From 4b594516ec5fe6d849663d877db5a0614de03089 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 12 Sep 2023 11:43:12 +0200
Subject: [feature] Allow admins to expire remote public keys; refetch expired
 keys on demand (#2183)

---
 web/source/settings/admin/actions.js               | 62 ----------------------
 .../settings/admin/actions/keys/expireremote.jsx   | 61 +++++++++++++++++++++
 web/source/settings/admin/actions/keys/index.jsx   | 32 +++++++++++
 .../settings/admin/actions/media/cleanup.jsx       | 59 ++++++++++++++++++++
 web/source/settings/admin/actions/media/index.jsx  | 32 +++++++++++
 web/source/settings/index.js                       |  7 ++-
 web/source/settings/lib/query/admin/index.js       |  9 ++++
 7 files changed, 198 insertions(+), 64 deletions(-)
 delete mode 100644 web/source/settings/admin/actions.js
 create mode 100644 web/source/settings/admin/actions/keys/expireremote.jsx
 create mode 100644 web/source/settings/admin/actions/keys/index.jsx
 create mode 100644 web/source/settings/admin/actions/media/cleanup.jsx
 create mode 100644 web/source/settings/admin/actions/media/index.jsx

(limited to 'web/source/settings')

diff --git a/web/source/settings/admin/actions.js b/web/source/settings/admin/actions.js
deleted file mode 100644
index 7f25299e5..000000000
--- a/web/source/settings/admin/actions.js
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-	GoToSocial
-	Copyright (C) GoToSocial Authors admin@gotosocial.org
-	SPDX-License-Identifier: AGPL-3.0-or-later
-
-	This program is free software: you can redistribute it and/or modify
-	it under the terms of the GNU Affero General Public License as published by
-	the Free Software Foundation, either version 3 of the License, or
-	(at your option) any later version.
-
-	This program is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-	GNU Affero General Public License for more details.
-
-	You should have received a copy of the GNU Affero General Public License
-	along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-"use strict";
-
-const React = require("react");
-
-const query = require("../lib/query");
-
-const { useTextInput } = require("../lib/form");
-const { TextInput } = require("../components/form/inputs");
-
-const MutationButton = require("../components/form/mutation-button");
-
-module.exports = function AdminActionPanel() {
-	const daysField = useTextInput("days", { defaultValue: 30 });
-
-	const [mediaCleanup, mediaCleanupResult] = query.useMediaCleanupMutation();
-
-	function submitMediaCleanup(e) {
-		e.preventDefault();
-		mediaCleanup(daysField.value);
-	}
-
-	return (
-		<>
-			<h1>Admin Actions</h1>
-			<form onSubmit={submitMediaCleanup}>
-				<h2>Media cleanup</h2>
-				<p>
-					Clean up remote media older than the specified number of days.
-					If the remote instance is still online they will be refetched when needed.
-					Also cleans up unused headers and avatars from the media cache.
-				</p>
-				<TextInput
-					field={daysField}
-					label="Days"
-					type="number"
-					min="0"
-					placeholder="30"
-				/>
-				<MutationButton label="Remove old media" result={mediaCleanupResult} />
-			</form>
-		</>
-	);
-};
\ No newline at end of file
diff --git a/web/source/settings/admin/actions/keys/expireremote.jsx b/web/source/settings/admin/actions/keys/expireremote.jsx
new file mode 100644
index 000000000..b9045a7ed
--- /dev/null
+++ b/web/source/settings/admin/actions/keys/expireremote.jsx
@@ -0,0 +1,61 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+"use strict";
+
+const React = require("react");
+
+const query = require("../../../lib/query");
+
+const { useTextInput } = require("../../../lib/form");
+const { TextInput } = require("../../../components/form/inputs");
+
+const MutationButton = require("../../../components/form/mutation-button");
+
+module.exports = function ExpireRemote({}) {
+	const domainField = useTextInput("domain");
+
+	const [expire, expireResult] = query.useInstanceKeysExpireMutation();
+
+	function submitExpire(e) {
+		e.preventDefault();
+		expire(domainField.value);
+	}
+
+	return (
+		<form onSubmit={submitExpire}>
+			<h2>Expire remote instance keys</h2>
+			<p>
+				Mark all public keys from the given remote instance as expired.<br/><br/>
+				This is useful in cases where the remote domain has had to rotate their keys for whatever
+				reason (security issue, data leak, routine safety procedure, etc), and your instance can no
+				longer communicate with theirs properly using cached keys. A key marked as expired in this way
+				will be lazily refetched next time a request is made to your instance signed by the owner of that
+				key.
+			</p>
+			<TextInput
+				field={domainField}
+				label="Domain"
+				type="string"
+				placeholder="example.org"
+			/>
+			<MutationButton label="Expire keys" result={expireResult} />
+		</form>
+	);
+};
diff --git a/web/source/settings/admin/actions/keys/index.jsx b/web/source/settings/admin/actions/keys/index.jsx
new file mode 100644
index 000000000..b40835c12
--- /dev/null
+++ b/web/source/settings/admin/actions/keys/index.jsx
@@ -0,0 +1,32 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+"use strict";
+
+const React = require("react");
+const ExpireRemote = require("./expireremote");
+
+module.exports = function Keys() {
+	return (
+		<>
+			<h1>Key Actions</h1>
+			<ExpireRemote />
+		</>
+	);
+};
diff --git a/web/source/settings/admin/actions/media/cleanup.jsx b/web/source/settings/admin/actions/media/cleanup.jsx
new file mode 100644
index 000000000..61ee15258
--- /dev/null
+++ b/web/source/settings/admin/actions/media/cleanup.jsx
@@ -0,0 +1,59 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+"use strict";
+
+const React = require("react");
+
+const query = require("../../../lib/query");
+
+const { useTextInput } = require("../../../lib/form");
+const { TextInput } = require("../../../components/form/inputs");
+
+const MutationButton = require("../../../components/form/mutation-button");
+
+module.exports = function Cleanup({}) {
+	const daysField = useTextInput("days", { defaultValue: 30 });
+
+	const [mediaCleanup, mediaCleanupResult] = query.useMediaCleanupMutation();
+
+	function submitCleanup(e) {
+		e.preventDefault();
+		mediaCleanup(daysField.value);
+	}
+    
+	return (
+		<form onSubmit={submitCleanup}>
+			<h2>Cleanup</h2>
+			<p>
+					Clean up remote media older than the specified number of days.
+					If the remote instance is still online they will be refetched when needed.
+					Also cleans up unused headers and avatars from the media cache.
+			</p>
+			<TextInput
+				field={daysField}
+				label="Days"
+				type="number"
+				min="0"
+				placeholder="30"
+			/>
+			<MutationButton label="Remove old media" result={mediaCleanupResult} />
+		</form>
+	);
+};
diff --git a/web/source/settings/admin/actions/media/index.jsx b/web/source/settings/admin/actions/media/index.jsx
new file mode 100644
index 000000000..c5167506a
--- /dev/null
+++ b/web/source/settings/admin/actions/media/index.jsx
@@ -0,0 +1,32 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+"use strict";
+
+const React = require("react");
+const Cleanup = require("./cleanup");
+
+module.exports = function Media() {
+	return (
+		<>
+			<h1>Media Actions</h1>
+			<Cleanup />
+		</>
+	);
+};
diff --git a/web/source/settings/index.js b/web/source/settings/index.js
index 398bca0f6..9758e89e6 100644
--- a/web/source/settings/index.js
+++ b/web/source/settings/index.js
@@ -55,7 +55,10 @@ const { Sidebar, ViewRouter } = createNavigation("/settings", [
 		defaultUrl: "/settings/admin/settings",
 		permissions: ["admin"]
 	}, [
-		Item("Actions", { icon: "fa-bolt" }, require("./admin/actions")),
+		Menu("Actions", { icon: "fa-bolt" }, [
+			Item("Media", { icon: "fa-photo" }, require("./admin/actions/media")),
+			Item("Keys", { icon: "fa-key-modern" }, require("./admin/actions/keys")),
+		]),
 		Menu("Custom Emoji", { icon: "fa-smile-o" }, [
 			Item("Local", { icon: "fa-home", wildcard: true }, require("./admin/emoji/local")),
 			Item("Remote", { icon: "fa-cloud" }, require("./admin/emoji/remote"))
@@ -63,7 +66,7 @@ const { Sidebar, ViewRouter } = createNavigation("/settings", [
 		Menu("Settings", { icon: "fa-sliders" }, [
 			Item("Settings", { icon: "fa-sliders", url: "" }, require("./admin/settings")),
 			Item("Rules", { icon: "fa-dot-circle-o", wildcard: true }, require("./admin/settings/rules"))
-		])
+		]),
 	])
 ]);
 
diff --git a/web/source/settings/lib/query/admin/index.js b/web/source/settings/lib/query/admin/index.js
index 515d8edcf..7b46e6ba4 100644
--- a/web/source/settings/lib/query/admin/index.js
+++ b/web/source/settings/lib/query/admin/index.js
@@ -47,6 +47,15 @@ const endpoints = (build) => ({
 			}
 		})
 	}),
+	instanceKeysExpire: build.mutation({
+		query: (domain) => ({
+			method: "POST",
+			url: `/api/v1/admin/domain_keys_expire`,
+			params: {
+				domain: domain
+			}
+		})
+	}),
 	instanceBlocks: build.query({
 		query: () => ({
 			url: `/api/v1/admin/domain_blocks`
-- 
cgit v1.2.3