mirror of
				https://codeberg.org/yeentown/barkey.git
				synced 2025-10-26 03:04:52 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			199 lines
		
	
	
	
		
			5.8 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
			
		
		
	
	
			199 lines
		
	
	
	
		
			5.8 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
| /*
 | |
|  * SPDX-FileCopyrightText: syuilo and misskey-project
 | |
|  * SPDX-License-Identifier: AGPL-3.0-only
 | |
|  */
 | |
| 
 | |
| import { Inject, Injectable } from '@nestjs/common';
 | |
| import cors from '@fastify/cors';
 | |
| import multipart from '@fastify/multipart';
 | |
| import { ModuleRef } from '@nestjs/core';
 | |
| import { AuthenticationResponseJSON } from '@simplewebauthn/types';
 | |
| import type { Config } from '@/config.js';
 | |
| import type { InstancesRepository, AccessTokensRepository } from '@/models/_.js';
 | |
| import { DI } from '@/di-symbols.js';
 | |
| import { UserEntityService } from '@/core/entities/UserEntityService.js';
 | |
| import { bindThis } from '@/decorators.js';
 | |
| import endpoints from './endpoints.js';
 | |
| import { ApiCallService } from './ApiCallService.js';
 | |
| import { SignupApiService } from './SignupApiService.js';
 | |
| import { SigninApiService } from './SigninApiService.js';
 | |
| import { SigninWithPasskeyApiService } from './SigninWithPasskeyApiService.js';
 | |
| import type { FastifyInstance, FastifyPluginOptions } from 'fastify';
 | |
| 
 | |
| @Injectable()
 | |
| export class ApiServerService {
 | |
| 	constructor(
 | |
| 		private moduleRef: ModuleRef,
 | |
| 
 | |
| 		@Inject(DI.config)
 | |
| 		private config: Config,
 | |
| 
 | |
| 		@Inject(DI.instancesRepository)
 | |
| 		private instancesRepository: InstancesRepository,
 | |
| 
 | |
| 		@Inject(DI.accessTokensRepository)
 | |
| 		private accessTokensRepository: AccessTokensRepository,
 | |
| 
 | |
| 		private userEntityService: UserEntityService,
 | |
| 		private apiCallService: ApiCallService,
 | |
| 		private signupApiService: SignupApiService,
 | |
| 		private signinApiService: SigninApiService,
 | |
| 		private signinWithPasskeyApiService: SigninWithPasskeyApiService,
 | |
| 	) {
 | |
| 		//this.createServer = this.createServer.bind(this);
 | |
| 	}
 | |
| 
 | |
| 	@bindThis
 | |
| 	public createServer(fastify: FastifyInstance, options: FastifyPluginOptions, done: (err?: Error) => void) {
 | |
| 		fastify.register(cors, {
 | |
| 			origin: '*',
 | |
| 		});
 | |
| 
 | |
| 		fastify.register(multipart, {
 | |
| 			limits: {
 | |
| 				fileSize: this.config.maxFileSize,
 | |
| 				files: 1,
 | |
| 			},
 | |
| 		});
 | |
| 
 | |
| 		// Prevent cache
 | |
| 		fastify.addHook('onRequest', (request, reply, done) => {
 | |
| 			reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
 | |
| 			done();
 | |
| 		});
 | |
| 
 | |
| 		for (const endpoint of endpoints) {
 | |
| 			const ep = {
 | |
| 				name: endpoint.name,
 | |
| 				meta: endpoint.meta,
 | |
| 				params: endpoint.params,
 | |
| 				exec: this.moduleRef.get('ep:' + endpoint.name, { strict: false }).exec,
 | |
| 			};
 | |
| 
 | |
| 			if (endpoint.meta.requireFile) {
 | |
| 				fastify.all<{
 | |
| 					Params: { endpoint: string; },
 | |
| 					Body: Record<string, unknown>,
 | |
| 					Querystring: Record<string, unknown>,
 | |
| 				}>('/' + endpoint.name, async (request, reply) => {
 | |
| 					if (request.method === 'GET' && !endpoint.meta.allowGet) {
 | |
| 						reply.code(405);
 | |
| 						reply.send();
 | |
| 						return;
 | |
| 					}
 | |
| 
 | |
| 					// Await so that any error can automatically be translated to HTTP 500
 | |
| 					await this.apiCallService.handleMultipartRequest(ep, request, reply);
 | |
| 					return reply;
 | |
| 				});
 | |
| 			} else {
 | |
| 				fastify.all<{
 | |
| 					Params: { endpoint: string; },
 | |
| 					Body: Record<string, unknown>,
 | |
| 					Querystring: Record<string, unknown>,
 | |
| 				}>('/' + endpoint.name, { bodyLimit: 1024 * 1024 }, async (request, reply) => {
 | |
| 					if (request.method === 'GET' && !endpoint.meta.allowGet) {
 | |
| 						reply.code(405);
 | |
| 						reply.send();
 | |
| 						return;
 | |
| 					}
 | |
| 
 | |
| 					// Await so that any error can automatically be translated to HTTP 500
 | |
| 					await this.apiCallService.handleRequest(ep, request, reply);
 | |
| 					return reply;
 | |
| 				});
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		fastify.post<{
 | |
| 			Body: {
 | |
| 				username: string;
 | |
| 				password: string;
 | |
| 				host?: string;
 | |
| 				invitationCode?: string;
 | |
| 				emailAddress?: string;
 | |
| 				'hcaptcha-response'?: string;
 | |
| 				'g-recaptcha-response'?: string;
 | |
| 				'turnstile-response'?: string;
 | |
| 				'frc-captcha-solution'?: string;
 | |
| 				'm-captcha-response'?: string;
 | |
| 				'testcaptcha-response'?: string;
 | |
| 			}
 | |
| 		}>('/signup', (request, reply) => this.signupApiService.signup(request, reply));
 | |
| 
 | |
| 		fastify.post<{
 | |
| 			Body: {
 | |
| 				username: string;
 | |
| 				password?: string;
 | |
| 				token?: string;
 | |
| 				credential?: AuthenticationResponseJSON;
 | |
| 				'hcaptcha-response'?: string;
 | |
| 				'g-recaptcha-response'?: string;
 | |
| 				'turnstile-response'?: string;
 | |
| 				'frc-captcha-solution'?: string;
 | |
| 				'm-captcha-response'?: string;
 | |
| 				'testcaptcha-response'?: string;
 | |
| 			};
 | |
| 		}>('/signin-flow', (request, reply) => this.signinApiService.signin(request, reply));
 | |
| 
 | |
| 		fastify.post<{
 | |
| 			Body: {
 | |
| 				credential?: AuthenticationResponseJSON;
 | |
| 				context?: string;
 | |
| 			};
 | |
| 		}>('/signin-with-passkey', (request, reply) => this.signinWithPasskeyApiService.signin(request, reply));
 | |
| 
 | |
| 		fastify.post<{ Body: { code: string; } }>('/signup-pending', (request, reply) => this.signupApiService.signupPending(request, reply));
 | |
| 
 | |
| 		fastify.get('/v1/instance/peers', async (request, reply) => {
 | |
| 			const instances = await this.instancesRepository.find({
 | |
| 				select: ['host'],
 | |
| 				where: {
 | |
| 					suspensionState: 'none',
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			return instances.map(instance => instance.host);
 | |
| 		});
 | |
| 
 | |
| 		fastify.post<{ Params: { session: string; } }>('/miauth/:session/check', async (request, reply) => {
 | |
| 			const token = await this.accessTokensRepository.findOneBy({
 | |
| 				session: request.params.session,
 | |
| 			});
 | |
| 
 | |
| 			if (token && token.session != null && !token.fetched) {
 | |
| 				this.accessTokensRepository.update(token.id, {
 | |
| 					fetched: true,
 | |
| 				});
 | |
| 
 | |
| 				return {
 | |
| 					ok: true,
 | |
| 					token: token.token,
 | |
| 					user: await this.userEntityService.pack(token.userId, null, { schema: 'UserDetailedNotMe' }),
 | |
| 				};
 | |
| 			} else {
 | |
| 				return {
 | |
| 					ok: false,
 | |
| 				};
 | |
| 			}
 | |
| 		});
 | |
| 
 | |
| 		// Make sure any unknown path under /api returns HTTP 404 Not Found,
 | |
| 		// because otherwise ClientServerService will return the base client HTML
 | |
| 		// page with HTTP 200.
 | |
| 		fastify.get('/*', (request, reply) => {
 | |
| 			reply.code(404);
 | |
| 			// Mock ApiCallService.send's error handling
 | |
| 			reply.send({
 | |
| 				error: {
 | |
| 					message: 'Unknown API endpoint.',
 | |
| 					code: 'UNKNOWN_API_ENDPOINT',
 | |
| 					id: '2ca3b769-540a-4f08-9dd5-b5a825b6d0f1',
 | |
| 					kind: 'client',
 | |
| 				},
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		done();
 | |
| 	}
 | |
| }
 |