + if (proxyAccountId && proxyAccountId.length >= 1) { + await queryRunner.query(`UPDATE "meta" SET "proxyAccountId" = '${proxyAccountId[0].userId}'`); + } + await queryRunner.query(`ALTER TABLE "meta" ADD CONSTRAINT "FK_ab1bc0c1e209daa77b8e8d212ad" FOREIGN KEY ("proxyAccountId") REFERENCES "user"("id") ON DELETE SET NULL ON UPDATE NO ACTION`); + } +} diff --git a/packages/backend/migration/1740133121105-system-accounts-3.js b/packages/backend/migration/1740133121105-system-accounts-3.js new file mode 100644 index 000000000..a1f8c996f --- /dev/null +++ b/packages/backend/migration/1740133121105-system-accounts-3.js @@ -0,0 +1,23 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class SystemAccounts31740133121105 { + name = 'SystemAccounts31740133121105' + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" ADD "rootUserId" character varying(32)`); + await queryRunner.query(`ALTER TABLE "meta" ADD CONSTRAINT "FK_c80e4079d632f95eac06a9d28cc" FOREIGN KEY ("rootUserId") REFERENCES "user"("id") ON DELETE SET NULL ON UPDATE NO ACTION`); + + const users = await queryRunner.query(`SELECT "id" FROM "user" WHERE "isRoot" = true LIMIT 1`); + if (users.length > 0) { + await queryRunner.query(`UPDATE "meta" SET "rootUserId" = $1`, [users[0].id]); + } + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" DROP CONSTRAINT "FK_c80e4079d632f95eac06a9d28cc"`); + await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "rootUserId"`); + } +} diff --git a/packages/backend/migration/1740993126937-system-accounts-4.js b/packages/backend/migration/1740993126937-system-accounts-4.js new file mode 100644 index 000000000..83654aca8 --- /dev/null +++ b/packages/backend/migration/1740993126937-system-accounts-4.js @@ -0,0 +1,17 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class SystemAccounts41740993126937 { + name = 'SystemAccounts41740993126937' + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "isRoot"`); + } + + async down(queryRunner) { + // down 実行時は isRoot = true のユーザーが存在しなくなるため手動で対応する必要あり + await queryRunner.query(`ALTER TABLE "user" ADD "isRoot" boolean NOT NULL DEFAULT false`); + } +} diff --git a/packages/backend/src/GlobalModule.ts b/packages/backend/src/GlobalModule.ts index ace7f7841..5544eeedd 100644 --- a/packages/backend/src/GlobalModule.ts +++ b/packages/backend/src/GlobalModule.ts @@ -133,7 +133,7 @@ const $meta: Provider = { for (const key in body.after) { (meta as any)[key] = (body.after as any)[key]; } - meta.proxyAccount = null; // joinなカラムは通常取ってこないので + meta.rootUser = null; // joinなカラムは通常取ってこないので break; } default: diff --git a/packages/backend/src/core/AbuseReportService.ts b/packages/backend/src/core/AbuseReportService.ts index 0b022d3b0..846d2c8eb 100644 --- a/packages/backend/src/core/AbuseReportService.ts +++ b/packages/backend/src/core/AbuseReportService.ts @@ -10,9 +10,9 @@ import { bindThis } from '@/decorators.js'; import type { AbuseUserReportsRepository, MiAbuseUserReport, MiUser, UsersRepository } from '@/models/_.js'; import { AbuseReportNotificationService } from '@/core/AbuseReportNotificationService.js'; import { QueueService } from '@/core/QueueService.js'; -import { InstanceActorService } from '@/core/InstanceActorService.js'; import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; import { ModerationLogService } from '@/core/ModerationLogService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; import { IdService } from './IdService.js'; @Injectable() @@ -27,7 +27,7 @@ export class AbuseReportService { private idService: IdService, private abuseReportNotificationService: AbuseReportNotificationService, private queueService: QueueService, - private instanceActorService: InstanceActorService, + private systemAccountService: SystemAccountService, private apRendererService: ApRendererService, private moderationLogService: ModerationLogService, ) { @@ -136,7 +136,7 @@ export class AbuseReportService { forwarded: true, }); - const actor = await this.instanceActorService.getInstanceActor(); + const actor = await this.systemAccountService.fetch('actor'); const targetUser = await this.usersRepository.findOneByOrFail({ id: report.targetUserId }); const flag = this.apRendererService.renderFlag(actor, targetUser.uri!, report.comment); diff --git a/packages/backend/src/core/AccountMoveService.ts b/packages/backend/src/core/AccountMoveService.ts index 24d11f29f..0fbb9bcd8 100644 --- a/packages/backend/src/core/AccountMoveService.ts +++ b/packages/backend/src/core/AccountMoveService.ts @@ -20,10 +20,10 @@ import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js'; import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js'; import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { ProxyAccountService } from '@/core/ProxyAccountService.js'; import { FederatedInstanceService } from '@/core/FederatedInstanceService.js'; import InstanceChart from '@/core/chart/charts/instance.js'; import PerUserFollowingChart from '@/core/chart/charts/per-user-following.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; @Injectable() export class AccountMoveService { @@ -55,12 +55,12 @@ export class AccountMoveService { private apRendererService: ApRendererService, private apDeliverManagerService: ApDeliverManagerService, private globalEventService: GlobalEventService, - private proxyAccountService: ProxyAccountService, private perUserFollowingChart: PerUserFollowingChart, private federatedInstanceService: FederatedInstanceService, private instanceChart: InstanceChart, private relayService: RelayService, private queueService: QueueService, + private systemAccountService: SystemAccountService, ) { } @@ -126,11 +126,11 @@ export class AccountMoveService { } // follow the new account - const proxy = await this.proxyAccountService.fetch(); + const proxy = await this.systemAccountService.fetch('proxy'); const followings = await this.followingsRepository.findBy({ followeeId: src.id, followerHost: IsNull(), // follower is local - followerId: proxy ? Not(proxy.id) : undefined, + followerId: Not(proxy.id), }); const followJobs = followings.map(following => ({ from: { id: following.followerId }, @@ -250,10 +250,8 @@ export class AccountMoveService { // Have the proxy account follow the new account in the same way as UserListService.push if (this.userEntityService.isRemoteUser(dst)) { - const proxy = await this.proxyAccountService.fetch(); - if (proxy) { - this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: dst.id } }]); - } + const proxy = await this.systemAccountService.fetch('proxy'); + this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: dst.id } }]); } } diff --git a/packages/backend/src/core/CoreModule.ts b/packages/backend/src/core/CoreModule.ts index 734d13564..dc85a23e5 100644 --- a/packages/backend/src/core/CoreModule.ts +++ b/packages/backend/src/core/CoreModule.ts @@ -24,7 +24,6 @@ import { AppLockService } from './AppLockService.js'; import { AchievementService } from './AchievementService.js'; import { AvatarDecorationService } from './AvatarDecorationService.js'; import { CaptchaService } from './CaptchaService.js'; -import { CreateSystemUserService } from './CreateSystemUserService.js'; import { CustomEmojiService } from './CustomEmojiService.js'; import { DeleteAccountService } from './DeleteAccountService.js'; import { DownloadService } from './DownloadService.js'; @@ -37,7 +36,7 @@ import { HashtagService } from './HashtagService.js'; import { HttpRequestService } from './HttpRequestService.js'; import { IdService } from './IdService.js'; import { ImageProcessingService } from './ImageProcessingService.js'; -import { InstanceActorService } from './InstanceActorService.js'; +import { SystemAccountService } from './SystemAccountService.js'; import { InternalStorageService } from './InternalStorageService.js'; import { MetaService } from './MetaService.js'; import { MfmService } from './MfmService.js'; @@ -69,7 +68,6 @@ import { UserSuspendService } from './UserSuspendService.js'; import { UserAuthService } from './UserAuthService.js'; import { VideoProcessingService } from './VideoProcessingService.js'; import { UserWebhookService } from './UserWebhookService.js'; -import { ProxyAccountService } from './ProxyAccountService.js'; import { UtilityService } from './UtilityService.js'; import { FileInfoService } from './FileInfoService.js'; import { SearchService } from './SearchService.js'; @@ -167,7 +165,6 @@ const $AppLockService: Provider = { provide: 'AppLockService', useExisting: AppL const $AchievementService: Provider = { provide: 'AchievementService', useExisting: AchievementService }; const $AvatarDecorationService: Provider = { provide: 'AvatarDecorationService', useExisting: AvatarDecorationService }; const $CaptchaService: Provider = { provide: 'CaptchaService', useExisting: CaptchaService }; -const $CreateSystemUserService: Provider = { provide: 'CreateSystemUserService', useExisting: CreateSystemUserService }; const $CustomEmojiService: Provider = { provide: 'CustomEmojiService', useExisting: CustomEmojiService }; const $DeleteAccountService: Provider = { provide: 'DeleteAccountService', useExisting: DeleteAccountService }; const $DownloadService: Provider = { provide: 'DownloadService', useExisting: DownloadService }; @@ -180,7 +177,6 @@ const $HashtagService: Provider = { provide: 'HashtagService', useExisting: Hash const $HttpRequestService: Provider = { provide: 'HttpRequestService', useExisting: HttpRequestService }; const $IdService: Provider = { provide: 'IdService', useExisting: IdService }; const $ImageProcessingService: Provider = { provide: 'ImageProcessingService', useExisting: ImageProcessingService }; -const $InstanceActorService: Provider = { provide: 'InstanceActorService', useExisting: InstanceActorService }; const $InternalStorageService: Provider = { provide: 'InternalStorageService', useExisting: InternalStorageService }; const $MetaService: Provider = { provide: 'MetaService', useExisting: MetaService }; const $MfmService: Provider = { provide: 'MfmService', useExisting: MfmService }; @@ -191,7 +187,7 @@ const $NotePiningService: Provider = { provide: 'NotePiningService', useExisting const $NoteReadService: Provider = { provide: 'NoteReadService', useExisting: NoteReadService }; const $NotificationService: Provider = { provide: 'NotificationService', useExisting: NotificationService }; const $PollService: Provider = { provide: 'PollService', useExisting: PollService }; -const $ProxyAccountService: Provider = { provide: 'ProxyAccountService', useExisting: ProxyAccountService }; +const $SystemAccountService: Provider = { provide: 'SystemAccountService', useExisting: SystemAccountService }; const $PushNotificationService: Provider = { provide: 'PushNotificationService', useExisting: PushNotificationService }; const $QueryService: Provider = { provide: 'QueryService', useExisting: QueryService }; const $ReactionService: Provider = { provide: 'ReactionService', useExisting: ReactionService }; @@ -318,7 +314,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting AchievementService, AvatarDecorationService, CaptchaService, - CreateSystemUserService, CustomEmojiService, DeleteAccountService, DownloadService, @@ -331,7 +326,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting HttpRequestService, IdService, ImageProcessingService, - InstanceActorService, InternalStorageService, MetaService, MfmService, @@ -342,7 +336,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting NoteReadService, NotificationService, PollService, - ProxyAccountService, + SystemAccountService, PushNotificationService, QueryService, ReactionService, @@ -465,7 +459,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $AchievementService, $AvatarDecorationService, $CaptchaService, - $CreateSystemUserService, $CustomEmojiService, $DeleteAccountService, $DownloadService, @@ -478,7 +471,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $HttpRequestService, $IdService, $ImageProcessingService, - $InstanceActorService, $InternalStorageService, $MetaService, $MfmService, @@ -489,7 +481,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $NoteReadService, $NotificationService, $PollService, - $ProxyAccountService, + $SystemAccountService, $PushNotificationService, $QueryService, $ReactionService, @@ -613,7 +605,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting AchievementService, AvatarDecorationService, CaptchaService, - CreateSystemUserService, CustomEmojiService, DeleteAccountService, DownloadService, @@ -626,7 +617,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting HttpRequestService, IdService, ImageProcessingService, - InstanceActorService, InternalStorageService, MetaService, MfmService, @@ -637,7 +627,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting NoteReadService, NotificationService, PollService, - ProxyAccountService, + SystemAccountService, PushNotificationService, QueryService, ReactionService, @@ -759,7 +749,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $AchievementService, $AvatarDecorationService, $CaptchaService, - $CreateSystemUserService, $CustomEmojiService, $DeleteAccountService, $DownloadService, @@ -772,7 +761,6 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $HttpRequestService, $IdService, $ImageProcessingService, - $InstanceActorService, $InternalStorageService, $MetaService, $MfmService, @@ -783,7 +771,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting $NoteReadService, $NotificationService, $PollService, - $ProxyAccountService, + $SystemAccountService, $PushNotificationService, $QueryService, $ReactionService, diff --git a/packages/backend/src/core/CreateSystemUserService.ts b/packages/backend/src/core/CreateSystemUserService.ts deleted file mode 100644 index 6c5b0f6a3..000000000 --- a/packages/backend/src/core/CreateSystemUserService.ts +++ /dev/null @@ -1,86 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and misskey-project - * SPDX-License-Identifier: AGPL-3.0-only - */ - -import { randomUUID } from 'node:crypto'; -import { Inject, Injectable } from '@nestjs/common'; -import bcrypt from 'bcryptjs'; -import { IsNull, DataSource } from 'typeorm'; -import { genRsaKeyPair } from '@/misc/gen-key-pair.js'; -import { MiUser } from '@/models/User.js'; -import { MiUserProfile } from '@/models/UserProfile.js'; -import { IdService } from '@/core/IdService.js'; -import { MiUserKeypair } from '@/models/UserKeypair.js'; -import { MiUsedUsername } from '@/models/UsedUsername.js'; -import { DI } from '@/di-symbols.js'; -import generateNativeUserToken from '@/misc/generate-native-user-token.js'; -import { bindThis } from '@/decorators.js'; - -@Injectable() -export class CreateSystemUserService { - constructor( - @Inject(DI.db) - private db: DataSource, - - private idService: IdService, - ) { - } - - @bindThis - public async createSystemUser(username: string): Promise { - const password = randomUUID(); - - // Generate hash of password - const salt = await bcrypt.genSalt(8); - const hash = await bcrypt.hash(password, salt); - - // Generate secret - const secret = generateNativeUserToken(); - - const keyPair = await genRsaKeyPair(); - - let account!: MiUser; - - // Start transaction - await this.db.transaction(async transactionalEntityManager => { - const exist = await transactionalEntityManager.findOneBy(MiUser, { - usernameLower: username.toLowerCase(), - host: IsNull(), - }); - - if (exist) throw new Error('the user is already exists'); - - account = await transactionalEntityManager.insert(MiUser, { - id: this.idService.gen(), - username: username, - usernameLower: username.toLowerCase(), - host: null, - token: secret, - isRoot: false, - isLocked: true, - isExplorable: false, - isBot: true, - }).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0])); - - await transactionalEntityManager.insert(MiUserKeypair, { - publicKey: keyPair.publicKey, - privateKey: keyPair.privateKey, - userId: account.id, - }); - - await transactionalEntityManager.insert(MiUserProfile, { - userId: account.id, - autoAcceptFollowed: false, - password: hash, - }); - - await transactionalEntityManager.insert(MiUsedUsername, { - createdAt: new Date(), - username: username.toLowerCase(), - }); - }); - - return account; - } -} diff --git a/packages/backend/src/core/DeleteAccountService.ts b/packages/backend/src/core/DeleteAccountService.ts index 7f1b8f3ef..483f14ce7 100644 --- a/packages/backend/src/core/DeleteAccountService.ts +++ b/packages/backend/src/core/DeleteAccountService.ts @@ -5,7 +5,7 @@ import { Inject, Injectable } from '@nestjs/common'; import { Not, IsNull } from 'typeorm'; -import type { FollowingsRepository, MiUser, UsersRepository } from '@/models/_.js'; +import type { FollowingsRepository, MiMeta, MiUser, UsersRepository } from '@/models/_.js'; import { QueueService } from '@/core/QueueService.js'; import { DI } from '@/di-symbols.js'; import { bindThis } from '@/decorators.js'; @@ -13,10 +13,14 @@ import { GlobalEventService } from '@/core/GlobalEventService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; import { ModerationLogService } from '@/core/ModerationLogService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; @Injectable() export class DeleteAccountService { constructor( + @Inject(DI.meta) + private meta: MiMeta, + @Inject(DI.usersRepository) private usersRepository: UsersRepository, @@ -28,6 +32,7 @@ export class DeleteAccountService { private queueService: QueueService, private globalEventService: GlobalEventService, private moderationLogService: ModerationLogService, + private systemAccountService: SystemAccountService, ) { } @@ -36,8 +41,13 @@ export class DeleteAccountService { id: string; host: string | null; }, moderator?: MiUser): Promise { + if (this.meta.rootUserId === user.id) throw new Error('cannot delete a root account'); + const _user = await this.usersRepository.findOneByOrFail({ id: user.id }); - if (_user.isRoot) throw new Error('cannot delete a root account'); + + if (user.host === null && _user.username.includes('.')) { + throw new Error('cannot delete a system account'); + } if (moderator != null) { this.moderationLogService.log(moderator, 'deleteAccount', { diff --git a/packages/backend/src/core/InstanceActorService.ts b/packages/backend/src/core/InstanceActorService.ts deleted file mode 100644 index 22c47297a..000000000 --- a/packages/backend/src/core/InstanceActorService.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and misskey-project - * SPDX-License-Identifier: AGPL-3.0-only - */ - -import { Inject, Injectable } from '@nestjs/common'; -import { IsNull, Not } from 'typeorm'; -import type { MiLocalUser } from '@/models/User.js'; -import type { UsersRepository } from '@/models/_.js'; -import { MemorySingleCache } from '@/misc/cache.js'; -import { DI } from '@/di-symbols.js'; -import { CreateSystemUserService } from '@/core/CreateSystemUserService.js'; -import { bindThis } from '@/decorators.js'; - -const ACTOR_USERNAME = 'instance.actor' as const; - -@Injectable() -export class InstanceActorService { - private cache: MemorySingleCache; - - constructor( - @Inject(DI.usersRepository) - private usersRepository: UsersRepository, - - private createSystemUserService: CreateSystemUserService, - ) { - this.cache = new MemorySingleCache(Infinity); - } - - @bindThis - public async realLocalUsersPresent(): Promise { - return await this.usersRepository.existsBy({ - host: IsNull(), - username: Not(ACTOR_USERNAME), - }); - } - - @bindThis - public async getInstanceActor(): Promise { - const cached = this.cache.get(); - if (cached) return cached; - - const user = await this.usersRepository.findOneBy({ - host: IsNull(), - username: ACTOR_USERNAME, - }) as MiLocalUser | undefined; - - if (user) { - this.cache.set(user); - return user; - } else { - const created = await this.createSystemUserService.createSystemUser(ACTOR_USERNAME) as MiLocalUser; - this.cache.set(created); - return created; - } - } -} diff --git a/packages/backend/src/core/MetaService.ts b/packages/backend/src/core/MetaService.ts index 3d88d0aef..40e7439f5 100644 --- a/packages/backend/src/core/MetaService.ts +++ b/packages/backend/src/core/MetaService.ts @@ -53,7 +53,7 @@ export class MetaService implements OnApplicationShutdown { case 'metaUpdated': { this.cache = { // TODO: このあたりのデシリアライズ処理は各modelファイル内に関数としてexportしたい ...(body.after), - proxyAccount: null, // joinなカラムは通常取ってこないので + rootUser: null, // joinなカラムは通常取ってこないので }; break; } @@ -113,17 +113,20 @@ export class MetaService implements OnApplicationShutdown { if (before) { await transactionalEntityManager.update(MiMeta, before.id, data); - - const metas = await transactionalEntityManager.find(MiMeta, { - order: { - id: 'DESC', - }, - }); - - return metas[0]; } else { - return await transactionalEntityManager.save(MiMeta, data); + await transactionalEntityManager.save(MiMeta, { + ...data, + id: 'x', + }); } + + const afters = await transactionalEntityManager.find(MiMeta, { + order: { + id: 'DESC', + }, + }); + + return afters[0]; }); if (data.hiddenTags) { diff --git a/packages/backend/src/core/ProxyAccountService.ts b/packages/backend/src/core/ProxyAccountService.ts deleted file mode 100644 index c3ff2a68d..000000000 --- a/packages/backend/src/core/ProxyAccountService.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and misskey-project - * SPDX-License-Identifier: AGPL-3.0-only - */ - -import { Inject, Injectable } from '@nestjs/common'; -import type { MiMeta, UsersRepository } from '@/models/_.js'; -import type { MiLocalUser } from '@/models/User.js'; -import { DI } from '@/di-symbols.js'; -import { bindThis } from '@/decorators.js'; - -@Injectable() -export class ProxyAccountService { - constructor( - @Inject(DI.meta) - private meta: MiMeta, - - @Inject(DI.usersRepository) - private usersRepository: UsersRepository, - ) { - } - - @bindThis - public async fetch(): Promise { - if (this.meta.proxyAccountId == null) return null; - return await this.usersRepository.findOneByOrFail({ id: this.meta.proxyAccountId }) as MiLocalUser; - } -} diff --git a/packages/backend/src/core/RelayService.ts b/packages/backend/src/core/RelayService.ts index db3211434..9120de1f9 100644 --- a/packages/backend/src/core/RelayService.ts +++ b/packages/backend/src/core/RelayService.ts @@ -4,53 +4,34 @@ */ import { Inject, Injectable } from '@nestjs/common'; -import { IsNull } from 'typeorm'; -import type { MiLocalUser, MiUser } from '@/models/User.js'; -import type { RelaysRepository, UsersRepository } from '@/models/_.js'; +import type { MiUser } from '@/models/User.js'; +import type { RelaysRepository } from '@/models/_.js'; import { IdService } from '@/core/IdService.js'; import { MemorySingleCache } from '@/misc/cache.js'; import type { MiRelay } from '@/models/Relay.js'; import { QueueService } from '@/core/QueueService.js'; -import { CreateSystemUserService } from '@/core/CreateSystemUserService.js'; import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; import { DI } from '@/di-symbols.js'; import { deepClone } from '@/misc/clone.js'; import { bindThis } from '@/decorators.js'; - -const ACTOR_USERNAME = 'relay.actor' as const; +import { SystemAccountService } from '@/core/SystemAccountService.js'; @Injectable() export class RelayService { private relaysCache: MemorySingleCache; constructor( - @Inject(DI.usersRepository) - private usersRepository: UsersRepository, - @Inject(DI.relaysRepository) private relaysRepository: RelaysRepository, private idService: IdService, private queueService: QueueService, - private createSystemUserService: CreateSystemUserService, + private systemAccountService: SystemAccountService, private apRendererService: ApRendererService, ) { this.relaysCache = new MemorySingleCache(1000 * 60 * 10); // 10m } - @bindThis - private async getRelayActor(): Promise { - const user = await this.usersRepository.findOneBy({ - host: IsNull(), - username: ACTOR_USERNAME, - }); - - if (user) return user as MiLocalUser; - - const created = await this.createSystemUserService.createSystemUser(ACTOR_USERNAME); - return created as MiLocalUser; - } - @bindThis public async addRelay(inbox: string): Promise { const relay = await this.relaysRepository.insertOne({ @@ -59,8 +40,8 @@ export class RelayService { status: 'requesting', }); - const relayActor = await this.getRelayActor(); - const follow = await this.apRendererService.renderFollowRelay(relay, relayActor); + const relayActor = await this.systemAccountService.fetch('relay'); + const follow = this.apRendererService.renderFollowRelay(relay, relayActor); const activity = this.apRendererService.addContext(follow); this.queueService.deliver(relayActor, activity, relay.inbox, false); @@ -77,7 +58,7 @@ export class RelayService { throw new Error('relay not found'); } - const relayActor = await this.getRelayActor(); + const relayActor = await this.systemAccountService.fetch('relay'); const follow = this.apRendererService.renderFollowRelay(relay, relayActor); const undo = this.apRendererService.renderUndo(follow, relayActor); const activity = this.apRendererService.addContext(undo); diff --git a/packages/backend/src/core/RoleService.ts b/packages/backend/src/core/RoleService.ts index 5af6b0594..01f3e0c11 100644 --- a/packages/backend/src/core/RoleService.ts +++ b/packages/backend/src/core/RoleService.ts @@ -101,7 +101,6 @@ export const DEFAULT_POLICIES: RolePolicies = { @Injectable() export class RoleService implements OnApplicationShutdown, OnModuleInit { - private rootUserIdCache: MemorySingleCache; private rolesCache: MemorySingleCache; private roleAssignmentByUserIdCache: MemoryKVCache; private notificationService: NotificationService; @@ -137,7 +136,6 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit { private moderationLogService: ModerationLogService, private fanoutTimelineService: FanoutTimelineService, ) { - this.rootUserIdCache = new MemorySingleCache(1000 * 60 * 60 * 24 * 7); // 1week. rootユーザのIDは不変なので長めに this.rolesCache = new MemorySingleCache(1000 * 60 * 60); // 1h this.roleAssignmentByUserIdCache = new MemoryKVCache(1000 * 60 * 5); // 5m @@ -406,15 +404,15 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit { } @bindThis - public async isModerator(user: { id: MiUser['id']; isRoot: MiUser['isRoot'] } | null): Promise { + public async isModerator(user: { id: MiUser['id'] } | null): Promise { if (user == null) return false; - return user.isRoot || (await this.getUserRoles(user.id)).some(r => r.isModerator || r.isAdministrator); + return (this.meta.rootUserId === user.id) || (await this.getUserRoles(user.id)).some(r => r.isModerator || r.isAdministrator); } @bindThis - public async isAdministrator(user: { id: MiUser['id']; isRoot: MiUser['isRoot'] } | null): Promise { + public async isAdministrator(user: { id: MiUser['id'] } | null): Promise { if (user == null) return false; - return user.isRoot || (await this.getUserRoles(user.id)).some(r => r.isAdministrator); + return (this.meta.rootUserId === user.id) || (await this.getUserRoles(user.id)).some(r => r.isAdministrator); } @bindThis @@ -463,16 +461,8 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit { .map(a => a.userId), ); - if (includeRoot) { - const rootUserId = await this.rootUserIdCache.fetch(async () => { - const it = await this.usersRepository.createQueryBuilder('users') - .select('id') - .where({ isRoot: true }) - .getRawOne<{ id: string }>(); - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - return it!.id; - }); - resultSet.add(rootUserId); + if (includeRoot && this.meta.rootUserId) { + resultSet.add(this.meta.rootUserId); } return [...resultSet].sort((x, y) => x.localeCompare(y)); diff --git a/packages/backend/src/core/S3Service.ts b/packages/backend/src/core/S3Service.ts index 37721d2bf..968a5dcc0 100644 --- a/packages/backend/src/core/S3Service.ts +++ b/packages/backend/src/core/S3Service.ts @@ -46,6 +46,8 @@ export class S3Service { tls: meta.objectStorageUseSSL, forcePathStyle: meta.objectStorageEndpoint ? meta.objectStorageS3ForcePathStyle : false, // AWS with endPoint omitted requestHandler: new NodeHttpHandler(handlerOption), + requestChecksumCalculation: 'WHEN_REQUIRED', + responseChecksumValidation: 'WHEN_REQUIRED', }); } diff --git a/packages/backend/src/core/SignupService.ts b/packages/backend/src/core/SignupService.ts index 3865392b7..5462cb0b1 100644 --- a/packages/backend/src/core/SignupService.ts +++ b/packages/backend/src/core/SignupService.ts @@ -14,13 +14,14 @@ import { MiUserProfile } from '@/models/UserProfile.js'; import { IdService } from '@/core/IdService.js'; import { MiUserKeypair } from '@/models/UserKeypair.js'; import { MiUsedUsername } from '@/models/UsedUsername.js'; -import generateUserToken from '@/misc/generate-native-user-token.js'; +import { generateNativeUserToken } from '@/misc/token.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { InstanceActorService } from '@/core/InstanceActorService.js'; import { bindThis } from '@/decorators.js'; import UsersChart from '@/core/chart/charts/users.js'; import { UtilityService } from '@/core/UtilityService.js'; import { UserService } from '@/core/UserService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; +import { MetaService } from '@/core/MetaService.js'; @Injectable() export class SignupService { @@ -41,7 +42,8 @@ export class SignupService { private userService: UserService, private userEntityService: UserEntityService, private idService: IdService, - private instanceActorService: InstanceActorService, + private systemAccountService: SystemAccountService, + private metaService: MetaService, private usersChart: UsersChart, ) { } @@ -74,7 +76,7 @@ export class SignupService { } // Generate secret - const secret = generateUserToken(); + const secret = generateNativeUserToken(); // Check username duplication if (await this.usersRepository.exists({ where: { usernameLower: username.toLowerCase(), host: IsNull() } })) { @@ -86,9 +88,7 @@ export class SignupService { throw new Error('USED_USERNAME'); } - const isTheFirstUser = !await this.instanceActorService.realLocalUsersPresent(); - - if (!opts.ignorePreservedUsernames && !isTheFirstUser) { + if (!opts.ignorePreservedUsernames && this.meta.rootUserId != null) { const isPreserved = this.meta.preservedUsernames.map(x => x.toLowerCase()).includes(username.toLowerCase()); if (isPreserved) { throw new Error('USED_USERNAME'); @@ -129,7 +129,6 @@ export class SignupService { usernameLower: username.toLowerCase(), host: this.utilityService.toPunyNullable(host), token: secret, - isRoot: isTheFirstUser, })); await transactionalEntityManager.save(new MiUserKeypair({ @@ -153,6 +152,10 @@ export class SignupService { this.usersChart.update(account, true); this.userService.notifySystemWebhook(account, 'userCreated'); + if (this.meta.rootUserId == null) { + await this.metaService.update({ rootUserId: account.id }); + } + return { account, secret }; } } diff --git a/packages/backend/src/core/SystemAccountService.ts b/packages/backend/src/core/SystemAccountService.ts new file mode 100644 index 000000000..1e050c305 --- /dev/null +++ b/packages/backend/src/core/SystemAccountService.ts @@ -0,0 +1,172 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +import { randomUUID } from 'node:crypto'; +import { Inject, Injectable } from '@nestjs/common'; +import { DataSource, IsNull } from 'typeorm'; +import bcrypt from 'bcryptjs'; +import { MiLocalUser, MiUser } from '@/models/User.js'; +import { MiSystemAccount, MiUsedUsername, MiUserKeypair, MiUserProfile, type UsersRepository, type SystemAccountsRepository } from '@/models/_.js'; +import type { MiMeta, UserProfilesRepository } from '@/models/_.js'; +import { MemoryKVCache } from '@/misc/cache.js'; +import { DI } from '@/di-symbols.js'; +import { bindThis } from '@/decorators.js'; +import { generateNativeUserToken } from '@/misc/token.js'; +import { IdService } from '@/core/IdService.js'; +import { genRsaKeyPair } from '@/misc/gen-key-pair.js'; + +export const SYSTEM_ACCOUNT_TYPES = ['actor', 'relay', 'proxy'] as const; + +@Injectable() +export class SystemAccountService { + private cache: MemoryKVCache; + + constructor( + @Inject(DI.db) + private db: DataSource, + + @Inject(DI.meta) + private meta: MiMeta, + + @Inject(DI.systemAccountsRepository) + private systemAccountsRepository: SystemAccountsRepository, + + @Inject(DI.usersRepository) + private usersRepository: UsersRepository, + + @Inject(DI.userProfilesRepository) + private userProfilesRepository: UserProfilesRepository, + + private idService: IdService, + ) { + this.cache = new MemoryKVCache(1000 * 60 * 10); // 10m + } + + @bindThis + public async list(): Promise { + const accounts = await this.systemAccountsRepository.findBy({}); + + return accounts; + } + + @bindThis + public async fetch(type: typeof SYSTEM_ACCOUNT_TYPES[number]): Promise { + const cached = this.cache.get(type); + if (cached) return cached; + + const systemAccount = await this.systemAccountsRepository.findOne({ + where: { type: type }, + relations: ['user'], + }); + + if (systemAccount) { + this.cache.set(type, systemAccount.user as MiLocalUser); + return systemAccount.user as MiLocalUser; + } else { + const created = await this.createCorrespondingUser(type, { + username: `system.${type}`, // NOTE: (できれば避けたいが) . が含まれるかどうかでシステムアカウントかどうかを判定している処理もあるので変えないように + name: this.meta.name, + }); + this.cache.set(type, created); + return created; + } + } + + @bindThis + private async createCorrespondingUser(type: typeof SYSTEM_ACCOUNT_TYPES[number], extra: { + username: MiUser['username']; + name?: MiUser['name']; + }): Promise { + const password = randomUUID(); + + // Generate hash of password + const salt = await bcrypt.genSalt(8); + const hash = await bcrypt.hash(password, salt); + + // Generate secret + const secret = generateNativeUserToken(); + + const keyPair = await genRsaKeyPair(); + + let account!: MiUser; + + // Start transaction + await this.db.transaction(async transactionalEntityManager => { + const exist = await transactionalEntityManager.findOneBy(MiUser, { + usernameLower: extra.username.toLowerCase(), + host: IsNull(), + }); + + if (exist) { + account = exist; + return; + } + + account = await transactionalEntityManager.insert(MiUser, { + id: this.idService.gen(), + username: extra.username, + usernameLower: extra.username.toLowerCase(), + host: null, + token: secret, + isLocked: true, + isExplorable: false, + isBot: true, + name: extra.name, + }).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0])); + + await transactionalEntityManager.insert(MiUserKeypair, { + publicKey: keyPair.publicKey, + privateKey: keyPair.privateKey, + userId: account.id, + }); + + await transactionalEntityManager.insert(MiUserProfile, { + userId: account.id, + autoAcceptFollowed: false, + password: hash, + }); + + await transactionalEntityManager.insert(MiUsedUsername, { + createdAt: new Date(), + username: extra.username.toLowerCase(), + }); + + await transactionalEntityManager.insert(MiSystemAccount, { + id: this.idService.gen(), + userId: account.id, + type: type, + }); + }); + + return account as MiLocalUser; + } + + @bindThis + public async updateCorrespondingUserProfile(type: typeof SYSTEM_ACCOUNT_TYPES[number], extra: { + name?: string; + description?: MiUserProfile['description']; + }): Promise { + const user = await this.fetch(type); + + const updates = {} as Partial; + if (extra.name !== undefined) updates.name = extra.name; + + if (Object.keys(updates).length > 0) { + await this.usersRepository.update(user.id, updates); + } + + const profileUpdates = {} as Partial; + if (extra.description !== undefined) profileUpdates.description = extra.description; + + if (Object.keys(profileUpdates).length > 0) { + await this.userProfilesRepository.update(user.id, profileUpdates); + } + + const updated = await this.usersRepository.findOneByOrFail({ id: user.id }) as MiLocalUser; + this.cache.set(type, updated); + + return updated; + } +} diff --git a/packages/backend/src/core/UserListService.ts b/packages/backend/src/core/UserListService.ts index 6333356fe..f0a8768c8 100644 --- a/packages/backend/src/core/UserListService.ts +++ b/packages/backend/src/core/UserListService.ts @@ -15,11 +15,11 @@ import type { GlobalEvents } from '@/core/GlobalEventService.js'; import { GlobalEventService } from '@/core/GlobalEventService.js'; import { DI } from '@/di-symbols.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { ProxyAccountService } from '@/core/ProxyAccountService.js'; import { bindThis } from '@/decorators.js'; import { QueueService } from '@/core/QueueService.js'; import { RedisKVCache } from '@/misc/cache.js'; import { RoleService } from '@/core/RoleService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; @Injectable() export class UserListService implements OnApplicationShutdown, OnModuleInit { @@ -43,8 +43,8 @@ export class UserListService implements OnApplicationShutdown, OnModuleInit { private userEntityService: UserEntityService, private idService: IdService, private globalEventService: GlobalEventService, - private proxyAccountService: ProxyAccountService, private queueService: QueueService, + private systemAccountService: SystemAccountService, ) { this.membersCache = new RedisKVCache>(this.redisClient, 'userListMembers', { lifetime: 1000 * 60 * 30, // 30m @@ -111,10 +111,8 @@ export class UserListService implements OnApplicationShutdown, OnModuleInit { // このインスタンス内にこのリモートユーザーをフォローしているユーザーがいなくても投稿を受け取るためにダミーのユーザーがフォローしたということにする if (this.userEntityService.isRemoteUser(target)) { - const proxy = await this.proxyAccountService.fetch(); - if (proxy) { - this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: target.id } }]); - } + const proxy = await this.systemAccountService.fetch('proxy'); + this.queueService.createFollowJob([{ from: { id: proxy.id }, to: { id: target.id } }]); } } diff --git a/packages/backend/src/core/WebhookTestService.ts b/packages/backend/src/core/WebhookTestService.ts index 555a39f71..f83dec67b 100644 --- a/packages/backend/src/core/WebhookTestService.ts +++ b/packages/backend/src/core/WebhookTestService.ts @@ -73,7 +73,6 @@ function generateDummyUser(override?: Partial): MiUser { isLocked: false, isBot: false, isCat: true, - isRoot: false, isExplorable: true, isHibernated: false, isDeleted: false, diff --git a/packages/backend/src/core/activitypub/ApInboxService.ts b/packages/backend/src/core/activitypub/ApInboxService.ts index 21c7adf7b..e88f60b80 100644 --- a/packages/backend/src/core/activitypub/ApInboxService.ts +++ b/packages/backend/src/core/activitypub/ApInboxService.ts @@ -507,19 +507,12 @@ export class ApInboxService { return `skip: delete actor ${actor.uri} !== ${uri}`; } - const user = await this.usersRepository.findOneBy({ id: actor.id }); - if (user == null) { - return 'skip: actor not found'; - } else if (user.isDeleted) { - return 'skip: already deleted'; + if (!(await this.usersRepository.update({ id: actor.id, isDeleted: false }, { isDeleted: true })).affected) { + return 'skip: already deleted or actor not found'; } const job = await this.queueService.createDeleteAccountJob(actor); - await this.usersRepository.update(actor.id, { - isDeleted: true, - }); - this.globalEventService.publishInternalEvent('remoteUserUpdated', { id: actor.id }); return `ok: queued ${job.name} ${job.id}`; diff --git a/packages/backend/src/core/activitypub/ApRendererService.ts b/packages/backend/src/core/activitypub/ApRendererService.ts index 8688015af..83a095cde 100644 --- a/packages/backend/src/core/activitypub/ApRendererService.ts +++ b/packages/backend/src/core/activitypub/ApRendererService.ts @@ -23,7 +23,7 @@ import { MfmService } from '@/core/MfmService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js'; import type { MiUserKeypair } from '@/models/UserKeypair.js'; -import type { UsersRepository, UserProfilesRepository, NotesRepository, DriveFilesRepository, PollsRepository } from '@/models/_.js'; +import type { UsersRepository, UserProfilesRepository, NotesRepository, DriveFilesRepository, PollsRepository, MiMeta } from '@/models/_.js'; import { bindThis } from '@/decorators.js'; import { CustomEmojiService } from '@/core/CustomEmojiService.js'; import { IdService } from '@/core/IdService.js'; @@ -39,6 +39,9 @@ export class ApRendererService { @Inject(DI.config) private config: Config, + @Inject(DI.meta) + private meta: MiMeta, + @Inject(DI.usersRepository) private usersRepository: UsersRepository, @@ -186,7 +189,7 @@ export class ApRendererService { url: emoji.publicUrl || emoji.originalUrl, }, _misskey_license: { - freeText: emoji.license + freeText: emoji.license, }, }; } @@ -255,6 +258,38 @@ export class ApRendererService { }; } + @bindThis + public renderIdenticon(user: MiLocalUser): IApImage { + return { + type: 'Image', + url: this.userEntityService.getIdenticonUrl(user), + sensitive: false, + name: null, + }; + } + + @bindThis + public renderSystemAvatar(user: MiLocalUser): IApImage { + if (this.meta.iconUrl == null) return this.renderIdenticon(user); + return { + type: 'Image', + url: this.meta.iconUrl, + sensitive: false, + name: null, + }; + } + + @bindThis + public renderSystemBanner(): IApImage | null { + if (this.meta.bannerUrl == null) return null; + return { + type: 'Image', + url: this.meta.bannerUrl, + sensitive: false, + name: null, + }; + } + @bindThis public renderKey(user: MiLocalUser, key: MiUserKeypair, postfix?: string): IKey { return { @@ -503,8 +538,8 @@ export class ApRendererService { _misskey_requireSigninToViewContents: user.requireSigninToViewContents, _misskey_makeNotesFollowersOnlyBefore: user.makeNotesFollowersOnlyBefore, _misskey_makeNotesHiddenBefore: user.makeNotesHiddenBefore, - icon: avatar ? this.renderImage(avatar) : null, - image: banner ? this.renderImage(banner) : null, + icon: avatar ? this.renderImage(avatar) : isSystem ? this.renderSystemAvatar(user) : this.renderIdenticon(user), + image: banner ? this.renderImage(banner) : isSystem ? this.renderSystemBanner() : null, tag, manuallyApprovesFollowers: user.isLocked, discoverable: user.isExplorable, diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts index fb963294c..2534899ad 100644 --- a/packages/backend/src/core/activitypub/ApResolverService.ts +++ b/packages/backend/src/core/activitypub/ApResolverService.ts @@ -6,7 +6,6 @@ import { Inject, Injectable } from '@nestjs/common'; import { IsNull, Not } from 'typeorm'; import type { MiLocalUser, MiRemoteUser } from '@/models/User.js'; -import { InstanceActorService } from '@/core/InstanceActorService.js'; import type { NotesRepository, PollsRepository, NoteReactionsRepository, UsersRepository, FollowRequestsRepository, MiMeta } from '@/models/_.js'; import type { Config } from '@/config.js'; import { HttpRequestService } from '@/core/HttpRequestService.js'; @@ -15,13 +14,14 @@ import { UtilityService } from '@/core/UtilityService.js'; import { bindThis } from '@/decorators.js'; import { LoggerService } from '@/core/LoggerService.js'; import type Logger from '@/logger.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; +import { IdentifiableError } from '@/misc/identifiable-error.js'; import { isCollectionOrOrderedCollection } from './type.js'; import { ApDbResolverService } from './ApDbResolverService.js'; import { ApRendererService } from './ApRendererService.js'; import { ApRequestService } from './ApRequestService.js'; -import type { IObject, ICollection, IOrderedCollection } from './type.js'; -import { IdentifiableError } from '@/misc/identifiable-error.js'; import { FetchAllowSoftFailMask } from './misc/check-against-url.js'; +import type { IObject, ICollection, IOrderedCollection } from './type.js'; export class Resolver { private history: Set; @@ -37,7 +37,7 @@ export class Resolver { private noteReactionsRepository: NoteReactionsRepository, private followRequestsRepository: FollowRequestsRepository, private utilityService: UtilityService, - private instanceActorService: InstanceActorService, + private systemAccountService: SystemAccountService, private apRequestService: ApRequestService, private httpRequestService: HttpRequestService, private apRendererService: ApRendererService, @@ -105,7 +105,7 @@ export class Resolver { } if (this.config.signToActivityPubGet && !this.user) { - this.user = await this.instanceActorService.getInstanceActor(); + this.user = await this.systemAccountService.fetch('actor'); } const object = (this.user @@ -119,7 +119,7 @@ export class Resolver { ) { throw new IdentifiableError('72180409-793c-4973-868e-5a118eb5519b', 'invalid response'); } - + return object; } @@ -202,7 +202,7 @@ export class ApResolverService { private followRequestsRepository: FollowRequestsRepository, private utilityService: UtilityService, - private instanceActorService: InstanceActorService, + private systemAccountService: SystemAccountService, private apRequestService: ApRequestService, private httpRequestService: HttpRequestService, private apRendererService: ApRendererService, @@ -222,7 +222,7 @@ export class ApResolverService { this.noteReactionsRepository, this.followRequestsRepository, this.utilityService, - this.instanceActorService, + this.systemAccountService, this.apRequestService, this.httpRequestService, this.apRendererService, diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 6019906ad..879f1922c 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -594,7 +594,9 @@ export class ApPersonService implements OnModuleInit { if (moving) updates.movedAt = new Date(); // Update user - await this.usersRepository.update(exist.id, updates); + if (!(await this.usersRepository.update({ id: exist.id, isDeleted: false }, updates)).affected) { + return 'skip'; + } if (person.publicKey) { await this.userPublickeysRepository.update({ userId: exist.id }, { @@ -699,7 +701,7 @@ export class ApPersonService implements OnModuleInit { @bindThis public async updateFeatured(userId: MiUser['id'], resolver?: Resolver): Promise { - const user = await this.usersRepository.findOneByOrFail({ id: userId }); + const user = await this.usersRepository.findOneByOrFail({ id: userId, isDeleted: false }); if (!this.userEntityService.isRemoteUser(user)) return; if (!user.featured) return; diff --git a/packages/backend/src/core/entities/MetaEntityService.ts b/packages/backend/src/core/entities/MetaEntityService.ts index 7ad6071ce..08717bd06 100644 --- a/packages/backend/src/core/entities/MetaEntityService.ts +++ b/packages/backend/src/core/entities/MetaEntityService.ts @@ -11,8 +11,7 @@ import type { MiMeta } from '@/models/Meta.js'; import type { AdsRepository } from '@/models/_.js'; import { MAX_NOTE_TEXT_LENGTH } from '@/const.js'; import { bindThis } from '@/decorators.js'; -import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { InstanceActorService } from '@/core/InstanceActorService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; import type { Config } from '@/config.js'; import { DI } from '@/di-symbols.js'; import { DEFAULT_POLICIES } from '@/core/RoleService.js'; @@ -29,8 +28,7 @@ export class MetaEntityService { @Inject(DI.adsRepository) private adsRepository: AdsRepository, - private userEntityService: UserEntityService, - private instanceActorService: InstanceActorService, + private systemAccountService: SystemAccountService, ) { } @bindThis @@ -149,14 +147,14 @@ export class MetaEntityService { const packed = await this.pack(instance); - const proxyAccount = instance.proxyAccountId ? await this.userEntityService.pack(instance.proxyAccountId).catch(() => null) : null; + const proxyAccount = await this.systemAccountService.fetch('proxy'); const packDetailed: Packed<'MetaDetailed'> = { ...packed, cacheRemoteFiles: instance.cacheRemoteFiles, cacheRemoteSensitiveFiles: instance.cacheRemoteSensitiveFiles, - requireSetup: !await this.instanceActorService.realLocalUsersPresent(), - proxyAccountName: proxyAccount ? proxyAccount.username : null, + requireSetup: this.meta.rootUserId == null, + proxyAccountName: proxyAccount.username, features: { localTimeline: instance.policies.ltlAvailable, globalTimeline: instance.policies.gtlAvailable, diff --git a/packages/backend/src/core/entities/UserEntityService.ts b/packages/backend/src/core/entities/UserEntityService.ts index fbd3892dd..69f698d9c 100644 --- a/packages/backend/src/core/entities/UserEntityService.ts +++ b/packages/backend/src/core/entities/UserEntityService.ts @@ -28,6 +28,7 @@ import type { FollowingsRepository, FollowRequestsRepository, MiFollowing, + MiMeta, MiUserNotePining, MiUserProfile, MutingsRepository, @@ -100,6 +101,9 @@ export class UserEntityService implements OnModuleInit { @Inject(DI.config) private config: Config, + @Inject(DI.meta) + private meta: MiMeta, + @Inject(DI.redis) private redisClient: Redis.Redis, @@ -381,7 +385,11 @@ export class UserEntityService implements OnModuleInit { @bindThis public getIdenticonUrl(user: MiUser): string { - return `${this.config.url}/identicon/${user.username.toLowerCase()}@${user.host ?? this.config.host}`; + if ((user.host == null || user.host === this.config.host) && user.username.includes('.') && this.meta.iconUrl) { // ローカルのシステムアカウントの場合 + return this.meta.iconUrl; + } else { + return `${this.config.url}/identicon/${user.username.toLowerCase()}@${user.host ?? this.config.host}`; + } } @bindThis diff --git a/packages/backend/src/di-symbols.ts b/packages/backend/src/di-symbols.ts index e599fc7b3..a306aac1a 100644 --- a/packages/backend/src/di-symbols.ts +++ b/packages/backend/src/di-symbols.ts @@ -74,6 +74,7 @@ export const DI = { registryItemsRepository: Symbol('registryItemsRepository'), webhooksRepository: Symbol('webhooksRepository'), systemWebhooksRepository: Symbol('systemWebhooksRepository'), + systemAccountsRepository: Symbol('systemAccountsRepository'), adsRepository: Symbol('adsRepository'), passwordResetRequestsRepository: Symbol('passwordResetRequestsRepository'), retentionAggregationsRepository: Symbol('retentionAggregationsRepository'), diff --git a/packages/backend/src/misc/is-native-token.ts b/packages/backend/src/misc/is-native-token.ts deleted file mode 100644 index 300c4c05b..000000000 --- a/packages/backend/src/misc/is-native-token.ts +++ /dev/null @@ -1,7 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and misskey-project - * SPDX-License-Identifier: AGPL-3.0-only - */ - -// eslint-disable-next-line import/no-default-export -export default (token: string) => token.length === 16; diff --git a/packages/backend/src/misc/generate-native-user-token.ts b/packages/backend/src/misc/token.ts similarity index 54% rename from packages/backend/src/misc/generate-native-user-token.ts rename to packages/backend/src/misc/token.ts index 85fb383ba..5d37cba26 100644 --- a/packages/backend/src/misc/generate-native-user-token.ts +++ b/packages/backend/src/misc/token.ts @@ -5,5 +5,6 @@ import { secureRndstr } from '@/misc/secure-rndstr.js'; -// eslint-disable-next-line import/no-default-export -export default () => secureRndstr(16); +export const generateNativeUserToken = () => secureRndstr(16); + +export const isNativeUserToken = (token: string) => token.length === 16; diff --git a/packages/backend/src/models/Meta.ts b/packages/backend/src/models/Meta.ts index 9df2f7498..1fbf5371b 100644 --- a/packages/backend/src/models/Meta.ts +++ b/packages/backend/src/models/Meta.ts @@ -3,7 +3,7 @@ * SPDX-License-Identifier: AGPL-3.0-only */ -import { Entity, Column, PrimaryColumn, ManyToOne, JoinColumn } from 'typeorm'; +import { Entity, Column, PrimaryColumn, ManyToOne } from 'typeorm'; import { id } from './util/id.js'; import { MiUser } from './User.js'; @@ -15,6 +15,18 @@ export class MiMeta { }) public id: string; + @Column({ + ...id(), + nullable: true, + }) + public rootUserId: MiUser['id'] | null; + + @ManyToOne(type => MiUser, { + onDelete: 'SET NULL', + nullable: true, + }) + public rootUser: MiUser | null; + @Column('varchar', { length: 1024, nullable: true, }) @@ -172,18 +184,6 @@ export class MiMeta { }) public cacheRemoteSensitiveFiles: boolean; - @Column({ - ...id(), - nullable: true, - }) - public proxyAccountId: MiUser['id'] | null; - - @ManyToOne(type => MiUser, { - onDelete: 'SET NULL', - }) - @JoinColumn() - public proxyAccount: MiUser | null; - @Column('boolean', { default: false, }) diff --git a/packages/backend/src/models/RepositoryModule.ts b/packages/backend/src/models/RepositoryModule.ts index ea0f88bab..04a9df6cf 100644 --- a/packages/backend/src/models/RepositoryModule.ts +++ b/packages/backend/src/models/RepositoryModule.ts @@ -3,7 +3,6 @@ * SPDX-License-Identifier: AGPL-3.0-only */ -import type { Provider } from '@nestjs/common'; import { Module } from '@nestjs/common'; import { DI } from '@/di-symbols.js'; import { @@ -63,6 +62,7 @@ import { MiRoleAssignment, MiSignin, MiSwSubscription, + MiSystemAccount, MiSystemWebhook, MiUsedUsername, MiUser, @@ -77,8 +77,9 @@ import { MiUserProfile, MiUserPublickey, MiUserSecurityKey, - MiWebhook + MiWebhook, } from './_.js'; +import type { Provider } from '@nestjs/common'; import type { DataSource } from 'typeorm'; const $usersRepository: Provider = { @@ -285,6 +286,12 @@ const $swSubscriptionsRepository: Provider = { inject: [DI.db], }; +const $systemAccountsRepository: Provider = { + provide: DI.systemAccountsRepository, + useFactory: (db: DataSource) => db.getRepository(MiSystemAccount), + inject: [DI.db], +}; + const $hashtagsRepository: Provider = { provide: DI.hashtagsRepository, useFactory: (db: DataSource) => db.getRepository(MiHashtag).extend(miRepository as MiRepository), @@ -532,6 +539,7 @@ const $reversiGamesRepository: Provider = { $renoteMutingsRepository, $blockingsRepository, $swSubscriptionsRepository, + $systemAccountsRepository, $hashtagsRepository, $abuseUserReportsRepository, $abuseReportNotificationRecipientRepository, @@ -603,6 +611,7 @@ const $reversiGamesRepository: Provider = { $renoteMutingsRepository, $blockingsRepository, $swSubscriptionsRepository, + $systemAccountsRepository, $hashtagsRepository, $abuseUserReportsRepository, $abuseReportNotificationRecipientRepository, diff --git a/packages/backend/src/models/SystemAccount.ts b/packages/backend/src/models/SystemAccount.ts new file mode 100644 index 000000000..f32880b81 --- /dev/null +++ b/packages/backend/src/models/SystemAccount.ts @@ -0,0 +1,31 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +import { Column, Entity, Index, JoinColumn, ManyToOne, PrimaryColumn } from 'typeorm'; +import { Serialized } from '@/types.js'; +import { id } from './util/id.js'; +import { MiUser } from './User.js'; + +@Entity('system_account') +@Index(['type'], { unique: true }) +export class MiSystemAccount { + @PrimaryColumn(id()) + public id: string; + + @Index() + @Column(id()) + public userId: MiUser['id']; + + @ManyToOne(type => MiUser, { + onDelete: 'CASCADE', + }) + @JoinColumn() + public user: MiUser | null; + + @Column('varchar', { + length: 256, + }) + public type: string; +} diff --git a/packages/backend/src/models/User.ts b/packages/backend/src/models/User.ts index 549d78a22..630240efd 100644 --- a/packages/backend/src/models/User.ts +++ b/packages/backend/src/models/User.ts @@ -184,12 +184,6 @@ export class MiUser { }) public isCat: boolean; - @Column('boolean', { - default: false, - comment: 'Whether the User is the root.', - }) - public isRoot: boolean; - @Index() @Column('boolean', { default: true, diff --git a/packages/backend/src/models/_.ts b/packages/backend/src/models/_.ts index c72bdaa72..fa15760c0 100644 --- a/packages/backend/src/models/_.ts +++ b/packages/backend/src/models/_.ts @@ -56,6 +56,7 @@ import { MiRegistryItem } from '@/models/RegistryItem.js'; import { MiRelay } from '@/models/Relay.js'; import { MiSignin } from '@/models/Signin.js'; import { MiSwSubscription } from '@/models/SwSubscription.js'; +import { MiSystemAccount } from '@/models/SystemAccount.js'; import { MiUsedUsername } from '@/models/UsedUsername.js'; import { MiUser } from '@/models/User.js'; import { MiUserIp } from '@/models/UserIp.js'; @@ -171,6 +172,7 @@ export { MiRelay, MiSignin, MiSwSubscription, + MiSystemAccount, MiUsedUsername, MiUser, MiUserIp, @@ -242,6 +244,7 @@ export type RegistryItemsRepository = Repository & MiRepository< export type RelaysRepository = Repository & MiRepository; export type SigninsRepository = Repository & MiRepository; export type SwSubscriptionsRepository = Repository & MiRepository; +export type SystemAccountsRepository = Repository & MiRepository; export type UsedUsernamesRepository = Repository & MiRepository; export type UsersRepository = Repository & MiRepository; export type UserIpsRepository = Repository & MiRepository; diff --git a/packages/backend/src/postgres.ts b/packages/backend/src/postgres.ts index 8a0b7d97d..043332d4b 100644 --- a/packages/backend/src/postgres.ts +++ b/packages/backend/src/postgres.ts @@ -82,6 +82,7 @@ import { MiReversiGame } from '@/models/ReversiGame.js'; import { Config } from '@/config.js'; import MisskeyLogger from '@/logger.js'; import { bindThis } from '@/decorators.js'; +import { MiSystemAccount } from './models/SystemAccount.js'; pg.types.setTypeParser(20, Number); @@ -206,6 +207,7 @@ export const entities = [ MiEmoji, MiHashtag, MiSwSubscription, + MiSystemAccount, MiAbuseUserReport, MiAbuseReportNotificationRecipient, MiRegistrationTicket, diff --git a/packages/backend/src/server/NodeinfoServerService.ts b/packages/backend/src/server/NodeinfoServerService.ts index 9a641007e..239ef82de 100644 --- a/packages/backend/src/server/NodeinfoServerService.ts +++ b/packages/backend/src/server/NodeinfoServerService.ts @@ -9,11 +9,11 @@ import type { Config } from '@/config.js'; import { MetaService } from '@/core/MetaService.js'; import { MAX_NOTE_TEXT_LENGTH } from '@/const.js'; import { MemorySingleCache } from '@/misc/cache.js'; -import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { bindThis } from '@/decorators.js'; import NotesChart from '@/core/chart/charts/notes.js'; import UsersChart from '@/core/chart/charts/users.js'; import { DEFAULT_POLICIES } from '@/core/RoleService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; import type { FastifyInstance, FastifyPluginOptions } from 'fastify'; const nodeinfo2_1path = '/nodeinfo/2.1'; @@ -26,7 +26,7 @@ export class NodeinfoServerService { @Inject(DI.config) private config: Config, - private userEntityService: UserEntityService, + private systemAccountService: SystemAccountService, private metaService: MetaService, private notesChart: NotesChart, private usersChart: UsersChart, @@ -70,7 +70,7 @@ export class NodeinfoServerService { const activeHalfyear = null; const activeMonth = null; - const proxyAccount = meta.proxyAccountId ? await this.userEntityService.pack(meta.proxyAccountId).catch(() => null) : null; + const proxyAccount = await this.systemAccountService.fetch('proxy'); const basePolicies = { ...DEFAULT_POLICIES, ...meta.policies }; @@ -123,7 +123,7 @@ export class NodeinfoServerService { maxNoteTextLength: MAX_NOTE_TEXT_LENGTH, enableEmail: meta.enableEmail, enableServiceWorker: meta.enableServiceWorker, - proxyAccountName: proxyAccount ? proxyAccount.username : null, + proxyAccountName: proxyAccount.username, themeColor: meta.themeColor ?? '#86b300', }, }; diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts index aad833f12..9399aa61b 100644 --- a/packages/backend/src/server/api/ApiCallService.ts +++ b/packages/backend/src/server/api/ApiCallService.ts @@ -371,7 +371,7 @@ export class ApiCallService implements OnApplicationShutdown { } } - if ((ep.meta.requireModerator || ep.meta.requireAdmin) && !user!.isRoot) { + if ((ep.meta.requireModerator || ep.meta.requireAdmin) && (this.meta.rootUserId !== user!.id)) { const myRoles = await this.roleService.getUserRoles(user!.id); if (ep.meta.requireModerator && !myRoles.some(r => r.isModerator || r.isAdministrator)) { throw new ApiError({ @@ -391,7 +391,7 @@ export class ApiCallService implements OnApplicationShutdown { } } - if (ep.meta.requireRolePolicy != null && !user!.isRoot) { + if (ep.meta.requireRolePolicy != null && (this.meta.rootUserId !== user!.id)) { const myRoles = await this.roleService.getUserRoles(user!.id); const policies = await this.roleService.getUserPolicies(user!.id); if (!policies[ep.meta.requireRolePolicy] && !myRoles.some(r => r.isAdministrator)) { diff --git a/packages/backend/src/server/api/AuthenticateService.ts b/packages/backend/src/server/api/AuthenticateService.ts index 690ff2e02..601618553 100644 --- a/packages/backend/src/server/api/AuthenticateService.ts +++ b/packages/backend/src/server/api/AuthenticateService.ts @@ -11,7 +11,7 @@ import type { MiAccessToken } from '@/models/AccessToken.js'; import { MemoryKVCache } from '@/misc/cache.js'; import type { MiApp } from '@/models/App.js'; import { CacheService } from '@/core/CacheService.js'; -import isNativeToken from '@/misc/is-native-token.js'; +import { isNativeUserToken } from '@/misc/token.js'; import { bindThis } from '@/decorators.js'; export class AuthenticationError extends Error { @@ -46,7 +46,7 @@ export class AuthenticateService implements OnApplicationShutdown { return [null, null]; } - if (isNativeToken(token)) { + if (isNativeUserToken(token)) { const user = await this.cacheService.localUserByNativeTokenCache.fetch(token, () => this.usersRepository.findOneBy({ token }) as Promise); diff --git a/packages/backend/src/server/api/endpoint-list.ts b/packages/backend/src/server/api/endpoint-list.ts index 28f7cfea0..560d3f658 100644 --- a/packages/backend/src/server/api/endpoint-list.ts +++ b/packages/backend/src/server/api/endpoint-list.ts @@ -100,6 +100,7 @@ export * as 'admin/unset-user-banner' from './endpoints/admin/unset-user-banner. export * as 'admin/unsuspend-user' from './endpoints/admin/unsuspend-user.js'; export * as 'admin/update-abuse-user-report' from './endpoints/admin/update-abuse-user-report.js'; export * as 'admin/update-meta' from './endpoints/admin/update-meta.js'; +export * as 'admin/update-proxy-account' from './endpoints/admin/update-proxy-account.js'; export * as 'admin/update-user-note' from './endpoints/admin/update-user-note.js'; export * as 'announcements' from './endpoints/announcements.js'; export * as 'announcements/show' from './endpoints/announcements/show.js'; diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index d30131a62..06047b58a 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -4,12 +4,10 @@ */ import { Inject, Injectable } from '@nestjs/common'; -import { IsNull } from 'typeorm'; import { Endpoint } from '@/server/api/endpoint-base.js'; -import type { UsersRepository } from '@/models/_.js'; +import type { MiMeta, UsersRepository } from '@/models/_.js'; import { SignupService } from '@/core/SignupService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { InstanceActorService } from '@/core/InstanceActorService.js'; import { localUsernameSchema, passwordSchema } from '@/models/User.js'; import { DI } from '@/di-symbols.js'; import type { Config } from '@/config.js'; @@ -62,18 +60,19 @@ export default class extends Endpoint { // eslint- @Inject(DI.config) private config: Config, + @Inject(DI.meta) + private serverSettings: MiMeta, + @Inject(DI.usersRepository) private usersRepository: UsersRepository, private userEntityService: UserEntityService, private signupService: SignupService, - private instanceActorService: InstanceActorService, ) { super(meta, paramDef, async (ps, _me, token) => { const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null; - const realUsers = await this.instanceActorService.realLocalUsersPresent(); - if (!realUsers && me == null && token == null) { + if (this.serverSettings.rootUserId == null && me == null && token == null) { // 初回セットアップの場合 if (this.config.setupPassword != null) { // 初期パスワードが設定されている場合 @@ -85,7 +84,7 @@ export default class extends Endpoint { // eslint- // 初期パスワードが設定されていないのに初期パスワードが入力された場合 throw new ApiError(meta.errors.wrongInitialPassword); } - } else if ((realUsers && !me?.isRoot) || token !== null) { + } else if ((this.serverSettings.rootUserId != null && (this.serverSettings.rootUserId !== me?.id)) || token !== null) { // 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合 throw new ApiError(meta.errors.accessDenied); } diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts index ece1984cf..d04f52dd6 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts @@ -42,10 +42,6 @@ export default class extends Endpoint { // eslint- throw new Error('user not found'); } - if (user.isRoot) { - throw new Error('cannot delete a root account'); - } - await this.deleteAccoountService.deleteAccount(user, me); }); } diff --git a/packages/backend/src/server/api/endpoints/admin/meta.ts b/packages/backend/src/server/api/endpoints/admin/meta.ts index 9d5691a42..53e2b2b23 100644 --- a/packages/backend/src/server/api/endpoints/admin/meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/meta.ts @@ -9,6 +9,7 @@ import { MetaService } from '@/core/MetaService.js'; import type { Config } from '@/config.js'; import { DI } from '@/di-symbols.js'; import { DEFAULT_POLICIES } from '@/core/RoleService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; export const meta = { tags: ['meta'], @@ -237,7 +238,7 @@ export const meta = { }, proxyAccountId: { type: 'string', - optional: false, nullable: true, + optional: false, nullable: false, format: 'id', }, email: { @@ -545,10 +546,13 @@ export default class extends Endpoint { // eslint- private config: Config, private metaService: MetaService, + private systemAccountService: SystemAccountService, ) { super(meta, paramDef, async () => { const instance = await this.metaService.fetch(true); + const proxy = await this.systemAccountService.fetch('proxy'); + return { maintainerName: instance.maintainerName, maintainerEmail: instance.maintainerEmail, @@ -613,7 +617,7 @@ export default class extends Endpoint { // eslint- sensitiveMediaDetectionSensitivity: instance.sensitiveMediaDetectionSensitivity, setSensitiveFlagAutomatically: instance.setSensitiveFlagAutomatically, enableSensitiveMediaDetectionForVideos: instance.enableSensitiveMediaDetectionForVideos, - proxyAccountId: instance.proxyAccountId, + proxyAccountId: proxy.id, email: instance.email, smtpSecure: instance.smtpSecure, smtpHost: instance.smtpHost, diff --git a/packages/backend/src/server/api/endpoints/admin/reset-password.ts b/packages/backend/src/server/api/endpoints/admin/reset-password.ts index 53db096c1..fc246631c 100644 --- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts +++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts @@ -6,7 +6,7 @@ import { Inject, Injectable } from '@nestjs/common'; import bcrypt from 'bcryptjs'; import { Endpoint } from '@/server/api/endpoint-base.js'; -import type { UsersRepository, UserProfilesRepository } from '@/models/_.js'; +import type { UsersRepository, UserProfilesRepository, MiMeta } from '@/models/_.js'; import { DI } from '@/di-symbols.js'; import { secureRndstr } from '@/misc/secure-rndstr.js'; import { ModerationLogService } from '@/core/ModerationLogService.js'; @@ -43,6 +43,9 @@ export const paramDef = { @Injectable() export default class extends Endpoint { // eslint-disable-line import/no-default-export constructor( + @Inject(DI.meta) + private serverSettings: MiMeta, + @Inject(DI.usersRepository) private usersRepository: UsersRepository, @@ -58,7 +61,7 @@ export default class extends Endpoint { // eslint- throw new Error('user not found'); } - if (user.isRoot) { + if (this.serverSettings.rootUserId === user.id) { throw new Error('cannot reset password of root'); } diff --git a/packages/backend/src/server/api/endpoints/admin/update-meta.ts b/packages/backend/src/server/api/endpoints/admin/update-meta.ts index 45c012cb0..bc0558766 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts @@ -89,7 +89,6 @@ export const paramDef = { sensitiveMediaDetectionSensitivity: { type: 'string', enum: ['medium', 'low', 'high', 'veryLow', 'veryHigh'] }, setSensitiveFlagAutomatically: { type: 'boolean' }, enableSensitiveMediaDetectionForVideos: { type: 'boolean' }, - proxyAccountId: { type: 'string', format: 'misskey:id', nullable: true }, maintainerName: { type: 'string', nullable: true }, maintainerEmail: { type: 'string', nullable: true }, langs: { @@ -394,10 +393,6 @@ export default class extends Endpoint { // eslint- set.enableSensitiveMediaDetectionForVideos = ps.enableSensitiveMediaDetectionForVideos; } - if (ps.proxyAccountId !== undefined) { - set.proxyAccountId = ps.proxyAccountId; - } - if (ps.maintainerName !== undefined) { set.maintainerName = ps.maintainerName; } diff --git a/packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts b/packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts new file mode 100644 index 000000000..6c9612c71 --- /dev/null +++ b/packages/backend/src/server/api/endpoints/admin/update-proxy-account.ts @@ -0,0 +1,62 @@ +/* + * SPDX-FileCopyrightText: syuilo and misskey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ + +import { Injectable } from '@nestjs/common'; +import { Endpoint } from '@/server/api/endpoint-base.js'; +import { + descriptionSchema, +} from '@/models/User.js'; +import { UserEntityService } from '@/core/entities/UserEntityService.js'; +import { ModerationLogService } from '@/core/ModerationLogService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; + +export const meta = { + tags: ['admin'], + + requireCredential: true, + requireModerator: true, + kind: 'write:admin:account', + + res: { + type: 'object', + nullable: false, optional: false, + ref: 'UserDetailed', + }, +} as const; + +export const paramDef = { + type: 'object', + properties: { + description: { ...descriptionSchema, nullable: true }, + }, +} as const; + +@Injectable() +export default class extends Endpoint { // eslint-disable-line import/no-default-export + constructor( + private userEntityService: UserEntityService, + private moderationLogService: ModerationLogService, + private systemAccountService: SystemAccountService, + ) { + super(meta, paramDef, async (ps, me) => { + const proxy = await this.systemAccountService.updateCorrespondingUserProfile('proxy', { + description: ps.description, + }); + + const updated = await this.userEntityService.pack(proxy.id, proxy, { + schema: 'MeDetailed', + }); + + if (ps.description !== undefined) { + this.moderationLogService.log(me, 'updateProxyAccountDescription', { + before: null, //TODO + after: ps.description, + }); + } + + return updated; + }); + } +} diff --git a/packages/backend/src/server/api/endpoints/i/move.ts b/packages/backend/src/server/api/endpoints/i/move.ts index 1bd641232..7852b5a2e 100644 --- a/packages/backend/src/server/api/endpoints/i/move.ts +++ b/packages/backend/src/server/api/endpoints/i/move.ts @@ -3,7 +3,7 @@ * SPDX-License-Identifier: AGPL-3.0-only */ -import { Injectable } from '@nestjs/common'; +import { Inject, Injectable } from '@nestjs/common'; import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; @@ -19,6 +19,8 @@ import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import * as Acct from '@/misc/acct.js'; +import { DI } from '@/di-symbols.js'; +import { MiMeta } from '@/models/_.js'; export const meta = { tags: ['users'], @@ -81,6 +83,9 @@ export const paramDef = { @Injectable() export default class extends Endpoint { // eslint-disable-line import/no-default-export constructor( + @Inject(DI.meta) + private serverSettings: MiMeta, + private remoteUserResolveService: RemoteUserResolveService, private apiLoggerService: ApiLoggerService, private accountMoveService: AccountMoveService, @@ -92,7 +97,7 @@ export default class extends Endpoint { // eslint- // check parameter if (!ps.moveToAccount) throw new ApiError(meta.errors.noSuchUser); // abort if user is the root - if (me.isRoot) throw new ApiError(meta.errors.rootForbidden); + if (this.serverSettings.rootUserId === me.id) throw new ApiError(meta.errors.rootForbidden); // abort if user has already moved if (me.movedToUri) throw new ApiError(meta.errors.alreadyMoved); diff --git a/packages/backend/src/server/api/endpoints/i/regenerate-token.ts b/packages/backend/src/server/api/endpoints/i/regenerate-token.ts index 78f3cce9a..d25d5d5e0 100644 --- a/packages/backend/src/server/api/endpoints/i/regenerate-token.ts +++ b/packages/backend/src/server/api/endpoints/i/regenerate-token.ts @@ -7,7 +7,7 @@ import bcrypt from 'bcryptjs'; import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { UsersRepository, UserProfilesRepository } from '@/models/_.js'; -import generateUserToken from '@/misc/generate-native-user-token.js'; +import { generateNativeUserToken } from '@/misc/token.js'; import { GlobalEventService } from '@/core/GlobalEventService.js'; import { DI } from '@/di-symbols.js'; @@ -49,7 +49,7 @@ export default class extends Endpoint { // eslint- throw new Error('incorrect password'); } - const newToken = generateUserToken(); + const newToken = generateNativeUserToken(); await this.usersRepository.update(me.id, { token: newToken, diff --git a/packages/backend/src/server/api/endpoints/reset-db.ts b/packages/backend/src/server/api/endpoints/reset-db.ts index 67d5fabd8..552362b64 100644 --- a/packages/backend/src/server/api/endpoints/reset-db.ts +++ b/packages/backend/src/server/api/endpoints/reset-db.ts @@ -6,9 +6,12 @@ import { Inject, Injectable } from '@nestjs/common'; import { DataSource } from 'typeorm'; import * as Redis from 'ioredis'; +import { LoggerService } from '@/core/LoggerService.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { DI } from '@/di-symbols.js'; import { resetDb } from '@/misc/reset-db.js'; +import { MetaService } from '@/core/MetaService.js'; +import { GlobalEventService } from '@/core/GlobalEventService.js'; export const meta = { tags: ['non-productive'], @@ -36,13 +39,27 @@ export default class extends Endpoint { // eslint- @Inject(DI.redis) private redisClient: Redis.Redis, + + private loggerService: LoggerService, + private metaService: MetaService, + private globalEventService: GlobalEventService, ) { super(meta, paramDef, async (ps, me) => { if (process.env.NODE_ENV !== 'test') throw new Error('NODE_ENV is not a test'); - await redisClient.flushdb(); + const logger = this.loggerService.getLogger('reset-db'); + logger.info('---- Resetting database...'); + + await this.redisClient.flushdb(); await resetDb(this.db); + // DIコンテナで管理しているmetaのインスタンスには上記のリセット処理が届かないため、 + // 初期値を流して明示的にリフレッシュする + const meta = await this.metaService.fetch(true); + this.globalEventService.publishInternalEvent('metaUpdated', { after: meta }); + + logger.info('---- Database reset complete.'); + await new Promise(resolve => setTimeout(resolve, 1000)); }); } diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index e065c451f..cdd710266 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -95,6 +95,7 @@ interface ClientInformation { id: string; redirectUris: string[]; name: string; + logo: string | null; } // https://indieauth.spec.indieweb.org/#client-information-discovery @@ -124,11 +125,19 @@ async function discoverClientInformation(logger: Logger, httpRequestService: Htt redirectUris.push(...[...fragment.querySelectorAll('link[rel=redirect_uri][href]')].map(el => el.href)); let name = id; + let logo: string | null = null; if (text) { const microformats = mf2(text, { baseUrl: res.url }); - const nameProperty = microformats.items.find(item => item.type?.includes('h-app') && item.properties.url.includes(id))?.properties.name[0]; - if (typeof nameProperty === 'string') { - name = nameProperty; + const correspondingProperties = microformats.items.find(item => item.type?.includes('h-app') && item.properties.url.includes(id)); + if (correspondingProperties) { + const nameProperty = correspondingProperties.properties.name?.[0]; + if (typeof nameProperty === 'string') { + name = nameProperty; + } + const logoProperty = correspondingProperties.properties.logo?.[0]; + if (typeof logoProperty === 'string') { + logo = logoProperty; + } } } @@ -136,6 +145,7 @@ async function discoverClientInformation(logger: Logger, httpRequestService: Htt id, redirectUris: redirectUris.map(uri => new URL(uri, res.url).toString()), name: typeof name === 'string' ? name : id, + logo, }; } catch (err) { console.error(err); @@ -379,6 +389,7 @@ export class OAuth2ProviderService { return await reply.view('oauth', { transactionId: oauth2.transactionID, clientName: oauth2.client.name, + clientLogo: oauth2.client.logo, scope: oauth2.req.scope.join(' '), }); }); diff --git a/packages/backend/src/server/web/views/oauth.pug b/packages/backend/src/server/web/views/oauth.pug index 1470dbfbd..4195ccc3a 100644 --- a/packages/backend/src/server/web/views/oauth.pug +++ b/packages/backend/src/server/web/views/oauth.pug @@ -6,4 +6,6 @@ block meta //- XXX: Remove navigation bar in auth page? meta(name='misskey:oauth:transaction-id' content=transactionId) meta(name='misskey:oauth:client-name' content=clientName) + if clientLogo + meta(name='misskey:oauth:client-logo' content=clientLogo) meta(name='misskey:oauth:scope' content=scope) diff --git a/packages/backend/src/types.ts b/packages/backend/src/types.ts index bf409031c..c6b103555 100644 --- a/packages/backend/src/types.ts +++ b/packages/backend/src/types.ts @@ -122,6 +122,7 @@ export const moderationLogTypes = [ 'deletePage', 'deleteFlash', 'deleteGalleryPost', + 'updateProxyAccountDescription', ] as const; export type ModerationLogPayloads = { @@ -374,25 +375,29 @@ export type ModerationLogPayloads = { postUserUsername: string; post: any; }; + updateProxyAccountDescription: { + before: string | null; + after: string | null; + }; }; export type Serialized = { [K in keyof T]: - T[K] extends Date - ? string - : T[K] extends (Date | null) - ? (string | null) - : T[K] extends Record - ? Serialized - : T[K] extends (Record | null) + T[K] extends Date + ? string + : T[K] extends (Date | null) + ? (string | null) + : T[K] extends Record + ? Serialized + : T[K] extends (Record | null) ? (Serialized | null) - : T[K] extends (Record | undefined) + : T[K] extends (Record | undefined) ? (Serialized | undefined) - : T[K]; + : T[K]; }; export type FilterUnionByProperty< - Union, - Property extends string | number | symbol, - Condition + Union, + Property extends string | number | symbol, + Condition, > = Union extends Record ? Union : never; diff --git a/packages/backend/test-federation/compose.yml b/packages/backend/test-federation/compose.yml index a5a722398..ed39109aa 100644 --- a/packages/backend/test-federation/compose.yml +++ b/packages/backend/test-federation/compose.yml @@ -20,8 +20,12 @@ services: depends_on: a.test: condition: service_healthy + misskey.a.test: + condition: service_healthy b.test: condition: service_healthy + misskey.b.test: + condition: service_healthy environment: - NODE_ENV=development - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/rootCA.crt diff --git a/packages/backend/test-federation/test/abuse-report.test.ts b/packages/backend/test-federation/test/abuse-report.test.ts index b54d6222b..ddc8e4f9d 100644 --- a/packages/backend/test-federation/test/abuse-report.test.ts +++ b/packages/backend/test-federation/test/abuse-report.test.ts @@ -35,7 +35,7 @@ describe('Abuse report', () => { const reportsInB = await bModerator.client.request('admin/abuse-user-reports', {}); const reportInB = reportsInB.filter(report => report.comment.includes(comment))[0]; // NOTE: reporter is not Alice, and is not moderator in A - strictEqual(reportInB.reporter.url, 'https://a.test/@instance.actor'); + strictEqual(reportInB.reporter.url, 'https://a.test/@system.actor'); strictEqual(reportInB.targetUserId, bob.id); // NOTE: cannot forward multiple times diff --git a/packages/backend/test-federation/test/user.test.ts b/packages/backend/test-federation/test/user.test.ts index 76605e61d..83dcb8df4 100644 --- a/packages/backend/test-federation/test/user.test.ts +++ b/packages/backend/test-federation/test/user.test.ts @@ -37,6 +37,7 @@ describe('User', () => { 'id', 'host', 'avatarUrl', + 'avatarBlurhash', 'instance', 'badgeRoles', 'url', @@ -379,7 +380,8 @@ describe('User', () => { strictEqual(followers.length, 1); // followed by Bob await alice.client.request('i/delete-account', { password: alice.password }); - await sleep(); + // NOTE: user deletion query is slow + await sleep(4000); const following = await bob.client.request('users/following', { userId: bob.id }); strictEqual(following.length, 0); // no following relation @@ -477,7 +479,8 @@ describe('User', () => { strictEqual(followers.length, 1); // followed by Bob await aAdmin.client.request('admin/suspend-user', { userId: alice.id }); - await sleep(); + // NOTE: user deletion query is slow + await sleep(4000); const following = await bob.client.request('users/following', { userId: bob.id }); strictEqual(following.length, 0); // no following relation diff --git a/packages/backend/test-federation/test/utils.ts b/packages/backend/test-federation/test/utils.ts index db8da5025..2779eb7e8 100644 --- a/packages/backend/test-federation/test/utils.ts +++ b/packages/backend/test-federation/test/utils.ts @@ -36,7 +36,7 @@ export type Request = < type Host = 'a.test' | 'b.test'; -export async function sleep(ms = 200): Promise { +export async function sleep(ms = 250): Promise { return new Promise(resolve => setTimeout(resolve, ms)); } diff --git a/packages/backend/test/e2e/oauth.ts b/packages/backend/test/e2e/oauth.ts index ef7a6a579..f639f90ea 100644 --- a/packages/backend/test/e2e/oauth.ts +++ b/packages/backend/test/e2e/oauth.ts @@ -72,11 +72,12 @@ const clientConfig: ModuleOptions<'client_id'> = { }, }; -function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } { +function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined, clientLogo: string | undefined } { const fragment = JSDOM.fragment(html); return { transactionId: fragment.querySelector('meta[name="misskey:oauth:transaction-id"]')?.content, clientName: fragment.querySelector('meta[name="misskey:oauth:client-name"]')?.content, + clientLogo: fragment.querySelector('meta[name="misskey:oauth:client-logo"]')?.content, }; } @@ -915,6 +916,59 @@ describe('OAuth', () => { assert.strictEqual(getMeta(await response.text()).clientName, `http://127.0.0.1:${clientPort}/`); }); + test('With Logo', async () => { + sender = (reply): void => { + reply.header('Link', '; rel="redirect_uri"'); + reply.send(` + +
+ Misklient + +
+ `); + reply.send(); + }; + + const client = new AuthorizationCode(clientConfig); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + } as AuthorizationParamsExtended)); + assert.strictEqual(response.status, 200); + const meta = getMeta(await response.text()); + assert.strictEqual(meta.clientName, 'Misklient'); + assert.strictEqual(meta.clientLogo, `http://127.0.0.1:${clientPort}/logo.png`); + }); + + test('Missing Logo', async () => { + sender = (reply): void => { + reply.header('Link', '; rel="redirect_uri"'); + reply.send(` + +
Misklient + `); + reply.send(); + }; + + const client = new AuthorizationCode(clientConfig); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + } as AuthorizationParamsExtended)); + assert.strictEqual(response.status, 200); + const meta = getMeta(await response.text()); + assert.strictEqual(meta.clientName, 'Misklient'); + assert.strictEqual(meta.clientLogo, undefined); + }); + test('Mismatching URL in h-app', async () => { sender = (reply): void => { reply.header('Link', '; rel="redirect_uri"'); diff --git a/packages/backend/test/misc/mock-resolver.ts b/packages/backend/test/misc/mock-resolver.ts index c8f3db8aa..53ff4feb7 100644 --- a/packages/backend/test/misc/mock-resolver.ts +++ b/packages/backend/test/misc/mock-resolver.ts @@ -7,14 +7,10 @@ import type { Config } from '@/config.js'; import type { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js'; import type { ApRendererService } from '@/core/activitypub/ApRendererService.js'; import type { ApRequestService } from '@/core/activitypub/ApRequestService.js'; -import { Resolver } from '@/core/activitypub/ApResolverService.js'; import type { IObject } from '@/core/activitypub/type.js'; import type { HttpRequestService } from '@/core/HttpRequestService.js'; -import type { InstanceActorService } from '@/core/InstanceActorService.js'; import type { LoggerService } from '@/core/LoggerService.js'; -import type { MetaService } from '@/core/MetaService.js'; import type { UtilityService } from '@/core/UtilityService.js'; -import { bindThis } from '@/decorators.js'; import type { FollowRequestsRepository, MiMeta, @@ -23,6 +19,9 @@ import type { PollsRepository, UsersRepository, } from '@/models/_.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; +import { bindThis } from '@/decorators.js'; +import { Resolver } from '@/core/activitypub/ApResolverService.js'; type MockResponse = { type: string; @@ -43,7 +42,7 @@ export class MockResolver extends Resolver { {} as NoteReactionsRepository, {} as FollowRequestsRepository, {} as UtilityService, - {} as InstanceActorService, + {} as SystemAccountService, {} as ApRequestService, {} as HttpRequestService, {} as ApRendererService, diff --git a/packages/backend/test/unit/AbuseReportNotificationService.ts b/packages/backend/test/unit/AbuseReportNotificationService.ts index 1326003c5..6d555326f 100644 --- a/packages/backend/test/unit/AbuseReportNotificationService.ts +++ b/packages/backend/test/unit/AbuseReportNotificationService.ts @@ -149,9 +149,9 @@ describe('AbuseReportNotificationService', () => { }); beforeEach(async () => { - root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true }); - alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false }); - bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false }); + root = await createUser({ username: 'root', usernameLower: 'root' }); + alice = await createUser({ username: 'alice', usernameLower: 'alice' }); + bob = await createUser({ username: 'bob', usernameLower: 'bob' }); systemWebhook1 = await createWebhook(); systemWebhook2 = await createWebhook(); diff --git a/packages/backend/test/unit/FlashService.ts b/packages/backend/test/unit/FlashService.ts index 12ffaf342..f2d9832f5 100644 --- a/packages/backend/test/unit/FlashService.ts +++ b/packages/backend/test/unit/FlashService.ts @@ -79,9 +79,9 @@ describe('FlashService', () => { userProfilesRepository = app.get(DI.userProfilesRepository); idService = app.get(IdService); - root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true }); - alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false }); - bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false }); + root = await createUser({ username: 'root', usernameLower: 'root' }); + alice = await createUser({ username: 'alice', usernameLower: 'alice' }); + bob = await createUser({ username: 'bob', usernameLower: 'bob' }); }); afterEach(async () => { diff --git a/packages/backend/test/unit/RelayService.ts b/packages/backend/test/unit/RelayService.ts index 3b3d212c3..074430dd3 100644 --- a/packages/backend/test/unit/RelayService.ts +++ b/packages/backend/test/unit/RelayService.ts @@ -3,24 +3,21 @@ * SPDX-License-Identifier: AGPL-3.0-only */ -import { UtilityService } from '@/core/UtilityService.js'; - process.env.NODE_ENV = 'test'; import { jest } from '@jest/globals'; -import { ModuleMocker } from 'jest-mock'; import { Test } from '@nestjs/testing'; -import { GlobalModule } from '@/GlobalModule.js'; -import { RelayService } from '@/core/RelayService.js'; -import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; -import { CreateSystemUserService } from '@/core/CreateSystemUserService.js'; -import { UserEntityService } from '@/core/entities/UserEntityService.js'; -import { QueueService } from '@/core/QueueService.js'; -import { IdService } from '@/core/IdService.js'; -import type { RelaysRepository } from '@/models/_.js'; -import { DI } from '@/di-symbols.js'; +import { ModuleMocker } from 'jest-mock'; import type { TestingModule } from '@nestjs/testing'; import type { MockFunctionMetadata } from 'jest-mock'; +import { ApRendererService } from '@/core/activitypub/ApRendererService.js'; +import { UserEntityService } from '@/core/entities/UserEntityService.js'; +import { IdService } from '@/core/IdService.js'; +import { QueueService } from '@/core/QueueService.js'; +import { RelayService } from '@/core/RelayService.js'; +import { SystemAccountService } from '@/core/SystemAccountService.js'; +import { GlobalModule } from '@/GlobalModule.js'; +import { UtilityService } from '@/core/UtilityService.js'; const moduleMocker = new ModuleMocker(global); @@ -28,8 +25,6 @@ describe('RelayService', () => { let app: TestingModule; let relayService: RelayService; let queueService: jest.Mocked; - let relaysRepository: RelaysRepository; - let userEntityService: UserEntityService; beforeAll(async () => { app = await Test.createTestingModule({ @@ -38,10 +33,10 @@ describe('RelayService', () => { ], providers: [ IdService, - CreateSystemUserService, ApRendererService, RelayService, UserEntityService, + SystemAccountService, UtilityService, ], }) @@ -61,8 +56,6 @@ describe('RelayService', () => { relayService = app.get(RelayService); queueService = app.get(QueueService) as jest.Mocked; - relaysRepository = app.get(DI.relaysRepository); - userEntityService = app.get(UserEntityService); }); afterAll(async () => { diff --git a/packages/backend/test/unit/RoleService.ts b/packages/backend/test/unit/RoleService.ts index 9c1b1008d..553ff0982 100644 --- a/packages/backend/test/unit/RoleService.ts +++ b/packages/backend/test/unit/RoleService.ts @@ -57,6 +57,12 @@ describe('RoleService', () => { return await usersRepository.findOneByOrFail(x.identifiers[0]); } + async function createRoot(data: Partial = {}) { + const user = await createUser(data); + meta.rootUserId = user.id; + return user; + } + async function createRole(data: Partial = {}) { const x = await rolesRepository.insert({ id: genAidx(Date.now()), @@ -279,7 +285,7 @@ describe('RoleService', () => { describe('getModeratorIds', () => { test('includeAdmins = false, includeRoot = false, excludeExpire = false', async () => { const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -305,7 +311,7 @@ describe('RoleService', () => { test('includeAdmins = false, includeRoot = false, excludeExpire = true', async () => { const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -331,7 +337,7 @@ describe('RoleService', () => { test('includeAdmins = true, includeRoot = false, excludeExpire = false', async () => { const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -357,7 +363,7 @@ describe('RoleService', () => { test('includeAdmins = true, includeRoot = false, excludeExpire = true', async () => { const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -383,7 +389,7 @@ describe('RoleService', () => { test('includeAdmins = false, includeRoot = true, excludeExpire = false', async () => { const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -409,7 +415,7 @@ describe('RoleService', () => { test('root has moderator role', async () => { const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -433,7 +439,7 @@ describe('RoleService', () => { test('root has administrator role', async () => { const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); @@ -457,7 +463,7 @@ describe('RoleService', () => { test('root has moderator role(expire)', async () => { const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([ - createUser(), createUser(), createUser(), createUser({ isRoot: true }), + createUser(), createUser(), createUser(), createRoot(), ]); const role1 = await createRole({ name: 'admin', isAdministrator: true }); diff --git a/packages/backend/test/unit/SystemWebhookService.ts b/packages/backend/test/unit/SystemWebhookService.ts index fee4acb30..61187e9f2 100644 --- a/packages/backend/test/unit/SystemWebhookService.ts +++ b/packages/backend/test/unit/SystemWebhookService.ts @@ -97,7 +97,7 @@ describe('SystemWebhookService', () => { } async function beforeEachImpl() { - root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' }); + root = await createUser({ username: 'root', usernameLower: 'root' }); } async function afterEachImpl() { diff --git a/packages/backend/test/unit/UserSearchService.ts b/packages/backend/test/unit/UserSearchService.ts index 7ea325d42..66a7f39ff 100644 --- a/packages/backend/test/unit/UserSearchService.ts +++ b/packages/backend/test/unit/UserSearchService.ts @@ -113,7 +113,7 @@ describe('UserSearchService', () => { }); beforeEach(async () => { - root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true }); + root = await createUser({ username: 'root', usernameLower: 'root' }); alice = await createUser({ username: 'Alice', usernameLower: 'alice' }); alyce = await createUser({ username: 'Alyce', usernameLower: 'alyce' }); alycia = await createUser({ username: 'Alycia', usernameLower: 'alycia' }); diff --git a/packages/backend/test/unit/UserWebhookService.ts b/packages/backend/test/unit/UserWebhookService.ts index db8f96df2..a2a85e948 100644 --- a/packages/backend/test/unit/UserWebhookService.ts +++ b/packages/backend/test/unit/UserWebhookService.ts @@ -91,7 +91,7 @@ describe('UserWebhookService', () => { } async function beforeEachImpl() { - root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' }); + root = await createUser({ username: 'root', usernameLower: 'root' }); } async function afterEachImpl() { diff --git a/packages/backend/test/unit/WebhookTestService.ts b/packages/backend/test/unit/WebhookTestService.ts index be84ae9b8..45bc93246 100644 --- a/packages/backend/test/unit/WebhookTestService.ts +++ b/packages/backend/test/unit/WebhookTestService.ts @@ -88,8 +88,8 @@ describe('WebhookTestService', () => { }); beforeEach(async () => { - root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true }); - alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false }); + root = await createUser({ username: 'root', usernameLower: 'root' }); + alice = await createUser({ username: 'alice', usernameLower: 'alice' }); userWebhookService.fetchWebhooks.mockReturnValue(Promise.resolve([ { id: 'dummy-webhook', active: true, userId: alice.id } as MiWebhook, diff --git a/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts b/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts index d96e6b916..07618e776 100644 --- a/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts +++ b/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts @@ -316,7 +316,7 @@ describe('CheckModeratorsActivityProcessorService', () => { createUser({}, { email: 'user2@example.com', emailVerified: false }), createUser({}, { email: null, emailVerified: false }), createUser({}, { email: 'user4@example.com', emailVerified: true }), - createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }), + createUser({}, { email: 'root@example.com', emailVerified: true }), ]); mockModeratorRole([user1, user2, user3, root]); @@ -349,7 +349,7 @@ describe('CheckModeratorsActivityProcessorService', () => { createUser({}, { email: 'user2@example.com', emailVerified: false }), createUser({}, { email: null, emailVerified: false }), createUser({}, { email: 'user4@example.com', emailVerified: true }), - createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }), + createUser({}, { email: 'root@example.com', emailVerified: true }), ]); mockModeratorRole([user1, user2, user3, root]); diff --git a/packages/frontend-embed/package.json b/packages/frontend-embed/package.json index 476835686..1ee4fc2c2 100644 --- a/packages/frontend-embed/package.json +++ b/packages/frontend-embed/package.json @@ -14,7 +14,7 @@ "@rollup/plugin-json": "6.1.0", "@rollup/plugin-replace": "6.0.2", "@rollup/pluginutils": "5.1.4", - "@tabler/icons-webfont": "https://github.com/misskey-dev/tabler-icons/archive/refs/tags/3.30.0-mi.1932+ab127beee.tar.gz", + "@tabler/icons-webfont": "3.31.0", "@twemoji/parser": "15.1.1", "@vitejs/plugin-vue": "5.2.1", "@vue/compiler-sfc": "3.5.13", @@ -25,16 +25,16 @@ "misskey-js": "workspace:*", "frontend-shared": "workspace:*", "punycode.js": "2.3.1", - "rollup": "4.34.8", - "sass": "1.85.0", - "shiki": "3.0.0", + "rollup": "4.34.9", + "sass": "1.85.1", + "shiki": "3.1.0", "tinycolor2": "1.6.0", - "tsc-alias": "1.8.10", + "tsc-alias": "1.8.11", "tsconfig-paths": "4.2.0", - "typescript": "5.7.3", + "typescript": "5.8.2", "uuid": "11.1.0", "json5": "2.2.3", - "vite": "6.1.1", + "vite": "6.2.0", "vue": "3.5.13" }, "devDependencies": { @@ -42,29 +42,29 @@ "@testing-library/vue": "8.1.0", "@types/estree": "1.0.6", "@types/micromatch": "4.0.9", - "@types/node": "22.13.5", + "@types/node": "22.13.9", "@types/punycode.js": "npm:@types/punycode@2.1.4", "@types/tinycolor2": "1.4.6", - "@types/ws": "8.5.14", - "@typescript-eslint/eslint-plugin": "8.24.1", - "@typescript-eslint/parser": "8.24.1", - "@vitest/coverage-v8": "3.0.6", + "@types/ws": "8.18.0", + "@typescript-eslint/eslint-plugin": "8.26.0", + "@typescript-eslint/parser": "8.26.0", + "@vitest/coverage-v8": "3.0.7", "@vue/runtime-core": "3.5.13", "acorn": "8.14.0", "cross-env": "7.0.3", "eslint-plugin-import": "2.31.0", - "eslint-plugin-vue": "9.32.0", + "eslint-plugin-vue": "9.33.0", "fast-glob": "3.3.3", - "happy-dom": "17.1.4", + "happy-dom": "17.2.2", "intersection-observer": "0.12.2", "micromatch": "4.0.8", - "msw": "2.7.1", + "msw": "2.7.3", "nodemon": "3.1.9", - "prettier": "3.5.2", + "prettier": "3.5.3", "start-server-and-test": "2.0.10", "vite-plugin-turbosnap": "1.0.3", - "vue-component-type-helpers": "2.2.4", + "vue-component-type-helpers": "2.2.8", "vue-eslint-parser": "9.4.3", - "vue-tsc": "2.2.4" + "vue-tsc": "2.2.8" } } diff --git a/packages/frontend-shared/package.json b/packages/frontend-shared/package.json index ca7bee467..ad9a0bafb 100644 --- a/packages/frontend-shared/package.json +++ b/packages/frontend-shared/package.json @@ -21,13 +21,13 @@ "lint": "pnpm typecheck && pnpm eslint" }, "devDependencies": { - "@types/node": "22.13.5", - "@typescript-eslint/eslint-plugin": "8.24.1", - "@typescript-eslint/parser": "8.24.1", + "@types/node": "22.13.9", + "@typescript-eslint/eslint-plugin": "8.26.0", + "@typescript-eslint/parser": "8.26.0", "esbuild": "0.25.0", - "eslint-plugin-vue": "9.32.0", + "eslint-plugin-vue": "9.33.0", "nodemon": "3.1.9", - "typescript": "5.7.3", + "typescript": "5.8.2", "vue-eslint-parser": "9.4.3" }, "files": [ diff --git a/packages/frontend/.storybook/preview-head.html b/packages/frontend/.storybook/preview-head.html index ae42fd49b..2431a71dd 100644 --- a/packages/frontend/.storybook/preview-head.html +++ b/packages/frontend/.storybook/preview-head.html @@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only - +