sim1222/nca10.net
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
syuilo
2018-04-13 06:06:18 +09:00
parent a3bd4ba426
commit 3368fe8552
20 changed files with 582 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/server/api/api-handler.ts
View File

@ -1,4 +1,4 @@
import * as express from 'express';
import * as Koa from 'koa';
import { Endpoint } from './endpoints';
import authenticate from './authenticate';
@ -6,16 +6,17 @@ import call from './call';
import { IUser } from '../../models/user';
import { IApp } from '../../models/app';
export default async (endpoint: Endpoint, req: express.Request, res: express.Response) => {
export default async (endpoint: Endpoint, ctx: Koa.Context) => {
const reply = (x?: any, y?: any) => {
if (x === undefined) {
res.sendStatus(204);
ctx.status = 204;
} else if (typeof x === 'number') {
res.status(x).send({
ctx.status = x;
ctx.body = {
error: x === 500 ? 'INTERNAL_ERROR' : y
});
};
} else {
res.send(x);
ctx.body = x;
}
};
@ -24,11 +25,11 @@ export default async (endpoint: Endpoint, req: express.Request, res: express.Res
// Authentication
try {
[user, app] = await authenticate(req.body['i']);
[user, app] = await authenticate(ctx.body['i']);
} catch (e) {
return reply(403, 'AUTHENTICATION_FAILED');
}
// API invoking
call(endpoint, user, app, req.body, req).then(reply).catch(e => reply(400, e));
call(endpoint, user, app, ctx.body, ctx.req).then(reply).catch(e => reply(400, e));
};

117
src/server/api/bot/interfaces/line.ts
View File

@ -1,5 +1,5 @@
import * as EventEmitter from 'events';
import * as express from 'express';
import * as Router from 'koa-router';
import * as request from 'request';
import * as crypto from 'crypto';
import User from '../../../../models/user';
@ -158,82 +158,81 @@ class LineBot extends BotCore {
}
}
module.exports = async (app: express.Application) => {
if (config.line_bot == null) return;
const handler = new EventEmitter();
const handler = new EventEmitter();
handler.on('event', async (ev) => {
handler.on('event', async (ev) => {
const sourceId = ev.source.userId;
const sessionId = `line-bot-sessions:${sourceId}`;
const sourceId = ev.source.userId;
const sessionId = `line-bot-sessions:${sourceId}`;
const session = await redis.get(sessionId);
let bot: LineBot;
const session = await redis.get(sessionId);
let bot: LineBot;
if (session == null) {
const user = await User.findOne({
host: null,
'line': {
userId: sourceId
}
});
bot = new LineBot(user);
bot.on('signin', user => {
User.update(user._id, {
$set: {
'line': {
userId: sourceId
}
}
});
});
bot.on('signout', user => {
User.update(user._id, {
$set: {
'line': {
userId: null
}
}
});
});
redis.set(sessionId, JSON.stringify(bot.export()));
} else {
bot = LineBot.import(JSON.parse(session));
}
bot.on('updated', () => {
redis.set(sessionId, JSON.stringify(bot.export()));
if (session == null) {
const user = await User.findOne({
host: null,
'line': {
userId: sourceId
}
});
if (session != null) bot.refreshUser();
bot = new LineBot(user);
bot.react(ev);
bot.on('signin', user => {
User.update(user._id, {
$set: {
'line': {
userId: sourceId
}
}
});
});
bot.on('signout', user => {
User.update(user._id, {
$set: {
'line': {
userId: null
}
}
});
});
redis.set(sessionId, JSON.stringify(bot.export()));
} else {
bot = LineBot.import(JSON.parse(session));
}
bot.on('updated', () => {
redis.set(sessionId, JSON.stringify(bot.export()));
});
app.post('/hooks/line', (req, res, next) => {
// req.headers['x-line-signature'] は常に string ですが、型定義の都合上
// string | string[] になっているので string を明示しています
const sig1 = req.headers['x-line-signature'] as string;
if (session != null) bot.refreshUser();
bot.react(ev);
});
// Init router
const router = new Router();
if (config.line_bot) {
router.post('/hooks/line', ctx => {
const sig1 = ctx.headers['x-line-signature'];
const hash = crypto.createHmac('SHA256', config.line_bot.channel_secret)
.update((req as any).rawBody);
.update(ctx.request.rawBody);
const sig2 = hash.digest('base64');
// シグネチャ比較
if (sig1 === sig2) {
req.body.events.forEach(ev => {
ctx.body.events.forEach(ev => {
handler.emit('event', ev);
});
res.sendStatus(200);
} else {
res.sendStatus(400);
ctx.status = 400;
}
});
};
}
module.exports = router;

7
src/server/api/call.ts
View File

@ -1,11 +1,12 @@
import * as express from 'express';
import * as http from 'http';
import * as multer from 'koa-multer';
import endpoints, { Endpoint } from './endpoints';
import limitter from './limitter';
import { IUser } from '../../models/user';
import { IApp } from '../../models/app';
export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: express.Request) => new Promise(async (ok, rej) => {
export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => {
const isSecure = user != null && app == null;
//console.log(endpoint, user, app, data);
@ -38,7 +39,7 @@ export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any,
let exec = require(`${__dirname}/endpoints/${ep.name}`);
if (ep.withFile && req) {
exec = exec.bind(null, req.file);
exec = exec.bind(null, (req as multer.MulterIncomingMessage).file);
}
let res;

17
src/server/api/common/signin.ts
View File

@ -1,19 +1,20 @@
import config from '../../../config';
import * as Koa from 'koa';
export default function(res, user, redirect: boolean) {
import config from '../../../config';
import { ILocalUser } from '../../../models/user';
export default function(ctx: Koa.Context, user: ILocalUser, redirect: boolean) {
const expires = 1000 * 60 * 60 * 24 * 365; // One Year
res.cookie('i', user.token, {
ctx.cookies.set('i', user.token, {
path: '/',
domain: `.${config.hostname}`,
secure: config.url.substr(0, 5) === 'https',
domain: config.hostname,
secure: config.url.startsWith('https'),
httpOnly: false,
expires: new Date(Date.now() + expires),
maxAge: expires
});
if (redirect) {
res.redirect(config.url);
} else {
res.sendStatus(204);
ctx.redirect(config.url);
}
}

56
src/server/api/index.ts
View File

@ -2,53 +2,41 @@
* API Server
*/
import * as express from 'express';
import * as bodyParser from 'body-parser';
import * as cors from 'cors';
import * as multer from 'multer';
import * as Koa from 'koa';
import * as Router from 'koa-router';
import * as multer from 'koa-multer';
import endpoints from './endpoints';
/**
* Init app
*/
const app = express();
const handler = require('./api-handler').default;
app.disable('x-powered-by');
app.set('etag', false);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json({
type: ['application/json', 'text/plain'],
verify: (req, res, buf, encoding) => {
if (buf && buf.length) {
(req as any).rawBody = buf.toString(encoding || 'utf8');
}
}
}));
app.use(cors());
// Init app
const app = new Koa();
app.get('/', (req, res) => {
res.send('YEE HAW');
// Init multer instance
const upload = multer({
storage: multer.diskStorage({})
});
// Init router
const router = new Router();
/**
* Register endpoint handlers
*/
endpoints.forEach(endpoint =>
endpoint.withFile ?
app.post(`/${endpoint.name}`,
endpoint.withFile ? multer({ storage: multer.diskStorage({}) }).single('file') : null,
require('./api-handler').default.bind(null, endpoint)) :
app.post(`/${endpoint.name}`,
require('./api-handler').default.bind(null, endpoint))
endpoints.forEach(endpoint => endpoint.withFile
? router.post(`/${endpoint.name}`, upload.single('file'), handler.bind(null, endpoint))
: router.post(`/${endpoint.name}`, handler.bind(null, endpoint))
);
app.post('/signup', require('./private/signup').default);
app.post('/signin', require('./private/signin').default);
router.post('/signup', require('./private/signup').default);
router.post('/signin', require('./private/signin').default);
require('./service/github')(app);
require('./service/twitter')(app);
router.use(require('./service/github').routes());
router.use(require('./service/twitter').routes());
router.use(require('./bot/interfaces/line').routes());
require('./bot/interfaces/line')(app);
// Register router
app.use(router.routes());
module.exports = app;

36
src/server/api/private/signin.ts
View File

@ -1,4 +1,4 @@
import * as express from 'express';
import * as Koa from 'koa';
import * as bcrypt from 'bcryptjs';
import * as speakeasy from 'speakeasy';
import User, { ILocalUser } from '../../../models/user';
@ -7,26 +7,26 @@ import event from '../../../publishers/stream';
import signin from '../common/signin';
import config from '../../../config';
export default async (req: express.Request, res: express.Response) => {
res.header('Access-Control-Allow-Origin', config.url);
res.header('Access-Control-Allow-Credentials', 'true');
export default async (ctx: Koa.Context) => {
ctx.set('Access-Control-Allow-Origin', config.url);
ctx.set('Access-Control-Allow-Credentials', 'true');
const username = req.body['username'];
const password = req.body['password'];
const token = req.body['token'];
const username = ctx.body['username'];
const password = ctx.body['password'];
const token = ctx.body['token'];
if (typeof username != 'string') {
res.sendStatus(400);
ctx.status = 400;
return;
}
if (typeof password != 'string') {
res.sendStatus(400);
ctx.status = 400;
return;
}
if (token != null && typeof token != 'string') {
res.sendStatus(400);
ctx.status = 400;
return;
}
@ -37,12 +37,12 @@ export default async (req: express.Request, res: express.Response) => {
}, {
fields: {
data: false,
'profile': false
profile: false
}
}) as ILocalUser;
if (user === null) {
res.status(404).send({
ctx.throw(404, {
error: 'user not found'
});
return;
@ -60,17 +60,17 @@ export default async (req: express.Request, res: express.Response) => {
});
if (verified) {
signin(res, user, false);
signin(ctx, user, false);
} else {
res.status(400).send({
ctx.throw(400, {
error: 'invalid token'
});
}
} else {
signin(res, user, false);
signin(ctx, user, false);
}
} else {
res.status(400).send({
ctx.throw(400, {
error: 'incorrect password'
});
}
@ -79,8 +79,8 @@ export default async (req: express.Request, res: express.Response) => {
const record = await Signin.insert({
createdAt: new Date(),
userId: user._id,
ip: req.ip,
headers: req.headers,
ip: ctx.ip,
headers: ctx.headers,
success: same
});

20
src/server/api/private/signup.ts
View File

@ -1,5 +1,5 @@
import * as uuid from 'uuid';
import * as express from 'express';
import * as Koa from 'koa';
import * as bcrypt from 'bcryptjs';
import { generate as generateKeypair } from '../../../crypto_key';
import recaptcha = require('recaptcha-promise');
@ -33,30 +33,30 @@ const home = {
]
};
export default async (req: express.Request, res: express.Response) => {
export default async (ctx: Koa.Context) => {
// Verify recaptcha
// ただしテスト時はこの機構は障害となるため無効にする
if (process.env.NODE_ENV !== 'test') {
const success = await recaptcha(req.body['g-recaptcha-response']);
const success = await recaptcha(ctx.body['g-recaptcha-response']);
if (!success) {
res.status(400).send('recaptcha-failed');
ctx.throw(400, 'recaptcha-failed');
return;
}
}
const username = req.body['username'];
const password = req.body['password'];
const username = ctx.body['username'];
const password = ctx.body['password'];
// Validate username
if (!validateUsername(username)) {
res.sendStatus(400);
ctx.status = 400;
return;
}
// Validate password
if (!validatePassword(password)) {
res.sendStatus(400);
ctx.status = 400;
return;
}
@ -71,7 +71,7 @@ export default async (req: express.Request, res: express.Response) => {
// Check username already used
if (usernameExist !== 0) {
res.sendStatus(400);
ctx.status = 400;
return;
}
@ -143,5 +143,5 @@ export default async (req: express.Request, res: express.Response) => {
});
// Response
res.send(await pack(account));
ctx.body = await pack(account);
};

266
src/server/api/service/github.ts
View File

@ -1,140 +1,152 @@
import * as EventEmitter from 'events';
import * as express from 'express';
import * as Router from 'koa-router';
import * as request from 'request';
const crypto = require('crypto');
import User from '../../../models/user';
import User, { IUser } from '../../../models/user';
import createNote from '../../../services/note/create';
import config from '../../../config';
module.exports = async (app: express.Application) => {
if (config.github_bot == null) return;
const handler = new EventEmitter();
const bot = await User.findOne({
usernameLower: config.github_bot.username.toLowerCase()
});
let bot: IUser;
const post = async text => {
if (bot == null) {
console.warn(`GitHub hook bot specified, but not found: @${config.github_bot.username}`);
return;
const account = await User.findOne({
usernameLower: config.github_bot.username.toLowerCase()
});
if (account == null) {
console.warn(`GitHub hook bot specified, but not found: @${config.github_bot.username}`);
return;
} else {
bot = account;
}
}
const post = text => createNote(bot, { text });
const handler = new EventEmitter();
app.post('/hooks/github', (req, res, next) => {
// req.headers['x-hub-signature'] および
// req.headers['x-github-event'] は常に string ですが、型定義の都合上
// string | string[] になっているので string を明示しています
if ((new Buffer(req.headers['x-hub-signature'] as string)).equals(new Buffer(`sha1=${crypto.createHmac('sha1', config.github_bot.hook_secret).update(JSON.stringify(req.body)).digest('hex')}`))) {
handler.emit(req.headers['x-github-event'] as string, req.body);
res.sendStatus(200);
} else {
res.sendStatus(400);
}
});
handler.on('status', event => {
const state = event.state;
switch (state) {
case 'error':
case 'failure':
const commit = event.commit;
const parent = commit.parents[0];
// Fetch parent status
request({
url: `${parent.url}/statuses`,
headers: {
'User-Agent': 'misskey'
}
}, (err, res, body) => {
if (err) {
console.error(err);
return;
}
const parentStatuses = JSON.parse(body);
const parentState = parentStatuses[0].state;
const stillFailed = parentState == 'failure' || parentState == 'error';
if (stillFailed) {
post(`**⚠BUILD STILL FAILED⚠**: ?[${commit.commit.message}](${commit.html_url})`);
} else {
post(`**🚨BUILD FAILED🚨**: →→→?[${commit.commit.message}](${commit.html_url})←←←`);
}
});
break;
}
});
handler.on('push', event => {
const ref = event.ref;
switch (ref) {
case 'refs/heads/master':
const pusher = event.pusher;
const compare = event.compare;
const commits = event.commits;
post([
`Pushed by **${pusher.name}** with ?[${commits.length} commit${commits.length > 1 ? 's' : ''}](${compare}):`,
commits.reverse().map(commit => `・[?[${commit.id.substr(0, 7)}](${commit.url})] ${commit.message.split('\n')[0]}`).join('\n'),
].join('\n'));
break;
case 'refs/heads/release':
const commit = event.commits[0];
post(`RELEASED: ${commit.message}`);
break;
}
});
handler.on('issues', event => {
const issue = event.issue;
const action = event.action;
let title: string;
switch (action) {
case 'opened': title = 'Issue opened'; break;
case 'closed': title = 'Issue closed'; break;
case 'reopened': title = 'Issue reopened'; break;
default: return;
}
post(`${title}: <${issue.number}>「${issue.title}\n${issue.html_url}`);
});
handler.on('issue_comment', event => {
const issue = event.issue;
const comment = event.comment;
const action = event.action;
let text: string;
switch (action) {
case 'created': text = `Commented to「${issue.title}」:${comment.user.login}${comment.body}\n${comment.html_url}`; break;
default: return;
}
post(text);
});
handler.on('watch', event => {
const sender = event.sender;
post(`⭐️ Starred by **${sender.login}** ⭐️`);
});
handler.on('fork', event => {
const repo = event.forkee;
post(`🍴 Forked:\n${repo.html_url} 🍴`);
});
handler.on('pull_request', event => {
const pr = event.pull_request;
const action = event.action;
let text: string;
switch (action) {
case 'opened': text = `New Pull Request:「${pr.title}\n${pr.html_url}`; break;
case 'reopened': text = `Pull Request Reopened:「${pr.title}\n${pr.html_url}`; break;
case 'closed':
text = pr.merged
? `Pull Request Merged!:「${pr.title}\n${pr.html_url}`
: `Pull Request Closed:「${pr.title}\n${pr.html_url}`;
break;
default: return;
}
post(text);
});
createNote(bot, { text });
};
// Init router
const router = new Router();
if (config.github_bot != null) {
const secret = config.github_bot.hook_secret;
router.post('/hooks/github', ctx => {
const sig1 = new Buffer(ctx.headers['x-hub-signature']);
const sig2 = new Buffer(`sha1=${crypto.createHmac('sha1', secret).update(JSON.stringify(ctx.body)).digest('hex')}`);
if (sig1.equals(sig2)) {
handler.emit(ctx.headers['x-github-event'], ctx.body);
ctx.status = 204;
} else {
ctx.status = 400;
}
});
}
module.exports = router;
handler.on('status', event => {
const state = event.state;
switch (state) {
case 'error':
case 'failure':
const commit = event.commit;
const parent = commit.parents[0];
// Fetch parent status
request({
url: `${parent.url}/statuses`,
headers: {
'User-Agent': 'misskey'
}
}, (err, res, body) => {
if (err) {
console.error(err);
return;
}
const parentStatuses = JSON.parse(body);
const parentState = parentStatuses[0].state;
const stillFailed = parentState == 'failure' || parentState == 'error';
if (stillFailed) {
post(`**⚠BUILD STILL FAILED⚠**: ?[${commit.commit.message}](${commit.html_url})`);
} else {
post(`**🚨BUILD FAILED🚨**: →→→?[${commit.commit.message}](${commit.html_url})←←←`);
}
});
break;
}
});
handler.on('push', event => {
const ref = event.ref;
switch (ref) {
case 'refs/heads/master':
const pusher = event.pusher;
const compare = event.compare;
const commits = event.commits;
post([
`Pushed by **${pusher.name}** with ?[${commits.length} commit${commits.length > 1 ? 's' : ''}](${compare}):`,
commits.reverse().map(commit => `・[?[${commit.id.substr(0, 7)}](${commit.url})] ${commit.message.split('\n')[0]}`).join('\n'),
].join('\n'));
break;
case 'refs/heads/release':
const commit = event.commits[0];
post(`RELEASED: ${commit.message}`);
break;
}
});
handler.on('issues', event => {
const issue = event.issue;
const action = event.action;
let title: string;
switch (action) {
case 'opened': title = 'Issue opened'; break;
case 'closed': title = 'Issue closed'; break;
case 'reopened': title = 'Issue reopened'; break;
default: return;
}
post(`${title}: <${issue.number}>「${issue.title}\n${issue.html_url}`);
});
handler.on('issue_comment', event => {
const issue = event.issue;
const comment = event.comment;
const action = event.action;
let text: string;
switch (action) {
case 'created': text = `Commented to「${issue.title}」:${comment.user.login}${comment.body}\n${comment.html_url}`; break;
default: return;
}
post(text);
});
handler.on('watch', event => {
const sender = event.sender;
post(`⭐️ Starred by **${sender.login}** ⭐️`);
});
handler.on('fork', event => {
const repo = event.forkee;
post(`🍴 Forked:\n${repo.html_url} 🍴`);
});
handler.on('pull_request', event => {
const pr = event.pull_request;
const action = event.action;
let text: string;
switch (action) {
case 'opened': text = `New Pull Request:「${pr.title}\n${pr.html_url}`; break;
case 'reopened': text = `Pull Request Reopened:「${pr.title}\n${pr.html_url}`; break;
case 'closed':
text = pr.merged
? `Pull Request Merged!:「${pr.title}\n${pr.html_url}`
: `Pull Request Closed:「${pr.title}\n${pr.html_url}`;
break;
default: return;
}
post(text);
});

181
src/server/api/service/twitter.ts
View File

@ -1,160 +1,155 @@
import * as express from 'express';
import * as cookie from 'cookie';
import * as Koa from 'koa';
import * as Router from 'koa-router';
import * as uuid from 'uuid';
// import * as Twitter from 'twitter';
// const Twitter = require('twitter');
import autwh from 'autwh';
import redis from '../../../db/redis';
import User, { pack } from '../../../models/user';
import User, { pack, ILocalUser } from '../../../models/user';
import event from '../../../publishers/stream';
import config from '../../../config';
import signin from '../common/signin';
module.exports = (app: express.Application) => {
function getUserToken(req: express.Request) {
// req.headers['cookie'] は常に string ですが、型定義の都合上
// string | string[] になっているので string を明示しています
return ((req.headers['cookie'] as string || '').match(/i=(!\w+)/) || [null, null])[1];
function getUserToken(ctx: Koa.Context) {
return ((ctx.headers['cookie'] || '').match(/i=(!\w+)/) || [null, null])[1];
}
function compareOrigin(ctx: Koa.Context) {
function normalizeUrl(url: string) {
return url[url.length - 1] === '/' ? url.substr(0, url.length - 1) : url;
}
function compareOrigin(req: express.Request) {
function normalizeUrl(url: string) {
return url[url.length - 1] === '/' ? url.substr(0, url.length - 1) : url;
}
const referer = ctx.headers['referer'];
// req.headers['referer'] は常に string ですが、型定義の都合上
// string | string[] になっているので string を明示しています
const referer = req.headers['referer'] as string;
return (normalizeUrl(referer) == normalizeUrl(config.url));
}
return (normalizeUrl(referer) == normalizeUrl(config.url));
}
app.get('/disconnect/twitter', async (req, res): Promise<any> => {
if (!compareOrigin(req)) {
res.status(400).send('invalid origin');
return;
}
const userToken = getUserToken(req);
if (userToken == null) return res.send('plz signin');
const user = await User.findOneAndUpdate({
host: null,
'token': userToken
}, {
$set: {
'twitter': null
}
});
res.send(`Twitterの連携を解除しました :v:`);
// Publish i updated event
event(user._id, 'i_updated', await pack(user, user, {
detail: true,
includeSecrets: true
}));
});
if (config.twitter == null) {
app.get('/connect/twitter', (req, res) => {
res.send('現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)');
});
app.get('/signin/twitter', (req, res) => {
res.send('現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)');
});
// Init router
const router = new Router();
router.get('/disconnect/twitter', async ctx => {
if (!compareOrigin(ctx)) {
ctx.throw(400, 'invalid origin');
return;
}
const userToken = getUserToken(ctx);
if (userToken == null) {
ctx.throw(400, 'signin required');
return;
}
const user = await User.findOneAndUpdate({
host: null,
'token': userToken
}, {
$set: {
'twitter': null
}
});
ctx.body = `Twitterの連携を解除しました :v:`;
// Publish i updated event
event(user._id, 'i_updated', await pack(user, user, {
detail: true,
includeSecrets: true
}));
});
if (config.twitter == null) {
router.get('/connect/twitter', ctx => {
ctx.body = '現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)';
});
router.get('/signin/twitter', ctx => {
ctx.body = '現在Twitterへ接続できません (このインスタンスではTwitterはサポートされていません)';
});
} else {
const twAuth = autwh({
consumerKey: config.twitter.consumer_key,
consumerSecret: config.twitter.consumer_secret,
callbackUrl: `${config.url}/api/tw/cb`
});
app.get('/connect/twitter', async (req, res): Promise<any> => {
if (!compareOrigin(req)) {
res.status(400).send('invalid origin');
router.get('/connect/twitter', async ctx => {
if (!compareOrigin(ctx)) {
ctx.throw(400, 'invalid origin');
return;
}
const userToken = getUserToken(req);
if (userToken == null) return res.send('plz signin');
const userToken = getUserToken(ctx);
if (userToken == null) {
ctx.throw(400, 'signin required');
return;
}
const ctx = await twAuth.begin();
redis.set(userToken, JSON.stringify(ctx));
res.redirect(ctx.url);
const twCtx = await twAuth.begin();
redis.set(userToken, JSON.stringify(twCtx));
ctx.redirect(twCtx.url);
});
app.get('/signin/twitter', async (req, res): Promise<any> => {
const ctx = await twAuth.begin();
router.get('/signin/twitter', async ctx => {
const twCtx = await twAuth.begin();
const sessid = uuid();
redis.set(sessid, JSON.stringify(ctx));
redis.set(sessid, JSON.stringify(twCtx));
const expires = 1000 * 60 * 60; // 1h
res.cookie('signin_with_twitter_session_id', sessid, {
ctx.cookies.set('signin_with_twitter_session_id', sessid, {
path: '/',
domain: `.${config.host}`,
secure: config.url.substr(0, 5) === 'https',
domain: config.host,
secure: config.url.startsWith('https'),
httpOnly: true,
expires: new Date(Date.now() + expires),
maxAge: expires
});
res.redirect(ctx.url);
ctx.redirect(twCtx.url);
});
app.get('/tw/cb', (req, res): any => {
const userToken = getUserToken(req);
router.get('/tw/cb', ctx => {
const userToken = getUserToken(ctx);
if (userToken == null) {
// req.headers['cookie'] は常に string ですが、型定義の都合上
// string | string[] になっているので string を明示しています
const cookies = cookie.parse((req.headers['cookie'] as string || ''));
const sessid = ctx.cookies.get('signin_with_twitter_session_id');
const sessid = cookies['signin_with_twitter_session_id'];
if (sessid == undefined) {
res.status(400).send('invalid session');
if (sessid == null) {
ctx.throw(400, 'invalid session');
return;
}
redis.get(sessid, async (_, ctx) => {
const result = await twAuth.done(JSON.parse(ctx), req.query.oauth_verifier);
redis.get(sessid, async (_, twCtx) => {
const result = await twAuth.done(JSON.parse(twCtx), ctx.query.oauth_verifier);
const user = await User.findOne({
host: null,
'twitter.userId': result.userId
});
}) as ILocalUser;
if (user == null) {
res.status(404).send(`@${result.screenName}と連携しているMisskeyアカウントはありませんでした...`);
ctx.throw(404, `@${result.screenName}と連携しているMisskeyアカウントはありませんでした...`);
return;
}
signin(res, user, true);
signin(ctx, user, true);
});
} else {
const verifier = req.query.oauth_verifier;
const verifier = ctx.query.oauth_verifier;
if (verifier == null) {
res.status(400).send('invalid session');
ctx.throw(400, 'invalid session');
return;
}
redis.get(userToken, async (_, ctx) => {
const result = await twAuth.done(JSON.parse(ctx), verifier);
redis.get(userToken, async (_, twCtx) => {
const result = await twAuth.done(JSON.parse(twCtx), verifier);
const user = await User.findOneAndUpdate({
host: null,
'token': userToken
token: userToken
}, {
$set: {
'twitter': {
twitter: {
accessToken: result.accessToken,
accessTokenSecret: result.accessTokenSecret,
userId: result.userId,
@ -163,7 +158,7 @@ module.exports = (app: express.Application) => {
}
});
res.send(`Twitter: @${result.screenName} を、Misskey: @${user.username} に接続しました!`);
ctx.body = `Twitter: @${result.screenName} を、Misskey: @${user.username} に接続しました!`;
// Publish i updated event
event(user._id, 'i_updated', await pack(user, user, {
@ -173,4 +168,6 @@ module.exports = (app: express.Application) => {
});
}
});
};
}
module.exports = router;