660c17b319
### Major changes
- **Client-side identity** — New session key store (`sessionKey.ts`) backed by
`sessionStorage` with a module-level caching, a `crypto.subtle` cache, a `useIdentityLock`
hook for decrypt-once signing, `followSignature.ts` for signed follows, and
two new UI modals (`IdentityBackup.tsx`, `UnlockIdentityModal.tsx`).
`CreateIdentity.tsx` is rewritten to generate BIP-39 mnemonics and encrypt the
Ed25519 keypair with AES-256-GCM via PBKDF2 (600k iterations) before storing
in IndexedDB.
- **Rate limiting** — New `rate-limit-config.ts` and `rate-limit.ts` provide a
per-IP sliding-window rate limiter backed by Redis. All external-facing routes
(`/discover`, `/discover/rotate/*`, `/proxy`, social API endpoints) now have
conservative defaults wired into the custom HTTP server before requests reach
Next.js handlers.
- **Proxy route hardening** — The `/proxy` route now enforces a 256 KB payload
limit (HTTP 413), validates JSON before parsing, applies a per-origin rate
limit (100 req/min), and imports the `blocks` table to reject requests from
blocked servers.
- **Docker integration-test cluster** — New `Dockerfile`, `.dockerignore`, and
`tests/docker-compose.yml` orchestrate three SiPher instances (A, B, C) plus
shared PostgreSQL and Redis. Key generation (`generate-keys.ts`) and discovery
setup (`setup-discovery.ts`) scripts automate cluster bootstrap. Three example
env files document required per-instance configuration.
- **Full test suite overhaul** — Replaces the old attack/auth/discover/key/proxy
tests with a structured suite:
* `tests/federation/` — Keytools unit tests + key-rotation e2e test
* `tests/proxy/` — Proxy relay e2e tests (single-server validation)
* `tests/integration/` — Multi-instance integration tests for discover,
proxy-chain relay, and federated post delivery via BullMQ
* `tests/helpers/` — Reusable DB, identity, and auth-user utilities
* Playwright config updated to match new file conventions
* Unused helpers (`tests/helpers/queue.ts`) removed
- **Social plugin endpoints** — Rewritten `follows.ts`, `blocks.ts`, `mutes.ts`,
and `posts.ts` with proper federation integration. `social.ts` gains helpers
for looking up posts by federation URL.
### Minor changes
- **README** — Expanded from a 42-line stub to a full architecture guide with
tables for every layer (auth, DB, queues, storage, real-time), API route
documentation, setup instructions, environment variables, test coverage, and
the updated roadmap.
- **Federation helpers** — `keytools.ts` refactors imports and cleans up the public surface.
`fetch.ts`, `registry.ts`, and `proxy-helpers/federated-post.ts` pick up small
improvements. `PostFederationSchema` simplifies its encryption type assertion.
- **Plugin infrastructure** — Oven plugin schema and server index gain minor
refactors. Social client adds a `muteUser` method.
- **UI components** — `switch.tsx` and `tooltip.tsx` rewritten for Radix v2 /
Tailwind 4; `accordion.tsx`, `dropdown-menu.tsx`, `form`, `button`, `card` get
minor consistency fixes. `dialog.tsx` removes unused `DialogHeader`.
- **Server bootstrap** — `server.ts` imports DB schema before `instrumentation`
for correct Drizzle initialization, rate-limiting routes are wired, and CORS
allows federation origins. `auth.ts` regenerates Oven and social plugin schemas.
- **Dependencies** — Added `@noble/ciphers` and `@noble/hashes` (crypto
primitives). Removed `@signalapp/libsignal-client`, `base58-js`, `nanostores`,
`tweetnacl-util`, `dexie-react-hooks`, `socket.io-client`. Updated all Better
Auth packages to 1.6.11, BullMQ to 5.76.10, and various dev deps across the
board.
- **.gitignore** — Added `/audits` and `tests/docker/*.env` to prevent secret
leakage.
- **DB schema** — `blocks` table imported in `src/lib/db/schema/index.ts`.
Co-authored-by: Cursor <cursoragent@cursor.com>
150 lines
5 KiB
TypeScript
150 lines
5 KiB
TypeScript
import db from '@/lib/db';
|
|
import { serverRegistry } from '@/lib/db/schema';
|
|
import { FederationError, federationFetch, type FederationErrorCode } from '@/lib/federation/fetch';
|
|
import { assertSafeUrl } from '@/lib/federation/url-guard';
|
|
import createDebug from 'debug';
|
|
import { eq } from 'drizzle-orm';
|
|
|
|
const debug = createDebug('app:federation:registry');
|
|
|
|
export async function upsertServer(url: string, publicKey: string, encryptionPublicKey: string) {
|
|
assertSafeUrl(url);
|
|
return await db.insert(serverRegistry).values({
|
|
id: crypto.randomUUID(),
|
|
url,
|
|
publicKey,
|
|
encryptionPublicKey,
|
|
lastSeen: new Date(),
|
|
createdAt: new Date(),
|
|
updatedAt: new Date(),
|
|
isHealthy: true,
|
|
healthCheckAttempts: 0,
|
|
unhealthyReason: null,
|
|
}).onConflictDoUpdate({
|
|
target: serverRegistry.url,
|
|
set: {
|
|
lastSeen: new Date(),
|
|
updatedAt: new Date(),
|
|
},
|
|
});
|
|
}
|
|
|
|
export async function markServerUnhealthy(serverUrl: string, reason: FederationErrorCode): Promise<void> {
|
|
debug('marking server %s as unhealthy (reason: %s)', serverUrl, reason);
|
|
await db.update(serverRegistry).set({
|
|
isHealthy: false,
|
|
unhealthyReason: reason,
|
|
healthCheckAttempts: 0,
|
|
updatedAt: new Date(),
|
|
}).where(eq(serverRegistry.url, serverUrl));
|
|
|
|
try {
|
|
const { scheduleHealthCheck } = await import('@/lib/bull');
|
|
await scheduleHealthCheck(serverUrl, 0);
|
|
} catch (err) {
|
|
debug('failed to schedule health check for %s: %O', serverUrl, err);
|
|
}
|
|
}
|
|
|
|
export async function markServerHealthy(serverUrl: string): Promise<void> {
|
|
debug('marking server %s as healthy', serverUrl);
|
|
await db.update(serverRegistry).set({
|
|
isHealthy: true,
|
|
unhealthyReason: null,
|
|
healthCheckAttempts: 0,
|
|
lastSeen: new Date(),
|
|
updatedAt: new Date(),
|
|
}).where(eq(serverRegistry.url, serverUrl));
|
|
}
|
|
|
|
export class DiscoveryError extends Error {
|
|
constructor(message: string) {
|
|
super(message);
|
|
this.name = 'DiscoveryError';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Fetches a remote server's /discover endpoint, registers it locally,
|
|
* and POSTs our own info so the remote registers us back (mutual registration).
|
|
* Returns the remote server's encryptionPublicKey on success.
|
|
*/
|
|
export async function discoverAndRegister(serverUrl: string): Promise<string> {
|
|
debug('auto-discovering server %s', serverUrl);
|
|
|
|
assertSafeUrl(serverUrl);
|
|
|
|
let remote: { url?: string; publicKey?: string; encryptionPublicKey?: string };
|
|
try {
|
|
const { response } = await federationFetch(serverUrl + '/discover', {
|
|
serverUrl,
|
|
});
|
|
if (!response.ok) {
|
|
throw new DiscoveryError(`GET /discover returned ${response.status}`);
|
|
}
|
|
remote = await response.json();
|
|
} catch (err) {
|
|
if (err instanceof DiscoveryError) throw err;
|
|
if (err instanceof FederationError) {
|
|
throw new DiscoveryError(`Failed to reach ${serverUrl}/discover: ${err.code}`);
|
|
}
|
|
throw new DiscoveryError(`Failed to reach ${serverUrl}/discover: ${err instanceof Error ? err.message : err}`);
|
|
}
|
|
|
|
if (!remote.publicKey || !remote.encryptionPublicKey) {
|
|
throw new DiscoveryError(`Server ${serverUrl} returned incomplete keys`);
|
|
}
|
|
|
|
const existing = await db
|
|
.select({ publicKey: serverRegistry.publicKey })
|
|
.from(serverRegistry)
|
|
.where(eq(serverRegistry.url, serverUrl))
|
|
.limit(1);
|
|
|
|
if (existing.length > 0 && existing[0].publicKey !== remote.publicKey) {
|
|
throw new DiscoveryError(
|
|
`Server ${serverUrl} presented a different public key than what we have on record. ` +
|
|
`This may indicate a key rotation issue or a compromised server.`,
|
|
);
|
|
}
|
|
|
|
debug('registering remote server %s locally', serverUrl);
|
|
await upsertServer(serverUrl, remote.publicKey, remote.encryptionPublicKey);
|
|
|
|
debug('sending mutual REGISTER to %s', serverUrl);
|
|
try {
|
|
const { response: registerResponse } = await federationFetch(serverUrl + '/discover', {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({
|
|
method: 'REGISTER',
|
|
url: process.env.BETTER_AUTH_URL!,
|
|
publicKey: process.env.FEDERATION_PUBLIC_KEY!,
|
|
encryptionPublicKey: process.env.FEDERATION_ENCRYPTION_PUBLIC_KEY!,
|
|
}),
|
|
serverUrl,
|
|
});
|
|
|
|
// The echo carries the remote server's canonical keys. Use them to
|
|
// confirm the registration we inserted from the GET above.
|
|
if (!registerResponse.ok) {
|
|
throw new DiscoveryError(`Failed to register with ${serverUrl}: ${registerResponse.status}`);
|
|
}
|
|
|
|
const echoBody = await registerResponse.json().catch(() => null);
|
|
const echo = echoBody?.echo as { url?: string; publicKey?: string; encryptionPublicKey?: string } | undefined;
|
|
if (echo?.url && echo.publicKey && echo.encryptionPublicKey) {
|
|
debug('updating registration for %s from echo', serverUrl);
|
|
await upsertServer(echo.url, echo.publicKey, echo.encryptionPublicKey);
|
|
}
|
|
} catch (err) {
|
|
console.warn(
|
|
`[federation] Mutual REGISTER to ${serverUrl} failed (non-fatal):`,
|
|
err instanceof Error ? err.message : err,
|
|
);
|
|
debug('mutual REGISTER to %s failed (non-fatal): %s', serverUrl, err instanceof Error ? err.message : err);
|
|
}
|
|
|
|
debug('auto-discovery of %s complete', serverUrl);
|
|
return remote.encryptionPublicKey;
|
|
}
|