revert 5f88d56

バグがある(かつすぐに修正できそうにない) & まだレビュー途中で意図せずマージされたため
1Step621 · Jul 20, 2024 · 337b42b · 337b42b · github-actions · Jul 21, 2024
1 parent efb0429
commit 337b42b
Show file tree

Hide file tree

Showing 52 changed files with 690 additions and 1,098 deletions.
diff --git a/.config/docker_example.yml b/.config/docker_example.yml
@@ -164,12 +164,12 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 16
-# inboxJobConcurrency: 4
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
 
 # Job rate limiter
 # deliverJobPerSec: 128
-# inboxJobPerSec: 64
+# inboxJobPerSec: 32
 
 # Job attempts
 # deliverJobMaxAttempts: 12

diff --git a/.config/example.yml b/.config/example.yml
@@ -230,15 +230,15 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-#deliverJobConcurrency: 16
-#inboxJobConcurrency: 4
+#deliverJobConcurrency: 128
+#inboxJobConcurrency: 16
 #relationshipJobConcurrency: 16
 # What's relationshipJob?:
 #  Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
 
 # Job rate limiter
-#deliverJobPerSec: 1024
-#inboxJobPerSec: 64
+#deliverJobPerSec: 128
+#inboxJobPerSec: 32
 #relationshipJobPerSec: 64
 
 # Job attempts

diff --git a/.devcontainer/devcontainer.yml b/.devcontainer/devcontainer.yml
@@ -157,12 +157,12 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 16
-# inboxJobConcurrency: 4
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
 
 # Job rate limiter
-# deliverJobPerSec: 1024
-# inboxJobPerSec: 64
+# deliverJobPerSec: 128
+# inboxJobPerSec: 32
 
 # Job attempts
 # deliverJobMaxAttempts: 12

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,14 +8,6 @@
 - Feat: 通報を受けた際、または解決した際に、予め登録した宛先に通知を飛ばせるように(mail or webhook) #13705
 - Feat: ユーザーのアイコン/バナーの変更可否をロールで設定可能に
   - 変更不可となっていても、設定済みのものを解除してデフォルト画像に戻すことは出来ます
-- Feat: 連合に使うHTTP SignaturesがEd25519鍵に対応するように #13464
-  - Ed25519署名に対応するサーバーが増えると、deliverで要求されるサーバーリソースが削減されます
-	- ジョブキューのconfig設定のデフォルト値を変更しました。  
-	  default.ymlでジョブキューの並列度を設定している場合は、従前よりもconcurrencyの値をより下げるとパフォーマンスが改善する可能性があります。
-		* deliverJobConcurrency: 16 (←128)
-		* deliverJobPerSec: 1024 (←128)
-		* inboxJobConcurrency: 4 (←16)
-		* inboxJobPerSec: 64 (←32)
 - Fix: 配信停止したインスタンス一覧が見れなくなる問題を修正
 - Fix: Dockerコンテナの立ち上げ時に`pnpm`のインストールで固まることがある問題
 - Fix: デフォルトテーマに無効なテーマコードを入力するとUIが使用できなくなる問題を修正

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -197,7 +197,7 @@ TODO
 ## Environment Variable
 
 - `MISSKEY_CONFIG_YML`: Specify the file path of config.yml instead of default.yml (e.g. `2nd.yml`).
-- `MISSKEY_USE_HTTP`: If it's set true, federation requests (like nodeinfo and webfinger) will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION. (was `MISSKEY_WEBFINGER_USE_HTTP`)
+- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
 
 ## Continuous integration
 Misskey uses GitHub Actions for executing automated tests.

diff --git a/chart/files/default.yml b/chart/files/default.yml
@@ -178,12 +178,12 @@ id: "aidx"
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 16
-# inboxJobConcurrency: 4
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
 
 # Job rate limiter
-# deliverJobPerSec: 1024
-# inboxJobPerSec: 64
+# deliverJobPerSec: 128
+# inboxJobPerSec: 32
 
 # Job attempts
 # deliverJobMaxAttempts: 12

diff --git a/packages/backend/migration/1708980134301-APMultipleKeys.js b/packages/backend/migration/1708980134301-APMultipleKeys.js
diff --git a/packages/backend/migration/1709242519122-HttpSignImplLv.js b/packages/backend/migration/1709242519122-HttpSignImplLv.js
diff --git a/packages/backend/migration/1709269211718-APMultipleKeysFix1.js b/packages/backend/migration/1709269211718-APMultipleKeysFix1.js
diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -79,13 +79,13 @@
 		"@fastify/multipart": "8.3.0",
 		"@fastify/static": "7.0.4",
 		"@fastify/view": "9.1.0",
-		"@misskey-dev/node-http-message-signatures": "0.0.10",
 		"@misskey-dev/sharp-read-bmp": "1.2.0",
 		"@misskey-dev/summaly": "5.1.0",
 		"@napi-rs/canvas": "^0.1.53",
 		"@nestjs/common": "10.3.10",
 		"@nestjs/core": "10.3.10",
 		"@nestjs/testing": "10.3.10",
+		"@peertube/http-signature": "1.7.0",
 		"@sentry/node": "8.13.0",
 		"@sentry/profiling-node": "8.13.0",
 		"@simplewebauthn/server": "10.0.0",

diff --git a/packages/backend/src/@types/http-signature.d.ts b/packages/backend/src/@types/http-signature.d.ts
@@ -0,0 +1,82 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+declare module '@peertube/http-signature' {
+	import type { IncomingMessage, ClientRequest } from 'node:http';
+
+	interface ISignature {
+		keyId: string;
+		algorithm: string;
+		headers: string[];
+		signature: string;
+	}
+
+	interface IOptions {
+		headers?: string[];
+		algorithm?: string;
+		strict?: boolean;
+		authorizationHeaderName?: string;
+	}
+
+	interface IParseRequestOptions extends IOptions {
+		clockSkew?: number;
+	}
+
+	interface IParsedSignature {
+		scheme: string;
+		params: ISignature;
+		signingString: string;
+		algorithm: string;
+		keyId: string;
+	}
+
+	type RequestSignerConstructorOptions =
+		IRequestSignerConstructorOptionsFromProperties |
+		IRequestSignerConstructorOptionsFromFunction;
+
+	interface IRequestSignerConstructorOptionsFromProperties {
+		keyId: string;
+		key: string | Buffer;
+		algorithm?: string;
+	}
+
+	interface IRequestSignerConstructorOptionsFromFunction {
+		sign?: (data: string, cb: (err: any, sig: ISignature) => void) => void;
+	}
+
+	class RequestSigner {
+		constructor(options: RequestSignerConstructorOptions);
+
+		public writeHeader(header: string, value: string): string;
+
+		public writeDateHeader(): string;
+
+		public writeTarget(method: string, path: string): void;
+
+		public sign(cb: (err: any, authz: string) => void): void;
+	}
+
+	interface ISignRequestOptions extends IOptions {
+		keyId: string;
+		key: string;
+		httpVersion?: string;
+	}
+
+	export function parse(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
+	export function parseRequest(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
+
+	export function sign(request: ClientRequest, options: ISignRequestOptions): boolean;
+	export function signRequest(request: ClientRequest, options: ISignRequestOptions): boolean;
+	export function createSigner(): RequestSigner;
+	export function isSigner(obj: any): obj is RequestSigner;
+
+	export function sshKeyToPEM(key: string): string;
+	export function sshKeyFingerprint(key: string): string;
+	export function pemToRsaSSHKey(pem: string, comment: string): string;
+
+	export function verify(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
+	export function verifySignature(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
+	export function verifyHMAC(parsedSignature: IParsedSignature, secret: string): boolean;
+}
diff --git a/packages/backend/src/const.ts b/packages/backend/src/const.ts
@@ -9,11 +9,6 @@ export const MAX_NOTE_TEXT_LENGTH = 3000;
 export const USER_ONLINE_THRESHOLD = 1000 * 60 * 10; // 10min
 export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days
 
-export const REMOTE_USER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
-export const REMOTE_USER_MOVE_COOLDOWN = 1000 * 60 * 60 * 24 * 14; // 14days
-
-export const REMOTE_SERVER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
-
 //#region hard limits
 // If you change DB_* values, you must also change the DB schema.
 

diff --git a/packages/backend/src/core/AccountUpdateService.ts b/packages/backend/src/core/AccountUpdateService.ts
@@ -3,8 +3,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
-import { ModuleRef } from '@nestjs/core';
+import { Inject, Injectable } from '@nestjs/common';
 import { DI } from '@/di-symbols.js';
 import type { UsersRepository } from '@/models/_.js';
 import type { MiUser } from '@/models/User.js';
@@ -13,44 +12,30 @@ import { RelayService } from '@/core/RelayService.js';
 import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
-import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 
 @Injectable()
-export class AccountUpdateService implements OnModuleInit {
-	private apDeliverManagerService: ApDeliverManagerService;
+export class AccountUpdateService {
 	constructor(
-		private moduleRef: ModuleRef,
-
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 
 		private userEntityService: UserEntityService,
 		private apRendererService: ApRendererService,
+		private apDeliverManagerService: ApDeliverManagerService,
 		private relayService: RelayService,
 	) {
 	}
 
-	async onModuleInit() {
-		this.apDeliverManagerService = this.moduleRef.get(ApDeliverManagerService.name);
-	}
-
 	@bindThis
-	/**
-	 * Deliver account update to followers
-	 * @param userId user id
-	 * @param deliverKey optional. Private key to sign the deliver.
-	 */
-	public async publishToFollowers(userId: MiUser['id'], deliverKey?: PrivateKeyWithPem) {
+	public async publishToFollowers(userId: MiUser['id']) {
 		const user = await this.usersRepository.findOneBy({ id: userId });
 		if (user == null) throw new Error('user not found');
 
 		// フォロワーがリモートユーザーかつ投稿者がローカルユーザーならUpdateを配信
 		if (this.userEntityService.isLocalUser(user)) {
 			const content = this.apRendererService.addContext(this.apRendererService.renderUpdate(await this.apRendererService.renderPerson(user), user));
-			await Promise.allSettled([
-				this.apDeliverManagerService.deliverToFollowers(user, content, deliverKey),
-				this.relayService.deliverToRelays(user, content, deliverKey),
-			]);
+			this.apDeliverManagerService.deliverToFollowers(user, content);
+			this.relayService.deliverToRelays(user, content);
 		}
 	}
 }
diff --git a/packages/backend/src/core/CreateSystemUserService.ts b/packages/backend/src/core/CreateSystemUserService.ts
@@ -7,7 +7,7 @@ import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import bcrypt from 'bcryptjs';
 import { IsNull, DataSource } from 'typeorm';
-import { genRSAAndEd25519KeyPair } from '@/misc/gen-key-pair.js';
+import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
 import { MiUser } from '@/models/User.js';
 import { MiUserProfile } from '@/models/UserProfile.js';
 import { IdService } from '@/core/IdService.js';
@@ -38,7 +38,7 @@ export class CreateSystemUserService {
 		// Generate secret
 		const secret = generateNativeUserToken();
 
-		const keyPair = await genRSAAndEd25519KeyPair();
+		const keyPair = await genRsaKeyPair();
 
 		let account!: MiUser;
 
@@ -64,8 +64,9 @@ export class CreateSystemUserService {
 			}).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0]));
 
 			await transactionalEntityManager.insert(MiUserKeypair, {
+				publicKey: keyPair.publicKey,
+				privateKey: keyPair.privateKey,
 				userId: account.id,
-				...keyPair,
 			});
 
 			await transactionalEntityManager.insert(MiUserProfile, {