src/api/identity/plc/submit.rs at 920994c745720aa7a71f75cd56d2a3d12a788173 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / src / api / identity / plc / submit.rs
at 920994c745720aa7a71f75cd56d2a3d12a788173 8.3 kB view raw
  1use crate::api::ApiError;
  2use crate::circuit_breaker::{CircuitBreakerError, with_circuit_breaker};
  3use crate::plc::{PlcClient, PlcError, signing_key_to_did_key, validate_plc_operation};
  4use crate::state::AppState;
  5use axum::{
  6    Json,
  7    extract::State,
  8    http::StatusCode,
  9    response::{IntoResponse, Response},
 10};
 11use k256::ecdsa::SigningKey;
 12use serde::Deserialize;
 13use serde_json::{Value, json};
 14use tracing::{error, info, warn};
 15
 16#[derive(Debug, Deserialize)]
 17pub struct SubmitPlcOperationInput {
 18    pub operation: Value,
 19}
 20
 21pub async fn submit_plc_operation(
 22    State(state): State<AppState>,
 23    headers: axum::http::HeaderMap,
 24    Json(input): Json<SubmitPlcOperationInput>,
 25) -> Response {
 26    let bearer = match crate::auth::extract_bearer_token_from_header(
 27        headers.get("Authorization").and_then(|h| h.to_str().ok()),
 28    ) {
 29        Some(t) => t,
 30        None => return ApiError::AuthenticationRequired.into_response(),
 31    };
 32    let auth_user = match crate::auth::validate_bearer_token_allow_deactivated(&state.db, &bearer).await {
 33        Ok(user) => user,
 34        Err(e) => return ApiError::from(e).into_response(),
 35    };
 36    let did = &auth_user.did;
 37    if let Err(e) = validate_plc_operation(&input.operation) {
 38        return ApiError::InvalidRequest(format!("Invalid operation: {}", e)).into_response();
 39    }
 40    let op = &input.operation;
 41    let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string());
 42    let public_url = format!("https://{}", hostname);
 43    let user = match sqlx::query!("SELECT id, handle, deactivated_at FROM users WHERE did = $1", did)
 44        .fetch_optional(&state.db)
 45        .await
 46    {
 47        Ok(Some(row)) => row,
 48        _ => {
 49            return (
 50                StatusCode::NOT_FOUND,
 51                Json(json!({"error": "AccountNotFound"})),
 52            )
 53                .into_response();
 54        }
 55    };
 56    let is_migration = user.deactivated_at.is_some();
 57    let key_row = match sqlx::query!(
 58        "SELECT key_bytes, encryption_version FROM user_keys WHERE user_id = $1",
 59        user.id
 60    )
 61    .fetch_optional(&state.db)
 62    .await
 63    {
 64        Ok(Some(row)) => row,
 65        _ => {
 66            return (
 67                StatusCode::INTERNAL_SERVER_ERROR,
 68                Json(json!({"error": "InternalError", "message": "User signing key not found"})),
 69            )
 70                .into_response();
 71        }
 72    };
 73    let key_bytes = match crate::config::decrypt_key(&key_row.key_bytes, key_row.encryption_version)
 74    {
 75        Ok(k) => k,
 76        Err(e) => {
 77            error!("Failed to decrypt user key: {}", e);
 78            return (
 79                StatusCode::INTERNAL_SERVER_ERROR,
 80                Json(json!({"error": "InternalError"})),
 81            )
 82                .into_response();
 83        }
 84    };
 85    let signing_key = match SigningKey::from_slice(&key_bytes) {
 86        Ok(k) => k,
 87        Err(e) => {
 88            error!("Failed to create signing key: {:?}", e);
 89            return (
 90                StatusCode::INTERNAL_SERVER_ERROR,
 91                Json(json!({"error": "InternalError"})),
 92            )
 93                .into_response();
 94        }
 95    };
 96    let user_did_key = signing_key_to_did_key(&signing_key);
 97    if !is_migration {
 98        if let Some(rotation_keys) = op.get("rotationKeys").and_then(|v| v.as_array()) {
 99            let server_rotation_key =
100                std::env::var("PLC_ROTATION_KEY").unwrap_or_else(|_| user_did_key.clone());
101            let has_server_key = rotation_keys
102                .iter()
103                .any(|k| k.as_str() == Some(&server_rotation_key));
104            if !has_server_key {
105                return (
106                    StatusCode::BAD_REQUEST,
107                    Json(json!({
108                        "error": "InvalidRequest",
109                        "message": "Rotation keys do not include server's rotation key"
110                    })),
111                )
112                    .into_response();
113            }
114        }
115    }
116    if let Some(services) = op.get("services").and_then(|v| v.as_object())
117        && let Some(pds) = services.get("atproto_pds").and_then(|v| v.as_object()) {
118            let service_type = pds.get("type").and_then(|v| v.as_str());
119            let endpoint = pds.get("endpoint").and_then(|v| v.as_str());
120            if service_type != Some("AtprotoPersonalDataServer") {
121                return (
122                    StatusCode::BAD_REQUEST,
123                    Json(json!({
124                        "error": "InvalidRequest",
125                        "message": "Incorrect type on atproto_pds service"
126                    })),
127                )
128                    .into_response();
129            }
130            if endpoint != Some(&public_url) {
131                return (
132                    StatusCode::BAD_REQUEST,
133                    Json(json!({
134                        "error": "InvalidRequest",
135                        "message": "Incorrect endpoint on atproto_pds service"
136                    })),
137                )
138                    .into_response();
139            }
140        }
141    if !is_migration {
142        if let Some(verification_methods) = op.get("verificationMethods").and_then(|v| v.as_object())
143            && let Some(atproto_key) = verification_methods.get("atproto").and_then(|v| v.as_str())
144                && atproto_key != user_did_key {
145                    return (
146                        StatusCode::BAD_REQUEST,
147                        Json(json!({
148                            "error": "InvalidRequest",
149                            "message": "Incorrect signing key in verificationMethods"
150                        })),
151                    )
152                        .into_response();
153                }
154        if let Some(also_known_as) = op.get("alsoKnownAs").and_then(|v| v.as_array()) {
155            let expected_handle = format!("at://{}", user.handle);
156            let first_aka = also_known_as.first().and_then(|v| v.as_str());
157            if first_aka != Some(&expected_handle) {
158                return (
159                    StatusCode::BAD_REQUEST,
160                    Json(json!({
161                        "error": "InvalidRequest",
162                        "message": "Incorrect handle in alsoKnownAs"
163                    })),
164                )
165                    .into_response();
166            }
167        }
168    }
169    let plc_client = PlcClient::new(None);
170    let operation_clone = input.operation.clone();
171    let did_clone = did.clone();
172    let result: Result<(), CircuitBreakerError<PlcError>> =
173        with_circuit_breaker(&state.circuit_breakers.plc_directory, || async {
174            plc_client
175                .send_operation(&did_clone, &operation_clone)
176                .await
177        })
178        .await;
179    match result {
180        Ok(()) => {}
181        Err(CircuitBreakerError::CircuitOpen(e)) => {
182            warn!("PLC directory circuit breaker open: {}", e);
183            return (
184                StatusCode::SERVICE_UNAVAILABLE,
185                Json(json!({
186                    "error": "ServiceUnavailable",
187                    "message": "PLC directory service temporarily unavailable"
188                })),
189            )
190                .into_response();
191        }
192        Err(CircuitBreakerError::OperationFailed(e)) => {
193            error!("Failed to submit PLC operation: {:?}", e);
194            return (
195                StatusCode::BAD_GATEWAY,
196                Json(json!({
197                    "error": "UpstreamError",
198                    "message": format!("Failed to submit to PLC directory: {}", e)
199                })),
200            )
201                .into_response();
202        }
203    }
204    match sqlx::query!(
205        "INSERT INTO repo_seq (did, event_type) VALUES ($1, 'identity') RETURNING seq",
206        did
207    )
208    .fetch_one(&state.db)
209    .await
210    {
211        Ok(row) => {
212            if let Err(e) = sqlx::query(&format!("NOTIFY repo_updates, '{}'", row.seq))
213                .execute(&state.db)
214                .await
215            {
216                warn!("Failed to notify identity event: {:?}", e);
217            }
218        }
219        Err(e) => {
220            warn!("Failed to sequence identity event: {:?}", e);
221        }
222    }
223    info!("Submitted PLC operation for user {}", did);
224    (StatusCode::OK, Json(json!({}))).into_response()
225}