Federation: drop relay support

.config/example.yml

@@ -110,9 +110,6 @@ id: 'aid'
 # Whether Disable Search
 #disableSearch: true
 
-# Ignore AP forwarded activities (default: false)
-#ignoreApForwarded: true
-
 # Whether disable HSTS
 #disableHsts: true
 

packages/backend/migration/1737502355121-drop_relay.js

@@ -0,0 +1,17 @@
+export class DropRelay1737502355121  {
+    constructor() {
+        this.name = 'DropRelay1737502355121';
+    }
+
+    async up(queryRunner) {
+        await queryRunner.query(`DROP INDEX "IDX_0d9a1738f2cf7f3b1c3334dfab"`);
+        await queryRunner.query(`DROP TABLE "relay" CASCADE `);
+        await queryRunner.query(`DROP TYPE "relay_status_enum"`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`CREATE TYPE "relay_status_enum" AS ENUM('requesting', 'accepted', 'rejected')`);
+        await queryRunner.query(`CREATE TABLE "relay" ("id" character varying(32) NOT NULL, "inbox" character varying(512) NOT NULL, "status" "relay_status_enum" NOT NULL, CONSTRAINT "PK_78ebc9cfddf4292633b7ba57aee" PRIMARY KEY ("id"))`);
+        await queryRunner.query(`CREATE UNIQUE INDEX "IDX_0d9a1738f2cf7f3b1c3334dfab" ON "relay" ("inbox") `);
+    }
+}

packages/backend/package.json

@@ -52,7 +52,6 @@
 		"jsdom": "26.0.0",
 		"json5": "2.2.3",
 		"json5-loader": "4.0.1",
-		"jsonld": "8.3.2",
 		"jsrsasign": "11.1.0",
 		"koa": "2.15.3",
 		"koa-bodyparser": "4.4.1",
@@ -119,7 +118,6 @@
 		"@types/fluent-ffmpeg": "2.1.27",
 		"@types/js-yaml": "4.0.9",
 		"@types/jsdom": "21.1.7",
-		"@types/jsonld": "1.5.14",
 		"@types/jsrsasign": "10.5.15",
 		"@types/koa": "2.15.0",
 		"@types/koa-bodyparser": "4.3.12",

packages/backend/src/config/types.ts

@@ -67,8 +67,6 @@ export type Source = {
 
 	disableAntenna?: boolean;
 	disableSearch?: boolean;
-
-	ignoreApForwarded?: boolean;
 };
 
 /**

packages/backend/src/db/postgre.ts

@@ -52,7 +52,6 @@ import { Clip } from "@/models/entities/clip.js";
 import { ClipNote } from "@/models/entities/clip-note.js";
 import { Antenna } from "@/models/entities/antenna.js";
 import { AntennaNote } from "@/models/entities/antenna-note.js";
-import { Relay } from "@/models/entities/relay.js";
 import { MutedNote } from "@/models/entities/muted-note.js";
 import { RegistryItem } from "@/models/entities/registry-item.js";
 import { PasswordResetRequest } from "@/models/entities/password-reset-request.js";
@@ -142,7 +141,6 @@ export const entities = [
     ClipNote,
     Antenna,
     AntennaNote,
-    Relay,
     MutedNote,
     RegistryItem,
     PasswordResetRequest,

packages/backend/src/models/index.ts

@@ -44,7 +44,6 @@ import { ClipNote } from "./entities/clip-note.js";
 import { AntennaRepository } from "./repositories/antenna.js";
 import { AntennaNote } from "./entities/antenna-note.js";
 import { EmojiRepository } from "./repositories/emoji.js";
-import { RelayRepository } from "./repositories/relay.js";
 import { MutedNote } from "./entities/muted-note.js";
 import { RegistryItem } from "./entities/registry-item.js";
 import { UserPending } from "./entities/user-pending.js";
@@ -98,7 +97,6 @@ export const Clips = (ClipRepository);
 export const ClipNotes = db.getRepository(ClipNote);
 export const Antennas = (AntennaRepository);
 export const AntennaNotes = db.getRepository(AntennaNote);
-export const Relays = (RelayRepository);
 export const MutedNotes = db.getRepository(MutedNote);
 export const RegistryItems = db.getRepository(RegistryItem);
 export const Webhooks = db.getRepository(Webhook);

packages/backend/src/queue/processors/inbox.ts

@@ -3,16 +3,13 @@ import Bull from "bull";
 import httpSignature from "@peertube/http-signature";
 import perform from "@/remote/activitypub/perform.js";
 import Logger from "@/services/logger.js";
-import config from "@/config/index.js";
 import { registerOrFetchInstanceDoc } from "@/services/register-or-fetch-instance-doc.js";
 import { Instances } from "@/models/index.js";
 import { fetchMeta } from "@/misc/fetch-meta.js";
 import { toPuny, extractDbHost } from "@/misc/convert-host.js";
 import { getApId } from "@/remote/activitypub/type.js";
 import { fetchInstanceMetadata } from "@/services/fetch-instance-metadata.js";
 import DbResolver from "@/remote/activitypub/db-resolver.js";
-import { resolvePerson } from "@/remote/activitypub/models/person.js";
-import { LdSignature } from "@/remote/activitypub/misc/ld-signature.js";
 import { StatusError } from "@/misc/fetch.js";
 import { CacheableRemoteUser } from "@/models/entities/user.js";
 import { UserPublickey } from "@/models/entities/user-publickey.js";
@@ -23,7 +20,7 @@ const logger = new Logger("inbox");
 // ユーザーのinboxにアクティビティが届いた時の処理
 export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
     const signature = job.data.signature;	// HTTP-signature
-    let activity = job.data.activity;
+    const activity = job.data.activity;
 
     //#region Log
     const info = Object.assign({}, activity) as any;
@@ -82,51 +79,7 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
 
     // また、signatureのsignerは、activity.actorと一致する必要がある
     if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
-        // 一致しなくても、でもLD-Signatureがありそうならそっちも見る
-        if (!config.ignoreApForwarded && activity.signature) {
-            if (activity.signature.type !== "RsaSignature2017") {
-                return `skip: unsupported LD-signature type ${activity.signature.type}`;
-            }
-
-            // activity.signature.creator: https://example.oom/users/user#main-key
-            // みたいになっててUserを引っ張れば公開キーも入ることを期待する
-            if (activity.signature.creator) {
-                const candicate = activity.signature.creator.replace(/#.*/, "");
-                await resolvePerson(candicate).catch(() => null);
-            }
-
-            // keyIdからLD-Signatureのユーザーを取得
-            authUser = await dbResolver.getAuthUserFromKeyId(activity.signature.creator);
-            if (authUser == null) {
-                return "skip: LD-Signatureのユーザーが取得できませんでした";
-            }
-
-            if (authUser.key == null) {
-                return "skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした";
-            }
-
-            // LD-Signature検証
-            const ldSignature = new LdSignature();
-            const verified = await ldSignature.verifyRsaSignature2017(activity, authUser.key.keyPem).catch(() => false);
-            if (!verified) {
-                return "skip: LD-Signatureの検証に失敗しました";
-            }
-
-            activity = await ldSignature.compactToWellKnown(activity);
-
-            // もう一度actorチェック
-            if (authUser.user.uri !== activity.actor) {
-                return `skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`;
-            }
-
-            // ブロックしてたら中断
-            const ldHost = extractDbHost(authUser.user.uri);
-            if (meta.blockedHosts.some(x => ldHost.endsWith(x))) {
-                return `Blocked request: ${ldHost}`;
-            }
-        } else {
-            return `skip: http-signature verification failed and ${config.ignoreApForwarded ? "ignoreApForwarded" : "no LD-Signature"}. keyId=${signature.keyId}`;
-        }
+        return `skip: http-signature verification failed. keyId=${signature.keyId}`;
     }
 
     // activity.idがあればホストが署名者のホストであることを確認する

packages/backend/src/remote/activitypub/kernel/accept/follow.ts

@@ -1,6 +1,5 @@
 import { CacheableRemoteUser } from "@/models/entities/user.js";
 import accept from "@/services/following/requests/accept.js";
-import { relayAccepted } from "@/services/relay.js";
 import { IFollow } from "../../type.js";
 import DbResolver from "../../db-resolver.js";
 
@@ -18,12 +17,6 @@ export default async (actor: CacheableRemoteUser, activity: IFollow): Promise<st
         return "skip: follower is not a local user";
     }
 
-    // relay
-    const match = activity.id?.match(/follow-relay\/(\w+)/);
-    if (match) {
-        return await relayAccepted(match[1]);
-    }
-
     await accept(actor, follower);
     return "ok";
 };

packages/backend/src/remote/activitypub/kernel/reject/follow.ts

@@ -1,6 +1,5 @@
 import { CacheableRemoteUser } from "@/models/entities/user.js";
 import { remoteReject } from "@/services/following/reject.js";
-import { relayRejected } from "@/services/relay.js";
 import { Users } from "@/models/index.js";
 import { IFollow } from "../../type.js";
 import DbResolver from "../../db-resolver.js";
@@ -19,12 +18,6 @@ export default async (actor: CacheableRemoteUser, activity: IFollow): Promise<st
         return "skip: follower is not a local user";
     }
 
-    // relay
-    const match = activity.id?.match(/follow-relay\/(\w+)/);
-    if (match) {
-        return await relayRejected(match[1]);
-    }
-
     await remoteReject(actor, follower);
     return "ok";
 };

packages/backend/src/remote/activitypub/renderer/index.ts

@@ -1,29 +1,14 @@
 import { v4 as uuid } from "uuid";
 import config from "@/config/index.js";
-import { getUserKeypair } from "@/misc/keypair-store.js";
-import { User } from "@/models/entities/user.js";
 import { WellKnownContext } from "@/remote/activitypub/misc/contexts.js";
 import { IActivity } from "../type.js";
-import { LdSignature } from "../misc/ld-signature.js";
 
 export const renderActivity = (x: any): IActivity | null => {
     if (x == null) return null;
 
     if (typeof x === "object" && x.id == null) {
         x.id = `${config.url}/${uuid()}`;
     }
-
-    return Object.assign({}, WellKnownContext, x);
-};
-
-export const attachLdSignature = async (activity: any, user: { id: User["id"]; host: null; }): Promise<IActivity | null> => {
-    if (activity == null) return null;
 
-    const keypair = await getUserKeypair(user.id);
-
-    const ldSignature = new LdSignature();
-    ldSignature.debug = false;
-    activity = await ldSignature.signRsaSignature2017(activity, keypair.privateKey, `${config.url}/users/${user.id}#main-key`);
-
-    return activity;
+    return Object.assign({}, WellKnownContext, x);
 };