rubberguppe/index.js

const path = require('path')
const express = require('express')
const MongoClient = require('mongodb').MongoClient
const fs = require('fs')
const https = require('https')
const morgan = require('morgan')
const history = require('connect-history-api-fallback')
const { onShutdown } = require('node-graceful-shutdown')
const ActivitypubExpress = require('activitypub-express')

const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json')

const app = express()

const client = new MongoClient(DB_URL, { useUnifiedTopology: true, useNewUrlParser: true })

const sslOptions = {
  key: KEY_PATH && fs.readFileSync(path.join(__dirname, KEY_PATH)),
  cert: CERT_PATH && fs.readFileSync(path.join(__dirname, CERT_PATH)),
  ca: CA_PATH && fs.readFileSync(path.join(__dirname, CA_PATH))
}

const icon = {
  type: 'Image',
  mediaType: 'image/jpeg',
  url: `https://${DOMAIN}/f/guppe.png`
}

const routes = {
  actor: '/u/:actor',
  object: '/o/:id',
  activity: '/s/:id',
  inbox: '/u/:actor/inbox',
  outbox: '/u/:actor/outbox',
  followers: '/u/:actor/followers',
  following: '/u/:actor/following',
  liked: '/u/:actor/liked',
  collections: '/u/:actor/c/:id',
  blocked: '/u/:actor/blocked',
  rejections: '/u/:actor/rejections',
  rejected: '/u/:actor/rejected',
  shares: '/s/:id/shares',
  likes: '/s/:id/likes'
}
const apex = ActivitypubExpress({
  domain: DOMAIN,
  actorParam: 'actor',
  objectParam: 'id',
  itemsPerPage: 100,
  routes
})

app.set('domain', DOMAIN)
app.set('port', process.env.PORT || PORT)
app.set('port-https', process.env.PORT_HTTPS || PORT_HTTPS)
app.use(morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status Accepts ":req[accept]" ":referrer" ":user-agent"'))
app.use(express.json({ type: apex.consts.jsonldTypes }), apex)

// Guppe's magic: create new groups on demand whenever someone tries to access it
async function getOrCreateActor (req, res, next) {
  const apex = req.app.locals.apex
  const actor = req.params[apex.actorParam]
  const actorIRI = apex.utils.usernameToIRI(actor)
  let actorObj
  try {
    actorObj = await apex.store.getObject(actorIRI)
  } catch (err) { return next(err) }
  if (!actorObj && actor.length <= 100) {
    try {
      const summary = `I'm a group about ${actor}. Follow me to get all the group posts. Tag me to share with the group. Create other groups by searching for or tagging @yourGroupName@${DOMAIN}`
      actorObj = await apex.createActor(actor, `${actor} group`, summary, icon, 'Group')
      await apex.store.saveObject(actorObj)
    } catch (err) { return next(err) }
    res.locals.apex.target = actorObj
  } else if (actor.length > 100) {
    res.locals.apex.status = 400
    res.locals.apex.statusMessage = 'Group names are limited to 100 characters'
  } else if (actorObj.type === 'Tombstone') {
    res.locals.apex.status = 410
  } else {
    res.locals.apex.target = actorObj
  }
  next()
}

// define routes using prepacakged middleware collections
app.route(routes.inbox)
  .post(apex.net.inbox.post)
  // no C2S at present
  // .get(apex.net.inbox.get)
app.route(routes.outbox)
  .get(apex.net.outbox.get)
  // no C2S at present
  // .post(apex.net.outbox.post)

// replace apex's target actor validator with our create on demand method
app.get(routes.actor, apex.net.validators.jsonld, getOrCreateActor, apex.net.responders.target)
app.get(routes.followers, apex.net.followers.get)
app.get(routes.following, apex.net.following.get)
app.get(routes.liked, apex.net.liked.get)
app.get(routes.object, apex.net.object.get)
app.get(routes.activity, apex.net.activityStream.get)
app.get(routes.shares, apex.net.shares.get)
app.get(routes.likes, apex.net.likes.get)

app.get(
  '/.well-known/webfinger',
  apex.net.wellKnown.parseWebfinger,
  // replace apex's target actor validator with our create on demand method
  getOrCreateActor,
  apex.net.wellKnown.respondWebfinger
)

app.on('apex-inbox', async ({ actor, activity, recipient, object }) => {
  switch (activity.type.toLowerCase()) {
    case 'create': {
      // ignore forwarded messages that aren't directly adddressed to group
      if (!activity.to?.includes(recipient.id)) {
        return
      }
      const to = [
        recipient.followers[0],
        apex.consts.publicAddress
      ]
      const share = await apex.buildActivity('Announce', recipient.id, to, {
        object: activity.id
      })
      apex.addToOutbox(recipient, share)
      break
    }
    case 'follow': {
      const accept = await apex.buildActivity('Accept', recipient.id, actor.id, {
        object: activity.id
      })
      const { postTask: publishUpdatedFollowers } = await apex.acceptFollow(recipient, activity)
      await apex.addToOutbox(recipient, accept)
      return publishUpdatedFollowers()
    }
  }
})

/// Guppe web setup
// html/static routes
app.use(history({
  index: '/web/index.html',
  rewrites: [
    // do not redirect webfinger et c.
    { from: /^\/\.well-known\//, to: context => context.request.originalUrl }
  ]
}))
app.use('/f', express.static('public/files'))
app.use('/web', express.static('web/dist'))

app.use(function (err, req, res, next) {
  console.error(err.message, req.body, err.stack)
  if (!res.headersSent) {
    res.status(500).send('An error occurred while processing the request')
  }
})

client.connect({ useNewUrlParser: true })
  .then(async () => {
    const { default: AutoEncrypt } = await import('@small-tech/auto-encrypt')
    apex.store.db = client.db(DB_NAME)
    await apex.store.setup()
    apex.systemUser = await apex.store.getObject(apex.utils.usernameToIRI('system_service'), true)
    if (!apex.systemUser) {
      const systemUser = await apex.createActor('system_service', `${DOMAIN} system service`, `${DOMAIN} system service`, icon, 'Service')
      await apex.store.saveObject(systemUser)
      apex.systemUser = systemUser
    }

    const server = process.env.NODE_ENV === 'production'
      ? AutoEncrypt.https.createServer({ domains: [DOMAIN] }, app)
      : https.createServer(sslOptions, app)
    server.listen(PORT_HTTPS, function () {
      console.log('Guppe server listening on port ' + PORT_HTTPS)
    })
    onShutdown(async () => {
      await client.close()
      await new Promise((resolve, reject) => {
        server.close(err => (err ? reject(err) : resolve()))
      })
      console.log('Guppe server closed')
    })
  })
switch to https, place all object metadata in _meta for simpler projections 2019-09-20 01:55:32 +00:00			`const path = require('path')`
package details, lint 2019-09-22 05:20:37 +00:00			`const express = require('express')`
			`const MongoClient = require('mongodb').MongoClient`
			`const fs = require('fs')`
switch to https, place all object metadata in _meta for simpler projections 2019-09-20 01:55:32 +00:00			`const https = require('https')`
morgan http logging 2019-09-28 03:24:35 +00:00			`const morgan = require('morgan')`
add vue router and connect via history fallback middleware 2019-10-04 02:47:44 +00:00			`const history = require('connect-history-api-fallback')`
switch to autoencrypt for certs. Thanks Aral! 2021-01-21 04:18:30 +00:00			`const { onShutdown } = require('node-graceful-shutdown')`
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`const ActivitypubExpress = require('activitypub-express')`
switch to https, place all object metadata in _meta for simpler projections 2019-09-20 01:55:32 +00:00
Change to Signature header stype outgoing http signatures for mastodon compliance, both incoming formats supported (via dependency update), change default text for new groups, use certificate authority when specified 2019-09-25 03:12:31 +00:00			`const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json')`
mongo for user object requests and initial inbox functionality 2019-09-13 01:03:04 +00:00
production security: require signature for users with public keys, block outbox posting. Add missing routes to fetch objects and activities by id 2019-09-24 03:18:35 +00:00			`const app = express()`
add actor HTML page with ostatus remote follow workflow. Fix #2 2019-09-28 03:17:54 +00:00
production security: require signature for users with public keys, block outbox posting. Add missing routes to fetch objects and activities by id 2019-09-24 03:18:35 +00:00			`const client = new MongoClient(DB_URL, { useUnifiedTopology: true, useNewUrlParser: true })`
mongo for user object requests and initial inbox functionality 2019-09-13 01:03:04 +00:00
package details, lint 2019-09-22 05:20:37 +00:00			`const sslOptions = {`
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`key: KEY_PATH && fs.readFileSync(path.join(__dirname, KEY_PATH)),`
			`cert: CERT_PATH && fs.readFileSync(path.join(__dirname, CERT_PATH)),`
			`ca: CA_PATH && fs.readFileSync(path.join(__dirname, CA_PATH))`
First commit. 2018-09-15 07:01:19 +00:00			`}`

Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`const icon = {`
			`type: 'Image',`
			`mediaType: 'image/jpeg',`
			url: `https://${DOMAIN}/f/guppe.png`
			`}`

			`const routes = {`
			`actor: '/u/:actor',`
			`object: '/o/:id',`
			`activity: '/s/:id',`
			`inbox: '/u/:actor/inbox',`
			`outbox: '/u/:actor/outbox',`
			`followers: '/u/:actor/followers',`
			`following: '/u/:actor/following',`
			`liked: '/u/:actor/liked',`
			`collections: '/u/:actor/c/:id',`
			`blocked: '/u/:actor/blocked',`
			`rejections: '/u/:actor/rejections',`
			`rejected: '/u/:actor/rejected',`
			`shares: '/s/:id/shares',`
			`likes: '/s/:id/likes'`
			`}`
			`const apex = ActivitypubExpress({`
			`domain: DOMAIN,`
			`actorParam: 'actor',`
			`objectParam: 'id',`
			`itemsPerPage: 100,`
			`routes`
			`})`

package details, lint 2019-09-22 05:20:37 +00:00			`app.set('domain', DOMAIN)`
			`app.set('port', process.env.PORT \|\| PORT)`
			`app.set('port-https', process.env.PORT_HTTPS \|\| PORT_HTTPS)`
fix errors in unverifiable delete handling and include accept headerin http logs 2019-12-25 22:22:31 +00:00			`app.use(morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status Accepts ":req[accept]" ":referrer" ":user-agent"'))`
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`app.use(express.json({ type: apex.consts.jsonldTypes }), apex)`

			`// Guppe's magic: create new groups on demand whenever someone tries to access it`
			`async function getOrCreateActor (req, res, next) {`
			`const apex = req.app.locals.apex`
			`const actor = req.params[apex.actorParam]`
			`const actorIRI = apex.utils.usernameToIRI(actor)`
			`let actorObj`
			`try {`
			`actorObj = await apex.store.getObject(actorIRI)`
			`} catch (err) { return next(err) }`
			`if (!actorObj && actor.length <= 100) {`
			`try {`
			const summary = `I'm a group about ${actor}. Follow me to get all the group posts. Tag me to share with the group. Create other groups by searching for or tagging @yourGroupName@${DOMAIN}`
			actorObj = await apex.createActor(actor, `${actor} group`, summary, icon, 'Group')
			`await apex.store.saveObject(actorObj)`
			`} catch (err) { return next(err) }`
			`res.locals.apex.target = actorObj`
			`} else if (actor.length > 100) {`
			`res.locals.apex.status = 400`
			`res.locals.apex.statusMessage = 'Group names are limited to 100 characters'`
			`} else if (actorObj.type === 'Tombstone') {`
			`res.locals.apex.status = 410`
			`} else {`
			`res.locals.apex.target = actorObj`
			`}`
			`next()`
			`}`

			`// define routes using prepacakged middleware collections`
			`app.route(routes.inbox)`
			`.post(apex.net.inbox.post)`
			`// no C2S at present`
			`// .get(apex.net.inbox.get)`
			`app.route(routes.outbox)`
			`.get(apex.net.outbox.get)`
			`// no C2S at present`
			`// .post(apex.net.outbox.post)`

			`// replace apex's target actor validator with our create on demand method`
			`app.get(routes.actor, apex.net.validators.jsonld, getOrCreateActor, apex.net.responders.target)`
			`app.get(routes.followers, apex.net.followers.get)`
			`app.get(routes.following, apex.net.following.get)`
			`app.get(routes.liked, apex.net.liked.get)`
			`app.get(routes.object, apex.net.object.get)`
			`app.get(routes.activity, apex.net.activityStream.get)`
			`app.get(routes.shares, apex.net.shares.get)`
			`app.get(routes.likes, apex.net.likes.get)`

			`app.get(`
			`'/.well-known/webfinger',`
			`apex.net.wellKnown.parseWebfinger,`
			`// replace apex's target actor validator with our create on demand method`
			`getOrCreateActor,`
			`apex.net.wellKnown.respondWebfinger`
			`)`

			`app.on('apex-inbox', async ({ actor, activity, recipient, object }) => {`
			`switch (activity.type.toLowerCase()) {`
			`case 'create': {`
			`// ignore forwarded messages that aren't directly adddressed to group`
			`if (!activity.to?.includes(recipient.id)) {`
			`return`
			`}`
			`const to = [`
			`recipient.followers[0],`
			`apex.consts.publicAddress`
			`]`
			`const share = await apex.buildActivity('Announce', recipient.id, to, {`
			`object: activity.id`
			`})`
			`apex.addToOutbox(recipient, share)`
			`break`
			`}`
			`case 'follow': {`
			`const accept = await apex.buildActivity('Accept', recipient.id, actor.id, {`
			`object: activity.id`
			`})`
			`const { postTask: publishUpdatedFollowers } = await apex.acceptFollow(recipient, activity)`
			`await apex.addToOutbox(recipient, accept)`
			`return publishUpdatedFollowers()`
			`}`
			`}`
			`})`

			`/// Guppe web setup`
			`// html/static routes`
add vue router and connect via history fallback middleware 2019-10-04 02:47:44 +00:00			`app.use(history({`
fix webfinger routing, create group listing api, web homepage with groups list 2019-11-18 01:31:58 +00:00			`index: '/web/index.html',`
			`rewrites: [`
			`// do not redirect webfinger et c.`
			`{ from: /^\/\.well-known\//, to: context => context.request.originalUrl }`
			`]`
add vue router and connect via history fallback middleware 2019-10-04 02:47:44 +00:00			`}))`
package details, lint 2019-09-22 05:20:37 +00:00			`app.use('/f', express.static('public/files'))`
add vue router and connect via history fallback middleware 2019-10-04 02:47:44 +00:00			`app.use('/web', express.static('web/dist'))`
First commit. 2018-09-15 07:01:19 +00:00
add error logger 2019-12-25 21:48:09 +00:00			`app.use(function (err, req, res, next) {`
			`console.error(err.message, req.body, err.stack)`
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`if (!res.headersSent) {`
			`res.status(500).send('An error occurred while processing the request')`
			`}`
add error logger 2019-12-25 21:48:09 +00:00			`})`

package details, lint 2019-09-22 05:20:37 +00:00			`client.connect({ useNewUrlParser: true })`
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`.then(async () => {`
			`const { default: AutoEncrypt } = await import('@small-tech/auto-encrypt')`
			`apex.store.db = client.db(DB_NAME)`
			`await apex.store.setup()`
			`apex.systemUser = await apex.store.getObject(apex.utils.usernameToIRI('system_service'), true)`
			`if (!apex.systemUser) {`
			const systemUser = await apex.createActor('system_service', `${DOMAIN} system service`, `${DOMAIN} system service`, icon, 'Service')
			`await apex.store.saveObject(systemUser)`
			`apex.systemUser = systemUser`
			`}`
switch to autoencrypt for certs. Thanks Aral! 2021-01-21 04:18:30 +00:00
Port Guppe to activitypub-express 2020-10-24 17:29:14 +00:00			`const server = process.env.NODE_ENV === 'production'`
			`? AutoEncrypt.https.createServer({ domains: [DOMAIN] }, app)`
			`: https.createServer(sslOptions, app)`
			`server.listen(PORT_HTTPS, function () {`
			`console.log('Guppe server listening on port ' + PORT_HTTPS)`
			`})`
			`onShutdown(async () => {`
			`await client.close()`
			`await new Promise((resolve, reject) => {`
			`server.close(err => (err ? reject(err) : resolve()))`
			`})`
			`console.log('Guppe server closed')`
			`})`
switch to autoencrypt for certs. Thanks Aral! 2021-01-21 04:18:30 +00:00			`})`