-424

src/api/identity.rs

··· 1 1 - use axum::{ 2 2 - extract::{State, Path}, 3 3 - Json, 4 4 - response::{IntoResponse, Response}, 5 5 - http::StatusCode, 6 6 - }; 7 7 - use serde::{Deserialize, Serialize}; 8 8 - use serde_json::json; 9 9 - use crate::state::AppState; 10 10 - use sqlx::Row; 11 11 - use bcrypt::{hash, DEFAULT_COST}; 12 12 - use tracing::{info, error}; 13 13 - use jacquard_repo::{mst::Mst, commit::Commit, storage::BlockStore}; 14 14 - use jacquard::types::{string::Tid, did::Did, integer::LimitedU32}; 15 15 - use std::sync::Arc; 16 16 - use k256::SecretKey; 17 17 - use rand::rngs::OsRng; 18 18 - use base64::Engine; 19 19 - use reqwest; 20 20 - 21 21 - #[derive(Deserialize)] 22 22 - pub struct CreateAccountInput { 23 23 - pub handle: String, 24 24 - pub email: String, 25 25 - pub password: String, 26 26 - #[serde(rename = "inviteCode")] 27 27 - pub invite_code: Option<String>, 28 28 - pub did: Option<String>, 29 29 - } 30 30 - 31 31 - #[derive(Serialize)] 32 32 - #[serde(rename_all = "camelCase")] 33 33 - pub struct CreateAccountOutput { 34 34 - pub access_jwt: String, 35 35 - pub refresh_jwt: String, 36 36 - pub handle: String, 37 37 - pub did: String, 38 38 - } 39 39 - 40 40 - pub async fn create_account( 41 41 - State(state): State<AppState>, 42 42 - Json(input): Json<CreateAccountInput>, 43 43 - ) -> Response { 44 44 - info!("create_account hit: {}", input.handle); 45 45 - if input.handle.contains('!') || input.handle.contains('@') { 46 46 - return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidHandle", "message": "Handle contains invalid characters"}))).into_response(); 47 47 - } 48 48 - 49 49 - let did = if let Some(d) = &input.did { 50 50 - if d.trim().is_empty() { 51 51 - format!("did:plc:{}", uuid::Uuid::new_v4()) 52 52 - } else { 53 53 - let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 54 54 - if let Err(e) = verify_did_web(d, &hostname, &input.handle).await { 55 55 - return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidDid", "message": e}))).into_response(); 56 56 - } 57 57 - d.clone() 58 58 - } 59 59 - } else { 60 60 - format!("did:plc:{}", uuid::Uuid::new_v4()) 61 61 - }; 62 62 - 63 63 - let mut tx = match state.db.begin().await { 64 64 - Ok(tx) => tx, 65 65 - Err(e) => { 66 66 - error!("Error starting transaction: {:?}", e); 67 67 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 68 68 - } 69 69 - }; 70 70 - 71 71 - let exists_query = sqlx::query("SELECT 1 FROM users WHERE handle = $1") 72 72 - .bind(&input.handle) 73 73 - .fetch_optional(&mut *tx) 74 74 - .await; 75 75 - 76 76 - match exists_query { 77 77 - Ok(Some(_)) => return (StatusCode::BAD_REQUEST, Json(json!({"error": "HandleTaken", "message": "Handle already taken"}))).into_response(), 78 78 - Err(e) => { 79 79 - error!("Error checking handle: {:?}", e); 80 80 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 81 81 - } 82 82 - Ok(None) => {} 83 83 - } 84 84 - 85 85 - if let Some(code) = &input.invite_code { 86 86 - let invite_query = sqlx::query("SELECT available_uses FROM invite_codes WHERE code = $1 FOR UPDATE") 87 87 - .bind(code) 88 88 - .fetch_optional(&mut *tx) 89 89 - .await; 90 90 - 91 91 - match invite_query { 92 92 - Ok(Some(row)) => { 93 93 - let uses: i32 = row.get("available_uses"); 94 94 - if uses <= 0 { 95 95 - return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidInviteCode", "message": "Invite code exhausted"}))).into_response(); 96 96 - } 97 97 - 98 98 - let update_invite = sqlx::query("UPDATE invite_codes SET available_uses = available_uses - 1 WHERE code = $1") 99 99 - .bind(code) 100 100 - .execute(&mut *tx) 101 101 - .await; 102 102 - 103 103 - if let Err(e) = update_invite { 104 104 - error!("Error updating invite code: {:?}", e); 105 105 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 106 106 - } 107 107 - }, 108 108 - Ok(None) => return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidInviteCode", "message": "Invite code not found"}))).into_response(), 109 109 - Err(e) => { 110 110 - error!("Error checking invite code: {:?}", e); 111 111 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 112 112 - } 113 113 - } 114 114 - } 115 115 - 116 116 - let password_hash = match hash(&input.password, DEFAULT_COST) { 117 117 - Ok(h) => h, 118 118 - Err(e) => { 119 119 - error!("Error hashing password: {:?}", e); 120 120 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 121 121 - } 122 122 - }; 123 123 - 124 124 - let user_insert = sqlx::query("INSERT INTO users (handle, email, did, password_hash) VALUES ($1, $2, $3, $4) RETURNING id") 125 125 - .bind(&input.handle) 126 126 - .bind(&input.email) 127 127 - .bind(&did) 128 128 - .bind(&password_hash) 129 129 - .fetch_one(&mut *tx) 130 130 - .await; 131 131 - 132 132 - let user_id: uuid::Uuid = match user_insert { 133 133 - Ok(row) => row.get("id"), 134 134 - Err(e) => { 135 135 - error!("Error inserting user: {:?}", e); 136 136 - // TODO: Check for unique constraint violation on email/did specifically 137 137 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 138 138 - } 139 139 - }; 140 140 - 141 141 - let secret_key = SecretKey::random(&mut OsRng); 142 142 - let secret_key_bytes = secret_key.to_bytes(); 143 143 - 144 144 - let key_insert = sqlx::query("INSERT INTO user_keys (user_id, key_bytes) VALUES ($1, $2)") 145 145 - .bind(user_id) 146 146 - .bind(&secret_key_bytes[..]) 147 147 - .execute(&mut *tx) 148 148 - .await; 149 149 - 150 150 - if let Err(e) = key_insert { 151 151 - error!("Error inserting user key: {:?}", e); 152 152 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 153 153 - } 154 154 - 155 155 - let mst = Mst::new(Arc::new(state.block_store.clone())); 156 156 - let mst_root = match mst.root().await { 157 157 - Ok(c) => c, 158 158 - Err(e) => { 159 159 - error!("Error creating MST root: {:?}", e); 160 160 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 161 161 - } 162 162 - }; 163 163 - 164 164 - let did_obj = match Did::new(&did) { 165 165 - Ok(d) => d, 166 166 - Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Invalid DID"}))).into_response(), 167 167 - }; 168 168 - 169 169 - let rev = Tid::now(LimitedU32::MIN); 170 170 - 171 171 - let commit = Commit::new_unsigned( 172 172 - did_obj, 173 173 - mst_root, 174 174 - rev, 175 175 - None 176 176 - ); 177 177 - 178 178 - let commit_bytes = match commit.to_cbor() { 179 179 - Ok(b) => b, 180 180 - Err(e) => { 181 181 - error!("Error serializing genesis commit: {:?}", e); 182 182 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 183 183 - } 184 184 - }; 185 185 - 186 186 - let commit_cid = match state.block_store.put(&commit_bytes).await { 187 187 - Ok(c) => c, 188 188 - Err(e) => { 189 189 - error!("Error saving genesis commit: {:?}", e); 190 190 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 191 191 - } 192 192 - }; 193 193 - 194 194 - let repo_insert = sqlx::query("INSERT INTO repos (user_id, repo_root_cid) VALUES ($1, $2)") 195 195 - .bind(user_id) 196 196 - .bind(commit_cid.to_string()) 197 197 - .execute(&mut *tx) 198 198 - .await; 199 199 - 200 200 - if let Err(e) = repo_insert { 201 201 - error!("Error initializing repo: {:?}", e); 202 202 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 203 203 - } 204 204 - 205 205 - if let Some(code) = &input.invite_code { 206 206 - let use_insert = sqlx::query("INSERT INTO invite_code_uses (code, used_by_user) VALUES ($1, $2)") 207 207 - .bind(code) 208 208 - .bind(user_id) 209 209 - .execute(&mut *tx) 210 210 - .await; 211 211 - 212 212 - if let Err(e) = use_insert { 213 213 - error!("Error recording invite usage: {:?}", e); 214 214 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 215 215 - } 216 216 - } 217 217 - 218 218 - let access_jwt = crate::auth::create_access_token(&did, &secret_key_bytes[..]).map_err(|e| { 219 219 - error!("Error creating access token: {:?}", e); 220 220 - (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response() 221 221 - }); 222 222 - let access_jwt = match access_jwt { 223 223 - Ok(t) => t, 224 224 - Err(r) => return r, 225 225 - }; 226 226 - 227 227 - let refresh_jwt = crate::auth::create_refresh_token(&did, &secret_key_bytes[..]).map_err(|e| { 228 228 - error!("Error creating refresh token: {:?}", e); 229 229 - (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response() 230 230 - }); 231 231 - let refresh_jwt = match refresh_jwt { 232 232 - Ok(t) => t, 233 233 - Err(r) => return r, 234 234 - }; 235 235 - 236 236 - let session_insert = sqlx::query("INSERT INTO sessions (access_jwt, refresh_jwt, did) VALUES ($1, $2, $3)") 237 237 - .bind(&access_jwt) 238 238 - .bind(&refresh_jwt) 239 239 - .bind(&did) 240 240 - .execute(&mut *tx) 241 241 - .await; 242 242 - 243 243 - if let Err(e) = session_insert { 244 244 - error!("Error inserting session: {:?}", e); 245 245 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 246 246 - } 247 247 - 248 248 - if let Err(e) = tx.commit().await { 249 249 - error!("Error committing transaction: {:?}", e); 250 250 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 251 251 - } 252 252 - 253 253 - (StatusCode::OK, Json(CreateAccountOutput { 254 254 - access_jwt, 255 255 - refresh_jwt, 256 256 - handle: input.handle, 257 257 - did, 258 258 - })).into_response() 259 259 - } 260 260 - 261 261 - fn get_jwk(key_bytes: &[u8]) -> serde_json::Value { 262 262 - use k256::elliptic_curve::sec1::ToEncodedPoint; 263 263 - 264 264 - let secret_key = SecretKey::from_slice(key_bytes).expect("Invalid key length"); 265 265 - let public_key = secret_key.public_key(); 266 266 - let encoded = public_key.to_encoded_point(false); 267 267 - let x = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(encoded.x().unwrap()); 268 268 - let y = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(encoded.y().unwrap()); 269 269 - 270 270 - json!({ 271 271 - "kty": "EC", 272 272 - "crv": "secp256k1", 273 273 - "x": x, 274 274 - "y": y 275 275 - }) 276 276 - } 277 277 - 278 278 - pub async fn well_known_did(State(_state): State<AppState>) -> impl IntoResponse { 279 279 - let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 280 280 - // Kinda for local dev, encode hostname if it contains port 281 281 - let did = if hostname.contains(':') { 282 282 - format!("did:web:{}", hostname.replace(':', "%3A")) 283 283 - } else { 284 284 - format!("did:web:{}", hostname) 285 285 - }; 286 286 - 287 287 - Json(json!({ 288 288 - "@context": ["https://www.w3.org/ns/did/v1"], 289 289 - "id": did, 290 290 - "service": [{ 291 291 - "id": "#atproto_pds", 292 292 - "type": "AtprotoPersonalDataServer", 293 293 - "serviceEndpoint": format!("https://{}", hostname) 294 294 - }] 295 295 - })) 296 296 - } 297 297 - 298 298 - pub async fn user_did_doc( 299 299 - State(state): State<AppState>, 300 300 - Path(handle): Path<String>, 301 301 - ) -> Response { 302 302 - let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 303 303 - 304 304 - let user = sqlx::query("SELECT id, did FROM users WHERE handle = $1") 305 305 - .bind(&handle) 306 306 - .fetch_optional(&state.db) 307 307 - .await; 308 308 - 309 309 - let (user_id, did) = match user { 310 310 - Ok(Some(row)) => { 311 311 - let id: uuid::Uuid = row.get("id"); 312 312 - let d: String = row.get("did"); 313 313 - (id, d) 314 314 - }, 315 315 - Ok(None) => return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound"}))).into_response(), 316 316 - Err(e) => { 317 317 - error!("DB Error: {:?}", e); 318 318 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response() 319 319 - }, 320 320 - }; 321 321 - 322 322 - if !did.starts_with("did:web:") { 323 323 - return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "User is not did:web"}))).into_response(); 324 324 - } 325 325 - 326 326 - let key_row = sqlx::query("SELECT key_bytes FROM user_keys WHERE user_id = $1") 327 327 - .bind(user_id) 328 328 - .fetch_optional(&state.db) 329 329 - .await; 330 330 - 331 331 - let key_bytes: Vec<u8> = match key_row { 332 332 - Ok(Some(row)) => row.get("key_bytes"), 333 333 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(), 334 334 - }; 335 335 - 336 336 - let jwk = get_jwk(&key_bytes); 337 337 - 338 338 - Json(json!({ 339 339 - "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1"], 340 340 - "id": did, 341 341 - "alsoKnownAs": [format!("at://{}", handle)], 342 342 - "verificationMethod": [{ 343 343 - "id": format!("{}#atproto", did), 344 344 - "type": "JsonWebKey2020", 345 345 - "controller": did, 346 346 - "publicKeyJwk": jwk 347 347 - }], 348 348 - "service": [{ 349 349 - "id": "#atproto_pds", 350 350 - "type": "AtprotoPersonalDataServer", 351 351 - "serviceEndpoint": format!("https://{}", hostname) 352 352 - }] 353 353 - })).into_response() 354 354 - } 355 355 - 356 356 - async fn verify_did_web(did: &str, hostname: &str, handle: &str) -> Result<(), String> { 357 357 - let expected_prefix = if hostname.contains(':') { 358 358 - format!("did:web:{}", hostname.replace(':', "%3A")) 359 359 - } else { 360 360 - format!("did:web:{}", hostname) 361 361 - }; 362 362 - 363 363 - if did.starts_with(&expected_prefix) { 364 364 - let suffix = &did[expected_prefix.len()..]; 365 365 - let expected_suffix = format!(":u:{}", handle); 366 366 - if suffix == expected_suffix { 367 367 - Ok(()) 368 368 - } else { 369 369 - Err(format!("Invalid DID path for this PDS. Expected {}", expected_suffix)) 370 370 - } 371 371 - } else { 372 372 - let parts: Vec<&str> = did.split(':').collect(); 373 373 - if parts.len() < 3 || parts[0] != "did" || parts[1] != "web" { 374 374 - return Err("Invalid did:web format".into()); 375 375 - } 376 376 - 377 377 - let domain_segment = parts[2]; 378 378 - let domain = domain_segment.replace("%3A", ":"); 379 379 - 380 380 - let scheme = if domain.starts_with("localhost") || domain.starts_with("127.0.0.1") { 381 381 - "http" 382 382 - } else { 383 383 - "https" 384 384 - }; 385 385 - 386 386 - let url = if parts.len() == 3 { 387 387 - format!("{}://{}/.well-known/did.json", scheme, domain) 388 388 - } else { 389 389 - let path = parts[3..].join("/"); 390 390 - format!("{}://{}/{}/did.json", scheme, domain, path) 391 391 - }; 392 392 - 393 393 - let client = reqwest::Client::builder() 394 394 - .timeout(std::time::Duration::from_secs(5)) 395 395 - .build() 396 396 - .map_err(|e| format!("Failed to create client: {}", e))?; 397 397 - 398 398 - let resp = client.get(&url).send().await 399 399 - .map_err(|e| format!("Failed to fetch DID doc: {}", e))?; 400 400 - 401 401 - if !resp.status().is_success() { 402 402 - return Err(format!("Failed to fetch DID doc: HTTP {}", resp.status())); 403 403 - } 404 404 - 405 405 - let doc: serde_json::Value = resp.json().await 406 406 - .map_err(|e| format!("Failed to parse DID doc: {}", e))?; 407 407 - 408 408 - let services = doc["service"].as_array() 409 409 - .ok_or("No services found in DID doc")?; 410 410 - 411 411 - let pds_endpoint = format!("https://{}", hostname); 412 412 - 413 413 - let has_valid_service = services.iter().any(|s| { 414 414 - s["type"] == "AtprotoPersonalDataServer" && 415 415 - s["serviceEndpoint"] == pds_endpoint 416 416 - }); 417 417 - 418 418 - if has_valid_service { 419 419 - Ok(()) 420 420 - } else { 421 421 - Err(format!("DID document does not list this PDS ({}) as AtprotoPersonalDataServer", pds_endpoint)) 422 422 - } 423 423 - } 424 424 - }

+355

src/api/identity/account.rs

··· 1 1 + use super::did::verify_did_web; 2 2 + use crate::state::AppState; 3 3 + use axum::{ 4 4 + Json, 5 5 + extract::State, 6 6 + http::StatusCode, 7 7 + response::{IntoResponse, Response}, 8 8 + }; 9 9 + use bcrypt::{DEFAULT_COST, hash}; 10 10 + use jacquard::types::{did::Did, integer::LimitedU32, string::Tid}; 11 11 + use jacquard_repo::{commit::Commit, mst::Mst, storage::BlockStore}; 12 12 + use k256::SecretKey; 13 13 + use rand::rngs::OsRng; 14 14 + use serde::{Deserialize, Serialize}; 15 15 + use serde_json::json; 16 16 + use sqlx::Row; 17 17 + use std::sync::Arc; 18 18 + use tracing::{error, info}; 19 19 + 20 20 + #[derive(Deserialize)] 21 21 + pub struct CreateAccountInput { 22 22 + pub handle: String, 23 23 + pub email: String, 24 24 + pub password: String, 25 25 + #[serde(rename = "inviteCode")] 26 26 + pub invite_code: Option<String>, 27 27 + pub did: Option<String>, 28 28 + } 29 29 + 30 30 + #[derive(Serialize)] 31 31 + #[serde(rename_all = "camelCase")] 32 32 + pub struct CreateAccountOutput { 33 33 + pub access_jwt: String, 34 34 + pub refresh_jwt: String, 35 35 + pub handle: String, 36 36 + pub did: String, 37 37 + } 38 38 + 39 39 + pub async fn create_account( 40 40 + State(state): State<AppState>, 41 41 + Json(input): Json<CreateAccountInput>, 42 42 + ) -> Response { 43 43 + info!("create_account hit: {}", input.handle); 44 44 + if input.handle.contains('!') || input.handle.contains('@') { 45 45 + return ( 46 46 + StatusCode::BAD_REQUEST, 47 47 + Json( 48 48 + json!({"error": "InvalidHandle", "message": "Handle contains invalid characters"}), 49 49 + ), 50 50 + ) 51 51 + .into_response(); 52 52 + } 53 53 + 54 54 + let did = if let Some(d) = &input.did { 55 55 + if d.trim().is_empty() { 56 56 + format!("did:plc:{}", uuid::Uuid::new_v4()) 57 57 + } else { 58 58 + let hostname = 59 59 + std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 60 60 + if let Err(e) = verify_did_web(d, &hostname, &input.handle).await { 61 61 + return ( 62 62 + StatusCode::BAD_REQUEST, 63 63 + Json(json!({"error": "InvalidDid", "message": e})), 64 64 + ) 65 65 + .into_response(); 66 66 + } 67 67 + d.clone() 68 68 + } 69 69 + } else { 70 70 + format!("did:plc:{}", uuid::Uuid::new_v4()) 71 71 + }; 72 72 + 73 73 + let mut tx = match state.db.begin().await { 74 74 + Ok(tx) => tx, 75 75 + Err(e) => { 76 76 + error!("Error starting transaction: {:?}", e); 77 77 + return ( 78 78 + StatusCode::INTERNAL_SERVER_ERROR, 79 79 + Json(json!({"error": "InternalError"})), 80 80 + ) 81 81 + .into_response(); 82 82 + } 83 83 + }; 84 84 + 85 85 + let exists_query = sqlx::query("SELECT 1 FROM users WHERE handle = $1") 86 86 + .bind(&input.handle) 87 87 + .fetch_optional(&mut *tx) 88 88 + .await; 89 89 + 90 90 + match exists_query { 91 91 + Ok(Some(_)) => { 92 92 + return ( 93 93 + StatusCode::BAD_REQUEST, 94 94 + Json(json!({"error": "HandleTaken", "message": "Handle already taken"})), 95 95 + ) 96 96 + .into_response(); 97 97 + } 98 98 + Err(e) => { 99 99 + error!("Error checking handle: {:?}", e); 100 100 + return ( 101 101 + StatusCode::INTERNAL_SERVER_ERROR, 102 102 + Json(json!({"error": "InternalError"})), 103 103 + ) 104 104 + .into_response(); 105 105 + } 106 106 + Ok(None) => {} 107 107 + } 108 108 + 109 109 + if let Some(code) = &input.invite_code { 110 110 + let invite_query = 111 111 + sqlx::query("SELECT available_uses FROM invite_codes WHERE code = $1 FOR UPDATE") 112 112 + .bind(code) 113 113 + .fetch_optional(&mut *tx) 114 114 + .await; 115 115 + 116 116 + match invite_query { 117 117 + Ok(Some(row)) => { 118 118 + let uses: i32 = row.get("available_uses"); 119 119 + if uses <= 0 { 120 120 + return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidInviteCode", "message": "Invite code exhausted"}))).into_response(); 121 121 + } 122 122 + 123 123 + let update_invite = sqlx::query( 124 124 + "UPDATE invite_codes SET available_uses = available_uses - 1 WHERE code = $1", 125 125 + ) 126 126 + .bind(code) 127 127 + .execute(&mut *tx) 128 128 + .await; 129 129 + 130 130 + if let Err(e) = update_invite { 131 131 + error!("Error updating invite code: {:?}", e); 132 132 + return ( 133 133 + StatusCode::INTERNAL_SERVER_ERROR, 134 134 + Json(json!({"error": "InternalError"})), 135 135 + ) 136 136 + .into_response(); 137 137 + } 138 138 + } 139 139 + Ok(None) => { 140 140 + return ( 141 141 + StatusCode::BAD_REQUEST, 142 142 + Json(json!({"error": "InvalidInviteCode", "message": "Invite code not found"})), 143 143 + ) 144 144 + .into_response(); 145 145 + } 146 146 + Err(e) => { 147 147 + error!("Error checking invite code: {:?}", e); 148 148 + return ( 149 149 + StatusCode::INTERNAL_SERVER_ERROR, 150 150 + Json(json!({"error": "InternalError"})), 151 151 + ) 152 152 + .into_response(); 153 153 + } 154 154 + } 155 155 + } 156 156 + 157 157 + let password_hash = match hash(&input.password, DEFAULT_COST) { 158 158 + Ok(h) => h, 159 159 + Err(e) => { 160 160 + error!("Error hashing password: {:?}", e); 161 161 + return ( 162 162 + StatusCode::INTERNAL_SERVER_ERROR, 163 163 + Json(json!({"error": "InternalError"})), 164 164 + ) 165 165 + .into_response(); 166 166 + } 167 167 + }; 168 168 + 169 169 + let user_insert = sqlx::query("INSERT INTO users (handle, email, did, password_hash) VALUES ($1, $2, $3, $4) RETURNING id") 170 170 + .bind(&input.handle) 171 171 + .bind(&input.email) 172 172 + .bind(&did) 173 173 + .bind(&password_hash) 174 174 + .fetch_one(&mut *tx) 175 175 + .await; 176 176 + 177 177 + let user_id: uuid::Uuid = match user_insert { 178 178 + Ok(row) => row.get("id"), 179 179 + Err(e) => { 180 180 + error!("Error inserting user: {:?}", e); 181 181 + // TODO: Check for unique constraint violation on email/did specifically 182 182 + return ( 183 183 + StatusCode::INTERNAL_SERVER_ERROR, 184 184 + Json(json!({"error": "InternalError"})), 185 185 + ) 186 186 + .into_response(); 187 187 + } 188 188 + }; 189 189 + 190 190 + let secret_key = SecretKey::random(&mut OsRng); 191 191 + let secret_key_bytes = secret_key.to_bytes(); 192 192 + 193 193 + let key_insert = sqlx::query("INSERT INTO user_keys (user_id, key_bytes) VALUES ($1, $2)") 194 194 + .bind(user_id) 195 195 + .bind(&secret_key_bytes[..]) 196 196 + .execute(&mut *tx) 197 197 + .await; 198 198 + 199 199 + if let Err(e) = key_insert { 200 200 + error!("Error inserting user key: {:?}", e); 201 201 + return ( 202 202 + StatusCode::INTERNAL_SERVER_ERROR, 203 203 + Json(json!({"error": "InternalError"})), 204 204 + ) 205 205 + .into_response(); 206 206 + } 207 207 + 208 208 + let mst = Mst::new(Arc::new(state.block_store.clone())); 209 209 + let mst_root = match mst.root().await { 210 210 + Ok(c) => c, 211 211 + Err(e) => { 212 212 + error!("Error creating MST root: {:?}", e); 213 213 + return ( 214 214 + StatusCode::INTERNAL_SERVER_ERROR, 215 215 + Json(json!({"error": "InternalError"})), 216 216 + ) 217 217 + .into_response(); 218 218 + } 219 219 + }; 220 220 + 221 221 + let did_obj = match Did::new(&did) { 222 222 + Ok(d) => d, 223 223 + Err(_) => { 224 224 + return ( 225 225 + StatusCode::INTERNAL_SERVER_ERROR, 226 226 + Json(json!({"error": "InternalError", "message": "Invalid DID"})), 227 227 + ) 228 228 + .into_response(); 229 229 + } 230 230 + }; 231 231 + 232 232 + let rev = Tid::now(LimitedU32::MIN); 233 233 + 234 234 + let commit = Commit::new_unsigned(did_obj, mst_root, rev, None); 235 235 + 236 236 + let commit_bytes = match commit.to_cbor() { 237 237 + Ok(b) => b, 238 238 + Err(e) => { 239 239 + error!("Error serializing genesis commit: {:?}", e); 240 240 + return ( 241 241 + StatusCode::INTERNAL_SERVER_ERROR, 242 242 + Json(json!({"error": "InternalError"})), 243 243 + ) 244 244 + .into_response(); 245 245 + } 246 246 + }; 247 247 + 248 248 + let commit_cid = match state.block_store.put(&commit_bytes).await { 249 249 + Ok(c) => c, 250 250 + Err(e) => { 251 251 + error!("Error saving genesis commit: {:?}", e); 252 252 + return ( 253 253 + StatusCode::INTERNAL_SERVER_ERROR, 254 254 + Json(json!({"error": "InternalError"})), 255 255 + ) 256 256 + .into_response(); 257 257 + } 258 258 + }; 259 259 + 260 260 + let repo_insert = sqlx::query("INSERT INTO repos (user_id, repo_root_cid) VALUES ($1, $2)") 261 261 + .bind(user_id) 262 262 + .bind(commit_cid.to_string()) 263 263 + .execute(&mut *tx) 264 264 + .await; 265 265 + 266 266 + if let Err(e) = repo_insert { 267 267 + error!("Error initializing repo: {:?}", e); 268 268 + return ( 269 269 + StatusCode::INTERNAL_SERVER_ERROR, 270 270 + Json(json!({"error": "InternalError"})), 271 271 + ) 272 272 + .into_response(); 273 273 + } 274 274 + 275 275 + if let Some(code) = &input.invite_code { 276 276 + let use_insert = 277 277 + sqlx::query("INSERT INTO invite_code_uses (code, used_by_user) VALUES ($1, $2)") 278 278 + .bind(code) 279 279 + .bind(user_id) 280 280 + .execute(&mut *tx) 281 281 + .await; 282 282 + 283 283 + if let Err(e) = use_insert { 284 284 + error!("Error recording invite usage: {:?}", e); 285 285 + return ( 286 286 + StatusCode::INTERNAL_SERVER_ERROR, 287 287 + Json(json!({"error": "InternalError"})), 288 288 + ) 289 289 + .into_response(); 290 290 + } 291 291 + } 292 292 + 293 293 + let access_jwt = crate::auth::create_access_token(&did, &secret_key_bytes[..]).map_err(|e| { 294 294 + error!("Error creating access token: {:?}", e); 295 295 + ( 296 296 + StatusCode::INTERNAL_SERVER_ERROR, 297 297 + Json(json!({"error": "InternalError"})), 298 298 + ) 299 299 + .into_response() 300 300 + }); 301 301 + let access_jwt = match access_jwt { 302 302 + Ok(t) => t, 303 303 + Err(r) => return r, 304 304 + }; 305 305 + 306 306 + let refresh_jwt = crate::auth::create_refresh_token(&did, &secret_key_bytes[..]).map_err(|e| { 307 307 + error!("Error creating refresh token: {:?}", e); 308 308 + ( 309 309 + StatusCode::INTERNAL_SERVER_ERROR, 310 310 + Json(json!({"error": "InternalError"})), 311 311 + ) 312 312 + .into_response() 313 313 + }); 314 314 + let refresh_jwt = match refresh_jwt { 315 315 + Ok(t) => t, 316 316 + Err(r) => return r, 317 317 + }; 318 318 + 319 319 + let session_insert = 320 320 + sqlx::query("INSERT INTO sessions (access_jwt, refresh_jwt, did) VALUES ($1, $2, $3)") 321 321 + .bind(&access_jwt) 322 322 + .bind(&refresh_jwt) 323 323 + .bind(&did) 324 324 + .execute(&mut *tx) 325 325 + .await; 326 326 + 327 327 + if let Err(e) = session_insert { 328 328 + error!("Error inserting session: {:?}", e); 329 329 + return ( 330 330 + StatusCode::INTERNAL_SERVER_ERROR, 331 331 + Json(json!({"error": "InternalError"})), 332 332 + ) 333 333 + .into_response(); 334 334 + } 335 335 + 336 336 + if let Err(e) = tx.commit().await { 337 337 + error!("Error committing transaction: {:?}", e); 338 338 + return ( 339 339 + StatusCode::INTERNAL_SERVER_ERROR, 340 340 + Json(json!({"error": "InternalError"})), 341 341 + ) 342 342 + .into_response(); 343 343 + } 344 344 + 345 345 + ( 346 346 + StatusCode::OK, 347 347 + Json(CreateAccountOutput { 348 348 + access_jwt, 349 349 + refresh_jwt, 350 350 + handle: input.handle, 351 351 + did, 352 352 + }), 353 353 + ) 354 354 + .into_response() 355 355 + }

+201

src/api/identity/did.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::{Path, State}, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use base64::Engine; 9 9 + use k256::SecretKey; 10 10 + use k256::elliptic_curve::sec1::ToEncodedPoint; 11 11 + use reqwest; 12 12 + use serde_json::json; 13 13 + use sqlx::Row; 14 14 + use tracing::error; 15 15 + 16 16 + pub fn get_jwk(key_bytes: &[u8]) -> serde_json::Value { 17 17 + let secret_key = SecretKey::from_slice(key_bytes).expect("Invalid key length"); 18 18 + let public_key = secret_key.public_key(); 19 19 + let encoded = public_key.to_encoded_point(false); 20 20 + let x = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(encoded.x().unwrap()); 21 21 + let y = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(encoded.y().unwrap()); 22 22 + 23 23 + json!({ 24 24 + "kty": "EC", 25 25 + "crv": "secp256k1", 26 26 + "x": x, 27 27 + "y": y 28 28 + }) 29 29 + } 30 30 + 31 31 + pub async fn well_known_did(State(_state): State<AppState>) -> impl IntoResponse { 32 32 + let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 33 33 + // Kinda for local dev, encode hostname if it contains port 34 34 + let did = if hostname.contains(':') { 35 35 + format!("did:web:{}", hostname.replace(':', "%3A")) 36 36 + } else { 37 37 + format!("did:web:{}", hostname) 38 38 + }; 39 39 + 40 40 + Json(json!({ 41 41 + "@context": ["https://www.w3.org/ns/did/v1"], 42 42 + "id": did, 43 43 + "service": [{ 44 44 + "id": "#atproto_pds", 45 45 + "type": "AtprotoPersonalDataServer", 46 46 + "serviceEndpoint": format!("https://{}", hostname) 47 47 + }] 48 48 + })) 49 49 + } 50 50 + 51 51 + pub async fn user_did_doc(State(state): State<AppState>, Path(handle): Path<String>) -> Response { 52 52 + let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 53 53 + 54 54 + let user = sqlx::query("SELECT id, did FROM users WHERE handle = $1") 55 55 + .bind(&handle) 56 56 + .fetch_optional(&state.db) 57 57 + .await; 58 58 + 59 59 + let (user_id, did) = match user { 60 60 + Ok(Some(row)) => { 61 61 + let id: uuid::Uuid = row.get("id"); 62 62 + let d: String = row.get("did"); 63 63 + (id, d) 64 64 + } 65 65 + Ok(None) => { 66 66 + return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound"}))).into_response(); 67 67 + } 68 68 + Err(e) => { 69 69 + error!("DB Error: {:?}", e); 70 70 + return ( 71 71 + StatusCode::INTERNAL_SERVER_ERROR, 72 72 + Json(json!({"error": "InternalError"})), 73 73 + ) 74 74 + .into_response(); 75 75 + } 76 76 + }; 77 77 + 78 78 + if !did.starts_with("did:web:") { 79 79 + return ( 80 80 + StatusCode::NOT_FOUND, 81 81 + Json(json!({"error": "NotFound", "message": "User is not did:web"})), 82 82 + ) 83 83 + .into_response(); 84 84 + } 85 85 + 86 86 + let key_row = sqlx::query("SELECT key_bytes FROM user_keys WHERE user_id = $1") 87 87 + .bind(user_id) 88 88 + .fetch_optional(&state.db) 89 89 + .await; 90 90 + 91 91 + let key_bytes: Vec<u8> = match key_row { 92 92 + Ok(Some(row)) => row.get("key_bytes"), 93 93 + _ => { 94 94 + return ( 95 95 + StatusCode::INTERNAL_SERVER_ERROR, 96 96 + Json(json!({"error": "InternalError"})), 97 97 + ) 98 98 + .into_response(); 99 99 + } 100 100 + }; 101 101 + 102 102 + let jwk = get_jwk(&key_bytes); 103 103 + 104 104 + Json(json!({ 105 105 + "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1"], 106 106 + "id": did, 107 107 + "alsoKnownAs": [format!("at://{}", handle)], 108 108 + "verificationMethod": [{ 109 109 + "id": format!("{}#atproto", did), 110 110 + "type": "JsonWebKey2020", 111 111 + "controller": did, 112 112 + "publicKeyJwk": jwk 113 113 + }], 114 114 + "service": [{ 115 115 + "id": "#atproto_pds", 116 116 + "type": "AtprotoPersonalDataServer", 117 117 + "serviceEndpoint": format!("https://{}", hostname) 118 118 + }] 119 119 + })).into_response() 120 120 + } 121 121 + 122 122 + pub async fn verify_did_web(did: &str, hostname: &str, handle: &str) -> Result<(), String> { 123 123 + let expected_prefix = if hostname.contains(':') { 124 124 + format!("did:web:{}", hostname.replace(':', "%3A")) 125 125 + } else { 126 126 + format!("did:web:{}", hostname) 127 127 + }; 128 128 + 129 129 + if did.starts_with(&expected_prefix) { 130 130 + let suffix = &did[expected_prefix.len()..]; 131 131 + let expected_suffix = format!(":u:{}", handle); 132 132 + if suffix == expected_suffix { 133 133 + Ok(()) 134 134 + } else { 135 135 + Err(format!( 136 136 + "Invalid DID path for this PDS. Expected {}", 137 137 + expected_suffix 138 138 + )) 139 139 + } 140 140 + } else { 141 141 + let parts: Vec<&str> = did.split(':').collect(); 142 142 + if parts.len() < 3 || parts[0] != "did" || parts[1] != "web" { 143 143 + return Err("Invalid did:web format".into()); 144 144 + } 145 145 + 146 146 + let domain_segment = parts[2]; 147 147 + let domain = domain_segment.replace("%3A", ":"); 148 148 + 149 149 + let scheme = if domain.starts_with("localhost") || domain.starts_with("127.0.0.1") { 150 150 + "http" 151 151 + } else { 152 152 + "https" 153 153 + }; 154 154 + 155 155 + let url = if parts.len() == 3 { 156 156 + format!("{}://{}/.well-known/did.json", scheme, domain) 157 157 + } else { 158 158 + let path = parts[3..].join("/"); 159 159 + format!("{}://{}/{}/did.json", scheme, domain, path) 160 160 + }; 161 161 + 162 162 + let client = reqwest::Client::builder() 163 163 + .timeout(std::time::Duration::from_secs(5)) 164 164 + .build() 165 165 + .map_err(|e| format!("Failed to create client: {}", e))?; 166 166 + 167 167 + let resp = client 168 168 + .get(&url) 169 169 + .send() 170 170 + .await 171 171 + .map_err(|e| format!("Failed to fetch DID doc: {}", e))?; 172 172 + 173 173 + if !resp.status().is_success() { 174 174 + return Err(format!("Failed to fetch DID doc: HTTP {}", resp.status())); 175 175 + } 176 176 + 177 177 + let doc: serde_json::Value = resp 178 178 + .json() 179 179 + .await 180 180 + .map_err(|e| format!("Failed to parse DID doc: {}", e))?; 181 181 + 182 182 + let services = doc["service"] 183 183 + .as_array() 184 184 + .ok_or("No services found in DID doc")?; 185 185 + 186 186 + let pds_endpoint = format!("https://{}", hostname); 187 187 + 188 188 + let has_valid_service = services.iter().any(|s| { 189 189 + s["type"] == "AtprotoPersonalDataServer" && s["serviceEndpoint"] == pds_endpoint 190 190 + }); 191 191 + 192 192 + if has_valid_service { 193 193 + Ok(()) 194 194 + } else { 195 195 + Err(format!( 196 196 + "DID document does not list this PDS ({}) as AtprotoPersonalDataServer", 197 197 + pds_endpoint 198 198 + )) 199 199 + } 200 200 + } 201 201 + }

+5

src/api/identity/mod.rs

··· 1 1 + pub mod account; 2 2 + pub mod did; 3 3 + 4 4 + pub use account::create_account; 5 5 + pub use did::{user_did_doc, well_known_did};

+3 -3

src/api/mod.rs

··· 1 1 - pub mod server; 2 2 - pub mod repo; 3 3 - pub mod proxy; 4 1 pub mod identity; 2 2 + pub mod proxy; 3 3 + pub mod repo; 4 4 + pub mod server;

+24 -19

src/api/proxy.rs

··· 1 1 + use crate::state::AppState; 1 2 use axum::{ 3 3 + body::Bytes, 2 4 extract::{Path, Query, State}, 3 5 http::{HeaderMap, Method, StatusCode}, 4 6 response::{IntoResponse, Response}, 5 5 - body::Bytes, 6 7 }; 7 8 use reqwest::Client; 8 8 - use tracing::{info, error}; 9 9 + use sqlx::Row; 9 10 use std::collections::HashMap; 10 10 - use crate::state::AppState; 11 11 - use sqlx::Row; 11 11 + use tracing::{error, info}; 12 12 13 13 pub async fn proxy_handler( 14 14 State(state): State<AppState>, ··· 18 18 Query(params): Query<HashMap<String, String>>, 19 19 body: Bytes, 20 20 ) -> Response { 21 21 - 22 22 - let proxy_header = headers.get("atproto-proxy") 21 21 + let proxy_header = headers 22 22 + .get("atproto-proxy") 23 23 .and_then(|h| h.to_str().ok()) 24 24 .map(|s| s.to_string()); 25 25 ··· 27 27 Some(url) => url.clone(), 28 28 None => match std::env::var("APPVIEW_URL") { 29 29 Ok(url) => url, 30 30 - Err(_) => return (StatusCode::BAD_GATEWAY, "No upstream AppView configured").into_response(), 30 30 + Err(_) => { 31 31 + return (StatusCode::BAD_GATEWAY, "No upstream AppView configured").into_response(); 32 32 + } 31 33 }, 32 34 }; 33 35 ··· 37 39 38 40 let client = Client::new(); 39 41 40 40 - let mut request_builder = client 41 41 - .request(method_verb, &target_url) 42 42 - .query(&params); 42 42 + let mut request_builder = client.request(method_verb, &target_url).query(&params); 43 43 44 44 let mut auth_header_val = headers.get("Authorization").map(|h| h.clone()); 45 45 ··· 48 48 if let Ok(token) = auth_val.to_str() { 49 49 let token = token.replace("Bearer ", ""); 50 50 if let Ok(did) = crate::auth::get_did_from_token(&token) { 51 51 - let key_row = sqlx::query("SELECT k.key_bytes FROM user_keys k JOIN users u ON k.user_id = u.id WHERE u.did = $1") 51 51 + let key_row = sqlx::query("SELECT k.key_bytes FROM user_keys k JOIN users u ON k.user_id = u.id WHERE u.did = $1") 52 52 .bind(&did) 53 53 .fetch_optional(&state.db) 54 54 .await; 55 55 56 56 if let Ok(Some(row)) = key_row { 57 57 let key_bytes: Vec<u8> = row.get("key_bytes"); 58 58 - if let Ok(new_token) = crate::auth::create_service_token(&did, aud, &method, &key_bytes) { 59 59 - if let Ok(val) = axum::http::HeaderValue::from_str(&format!("Bearer {}", new_token)) { 60 60 - auth_header_val = Some(val); 61 61 - } 58 58 + if let Ok(new_token) = 59 59 + crate::auth::create_service_token(&did, aud, &method, &key_bytes) 60 60 + { 61 61 + if let Ok(val) = 62 62 + axum::http::HeaderValue::from_str(&format!("Bearer {}", new_token)) 63 63 + { 64 64 + auth_header_val = Some(val); 65 65 + } 62 66 } 63 67 } 64 68 } ··· 86 90 Ok(b) => b, 87 91 Err(e) => { 88 92 error!("Error reading proxy response body: {:?}", e); 89 89 - return (StatusCode::BAD_GATEWAY, "Error reading upstream response").into_response(); 93 93 + return (StatusCode::BAD_GATEWAY, "Error reading upstream response") 94 94 + .into_response(); 90 95 } 91 96 }; 92 97 ··· 99 104 match response_builder.body(axum::body::Body::from(body)) { 100 105 Ok(r) => r, 101 106 Err(e) => { 102 102 - error!("Error building proxy response: {:?}", e); 103 103 - (StatusCode::INTERNAL_SERVER_ERROR, "Internal Server Error").into_response() 107 107 + error!("Error building proxy response: {:?}", e); 108 108 + (StatusCode::INTERNAL_SERVER_ERROR, "Internal Server Error").into_response() 104 109 } 105 110 } 106 106 - }, 111 111 + } 107 112 Err(e) => { 108 113 error!("Error sending proxy request: {:?}", e); 109 114 if e.is_timeout() {

-889

src/api/repo.rs

··· 1 1 - use axum::{ 2 2 - extract::{State, Query}, 3 3 - Json, 4 4 - response::{IntoResponse, Response}, 5 5 - http::StatusCode, 6 6 - }; 7 7 - use serde::{Deserialize, Serialize}; 8 8 - use serde_json::json; 9 9 - use crate::state::AppState; 10 10 - use chrono::Utc; 11 11 - use sqlx::Row; 12 12 - use cid::Cid; 13 13 - use std::str::FromStr; 14 14 - use jacquard_repo::{mst::Mst, commit::Commit, storage::BlockStore}; 15 15 - use jacquard::types::{string::{Nsid, Tid}, did::Did, integer::LimitedU32}; 16 16 - use tracing::error; 17 17 - use std::sync::Arc; 18 18 - use sha2::{Sha256, Digest}; 19 19 - use multihash::Multihash; 20 20 - use axum::body::Bytes; 21 21 - 22 22 - #[derive(Deserialize)] 23 23 - #[allow(dead_code)] 24 24 - pub struct CreateRecordInput { 25 25 - pub repo: String, 26 26 - pub collection: String, 27 27 - pub rkey: Option<String>, 28 28 - pub validate: Option<bool>, 29 29 - pub record: serde_json::Value, 30 30 - #[serde(rename = "swapCommit")] 31 31 - pub swap_commit: Option<String>, 32 32 - } 33 33 - 34 34 - #[derive(Serialize)] 35 35 - #[serde(rename_all = "camelCase")] 36 36 - pub struct CreateRecordOutput { 37 37 - pub uri: String, 38 38 - pub cid: String, 39 39 - } 40 40 - 41 41 - pub async fn create_record( 42 42 - State(state): State<AppState>, 43 43 - headers: axum::http::HeaderMap, 44 44 - Json(input): Json<CreateRecordInput>, 45 45 - ) -> Response { 46 46 - let auth_header = headers.get("Authorization"); 47 47 - if auth_header.is_none() { 48 48 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 49 49 - } 50 50 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 51 51 - 52 52 - let session = sqlx::query( 53 53 - "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 54 54 - ) 55 55 - .bind(&token) 56 56 - .fetch_optional(&state.db) 57 57 - .await 58 58 - .unwrap_or(None); 59 59 - 60 60 - let (did, key_bytes) = match session { 61 61 - Some(row) => (row.get::<String, _>("did"), row.get::<Vec<u8>, _>("key_bytes")), 62 62 - None => return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response(), 63 63 - }; 64 64 - 65 65 - if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 66 66 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 67 67 - } 68 68 - 69 69 - if input.repo != did { 70 70 - return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 71 71 - } 72 72 - 73 73 - let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 74 74 - .bind(&did) 75 75 - .fetch_optional(&state.db) 76 76 - .await; 77 77 - 78 78 - let user_id: uuid::Uuid = match user_query { 79 79 - Ok(Some(row)) => row.get("id"), 80 80 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "User not found"}))).into_response(), 81 81 - }; 82 82 - 83 83 - let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 84 84 - .bind(user_id) 85 85 - .fetch_optional(&state.db) 86 86 - .await; 87 87 - 88 88 - let current_root_cid = match repo_root_query { 89 89 - Ok(Some(row)) => { 90 90 - let cid_str: String = row.get("repo_root_cid"); 91 91 - Cid::from_str(&cid_str).ok() 92 92 - }, 93 93 - _ => None, 94 94 - }; 95 95 - 96 96 - if current_root_cid.is_none() { 97 97 - error!("Repo root not found for user {}", did); 98 98 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Repo root not found"}))).into_response(); 99 99 - } 100 100 - let current_root_cid = current_root_cid.unwrap(); 101 101 - 102 102 - let commit_bytes = match state.block_store.get(&current_root_cid).await { 103 103 - Ok(Some(b)) => b, 104 104 - Ok(None) => { 105 105 - error!("Commit block not found: {}", current_root_cid); 106 106 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 107 107 - }, 108 108 - Err(e) => { 109 109 - error!("Failed to load commit block: {:?}", e); 110 110 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 111 111 - } 112 112 - }; 113 113 - 114 114 - let commit = match Commit::from_cbor(&commit_bytes) { 115 115 - Ok(c) => c, 116 116 - Err(e) => { 117 117 - error!("Failed to parse commit: {:?}", e); 118 118 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 119 119 - } 120 120 - }; 121 121 - 122 122 - let mst_root = commit.data; 123 123 - let store = Arc::new(state.block_store.clone()); 124 124 - let mst = Mst::load(store.clone(), mst_root, None); 125 125 - 126 126 - let collection_nsid = match input.collection.parse::<Nsid>() { 127 127 - Ok(n) => n, 128 128 - Err(_) => return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidCollection"}))).into_response(), 129 129 - }; 130 130 - 131 131 - let rkey = input.rkey.unwrap_or_else(|| { 132 132 - Utc::now().format("%Y%m%d%H%M%S%f").to_string() 133 133 - }); 134 134 - 135 135 - let mut record_bytes = Vec::new(); 136 136 - if let Err(e) = serde_ipld_dagcbor::to_writer(&mut record_bytes, &input.record) { 137 137 - error!("Error serializing record: {:?}", e); 138 138 - return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidRecord", "message": "Failed to serialize record"}))).into_response(); 139 139 - } 140 140 - 141 141 - let record_cid = match state.block_store.put(&record_bytes).await { 142 142 - Ok(c) => c, 143 143 - Err(e) => { 144 144 - error!("Failed to save record block: {:?}", e); 145 145 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 146 146 - } 147 147 - }; 148 148 - 149 149 - let key = format!("{}/{}", collection_nsid, rkey); 150 150 - if let Err(e) = mst.update(&key, record_cid).await { 151 151 - error!("Failed to update MST: {:?}", e); 152 152 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 153 153 - } 154 154 - 155 155 - let new_mst_root = match mst.root().await { 156 156 - Ok(c) => c, 157 157 - Err(e) => { 158 158 - error!("Failed to get new MST root: {:?}", e); 159 159 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 160 160 - } 161 161 - }; 162 162 - 163 163 - let did_obj = match Did::new(&did) { 164 164 - Ok(d) => d, 165 165 - Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Invalid DID"}))).into_response(), 166 166 - }; 167 167 - 168 168 - let rev = Tid::now(LimitedU32::MIN); 169 169 - 170 170 - let new_commit = Commit::new_unsigned( 171 171 - did_obj, 172 172 - new_mst_root, 173 173 - rev, 174 174 - Some(current_root_cid) 175 175 - ); 176 176 - 177 177 - let new_commit_bytes = match new_commit.to_cbor() { 178 178 - Ok(b) => b, 179 179 - Err(e) => { 180 180 - error!("Failed to serialize new commit: {:?}", e); 181 181 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 182 182 - } 183 183 - }; 184 184 - 185 185 - let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 186 186 - Ok(c) => c, 187 187 - Err(e) => { 188 188 - error!("Failed to save new commit: {:?}", e); 189 189 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 190 190 - } 191 191 - }; 192 192 - 193 193 - let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 194 194 - .bind(new_root_cid.to_string()) 195 195 - .bind(user_id) 196 196 - .execute(&state.db) 197 197 - .await; 198 198 - 199 199 - if let Err(e) = update_repo { 200 200 - error!("Failed to update repo root in DB: {:?}", e); 201 201 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 202 202 - } 203 203 - 204 204 - let record_insert = sqlx::query( 205 205 - "INSERT INTO records (repo_id, collection, rkey, record_cid) VALUES ($1, $2, $3, $4) 206 206 - ON CONFLICT (repo_id, collection, rkey) DO UPDATE SET record_cid = $4, created_at = NOW()" 207 207 - ) 208 208 - .bind(user_id) 209 209 - .bind(&input.collection) 210 210 - .bind(&rkey) 211 211 - .bind(record_cid.to_string()) 212 212 - .execute(&state.db) 213 213 - .await; 214 214 - 215 215 - if let Err(e) = record_insert { 216 216 - error!("Error inserting record index: {:?}", e); 217 217 - } 218 218 - 219 219 - let output = CreateRecordOutput { 220 220 - uri: format!("at://{}/{}/{}", input.repo, input.collection, rkey), 221 221 - cid: record_cid.to_string(), 222 222 - }; 223 223 - (StatusCode::OK, Json(output)).into_response() 224 224 - } 225 225 - 226 226 - #[derive(Deserialize)] 227 227 - #[allow(dead_code)] 228 228 - pub struct PutRecordInput { 229 229 - pub repo: String, 230 230 - pub collection: String, 231 231 - pub rkey: String, 232 232 - pub validate: Option<bool>, 233 233 - pub record: serde_json::Value, 234 234 - #[serde(rename = "swapCommit")] 235 235 - pub swap_commit: Option<String>, 236 236 - } 237 237 - 238 238 - #[derive(Serialize)] 239 239 - #[serde(rename_all = "camelCase")] 240 240 - pub struct PutRecordOutput { 241 241 - pub uri: String, 242 242 - pub cid: String, 243 243 - } 244 244 - 245 245 - pub async fn put_record( 246 246 - State(state): State<AppState>, 247 247 - headers: axum::http::HeaderMap, 248 248 - Json(input): Json<PutRecordInput>, 249 249 - ) -> Response { 250 250 - let auth_header = headers.get("Authorization"); 251 251 - if auth_header.is_none() { 252 252 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 253 253 - } 254 254 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 255 255 - 256 256 - let session = sqlx::query( 257 257 - "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 258 258 - ) 259 259 - .bind(&token) 260 260 - .fetch_optional(&state.db) 261 261 - .await 262 262 - .unwrap_or(None); 263 263 - 264 264 - let (did, key_bytes) = match session { 265 265 - Some(row) => (row.get::<String, _>("did"), row.get::<Vec<u8>, _>("key_bytes")), 266 266 - None => return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response(), 267 267 - }; 268 268 - 269 269 - if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 270 270 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 271 271 - } 272 272 - 273 273 - if input.repo != did { 274 274 - return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 275 275 - } 276 276 - 277 277 - let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 278 278 - .bind(&did) 279 279 - .fetch_optional(&state.db) 280 280 - .await; 281 281 - 282 282 - let user_id: uuid::Uuid = match user_query { 283 283 - Ok(Some(row)) => row.get("id"), 284 284 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "User not found"}))).into_response(), 285 285 - }; 286 286 - 287 287 - let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 288 288 - .bind(user_id) 289 289 - .fetch_optional(&state.db) 290 290 - .await; 291 291 - 292 292 - let current_root_cid = match repo_root_query { 293 293 - Ok(Some(row)) => { 294 294 - let cid_str: String = row.get("repo_root_cid"); 295 295 - Cid::from_str(&cid_str).ok() 296 296 - }, 297 297 - _ => None, 298 298 - }; 299 299 - 300 300 - if current_root_cid.is_none() { 301 301 - error!("Repo root not found for user {}", did); 302 302 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Repo root not found"}))).into_response(); 303 303 - } 304 304 - let current_root_cid = current_root_cid.unwrap(); 305 305 - 306 306 - let commit_bytes = match state.block_store.get(&current_root_cid).await { 307 307 - Ok(Some(b)) => b, 308 308 - Ok(None) => { 309 309 - error!("Commit block not found: {}", current_root_cid); 310 310 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Commit block not found"}))).into_response(); 311 311 - }, 312 312 - Err(e) => { 313 313 - error!("Failed to load commit block: {:?}", e); 314 314 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to load commit block"}))).into_response(); 315 315 - } 316 316 - }; 317 317 - 318 318 - let commit = match Commit::from_cbor(&commit_bytes) { 319 319 - Ok(c) => c, 320 320 - Err(e) => { 321 321 - error!("Failed to parse commit: {:?}", e); 322 322 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to parse commit"}))).into_response(); 323 323 - } 324 324 - }; 325 325 - 326 326 - let mst_root = commit.data; 327 327 - let store = Arc::new(state.block_store.clone()); 328 328 - let mst = Mst::load(store.clone(), mst_root, None); 329 329 - 330 330 - let collection_nsid = match input.collection.parse::<Nsid>() { 331 331 - Ok(n) => n, 332 332 - Err(_) => return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidCollection"}))).into_response(), 333 333 - }; 334 334 - 335 335 - let rkey = input.rkey.clone(); 336 336 - 337 337 - let mut record_bytes = Vec::new(); 338 338 - if let Err(e) = serde_ipld_dagcbor::to_writer(&mut record_bytes, &input.record) { 339 339 - error!("Error serializing record: {:?}", e); 340 340 - return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidRecord", "message": "Failed to serialize record"}))).into_response(); 341 341 - } 342 342 - 343 343 - let record_cid = match state.block_store.put(&record_bytes).await { 344 344 - Ok(c) => c, 345 345 - Err(e) => { 346 346 - error!("Failed to save record block: {:?}", e); 347 347 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to save record block"}))).into_response(); 348 348 - } 349 349 - }; 350 350 - 351 351 - let key = format!("{}/{}", collection_nsid, rkey); 352 352 - if let Err(e) = mst.update(&key, record_cid).await { 353 353 - error!("Failed to update MST: {:?}", e); 354 354 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to update MST: {:?}", e)}))).into_response(); 355 355 - } 356 356 - 357 357 - let new_mst_root = match mst.root().await { 358 358 - Ok(c) => c, 359 359 - Err(e) => { 360 360 - error!("Failed to get new MST root: {:?}", e); 361 361 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to get new MST root"}))).into_response(); 362 362 - } 363 363 - }; 364 364 - 365 365 - let did_obj = match Did::new(&did) { 366 366 - Ok(d) => d, 367 367 - Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Invalid DID"}))).into_response(), 368 368 - }; 369 369 - 370 370 - let rev = Tid::now(LimitedU32::MIN); 371 371 - 372 372 - let new_commit = Commit::new_unsigned( 373 373 - did_obj, 374 374 - new_mst_root, 375 375 - rev, 376 376 - Some(current_root_cid) 377 377 - ); 378 378 - 379 379 - let new_commit_bytes = match new_commit.to_cbor() { 380 380 - Ok(b) => b, 381 381 - Err(e) => { 382 382 - error!("Failed to serialize new commit: {:?}", e); 383 383 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to serialize new commit"}))).into_response(); 384 384 - } 385 385 - }; 386 386 - 387 387 - let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 388 388 - Ok(c) => c, 389 389 - Err(e) => { 390 390 - error!("Failed to save new commit: {:?}", e); 391 391 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to save new commit"}))).into_response(); 392 392 - } 393 393 - }; 394 394 - 395 395 - let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 396 396 - .bind(new_root_cid.to_string()) 397 397 - .bind(user_id) 398 398 - .execute(&state.db) 399 399 - .await; 400 400 - 401 401 - if let Err(e) = update_repo { 402 402 - error!("Failed to update repo root in DB: {:?}", e); 403 403 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to update repo root in DB"}))).into_response(); 404 404 - } 405 405 - 406 406 - let record_insert = sqlx::query( 407 407 - "INSERT INTO records (repo_id, collection, rkey, record_cid) VALUES ($1, $2, $3, $4) 408 408 - ON CONFLICT (repo_id, collection, rkey) DO UPDATE SET record_cid = $4, created_at = NOW()" 409 409 - ) 410 410 - .bind(user_id) 411 411 - .bind(&input.collection) 412 412 - .bind(&rkey) 413 413 - .bind(record_cid.to_string()) 414 414 - .execute(&state.db) 415 415 - .await; 416 416 - 417 417 - if let Err(e) = record_insert { 418 418 - error!("Error inserting record index: {:?}", e); 419 419 - } 420 420 - 421 421 - let output = PutRecordOutput { 422 422 - uri: format!("at://{}/{}/{}", input.repo, input.collection, rkey), 423 423 - cid: record_cid.to_string(), 424 424 - }; 425 425 - (StatusCode::OK, Json(output)).into_response() 426 426 - } 427 427 - 428 428 - #[derive(Deserialize)] 429 429 - pub struct GetRecordInput { 430 430 - pub repo: String, 431 431 - pub collection: String, 432 432 - pub rkey: String, 433 433 - pub cid: Option<String>, 434 434 - } 435 435 - 436 436 - pub async fn get_record( 437 437 - State(state): State<AppState>, 438 438 - Query(input): Query<GetRecordInput>, 439 439 - ) -> Response { 440 440 - let user_row = if input.repo.starts_with("did:") { 441 441 - sqlx::query("SELECT id FROM users WHERE did = $1") 442 442 - .bind(&input.repo) 443 443 - .fetch_optional(&state.db) 444 444 - .await 445 445 - } else { 446 446 - sqlx::query("SELECT id FROM users WHERE handle = $1") 447 447 - .bind(&input.repo) 448 448 - .fetch_optional(&state.db) 449 449 - .await 450 450 - }; 451 451 - 452 452 - let user_id: uuid::Uuid = match user_row { 453 453 - Ok(Some(row)) => row.get("id"), 454 454 - _ => return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "Repo not found"}))).into_response(), 455 455 - }; 456 456 - 457 457 - let record_row = sqlx::query("SELECT record_cid FROM records WHERE repo_id = $1 AND collection = $2 AND rkey = $3") 458 458 - .bind(user_id) 459 459 - .bind(&input.collection) 460 460 - .bind(&input.rkey) 461 461 - .fetch_optional(&state.db) 462 462 - .await; 463 463 - 464 464 - let record_cid_str: String = match record_row { 465 465 - Ok(Some(row)) => row.get("record_cid"), 466 466 - _ => return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "Record not found"}))).into_response(), 467 467 - }; 468 468 - 469 469 - if let Some(expected_cid) = &input.cid { 470 470 - if &record_cid_str != expected_cid { 471 471 - return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "Record CID mismatch"}))).into_response(); 472 472 - } 473 473 - } 474 474 - 475 475 - let cid = match Cid::from_str(&record_cid_str) { 476 476 - Ok(c) => c, 477 477 - Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Invalid CID in DB"}))).into_response(), 478 478 - }; 479 479 - 480 480 - let block = match state.block_store.get(&cid).await { 481 481 - Ok(Some(b)) => b, 482 482 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Record block not found"}))).into_response(), 483 483 - }; 484 484 - 485 485 - let value: serde_json::Value = match serde_ipld_dagcbor::from_slice(&block) { 486 486 - Ok(v) => v, 487 487 - Err(e) => { 488 488 - error!("Failed to deserialize record: {:?}", e); 489 489 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 490 490 - } 491 491 - }; 492 492 - 493 493 - Json(json!({ 494 494 - "uri": format!("at://{}/{}/{}", input.repo, input.collection, input.rkey), 495 495 - "cid": record_cid_str, 496 496 - "value": value 497 497 - })).into_response() 498 498 - } 499 499 - 500 500 - #[derive(Deserialize)] 501 501 - pub struct DeleteRecordInput { 502 502 - pub repo: String, 503 503 - pub collection: String, 504 504 - pub rkey: String, 505 505 - #[serde(rename = "swapRecord")] 506 506 - pub swap_record: Option<String>, 507 507 - #[serde(rename = "swapCommit")] 508 508 - pub swap_commit: Option<String>, 509 509 - } 510 510 - 511 511 - pub async fn delete_record( 512 512 - State(state): State<AppState>, 513 513 - headers: axum::http::HeaderMap, 514 514 - Json(input): Json<DeleteRecordInput>, 515 515 - ) -> Response { 516 516 - let auth_header = headers.get("Authorization"); 517 517 - if auth_header.is_none() { 518 518 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 519 519 - } 520 520 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 521 521 - 522 522 - let session = sqlx::query( 523 523 - "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 524 524 - ) 525 525 - .bind(&token) 526 526 - .fetch_optional(&state.db) 527 527 - .await 528 528 - .unwrap_or(None); 529 529 - 530 530 - let (did, key_bytes) = match session { 531 531 - Some(row) => (row.get::<String, _>("did"), row.get::<Vec<u8>, _>("key_bytes")), 532 532 - None => return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response(), 533 533 - }; 534 534 - 535 535 - if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 536 536 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 537 537 - } 538 538 - 539 539 - if input.repo != did { 540 540 - return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 541 541 - } 542 542 - 543 543 - let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 544 544 - .bind(&did) 545 545 - .fetch_optional(&state.db) 546 546 - .await; 547 547 - 548 548 - let user_id: uuid::Uuid = match user_query { 549 549 - Ok(Some(row)) => row.get("id"), 550 550 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "User not found"}))).into_response(), 551 551 - }; 552 552 - 553 553 - let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 554 554 - .bind(user_id) 555 555 - .fetch_optional(&state.db) 556 556 - .await; 557 557 - 558 558 - let current_root_cid = match repo_root_query { 559 559 - Ok(Some(row)) => { 560 560 - let cid_str: String = row.get("repo_root_cid"); 561 561 - Cid::from_str(&cid_str).ok() 562 562 - }, 563 563 - _ => None, 564 564 - }; 565 565 - 566 566 - if current_root_cid.is_none() { 567 567 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Repo root not found"}))).into_response(); 568 568 - } 569 569 - let current_root_cid = current_root_cid.unwrap(); 570 570 - 571 571 - let commit_bytes = match state.block_store.get(&current_root_cid).await { 572 572 - Ok(Some(b)) => b, 573 573 - Ok(None) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Commit block not found"}))).into_response(), 574 574 - Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to load commit block: {:?}", e)}))).into_response(), 575 575 - }; 576 576 - 577 577 - let commit = match Commit::from_cbor(&commit_bytes) { 578 578 - Ok(c) => c, 579 579 - Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to parse commit: {:?}", e)}))).into_response(), 580 580 - }; 581 581 - 582 582 - let mst_root = commit.data; 583 583 - let store = Arc::new(state.block_store.clone()); 584 584 - let mst = Mst::load(store.clone(), mst_root, None); 585 585 - 586 586 - let collection_nsid = match input.collection.parse::<Nsid>() { 587 587 - Ok(n) => n, 588 588 - Err(_) => return (StatusCode::BAD_REQUEST, Json(json!({"error": "InvalidCollection"}))).into_response(), 589 589 - }; 590 590 - 591 591 - let key = format!("{}/{}", collection_nsid, input.rkey); 592 592 - 593 593 - // TODO: Check swapRecord if provided? Skipping for brevity/robustness 594 594 - 595 595 - if let Err(e) = mst.delete(&key).await { 596 596 - error!("Failed to delete from MST: {:?}", e); 597 597 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to delete from MST: {:?}", e)}))).into_response(); 598 598 - } 599 599 - 600 600 - let new_mst_root = match mst.root().await { 601 601 - Ok(c) => c, 602 602 - Err(_e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to get new MST root"}))).into_response(), 603 603 - }; 604 604 - 605 605 - let did_obj = match Did::new(&did) { 606 606 - Ok(d) => d, 607 607 - Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Invalid DID"}))).into_response(), 608 608 - }; 609 609 - 610 610 - let rev = Tid::now(LimitedU32::MIN); 611 611 - 612 612 - let new_commit = Commit::new_unsigned( 613 613 - did_obj, 614 614 - new_mst_root, 615 615 - rev, 616 616 - Some(current_root_cid) 617 617 - ); 618 618 - 619 619 - let new_commit_bytes = match new_commit.to_cbor() { 620 620 - Ok(b) => b, 621 621 - Err(_e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to serialize new commit"}))).into_response(), 622 622 - }; 623 623 - 624 624 - let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 625 625 - Ok(c) => c, 626 626 - Err(_e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to save new commit"}))).into_response(), 627 627 - }; 628 628 - 629 629 - let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 630 630 - .bind(new_root_cid.to_string()) 631 631 - .bind(user_id) 632 632 - .execute(&state.db) 633 633 - .await; 634 634 - 635 635 - if let Err(e) = update_repo { 636 636 - error!("Failed to update repo root in DB: {:?}", e); 637 637 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to update repo root in DB"}))).into_response(); 638 638 - } 639 639 - 640 640 - let record_delete = sqlx::query("DELETE FROM records WHERE repo_id = $1 AND collection = $2 AND rkey = $3") 641 641 - .bind(user_id) 642 642 - .bind(&input.collection) 643 643 - .bind(&input.rkey) 644 644 - .execute(&state.db) 645 645 - .await; 646 646 - 647 647 - if let Err(e) = record_delete { 648 648 - error!("Error deleting record index: {:?}", e); 649 649 - } 650 650 - 651 651 - (StatusCode::OK, Json(json!({}))).into_response() 652 652 - } 653 653 - 654 654 - #[derive(Deserialize)] 655 655 - pub struct ListRecordsInput { 656 656 - pub repo: String, 657 657 - pub collection: String, 658 658 - pub limit: Option<i32>, 659 659 - pub cursor: Option<String>, 660 660 - #[serde(rename = "rkeyStart")] 661 661 - pub rkey_start: Option<String>, 662 662 - #[serde(rename = "rkeyEnd")] 663 663 - pub rkey_end: Option<String>, 664 664 - pub reverse: Option<bool>, 665 665 - } 666 666 - 667 667 - #[derive(Serialize)] 668 668 - pub struct ListRecordsOutput { 669 669 - pub cursor: Option<String>, 670 670 - pub records: Vec<serde_json::Value>, 671 671 - } 672 672 - 673 673 - pub async fn list_records( 674 674 - State(state): State<AppState>, 675 675 - Query(input): Query<ListRecordsInput>, 676 676 - ) -> Response { 677 677 - let user_row = if input.repo.starts_with("did:") { 678 678 - sqlx::query("SELECT id FROM users WHERE did = $1") 679 679 - .bind(&input.repo) 680 680 - .fetch_optional(&state.db) 681 681 - .await 682 682 - } else { 683 683 - sqlx::query("SELECT id FROM users WHERE handle = $1") 684 684 - .bind(&input.repo) 685 685 - .fetch_optional(&state.db) 686 686 - .await 687 687 - }; 688 688 - 689 689 - let user_id: uuid::Uuid = match user_row { 690 690 - Ok(Some(row)) => row.get("id"), 691 691 - _ => return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "Repo not found"}))).into_response(), 692 692 - }; 693 693 - 694 694 - let limit = input.limit.unwrap_or(50).clamp(1, 100); 695 695 - let reverse = input.reverse.unwrap_or(false); 696 696 - 697 697 - // Simplistic query construction - no sophisticated cursor handling or rkey ranges for now, just basic pagination 698 698 - // TODO: Implement rkeyStart/End and correct cursor logic 699 699 - 700 700 - let query_str = format!( 701 701 - "SELECT rkey, record_cid FROM records WHERE repo_id = $1 AND collection = $2 {} ORDER BY rkey {} LIMIT {}", 702 702 - if let Some(_c) = &input.cursor { 703 703 - if reverse { "AND rkey < $3" } else { "AND rkey > $3" } 704 704 - } else { 705 705 - "" 706 706 - }, 707 707 - if reverse { "DESC" } else { "ASC" }, 708 708 - limit 709 709 - ); 710 710 - 711 711 - let mut query = sqlx::query(&query_str) 712 712 - .bind(user_id) 713 713 - .bind(&input.collection); 714 714 - 715 715 - if let Some(c) = &input.cursor { 716 716 - query = query.bind(c); 717 717 - } 718 718 - 719 719 - let rows = match query.fetch_all(&state.db).await { 720 720 - Ok(r) => r, 721 721 - Err(e) => { 722 722 - error!("Error listing records: {:?}", e); 723 723 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 724 724 - } 725 725 - }; 726 726 - 727 727 - let mut records = Vec::new(); 728 728 - let mut last_rkey = None; 729 729 - 730 730 - for row in rows { 731 731 - let rkey: String = row.get("rkey"); 732 732 - let cid_str: String = row.get("record_cid"); 733 733 - last_rkey = Some(rkey.clone()); 734 734 - 735 735 - if let Ok(cid) = Cid::from_str(&cid_str) { 736 736 - if let Ok(Some(block)) = state.block_store.get(&cid).await { 737 737 - if let Ok(value) = serde_ipld_dagcbor::from_slice::<serde_json::Value>(&block) { 738 738 - records.push(json!({ 739 739 - "uri": format!("at://{}/{}/{}", input.repo, input.collection, rkey), 740 740 - "cid": cid_str, 741 741 - "value": value 742 742 - })); 743 743 - } 744 744 - } 745 745 - } 746 746 - } 747 747 - 748 748 - Json(ListRecordsOutput { 749 749 - cursor: last_rkey, 750 750 - records, 751 751 - }).into_response() 752 752 - } 753 753 - 754 754 - #[derive(Deserialize)] 755 755 - pub struct DescribeRepoInput { 756 756 - pub repo: String, 757 757 - } 758 758 - 759 759 - pub async fn describe_repo( 760 760 - State(state): State<AppState>, 761 761 - Query(input): Query<DescribeRepoInput>, 762 762 - ) -> Response { 763 763 - let user_row = if input.repo.starts_with("did:") { 764 764 - sqlx::query("SELECT id, handle, did FROM users WHERE did = $1") 765 765 - .bind(&input.repo) 766 766 - .fetch_optional(&state.db) 767 767 - .await 768 768 - } else { 769 769 - sqlx::query("SELECT id, handle, did FROM users WHERE handle = $1") 770 770 - .bind(&input.repo) 771 771 - .fetch_optional(&state.db) 772 772 - .await 773 773 - }; 774 774 - 775 775 - let (user_id, handle, did) = match user_row { 776 776 - Ok(Some(row)) => (row.get::<uuid::Uuid, _>("id"), row.get::<String, _>("handle"), row.get::<String, _>("did")), 777 777 - _ => return (StatusCode::NOT_FOUND, Json(json!({"error": "NotFound", "message": "Repo not found"}))).into_response(), 778 778 - }; 779 779 - 780 780 - let collections_query = sqlx::query("SELECT DISTINCT collection FROM records WHERE repo_id = $1") 781 781 - .bind(user_id) 782 782 - .fetch_all(&state.db) 783 783 - .await; 784 784 - 785 785 - let collections: Vec<String> = match collections_query { 786 786 - Ok(rows) => rows.iter().map(|r| r.get("collection")).collect(), 787 787 - Err(_) => Vec::new(), 788 788 - }; 789 789 - 790 790 - let did_doc = json!({ 791 791 - "id": did, 792 792 - "alsoKnownAs": [format!("at://{}", handle)] 793 793 - }); 794 794 - 795 795 - Json(json!({ 796 796 - "handle": handle, 797 797 - "did": did, 798 798 - "didDoc": did_doc, 799 799 - "collections": collections, 800 800 - "handleIsCorrect": true 801 801 - })).into_response() 802 802 - } 803 803 - 804 804 - pub async fn upload_blob( 805 805 - State(state): State<AppState>, 806 806 - headers: axum::http::HeaderMap, 807 807 - body: Bytes, 808 808 - ) -> Response { 809 809 - let auth_header = headers.get("Authorization"); 810 810 - if auth_header.is_none() { 811 811 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 812 812 - } 813 813 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 814 814 - 815 815 - let session = sqlx::query( 816 816 - "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 817 817 - ) 818 818 - .bind(&token) 819 819 - .fetch_optional(&state.db) 820 820 - .await 821 821 - .unwrap_or(None); 822 822 - 823 823 - let (did, key_bytes) = match session { 824 824 - Some(row) => (row.get::<String, _>("did"), row.get::<Vec<u8>, _>("key_bytes")), 825 825 - None => return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response(), 826 826 - }; 827 827 - 828 828 - if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 829 829 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 830 830 - } 831 831 - 832 832 - let mime_type = headers.get("content-type") 833 833 - .and_then(|h| h.to_str().ok()) 834 834 - .unwrap_or("application/octet-stream") 835 835 - .to_string(); 836 836 - 837 837 - let size = body.len() as i64; 838 838 - let data = body.to_vec(); 839 839 - 840 840 - let mut hasher = Sha256::new(); 841 841 - hasher.update(&data); 842 842 - let hash = hasher.finalize(); 843 843 - let multihash = Multihash::wrap(0x12, &hash).unwrap(); 844 844 - let cid = Cid::new_v1(0x55, multihash); 845 845 - let cid_str = cid.to_string(); 846 846 - 847 847 - let storage_key = format!("blobs/{}", cid_str); 848 848 - 849 849 - if let Err(e) = state.blob_store.put(&storage_key, &data).await { 850 850 - error!("Failed to upload blob to storage: {:?}", e); 851 851 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Failed to store blob"}))).into_response(); 852 852 - } 853 853 - 854 854 - let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 855 855 - .bind(&did) 856 856 - .fetch_optional(&state.db) 857 857 - .await; 858 858 - 859 859 - let user_id: uuid::Uuid = match user_query { 860 860 - Ok(Some(row)) => row.get("id"), 861 861 - _ => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(), 862 862 - }; 863 863 - 864 864 - let insert = sqlx::query( 865 865 - "INSERT INTO blobs (cid, mime_type, size_bytes, created_by_user, storage_key) VALUES ($1, $2, $3, $4, $5) ON CONFLICT (cid) DO NOTHING" 866 866 - ) 867 867 - .bind(&cid_str) 868 868 - .bind(&mime_type) 869 869 - .bind(size) 870 870 - .bind(user_id) 871 871 - .bind(&storage_key) 872 872 - .execute(&state.db) 873 873 - .await; 874 874 - 875 875 - if let Err(e) = insert { 876 876 - error!("Failed to insert blob record: {:?}", e); 877 877 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 878 878 - } 879 879 - 880 880 - Json(json!({ 881 881 - "blob": { 882 882 - "ref": { 883 883 - "$link": cid_str 884 884 - }, 885 885 - "mimeType": mime_type, 886 886 - "size": size 887 887 - } 888 888 - })).into_response() 889 889 - }

+138

src/api/repo/blob.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::body::Bytes; 3 3 + use axum::{ 4 4 + Json, 5 5 + extract::State, 6 6 + http::StatusCode, 7 7 + response::{IntoResponse, Response}, 8 8 + }; 9 9 + use cid::Cid; 10 10 + use multihash::Multihash; 11 11 + use serde_json::json; 12 12 + use sha2::{Digest, Sha256}; 13 13 + use sqlx::Row; 14 14 + use tracing::error; 15 15 + 16 16 + pub async fn upload_blob( 17 17 + State(state): State<AppState>, 18 18 + headers: axum::http::HeaderMap, 19 19 + body: Bytes, 20 20 + ) -> Response { 21 21 + let auth_header = headers.get("Authorization"); 22 22 + if auth_header.is_none() { 23 23 + return ( 24 24 + StatusCode::UNAUTHORIZED, 25 25 + Json(json!({"error": "AuthenticationRequired"})), 26 26 + ) 27 27 + .into_response(); 28 28 + } 29 29 + let token = auth_header 30 30 + .unwrap() 31 31 + .to_str() 32 32 + .unwrap_or("") 33 33 + .replace("Bearer ", ""); 34 34 + 35 35 + let session = sqlx::query( 36 36 + "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 37 37 + ) 38 38 + .bind(&token) 39 39 + .fetch_optional(&state.db) 40 40 + .await 41 41 + .unwrap_or(None); 42 42 + 43 43 + let (did, key_bytes) = match session { 44 44 + Some(row) => ( 45 45 + row.get::<String, _>("did"), 46 46 + row.get::<Vec<u8>, _>("key_bytes"), 47 47 + ), 48 48 + None => { 49 49 + return ( 50 50 + StatusCode::UNAUTHORIZED, 51 51 + Json(json!({"error": "AuthenticationFailed"})), 52 52 + ) 53 53 + .into_response(); 54 54 + } 55 55 + }; 56 56 + 57 57 + if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 58 58 + return ( 59 59 + StatusCode::UNAUTHORIZED, 60 60 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"})), 61 61 + ) 62 62 + .into_response(); 63 63 + } 64 64 + 65 65 + let mime_type = headers 66 66 + .get("content-type") 67 67 + .and_then(|h| h.to_str().ok()) 68 68 + .unwrap_or("application/octet-stream") 69 69 + .to_string(); 70 70 + 71 71 + let size = body.len() as i64; 72 72 + let data = body.to_vec(); 73 73 + 74 74 + let mut hasher = Sha256::new(); 75 75 + hasher.update(&data); 76 76 + let hash = hasher.finalize(); 77 77 + let multihash = Multihash::wrap(0x12, &hash).unwrap(); 78 78 + let cid = Cid::new_v1(0x55, multihash); 79 79 + let cid_str = cid.to_string(); 80 80 + 81 81 + let storage_key = format!("blobs/{}", cid_str); 82 82 + 83 83 + if let Err(e) = state.blob_store.put(&storage_key, &data).await { 84 84 + error!("Failed to upload blob to storage: {:?}", e); 85 85 + return ( 86 86 + StatusCode::INTERNAL_SERVER_ERROR, 87 87 + Json(json!({"error": "InternalError", "message": "Failed to store blob"})), 88 88 + ) 89 89 + .into_response(); 90 90 + } 91 91 + 92 92 + let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 93 93 + .bind(&did) 94 94 + .fetch_optional(&state.db) 95 95 + .await; 96 96 + 97 97 + let user_id: uuid::Uuid = match user_query { 98 98 + Ok(Some(row)) => row.get("id"), 99 99 + _ => { 100 100 + return ( 101 101 + StatusCode::INTERNAL_SERVER_ERROR, 102 102 + Json(json!({"error": "InternalError"})), 103 103 + ) 104 104 + .into_response(); 105 105 + } 106 106 + }; 107 107 + 108 108 + let insert = sqlx::query( 109 109 + "INSERT INTO blobs (cid, mime_type, size_bytes, created_by_user, storage_key) VALUES ($1, $2, $3, $4, $5) ON CONFLICT (cid) DO NOTHING" 110 110 + ) 111 111 + .bind(&cid_str) 112 112 + .bind(&mime_type) 113 113 + .bind(size) 114 114 + .bind(user_id) 115 115 + .bind(&storage_key) 116 116 + .execute(&state.db) 117 117 + .await; 118 118 + 119 119 + if let Err(e) = insert { 120 120 + error!("Failed to insert blob record: {:?}", e); 121 121 + return ( 122 122 + StatusCode::INTERNAL_SERVER_ERROR, 123 123 + Json(json!({"error": "InternalError"})), 124 124 + ) 125 125 + .into_response(); 126 126 + } 127 127 + 128 128 + Json(json!({ 129 129 + "blob": { 130 130 + "ref": { 131 131 + "$link": cid_str 132 132 + }, 133 133 + "mimeType": mime_type, 134 134 + "size": size 135 135 + } 136 136 + })) 137 137 + .into_response() 138 138 + }

+72

src/api/repo/meta.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::{Query, State}, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use serde::Deserialize; 9 9 + use serde_json::json; 10 10 + use sqlx::Row; 11 11 + 12 12 + #[derive(Deserialize)] 13 13 + pub struct DescribeRepoInput { 14 14 + pub repo: String, 15 15 + } 16 16 + 17 17 + pub async fn describe_repo( 18 18 + State(state): State<AppState>, 19 19 + Query(input): Query<DescribeRepoInput>, 20 20 + ) -> Response { 21 21 + let user_row = if input.repo.starts_with("did:") { 22 22 + sqlx::query("SELECT id, handle, did FROM users WHERE did = $1") 23 23 + .bind(&input.repo) 24 24 + .fetch_optional(&state.db) 25 25 + .await 26 26 + } else { 27 27 + sqlx::query("SELECT id, handle, did FROM users WHERE handle = $1") 28 28 + .bind(&input.repo) 29 29 + .fetch_optional(&state.db) 30 30 + .await 31 31 + }; 32 32 + 33 33 + let (user_id, handle, did) = match user_row { 34 34 + Ok(Some(row)) => ( 35 35 + row.get::<uuid::Uuid, _>("id"), 36 36 + row.get::<String, _>("handle"), 37 37 + row.get::<String, _>("did"), 38 38 + ), 39 39 + _ => { 40 40 + return ( 41 41 + StatusCode::NOT_FOUND, 42 42 + Json(json!({"error": "NotFound", "message": "Repo not found"})), 43 43 + ) 44 44 + .into_response(); 45 45 + } 46 46 + }; 47 47 + 48 48 + let collections_query = 49 49 + sqlx::query("SELECT DISTINCT collection FROM records WHERE repo_id = $1") 50 50 + .bind(user_id) 51 51 + .fetch_all(&state.db) 52 52 + .await; 53 53 + 54 54 + let collections: Vec<String> = match collections_query { 55 55 + Ok(rows) => rows.iter().map(|r| r.get("collection")).collect(), 56 56 + Err(_) => Vec::new(), 57 57 + }; 58 58 + 59 59 + let did_doc = json!({ 60 60 + "id": did, 61 61 + "alsoKnownAs": [format!("at://{}", handle)] 62 62 + }); 63 63 + 64 64 + Json(json!({ 65 65 + "handle": handle, 66 66 + "did": did, 67 67 + "didDoc": did_doc, 68 68 + "collections": collections, 69 69 + "handleIsCorrect": true 70 70 + })) 71 71 + .into_response() 72 72 + }

+7

src/api/repo/mod.rs

··· 1 1 + pub mod blob; 2 2 + pub mod meta; 3 3 + pub mod record; 4 4 + 5 5 + pub use blob::upload_blob; 6 6 + pub use meta::describe_repo; 7 7 + pub use record::{create_record, delete_record, get_record, list_records, put_record};

+236

src/api/repo/record/delete.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::State, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use cid::Cid; 9 9 + use jacquard::types::{ 10 10 + did::Did, 11 11 + integer::LimitedU32, 12 12 + string::{Nsid, Tid}, 13 13 + }; 14 14 + use jacquard_repo::{commit::Commit, mst::Mst, storage::BlockStore}; 15 15 + use serde::Deserialize; 16 16 + use serde_json::json; 17 17 + use sqlx::Row; 18 18 + use std::str::FromStr; 19 19 + use std::sync::Arc; 20 20 + use tracing::error; 21 21 + 22 22 + #[derive(Deserialize)] 23 23 + pub struct DeleteRecordInput { 24 24 + pub repo: String, 25 25 + pub collection: String, 26 26 + pub rkey: String, 27 27 + #[serde(rename = "swapRecord")] 28 28 + pub swap_record: Option<String>, 29 29 + #[serde(rename = "swapCommit")] 30 30 + pub swap_commit: Option<String>, 31 31 + } 32 32 + 33 33 + pub async fn delete_record( 34 34 + State(state): State<AppState>, 35 35 + headers: axum::http::HeaderMap, 36 36 + Json(input): Json<DeleteRecordInput>, 37 37 + ) -> Response { 38 38 + let auth_header = headers.get("Authorization"); 39 39 + if auth_header.is_none() { 40 40 + return ( 41 41 + StatusCode::UNAUTHORIZED, 42 42 + Json(json!({"error": "AuthenticationRequired"})), 43 43 + ) 44 44 + .into_response(); 45 45 + } 46 46 + let token = auth_header 47 47 + .unwrap() 48 48 + .to_str() 49 49 + .unwrap_or("") 50 50 + .replace("Bearer ", ""); 51 51 + 52 52 + let session = sqlx::query( 53 53 + "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 54 54 + ) 55 55 + .bind(&token) 56 56 + .fetch_optional(&state.db) 57 57 + .await 58 58 + .unwrap_or(None); 59 59 + 60 60 + let (did, key_bytes) = match session { 61 61 + Some(row) => ( 62 62 + row.get::<String, _>("did"), 63 63 + row.get::<Vec<u8>, _>("key_bytes"), 64 64 + ), 65 65 + None => { 66 66 + return ( 67 67 + StatusCode::UNAUTHORIZED, 68 68 + Json(json!({"error": "AuthenticationFailed"})), 69 69 + ) 70 70 + .into_response(); 71 71 + } 72 72 + }; 73 73 + 74 74 + if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 75 75 + return ( 76 76 + StatusCode::UNAUTHORIZED, 77 77 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"})), 78 78 + ) 79 79 + .into_response(); 80 80 + } 81 81 + 82 82 + if input.repo != did { 83 83 + return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 84 84 + } 85 85 + 86 86 + let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 87 87 + .bind(&did) 88 88 + .fetch_optional(&state.db) 89 89 + .await; 90 90 + 91 91 + let user_id: uuid::Uuid = match user_query { 92 92 + Ok(Some(row)) => row.get("id"), 93 93 + _ => { 94 94 + return ( 95 95 + StatusCode::INTERNAL_SERVER_ERROR, 96 96 + Json(json!({"error": "InternalError", "message": "User not found"})), 97 97 + ) 98 98 + .into_response(); 99 99 + } 100 100 + }; 101 101 + 102 102 + let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 103 103 + .bind(user_id) 104 104 + .fetch_optional(&state.db) 105 105 + .await; 106 106 + 107 107 + let current_root_cid = match repo_root_query { 108 108 + Ok(Some(row)) => { 109 109 + let cid_str: String = row.get("repo_root_cid"); 110 110 + Cid::from_str(&cid_str).ok() 111 111 + } 112 112 + _ => None, 113 113 + }; 114 114 + 115 115 + if current_root_cid.is_none() { 116 116 + return ( 117 117 + StatusCode::INTERNAL_SERVER_ERROR, 118 118 + Json(json!({"error": "InternalError", "message": "Repo root not found"})), 119 119 + ) 120 120 + .into_response(); 121 121 + } 122 122 + let current_root_cid = current_root_cid.unwrap(); 123 123 + 124 124 + let commit_bytes = match state.block_store.get(&current_root_cid).await { 125 125 + Ok(Some(b)) => b, 126 126 + Ok(None) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": "Commit block not found"}))).into_response(), 127 127 + Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to load commit block: {:?}", e)}))).into_response(), 128 128 + }; 129 129 + 130 130 + let commit = match Commit::from_cbor(&commit_bytes) { 131 131 + Ok(c) => c, 132 132 + Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to parse commit: {:?}", e)}))).into_response(), 133 133 + }; 134 134 + 135 135 + let mst_root = commit.data; 136 136 + let store = Arc::new(state.block_store.clone()); 137 137 + let mst = Mst::load(store.clone(), mst_root, None); 138 138 + 139 139 + let collection_nsid = match input.collection.parse::<Nsid>() { 140 140 + Ok(n) => n, 141 141 + Err(_) => { 142 142 + return ( 143 143 + StatusCode::BAD_REQUEST, 144 144 + Json(json!({"error": "InvalidCollection"})), 145 145 + ) 146 146 + .into_response(); 147 147 + } 148 148 + }; 149 149 + 150 150 + let key = format!("{}/{}", collection_nsid, input.rkey); 151 151 + 152 152 + // TODO: Check swapRecord if provided? Skipping for brevity/robustness 153 153 + 154 154 + if let Err(e) = mst.delete(&key).await { 155 155 + error!("Failed to delete from MST: {:?}", e); 156 156 + return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to delete from MST: {:?}", e)}))).into_response(); 157 157 + } 158 158 + 159 159 + let new_mst_root = match mst.root().await { 160 160 + Ok(c) => c, 161 161 + Err(_e) => { 162 162 + return ( 163 163 + StatusCode::INTERNAL_SERVER_ERROR, 164 164 + Json(json!({"error": "InternalError", "message": "Failed to get new MST root"})), 165 165 + ) 166 166 + .into_response(); 167 167 + } 168 168 + }; 169 169 + 170 170 + let did_obj = match Did::new(&did) { 171 171 + Ok(d) => d, 172 172 + Err(_) => { 173 173 + return ( 174 174 + StatusCode::INTERNAL_SERVER_ERROR, 175 175 + Json(json!({"error": "InternalError", "message": "Invalid DID"})), 176 176 + ) 177 177 + .into_response(); 178 178 + } 179 179 + }; 180 180 + 181 181 + let rev = Tid::now(LimitedU32::MIN); 182 182 + 183 183 + let new_commit = Commit::new_unsigned(did_obj, new_mst_root, rev, Some(current_root_cid)); 184 184 + 185 185 + let new_commit_bytes = 186 186 + match new_commit.to_cbor() { 187 187 + Ok(b) => b, 188 188 + Err(_e) => return ( 189 189 + StatusCode::INTERNAL_SERVER_ERROR, 190 190 + Json( 191 191 + json!({"error": "InternalError", "message": "Failed to serialize new commit"}), 192 192 + ), 193 193 + ) 194 194 + .into_response(), 195 195 + }; 196 196 + 197 197 + let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 198 198 + Ok(c) => c, 199 199 + Err(_e) => { 200 200 + return ( 201 201 + StatusCode::INTERNAL_SERVER_ERROR, 202 202 + Json(json!({"error": "InternalError", "message": "Failed to save new commit"})), 203 203 + ) 204 204 + .into_response(); 205 205 + } 206 206 + }; 207 207 + 208 208 + let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 209 209 + .bind(new_root_cid.to_string()) 210 210 + .bind(user_id) 211 211 + .execute(&state.db) 212 212 + .await; 213 213 + 214 214 + if let Err(e) = update_repo { 215 215 + error!("Failed to update repo root in DB: {:?}", e); 216 216 + return ( 217 217 + StatusCode::INTERNAL_SERVER_ERROR, 218 218 + Json(json!({"error": "InternalError", "message": "Failed to update repo root in DB"})), 219 219 + ) 220 220 + .into_response(); 221 221 + } 222 222 + 223 223 + let record_delete = 224 224 + sqlx::query("DELETE FROM records WHERE repo_id = $1 AND collection = $2 AND rkey = $3") 225 225 + .bind(user_id) 226 226 + .bind(&input.collection) 227 227 + .bind(&input.rkey) 228 228 + .execute(&state.db) 229 229 + .await; 230 230 + 231 231 + if let Err(e) = record_delete { 232 232 + error!("Error deleting record index: {:?}", e); 233 233 + } 234 234 + 235 235 + (StatusCode::OK, Json(json!({}))).into_response() 236 236 + }

+10

src/api/repo/record/mod.rs

··· 1 1 + pub mod delete; 2 2 + pub mod read; 3 3 + pub mod write; 4 4 + 5 5 + pub use delete::{DeleteRecordInput, delete_record}; 6 6 + pub use read::{GetRecordInput, ListRecordsInput, ListRecordsOutput, get_record, list_records}; 7 7 + pub use write::{ 8 8 + CreateRecordInput, CreateRecordOutput, PutRecordInput, PutRecordOutput, create_record, 9 9 + put_record, 10 10 + };

+236

src/api/repo/record/read.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::{Query, State}, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use cid::Cid; 9 9 + use jacquard_repo::storage::BlockStore; 10 10 + use serde::{Deserialize, Serialize}; 11 11 + use serde_json::json; 12 12 + use sqlx::Row; 13 13 + use std::str::FromStr; 14 14 + use tracing::error; 15 15 + 16 16 + #[derive(Deserialize)] 17 17 + pub struct GetRecordInput { 18 18 + pub repo: String, 19 19 + pub collection: String, 20 20 + pub rkey: String, 21 21 + pub cid: Option<String>, 22 22 + } 23 23 + 24 24 + pub async fn get_record( 25 25 + State(state): State<AppState>, 26 26 + Query(input): Query<GetRecordInput>, 27 27 + ) -> Response { 28 28 + let user_row = if input.repo.starts_with("did:") { 29 29 + sqlx::query("SELECT id FROM users WHERE did = $1") 30 30 + .bind(&input.repo) 31 31 + .fetch_optional(&state.db) 32 32 + .await 33 33 + } else { 34 34 + sqlx::query("SELECT id FROM users WHERE handle = $1") 35 35 + .bind(&input.repo) 36 36 + .fetch_optional(&state.db) 37 37 + .await 38 38 + }; 39 39 + 40 40 + let user_id: uuid::Uuid = match user_row { 41 41 + Ok(Some(row)) => row.get("id"), 42 42 + _ => { 43 43 + return ( 44 44 + StatusCode::NOT_FOUND, 45 45 + Json(json!({"error": "NotFound", "message": "Repo not found"})), 46 46 + ) 47 47 + .into_response(); 48 48 + } 49 49 + }; 50 50 + 51 51 + let record_row = sqlx::query( 52 52 + "SELECT record_cid FROM records WHERE repo_id = $1 AND collection = $2 AND rkey = $3", 53 53 + ) 54 54 + .bind(user_id) 55 55 + .bind(&input.collection) 56 56 + .bind(&input.rkey) 57 57 + .fetch_optional(&state.db) 58 58 + .await; 59 59 + 60 60 + let record_cid_str: String = match record_row { 61 61 + Ok(Some(row)) => row.get("record_cid"), 62 62 + _ => { 63 63 + return ( 64 64 + StatusCode::NOT_FOUND, 65 65 + Json(json!({"error": "NotFound", "message": "Record not found"})), 66 66 + ) 67 67 + .into_response(); 68 68 + } 69 69 + }; 70 70 + 71 71 + if let Some(expected_cid) = &input.cid { 72 72 + if &record_cid_str != expected_cid { 73 73 + return ( 74 74 + StatusCode::NOT_FOUND, 75 75 + Json(json!({"error": "NotFound", "message": "Record CID mismatch"})), 76 76 + ) 77 77 + .into_response(); 78 78 + } 79 79 + } 80 80 + 81 81 + let cid = match Cid::from_str(&record_cid_str) { 82 82 + Ok(c) => c, 83 83 + Err(_) => { 84 84 + return ( 85 85 + StatusCode::INTERNAL_SERVER_ERROR, 86 86 + Json(json!({"error": "InternalError", "message": "Invalid CID in DB"})), 87 87 + ) 88 88 + .into_response(); 89 89 + } 90 90 + }; 91 91 + 92 92 + let block = match state.block_store.get(&cid).await { 93 93 + Ok(Some(b)) => b, 94 94 + _ => { 95 95 + return ( 96 96 + StatusCode::INTERNAL_SERVER_ERROR, 97 97 + Json(json!({"error": "InternalError", "message": "Record block not found"})), 98 98 + ) 99 99 + .into_response(); 100 100 + } 101 101 + }; 102 102 + 103 103 + let value: serde_json::Value = match serde_ipld_dagcbor::from_slice(&block) { 104 104 + Ok(v) => v, 105 105 + Err(e) => { 106 106 + error!("Failed to deserialize record: {:?}", e); 107 107 + return ( 108 108 + StatusCode::INTERNAL_SERVER_ERROR, 109 109 + Json(json!({"error": "InternalError"})), 110 110 + ) 111 111 + .into_response(); 112 112 + } 113 113 + }; 114 114 + 115 115 + Json(json!({ 116 116 + "uri": format!("at://{}/{}/{}", input.repo, input.collection, input.rkey), 117 117 + "cid": record_cid_str, 118 118 + "value": value 119 119 + })) 120 120 + .into_response() 121 121 + } 122 122 + 123 123 + #[derive(Deserialize)] 124 124 + pub struct ListRecordsInput { 125 125 + pub repo: String, 126 126 + pub collection: String, 127 127 + pub limit: Option<i32>, 128 128 + pub cursor: Option<String>, 129 129 + #[serde(rename = "rkeyStart")] 130 130 + pub rkey_start: Option<String>, 131 131 + #[serde(rename = "rkeyEnd")] 132 132 + pub rkey_end: Option<String>, 133 133 + pub reverse: Option<bool>, 134 134 + } 135 135 + 136 136 + #[derive(Serialize)] 137 137 + pub struct ListRecordsOutput { 138 138 + pub cursor: Option<String>, 139 139 + pub records: Vec<serde_json::Value>, 140 140 + } 141 141 + 142 142 + pub async fn list_records( 143 143 + State(state): State<AppState>, 144 144 + Query(input): Query<ListRecordsInput>, 145 145 + ) -> Response { 146 146 + let user_row = if input.repo.starts_with("did:") { 147 147 + sqlx::query("SELECT id FROM users WHERE did = $1") 148 148 + .bind(&input.repo) 149 149 + .fetch_optional(&state.db) 150 150 + .await 151 151 + } else { 152 152 + sqlx::query("SELECT id FROM users WHERE handle = $1") 153 153 + .bind(&input.repo) 154 154 + .fetch_optional(&state.db) 155 155 + .await 156 156 + }; 157 157 + 158 158 + let user_id: uuid::Uuid = match user_row { 159 159 + Ok(Some(row)) => row.get("id"), 160 160 + _ => { 161 161 + return ( 162 162 + StatusCode::NOT_FOUND, 163 163 + Json(json!({"error": "NotFound", "message": "Repo not found"})), 164 164 + ) 165 165 + .into_response(); 166 166 + } 167 167 + }; 168 168 + 169 169 + let limit = input.limit.unwrap_or(50).clamp(1, 100); 170 170 + let reverse = input.reverse.unwrap_or(false); 171 171 + 172 172 + // Simplistic query construction - no sophisticated cursor handling or rkey ranges for now, just basic pagination 173 173 + // TODO: Implement rkeyStart/End and correct cursor logic 174 174 + 175 175 + let query_str = format!( 176 176 + "SELECT rkey, record_cid FROM records WHERE repo_id = $1 AND collection = $2 {} ORDER BY rkey {} LIMIT {}", 177 177 + if let Some(_c) = &input.cursor { 178 178 + if reverse { 179 179 + "AND rkey < $3" 180 180 + } else { 181 181 + "AND rkey > $3" 182 182 + } 183 183 + } else { 184 184 + "" 185 185 + }, 186 186 + if reverse { "DESC" } else { "ASC" }, 187 187 + limit 188 188 + ); 189 189 + 190 190 + let mut query = sqlx::query(&query_str) 191 191 + .bind(user_id) 192 192 + .bind(&input.collection); 193 193 + 194 194 + if let Some(c) = &input.cursor { 195 195 + query = query.bind(c); 196 196 + } 197 197 + 198 198 + let rows = match query.fetch_all(&state.db).await { 199 199 + Ok(r) => r, 200 200 + Err(e) => { 201 201 + error!("Error listing records: {:?}", e); 202 202 + return ( 203 203 + StatusCode::INTERNAL_SERVER_ERROR, 204 204 + Json(json!({"error": "InternalError"})), 205 205 + ) 206 206 + .into_response(); 207 207 + } 208 208 + }; 209 209 + 210 210 + let mut records = Vec::new(); 211 211 + let mut last_rkey = None; 212 212 + 213 213 + for row in rows { 214 214 + let rkey: String = row.get("rkey"); 215 215 + let cid_str: String = row.get("record_cid"); 216 216 + last_rkey = Some(rkey.clone()); 217 217 + 218 218 + if let Ok(cid) = Cid::from_str(&cid_str) { 219 219 + if let Ok(Some(block)) = state.block_store.get(&cid).await { 220 220 + if let Ok(value) = serde_ipld_dagcbor::from_slice::<serde_json::Value>(&block) { 221 221 + records.push(json!({ 222 222 + "uri": format!("at://{}/{}/{}", input.repo, input.collection, rkey), 223 223 + "cid": cid_str, 224 224 + "value": value 225 225 + })); 226 226 + } 227 227 + } 228 228 + } 229 229 + } 230 230 + 231 231 + Json(ListRecordsOutput { 232 232 + cursor: last_rkey, 233 233 + records, 234 234 + }) 235 235 + .into_response() 236 236 + }

+591

src/api/repo/record/write.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::State, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use chrono::Utc; 9 9 + use cid::Cid; 10 10 + use jacquard::types::{ 11 11 + did::Did, 12 12 + integer::LimitedU32, 13 13 + string::{Nsid, Tid}, 14 14 + }; 15 15 + use jacquard_repo::{commit::Commit, mst::Mst, storage::BlockStore}; 16 16 + use serde::{Deserialize, Serialize}; 17 17 + use serde_json::json; 18 18 + use sqlx::Row; 19 19 + use std::str::FromStr; 20 20 + use std::sync::Arc; 21 21 + use tracing::error; 22 22 + 23 23 + #[derive(Deserialize)] 24 24 + #[allow(dead_code)] 25 25 + pub struct CreateRecordInput { 26 26 + pub repo: String, 27 27 + pub collection: String, 28 28 + pub rkey: Option<String>, 29 29 + pub validate: Option<bool>, 30 30 + pub record: serde_json::Value, 31 31 + #[serde(rename = "swapCommit")] 32 32 + pub swap_commit: Option<String>, 33 33 + } 34 34 + 35 35 + #[derive(Serialize)] 36 36 + #[serde(rename_all = "camelCase")] 37 37 + pub struct CreateRecordOutput { 38 38 + pub uri: String, 39 39 + pub cid: String, 40 40 + } 41 41 + 42 42 + pub async fn create_record( 43 43 + State(state): State<AppState>, 44 44 + headers: axum::http::HeaderMap, 45 45 + Json(input): Json<CreateRecordInput>, 46 46 + ) -> Response { 47 47 + let auth_header = headers.get("Authorization"); 48 48 + if auth_header.is_none() { 49 49 + return ( 50 50 + StatusCode::UNAUTHORIZED, 51 51 + Json(json!({"error": "AuthenticationRequired"})), 52 52 + ) 53 53 + .into_response(); 54 54 + } 55 55 + let token = auth_header 56 56 + .unwrap() 57 57 + .to_str() 58 58 + .unwrap_or("") 59 59 + .replace("Bearer ", ""); 60 60 + 61 61 + let session = sqlx::query( 62 62 + "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 63 63 + ) 64 64 + .bind(&token) 65 65 + .fetch_optional(&state.db) 66 66 + .await 67 67 + .unwrap_or(None); 68 68 + 69 69 + let (did, key_bytes) = match session { 70 70 + Some(row) => ( 71 71 + row.get::<String, _>("did"), 72 72 + row.get::<Vec<u8>, _>("key_bytes"), 73 73 + ), 74 74 + None => { 75 75 + return ( 76 76 + StatusCode::UNAUTHORIZED, 77 77 + Json(json!({"error": "AuthenticationFailed"})), 78 78 + ) 79 79 + .into_response(); 80 80 + } 81 81 + }; 82 82 + 83 83 + if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 84 84 + return ( 85 85 + StatusCode::UNAUTHORIZED, 86 86 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"})), 87 87 + ) 88 88 + .into_response(); 89 89 + } 90 90 + 91 91 + if input.repo != did { 92 92 + return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 93 93 + } 94 94 + 95 95 + let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 96 96 + .bind(&did) 97 97 + .fetch_optional(&state.db) 98 98 + .await; 99 99 + 100 100 + let user_id: uuid::Uuid = match user_query { 101 101 + Ok(Some(row)) => row.get("id"), 102 102 + _ => { 103 103 + return ( 104 104 + StatusCode::INTERNAL_SERVER_ERROR, 105 105 + Json(json!({"error": "InternalError", "message": "User not found"})), 106 106 + ) 107 107 + .into_response(); 108 108 + } 109 109 + }; 110 110 + 111 111 + let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 112 112 + .bind(user_id) 113 113 + .fetch_optional(&state.db) 114 114 + .await; 115 115 + 116 116 + let current_root_cid = match repo_root_query { 117 117 + Ok(Some(row)) => { 118 118 + let cid_str: String = row.get("repo_root_cid"); 119 119 + Cid::from_str(&cid_str).ok() 120 120 + } 121 121 + _ => None, 122 122 + }; 123 123 + 124 124 + if current_root_cid.is_none() { 125 125 + error!("Repo root not found for user {}", did); 126 126 + return ( 127 127 + StatusCode::INTERNAL_SERVER_ERROR, 128 128 + Json(json!({"error": "InternalError", "message": "Repo root not found"})), 129 129 + ) 130 130 + .into_response(); 131 131 + } 132 132 + let current_root_cid = current_root_cid.unwrap(); 133 133 + 134 134 + let commit_bytes = match state.block_store.get(&current_root_cid).await { 135 135 + Ok(Some(b)) => b, 136 136 + Ok(None) => { 137 137 + error!("Commit block not found: {}", current_root_cid); 138 138 + return ( 139 139 + StatusCode::INTERNAL_SERVER_ERROR, 140 140 + Json(json!({"error": "InternalError"})), 141 141 + ) 142 142 + .into_response(); 143 143 + } 144 144 + Err(e) => { 145 145 + error!("Failed to load commit block: {:?}", e); 146 146 + return ( 147 147 + StatusCode::INTERNAL_SERVER_ERROR, 148 148 + Json(json!({"error": "InternalError"})), 149 149 + ) 150 150 + .into_response(); 151 151 + } 152 152 + }; 153 153 + 154 154 + let commit = match Commit::from_cbor(&commit_bytes) { 155 155 + Ok(c) => c, 156 156 + Err(e) => { 157 157 + error!("Failed to parse commit: {:?}", e); 158 158 + return ( 159 159 + StatusCode::INTERNAL_SERVER_ERROR, 160 160 + Json(json!({"error": "InternalError"})), 161 161 + ) 162 162 + .into_response(); 163 163 + } 164 164 + }; 165 165 + 166 166 + let mst_root = commit.data; 167 167 + let store = Arc::new(state.block_store.clone()); 168 168 + let mst = Mst::load(store.clone(), mst_root, None); 169 169 + 170 170 + let collection_nsid = match input.collection.parse::<Nsid>() { 171 171 + Ok(n) => n, 172 172 + Err(_) => { 173 173 + return ( 174 174 + StatusCode::BAD_REQUEST, 175 175 + Json(json!({"error": "InvalidCollection"})), 176 176 + ) 177 177 + .into_response(); 178 178 + } 179 179 + }; 180 180 + 181 181 + let rkey = input 182 182 + .rkey 183 183 + .unwrap_or_else(|| Utc::now().format("%Y%m%d%H%M%S%f").to_string()); 184 184 + 185 185 + let mut record_bytes = Vec::new(); 186 186 + if let Err(e) = serde_ipld_dagcbor::to_writer(&mut record_bytes, &input.record) { 187 187 + error!("Error serializing record: {:?}", e); 188 188 + return ( 189 189 + StatusCode::BAD_REQUEST, 190 190 + Json(json!({"error": "InvalidRecord", "message": "Failed to serialize record"})), 191 191 + ) 192 192 + .into_response(); 193 193 + } 194 194 + 195 195 + let record_cid = match state.block_store.put(&record_bytes).await { 196 196 + Ok(c) => c, 197 197 + Err(e) => { 198 198 + error!("Failed to save record block: {:?}", e); 199 199 + return ( 200 200 + StatusCode::INTERNAL_SERVER_ERROR, 201 201 + Json(json!({"error": "InternalError"})), 202 202 + ) 203 203 + .into_response(); 204 204 + } 205 205 + }; 206 206 + 207 207 + let key = format!("{}/{}", collection_nsid, rkey); 208 208 + if let Err(e) = mst.update(&key, record_cid).await { 209 209 + error!("Failed to update MST: {:?}", e); 210 210 + return ( 211 211 + StatusCode::INTERNAL_SERVER_ERROR, 212 212 + Json(json!({"error": "InternalError"})), 213 213 + ) 214 214 + .into_response(); 215 215 + } 216 216 + 217 217 + let new_mst_root = match mst.root().await { 218 218 + Ok(c) => c, 219 219 + Err(e) => { 220 220 + error!("Failed to get new MST root: {:?}", e); 221 221 + return ( 222 222 + StatusCode::INTERNAL_SERVER_ERROR, 223 223 + Json(json!({"error": "InternalError"})), 224 224 + ) 225 225 + .into_response(); 226 226 + } 227 227 + }; 228 228 + 229 229 + let did_obj = match Did::new(&did) { 230 230 + Ok(d) => d, 231 231 + Err(_) => { 232 232 + return ( 233 233 + StatusCode::INTERNAL_SERVER_ERROR, 234 234 + Json(json!({"error": "InternalError", "message": "Invalid DID"})), 235 235 + ) 236 236 + .into_response(); 237 237 + } 238 238 + }; 239 239 + 240 240 + let rev = Tid::now(LimitedU32::MIN); 241 241 + 242 242 + let new_commit = Commit::new_unsigned(did_obj, new_mst_root, rev, Some(current_root_cid)); 243 243 + 244 244 + let new_commit_bytes = match new_commit.to_cbor() { 245 245 + Ok(b) => b, 246 246 + Err(e) => { 247 247 + error!("Failed to serialize new commit: {:?}", e); 248 248 + return ( 249 249 + StatusCode::INTERNAL_SERVER_ERROR, 250 250 + Json(json!({"error": "InternalError"})), 251 251 + ) 252 252 + .into_response(); 253 253 + } 254 254 + }; 255 255 + 256 256 + let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 257 257 + Ok(c) => c, 258 258 + Err(e) => { 259 259 + error!("Failed to save new commit: {:?}", e); 260 260 + return ( 261 261 + StatusCode::INTERNAL_SERVER_ERROR, 262 262 + Json(json!({"error": "InternalError"})), 263 263 + ) 264 264 + .into_response(); 265 265 + } 266 266 + }; 267 267 + 268 268 + let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 269 269 + .bind(new_root_cid.to_string()) 270 270 + .bind(user_id) 271 271 + .execute(&state.db) 272 272 + .await; 273 273 + 274 274 + if let Err(e) = update_repo { 275 275 + error!("Failed to update repo root in DB: {:?}", e); 276 276 + return ( 277 277 + StatusCode::INTERNAL_SERVER_ERROR, 278 278 + Json(json!({"error": "InternalError"})), 279 279 + ) 280 280 + .into_response(); 281 281 + } 282 282 + 283 283 + let record_insert = sqlx::query( 284 284 + "INSERT INTO records (repo_id, collection, rkey, record_cid) VALUES ($1, $2, $3, $4) 285 285 + ON CONFLICT (repo_id, collection, rkey) DO UPDATE SET record_cid = $4, created_at = NOW()", 286 286 + ) 287 287 + .bind(user_id) 288 288 + .bind(&input.collection) 289 289 + .bind(&rkey) 290 290 + .bind(record_cid.to_string()) 291 291 + .execute(&state.db) 292 292 + .await; 293 293 + 294 294 + if let Err(e) = record_insert { 295 295 + error!("Error inserting record index: {:?}", e); 296 296 + return ( 297 297 + StatusCode::INTERNAL_SERVER_ERROR, 298 298 + Json(json!({"error": "InternalError", "message": "Failed to index record"})), 299 299 + ) 300 300 + .into_response(); 301 301 + } 302 302 + 303 303 + let output = CreateRecordOutput { 304 304 + uri: format!("at://{}/{}/{}", input.repo, input.collection, rkey), 305 305 + cid: record_cid.to_string(), 306 306 + }; 307 307 + (StatusCode::OK, Json(output)).into_response() 308 308 + } 309 309 + 310 310 + #[derive(Deserialize)] 311 311 + #[allow(dead_code)] 312 312 + pub struct PutRecordInput { 313 313 + pub repo: String, 314 314 + pub collection: String, 315 315 + pub rkey: String, 316 316 + pub validate: Option<bool>, 317 317 + pub record: serde_json::Value, 318 318 + #[serde(rename = "swapCommit")] 319 319 + pub swap_commit: Option<String>, 320 320 + } 321 321 + 322 322 + #[derive(Serialize)] 323 323 + #[serde(rename_all = "camelCase")] 324 324 + pub struct PutRecordOutput { 325 325 + pub uri: String, 326 326 + pub cid: String, 327 327 + } 328 328 + 329 329 + pub async fn put_record( 330 330 + State(state): State<AppState>, 331 331 + headers: axum::http::HeaderMap, 332 332 + Json(input): Json<PutRecordInput>, 333 333 + ) -> Response { 334 334 + let auth_header = headers.get("Authorization"); 335 335 + if auth_header.is_none() { 336 336 + return ( 337 337 + StatusCode::UNAUTHORIZED, 338 338 + Json(json!({"error": "AuthenticationRequired"})), 339 339 + ) 340 340 + .into_response(); 341 341 + } 342 342 + let token = auth_header 343 343 + .unwrap() 344 344 + .to_str() 345 345 + .unwrap_or("") 346 346 + .replace("Bearer ", ""); 347 347 + 348 348 + let session = sqlx::query( 349 349 + "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.access_jwt = $1" 350 350 + ) 351 351 + .bind(&token) 352 352 + .fetch_optional(&state.db) 353 353 + .await 354 354 + .unwrap_or(None); 355 355 + 356 356 + let (did, key_bytes) = match session { 357 357 + Some(row) => ( 358 358 + row.get::<String, _>("did"), 359 359 + row.get::<Vec<u8>, _>("key_bytes"), 360 360 + ), 361 361 + None => { 362 362 + return ( 363 363 + StatusCode::UNAUTHORIZED, 364 364 + Json(json!({"error": "AuthenticationFailed"})), 365 365 + ) 366 366 + .into_response(); 367 367 + } 368 368 + }; 369 369 + 370 370 + if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 371 371 + return ( 372 372 + StatusCode::UNAUTHORIZED, 373 373 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"})), 374 374 + ) 375 375 + .into_response(); 376 376 + } 377 377 + 378 378 + if input.repo != did { 379 379 + return (StatusCode::FORBIDDEN, Json(json!({"error": "InvalidRepo", "message": "Repo does not match authenticated user"}))).into_response(); 380 380 + } 381 381 + 382 382 + let user_query = sqlx::query("SELECT id FROM users WHERE did = $1") 383 383 + .bind(&did) 384 384 + .fetch_optional(&state.db) 385 385 + .await; 386 386 + 387 387 + let user_id: uuid::Uuid = match user_query { 388 388 + Ok(Some(row)) => row.get("id"), 389 389 + _ => { 390 390 + return ( 391 391 + StatusCode::INTERNAL_SERVER_ERROR, 392 392 + Json(json!({"error": "InternalError", "message": "User not found"})), 393 393 + ) 394 394 + .into_response(); 395 395 + } 396 396 + }; 397 397 + 398 398 + let repo_root_query = sqlx::query("SELECT repo_root_cid FROM repos WHERE user_id = $1") 399 399 + .bind(user_id) 400 400 + .fetch_optional(&state.db) 401 401 + .await; 402 402 + 403 403 + let current_root_cid = match repo_root_query { 404 404 + Ok(Some(row)) => { 405 405 + let cid_str: String = row.get("repo_root_cid"); 406 406 + Cid::from_str(&cid_str).ok() 407 407 + } 408 408 + _ => None, 409 409 + }; 410 410 + 411 411 + if current_root_cid.is_none() { 412 412 + error!("Repo root not found for user {}", did); 413 413 + return ( 414 414 + StatusCode::INTERNAL_SERVER_ERROR, 415 415 + Json(json!({"error": "InternalError", "message": "Repo root not found"})), 416 416 + ) 417 417 + .into_response(); 418 418 + } 419 419 + let current_root_cid = current_root_cid.unwrap(); 420 420 + 421 421 + let commit_bytes = match state.block_store.get(&current_root_cid).await { 422 422 + Ok(Some(b)) => b, 423 423 + Ok(None) => { 424 424 + error!("Commit block not found: {}", current_root_cid); 425 425 + return ( 426 426 + StatusCode::INTERNAL_SERVER_ERROR, 427 427 + Json(json!({"error": "InternalError", "message": "Commit block not found"})), 428 428 + ) 429 429 + .into_response(); 430 430 + } 431 431 + Err(e) => { 432 432 + error!("Failed to load commit block: {:?}", e); 433 433 + return ( 434 434 + StatusCode::INTERNAL_SERVER_ERROR, 435 435 + Json(json!({"error": "InternalError", "message": "Failed to load commit block"})), 436 436 + ) 437 437 + .into_response(); 438 438 + } 439 439 + }; 440 440 + 441 441 + let commit = match Commit::from_cbor(&commit_bytes) { 442 442 + Ok(c) => c, 443 443 + Err(e) => { 444 444 + error!("Failed to parse commit: {:?}", e); 445 445 + return ( 446 446 + StatusCode::INTERNAL_SERVER_ERROR, 447 447 + Json(json!({"error": "InternalError", "message": "Failed to parse commit"})), 448 448 + ) 449 449 + .into_response(); 450 450 + } 451 451 + }; 452 452 + 453 453 + let mst_root = commit.data; 454 454 + let store = Arc::new(state.block_store.clone()); 455 455 + let mst = Mst::load(store.clone(), mst_root, None); 456 456 + 457 457 + let collection_nsid = match input.collection.parse::<Nsid>() { 458 458 + Ok(n) => n, 459 459 + Err(_) => { 460 460 + return ( 461 461 + StatusCode::BAD_REQUEST, 462 462 + Json(json!({"error": "InvalidCollection"})), 463 463 + ) 464 464 + .into_response(); 465 465 + } 466 466 + }; 467 467 + 468 468 + let rkey = input.rkey.clone(); 469 469 + 470 470 + let mut record_bytes = Vec::new(); 471 471 + if let Err(e) = serde_ipld_dagcbor::to_writer(&mut record_bytes, &input.record) { 472 472 + error!("Error serializing record: {:?}", e); 473 473 + return ( 474 474 + StatusCode::BAD_REQUEST, 475 475 + Json(json!({"error": "InvalidRecord", "message": "Failed to serialize record"})), 476 476 + ) 477 477 + .into_response(); 478 478 + } 479 479 + 480 480 + let record_cid = match state.block_store.put(&record_bytes).await { 481 481 + Ok(c) => c, 482 482 + Err(e) => { 483 483 + error!("Failed to save record block: {:?}", e); 484 484 + return ( 485 485 + StatusCode::INTERNAL_SERVER_ERROR, 486 486 + Json(json!({"error": "InternalError", "message": "Failed to save record block"})), 487 487 + ) 488 488 + .into_response(); 489 489 + } 490 490 + }; 491 491 + 492 492 + let key = format!("{}/{}", collection_nsid, rkey); 493 493 + if let Err(e) = mst.update(&key, record_cid).await { 494 494 + error!("Failed to update MST: {:?}", e); 495 495 + return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError", "message": format!("Failed to update MST: {:?}", e)}))).into_response(); 496 496 + } 497 497 + 498 498 + let new_mst_root = match mst.root().await { 499 499 + Ok(c) => c, 500 500 + Err(e) => { 501 501 + error!("Failed to get new MST root: {:?}", e); 502 502 + return ( 503 503 + StatusCode::INTERNAL_SERVER_ERROR, 504 504 + Json(json!({"error": "InternalError", "message": "Failed to get new MST root"})), 505 505 + ) 506 506 + .into_response(); 507 507 + } 508 508 + }; 509 509 + 510 510 + let did_obj = match Did::new(&did) { 511 511 + Ok(d) => d, 512 512 + Err(_) => { 513 513 + return ( 514 514 + StatusCode::INTERNAL_SERVER_ERROR, 515 515 + Json(json!({"error": "InternalError", "message": "Invalid DID"})), 516 516 + ) 517 517 + .into_response(); 518 518 + } 519 519 + }; 520 520 + 521 521 + let rev = Tid::now(LimitedU32::MIN); 522 522 + 523 523 + let new_commit = Commit::new_unsigned(did_obj, new_mst_root, rev, Some(current_root_cid)); 524 524 + 525 525 + let new_commit_bytes = match new_commit.to_cbor() { 526 526 + Ok(b) => b, 527 527 + Err(e) => { 528 528 + error!("Failed to serialize new commit: {:?}", e); 529 529 + return ( 530 530 + StatusCode::INTERNAL_SERVER_ERROR, 531 531 + Json( 532 532 + json!({"error": "InternalError", "message": "Failed to serialize new commit"}), 533 533 + ), 534 534 + ) 535 535 + .into_response(); 536 536 + } 537 537 + }; 538 538 + 539 539 + let new_root_cid = match state.block_store.put(&new_commit_bytes).await { 540 540 + Ok(c) => c, 541 541 + Err(e) => { 542 542 + error!("Failed to save new commit: {:?}", e); 543 543 + return ( 544 544 + StatusCode::INTERNAL_SERVER_ERROR, 545 545 + Json(json!({"error": "InternalError", "message": "Failed to save new commit"})), 546 546 + ) 547 547 + .into_response(); 548 548 + } 549 549 + }; 550 550 + 551 551 + let update_repo = sqlx::query("UPDATE repos SET repo_root_cid = $1 WHERE user_id = $2") 552 552 + .bind(new_root_cid.to_string()) 553 553 + .bind(user_id) 554 554 + .execute(&state.db) 555 555 + .await; 556 556 + 557 557 + if let Err(e) = update_repo { 558 558 + error!("Failed to update repo root in DB: {:?}", e); 559 559 + return ( 560 560 + StatusCode::INTERNAL_SERVER_ERROR, 561 561 + Json(json!({"error": "InternalError", "message": "Failed to update repo root in DB"})), 562 562 + ) 563 563 + .into_response(); 564 564 + } 565 565 + 566 566 + let record_insert = sqlx::query( 567 567 + "INSERT INTO records (repo_id, collection, rkey, record_cid) VALUES ($1, $2, $3, $4) 568 568 + ON CONFLICT (repo_id, collection, rkey) DO UPDATE SET record_cid = $4, created_at = NOW()", 569 569 + ) 570 570 + .bind(user_id) 571 571 + .bind(&input.collection) 572 572 + .bind(&rkey) 573 573 + .bind(record_cid.to_string()) 574 574 + .execute(&state.db) 575 575 + .await; 576 576 + 577 577 + if let Err(e) = record_insert { 578 578 + error!("Error inserting record index: {:?}", e); 579 579 + return ( 580 580 + StatusCode::INTERNAL_SERVER_ERROR, 581 581 + Json(json!({"error": "InternalError", "message": "Failed to index record"})), 582 582 + ) 583 583 + .into_response(); 584 584 + } 585 585 + 586 586 + let output = PutRecordOutput { 587 587 + uri: format!("at://{}/{}/{}", input.repo, input.collection, rkey), 588 588 + cid: record_cid.to_string(), 589 589 + }; 590 590 + (StatusCode::OK, Json(output)).into_response() 591 591 + }

-294

src/api/server.rs

··· 1 1 - use axum::{ 2 2 - extract::State, 3 3 - Json, 4 4 - response::{IntoResponse, Response}, 5 5 - http::StatusCode, 6 6 - }; 7 7 - use serde::{Deserialize, Serialize}; 8 8 - use serde_json::json; 9 9 - use crate::state::AppState; 10 10 - use sqlx::Row; 11 11 - use bcrypt::verify; 12 12 - use tracing::{info, error, warn}; 13 13 - 14 14 - pub async fn describe_server() -> impl IntoResponse { 15 15 - let domains_str = std::env::var("AVAILABLE_USER_DOMAINS").unwrap_or_else(|_| "example.com".to_string()); 16 16 - let domains: Vec<&str> = domains_str.split(',').map(|s| s.trim()).collect(); 17 17 - 18 18 - Json(json!({ 19 19 - "availableUserDomains": domains 20 20 - })) 21 21 - } 22 22 - 23 23 - pub async fn health(State(state): State<AppState>) -> impl IntoResponse { 24 24 - match sqlx::query("SELECT 1").execute(&state.db).await { 25 25 - Ok(_) => (StatusCode::OK, "OK"), 26 26 - Err(e) => { 27 27 - error!("Health check failed: {:?}", e); 28 28 - (StatusCode::SERVICE_UNAVAILABLE, "Service Unavailable") 29 29 - } 30 30 - } 31 31 - } 32 32 - 33 33 - #[derive(Deserialize)] 34 34 - pub struct CreateSessionInput { 35 35 - pub identifier: String, 36 36 - pub password: String, 37 37 - } 38 38 - 39 39 - #[derive(Serialize)] 40 40 - #[serde(rename_all = "camelCase")] 41 41 - pub struct CreateSessionOutput { 42 42 - pub access_jwt: String, 43 43 - pub refresh_jwt: String, 44 44 - pub handle: String, 45 45 - pub did: String, 46 46 - } 47 47 - 48 48 - pub async fn create_session( 49 49 - State(state): State<AppState>, 50 50 - Json(input): Json<CreateSessionInput>, 51 51 - ) -> Response { 52 52 - info!("create_session: identifier='{}'", input.identifier); 53 53 - 54 54 - let user_row = sqlx::query("SELECT u.did, u.handle, u.password_hash, k.key_bytes FROM users u JOIN user_keys k ON u.id = k.user_id WHERE u.handle = $1 OR u.email = $1") 55 55 - .bind(&input.identifier) 56 56 - .fetch_optional(&state.db) 57 57 - .await; 58 58 - 59 59 - match user_row { 60 60 - Ok(Some(row)) => { 61 61 - let stored_hash: String = row.get("password_hash"); 62 62 - 63 63 - if verify(&input.password, &stored_hash).unwrap_or(false) { 64 64 - let did: String = row.get("did"); 65 65 - let handle: String = row.get("handle"); 66 66 - let key_bytes: Vec<u8> = row.get("key_bytes"); 67 67 - 68 68 - let access_jwt = match crate::auth::create_access_token(&did, &key_bytes) { 69 69 - Ok(t) => t, 70 70 - Err(e) => { 71 71 - error!("Failed to create access token: {:?}", e); 72 72 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 73 73 - } 74 74 - }; 75 75 - 76 76 - let refresh_jwt = match crate::auth::create_refresh_token(&did, &key_bytes) { 77 77 - Ok(t) => t, 78 78 - Err(e) => { 79 79 - error!("Failed to create refresh token: {:?}", e); 80 80 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 81 81 - } 82 82 - }; 83 83 - 84 84 - let session_insert = sqlx::query("INSERT INTO sessions (access_jwt, refresh_jwt, did) VALUES ($1, $2, $3)") 85 85 - .bind(&access_jwt) 86 86 - .bind(&refresh_jwt) 87 87 - .bind(&did) 88 88 - .execute(&state.db) 89 89 - .await; 90 90 - 91 91 - match session_insert { 92 92 - Ok(_) => { 93 93 - return (StatusCode::OK, Json(CreateSessionOutput { 94 94 - access_jwt, 95 95 - refresh_jwt, 96 96 - handle, 97 97 - did, 98 98 - })).into_response(); 99 99 - }, 100 100 - Err(e) => { 101 101 - error!("Failed to insert session: {:?}", e); 102 102 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 103 103 - } 104 104 - } 105 105 - } else { 106 106 - warn!("Password verification failed for identifier: {}", input.identifier); 107 107 - } 108 108 - }, 109 109 - Ok(None) => { 110 110 - warn!("User not found for identifier: {}", input.identifier); 111 111 - }, 112 112 - Err(e) => { 113 113 - error!("Database error fetching user: {:?}", e); 114 114 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 115 115 - } 116 116 - } 117 117 - 118 118 - (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid identifier or password"}))).into_response() 119 119 - } 120 120 - 121 121 - pub async fn get_session( 122 122 - State(state): State<AppState>, 123 123 - headers: axum::http::HeaderMap, 124 124 - ) -> Response { 125 125 - let auth_header = headers.get("Authorization"); 126 126 - if auth_header.is_none() { 127 127 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 128 128 - } 129 129 - 130 130 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 131 131 - 132 132 - let result = sqlx::query( 133 133 - r#" 134 134 - SELECT u.handle, u.did, u.email, k.key_bytes 135 135 - FROM sessions s 136 136 - JOIN users u ON s.did = u.did 137 137 - JOIN user_keys k ON u.id = k.user_id 138 138 - WHERE s.access_jwt = $1 139 139 - "# 140 140 - ) 141 141 - .bind(&token) 142 142 - .fetch_optional(&state.db) 143 143 - .await; 144 144 - 145 145 - match result { 146 146 - Ok(Some(row)) => { 147 147 - let handle: String = row.get("handle"); 148 148 - let did: String = row.get("did"); 149 149 - let email: String = row.get("email"); 150 150 - let key_bytes: Vec<u8> = row.get("key_bytes"); 151 151 - 152 152 - if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 153 153 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 154 154 - } 155 155 - 156 156 - return (StatusCode::OK, Json(json!({ 157 157 - "handle": handle, 158 158 - "did": did, 159 159 - "email": email, 160 160 - "didDoc": {} 161 161 - }))).into_response(); 162 162 - }, 163 163 - Ok(None) => { 164 164 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response(); 165 165 - }, 166 166 - Err(e) => { 167 167 - error!("Database error in get_session: {:?}", e); 168 168 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 169 169 - } 170 170 - } 171 171 - } 172 172 - 173 173 - pub async fn delete_session( 174 174 - State(state): State<AppState>, 175 175 - headers: axum::http::HeaderMap, 176 176 - ) -> Response { 177 177 - let auth_header = headers.get("Authorization"); 178 178 - if auth_header.is_none() { 179 179 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 180 180 - } 181 181 - 182 182 - let token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 183 183 - 184 184 - let result = sqlx::query("DELETE FROM sessions WHERE access_jwt = $1") 185 185 - .bind(token) 186 186 - .execute(&state.db) 187 187 - .await; 188 188 - 189 189 - match result { 190 190 - Ok(res) => { 191 191 - if res.rows_affected() > 0 { 192 192 - return (StatusCode::OK, Json(json!({}))).into_response(); 193 193 - } 194 194 - }, 195 195 - Err(e) => { 196 196 - error!("Database error in delete_session: {:?}", e); 197 197 - } 198 198 - } 199 199 - 200 200 - (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed"}))).into_response() 201 201 - } 202 202 - 203 203 - pub async fn refresh_session( 204 204 - State(state): State<AppState>, 205 205 - headers: axum::http::HeaderMap, 206 206 - ) -> Response { 207 207 - let auth_header = headers.get("Authorization"); 208 208 - if auth_header.is_none() { 209 209 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationRequired"}))).into_response(); 210 210 - } 211 211 - 212 212 - let refresh_token = auth_header.unwrap().to_str().unwrap_or("").replace("Bearer ", ""); 213 213 - 214 214 - let session = sqlx::query( 215 215 - "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.refresh_jwt = $1" 216 216 - ) 217 217 - .bind(&refresh_token) 218 218 - .fetch_optional(&state.db) 219 219 - .await; 220 220 - 221 221 - match session { 222 222 - Ok(Some(session_row)) => { 223 223 - let did: String = session_row.get("did"); 224 224 - let key_bytes: Vec<u8> = session_row.get("key_bytes"); 225 225 - 226 226 - if let Err(_) = crate::auth::verify_token(&refresh_token, &key_bytes) { 227 227 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid refresh token signature"}))).into_response(); 228 228 - } 229 229 - 230 230 - let new_access_jwt = match crate::auth::create_access_token(&did, &key_bytes) { 231 231 - Ok(t) => t, 232 232 - Err(e) => { 233 233 - error!("Failed to create access token: {:?}", e); 234 234 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 235 235 - } 236 236 - }; 237 237 - let new_refresh_jwt = match crate::auth::create_refresh_token(&did, &key_bytes) { 238 238 - Ok(t) => t, 239 239 - Err(e) => { 240 240 - error!("Failed to create refresh token: {:?}", e); 241 241 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 242 242 - } 243 243 - }; 244 244 - 245 245 - let update = sqlx::query("UPDATE sessions SET access_jwt = $1, refresh_jwt = $2 WHERE refresh_jwt = $3") 246 246 - .bind(&new_access_jwt) 247 247 - .bind(&new_refresh_jwt) 248 248 - .bind(&refresh_token) 249 249 - .execute(&state.db) 250 250 - .await; 251 251 - 252 252 - match update { 253 253 - Ok(_) => { 254 254 - let user = sqlx::query("SELECT handle FROM users WHERE did = $1") 255 255 - .bind(&did) 256 256 - .fetch_optional(&state.db) 257 257 - .await; 258 258 - 259 259 - match user { 260 260 - Ok(Some(u)) => { 261 261 - let handle: String = u.get("handle"); 262 262 - return (StatusCode::OK, Json(json!({ 263 263 - "accessJwt": new_access_jwt, 264 264 - "refreshJwt": new_refresh_jwt, 265 265 - "handle": handle, 266 266 - "did": did 267 267 - }))).into_response(); 268 268 - }, 269 269 - Ok(None) => { 270 270 - error!("User not found for existing session: {}", did); 271 271 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 272 272 - }, 273 273 - Err(e) => { 274 274 - error!("Database error fetching user: {:?}", e); 275 275 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 276 276 - } 277 277 - } 278 278 - }, 279 279 - Err(e) => { 280 280 - error!("Database error updating session: {:?}", e); 281 281 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 282 282 - } 283 283 - } 284 284 - }, 285 285 - Ok(None) => { 286 286 - return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid refresh token"}))).into_response(); 287 287 - }, 288 288 - Err(e) => { 289 289 - error!("Database error fetching session: {:?}", e); 290 290 - return (StatusCode::INTERNAL_SERVER_ERROR, Json(json!({"error": "InternalError"}))).into_response(); 291 291 - } 292 292 - } 293 293 - } 294 294 -

+25

src/api/server/meta.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{Json, extract::State, http::StatusCode, response::IntoResponse}; 3 3 + use serde_json::json; 4 4 + 5 5 + use tracing::error; 6 6 + 7 7 + pub async fn describe_server() -> impl IntoResponse { 8 8 + let domains_str = 9 9 + std::env::var("AVAILABLE_USER_DOMAINS").unwrap_or_else(|_| "example.com".to_string()); 10 10 + let domains: Vec<&str> = domains_str.split(',').map(|s| s.trim()).collect(); 11 11 + 12 12 + Json(json!({ 13 13 + "availableUserDomains": domains 14 14 + })) 15 15 + } 16 16 + 17 17 + pub async fn health(State(state): State<AppState>) -> impl IntoResponse { 18 18 + match sqlx::query("SELECT 1").execute(&state.db).await { 19 19 + Ok(_) => (StatusCode::OK, "OK"), 20 20 + Err(e) => { 21 21 + error!("Health check failed: {:?}", e); 22 22 + (StatusCode::SERVICE_UNAVAILABLE, "Service Unavailable") 23 23 + } 24 24 + } 25 25 + }

+5

src/api/server/mod.rs

··· 1 1 + pub mod meta; 2 2 + pub mod session; 3 3 + 4 4 + pub use meta::{describe_server, health}; 5 5 + pub use session::{create_session, delete_session, get_session, refresh_session};

+377

src/api/server/session.rs

··· 1 1 + use crate::state::AppState; 2 2 + use axum::{ 3 3 + Json, 4 4 + extract::State, 5 5 + http::StatusCode, 6 6 + response::{IntoResponse, Response}, 7 7 + }; 8 8 + use bcrypt::verify; 9 9 + use serde::{Deserialize, Serialize}; 10 10 + use serde_json::json; 11 11 + use sqlx::Row; 12 12 + use tracing::{error, info, warn}; 13 13 + 14 14 + #[derive(Deserialize)] 15 15 + pub struct CreateSessionInput { 16 16 + pub identifier: String, 17 17 + pub password: String, 18 18 + } 19 19 + 20 20 + #[derive(Serialize)] 21 21 + #[serde(rename_all = "camelCase")] 22 22 + pub struct CreateSessionOutput { 23 23 + pub access_jwt: String, 24 24 + pub refresh_jwt: String, 25 25 + pub handle: String, 26 26 + pub did: String, 27 27 + } 28 28 + 29 29 + pub async fn create_session( 30 30 + State(state): State<AppState>, 31 31 + Json(input): Json<CreateSessionInput>, 32 32 + ) -> Response { 33 33 + info!("create_session: identifier='{}'", input.identifier); 34 34 + 35 35 + let user_row = sqlx::query("SELECT u.did, u.handle, u.password_hash, k.key_bytes FROM users u JOIN user_keys k ON u.id = k.user_id WHERE u.handle = $1 OR u.email = $1") 36 36 + .bind(&input.identifier) 37 37 + .fetch_optional(&state.db) 38 38 + .await; 39 39 + 40 40 + match user_row { 41 41 + Ok(Some(row)) => { 42 42 + let stored_hash: String = row.get("password_hash"); 43 43 + 44 44 + if verify(&input.password, &stored_hash).unwrap_or(false) { 45 45 + let did: String = row.get("did"); 46 46 + let handle: String = row.get("handle"); 47 47 + let key_bytes: Vec<u8> = row.get("key_bytes"); 48 48 + 49 49 + let access_jwt = match crate::auth::create_access_token(&did, &key_bytes) { 50 50 + Ok(t) => t, 51 51 + Err(e) => { 52 52 + error!("Failed to create access token: {:?}", e); 53 53 + return ( 54 54 + StatusCode::INTERNAL_SERVER_ERROR, 55 55 + Json(json!({"error": "InternalError"})), 56 56 + ) 57 57 + .into_response(); 58 58 + } 59 59 + }; 60 60 + 61 61 + let refresh_jwt = match crate::auth::create_refresh_token(&did, &key_bytes) { 62 62 + Ok(t) => t, 63 63 + Err(e) => { 64 64 + error!("Failed to create refresh token: {:?}", e); 65 65 + return ( 66 66 + StatusCode::INTERNAL_SERVER_ERROR, 67 67 + Json(json!({"error": "InternalError"})), 68 68 + ) 69 69 + .into_response(); 70 70 + } 71 71 + }; 72 72 + 73 73 + let session_insert = sqlx::query( 74 74 + "INSERT INTO sessions (access_jwt, refresh_jwt, did) VALUES ($1, $2, $3)", 75 75 + ) 76 76 + .bind(&access_jwt) 77 77 + .bind(&refresh_jwt) 78 78 + .bind(&did) 79 79 + .execute(&state.db) 80 80 + .await; 81 81 + 82 82 + match session_insert { 83 83 + Ok(_) => { 84 84 + return ( 85 85 + StatusCode::OK, 86 86 + Json(CreateSessionOutput { 87 87 + access_jwt, 88 88 + refresh_jwt, 89 89 + handle, 90 90 + did, 91 91 + }), 92 92 + ) 93 93 + .into_response(); 94 94 + } 95 95 + Err(e) => { 96 96 + error!("Failed to insert session: {:?}", e); 97 97 + return ( 98 98 + StatusCode::INTERNAL_SERVER_ERROR, 99 99 + Json(json!({"error": "InternalError"})), 100 100 + ) 101 101 + .into_response(); 102 102 + } 103 103 + } 104 104 + } else { 105 105 + warn!( 106 106 + "Password verification failed for identifier: {}", 107 107 + input.identifier 108 108 + ); 109 109 + } 110 110 + } 111 111 + Ok(None) => { 112 112 + warn!("User not found for identifier: {}", input.identifier); 113 113 + } 114 114 + Err(e) => { 115 115 + error!("Database error fetching user: {:?}", e); 116 116 + return ( 117 117 + StatusCode::INTERNAL_SERVER_ERROR, 118 118 + Json(json!({"error": "InternalError"})), 119 119 + ) 120 120 + .into_response(); 121 121 + } 122 122 + } 123 123 + 124 124 + ( 125 125 + StatusCode::UNAUTHORIZED, 126 126 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid identifier or password"})), 127 127 + ) 128 128 + .into_response() 129 129 + } 130 130 + 131 131 + pub async fn get_session( 132 132 + State(state): State<AppState>, 133 133 + headers: axum::http::HeaderMap, 134 134 + ) -> Response { 135 135 + let auth_header = headers.get("Authorization"); 136 136 + if auth_header.is_none() { 137 137 + return ( 138 138 + StatusCode::UNAUTHORIZED, 139 139 + Json(json!({"error": "AuthenticationRequired"})), 140 140 + ) 141 141 + .into_response(); 142 142 + } 143 143 + 144 144 + let token = auth_header 145 145 + .unwrap() 146 146 + .to_str() 147 147 + .unwrap_or("") 148 148 + .replace("Bearer ", ""); 149 149 + 150 150 + let result = sqlx::query( 151 151 + r#" 152 152 + SELECT u.handle, u.did, u.email, k.key_bytes 153 153 + FROM sessions s 154 154 + JOIN users u ON s.did = u.did 155 155 + JOIN user_keys k ON u.id = k.user_id 156 156 + WHERE s.access_jwt = $1 157 157 + "#, 158 158 + ) 159 159 + .bind(&token) 160 160 + .fetch_optional(&state.db) 161 161 + .await; 162 162 + 163 163 + match result { 164 164 + Ok(Some(row)) => { 165 165 + let handle: String = row.get("handle"); 166 166 + let did: String = row.get("did"); 167 167 + let email: String = row.get("email"); 168 168 + let key_bytes: Vec<u8> = row.get("key_bytes"); 169 169 + 170 170 + if let Err(_) = crate::auth::verify_token(&token, &key_bytes) { 171 171 + return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid token signature"}))).into_response(); 172 172 + } 173 173 + 174 174 + return ( 175 175 + StatusCode::OK, 176 176 + Json(json!({ 177 177 + "handle": handle, 178 178 + "did": did, 179 179 + "email": email, 180 180 + "didDoc": {} 181 181 + })), 182 182 + ) 183 183 + .into_response(); 184 184 + } 185 185 + Ok(None) => { 186 186 + return ( 187 187 + StatusCode::UNAUTHORIZED, 188 188 + Json(json!({"error": "AuthenticationFailed"})), 189 189 + ) 190 190 + .into_response(); 191 191 + } 192 192 + Err(e) => { 193 193 + error!("Database error in get_session: {:?}", e); 194 194 + return ( 195 195 + StatusCode::INTERNAL_SERVER_ERROR, 196 196 + Json(json!({"error": "InternalError"})), 197 197 + ) 198 198 + .into_response(); 199 199 + } 200 200 + } 201 201 + } 202 202 + 203 203 + pub async fn delete_session( 204 204 + State(state): State<AppState>, 205 205 + headers: axum::http::HeaderMap, 206 206 + ) -> Response { 207 207 + let auth_header = headers.get("Authorization"); 208 208 + if auth_header.is_none() { 209 209 + return ( 210 210 + StatusCode::UNAUTHORIZED, 211 211 + Json(json!({"error": "AuthenticationRequired"})), 212 212 + ) 213 213 + .into_response(); 214 214 + } 215 215 + 216 216 + let token = auth_header 217 217 + .unwrap() 218 218 + .to_str() 219 219 + .unwrap_or("") 220 220 + .replace("Bearer ", ""); 221 221 + 222 222 + let result = sqlx::query("DELETE FROM sessions WHERE access_jwt = $1") 223 223 + .bind(token) 224 224 + .execute(&state.db) 225 225 + .await; 226 226 + 227 227 + match result { 228 228 + Ok(res) => { 229 229 + if res.rows_affected() > 0 { 230 230 + return (StatusCode::OK, Json(json!({}))).into_response(); 231 231 + } 232 232 + } 233 233 + Err(e) => { 234 234 + error!("Database error in delete_session: {:?}", e); 235 235 + } 236 236 + } 237 237 + 238 238 + ( 239 239 + StatusCode::UNAUTHORIZED, 240 240 + Json(json!({"error": "AuthenticationFailed"})), 241 241 + ) 242 242 + .into_response() 243 243 + } 244 244 + 245 245 + pub async fn refresh_session( 246 246 + State(state): State<AppState>, 247 247 + headers: axum::http::HeaderMap, 248 248 + ) -> Response { 249 249 + let auth_header = headers.get("Authorization"); 250 250 + if auth_header.is_none() { 251 251 + return ( 252 252 + StatusCode::UNAUTHORIZED, 253 253 + Json(json!({"error": "AuthenticationRequired"})), 254 254 + ) 255 255 + .into_response(); 256 256 + } 257 257 + 258 258 + let refresh_token = auth_header 259 259 + .unwrap() 260 260 + .to_str() 261 261 + .unwrap_or("") 262 262 + .replace("Bearer ", ""); 263 263 + 264 264 + let session = sqlx::query( 265 265 + "SELECT s.did, k.key_bytes FROM sessions s JOIN users u ON s.did = u.did JOIN user_keys k ON u.id = k.user_id WHERE s.refresh_jwt = $1" 266 266 + ) 267 267 + .bind(&refresh_token) 268 268 + .fetch_optional(&state.db) 269 269 + .await; 270 270 + 271 271 + match session { 272 272 + Ok(Some(session_row)) => { 273 273 + let did: String = session_row.get("did"); 274 274 + let key_bytes: Vec<u8> = session_row.get("key_bytes"); 275 275 + 276 276 + if let Err(_) = crate::auth::verify_token(&refresh_token, &key_bytes) { 277 277 + return (StatusCode::UNAUTHORIZED, Json(json!({"error": "AuthenticationFailed", "message": "Invalid refresh token signature"}))).into_response(); 278 278 + } 279 279 + 280 280 + let new_access_jwt = match crate::auth::create_access_token(&did, &key_bytes) { 281 281 + Ok(t) => t, 282 282 + Err(e) => { 283 283 + error!("Failed to create access token: {:?}", e); 284 284 + return ( 285 285 + StatusCode::INTERNAL_SERVER_ERROR, 286 286 + Json(json!({"error": "InternalError"})), 287 287 + ) 288 288 + .into_response(); 289 289 + } 290 290 + }; 291 291 + let new_refresh_jwt = match crate::auth::create_refresh_token(&did, &key_bytes) { 292 292 + Ok(t) => t, 293 293 + Err(e) => { 294 294 + error!("Failed to create refresh token: {:?}", e); 295 295 + return ( 296 296 + StatusCode::INTERNAL_SERVER_ERROR, 297 297 + Json(json!({"error": "InternalError"})), 298 298 + ) 299 299 + .into_response(); 300 300 + } 301 301 + }; 302 302 + 303 303 + let update = sqlx::query( 304 304 + "UPDATE sessions SET access_jwt = $1, refresh_jwt = $2 WHERE refresh_jwt = $3", 305 305 + ) 306 306 + .bind(&new_access_jwt) 307 307 + .bind(&new_refresh_jwt) 308 308 + .bind(&refresh_token) 309 309 + .execute(&state.db) 310 310 + .await; 311 311 + 312 312 + match update { 313 313 + Ok(_) => { 314 314 + let user = sqlx::query("SELECT handle FROM users WHERE did = $1") 315 315 + .bind(&did) 316 316 + .fetch_optional(&state.db) 317 317 + .await; 318 318 + 319 319 + match user { 320 320 + Ok(Some(u)) => { 321 321 + let handle: String = u.get("handle"); 322 322 + return ( 323 323 + StatusCode::OK, 324 324 + Json(json!({ 325 325 + "accessJwt": new_access_jwt, 326 326 + "refreshJwt": new_refresh_jwt, 327 327 + "handle": handle, 328 328 + "did": did 329 329 + })), 330 330 + ) 331 331 + .into_response(); 332 332 + } 333 333 + Ok(None) => { 334 334 + error!("User not found for existing session: {}", did); 335 335 + return ( 336 336 + StatusCode::INTERNAL_SERVER_ERROR, 337 337 + Json(json!({"error": "InternalError"})), 338 338 + ) 339 339 + .into_response(); 340 340 + } 341 341 + Err(e) => { 342 342 + error!("Database error fetching user: {:?}", e); 343 343 + return ( 344 344 + StatusCode::INTERNAL_SERVER_ERROR, 345 345 + Json(json!({"error": "InternalError"})), 346 346 + ) 347 347 + .into_response(); 348 348 + } 349 349 + } 350 350 + } 351 351 + Err(e) => { 352 352 + error!("Database error updating session: {:?}", e); 353 353 + return ( 354 354 + StatusCode::INTERNAL_SERVER_ERROR, 355 355 + Json(json!({"error": "InternalError"})), 356 356 + ) 357 357 + .into_response(); 358 358 + } 359 359 + } 360 360 + } 361 361 + Ok(None) => { 362 362 + return ( 363 363 + StatusCode::UNAUTHORIZED, 364 364 + Json(json!({"error": "AuthenticationFailed", "message": "Invalid refresh token"})), 365 365 + ) 366 366 + .into_response(); 367 367 + } 368 368 + Err(e) => { 369 369 + error!("Database error fetching session: {:?}", e); 370 370 + return ( 371 371 + StatusCode::INTERNAL_SERVER_ERROR, 372 372 + Json(json!({"error": "InternalError"})), 373 373 + ) 374 374 + .into_response(); 375 375 + } 376 376 + } 377 377 + }

-157

src/auth.rs

··· 1 1 - use serde::{Deserialize, Serialize}; 2 2 - use chrono::{Utc, Duration}; 3 3 - use k256::ecdsa::{SigningKey, VerifyingKey, signature::Signer, signature::Verifier, Signature}; 4 4 - use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD}; 5 5 - use anyhow::{Context, Result, anyhow}; 6 6 - 7 7 - #[derive(Debug, Serialize, Deserialize)] 8 8 - pub struct Claims { 9 9 - pub iss: String, 10 10 - pub sub: String, 11 11 - pub aud: String, 12 12 - pub exp: usize, 13 13 - pub iat: usize, 14 14 - #[serde(skip_serializing_if = "Option::is_none")] 15 15 - pub scope: Option<String>, 16 16 - #[serde(skip_serializing_if = "Option::is_none")] 17 17 - pub lxm: Option<String>, 18 18 - pub jti: String, 19 19 - } 20 20 - 21 21 - #[derive(Debug, Serialize, Deserialize)] 22 22 - struct Header { 23 23 - alg: String, 24 24 - typ: String, 25 25 - } 26 26 - 27 27 - #[derive(Debug, Serialize, Deserialize)] 28 28 - struct UnsafeClaims { 29 29 - iss: String, 30 30 - sub: Option<String>, 31 31 - } 32 32 - 33 33 - // fancy boy TokenData equivalent for compatibility/structure 34 34 - pub struct TokenData<T> { 35 35 - pub claims: T, 36 36 - } 37 37 - 38 38 - pub fn get_did_from_token(token: &str) -> Result<String, String> { 39 39 - let parts: Vec<&str> = token.split('.').collect(); 40 40 - if parts.len() != 3 { 41 41 - return Err("Invalid token format".to_string()); 42 42 - } 43 43 - 44 44 - let payload_bytes = URL_SAFE_NO_PAD.decode(parts[1]) 45 45 - .map_err(|e| format!("Base64 decode failed: {}", e))?; 46 46 - 47 47 - let claims: UnsafeClaims = serde_json::from_slice(&payload_bytes) 48 48 - .map_err(|e| format!("JSON decode failed: {}", e))?; 49 49 - 50 50 - Ok(claims.sub.unwrap_or(claims.iss)) 51 51 - } 52 52 - 53 53 - pub fn create_access_token(did: &str, key_bytes: &[u8]) -> Result<String, anyhow::Error> { 54 54 - create_signed_token(did, "access", key_bytes, Duration::minutes(15)) 55 55 - } 56 56 - 57 57 - pub fn create_refresh_token(did: &str, key_bytes: &[u8]) -> Result<String, anyhow::Error> { 58 58 - create_signed_token(did, "refresh", key_bytes, Duration::days(7)) 59 59 - } 60 60 - 61 61 - pub fn create_service_token(did: &str, aud: &str, lxm: &str, key_bytes: &[u8]) -> Result<String, anyhow::Error> { 62 62 - let signing_key = SigningKey::from_slice(key_bytes)?; 63 63 - 64 64 - let expiration = Utc::now() 65 65 - .checked_add_signed(Duration::seconds(60)) 66 66 - .expect("valid timestamp") 67 67 - .timestamp(); 68 68 - 69 69 - let claims = Claims { 70 70 - iss: did.to_owned(), 71 71 - sub: did.to_owned(), 72 72 - aud: aud.to_owned(), 73 73 - exp: expiration as usize, 74 74 - iat: Utc::now().timestamp() as usize, 75 75 - scope: None, 76 76 - lxm: Some(lxm.to_string()), 77 77 - jti: uuid::Uuid::new_v4().to_string(), 78 78 - }; 79 79 - 80 80 - sign_claims(claims, &signing_key) 81 81 - } 82 82 - 83 83 - fn create_signed_token(did: &str, scope: &str, key_bytes: &[u8], duration: Duration) -> Result<String, anyhow::Error> { 84 84 - let signing_key = SigningKey::from_slice(key_bytes)?; 85 85 - 86 86 - let expiration = Utc::now() 87 87 - .checked_add_signed(duration) 88 88 - .expect("valid timestamp") 89 89 - .timestamp(); 90 90 - 91 91 - let claims = Claims { 92 92 - iss: did.to_owned(), 93 93 - sub: did.to_owned(), 94 94 - aud: format!("did:web:{}", std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string())), 95 95 - exp: expiration as usize, 96 96 - iat: Utc::now().timestamp() as usize, 97 97 - scope: Some(scope.to_string()), 98 98 - lxm: None, 99 99 - jti: uuid::Uuid::new_v4().to_string(), 100 100 - }; 101 101 - 102 102 - sign_claims(claims, &signing_key) 103 103 - } 104 104 - 105 105 - fn sign_claims(claims: Claims, key: &SigningKey) -> Result<String, anyhow::Error> { 106 106 - let header = Header { 107 107 - alg: "ES256K".to_string(), 108 108 - typ: "JWT".to_string(), 109 109 - }; 110 110 - 111 111 - let header_json = serde_json::to_string(&header)?; 112 112 - let claims_json = serde_json::to_string(&claims)?; 113 113 - 114 114 - let header_b64 = URL_SAFE_NO_PAD.encode(header_json); 115 115 - let claims_b64 = URL_SAFE_NO_PAD.encode(claims_json); 116 116 - 117 117 - let message = format!("{}.{}", header_b64, claims_b64); 118 118 - let signature: Signature = key.sign(message.as_bytes()); 119 119 - let signature_b64 = URL_SAFE_NO_PAD.encode(signature.to_bytes()); 120 120 - 121 121 - Ok(format!("{}.{}", message, signature_b64)) 122 122 - } 123 123 - 124 124 - pub fn verify_token(token: &str, key_bytes: &[u8]) -> Result<TokenData<Claims>, anyhow::Error> { 125 125 - let parts: Vec<&str> = token.split('.').collect(); 126 126 - if parts.len() != 3 { 127 127 - return Err(anyhow!("Invalid token format")); 128 128 - } 129 129 - 130 130 - let header_b64 = parts[0]; 131 131 - let claims_b64 = parts[1]; 132 132 - let signature_b64 = parts[2]; 133 133 - 134 134 - let signature_bytes = URL_SAFE_NO_PAD.decode(signature_b64) 135 135 - .context("Base64 decode of signature failed")?; 136 136 - let signature = Signature::from_slice(&signature_bytes) 137 137 - .map_err(|e| anyhow!("Invalid signature format: {}", e))?; 138 138 - 139 139 - let signing_key = SigningKey::from_slice(key_bytes)?; 140 140 - let verifying_key = VerifyingKey::from(&signing_key); 141 141 - 142 142 - let message = format!("{}.{}", header_b64, claims_b64); 143 143 - verifying_key.verify(message.as_bytes(), &signature) 144 144 - .map_err(|e| anyhow!("Signature verification failed: {}", e))?; 145 145 - 146 146 - let claims_bytes = URL_SAFE_NO_PAD.decode(claims_b64) 147 147 - .context("Base64 decode of claims failed")?; 148 148 - let claims: Claims = serde_json::from_slice(&claims_bytes) 149 149 - .context("JSON decode of claims failed")?; 150 150 - 151 151 - let now = Utc::now().timestamp() as usize; 152 152 - if claims.exp < now { 153 153 - return Err(anyhow!("Token expired")); 154 154 - } 155 155 - 156 156 - Ok(TokenData { claims }) 157 157 - }

+38

src/auth/mod.rs

··· 1 1 + use serde::{Deserialize, Serialize}; 2 2 + 3 3 + pub mod token; 4 4 + pub mod verify; 5 5 + 6 6 + pub use token::{create_access_token, create_refresh_token, create_service_token}; 7 7 + pub use verify::{get_did_from_token, verify_token}; 8 8 + 9 9 + #[derive(Debug, Serialize, Deserialize)] 10 10 + pub struct Claims { 11 11 + pub iss: String, 12 12 + pub sub: String, 13 13 + pub aud: String, 14 14 + pub exp: usize, 15 15 + pub iat: usize, 16 16 + #[serde(skip_serializing_if = "Option::is_none")] 17 17 + pub scope: Option<String>, 18 18 + #[serde(skip_serializing_if = "Option::is_none")] 19 19 + pub lxm: Option<String>, 20 20 + pub jti: String, 21 21 + } 22 22 + 23 23 + #[derive(Debug, Serialize, Deserialize)] 24 24 + pub struct Header { 25 25 + pub alg: String, 26 26 + pub typ: String, 27 27 + } 28 28 + 29 29 + #[derive(Debug, Serialize, Deserialize)] 30 30 + pub struct UnsafeClaims { 31 31 + pub iss: String, 32 32 + pub sub: Option<String>, 33 33 + } 34 34 + 35 35 + // fancy boy TokenData equivalent for compatibility/structure 36 36 + pub struct TokenData<T> { 37 37 + pub claims: T, 38 38 + }

+86

src/auth/token.rs

··· 1 1 + use super::{Claims, Header}; 2 2 + use anyhow::Result; 3 3 + use base64::Engine as _; 4 4 + use base64::engine::general_purpose::URL_SAFE_NO_PAD; 5 5 + use chrono::{Duration, Utc}; 6 6 + use k256::ecdsa::{Signature, SigningKey, signature::Signer}; 7 7 + use uuid; 8 8 + 9 9 + pub fn create_access_token(did: &str, key_bytes: &[u8]) -> Result<String> { 10 10 + create_signed_token(did, "access", key_bytes, Duration::minutes(15)) 11 11 + } 12 12 + 13 13 + pub fn create_refresh_token(did: &str, key_bytes: &[u8]) -> Result<String> { 14 14 + create_signed_token(did, "refresh", key_bytes, Duration::days(7)) 15 15 + } 16 16 + 17 17 + pub fn create_service_token(did: &str, aud: &str, lxm: &str, key_bytes: &[u8]) -> Result<String> { 18 18 + let signing_key = SigningKey::from_slice(key_bytes)?; 19 19 + 20 20 + let expiration = Utc::now() 21 21 + .checked_add_signed(Duration::seconds(60)) 22 22 + .expect("valid timestamp") 23 23 + .timestamp(); 24 24 + 25 25 + let claims = Claims { 26 26 + iss: did.to_owned(), 27 27 + sub: did.to_owned(), 28 28 + aud: aud.to_owned(), 29 29 + exp: expiration as usize, 30 30 + iat: Utc::now().timestamp() as usize, 31 31 + scope: None, 32 32 + lxm: Some(lxm.to_string()), 33 33 + jti: uuid::Uuid::new_v4().to_string(), 34 34 + }; 35 35 + 36 36 + sign_claims(claims, &signing_key) 37 37 + } 38 38 + 39 39 + fn create_signed_token( 40 40 + did: &str, 41 41 + scope: &str, 42 42 + key_bytes: &[u8], 43 43 + duration: Duration, 44 44 + ) -> Result<String> { 45 45 + let signing_key = SigningKey::from_slice(key_bytes)?; 46 46 + 47 47 + let expiration = Utc::now() 48 48 + .checked_add_signed(duration) 49 49 + .expect("valid timestamp") 50 50 + .timestamp(); 51 51 + 52 52 + let claims = Claims { 53 53 + iss: did.to_owned(), 54 54 + sub: did.to_owned(), 55 55 + aud: format!( 56 56 + "did:web:{}", 57 57 + std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()) 58 58 + ), 59 59 + exp: expiration as usize, 60 60 + iat: Utc::now().timestamp() as usize, 61 61 + scope: Some(scope.to_string()), 62 62 + lxm: None, 63 63 + jti: uuid::Uuid::new_v4().to_string(), 64 64 + }; 65 65 + 66 66 + sign_claims(claims, &signing_key) 67 67 + } 68 68 + 69 69 + fn sign_claims(claims: Claims, key: &SigningKey) -> Result<String> { 70 70 + let header = Header { 71 71 + alg: "ES256K".to_string(), 72 72 + typ: "JWT".to_string(), 73 73 + }; 74 74 + 75 75 + let header_json = serde_json::to_string(&header)?; 76 76 + let claims_json = serde_json::to_string(&claims)?; 77 77 + 78 78 + let header_b64 = URL_SAFE_NO_PAD.encode(header_json); 79 79 + let claims_b64 = URL_SAFE_NO_PAD.encode(claims_json); 80 80 + 81 81 + let message = format!("{}.{}", header_b64, claims_b64); 82 82 + let signature: Signature = key.sign(message.as_bytes()); 83 83 + let signature_b64 = URL_SAFE_NO_PAD.encode(signature.to_bytes()); 84 84 + 85 85 + Ok(format!("{}.{}", message, signature_b64)) 86 86 + }

+60

src/auth/verify.rs

··· 1 1 + use super::{Claims, TokenData, UnsafeClaims}; 2 2 + use anyhow::{Context, Result, anyhow}; 3 3 + use base64::Engine as _; 4 4 + use base64::engine::general_purpose::URL_SAFE_NO_PAD; 5 5 + use chrono::Utc; 6 6 + use k256::ecdsa::{Signature, SigningKey, VerifyingKey, signature::Verifier}; 7 7 + 8 8 + pub fn get_did_from_token(token: &str) -> Result<String, String> { 9 9 + let parts: Vec<&str> = token.split('.').collect(); 10 10 + if parts.len() != 3 { 11 11 + return Err("Invalid token format".to_string()); 12 12 + } 13 13 + 14 14 + let payload_bytes = URL_SAFE_NO_PAD 15 15 + .decode(parts[1]) 16 16 + .map_err(|e| format!("Base64 decode failed: {}", e))?; 17 17 + 18 18 + let claims: UnsafeClaims = 19 19 + serde_json::from_slice(&payload_bytes).map_err(|e| format!("JSON decode failed: {}", e))?; 20 20 + 21 21 + Ok(claims.sub.unwrap_or(claims.iss)) 22 22 + } 23 23 + 24 24 + pub fn verify_token(token: &str, key_bytes: &[u8]) -> Result<TokenData<Claims>> { 25 25 + let parts: Vec<&str> = token.split('.').collect(); 26 26 + if parts.len() != 3 { 27 27 + return Err(anyhow!("Invalid token format")); 28 28 + } 29 29 + 30 30 + let header_b64 = parts[0]; 31 31 + let claims_b64 = parts[1]; 32 32 + let signature_b64 = parts[2]; 33 33 + 34 34 + let signature_bytes = URL_SAFE_NO_PAD 35 35 + .decode(signature_b64) 36 36 + .context("Base64 decode of signature failed")?; 37 37 + let signature = Signature::from_slice(&signature_bytes) 38 38 + .map_err(|e| anyhow!("Invalid signature format: {}", e))?; 39 39 + 40 40 + let signing_key = SigningKey::from_slice(key_bytes)?; 41 41 + let verifying_key = VerifyingKey::from(&signing_key); 42 42 + 43 43 + let message = format!("{}.{}", header_b64, claims_b64); 44 44 + verifying_key 45 45 + .verify(message.as_bytes(), &signature) 46 46 + .map_err(|e| anyhow!("Signature verification failed: {}", e))?; 47 47 + 48 48 + let claims_bytes = URL_SAFE_NO_PAD 49 49 + .decode(claims_b64) 50 50 + .context("Base64 decode of claims failed")?; 51 51 + let claims: Claims = 52 52 + serde_json::from_slice(&claims_bytes).context("JSON decode of claims failed")?; 53 53 + 54 54 + let now = Utc::now().timestamp() as usize; 55 55 + if claims.exp < now { 56 56 + return Err(anyhow!("Token expired")); 57 57 + } 58 58 + 59 59 + Ok(TokenData { claims }) 60 60 + }

+54 -15

src/lib.rs

··· 1 1 pub mod api; 2 2 - pub mod state; 3 2 pub mod auth; 4 3 pub mod repo; 4 4 + pub mod state; 5 5 pub mod storage; 6 6 7 7 use axum::{ 8 8 - routing::{get, post, any}, 9 8 Router, 9 9 + routing::{any, get, post}, 10 10 }; 11 11 use state::AppState; 12 12 13 13 pub fn app(state: AppState) -> Router { 14 14 Router::new() 15 15 .route("/health", get(api::server::health)) 16 16 - .route("/xrpc/com.atproto.server.describeServer", get(api::server::describe_server)) 17 17 - .route("/xrpc/com.atproto.server.createAccount", post(api::identity::create_account)) 18 18 - .route("/xrpc/com.atproto.server.createSession", post(api::server::create_session)) 19 19 - .route("/xrpc/com.atproto.server.getSession", get(api::server::get_session)) 20 20 - .route("/xrpc/com.atproto.server.deleteSession", post(api::server::delete_session)) 21 21 - .route("/xrpc/com.atproto.server.refreshSession", post(api::server::refresh_session)) 22 22 - .route("/xrpc/com.atproto.repo.createRecord", post(api::repo::create_record)) 23 23 - .route("/xrpc/com.atproto.repo.putRecord", post(api::repo::put_record)) 24 24 - .route("/xrpc/com.atproto.repo.getRecord", get(api::repo::get_record)) 25 25 - .route("/xrpc/com.atproto.repo.deleteRecord", post(api::repo::delete_record)) 26 26 - .route("/xrpc/com.atproto.repo.listRecords", get(api::repo::list_records)) 27 27 - .route("/xrpc/com.atproto.repo.describeRepo", get(api::repo::describe_repo)) 28 28 - .route("/xrpc/com.atproto.repo.uploadBlob", post(api::repo::upload_blob)) 16 16 + .route( 17 17 + "/xrpc/com.atproto.server.describeServer", 18 18 + get(api::server::describe_server), 19 19 + ) 20 20 + .route( 21 21 + "/xrpc/com.atproto.server.createAccount", 22 22 + post(api::identity::create_account), 23 23 + ) 24 24 + .route( 25 25 + "/xrpc/com.atproto.server.createSession", 26 26 + post(api::server::create_session), 27 27 + ) 28 28 + .route( 29 29 + "/xrpc/com.atproto.server.getSession", 30 30 + get(api::server::get_session), 31 31 + ) 32 32 + .route( 33 33 + "/xrpc/com.atproto.server.deleteSession", 34 34 + post(api::server::delete_session), 35 35 + ) 36 36 + .route( 37 37 + "/xrpc/com.atproto.server.refreshSession", 38 38 + post(api::server::refresh_session), 39 39 + ) 40 40 + .route( 41 41 + "/xrpc/com.atproto.repo.createRecord", 42 42 + post(api::repo::create_record), 43 43 + ) 44 44 + .route( 45 45 + "/xrpc/com.atproto.repo.putRecord", 46 46 + post(api::repo::put_record), 47 47 + ) 48 48 + .route( 49 49 + "/xrpc/com.atproto.repo.getRecord", 50 50 + get(api::repo::get_record), 51 51 + ) 52 52 + .route( 53 53 + "/xrpc/com.atproto.repo.deleteRecord", 54 54 + post(api::repo::delete_record), 55 55 + ) 56 56 + .route( 57 57 + "/xrpc/com.atproto.repo.listRecords", 58 58 + get(api::repo::list_records), 59 59 + ) 60 60 + .route( 61 61 + "/xrpc/com.atproto.repo.describeRepo", 62 62 + get(api::repo::describe_repo), 63 63 + ) 64 64 + .route( 65 65 + "/xrpc/com.atproto.repo.uploadBlob", 66 66 + post(api::repo::upload_blob), 67 67 + ) 29 68 .route("/.well-known/did.json", get(api::identity::well_known_did)) 30 69 .route("/u/{handle}/did.json", get(api::identity::user_did_doc)) 31 70 .route("/xrpc/{*method}", any(api::proxy::proxy_handler))

+1 -1

src/main.rs

··· 1 1 - use std::net::SocketAddr; 2 1 use bspds::state::AppState; 2 2 + use std::net::SocketAddr; 3 3 use tracing::info; 4 4 5 5 #[tokio::main]

+18 -13

src/repo/mod.rs

··· 1 1 - use jacquard_repo::storage::BlockStore; 1 1 + use bytes::Bytes; 2 2 + use cid::Cid; 2 3 use jacquard_repo::error::RepoError; 3 4 use jacquard_repo::repo::CommitData; 4 4 - use cid::Cid; 5 5 - use sqlx::{PgPool, Row}; 6 6 - use bytes::Bytes; 7 7 - use sha2::{Sha256, Digest}; 5 5 + use jacquard_repo::storage::BlockStore; 8 6 use multihash::Multihash; 7 7 + use sha2::{Digest, Sha256}; 8 8 + use sqlx::{PgPool, Row}; 9 9 10 10 #[derive(Clone)] 11 11 pub struct PostgresBlockStore { ··· 31 31 Some(row) => { 32 32 let data: Vec<u8> = row.get("data"); 33 33 Ok(Some(Bytes::from(data))) 34 34 - }, 34 34 + } 35 35 None => Ok(None), 36 36 } 37 37 } ··· 65 65 Ok(row.is_some()) 66 66 } 67 67 68 68 - async fn put_many(&self, blocks: impl IntoIterator<Item = (Cid, Bytes)> + Send) -> Result<(), RepoError> { 68 68 + async fn put_many( 69 69 + &self, 70 70 + blocks: impl IntoIterator<Item = (Cid, Bytes)> + Send, 71 71 + ) -> Result<(), RepoError> { 69 72 let blocks: Vec<_> = blocks.into_iter().collect(); 70 73 for (cid, data) in blocks { 71 74 let cid_bytes = cid.to_bytes(); 72 72 - sqlx::query("INSERT INTO blocks (cid, data) VALUES ($1, $2) ON CONFLICT (cid) DO NOTHING") 73 73 - .bind(cid_bytes) 74 74 - .bind(data.as_ref()) 75 75 - .execute(&self.pool) 76 76 - .await 77 77 - .map_err(|e| RepoError::storage(e))?; 75 75 + sqlx::query( 76 76 + "INSERT INTO blocks (cid, data) VALUES ($1, $2) ON CONFLICT (cid) DO NOTHING", 77 77 + ) 78 78 + .bind(cid_bytes) 79 79 + .bind(data.as_ref()) 80 80 + .execute(&self.pool) 81 81 + .await 82 82 + .map_err(|e| RepoError::storage(e))?; 78 83 } 79 84 Ok(()) 80 85 }

+6 -2

src/state.rs

··· 1 1 - use sqlx::PgPool; 2 1 use crate::repo::PostgresBlockStore; 3 2 use crate::storage::{BlobStorage, S3BlobStorage}; 3 3 + use sqlx::PgPool; 4 4 use std::sync::Arc; 5 5 6 6 #[derive(Clone)] ··· 14 14 pub async fn new(db: PgPool) -> Self { 15 15 let block_store = PostgresBlockStore::new(db.clone()); 16 16 let blob_store = S3BlobStorage::new().await; 17 17 - Self { db, block_store, blob_store: Arc::new(blob_store) } 17 17 + Self { 18 18 + db, 19 19 + block_store, 20 20 + blob_store: Arc::new(blob_store), 21 21 + } 18 22 } 19 23 }

+14 -7

src/storage/mod.rs

··· 1 1 use async_trait::async_trait; 2 2 - use thiserror::Error; 2 2 + use aws_config::BehaviorVersion; 3 3 + use aws_config::meta::region::RegionProviderChain; 3 4 use aws_sdk_s3::Client; 4 5 use aws_sdk_s3::primitives::ByteStream; 5 5 - use aws_config::meta::region::RegionProviderChain; 6 6 - use aws_config::BehaviorVersion; 6 6 + use thiserror::Error; 7 7 8 8 #[derive(Error, Debug)] 9 9 pub enum StorageError { ··· 55 55 #[async_trait] 56 56 impl BlobStorage for S3BlobStorage { 57 57 async fn put(&self, key: &str, data: &[u8]) -> Result<(), StorageError> { 58 58 - self.client.put_object() 58 58 + self.client 59 59 + .put_object() 59 60 .bucket(&self.bucket) 60 61 .key(key) 61 62 .body(ByteStream::from(data.to_vec())) ··· 66 67 } 67 68 68 69 async fn get(&self, key: &str) -> Result<Vec<u8>, StorageError> { 69 69 - let resp = self.client.get_object() 70 70 + let resp = self 71 71 + .client 72 72 + .get_object() 70 73 .bucket(&self.bucket) 71 74 .key(key) 72 75 .send() 73 76 .await 74 77 .map_err(|e| StorageError::S3(e.to_string()))?; 75 78 76 76 - let data = resp.body.collect().await 79 79 + let data = resp 80 80 + .body 81 81 + .collect() 82 82 + .await 77 83 .map_err(|e| StorageError::S3(e.to_string()))? 78 84 .into_bytes(); 79 85 ··· 81 87 } 82 88 83 89 async fn delete(&self, key: &str) -> Result<(), StorageError> { 84 84 - self.client.delete_object() 90 90 + self.client 91 91 + .delete_object() 85 92 .bucket(&self.bucket) 86 93 .key(key) 87 94 .send()

+5 -4

tests/auth.rs

··· 1 1 + use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD}; 1 2 use bspds::auth; 3 3 + use chrono::{Duration, Utc}; 2 4 use k256::SecretKey; 5 5 + use k256::ecdsa::{SigningKey, signature::Signer}; 3 6 use rand::rngs::OsRng; 4 4 - use chrono::{Utc, Duration}; 5 5 - use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD}; 6 7 use serde_json::json; 7 7 - use k256::ecdsa::{SigningKey, signature::Signer}; 8 8 9 9 #[test] 10 10 fn test_jwt_flow() { ··· 24 24 25 25 let aud = "did:web:service"; 26 26 let lxm = "com.example.test"; 27 27 - let s_token = auth::create_service_token(did, aud, lxm, &key_bytes).expect("create service token"); 27 27 + let s_token = 28 28 + auth::create_service_token(did, aud, lxm, &key_bytes).expect("create service token"); 28 29 let s_data = auth::verify_token(&s_token, &key_bytes).expect("verify service token"); 29 30 assert_eq!(s_data.claims.aud, aud); 30 31 assert_eq!(s_data.claims.lxm, Some(lxm.to_string()));

+77 -27

tests/common/mod.rs

··· 1 1 - use reqwest::{header, Client, StatusCode}; 2 2 - use serde_json::{json, Value}; 1 1 + use aws_config::BehaviorVersion; 2 2 + use aws_sdk_s3::Client as S3Client; 3 3 + use aws_sdk_s3::config::Credentials; 4 4 + use bspds::state::AppState; 3 5 use chrono::Utc; 6 6 + use reqwest::{Client, StatusCode, header}; 7 7 + use serde_json::{Value, json}; 8 8 + use sqlx::postgres::PgPoolOptions; 4 9 #[allow(unused_imports)] 5 10 use std::collections::HashMap; 11 11 + use std::sync::OnceLock; 6 12 #[allow(unused_imports)] 7 13 use std::time::Duration; 8 8 - use std::sync::OnceLock; 9 9 - use bspds::state::AppState; 10 10 - use sqlx::postgres::PgPoolOptions; 11 11 - use tokio::net::TcpListener; 12 12 - use testcontainers::{runners::AsyncRunner, ContainerAsync, ImageExt, GenericImage}; 13 14 use testcontainers::core::ContainerPort; 15 15 + use testcontainers::{ContainerAsync, GenericImage, ImageExt, runners::AsyncRunner}; 14 16 use testcontainers_modules::postgres::Postgres; 15 15 - use aws_sdk_s3::Client as S3Client; 16 16 - use aws_config::BehaviorVersion; 17 17 - use aws_sdk_s3::config::Credentials; 18 18 - use wiremock::{MockServer, Mock, ResponseTemplate}; 17 17 + use tokio::net::TcpListener; 19 18 use wiremock::matchers::{method, path}; 19 19 + use wiremock::{Mock, MockServer, ResponseTemplate}; 20 20 21 21 static SERVER_URL: OnceLock<String> = OnceLock::new(); 22 22 static DB_CONTAINER: OnceLock<ContainerAsync<Postgres>> = OnceLock::new(); ··· 46 46 if let Ok(runtime_dir) = std::env::var("XDG_RUNTIME_DIR") { 47 47 let podman_sock = std::path::Path::new(&runtime_dir).join("podman/podman.sock"); 48 48 if podman_sock.exists() { 49 49 - unsafe { std::env::set_var("DOCKER_HOST", format!("unix://{}", podman_sock.display())); } 49 49 + unsafe { 50 50 + std::env::set_var( 51 51 + "DOCKER_HOST", 52 52 + format!("unix://{}", podman_sock.display()), 53 53 + ); 54 54 + } 50 55 } 51 56 } 52 57 } ··· 62 67 .await 63 68 .expect("Failed to start MinIO"); 64 69 65 65 - let s3_port = s3_container.get_host_port_ipv4(9000).await.expect("Failed to get S3 port"); 70 70 + let s3_port = s3_container 71 71 + .get_host_port_ipv4(9000) 72 72 + .await 73 73 + .expect("Failed to get S3 port"); 66 74 let s3_endpoint = format!("http://127.0.0.1:{}", s3_port); 67 75 68 76 unsafe { ··· 76 84 let sdk_config = aws_config::defaults(BehaviorVersion::latest()) 77 85 .region("us-east-1") 78 86 .endpoint_url(&s3_endpoint) 79 79 - .credentials_provider(Credentials::new("minioadmin", "minioadmin", None, None, "test")) 87 87 + .credentials_provider(Credentials::new( 88 88 + "minioadmin", 89 89 + "minioadmin", 90 90 + None, 91 91 + None, 92 92 + "test", 93 93 + )) 80 94 .load() 81 95 .await; 82 96 ··· 108 122 .mount(&mock_server) 109 123 .await; 110 124 111 111 - unsafe { std::env::set_var("APPVIEW_URL", mock_server.uri()); } 125 125 + unsafe { 126 126 + std::env::set_var("APPVIEW_URL", mock_server.uri()); 127 127 + } 112 128 MOCK_APPVIEW.set(mock_server).ok(); 113 129 114 130 S3_CONTAINER.set(s3_container).ok(); 115 131 116 116 - let container = Postgres::default().with_tag("18-alpine").start().await.expect("Failed to start Postgres"); 132 132 + let container = Postgres::default() 133 133 + .with_tag("18-alpine") 134 134 + .start() 135 135 + .await 136 136 + .expect("Failed to start Postgres"); 117 137 let connection_string = format!( 118 138 "postgres://postgres:postgres@127.0.0.1:{}/postgres", 119 119 - container.get_host_port_ipv4(5432).await.expect("Failed to get port") 139 139 + container 140 140 + .get_host_port_ipv4(5432) 141 141 + .await 142 142 + .expect("Failed to get port") 120 143 ); 121 144 122 145 DB_CONTAINER.set(container).ok(); ··· 157 180 158 181 #[allow(dead_code)] 159 182 pub async fn upload_test_blob(client: &Client, data: &'static str, mime: &'static str) -> Value { 160 160 - let res = client.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base_url().await)) 183 183 + let res = client 184 184 + .post(format!( 185 185 + "{}/xrpc/com.atproto.repo.uploadBlob", 186 186 + base_url().await 187 187 + )) 161 188 .header(header::CONTENT_TYPE, mime) 162 189 .bearer_auth(AUTH_TOKEN) 163 190 .body(data) ··· 170 197 body["blob"].clone() 171 198 } 172 199 173 173 - 174 200 #[allow(dead_code)] 175 201 pub async fn create_test_post( 176 202 client: &Client, 177 203 text: &str, 178 178 - reply_to: Option<Value> 204 204 + reply_to: Option<Value>, 179 205 ) -> (String, String, String) { 180 206 let collection = "app.bsky.feed.post"; 181 207 let mut record = json!({ ··· 194 220 "record": record 195 221 }); 196 222 197 197 - let res = client.post(format!("{}/xrpc/com.atproto.repo.createRecord", base_url().await)) 223 223 + let res = client 224 224 + .post(format!( 225 225 + "{}/xrpc/com.atproto.repo.createRecord", 226 226 + base_url().await 227 227 + )) 198 228 .bearer_auth(AUTH_TOKEN) 199 229 .json(&payload) 200 230 .send() ··· 202 232 .expect("Failed to send createRecord"); 203 233 204 234 assert_eq!(res.status(), StatusCode::OK, "Failed to create post record"); 205 205 - let body: Value = res.json().await.expect("createRecord response was not JSON"); 235 235 + let body: Value = res 236 236 + .json() 237 237 + .await 238 238 + .expect("createRecord response was not JSON"); 206 239 207 207 - let uri = body["uri"].as_str().expect("Response had no URI").to_string(); 208 208 - let cid = body["cid"].as_str().expect("Response had no CID").to_string(); 209 209 - let rkey = uri.split('/').last().expect("URI was malformed").to_string(); 240 240 + let uri = body["uri"] 241 241 + .as_str() 242 242 + .expect("Response had no URI") 243 243 + .to_string(); 244 244 + let cid = body["cid"] 245 245 + .as_str() 246 246 + .expect("Response had no CID") 247 247 + .to_string(); 248 248 + let rkey = uri 249 249 + .split('/') 250 250 + .last() 251 251 + .expect("URI was malformed") 252 252 + .to_string(); 210 253 211 254 (uri, cid, rkey) 212 255 } ··· 220 263 "password": "password" 221 264 }); 222 265 223 223 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 266 266 + let res = client 267 267 + .post(format!( 268 268 + "{}/xrpc/com.atproto.server.createAccount", 269 269 + base_url().await 270 270 + )) 224 271 .json(&payload) 225 272 .send() 226 273 .await ··· 231 278 } 232 279 233 280 let body: Value = res.json().await.expect("Invalid JSON"); 234 234 - let access_jwt = body["accessJwt"].as_str().expect("No accessJwt").to_string(); 281 281 + let access_jwt = body["accessJwt"] 282 282 + .as_str() 283 283 + .expect("No accessJwt") 284 284 + .to_string(); 235 285 let did = body["did"].as_str().expect("No did").to_string(); 236 286 (access_jwt, did) 237 287 }

+39 -11

tests/identity.rs

··· 1 1 mod common; 2 2 use common::*; 3 3 use reqwest::StatusCode; 4 4 - use serde_json::{json, Value}; 5 5 - use wiremock::{MockServer, Mock, ResponseTemplate}; 4 4 + use serde_json::{Value, json}; 6 5 use wiremock::matchers::{method, path}; 6 6 + use wiremock::{Mock, MockServer, ResponseTemplate}; 7 7 8 8 // #[tokio::test] 9 9 // async fn test_resolve_handle() { ··· 23 23 #[tokio::test] 24 24 async fn test_well_known_did() { 25 25 let client = client(); 26 26 - let res = client.get(format!("{}/.well-known/did.json", base_url().await)) 26 26 + let res = client 27 27 + .get(format!("{}/.well-known/did.json", base_url().await)) 27 28 .send() 28 29 .await 29 30 .expect("Failed to send request"); ··· 71 72 "did": did 72 73 }); 73 74 74 74 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 75 75 + let res = client 76 76 + .post(format!( 77 77 + "{}/xrpc/com.atproto.server.createAccount", 78 78 + base_url().await 79 79 + )) 75 80 .json(&payload) 76 81 .send() 77 82 .await ··· 79 84 80 85 if res.status() != StatusCode::OK { 81 86 let status = res.status(); 82 82 - let body: Value = res.json().await.unwrap_or(json!({"error": "could not parse body"})); 87 87 + let body: Value = res 88 88 + .json() 89 89 + .await 90 90 + .unwrap_or(json!({"error": "could not parse body"})); 83 91 panic!("createAccount failed with status {}: {:?}", status, body); 84 92 } 85 85 - let body: Value = res.json().await.expect("createAccount response was not JSON"); 93 93 + let body: Value = res 94 94 + .json() 95 95 + .await 96 96 + .expect("createAccount response was not JSON"); 86 97 assert_eq!(body["did"], did); 87 98 88 88 - let res = client.get(format!("{}/u/{}/did.json", base_url().await, handle)) 99 99 + let res = client 100 100 + .get(format!("{}/u/{}/did.json", base_url().await, handle)) 89 101 .send() 90 102 .await 91 103 .expect("Failed to fetch DID doc"); ··· 111 123 "password": "password" 112 124 }); 113 125 114 114 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 126 126 + let res = client 127 127 + .post(format!( 128 128 + "{}/xrpc/com.atproto.server.createAccount", 129 129 + base_url().await 130 130 + )) 115 131 .json(&payload) 116 132 .send() 117 133 .await 118 134 .expect("Failed to send request"); 119 135 assert_eq!(res.status(), StatusCode::OK); 120 136 121 121 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 137 137 + let res = client 138 138 + .post(format!( 139 139 + "{}/xrpc/com.atproto.server.createAccount", 140 140 + base_url().await 141 141 + )) 122 142 .json(&payload) 123 143 .send() 124 144 .await ··· 143 163 "did": did 144 164 }); 145 165 146 146 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 166 166 + let res = client 167 167 + .post(format!( 168 168 + "{}/xrpc/com.atproto.server.createAccount", 169 169 + base_url().await 170 170 + )) 147 171 .json(&create_payload) 148 172 .send() 149 173 .await ··· 162 186 "identifier": handle, 163 187 "password": "password" 164 188 }); 165 165 - let res = client.post(format!("{}/xrpc/com.atproto.server.createSession", base_url().await)) 189 189 + let res = client 190 190 + .post(format!( 191 191 + "{}/xrpc/com.atproto.server.createSession", 192 192 + base_url().await 193 193 + )) 166 194 .json(&login_payload) 167 195 .send() 168 196 .await

+376 -45

tests/lifecycle.rs

··· 1 1 mod common; 2 2 use common::*; 3 3 4 4 - use reqwest::{Client, StatusCode}; 5 5 - use serde_json::{json, Value}; 6 4 use chrono::Utc; 7 7 - #[allow(unused_imports)] 5 5 + use reqwest; 6 6 + use serde_json::{Value, json}; 8 7 use std::time::Duration; 9 8 10 9 async fn setup_new_user(handle_prefix: &str) -> (String, String) { ··· 19 18 "email": email, 20 19 "password": password 21 20 }); 22 22 - let create_res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 21 21 + let create_res = client 22 22 + .post(format!( 23 23 + "{}/xrpc/com.atproto.server.createAccount", 24 24 + base_url().await 25 25 + )) 23 26 .json(&create_account_payload) 24 27 .send() 25 28 .await 26 29 .expect("setup_new_user: Failed to send createAccount"); 27 30 28 28 - if create_res.status() != StatusCode::OK { 29 29 - panic!("setup_new_user: Failed to create account: {:?}", create_res.text().await); 31 31 + if create_res.status() != reqwest::StatusCode::OK { 32 32 + panic!( 33 33 + "setup_new_user: Failed to create account: {:?}", 34 34 + create_res.text().await 35 35 + ); 30 36 } 31 37 32 32 - let create_body: Value = create_res.json().await.expect("setup_new_user: createAccount response was not JSON"); 38 38 + let create_body: Value = create_res 39 39 + .json() 40 40 + .await 41 41 + .expect("setup_new_user: createAccount response was not JSON"); 33 42 34 34 - let new_did = create_body["did"].as_str().expect("setup_new_user: Response had no DID").to_string(); 35 35 - let new_jwt = create_body["accessJwt"].as_str().expect("setup_new_user: Response had no accessJwt").to_string(); 43 43 + let new_did = create_body["did"] 44 44 + .as_str() 45 45 + .expect("setup_new_user: Response had no DID") 46 46 + .to_string(); 47 47 + let new_jwt = create_body["accessJwt"] 48 48 + .as_str() 49 49 + .expect("setup_new_user: Response had no accessJwt") 50 50 + .to_string(); 36 51 37 52 (new_did, new_jwt) 38 53 } ··· 59 74 } 60 75 }); 61 76 62 62 - let create_res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 77 77 + let create_res = client 78 78 + .post(format!( 79 79 + "{}/xrpc/com.atproto.repo.putRecord", 80 80 + base_url().await 81 81 + )) 63 82 .bearer_auth(&jwt) 64 83 .json(&create_payload) 65 84 .send() 66 85 .await 67 86 .expect("Failed to send create request"); 68 87 69 69 - assert_eq!(create_res.status(), StatusCode::OK, "Failed to create record"); 70 70 - let create_body: Value = create_res.json().await.expect("create response was not JSON"); 71 71 - let uri = create_body["uri"].as_str().unwrap(); 88 88 + if create_res.status() != reqwest::StatusCode::OK { 89 89 + let status = create_res.status(); 90 90 + let body = create_res 91 91 + .text() 92 92 + .await 93 93 + .unwrap_or_else(|_| "Could not get body".to_string()); 94 94 + panic!( 95 95 + "Failed to create record. Status: {}, Body: {}", 96 96 + status, body 97 97 + ); 98 98 + } 72 99 100 100 + let create_body: Value = create_res 101 101 + .json() 102 102 + .await 103 103 + .expect("create response was not JSON"); 104 104 + let uri = create_body["uri"].as_str().unwrap(); 73 105 74 106 let params = [ 75 107 ("repo", did.as_str()), 76 108 ("collection", collection), 77 109 ("rkey", &rkey), 78 110 ]; 79 79 - let get_res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 111 111 + let get_res = client 112 112 + .get(format!( 113 113 + "{}/xrpc/com.atproto.repo.getRecord", 114 114 + base_url().await 115 115 + )) 80 116 .query(&params) 81 117 .send() 82 118 .await 83 119 .expect("Failed to send get request"); 84 120 85 85 - assert_eq!(get_res.status(), StatusCode::OK, "Failed to get record after create"); 121 121 + assert_eq!( 122 122 + get_res.status(), 123 123 + reqwest::StatusCode::OK, 124 124 + "Failed to get record after create" 125 125 + ); 86 126 let get_body: Value = get_res.json().await.expect("get response was not JSON"); 87 127 assert_eq!(get_body["uri"], uri); 88 128 assert_eq!(get_body["value"]["text"], original_text); 89 89 - 90 129 91 130 let updated_text = "This post has been updated."; 92 131 let update_payload = json!({ ··· 100 139 } 101 140 }); 102 141 103 103 - let update_res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 142 142 + let update_res = client 143 143 + .post(format!( 144 144 + "{}/xrpc/com.atproto.repo.putRecord", 145 145 + base_url().await 146 146 + )) 104 147 .bearer_auth(&jwt) 105 148 .json(&update_payload) 106 149 .send() 107 150 .await 108 151 .expect("Failed to send update request"); 109 152 110 110 - assert_eq!(update_res.status(), StatusCode::OK, "Failed to update record"); 153 153 + assert_eq!( 154 154 + update_res.status(), 155 155 + reqwest::StatusCode::OK, 156 156 + "Failed to update record" 157 157 + ); 111 158 112 112 - 113 113 - let get_updated_res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 159 159 + let get_updated_res = client 160 160 + .get(format!( 161 161 + "{}/xrpc/com.atproto.repo.getRecord", 162 162 + base_url().await 163 163 + )) 114 164 .query(&params) 115 165 .send() 116 166 .await 117 167 .expect("Failed to send get-after-update request"); 118 168 119 119 - assert_eq!(get_updated_res.status(), StatusCode::OK, "Failed to get record after update"); 120 120 - let get_updated_body: Value = get_updated_res.json().await.expect("get-updated response was not JSON"); 121 121 - assert_eq!(get_updated_body["value"]["text"], updated_text, "Text was not updated"); 122 122 - 169 169 + assert_eq!( 170 170 + get_updated_res.status(), 171 171 + reqwest::StatusCode::OK, 172 172 + "Failed to get record after update" 173 173 + ); 174 174 + let get_updated_body: Value = get_updated_res 175 175 + .json() 176 176 + .await 177 177 + .expect("get-updated response was not JSON"); 178 178 + assert_eq!( 179 179 + get_updated_body["value"]["text"], updated_text, 180 180 + "Text was not updated" 181 181 + ); 123 182 124 183 let delete_payload = json!({ 125 184 "repo": did, ··· 127 186 "rkey": rkey 128 187 }); 129 188 130 130 - let delete_res = client.post(format!("{}/xrpc/com.atproto.repo.deleteRecord", base_url().await)) 189 189 + let delete_res = client 190 190 + .post(format!( 191 191 + "{}/xrpc/com.atproto.repo.deleteRecord", 192 192 + base_url().await 193 193 + )) 131 194 .bearer_auth(&jwt) 132 195 .json(&delete_payload) 133 196 .send() 134 197 .await 135 198 .expect("Failed to send delete request"); 136 199 137 137 - assert_eq!(delete_res.status(), StatusCode::OK, "Failed to delete record"); 200 200 + assert_eq!( 201 201 + delete_res.status(), 202 202 + reqwest::StatusCode::OK, 203 203 + "Failed to delete record" 204 204 + ); 138 205 139 139 - 140 140 - let get_deleted_res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 206 206 + let get_deleted_res = client 207 207 + .get(format!( 208 208 + "{}/xrpc/com.atproto.repo.getRecord", 209 209 + base_url().await 210 210 + )) 141 211 .query(&params) 142 212 .send() 143 213 .await 144 214 .expect("Failed to send get-after-delete request"); 145 215 146 146 - assert_eq!(get_deleted_res.status(), StatusCode::NOT_FOUND, "Record was found, but it should be deleted"); 216 216 + assert_eq!( 217 217 + get_deleted_res.status(), 218 218 + reqwest::StatusCode::NOT_FOUND, 219 219 + "Record was found, but it should be deleted" 220 220 + ); 147 221 } 148 222 149 223 #[tokio::test] ··· 161 235 "displayName": "Original Name" 162 236 } 163 237 }); 164 164 - let create_res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 238 238 + let create_res = client 239 239 + .post(format!( 240 240 + "{}/xrpc/com.atproto.repo.putRecord", 241 241 + base_url().await 242 242 + )) 165 243 .bearer_auth(&user_jwt) 166 244 .json(&profile_payload) 167 167 - .send().await.expect("create profile failed"); 245 245 + .send() 246 246 + .await 247 247 + .expect("create profile failed"); 168 248 169 169 - if create_res.status() != StatusCode::OK { 249 249 + if create_res.status() != reqwest::StatusCode::OK { 170 250 return; 171 251 } 172 252 173 173 - let get_res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 253 253 + let get_res = client 254 254 + .get(format!( 255 255 + "{}/xrpc/com.atproto.repo.getRecord", 256 256 + base_url().await 257 257 + )) 174 258 .query(&[ 175 259 ("repo", &user_did), 176 260 ("collection", &"app.bsky.actor.profile".to_string()), 177 261 ("rkey", &"self".to_string()), 178 262 ]) 179 179 - .send().await.expect("getRecord failed"); 263 263 + .send() 264 264 + .await 265 265 + .expect("getRecord failed"); 180 266 let get_body: Value = get_res.json().await.expect("getRecord not json"); 181 181 - let cid_v1 = get_body["cid"].as_str().expect("Profile v1 had no CID").to_string(); 267 267 + let cid_v1 = get_body["cid"] 268 268 + .as_str() 269 269 + .expect("Profile v1 had no CID") 270 270 + .to_string(); 182 271 183 272 let update_payload_v2 = json!({ 184 273 "repo": user_did, ··· 190 279 }, 191 280 "swapCommit": cid_v1 // <-- Correctly point to v1 192 281 }); 193 193 - let update_res_v2 = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 282 282 + let update_res_v2 = client 283 283 + .post(format!( 284 284 + "{}/xrpc/com.atproto.repo.putRecord", 285 285 + base_url().await 286 286 + )) 194 287 .bearer_auth(&user_jwt) 195 288 .json(&update_payload_v2) 196 196 - .send().await.expect("putRecord v2 failed"); 197 197 - assert_eq!(update_res_v2.status(), StatusCode::OK, "v2 update failed"); 289 289 + .send() 290 290 + .await 291 291 + .expect("putRecord v2 failed"); 292 292 + assert_eq!( 293 293 + update_res_v2.status(), 294 294 + reqwest::StatusCode::OK, 295 295 + "v2 update failed" 296 296 + ); 198 297 let update_body_v2: Value = update_res_v2.json().await.expect("v2 body not json"); 199 199 - let cid_v2 = update_body_v2["cid"].as_str().expect("v2 response had no CID").to_string(); 298 298 + let cid_v2 = update_body_v2["cid"] 299 299 + .as_str() 300 300 + .expect("v2 response had no CID") 301 301 + .to_string(); 200 302 201 303 let update_payload_v3_stale = json!({ 202 304 "repo": user_did, ··· 208 310 }, 209 311 "swapCommit": cid_v1 210 312 }); 211 211 - let update_res_v3_stale = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 313 313 + let update_res_v3_stale = client 314 314 + .post(format!( 315 315 + "{}/xrpc/com.atproto.repo.putRecord", 316 316 + base_url().await 317 317 + )) 212 318 .bearer_auth(&user_jwt) 213 319 .json(&update_payload_v3_stale) 214 214 - .send().await.expect("putRecord v3 (stale) failed"); 320 320 + .send() 321 321 + .await 322 322 + .expect("putRecord v3 (stale) failed"); 215 323 216 324 assert_eq!( 217 325 update_res_v3_stale.status(), 218 218 - StatusCode::CONFLICT, 326 326 + reqwest::StatusCode::CONFLICT, 219 327 "Stale update did not cause a 409 Conflict" 220 328 ); 221 329 ··· 229 337 }, 230 338 "swapCommit": cid_v2 // <-- Correct 231 339 }); 232 232 - let update_res_v3_good = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 340 340 + let update_res_v3_good = client 341 341 + .post(format!( 342 342 + "{}/xrpc/com.atproto.repo.putRecord", 343 343 + base_url().await 344 344 + )) 233 345 .bearer_auth(&user_jwt) 234 346 .json(&update_payload_v3_good) 235 235 - .send().await.expect("putRecord v3 (good) failed"); 347 347 + .send() 348 348 + .await 349 349 + .expect("putRecord v3 (good) failed"); 350 350 + 351 351 + assert_eq!( 352 352 + update_res_v3_good.status(), 353 353 + reqwest::StatusCode::OK, 354 354 + "v3 (good) update failed" 355 355 + ); 356 356 + } 357 357 + 358 358 + async fn create_post( 359 359 + client: &reqwest::Client, 360 360 + did: &str, 361 361 + jwt: &str, 362 362 + text: &str, 363 363 + ) -> (String, String) { 364 364 + let collection = "app.bsky.feed.post"; 365 365 + let rkey = format!("e2e_social_{}", Utc::now().timestamp_millis()); 366 366 + let now = Utc::now().to_rfc3339(); 367 367 + 368 368 + let create_payload = json!({ 369 369 + "repo": did, 370 370 + "collection": collection, 371 371 + "rkey": rkey, 372 372 + "record": { 373 373 + "$type": collection, 374 374 + "text": text, 375 375 + "createdAt": now 376 376 + } 377 377 + }); 378 378 + 379 379 + let create_res = client 380 380 + .post(format!( 381 381 + "{}/xrpc/com.atproto.repo.putRecord", 382 382 + base_url().await 383 383 + )) 384 384 + .bearer_auth(jwt) 385 385 + .json(&create_payload) 386 386 + .send() 387 387 + .await 388 388 + .expect("Failed to send create post request"); 389 389 + 390 390 + assert_eq!( 391 391 + create_res.status(), 392 392 + reqwest::StatusCode::OK, 393 393 + "Failed to create post record" 394 394 + ); 395 395 + let create_body: Value = create_res 396 396 + .json() 397 397 + .await 398 398 + .expect("create post response was not JSON"); 399 399 + let uri = create_body["uri"].as_str().unwrap().to_string(); 400 400 + let cid = create_body["cid"].as_str().unwrap().to_string(); 401 401 + (uri, cid) 402 402 + } 403 403 + 404 404 + async fn create_follow( 405 405 + client: &reqwest::Client, 406 406 + follower_did: &str, 407 407 + follower_jwt: &str, 408 408 + followee_did: &str, 409 409 + ) -> (String, String) { 410 410 + let collection = "app.bsky.graph.follow"; 411 411 + let rkey = format!("e2e_follow_{}", Utc::now().timestamp_millis()); 412 412 + let now = Utc::now().to_rfc3339(); 413 413 + 414 414 + let create_payload = json!({ 415 415 + "repo": follower_did, 416 416 + "collection": collection, 417 417 + "rkey": rkey, 418 418 + "record": { 419 419 + "$type": collection, 420 420 + "subject": followee_did, 421 421 + "createdAt": now 422 422 + } 423 423 + }); 236 424 237 237 - assert_eq!(update_res_v3_good.status(), StatusCode::OK, "v3 (good) update failed"); 425 425 + let create_res = client 426 426 + .post(format!( 427 427 + "{}/xrpc/com.atproto.repo.putRecord", 428 428 + base_url().await 429 429 + )) 430 430 + .bearer_auth(follower_jwt) 431 431 + .json(&create_payload) 432 432 + .send() 433 433 + .await 434 434 + .expect("Failed to send create follow request"); 435 435 + 436 436 + assert_eq!( 437 437 + create_res.status(), 438 438 + reqwest::StatusCode::OK, 439 439 + "Failed to create follow record" 440 440 + ); 441 441 + let create_body: Value = create_res 442 442 + .json() 443 443 + .await 444 444 + .expect("create follow response was not JSON"); 445 445 + let uri = create_body["uri"].as_str().unwrap().to_string(); 446 446 + let cid = create_body["cid"].as_str().unwrap().to_string(); 447 447 + (uri, cid) 448 448 + } 449 449 + 450 450 + #[tokio::test] 451 451 + #[ignore] 452 452 + async fn test_social_flow_lifecycle() { 453 453 + let client = client(); 454 454 + 455 455 + let (alice_did, alice_jwt) = setup_new_user("alice-social").await; 456 456 + let (bob_did, bob_jwt) = setup_new_user("bob-social").await; 457 457 + 458 458 + let (post1_uri, _) = create_post(&client, &alice_did, &alice_jwt, "Alice's first post!").await; 459 459 + 460 460 + create_follow(&client, &bob_did, &bob_jwt, &alice_did).await; 461 461 + 462 462 + tokio::time::sleep(Duration::from_secs(1)).await; 463 463 + 464 464 + let timeline_res_1 = client 465 465 + .get(format!( 466 466 + "{}/xrpc/app.bsky.feed.getTimeline", 467 467 + base_url().await 468 468 + )) 469 469 + .bearer_auth(&bob_jwt) 470 470 + .send() 471 471 + .await 472 472 + .expect("Failed to get timeline (1)"); 473 473 + 474 474 + assert_eq!( 475 475 + timeline_res_1.status(), 476 476 + reqwest::StatusCode::OK, 477 477 + "Failed to get timeline (1)" 478 478 + ); 479 479 + let timeline_body_1: Value = timeline_res_1.json().await.expect("Timeline (1) not JSON"); 480 480 + let feed_1 = timeline_body_1["feed"].as_array().unwrap(); 481 481 + assert_eq!(feed_1.len(), 1, "Timeline should have 1 post"); 482 482 + assert_eq!( 483 483 + feed_1[0]["post"]["uri"], post1_uri, 484 484 + "Post URI mismatch in timeline (1)" 485 485 + ); 486 486 + 487 487 + let (post2_uri, _) = create_post( 488 488 + &client, 489 489 + &alice_did, 490 490 + &alice_jwt, 491 491 + "Alice's second post, so exciting!", 492 492 + ) 493 493 + .await; 494 494 + 495 495 + tokio::time::sleep(Duration::from_secs(1)).await; 496 496 + 497 497 + let timeline_res_2 = client 498 498 + .get(format!( 499 499 + "{}/xrpc/app.bsky.feed.getTimeline", 500 500 + base_url().await 501 501 + )) 502 502 + .bearer_auth(&bob_jwt) 503 503 + .send() 504 504 + .await 505 505 + .expect("Failed to get timeline (2)"); 506 506 + 507 507 + assert_eq!( 508 508 + timeline_res_2.status(), 509 509 + reqwest::StatusCode::OK, 510 510 + "Failed to get timeline (2)" 511 511 + ); 512 512 + let timeline_body_2: Value = timeline_res_2.json().await.expect("Timeline (2) not JSON"); 513 513 + let feed_2 = timeline_body_2["feed"].as_array().unwrap(); 514 514 + assert_eq!(feed_2.len(), 2, "Timeline should have 2 posts"); 515 515 + assert_eq!( 516 516 + feed_2[0]["post"]["uri"], post2_uri, 517 517 + "Post 2 should be first" 518 518 + ); 519 519 + assert_eq!( 520 520 + feed_2[1]["post"]["uri"], post1_uri, 521 521 + "Post 1 should be second" 522 522 + ); 523 523 + 524 524 + let delete_payload = json!({ 525 525 + "repo": alice_did, 526 526 + "collection": "app.bsky.feed.post", 527 527 + "rkey": post1_uri.split('/').last().unwrap() 528 528 + }); 529 529 + let delete_res = client 530 530 + .post(format!( 531 531 + "{}/xrpc/com.atproto.repo.deleteRecord", 532 532 + base_url().await 533 533 + )) 534 534 + .bearer_auth(&alice_jwt) 535 535 + .json(&delete_payload) 536 536 + .send() 537 537 + .await 538 538 + .expect("Failed to send delete request"); 539 539 + assert_eq!( 540 540 + delete_res.status(), 541 541 + reqwest::StatusCode::OK, 542 542 + "Failed to delete record" 543 543 + ); 544 544 + 545 545 + tokio::time::sleep(Duration::from_secs(1)).await; 546 546 + 547 547 + let timeline_res_3 = client 548 548 + .get(format!( 549 549 + "{}/xrpc/app.bsky.feed.getTimeline", 550 550 + base_url().await 551 551 + )) 552 552 + .bearer_auth(&bob_jwt) 553 553 + .send() 554 554 + .await 555 555 + .expect("Failed to get timeline (3)"); 556 556 + 557 557 + assert_eq!( 558 558 + timeline_res_3.status(), 559 559 + reqwest::StatusCode::OK, 560 560 + "Failed to get timeline (3)" 561 561 + ); 562 562 + let timeline_body_3: Value = timeline_res_3.json().await.expect("Timeline (3) not JSON"); 563 563 + let feed_3 = timeline_body_3["feed"].as_array().unwrap(); 564 564 + assert_eq!(feed_3.len(), 1, "Timeline should have 1 post after delete"); 565 565 + assert_eq!( 566 566 + feed_3[0]["post"]["uri"], post2_uri, 567 567 + "Only post 2 should remain" 568 568 + ); 238 569 }

+24 -16

tests/proxy.rs

··· 1 1 mod common; 2 2 3 3 - use axum::{ 4 4 - routing::any, 5 5 - Router, 6 6 - extract::Request, 7 7 - http::StatusCode, 8 8 - }; 9 9 - use tokio::net::TcpListener; 3 3 + use axum::{Router, extract::Request, http::StatusCode, routing::any}; 4 4 + use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD}; 10 5 use reqwest::Client; 11 6 use std::sync::Arc; 12 12 - use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD}; 7 7 + use tokio::net::TcpListener; 13 8 14 14 - async fn spawn_mock_upstream() -> (String, tokio::sync::mpsc::Receiver<(String, String, Option<String>)>) { 9 9 + async fn spawn_mock_upstream() -> ( 10 10 + String, 11 11 + tokio::sync::mpsc::Receiver<(String, String, Option<String>)>, 12 12 + ) { 15 13 let (tx, rx) = tokio::sync::mpsc::channel(10); 16 14 let tx = Arc::new(tx); 17 15 ··· 20 18 async move { 21 19 let method = req.method().to_string(); 22 20 let uri = req.uri().to_string(); 23 23 - let auth = req.headers().get("Authorization") 21 21 + let auth = req 22 22 + .headers() 23 23 + .get("Authorization") 24 24 .and_then(|h| h.to_str().ok()) 25 25 .map(|s| s.to_string()); 26 26 ··· 45 45 let (upstream_url, mut rx) = spawn_mock_upstream().await; 46 46 let client = Client::new(); 47 47 48 48 - let res = client.get(format!("{}/xrpc/com.example.test", app_url)) 48 48 + let res = client 49 49 + .get(format!("{}/xrpc/com.example.test", app_url)) 49 50 .header("atproto-proxy", &upstream_url) 50 51 .header("Authorization", "Bearer test-token") 51 52 .send() ··· 65 66 async fn test_proxy_via_env_var() { 66 67 let (upstream_url, mut rx) = spawn_mock_upstream().await; 67 68 68 68 - unsafe { std::env::set_var("APPVIEW_URL", &upstream_url); } 69 69 + unsafe { 70 70 + std::env::set_var("APPVIEW_URL", &upstream_url); 71 71 + } 69 72 70 73 let app_url = common::base_url().await; 71 74 let client = Client::new(); 72 75 73 73 - let res = client.get(format!("{}/xrpc/com.example.envtest", app_url)) 76 76 + let res = client 77 77 + .get(format!("{}/xrpc/com.example.envtest", app_url)) 74 78 .send() 75 79 .await 76 80 .unwrap(); ··· 85 89 #[tokio::test] 86 90 #[ignore] 87 91 async fn test_proxy_missing_config() { 88 88 - unsafe { std::env::remove_var("APPVIEW_URL"); } 92 92 + unsafe { 93 93 + std::env::remove_var("APPVIEW_URL"); 94 94 + } 89 95 90 96 let app_url = common::base_url().await; 91 97 let client = Client::new(); 92 98 93 93 - let res = client.get(format!("{}/xrpc/com.example.fail", app_url)) 99 99 + let res = client 100 100 + .get(format!("{}/xrpc/com.example.fail", app_url)) 94 101 .send() 95 102 .await 96 103 .unwrap(); ··· 106 113 107 114 let (access_jwt, did) = common::create_account_and_login(&client).await; 108 115 109 109 - let res = client.get(format!("{}/xrpc/com.example.signed", app_url)) 116 116 + let res = client 117 117 + .get(format!("{}/xrpc/com.example.signed", app_url)) 110 118 .header("atproto-proxy", &upstream_url) 111 119 .header("Authorization", format!("Bearer {}", access_jwt)) 112 120 .send()

+103 -28

tests/repo.rs

··· 1 1 mod common; 2 2 use common::*; 3 3 4 4 - use reqwest::{header, StatusCode}; 5 5 - use serde_json::{json, Value}; 6 4 use chrono::Utc; 5 5 + use reqwest::{StatusCode, header}; 6 6 + use serde_json::{Value, json}; 7 7 8 8 #[tokio::test] 9 9 #[ignore] ··· 15 15 ("rkey", "self"), 16 16 ]; 17 17 18 18 - let res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 18 18 + let res = client 19 19 + .get(format!( 20 20 + "{}/xrpc/com.atproto.repo.getRecord", 21 21 + base_url().await 22 22 + )) 19 23 .query(&params) 20 24 .send() 21 25 .await ··· 36 40 ("rkey", "nonexistent"), 37 41 ]; 38 42 39 39 - let res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 43 43 + let res = client 44 44 + .get(format!( 45 45 + "{}/xrpc/com.atproto.repo.getRecord", 46 46 + base_url().await 47 47 + )) 40 48 .query(&params) 41 49 .send() 42 50 .await ··· 50 58 #[tokio::test] 51 59 async fn test_upload_blob_no_auth() { 52 60 let client = client(); 53 53 - let res = client.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base_url().await)) 61 61 + let res = client 62 62 + .post(format!( 63 63 + "{}/xrpc/com.atproto.repo.uploadBlob", 64 64 + base_url().await 65 65 + )) 54 66 .header(header::CONTENT_TYPE, "text/plain") 55 67 .body("no auth") 56 68 .send() ··· 66 78 async fn test_upload_blob_success() { 67 79 let client = client(); 68 80 let (token, _) = create_account_and_login(&client).await; 69 69 - let res = client.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base_url().await)) 81 81 + let res = client 82 82 + .post(format!( 83 83 + "{}/xrpc/com.atproto.repo.uploadBlob", 84 84 + base_url().await 85 85 + )) 70 86 .header(header::CONTENT_TYPE, "text/plain") 71 87 .bearer_auth(token) 72 88 .body("This is our blob data") ··· 90 106 "record": {} 91 107 }); 92 108 93 93 - let res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 109 109 + let res = client 110 110 + .post(format!( 111 111 + "{}/xrpc/com.atproto.repo.putRecord", 112 112 + base_url().await 113 113 + )) 94 114 .json(&payload) 95 115 .send() 96 116 .await ··· 118 138 } 119 139 }); 120 140 121 121 - let res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 141 141 + let res = client 142 142 + .post(format!( 143 143 + "{}/xrpc/com.atproto.repo.putRecord", 144 144 + base_url().await 145 145 + )) 122 146 .bearer_auth(token) 123 147 .json(&payload) 124 148 .send() ··· 135 159 #[ignore] 136 160 async fn test_get_record_missing_params() { 137 161 let client = client(); 138 138 - let params = [ 139 139 - ("repo", "did:plc:12345"), 140 140 - ]; 162 162 + let params = [("repo", "did:plc:12345")]; 141 163 142 142 - let res = client.get(format!("{}/xrpc/com.atproto.repo.getRecord", base_url().await)) 164 164 + let res = client 165 165 + .get(format!( 166 166 + "{}/xrpc/com.atproto.repo.getRecord", 167 167 + base_url().await 168 168 + )) 143 169 .query(&params) 144 170 .send() 145 171 .await 146 172 .expect("Failed to send request"); 147 173 148 148 - assert_eq!(res.status(), StatusCode::BAD_REQUEST, "Expected 400 for missing params"); 174 174 + assert_eq!( 175 175 + res.status(), 176 176 + StatusCode::BAD_REQUEST, 177 177 + "Expected 400 for missing params" 178 178 + ); 149 179 } 150 180 151 181 #[tokio::test] 152 182 async fn test_upload_blob_bad_token() { 153 183 let client = client(); 154 154 - let res = client.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base_url().await)) 184 184 + let res = client 185 185 + .post(format!( 186 186 + "{}/xrpc/com.atproto.repo.uploadBlob", 187 187 + base_url().await 188 188 + )) 155 189 .header(header::CONTENT_TYPE, "text/plain") 156 190 .bearer_auth(BAD_AUTH_TOKEN) 157 191 .body("This is our blob data") ··· 181 215 } 182 216 }); 183 217 184 184 - let res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 218 218 + let res = client 219 219 + .post(format!( 220 220 + "{}/xrpc/com.atproto.repo.putRecord", 221 221 + base_url().await 222 222 + )) 185 223 .bearer_auth(token) 186 224 .json(&payload) 187 225 .send() 188 226 .await 189 227 .expect("Failed to send request"); 190 228 191 191 - assert_eq!(res.status(), StatusCode::FORBIDDEN, "Expected 403 for mismatched repo and auth"); 229 229 + assert_eq!( 230 230 + res.status(), 231 231 + StatusCode::FORBIDDEN, 232 232 + "Expected 403 for mismatched repo and auth" 233 233 + ); 192 234 } 193 235 194 236 #[tokio::test] ··· 207 249 } 208 250 }); 209 251 210 210 - let res = client.post(format!("{}/xrpc/com.atproto.repo.putRecord", base_url().await)) 252 252 + let res = client 253 253 + .post(format!( 254 254 + "{}/xrpc/com.atproto.repo.putRecord", 255 255 + base_url().await 256 256 + )) 211 257 .bearer_auth(token) 212 258 .json(&payload) 213 259 .send() 214 260 .await 215 261 .expect("Failed to send request"); 216 262 217 217 - assert_eq!(res.status(), StatusCode::BAD_REQUEST, "Expected 400 for invalid record schema"); 263 263 + assert_eq!( 264 264 + res.status(), 265 265 + StatusCode::BAD_REQUEST, 266 266 + "Expected 400 for invalid record schema" 267 267 + ); 218 268 } 219 269 220 270 #[tokio::test] 221 271 async fn test_upload_blob_unsupported_mime_type() { 222 272 let client = client(); 223 273 let (token, _) = create_account_and_login(&client).await; 224 224 - let res = client.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base_url().await)) 274 274 + let res = client 275 275 + .post(format!( 276 276 + "{}/xrpc/com.atproto.repo.uploadBlob", 277 277 + base_url().await 278 278 + )) 225 279 .header(header::CONTENT_TYPE, "application/xml") 226 280 .bearer_auth(token) 227 281 .body("<xml>not an image</xml>") ··· 242 296 ("collection", "app.bsky.feed.post"), 243 297 ("limit", "10"), 244 298 ]; 245 245 - let res = client.get(format!("{}/xrpc/com.atproto.repo.listRecords", base_url().await)) 299 299 + let res = client 300 300 + .get(format!( 301 301 + "{}/xrpc/com.atproto.repo.listRecords", 302 302 + base_url().await 303 303 + )) 246 304 .query(&params) 247 305 .send() 248 306 .await ··· 255 313 async fn test_describe_repo() { 256 314 let client = client(); 257 315 let (_, did) = create_account_and_login(&client).await; 258 258 - let params = [ 259 259 - ("repo", did.as_str()), 260 260 - ]; 261 261 - let res = client.get(format!("{}/xrpc/com.atproto.repo.describeRepo", base_url().await)) 316 316 + let params = [("repo", did.as_str())]; 317 317 + let res = client 318 318 + .get(format!( 319 319 + "{}/xrpc/com.atproto.repo.describeRepo", 320 320 + base_url().await 321 321 + )) 262 322 .query(&params) 263 323 .send() 264 324 .await ··· 282 342 } 283 343 }); 284 344 285 285 - let res = client.post(format!("{}/xrpc/com.atproto.repo.createRecord", base_url().await)) 345 345 + let res = client 346 346 + .post(format!( 347 347 + "{}/xrpc/com.atproto.repo.createRecord", 348 348 + base_url().await 349 349 + )) 286 350 .json(&payload) 287 351 .bearer_auth(token) 288 352 .send() ··· 313 377 } 314 378 }); 315 379 316 316 - let res = client.post(format!("{}/xrpc/com.atproto.repo.createRecord", base_url().await)) 380 380 + let res = client 381 381 + .post(format!( 382 382 + "{}/xrpc/com.atproto.repo.createRecord", 383 383 + base_url().await 384 384 + )) 317 385 .json(&payload) 318 386 .bearer_auth(token) 319 387 .send() ··· 322 390 323 391 assert_eq!(res.status(), StatusCode::OK); 324 392 let body: Value = res.json().await.expect("Response was not valid JSON"); 325 325 - assert_eq!(body["uri"], format!("at://{}/app.bsky.feed.post/{}", did, rkey)); 393 393 + assert_eq!( 394 394 + body["uri"], 395 395 + format!("at://{}/app.bsky.feed.post/{}", did, rkey) 396 396 + ); 326 397 // assert_eq!(body["cid"], "bafyreihy"); 327 398 } 328 399 ··· 336 407 "collection": "app.bsky.feed.post", 337 408 "rkey": "some_post_to_delete" 338 409 }); 339 339 - let res = client.post(format!("{}/xrpc/com.atproto.repo.deleteRecord", base_url().await)) 410 410 + let res = client 411 411 + .post(format!( 412 412 + "{}/xrpc/com.atproto.repo.deleteRecord", 413 413 + base_url().await 414 414 + )) 340 415 .bearer_auth(token) 341 416 .json(&payload) 342 417 .send()

+71 -17

tests/server.rs

··· 2 2 use common::*; 3 3 4 4 use reqwest::StatusCode; 5 5 - use serde_json::{json, Value}; 5 5 + use serde_json::{Value, json}; 6 6 7 7 #[tokio::test] 8 8 async fn test_health() { 9 9 let client = client(); 10 10 - let res = client.get(format!("{}/health", base_url().await)) 10 10 + let res = client 11 11 + .get(format!("{}/health", base_url().await)) 11 12 .send() 12 13 .await 13 14 .expect("Failed to send request"); ··· 19 20 #[tokio::test] 20 21 async fn test_describe_server() { 21 22 let client = client(); 22 22 - let res = client.get(format!("{}/xrpc/com.atproto.server.describeServer", base_url().await)) 23 23 + let res = client 24 24 + .get(format!( 25 25 + "{}/xrpc/com.atproto.server.describeServer", 26 26 + base_url().await 27 27 + )) 23 28 .send() 24 29 .await 25 30 .expect("Failed to send request"); ··· 39 44 "email": format!("{}@example.com", handle), 40 45 "password": "password" 41 46 }); 42 42 - let _ = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 47 47 + let _ = client 48 48 + .post(format!( 49 49 + "{}/xrpc/com.atproto.server.createAccount", 50 50 + base_url().await 51 51 + )) 43 52 .json(&payload) 44 53 .send() 45 54 .await; ··· 49 58 "password": "password" 50 59 }); 51 60 52 52 - let res = client.post(format!("{}/xrpc/com.atproto.server.createSession", base_url().await)) 61 61 + let res = client 62 62 + .post(format!( 63 63 + "{}/xrpc/com.atproto.server.createSession", 64 64 + base_url().await 65 65 + )) 53 66 .json(&payload) 54 67 .send() 55 68 .await ··· 67 80 "password": "password" 68 81 }); 69 82 70 70 - let res = client.post(format!("{}/xrpc/com.atproto.server.createSession", base_url().await)) 83 83 + let res = client 84 84 + .post(format!( 85 85 + "{}/xrpc/com.atproto.server.createSession", 86 86 + base_url().await 87 87 + )) 71 88 .json(&payload) 72 89 .send() 73 90 .await 74 91 .expect("Failed to send request"); 75 92 76 76 - assert!(res.status() == StatusCode::BAD_REQUEST || res.status() == StatusCode::UNPROCESSABLE_ENTITY, 77 77 - "Expected 400 or 422 for missing identifier, got {}", res.status()); 93 93 + assert!( 94 94 + res.status() == StatusCode::BAD_REQUEST || res.status() == StatusCode::UNPROCESSABLE_ENTITY, 95 95 + "Expected 400 or 422 for missing identifier, got {}", 96 96 + res.status() 97 97 + ); 78 98 } 79 99 80 100 #[tokio::test] ··· 86 106 "password": "password" 87 107 }); 88 108 89 89 - let res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 109 109 + let res = client 110 110 + .post(format!( 111 111 + "{}/xrpc/com.atproto.server.createAccount", 112 112 + base_url().await 113 113 + )) 90 114 .json(&payload) 91 115 .send() 92 116 .await 93 117 .expect("Failed to send request"); 94 118 95 95 - assert_eq!(res.status(), StatusCode::BAD_REQUEST, "Expected 400 for invalid handle chars"); 119 119 + assert_eq!( 120 120 + res.status(), 121 121 + StatusCode::BAD_REQUEST, 122 122 + "Expected 400 for invalid handle chars" 123 123 + ); 96 124 } 97 125 98 126 #[tokio::test] 99 127 async fn test_get_session() { 100 128 let client = client(); 101 101 - let res = client.get(format!("{}/xrpc/com.atproto.server.getSession", base_url().await)) 129 129 + let res = client 130 130 + .get(format!( 131 131 + "{}/xrpc/com.atproto.server.getSession", 132 132 + base_url().await 133 133 + )) 102 134 .bearer_auth(AUTH_TOKEN) 103 135 .send() 104 136 .await ··· 117 149 "email": format!("{}@example.com", handle), 118 150 "password": "password" 119 151 }); 120 120 - let _ = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base_url().await)) 152 152 + let _ = client 153 153 + .post(format!( 154 154 + "{}/xrpc/com.atproto.server.createAccount", 155 155 + base_url().await 156 156 + )) 121 157 .json(&payload) 122 158 .send() 123 159 .await; ··· 126 162 "identifier": handle, 127 163 "password": "password" 128 164 }); 129 129 - let res = client.post(format!("{}/xrpc/com.atproto.server.createSession", base_url().await)) 165 165 + let res = client 166 166 + .post(format!( 167 167 + "{}/xrpc/com.atproto.server.createSession", 168 168 + base_url().await 169 169 + )) 130 170 .json(&login_payload) 131 171 .send() 132 172 .await ··· 134 174 135 175 assert_eq!(res.status(), StatusCode::OK); 136 176 let body: Value = res.json().await.expect("Invalid JSON"); 137 137 - let refresh_jwt = body["refreshJwt"].as_str().expect("No refreshJwt").to_string(); 138 138 - let access_jwt = body["accessJwt"].as_str().expect("No accessJwt").to_string(); 177 177 + let refresh_jwt = body["refreshJwt"] 178 178 + .as_str() 179 179 + .expect("No refreshJwt") 180 180 + .to_string(); 181 181 + let access_jwt = body["accessJwt"] 182 182 + .as_str() 183 183 + .expect("No accessJwt") 184 184 + .to_string(); 139 185 140 140 - let res = client.post(format!("{}/xrpc/com.atproto.server.refreshSession", base_url().await)) 186 186 + let res = client 187 187 + .post(format!( 188 188 + "{}/xrpc/com.atproto.server.refreshSession", 189 189 + base_url().await 190 190 + )) 141 191 .bearer_auth(&refresh_jwt) 142 192 .send() 143 193 .await ··· 154 204 #[tokio::test] 155 205 async fn test_delete_session() { 156 206 let client = client(); 157 157 - let res = client.post(format!("{}/xrpc/com.atproto.server.deleteSession", base_url().await)) 207 207 + let res = client 208 208 + .post(format!( 209 209 + "{}/xrpc/com.atproto.server.deleteSession", 210 210 + base_url().await 211 211 + )) 158 212 .bearer_auth(AUTH_TOKEN) 159 213 .send() 160 214 .await

+11 -5

tests/sync.rs

··· 6 6 #[ignore] 7 7 async fn test_get_repo() { 8 8 let client = client(); 9 9 - let params = [ 10 10 - ("did", AUTH_DID), 11 11 - ]; 12 12 - let res = client.get(format!("{}/xrpc/com.atproto.sync.getRepo", base_url().await)) 9 9 + let params = [("did", AUTH_DID)]; 10 10 + let res = client 11 11 + .get(format!( 12 12 + "{}/xrpc/com.atproto.sync.getRepo", 13 13 + base_url().await 14 14 + )) 13 15 .query(&params) 14 16 .send() 15 17 .await ··· 26 28 ("did", AUTH_DID), 27 29 // "cids" would be a list of CIDs 28 30 ]; 29 29 - let res = client.get(format!("{}/xrpc/com.atproto.sync.getBlocks", base_url().await)) 31 31 + let res = client 32 32 + .get(format!( 33 33 + "{}/xrpc/com.atproto.sync.getBlocks", 34 34 + base_url().await 35 35 + )) 30 36 .query(&params) 31 37 .send() 32 38 .await