index.js 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299
  1. // @ts-check
  2. const os = require('os');
  3. const throng = require('throng');
  4. const dotenv = require('dotenv');
  5. const express = require('express');
  6. const http = require('http');
  7. const redis = require('redis');
  8. const pg = require('pg');
  9. const log = require('npmlog');
  10. const url = require('url');
  11. const uuid = require('uuid');
  12. const fs = require('fs');
  13. const WebSocket = require('ws');
  14. const { JSDOM } = require('jsdom');
  15. const env = process.env.NODE_ENV || 'development';
  16. const alwaysRequireAuth = process.env.LIMITED_FEDERATION_MODE === 'true' || process.env.WHITELIST_MODE === 'true' || process.env.AUTHORIZED_FETCH === 'true';
  17. dotenv.config({
  18. path: env === 'production' ? '.env.production' : '.env',
  19. });
  20. log.level = process.env.LOG_LEVEL || 'verbose';
  21. /**
  22. * @param {string} dbUrl
  23. * @return {Object.<string, any>}
  24. */
  25. const dbUrlToConfig = (dbUrl) => {
  26. if (!dbUrl) {
  27. return {};
  28. }
  29. const params = url.parse(dbUrl, true);
  30. const config = {};
  31. if (params.auth) {
  32. [config.user, config.password] = params.auth.split(':');
  33. }
  34. if (params.hostname) {
  35. config.host = params.hostname;
  36. }
  37. if (params.port) {
  38. config.port = params.port;
  39. }
  40. if (params.pathname) {
  41. config.database = params.pathname.split('/')[1];
  42. }
  43. const ssl = params.query && params.query.ssl;
  44. if (ssl && ssl === 'true' || ssl === '1') {
  45. config.ssl = true;
  46. }
  47. return config;
  48. };
  49. /**
  50. * @param {Object.<string, any>} defaultConfig
  51. * @param {string} redisUrl
  52. */
  53. const redisUrlToClient = async (defaultConfig, redisUrl) => {
  54. const config = defaultConfig;
  55. let client;
  56. if (!redisUrl) {
  57. client = redis.createClient(config);
  58. } else if (redisUrl.startsWith('unix://')) {
  59. client = redis.createClient(Object.assign(config, {
  60. socket: {
  61. path: redisUrl.slice(7),
  62. },
  63. }));
  64. } else {
  65. client = redis.createClient(Object.assign(config, {
  66. url: redisUrl,
  67. }));
  68. }
  69. client.on('error', (err) => log.error('Redis Client Error!', err));
  70. await client.connect();
  71. return client;
  72. };
  73. const numWorkers = +process.env.STREAMING_CLUSTER_NUM || (env === 'development' ? 1 : Math.max(os.cpus().length - 1, 1));
  74. /**
  75. * @param {string} json
  76. * @param {any} req
  77. * @return {Object.<string, any>|null}
  78. */
  79. const parseJSON = (json, req) => {
  80. try {
  81. return JSON.parse(json);
  82. } catch (err) {
  83. if (req.accountId) {
  84. log.warn(req.requestId, `Error parsing message from user ${req.accountId}: ${err}`);
  85. } else {
  86. log.silly(req.requestId, `Error parsing message from ${req.remoteAddress}: ${err}`);
  87. }
  88. return null;
  89. }
  90. };
  91. const startMaster = () => {
  92. if (!process.env.SOCKET && process.env.PORT && isNaN(+process.env.PORT)) {
  93. log.warn('UNIX domain socket is now supported by using SOCKET. Please migrate from PORT hack.');
  94. }
  95. log.warn(`Starting streaming API server master with ${numWorkers} workers`);
  96. };
  97. const startWorker = async (workerId) => {
  98. log.warn(`Starting worker ${workerId}`);
  99. const pgConfigs = {
  100. development: {
  101. user: process.env.DB_USER || pg.defaults.user,
  102. password: process.env.DB_PASS || pg.defaults.password,
  103. database: process.env.DB_NAME || 'mastodon_development',
  104. host: process.env.DB_HOST || pg.defaults.host,
  105. port: process.env.DB_PORT || pg.defaults.port,
  106. max: 10,
  107. },
  108. production: {
  109. user: process.env.DB_USER || 'mastodon',
  110. password: process.env.DB_PASS || '',
  111. database: process.env.DB_NAME || 'mastodon_production',
  112. host: process.env.DB_HOST || 'localhost',
  113. port: process.env.DB_PORT || 5432,
  114. max: 10,
  115. },
  116. };
  117. if (!!process.env.DB_SSLMODE && process.env.DB_SSLMODE !== 'disable') {
  118. pgConfigs.development.ssl = true;
  119. pgConfigs.production.ssl = true;
  120. }
  121. const app = express();
  122. app.set('trust proxy', process.env.TRUSTED_PROXY_IP ? process.env.TRUSTED_PROXY_IP.split(/(?:\s*,\s*|\s+)/) : 'loopback,uniquelocal');
  123. const pgPool = new pg.Pool(Object.assign(pgConfigs[env], dbUrlToConfig(process.env.DATABASE_URL)));
  124. const server = http.createServer(app);
  125. const redisNamespace = process.env.REDIS_NAMESPACE || null;
  126. const redisParams = {
  127. socket: {
  128. host: process.env.REDIS_HOST || '127.0.0.1',
  129. port: process.env.REDIS_PORT || 6379,
  130. },
  131. database: process.env.REDIS_DB || 0,
  132. password: process.env.REDIS_PASSWORD || undefined,
  133. };
  134. if (redisNamespace) {
  135. redisParams.namespace = redisNamespace;
  136. }
  137. const redisPrefix = redisNamespace ? `${redisNamespace}:` : '';
  138. /**
  139. * @type {Object.<string, Array.<function(string): void>>}
  140. */
  141. const subs = {};
  142. const redisSubscribeClient = await redisUrlToClient(redisParams, process.env.REDIS_URL);
  143. const redisClient = await redisUrlToClient(redisParams, process.env.REDIS_URL);
  144. /**
  145. * @param {string[]} channels
  146. * @return {function(): void}
  147. */
  148. const subscriptionHeartbeat = channels => {
  149. const interval = 6 * 60;
  150. const tellSubscribed = () => {
  151. channels.forEach(channel => redisClient.set(`${redisPrefix}subscribed:${channel}`, '1', 'EX', interval * 3));
  152. };
  153. tellSubscribed();
  154. const heartbeat = setInterval(tellSubscribed, interval * 1000);
  155. return () => {
  156. clearInterval(heartbeat);
  157. };
  158. };
  159. /**
  160. * @param {string} message
  161. * @param {string} channel
  162. */
  163. const onRedisMessage = (message, channel) => {
  164. const callbacks = subs[channel];
  165. log.silly(`New message on channel ${channel}`);
  166. if (!callbacks) {
  167. return;
  168. }
  169. callbacks.forEach(callback => callback(message));
  170. };
  171. /**
  172. * @param {string} channel
  173. * @param {function(string): void} callback
  174. */
  175. const subscribe = (channel, callback) => {
  176. log.silly(`Adding listener for ${channel}`);
  177. subs[channel] = subs[channel] || [];
  178. if (subs[channel].length === 0) {
  179. log.verbose(`Subscribe ${channel}`);
  180. redisSubscribeClient.subscribe(channel, onRedisMessage);
  181. }
  182. subs[channel].push(callback);
  183. };
  184. /**
  185. * @param {string} channel
  186. */
  187. const unsubscribe = (channel, callback) => {
  188. log.silly(`Removing listener for ${channel}`);
  189. if (!subs[channel]) {
  190. return;
  191. }
  192. subs[channel] = subs[channel].filter(item => item !== callback);
  193. if (subs[channel].length === 0) {
  194. log.verbose(`Unsubscribe ${channel}`);
  195. redisSubscribeClient.unsubscribe(channel);
  196. delete subs[channel];
  197. }
  198. };
  199. const FALSE_VALUES = [
  200. false,
  201. 0,
  202. '0',
  203. 'f',
  204. 'F',
  205. 'false',
  206. 'FALSE',
  207. 'off',
  208. 'OFF',
  209. ];
  210. /**
  211. * @param {any} value
  212. * @return {boolean}
  213. */
  214. const isTruthy = value =>
  215. value && !FALSE_VALUES.includes(value);
  216. /**
  217. * @param {any} req
  218. * @param {any} res
  219. * @param {function(Error=): void}
  220. */
  221. const allowCrossDomain = (req, res, next) => {
  222. res.header('Access-Control-Allow-Origin', '*');
  223. res.header('Access-Control-Allow-Headers', 'Authorization, Accept, Cache-Control');
  224. res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
  225. next();
  226. };
  227. /**
  228. * @param {any} req
  229. * @param {any} res
  230. * @param {function(Error=): void}
  231. */
  232. const setRequestId = (req, res, next) => {
  233. req.requestId = uuid.v4();
  234. res.header('X-Request-Id', req.requestId);
  235. next();
  236. };
  237. /**
  238. * @param {any} req
  239. * @param {any} res
  240. * @param {function(Error=): void}
  241. */
  242. const setRemoteAddress = (req, res, next) => {
  243. req.remoteAddress = req.connection.remoteAddress;
  244. next();
  245. };
  246. /**
  247. * @param {any} req
  248. * @param {string[]} necessaryScopes
  249. * @return {boolean}
  250. */
  251. const isInScope = (req, necessaryScopes) =>
  252. req.scopes.some(scope => necessaryScopes.includes(scope));
  253. /**
  254. * @param {string} token
  255. * @param {any} req
  256. * @return {Promise.<void>}
  257. */
  258. const accountFromToken = (token, req) => new Promise((resolve, reject) => {
  259. pgPool.connect((err, client, done) => {
  260. if (err) {
  261. reject(err);
  262. return;
  263. }
  264. client.query('SELECT oauth_access_tokens.id, oauth_access_tokens.resource_owner_id, users.account_id, users.chosen_languages, oauth_access_tokens.scopes, devices.device_id FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id LEFT OUTER JOIN devices ON oauth_access_tokens.id = devices.access_token_id WHERE oauth_access_tokens.token = $1 AND oauth_access_tokens.revoked_at IS NULL LIMIT 1', [token], (err, result) => {
  265. done();
  266. if (err) {
  267. reject(err);
  268. return;
  269. }
  270. if (result.rows.length === 0) {
  271. err = new Error('Invalid access token');
  272. err.status = 401;
  273. reject(err);
  274. return;
  275. }
  276. req.accessTokenId = result.rows[0].id;
  277. req.scopes = result.rows[0].scopes.split(' ');
  278. req.accountId = result.rows[0].account_id;
  279. req.chosenLanguages = result.rows[0].chosen_languages;
  280. req.deviceId = result.rows[0].device_id;
  281. resolve();
  282. });
  283. });
  284. });
  285. /**
  286. * @param {any} req
  287. * @param {boolean=} required
  288. * @return {Promise.<void>}
  289. */
  290. const accountFromRequest = (req, required = true) => new Promise((resolve, reject) => {
  291. const authorization = req.headers.authorization;
  292. const location = url.parse(req.url, true);
  293. const accessToken = location.query.access_token || req.headers['sec-websocket-protocol'];
  294. if (!authorization && !accessToken) {
  295. if (required) {
  296. const err = new Error('Missing access token');
  297. err.status = 401;
  298. reject(err);
  299. return;
  300. } else {
  301. resolve();
  302. return;
  303. }
  304. }
  305. const token = authorization ? authorization.replace(/^Bearer /, '') : accessToken;
  306. resolve(accountFromToken(token, req));
  307. });
  308. /**
  309. * @param {any} req
  310. * @return {string}
  311. */
  312. const channelNameFromPath = req => {
  313. const { path, query } = req;
  314. const onlyMedia = isTruthy(query.only_media);
  315. switch (path) {
  316. case '/api/v1/streaming/user':
  317. return 'user';
  318. case '/api/v1/streaming/user/notification':
  319. return 'user:notification';
  320. case '/api/v1/streaming/public':
  321. return onlyMedia ? 'public:media' : 'public';
  322. case '/api/v1/streaming/public/local':
  323. return onlyMedia ? 'public:local:media' : 'public:local';
  324. case '/api/v1/streaming/public/remote':
  325. return onlyMedia ? 'public:remote:media' : 'public:remote';
  326. case '/api/v1/streaming/hashtag':
  327. return 'hashtag';
  328. case '/api/v1/streaming/hashtag/local':
  329. return 'hashtag:local';
  330. case '/api/v1/streaming/direct':
  331. return 'direct';
  332. case '/api/v1/streaming/list':
  333. return 'list';
  334. default:
  335. return undefined;
  336. }
  337. };
  338. const PUBLIC_CHANNELS = [
  339. 'public',
  340. 'public:media',
  341. 'public:local',
  342. 'public:local:media',
  343. 'public:remote',
  344. 'public:remote:media',
  345. 'hashtag',
  346. 'hashtag:local',
  347. ];
  348. /**
  349. * @param {any} req
  350. * @param {string} channelName
  351. * @return {Promise.<void>}
  352. */
  353. const checkScopes = (req, channelName) => new Promise((resolve, reject) => {
  354. log.silly(req.requestId, `Checking OAuth scopes for ${channelName}`);
  355. // When accessing public channels, no scopes are needed
  356. if (PUBLIC_CHANNELS.includes(channelName)) {
  357. resolve();
  358. return;
  359. }
  360. // The `read` scope has the highest priority, if the token has it
  361. // then it can access all streams
  362. const requiredScopes = ['read'];
  363. // When accessing specifically the notifications stream,
  364. // we need a read:notifications, while in all other cases,
  365. // we can allow access with read:statuses. Mind that the
  366. // user stream will not contain notifications unless
  367. // the token has either read or read:notifications scope
  368. // as well, this is handled separately.
  369. if (channelName === 'user:notification') {
  370. requiredScopes.push('read:notifications');
  371. } else {
  372. requiredScopes.push('read:statuses');
  373. }
  374. if (req.scopes && requiredScopes.some(requiredScope => req.scopes.includes(requiredScope))) {
  375. resolve();
  376. return;
  377. }
  378. const err = new Error('Access token does not cover required scopes');
  379. err.status = 401;
  380. reject(err);
  381. });
  382. /**
  383. * @param {any} info
  384. * @param {function(boolean, number, string): void} callback
  385. */
  386. const wsVerifyClient = (info, callback) => {
  387. // When verifying the websockets connection, we no longer pre-emptively
  388. // check OAuth scopes and drop the connection if they're missing. We only
  389. // drop the connection if access without token is not allowed by environment
  390. // variables. OAuth scope checks are moved to the point of subscription
  391. // to a specific stream.
  392. accountFromRequest(info.req, alwaysRequireAuth).then(() => {
  393. callback(true, undefined, undefined);
  394. }).catch(err => {
  395. log.error(info.req.requestId, err.toString());
  396. callback(false, 401, 'Unauthorized');
  397. });
  398. };
  399. /**
  400. * @typedef SystemMessageHandlers
  401. * @property {function(): void} onKill
  402. */
  403. /**
  404. * @param {any} req
  405. * @param {SystemMessageHandlers} eventHandlers
  406. * @return {function(string): void}
  407. */
  408. const createSystemMessageListener = (req, eventHandlers) => {
  409. return message => {
  410. const json = parseJSON(message, req);
  411. if (!json) return;
  412. const { event } = json;
  413. log.silly(req.requestId, `System message for ${req.accountId}: ${event}`);
  414. if (event === 'kill') {
  415. log.verbose(req.requestId, `Closing connection for ${req.accountId} due to expired access token`);
  416. eventHandlers.onKill();
  417. } else if (event === 'filters_changed') {
  418. log.verbose(req.requestId, `Invalidating filters cache for ${req.accountId}`);
  419. req.cachedFilters = null;
  420. }
  421. };
  422. };
  423. /**
  424. * @param {any} req
  425. * @param {any} res
  426. */
  427. const subscribeHttpToSystemChannel = (req, res) => {
  428. const accessTokenChannelId = `timeline:access_token:${req.accessTokenId}`;
  429. const systemChannelId = `timeline:system:${req.accountId}`;
  430. const listener = createSystemMessageListener(req, {
  431. onKill() {
  432. res.end();
  433. },
  434. });
  435. res.on('close', () => {
  436. unsubscribe(`${redisPrefix}${accessTokenChannelId}`, listener);
  437. unsubscribe(`${redisPrefix}${systemChannelId}`, listener);
  438. });
  439. subscribe(`${redisPrefix}${accessTokenChannelId}`, listener);
  440. subscribe(`${redisPrefix}${systemChannelId}`, listener);
  441. };
  442. /**
  443. * @param {any} req
  444. * @param {any} res
  445. * @param {function(Error=): void} next
  446. */
  447. const authenticationMiddleware = (req, res, next) => {
  448. if (req.method === 'OPTIONS') {
  449. next();
  450. return;
  451. }
  452. accountFromRequest(req, alwaysRequireAuth).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
  453. subscribeHttpToSystemChannel(req, res);
  454. }).then(() => {
  455. next();
  456. }).catch(err => {
  457. next(err);
  458. });
  459. };
  460. /**
  461. * @param {Error} err
  462. * @param {any} req
  463. * @param {any} res
  464. * @param {function(Error=): void} next
  465. */
  466. const errorMiddleware = (err, req, res, next) => {
  467. log.error(req.requestId, err.toString());
  468. if (res.headersSent) {
  469. next(err);
  470. return;
  471. }
  472. res.writeHead(err.status || 500, { 'Content-Type': 'application/json' });
  473. res.end(JSON.stringify({ error: err.status ? err.toString() : 'An unexpected error occurred' }));
  474. };
  475. /**
  476. * @param {array} arr
  477. * @param {number=} shift
  478. * @return {string}
  479. */
  480. const placeholders = (arr, shift = 0) => arr.map((_, i) => `$${i + 1 + shift}`).join(', ');
  481. /**
  482. * @param {string} listId
  483. * @param {any} req
  484. * @return {Promise.<void>}
  485. */
  486. const authorizeListAccess = (listId, req) => new Promise((resolve, reject) => {
  487. const { accountId } = req;
  488. pgPool.connect((err, client, done) => {
  489. if (err) {
  490. reject();
  491. return;
  492. }
  493. client.query('SELECT id, account_id FROM lists WHERE id = $1 LIMIT 1', [listId], (err, result) => {
  494. done();
  495. if (err || result.rows.length === 0 || result.rows[0].account_id !== accountId) {
  496. reject();
  497. return;
  498. }
  499. resolve();
  500. });
  501. });
  502. });
  503. /**
  504. * @param {string[]} ids
  505. * @param {any} req
  506. * @param {function(string, string): void} output
  507. * @param {function(string[], function(string): void): void} attachCloseHandler
  508. * @param {boolean=} needsFiltering
  509. * @return {function(string): void}
  510. */
  511. const streamFrom = (ids, req, output, attachCloseHandler, needsFiltering = false) => {
  512. const accountId = req.accountId || req.remoteAddress;
  513. log.verbose(req.requestId, `Starting stream from ${ids.join(', ')} for ${accountId}`);
  514. const listener = message => {
  515. const json = parseJSON(message, req);
  516. if (!json) return;
  517. const { event, payload, queued_at } = json;
  518. const transmit = () => {
  519. const now = new Date().getTime();
  520. const delta = now - queued_at;
  521. const encodedPayload = typeof payload === 'object' ? JSON.stringify(payload) : payload;
  522. log.silly(req.requestId, `Transmitting for ${accountId}: ${event} ${encodedPayload} Delay: ${delta}ms`);
  523. output(event, encodedPayload);
  524. };
  525. // Only messages that may require filtering are statuses, since notifications
  526. // are already personalized and deletes do not matter
  527. if (!needsFiltering || event !== 'update') {
  528. transmit();
  529. return;
  530. }
  531. const unpackedPayload = payload;
  532. const targetAccountIds = [unpackedPayload.account.id].concat(unpackedPayload.mentions.map(item => item.id));
  533. const accountDomain = unpackedPayload.account.acct.split('@')[1];
  534. if (Array.isArray(req.chosenLanguages) && unpackedPayload.language !== null && req.chosenLanguages.indexOf(unpackedPayload.language) === -1) {
  535. log.silly(req.requestId, `Message ${unpackedPayload.id} filtered by language (${unpackedPayload.language})`);
  536. return;
  537. }
  538. // When the account is not logged in, it is not necessary to confirm the block or mute
  539. if (!req.accountId) {
  540. transmit();
  541. return;
  542. }
  543. pgPool.connect((err, client, done) => {
  544. if (err) {
  545. log.error(err);
  546. return;
  547. }
  548. const queries = [
  549. client.query(`SELECT 1
  550. FROM blocks
  551. WHERE (account_id = $1 AND target_account_id IN (${placeholders(targetAccountIds, 2)}))
  552. OR (account_id = $2 AND target_account_id = $1)
  553. UNION
  554. SELECT 1
  555. FROM mutes
  556. WHERE account_id = $1
  557. AND target_account_id IN (${placeholders(targetAccountIds, 2)})`, [req.accountId, unpackedPayload.account.id].concat(targetAccountIds)),
  558. ];
  559. if (accountDomain) {
  560. queries.push(client.query('SELECT 1 FROM account_domain_blocks WHERE account_id = $1 AND domain = $2', [req.accountId, accountDomain]));
  561. }
  562. if (!unpackedPayload.filtered && !req.cachedFilters) {
  563. queries.push(client.query('SELECT filter.id AS id, filter.phrase AS title, filter.context AS context, filter.expires_at AS expires_at, filter.action AS filter_action, keyword.keyword AS keyword, keyword.whole_word AS whole_word FROM custom_filter_keywords keyword JOIN custom_filters filter ON keyword.custom_filter_id = filter.id WHERE filter.account_id = $1 AND (filter.expires_at IS NULL OR filter.expires_at > NOW())', [req.accountId]));
  564. }
  565. Promise.all(queries).then(values => {
  566. done();
  567. if (values[0].rows.length > 0 || (accountDomain && values[1].rows.length > 0)) {
  568. return;
  569. }
  570. if (!unpackedPayload.filtered && !req.cachedFilters) {
  571. const filterRows = values[accountDomain ? 2 : 1].rows;
  572. req.cachedFilters = filterRows.reduce((cache, row) => {
  573. if (cache[row.id]) {
  574. cache[row.id].keywords.push([row.keyword, row.whole_word]);
  575. } else {
  576. cache[row.id] = {
  577. keywords: [[row.keyword, row.whole_word]],
  578. expires_at: row.expires_at,
  579. repr: {
  580. id: row.id,
  581. title: row.title,
  582. context: row.context,
  583. expires_at: row.expires_at,
  584. filter_action: ['warn', 'hide'][row.filter_action],
  585. },
  586. };
  587. }
  588. return cache;
  589. }, {});
  590. Object.keys(req.cachedFilters).forEach((key) => {
  591. req.cachedFilters[key].regexp = new RegExp(req.cachedFilters[key].keywords.map(([keyword, whole_word]) => {
  592. let expr = keyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
  593. if (whole_word) {
  594. if (/^[\w]/.test(expr)) {
  595. expr = `\\b${expr}`;
  596. }
  597. if (/[\w]$/.test(expr)) {
  598. expr = `${expr}\\b`;
  599. }
  600. }
  601. return expr;
  602. }).join('|'), 'i');
  603. });
  604. }
  605. // Check filters
  606. if (req.cachedFilters && !unpackedPayload.filtered) {
  607. const status = unpackedPayload;
  608. const searchContent = ([status.spoiler_text || '', status.content].concat((status.poll && status.poll.options) ? status.poll.options.map(option => option.title) : [])).concat(status.media_attachments.map(att => att.description)).join('\n\n').replace(/<br\s*\/?>/g, '\n').replace(/<\/p><p>/g, '\n\n');
  609. const searchIndex = JSDOM.fragment(searchContent).textContent;
  610. const now = new Date();
  611. payload.filtered = [];
  612. Object.values(req.cachedFilters).forEach((cachedFilter) => {
  613. if ((cachedFilter.expires_at === null || cachedFilter.expires_at > now)) {
  614. const keyword_matches = searchIndex.match(cachedFilter.regexp);
  615. if (keyword_matches) {
  616. payload.filtered.push({
  617. filter: cachedFilter.repr,
  618. keyword_matches,
  619. });
  620. }
  621. }
  622. });
  623. }
  624. transmit();
  625. }).catch(err => {
  626. log.error(err);
  627. done();
  628. });
  629. });
  630. };
  631. ids.forEach(id => {
  632. subscribe(`${redisPrefix}${id}`, listener);
  633. });
  634. if (attachCloseHandler) {
  635. attachCloseHandler(ids.map(id => `${redisPrefix}${id}`), listener);
  636. }
  637. return listener;
  638. };
  639. /**
  640. * @param {any} req
  641. * @param {any} res
  642. * @return {function(string, string): void}
  643. */
  644. const streamToHttp = (req, res) => {
  645. const accountId = req.accountId || req.remoteAddress;
  646. res.setHeader('Content-Type', 'text/event-stream');
  647. res.setHeader('Cache-Control', 'no-store');
  648. res.setHeader('Transfer-Encoding', 'chunked');
  649. res.write(':)\n');
  650. const heartbeat = setInterval(() => res.write(':thump\n'), 15000);
  651. req.on('close', () => {
  652. log.verbose(req.requestId, `Ending stream for ${accountId}`);
  653. clearInterval(heartbeat);
  654. });
  655. return (event, payload) => {
  656. res.write(`event: ${event}\n`);
  657. res.write(`data: ${payload}\n\n`);
  658. };
  659. };
  660. /**
  661. * @param {any} req
  662. * @param {function(): void} [closeHandler]
  663. * @return {function(string[]): void}
  664. */
  665. const streamHttpEnd = (req, closeHandler = undefined) => (ids) => {
  666. req.on('close', () => {
  667. ids.forEach(id => {
  668. unsubscribe(id);
  669. });
  670. if (closeHandler) {
  671. closeHandler();
  672. }
  673. });
  674. };
  675. /**
  676. * @param {any} req
  677. * @param {any} ws
  678. * @param {string[]} streamName
  679. * @return {function(string, string): void}
  680. */
  681. const streamToWs = (req, ws, streamName) => (event, payload) => {
  682. if (ws.readyState !== ws.OPEN) {
  683. log.error(req.requestId, 'Tried writing to closed socket');
  684. return;
  685. }
  686. ws.send(JSON.stringify({ stream: streamName, event, payload }));
  687. };
  688. /**
  689. * @param {any} res
  690. */
  691. const httpNotFound = res => {
  692. res.writeHead(404, { 'Content-Type': 'application/json' });
  693. res.end(JSON.stringify({ error: 'Not found' }));
  694. };
  695. app.use(setRequestId);
  696. app.use(setRemoteAddress);
  697. app.use(allowCrossDomain);
  698. app.get('/api/v1/streaming/health', (req, res) => {
  699. res.writeHead(200, { 'Content-Type': 'text/plain' });
  700. res.end('OK');
  701. });
  702. app.use(authenticationMiddleware);
  703. app.use(errorMiddleware);
  704. app.get('/api/v1/streaming/*', (req, res) => {
  705. channelNameToIds(req, channelNameFromPath(req), req.query).then(({ channelIds, options }) => {
  706. const onSend = streamToHttp(req, res);
  707. const onEnd = streamHttpEnd(req, subscriptionHeartbeat(channelIds));
  708. streamFrom(channelIds, req, onSend, onEnd, options.needsFiltering);
  709. }).catch(err => {
  710. log.verbose(req.requestId, 'Subscription error:', err.toString());
  711. httpNotFound(res);
  712. });
  713. });
  714. const wss = new WebSocket.Server({ server, verifyClient: wsVerifyClient });
  715. /**
  716. * @typedef StreamParams
  717. * @property {string} [tag]
  718. * @property {string} [list]
  719. * @property {string} [only_media]
  720. */
  721. /**
  722. * @param {any} req
  723. * @return {string[]}
  724. */
  725. const channelsForUserStream = req => {
  726. const arr = [`timeline:${req.accountId}`];
  727. if (isInScope(req, ['crypto']) && req.deviceId) {
  728. arr.push(`timeline:${req.accountId}:${req.deviceId}`);
  729. }
  730. if (isInScope(req, ['read', 'read:notifications'])) {
  731. arr.push(`timeline:${req.accountId}:notifications`);
  732. }
  733. return arr;
  734. };
  735. /**
  736. * See app/lib/ascii_folder.rb for the canon definitions
  737. * of these constants
  738. */
  739. const NON_ASCII_CHARS = 'ÀÁÂÃÄÅàáâãäåĀāĂ㥹ÇçĆćĈĉĊċČčÐðĎďĐđÈÉÊËèéêëĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħÌÍÎÏìíîïĨĩĪīĬĭĮįİıĴĵĶķĸĹĺĻļĽľĿŀŁłÑñŃńŅņŇňʼnŊŋÒÓÔÕÖØòóôõöøŌōŎŏŐőŔŕŖŗŘřŚśŜŝŞşŠšſŢţŤťŦŧÙÚÛÜùúûüŨũŪūŬŭŮůŰűŲųŴŵÝýÿŶŷŸŹźŻżŽž';
  740. const EQUIVALENT_ASCII_CHARS = 'AAAAAAaaaaaaAaAaAaCcCcCcCcCcDdDdDdEEEEeeeeEeEeEeEeEeGgGgGgGgHhHhIIIIiiiiIiIiIiIiIiJjKkkLlLlLlLlLlNnNnNnNnnNnOOOOOOooooooOoOoOoRrRrRrSsSsSsSssTtTtTtUUUUuuuuUuUuUuUuUuUuWwYyyYyYZzZzZz';
  741. /**
  742. * @param {string} str
  743. * @return {string}
  744. */
  745. const foldToASCII = str => {
  746. const regex = new RegExp(NON_ASCII_CHARS.split('').join('|'), 'g');
  747. return str.replace(regex, match => {
  748. const index = NON_ASCII_CHARS.indexOf(match);
  749. return EQUIVALENT_ASCII_CHARS[index];
  750. });
  751. };
  752. /**
  753. * @param {string} str
  754. * @return {string}
  755. */
  756. const normalizeHashtag = str => {
  757. return foldToASCII(str.normalize('NFKC').toLowerCase()).replace(/[^\p{L}\p{N}_\u00b7\u200c]/gu, '');
  758. };
  759. /**
  760. * @param {any} req
  761. * @param {string} name
  762. * @param {StreamParams} params
  763. * @return {Promise.<{ channelIds: string[], options: { needsFiltering: boolean } }>}
  764. */
  765. const channelNameToIds = (req, name, params) => new Promise((resolve, reject) => {
  766. switch (name) {
  767. case 'user':
  768. resolve({
  769. channelIds: channelsForUserStream(req),
  770. options: { needsFiltering: false },
  771. });
  772. break;
  773. case 'user:notification':
  774. resolve({
  775. channelIds: [`timeline:${req.accountId}:notifications`],
  776. options: { needsFiltering: false },
  777. });
  778. break;
  779. case 'public':
  780. resolve({
  781. channelIds: ['timeline:public'],
  782. options: { needsFiltering: true },
  783. });
  784. break;
  785. case 'public:local':
  786. resolve({
  787. channelIds: ['timeline:public:local'],
  788. options: { needsFiltering: true },
  789. });
  790. break;
  791. case 'public:remote':
  792. resolve({
  793. channelIds: ['timeline:public:remote'],
  794. options: { needsFiltering: true },
  795. });
  796. break;
  797. case 'public:media':
  798. resolve({
  799. channelIds: ['timeline:public:media'],
  800. options: { needsFiltering: true },
  801. });
  802. break;
  803. case 'public:local:media':
  804. resolve({
  805. channelIds: ['timeline:public:local:media'],
  806. options: { needsFiltering: true },
  807. });
  808. break;
  809. case 'public:remote:media':
  810. resolve({
  811. channelIds: ['timeline:public:remote:media'],
  812. options: { needsFiltering: true },
  813. });
  814. break;
  815. case 'direct':
  816. resolve({
  817. channelIds: [`timeline:direct:${req.accountId}`],
  818. options: { needsFiltering: false },
  819. });
  820. break;
  821. case 'hashtag':
  822. if (!params.tag || params.tag.length === 0) {
  823. reject('No tag for stream provided');
  824. } else {
  825. resolve({
  826. channelIds: [`timeline:hashtag:${normalizeHashtag(params.tag)}`],
  827. options: { needsFiltering: true },
  828. });
  829. }
  830. break;
  831. case 'hashtag:local':
  832. if (!params.tag || params.tag.length === 0) {
  833. reject('No tag for stream provided');
  834. } else {
  835. resolve({
  836. channelIds: [`timeline:hashtag:${normalizeHashtag(params.tag)}:local`],
  837. options: { needsFiltering: true },
  838. });
  839. }
  840. break;
  841. case 'list':
  842. authorizeListAccess(params.list, req).then(() => {
  843. resolve({
  844. channelIds: [`timeline:list:${params.list}`],
  845. options: { needsFiltering: false },
  846. });
  847. }).catch(() => {
  848. reject('Not authorized to stream this list');
  849. });
  850. break;
  851. default:
  852. reject('Unknown stream type');
  853. }
  854. });
  855. /**
  856. * @param {string} channelName
  857. * @param {StreamParams} params
  858. * @return {string[]}
  859. */
  860. const streamNameFromChannelName = (channelName, params) => {
  861. if (channelName === 'list') {
  862. return [channelName, params.list];
  863. } else if (['hashtag', 'hashtag:local'].includes(channelName)) {
  864. return [channelName, params.tag];
  865. } else {
  866. return [channelName];
  867. }
  868. };
  869. /**
  870. * @typedef WebSocketSession
  871. * @property {any} socket
  872. * @property {any} request
  873. * @property {Object.<string, { listener: function(string): void, stopHeartbeat: function(): void }>} subscriptions
  874. */
  875. /**
  876. * @param {WebSocketSession} session
  877. * @param {string} channelName
  878. * @param {StreamParams} params
  879. */
  880. const subscribeWebsocketToChannel = ({ socket, request, subscriptions }, channelName, params) =>
  881. checkScopes(request, channelName).then(() => channelNameToIds(request, channelName, params)).then(({
  882. channelIds,
  883. options,
  884. }) => {
  885. if (subscriptions[channelIds.join(';')]) {
  886. return;
  887. }
  888. const onSend = streamToWs(request, socket, streamNameFromChannelName(channelName, params));
  889. const stopHeartbeat = subscriptionHeartbeat(channelIds);
  890. const listener = streamFrom(channelIds, request, onSend, undefined, options.needsFiltering);
  891. subscriptions[channelIds.join(';')] = {
  892. listener,
  893. stopHeartbeat,
  894. };
  895. }).catch(err => {
  896. log.verbose(request.requestId, 'Subscription error:', err.toString());
  897. socket.send(JSON.stringify({ error: err.toString() }));
  898. });
  899. /**
  900. * @param {WebSocketSession} session
  901. * @param {string} channelName
  902. * @param {StreamParams} params
  903. */
  904. const unsubscribeWebsocketFromChannel = ({ socket, request, subscriptions }, channelName, params) =>
  905. channelNameToIds(request, channelName, params).then(({ channelIds }) => {
  906. log.verbose(request.requestId, `Ending stream from ${channelIds.join(', ')} for ${request.accountId}`);
  907. const subscription = subscriptions[channelIds.join(';')];
  908. if (!subscription) {
  909. return;
  910. }
  911. const { listener, stopHeartbeat } = subscription;
  912. channelIds.forEach(channelId => {
  913. unsubscribe(`${redisPrefix}${channelId}`, listener);
  914. });
  915. stopHeartbeat();
  916. delete subscriptions[channelIds.join(';')];
  917. }).catch(err => {
  918. log.verbose(request.requestId, 'Unsubscription error:', err);
  919. socket.send(JSON.stringify({ error: err.toString() }));
  920. });
  921. /**
  922. * @param {WebSocketSession} session
  923. */
  924. const subscribeWebsocketToSystemChannel = ({ socket, request, subscriptions }) => {
  925. const accessTokenChannelId = `timeline:access_token:${request.accessTokenId}`;
  926. const systemChannelId = `timeline:system:${request.accountId}`;
  927. const listener = createSystemMessageListener(request, {
  928. onKill() {
  929. socket.close();
  930. },
  931. });
  932. subscribe(`${redisPrefix}${accessTokenChannelId}`, listener);
  933. subscribe(`${redisPrefix}${systemChannelId}`, listener);
  934. subscriptions[accessTokenChannelId] = {
  935. listener,
  936. stopHeartbeat: () => {
  937. },
  938. };
  939. subscriptions[systemChannelId] = {
  940. listener,
  941. stopHeartbeat: () => {
  942. },
  943. };
  944. };
  945. /**
  946. * @param {string|string[]} arrayOrString
  947. * @return {string}
  948. */
  949. const firstParam = arrayOrString => {
  950. if (Array.isArray(arrayOrString)) {
  951. return arrayOrString[0];
  952. } else {
  953. return arrayOrString;
  954. }
  955. };
  956. wss.on('connection', (ws, req) => {
  957. const location = url.parse(req.url, true);
  958. req.requestId = uuid.v4();
  959. req.remoteAddress = ws._socket.remoteAddress;
  960. ws.isAlive = true;
  961. ws.on('pong', () => {
  962. ws.isAlive = true;
  963. });
  964. /**
  965. * @type {WebSocketSession}
  966. */
  967. const session = {
  968. socket: ws,
  969. request: req,
  970. subscriptions: {},
  971. };
  972. const onEnd = () => {
  973. const keys = Object.keys(session.subscriptions);
  974. keys.forEach(channelIds => {
  975. const { listener, stopHeartbeat } = session.subscriptions[channelIds];
  976. channelIds.split(';').forEach(channelId => {
  977. unsubscribe(`${redisPrefix}${channelId}`, listener);
  978. });
  979. stopHeartbeat();
  980. });
  981. };
  982. ws.on('close', onEnd);
  983. ws.on('error', onEnd);
  984. ws.on('message', data => {
  985. const json = parseJSON(data, session.request);
  986. if (!json) return;
  987. const { type, stream, ...params } = json;
  988. if (type === 'subscribe') {
  989. subscribeWebsocketToChannel(session, firstParam(stream), params);
  990. } else if (type === 'unsubscribe') {
  991. unsubscribeWebsocketFromChannel(session, firstParam(stream), params);
  992. } else {
  993. // Unknown action type
  994. }
  995. });
  996. subscribeWebsocketToSystemChannel(session);
  997. if (location.query.stream) {
  998. subscribeWebsocketToChannel(session, firstParam(location.query.stream), location.query);
  999. }
  1000. });
  1001. setInterval(() => {
  1002. wss.clients.forEach(ws => {
  1003. if (ws.isAlive === false) {
  1004. ws.terminate();
  1005. return;
  1006. }
  1007. ws.isAlive = false;
  1008. ws.ping('', false);
  1009. });
  1010. }, 30000);
  1011. attachServerWithConfig(server, address => {
  1012. log.warn(`Worker ${workerId} now listening on ${address}`);
  1013. });
  1014. const onExit = () => {
  1015. log.warn(`Worker ${workerId} exiting`);
  1016. server.close();
  1017. process.exit(0);
  1018. };
  1019. const onError = (err) => {
  1020. log.error(err);
  1021. server.close();
  1022. process.exit(0);
  1023. };
  1024. process.on('SIGINT', onExit);
  1025. process.on('SIGTERM', onExit);
  1026. process.on('exit', onExit);
  1027. process.on('uncaughtException', onError);
  1028. };
  1029. /**
  1030. * @param {any} server
  1031. * @param {function(string): void} [onSuccess]
  1032. */
  1033. const attachServerWithConfig = (server, onSuccess) => {
  1034. if (process.env.SOCKET || process.env.PORT && isNaN(+process.env.PORT)) {
  1035. server.listen(process.env.SOCKET || process.env.PORT, () => {
  1036. if (onSuccess) {
  1037. fs.chmodSync(server.address(), 0o666);
  1038. onSuccess(server.address());
  1039. }
  1040. });
  1041. } else {
  1042. server.listen(+process.env.PORT || 4000, process.env.BIND || '127.0.0.1', () => {
  1043. if (onSuccess) {
  1044. onSuccess(`${server.address().address}:${server.address().port}`);
  1045. }
  1046. });
  1047. }
  1048. };
  1049. /**
  1050. * @param {function(Error=): void} onSuccess
  1051. */
  1052. const onPortAvailable = onSuccess => {
  1053. const testServer = http.createServer();
  1054. testServer.once('error', err => {
  1055. onSuccess(err);
  1056. });
  1057. testServer.once('listening', () => {
  1058. testServer.once('close', () => onSuccess());
  1059. testServer.close();
  1060. });
  1061. attachServerWithConfig(testServer);
  1062. };
  1063. onPortAvailable(err => {
  1064. if (err) {
  1065. log.error('Could not start server, the port or socket is in use');
  1066. return;
  1067. }
  1068. throng({
  1069. workers: numWorkers,
  1070. lifetime: Infinity,
  1071. start: startWorker,
  1072. master: startMaster,
  1073. });
  1074. });