Commit Graph

58 Commits

Author SHA1 Message Date
cyph3rasi 1b0b3d8d52 Fix federation flows and add versioned updater 2026-03-07 21:55:55 -08:00
cyph3rasi 5d524a0354 Fix federated interactions and reply threads 2026-03-07 21:27:22 -08:00
cyph3rasi 1e2da4f2da Fix swarm signature verification payloads 2026-03-07 21:03:47 -08:00
cyph3rasi 853c564755 Fix swarm bootstrap for logo-less nodes 2026-03-07 20:54:30 -08:00
cyph3rasi 2acebc15a5 Fix node asset cache busting 2026-03-07 20:32:30 -08:00
cyph3rasi 76ca21e14f Prompt for upload re-auth on demand 2026-03-07 18:29:18 -08:00
cyph3rasi 28eb46d653 Make user media uploads session-backed 2026-03-07 18:14:02 -08:00
cyph3rasi 70e6b6fdf6 Remove shared storage and restore user-owned uploads 2026-03-07 17:03:50 -08:00
cyph3rasi ae2c34df6c Add installer, CI, ARM build and test updates
Introduce a one‑line Docker installer and environment examples, add CI and docker validation workflows, and update docs and tests.

Key changes:
- Add docker/install.sh installer that bootstraps /opt/synapsis, downloads compose files, optionally installs Docker, and generates secrets.
- Add top-level .env.example and docker/.env.example entries for shared storage and local development.
- Add GitHub Actions CI (ci.yml) with type checks, targeted vitest runs, build and docker-compose validation.
- Update existing docker workflow to set up QEMU and build multi‑arch images (amd64, arm64).
- Update README and docker/README to use the installer, point to the new repo, adjust local setup instructions, and note shared S3 env vars.
- Update docker-compose comments and include shared S3 env variables and defaults.
- Update .gitignore to ignore site-work mirrors.
- Tests: expand supported bot source types (add brave_news, youtube), increase POST_MAX_LENGTH from 400 to 600, add minimal user handle in mention handler tests, and add mocks & test adjustments in scheduler tests to keep them unit-scoped.

These changes simplify installation, add CI coverage (including Docker config validation), enable multi‑arch builds, and align tests with expanded bot source/validation behavior.
2026-03-07 16:11:37 -08:00
Christomatt a686db38b0 Docker hardening + first-run fixes 2026-02-05 02:49:34 +01:00
Christomatt 38ddbf8bc1 feat: Introduce runtime configuration for domain and enhance S3 storage settings with public base URL and Contabo support. 2026-02-03 01:27:46 +01:00
Christomatt 90dfd62434 feat: store node logo/favicon in postgres instead of S3
- Add logoData and faviconData columns to nodes table
- Create /api/admin/node/upload endpoint for direct DB storage
- Create /api/node/logo and /api/node/favicon endpoints to serve images
- Update admin page to use new upload endpoint
- Remove dependency on admin's personal S3 storage for node assets
2026-02-01 16:29:39 +01:00
Christomatt 265d7dba66 fix: update generateAndUploadAvatarToUserStorage signature to accept undefined 2026-02-01 04:28:15 +01:00
Christomatt 88a46ea441 chore: remove unused ipfs.ts file (conflicting function names) 2026-02-01 04:24:00 +01:00
Christomatt 13b38f0a7b fix: bot avatar generation - decrypt credentials before passing to S3 2026-02-01 04:16:42 +01:00
Christomatt 1f171e127f fix: remove duplicate owner variable in botManager 2026-02-01 02:55:48 +01:00
Christomatt f55dec9a60 feat: user-owned S3-compatible storage with credential verification 2026-02-01 02:51:52 +01:00
Clawd Deploy Bot 50355b740a Security fixes: swarm signature verification and error handling 2026-01-30 16:50:49 +01:00
Christomatt 495a037eb1 feat: Add optional publicKey field to interaction type. 2026-01-30 08:47:26 +01:00
Christomatt 374bfadc74 feat: Add public key to user profiles in API responses and update user caching logic to store and manage it. 2026-01-30 05:16:49 +01:00
Christomatt 10a54a0ea9 feat: Implement identity lock screen for sensitive user actions and introduce avatar generation. 2026-01-30 04:44:57 +01:00
Christomatt 9710a16f83 feat: Implement remote user profile caching and enhance chat conversation list display with updated styling. 2026-01-29 01:00:22 +01:00
Christopher ceae76d58f Refactor chat system to remove E2EE and simplify messaging
Removed all E2EE chat endpoints, crypto logic, and related API routes, transitioning chat to plain text storage and transport. Updated chat send/receive endpoints to use signed actions and enforce DM privacy settings. Cleaned up Swarm chat inbox, key management, and related debug endpoints. Updated user profile to support DM privacy, improved search for handle queries, and refactored conversation/message logic to support the new model. Migrated bot settings and privacy settings to new locations.
2026-01-28 13:05:34 -08:00
Christopher 558c1aecdf Ensure chat key fetches bypass cache
Added `{ cache: 'no-store' }` to fetch requests for chat keys in both the chat page and useSodiumChat hook to prevent stale key data. Also updated the chat key query to order by `lastSeenAt` descending, ensuring the most recent bundle is retrieved.
2026-01-28 07:48:10 -08:00
Christopher 70b86244a7 Refactor Base64 variant handling in tryDecodeBase64
Simplifies and clarifies the logic for selecting Base64 variants by using a Set to ensure uniqueness and order. This change improves maintainability and robustness when decoding Base64 strings with different variants.
2026-01-28 07:22:11 -08:00
Christopher f678f1f87e Refactor handle registry updates and improve key decoding
Removed 'healing' logic and authoritative update propagation from handle registry and gossip code, simplifying handle upserts to only update on strictly newer timestamps. Enhanced sodium-chat key handling with robust base64 decoding and key repair logic. Added scripts for key inspection and crypto testing. Deleted unused healing module.
2026-01-28 07:16:15 -08:00
Christopher 36f653d500 Improve handle registry healing and gossip propagation
Added healing utilities to update the handle registry when a user profile is found at a new node domain. Enhanced upsertHandleEntries to accept a sourceDomain parameter, allowing authoritative updates from the owning node. Updated gossip logic to pass sender/target domains for proper trust handling during handle propagation. Integrated healing logic into chat key lookup to keep the registry accurate.
2026-01-28 06:55:13 -08:00
Christopher 4ab464bcaa Fix crypto_generichash usage in useUserIdentity
Adds the missing third argument (null) to sodium.crypto_generichash to ensure correct hashing behavior when generating the salt for storage key derivation.
2026-01-28 06:16:35 -08:00
Christopher 015d4ecbd8 Add check for user DID before key verification
Throws an error if the user DID is not available before attempting to verify the key on the server, preventing potential runtime errors.
2026-01-28 06:12:51 -08:00
Christopher a87977241c Refactor chat encryption to use sodium, update API
Replaces legacy chat encryption modules with new sodium-based implementation. Adds and updates API routes for chat key management and debugging, introduces new hooks and scripts for sodium chat, and updates related database schema and configuration. Removes old crypto modules and updates dependencies accordingly.
2026-01-28 06:07:03 -08:00
Christopher 222f1c6d8a Add sender DID resolution and self-decryption for chat messages
The messages API now resolves and includes sender DIDs for received messages, enabling proper decryption in the chat UI. The chat page adds logic to decrypt self-encrypted messages for sent items and improves V2 envelope handling, while useChatEncryption now serializes ratchet state before storage.
2026-01-27 22:06:47 -08:00
Christopher 3c7937312d Add self-encryption for sent chat messages
Introduces helper functions to encrypt and decrypt a copy of sent messages for the sender using AES-GCM with a key derived from the identity public key. Updates message sending to include a self-encrypted payload, and modifies message reading logic to allow the sender to decrypt their own messages on any device.
2026-01-27 21:46:48 -08:00
Christopher dd87d51fa6 Add V2 chat protocol support and improve error handling
Introduces support for V2 encrypted chat envelopes in the swarm inbox route, allowing storage and processing of new message formats. Enhances error handling and logging in both chat send and encryption hooks, including detection of remote nodes that do not support the V2 protocol and providing clearer error messages for users and developers.
2026-01-27 21:25:51 -08:00
Christopher e92c747a5b Improve chat encryption, delivery, and session handling
Adds robust session serialization/deserialization for ratchet state, session cleanup for corrupted data, and improved error handling in chat encryption hooks. Enhances chat delivery to support both local and remote recipients, ensures conversation creation, and adds timeouts to key fetches. Also introduces utilities for deleting and clearing encrypted session data from storage.
2026-01-27 20:36:03 -08:00
Christopher 8c3dffaa4c Add placeholder signature to bundle payload
Introduced a 'signature' field with a placeholder value ('signed-by-did-envelope') in the bundle payload to satisfy expected structure and prevent potential issues with undefined values. Added detailed comments explaining the reasoning and context for this change, particularly regarding the signing of the signedPreKey and the use of the DID key.
2026-01-27 20:11:23 -08:00
Christopher 96053ebd65 Improve chat key fetch and self-repair logic
Refactors the chat key fetch API to support fallback lookups using user handle and did:web aliasing, improving reliability when primary lookups fail. Updates useChatEncryption to detect and repair 'Zombie State' where local keys exist but are missing on the server, ensuring keys are republished as needed. Modifies sendMessage to pass recipient handle and bind sessions to the correct DID, supporting aliasing scenarios.
2026-01-27 19:45:36 -08:00
Christopher 7eae96bc44 Add remote key fetch proxy and improve chat reliability
Introduces an API route to proxy remote key bundle fetches, improving CORS handling for secure chat. Updates chat UI to handle error states and retries, enhances key/identity synchronization, and refactors message sending to support remote node domains. Also adds CORS preflight support to the .well-known chat route and improves in-memory key store management.
2026-01-27 19:34:37 -08:00
Christopher 33295b744e Add DID support and improve login state handling
Introduces a 'did' field to SwarmUserProfile and related API routes to support decentralized identifiers. Refactors login flow to use soft navigation and synchronize AuthContext state, including new 'login' and enhanced 'unlockIdentity' methods for better user state management.
2026-01-27 19:10:07 -08:00
Christopher f59625c83f Revamp chat UI and add V2 encrypted messaging support
Major update to chat page with new conversation list, message thread view, and support for V2 end-to-end encrypted messaging using DIDs. Adds chat lock state, message sending, conversation deletion, and improved polling. Updates user API and types to include DID and chatPublicKey. Fixes race conditions in feed loading, adds message button to user profile, and improves crypto and identity hooks for better locked/unlocked state detection.
2026-01-27 18:33:56 -08:00
Christopher 9ee0cbbb9a feat: Implement end-to-end encrypted chat with new API routes, crypto utilities, and UI components. 2026-01-27 17:59:08 -08:00
Christopher 5903022f8a Add encrypted key support for chat and nodes
Introduces encrypted private key storage for nodes and users, updates chat message schema to support sender-side encryption, and adds supporting libraries and tests for cryptographic signing and identity unlock flows. Includes new database migrations, API route updates, and React components for identity unlock prompts.
2026-01-27 17:13:28 -08:00
Christopher 44610157a1 Add chat page, improve chat API, and remove ChatWidget
Introduces a new chat page with end-to-end encryption, conversation list, and message thread UI. Adds new API endpoints for unread message count and debugging chat keys/messages. Improves chat key validation and reciprocal conversation/message creation for local recipients. Removes the old ChatWidget component. Updates login and chat API logic for better Turnstile and key handling.
2026-01-27 01:05:40 -08:00
Christomatt 75a2d87d9a feat: Implement a new chat widget with enhanced encryption handling and supporting utility scripts, replacing the old chat page. 2026-01-27 08:07:32 +01:00
Christomatt 7d1e22e457 feat(chat): Enhance message decryption with improved key management and debug logging
- Add recipient public key fetching in messages API endpoint for sent message decryption
- Include `isE2E` flag in message response to indicate end-to-end encryption status
- Simplify encrypted content handling by always returning `encryptedContent` field
- Add comprehensive debug logging throughout message loading pipeline for troubleshooting
- Improve key resolution logic to fetch recipient keys when not available in conversation data
- Add detailed logging for each message processing step including key availability and decryption status
- Enhance error handling with more descriptive error messages in key fetching operations
- Better distinguish between sent and received message decryption requirements with clear comments
2026-01-27 06:18:20 +01:00
Christomatt 1726ef0c7b feat: include chatPublicKey in user profiles and the swarm user interface. 2026-01-27 04:00:27 +01:00
Christomatt f0253581d2 feat(chat): Implement client-side end-to-end encryption with key management
- Add chat keys API endpoint for storing and retrieving encrypted RSA public/private key pairs
- Create client-side crypto utilities for E2E encryption/decryption with hybrid encryption support
- Implement useChatEncryption hook for managing encryption state and key generation in chat UI
- Add chatPublicKey and chatPrivateKeyEncrypted fields to user schema for key storage
- Update chat messages API to return encrypted content with sender's public key for decryption
- Modify send message endpoint to accept pre-encrypted content from client while maintaining legacy server-side encryption
- Update chat page UI to integrate client-side encryption workflow
- Ensure private keys are encrypted client-side with user password before transmission to server
- Server cannot decrypt message content in E2E mode, providing true end-to-end encryption
2026-01-27 03:38:54 +01:00
Christomatt 8e7c6353f3 feat(chat): Upgrade to hybrid encryption with AES-256-GCM and RSA-OAEP
- Replace pure RSA encryption with hybrid encryption scheme for better performance
- Implement AES-256-GCM for fast message encryption without size limitations
- Use RSA-OAEP for secure AES key exchange between chat participants
- Add EncryptedPayload interface to structure encrypted data (key, IV, ciphertext, auth tag)
- Update encryptMessage() to generate random AES key and IV, encrypt with AES-GCM, then wrap AES key with RSA
- Update decryptMessage() to unwrap AES key with RSA, then decrypt message with AES-GCM
- Include GCM authentication tag for message integrity verification
- Encode all binary components as base64 strings in JSON payload for transport
- Improves encryption performance while maintaining security for end-to-end swarm messaging
2026-01-27 01:42:17 +01:00
Christomatt eb63194c56 refactor: Migrate from ActivityPub federation to native Swarm network
- Remove ActivityPub infrastructure (webfinger, nodeinfo, inbox, activities, signatures)
- Implement native peer-to-peer Swarm network with gossip protocol
- Replace federated timeline with Swarm timeline aggregating posts from all nodes
- Migrate direct messaging to end-to-end encrypted Swarm Chat system
- Update user interactions (follow, like, repost) to use Swarm protocol
- Add cryptographic key management for DID-based identity system
- Remove server-bound identity model in favor of portable DID identities
- Update documentation to reflect Swarm architecture and capabilities
- Add debug utilities and chat testing tools for Swarm network
- Refactor database schema to support distributed user directory
- Update bot framework to work with Swarm network interactions
- Simplify API routes to use Swarm protocol instead of ActivityPub
- This transition enables true peer-to-peer communication, instant interactions, and encrypted messaging while maintaining sovereign identity through DIDs
2026-01-27 01:27:15 +01:00
Christomatt 6b8eeb6814 feat(chat): Implement end-to-end encrypted swarm messaging system
- Add Swarm Chat documentation with architecture, API endpoints, and security considerations
- Create database schema for chat conversations, messages, and typing indicators
- Implement chat API endpoints for sending, receiving, and managing messages
- Add client-side encryption utilities using RSA-OAEP with SHA-256
- Create chat page UI for viewing conversations and messages
- Add chat type definitions for TypeScript support
- Update database schema with new chat tables and relationships
- Update sidebar navigation to include chat link
- Enable true end-to-end encrypted messaging across swarm nodes without ActivityPub limitations
2026-01-26 20:00:17 +01:00
Christomatt 5b0269af34 feat(auth): Integrate Cloudflare Turnstile bot protection and enhance swarm tracking
- Add Cloudflare Turnstile integration for login and registration forms
- Create turnstile verification utility with server-side token validation
- Add turnstile_site_key and turnstile_secret_key fields to nodes table
- Implement admin panel UI for configuring Turnstile keys in settings
- Update login and register API routes to verify Turnstile tokens
- Expose turnstile_site_key via GET /api/node endpoint for frontend
- Add admin endpoint to save and update Turnstile configuration
- Create remote_likes and remote_reposts tables for federated interaction tracking
- Add swarm reply metadata fields (swarm_reply_to_id, swarm_reply_to_content, swarm_reply_to_author) to posts table
- Add comprehensive TURNSTILE_SETUP.md documentation with setup instructions and security notes
- Create database migration 0007 with schema updates and indexes
- Protects against bot registrations and automated attacks on federated nodes
2026-01-26 18:10:48 +01:00