Sharkey/packages/backend/src/server/api/AuthenticateService.ts

/*
 * SPDX-FileCopyrightText: syuilo and other misskey contributors
 * SPDX-License-Identifier: AGPL-3.0-only
 */

import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
import { DI } from '@/di-symbols.js';
import type { AccessTokensRepository, AppsRepository, UsersRepository } from '@/models/_.js';
import type { MiLocalUser } from '@/models/User.js';
import type { MiAccessToken } from '@/models/AccessToken.js';
import { MemoryKVCache } from '@/misc/cache.js';
import type { MiApp } from '@/models/App.js';
import { CacheService } from '@/core/CacheService.js';
import isNativeToken from '@/misc/is-native-token.js';
import { bindThis } from '@/decorators.js';

export class AuthenticationError extends Error {
	constructor(message: string) {
		super(message);
		this.name = 'AuthenticationError';
	}
}

@Injectable()
export class AuthenticateService implements OnApplicationShutdown {
	private appCache: MemoryKVCache<MiApp>;

	constructor(
		@Inject(DI.usersRepository)
		private usersRepository: UsersRepository,

		@Inject(DI.accessTokensRepository)
		private accessTokensRepository: AccessTokensRepository,

		@Inject(DI.appsRepository)
		private appsRepository: AppsRepository,

		private cacheService: CacheService,
	) {
		this.appCache = new MemoryKVCache<MiApp>(Infinity);
	}

	@bindThis
	public async authenticate(token: string | null | undefined): Promise<[MiLocalUser | null, MiAccessToken | null]> {
		if (token == null) {
			return [null, null];
		}

		if (isNativeToken(token)) {
			const user = await this.cacheService.localUserByNativeTokenCache.fetch(token,
				() => this.usersRepository.findOneBy({ token }) as Promise<MiLocalUser | null>);

			if (user == null) {
				throw new AuthenticationError('user not found');
			}

			return [user, null];
		} else {
			const accessToken = await this.accessTokensRepository.findOne({
				where: [{
					hash: token.toLowerCase(), // app
				}, {
					token: token, // miauth
				}],
			});

			if (accessToken == null) {
				throw new AuthenticationError('invalid signature');
			}

			this.accessTokensRepository.update(accessToken.id, {
				lastUsedAt: new Date(),
			});

			const user = await this.cacheService.localUserByIdCache.fetch(accessToken.userId,
				() => this.usersRepository.findOneBy({
					id: accessToken.userId,
				}) as Promise<MiLocalUser>);

			if (accessToken.appId) {
				const app = await this.appCache.fetch(accessToken.appId,
					() => this.appsRepository.findOneByOrFail({ id: accessToken.appId! }));

				return [user, {
					id: accessToken.id,
					permission: app.permission,
				} as MiAccessToken];
			} else {
				return [user, accessToken];
			}
		}
	}

	@bindThis
	public dispose(): void {
		this.appCache.dispose();
	}

	@bindThis
	public onApplicationShutdown(signal?: string | undefined): void {
		this.dispose();
	}
}
chore: 著作権とライセンスについての情報を各ファイルに追加する (#11348) * chore: Add the SPDX information to each file Add copyright and licensing information as defined in version 3.0 of the REUSE Specification. * tweak format --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-27 08:31:52 +03:00			`/*`
			`* SPDX-FileCopyrightText: syuilo and other misskey contributors`
			`* SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

fix(backend): キャッシュが溜まり続けないように Related #10984 2023-06-10 07:45:11 +03:00			`import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`import { DI } from '@/di-symbols.js';`
update deps (#11820) * update deps * fix * wip * wip * wip * Update docker-compose.yml.example * Delete reviewer-lottery.yml * Update RepositoryModule.ts * wip * wip * clean up * update deps * wip * wip 2023-09-15 08:28:29 +03:00			`import type { AccessTokensRepository, AppsRepository, UsersRepository } from '@/models/_.js';`
refactor(backend): update directory structure for models 2023-09-20 05:33:36 +03:00			`import type { MiLocalUser } from '@/models/User.js';`
			`import type { MiAccessToken } from '@/models/AccessToken.js';`
refactor(backend): rename Cache -> MemoryCache 2023-04-04 09:56:47 +03:00			`import { MemoryKVCache } from '@/misc/cache.js';`
refactor(backend): update directory structure for models 2023-09-20 05:33:36 +03:00			`import type { MiApp } from '@/models/App.js';`
enhance(backend): improve cache 2023-04-04 11:32:09 +03:00			`import { CacheService } from '@/core/CacheService.js';`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`import isNativeToken from '@/misc/is-native-token.js';`
refactor: introduce bindThis decorator to bind this automaticaly 2022-12-04 08:03:09 +02:00			`import { bindThis } from '@/decorators.js';`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00
			`export class AuthenticationError extends Error {`
			`constructor(message: string) {`
			`super(message);`
			`this.name = 'AuthenticationError';`
			`}`
			`}`

			`@Injectable()`
fix(backend): キャッシュが溜まり続けないように Related #10984 2023-06-10 07:45:11 +03:00			`export class AuthenticateService implements OnApplicationShutdown {`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`private appCache: MemoryKVCache<MiApp>;`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00
			`constructor(`
			`@Inject(DI.usersRepository)`
			`private usersRepository: UsersRepository,`

			`@Inject(DI.accessTokensRepository)`
			`private accessTokensRepository: AccessTokensRepository,`

			`@Inject(DI.appsRepository)`
			`private appsRepository: AppsRepository,`

enhance(backend): improve cache 2023-04-04 11:32:09 +03:00			`private cacheService: CacheService,`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`) {`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`this.appCache = new MemoryKVCache<MiApp>(Infinity);`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`}`

refactor: introduce bindThis decorator to bind this automaticaly 2022-12-04 08:03:09 +02:00			`@bindThis`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`public async authenticate(token: string \| null \| undefined): Promise<[MiLocalUser \| null, MiAccessToken \| null]> {`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`if (token == null) {`
			`return [null, null];`
			`}`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`if (isNativeToken(token)) {`
enhance(backend): improve cache 2023-04-04 11:32:09 +03:00			`const user = await this.cacheService.localUserByNativeTokenCache.fetch(token,`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`() => this.usersRepository.findOneBy({ token }) as Promise<MiLocalUser \| null>);`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`if (user == null) {`
			`throw new AuthenticationError('user not found');`
			`}`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`return [user, null];`
			`} else {`
			`const accessToken = await this.accessTokensRepository.findOne({`
			`where: [{`
			`hash: token.toLowerCase(), // app`
			`}, {`
			`token: token, // miauth`
			`}],`
			`});`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`if (accessToken == null) {`
			`throw new AuthenticationError('invalid signature');`
			`}`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`this.accessTokensRepository.update(accessToken.id, {`
			`lastUsedAt: new Date(),`
			`});`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
enhance(backend): improve cache 2023-04-04 11:32:09 +03:00			`const user = await this.cacheService.localUserByIdCache.fetch(accessToken.userId,`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`() => this.usersRepository.findOneBy({`
			`id: accessToken.userId,`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`}) as Promise<MiLocalUser>);`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`if (accessToken.appId) {`
test 2022-09-18 21:11:50 +03:00			`const app = await this.appCache.fetch(accessToken.appId,`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`() => this.appsRepository.findOneByOrFail({ id: accessToken.appId! }));`
cleanup: trim trailing whitespace (#11136) * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp> 2023-07-08 01:08:16 +03:00
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`return [user, {`
			`id: accessToken.id,`
			`permission: app.permission,`
refactor: prefix Mi for all entities (#11719) * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf. 2023-08-16 11:51:28 +03:00			`} as MiAccessToken];`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`} else {`
			`return [user, accessToken];`
			`}`
			`}`
			`}`
fix(backend): キャッシュが溜まり続けないように Related #10984 2023-06-10 07:45:11 +03:00
			`@bindThis`
			`public dispose(): void {`
			`this.appCache.dispose();`
			`}`

			`@bindThis`
			`public onApplicationShutdown(signal?: string \| undefined): void {`
			`this.dispose();`
			`}`
なんかもうめっちゃ変えた 2022-09-17 21:27:08 +03:00			`}`