src/api/identity/plc/submit.rs at 9853d4561efd59cdf3f41b256d33713c979edf8a · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / src / api / identity / plc / submit.rs
at 9853d4561efd59cdf3f41b256d33713c979edf8a 8.7 kB view raw
  1use crate::api::ApiError;
  2use crate::circuit_breaker::{CircuitBreakerError, with_circuit_breaker};
  3use crate::plc::{PlcClient, PlcError, signing_key_to_did_key, validate_plc_operation};
  4use crate::state::AppState;
  5use axum::{
  6    Json,
  7    extract::State,
  8    http::StatusCode,
  9    response::{IntoResponse, Response},
 10};
 11use k256::ecdsa::SigningKey;
 12use serde::Deserialize;
 13use serde_json::{Value, json};
 14use tracing::{error, info, warn};
 15
 16#[derive(Debug, Deserialize)]
 17pub struct SubmitPlcOperationInput {
 18    pub operation: Value,
 19}
 20
 21pub async fn submit_plc_operation(
 22    State(state): State<AppState>,
 23    headers: axum::http::HeaderMap,
 24    Json(input): Json<SubmitPlcOperationInput>,
 25) -> Response {
 26    let bearer = match crate::auth::extract_bearer_token_from_header(
 27        headers.get("Authorization").and_then(|h| h.to_str().ok()),
 28    ) {
 29        Some(t) => t,
 30        None => {
 31            return ApiError::AuthenticationRequired.into_response();
 32        }
 33    };
 34    let auth_user =
 35        match crate::auth::validate_bearer_token_allow_deactivated(&state.db, &bearer).await {
 36            Ok(user) => user,
 37            Err(e) => {
 38                return ApiError::from(e).into_response();
 39            }
 40        };
 41    if let Err(e) = crate::auth::scope_check::check_identity_scope(
 42        auth_user.is_oauth,
 43        auth_user.scope.as_deref(),
 44        crate::oauth::scopes::IdentityAttr::Wildcard,
 45    ) {
 46        return e;
 47    }
 48    let did = &auth_user.did;
 49    if did.starts_with("did:web:") {
 50        return ApiError::InvalidRequest(
 51            "PLC operations are only valid for did:plc identities".into(),
 52        )
 53        .into_response();
 54    }
 55    if let Err(e) = validate_plc_operation(&input.operation) {
 56        return ApiError::InvalidRequest(format!("Invalid operation: {}", e)).into_response();
 57    }
 58    let op = &input.operation;
 59    let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string());
 60    let public_url = format!("https://{}", hostname);
 61    let user = match sqlx::query!("SELECT id, handle FROM users WHERE did = $1", did)
 62        .fetch_optional(&state.db)
 63        .await
 64    {
 65        Ok(Some(row)) => row,
 66        _ => {
 67            return (
 68                StatusCode::NOT_FOUND,
 69                Json(json!({"error": "AccountNotFound"})),
 70            )
 71                .into_response();
 72        }
 73    };
 74    let key_row = match sqlx::query!(
 75        "SELECT key_bytes, encryption_version FROM user_keys WHERE user_id = $1",
 76        user.id
 77    )
 78    .fetch_optional(&state.db)
 79    .await
 80    {
 81        Ok(Some(row)) => row,
 82        _ => {
 83            return (
 84                StatusCode::INTERNAL_SERVER_ERROR,
 85                Json(json!({"error": "InternalError", "message": "User signing key not found"})),
 86            )
 87                .into_response();
 88        }
 89    };
 90    let key_bytes = match crate::config::decrypt_key(&key_row.key_bytes, key_row.encryption_version)
 91    {
 92        Ok(k) => k,
 93        Err(e) => {
 94            error!("Failed to decrypt user key: {}", e);
 95            return (
 96                StatusCode::INTERNAL_SERVER_ERROR,
 97                Json(json!({"error": "InternalError"})),
 98            )
 99                .into_response();
100        }
101    };
102    let signing_key = match SigningKey::from_slice(&key_bytes) {
103        Ok(k) => k,
104        Err(e) => {
105            error!("Failed to create signing key: {:?}", e);
106            return (
107                StatusCode::INTERNAL_SERVER_ERROR,
108                Json(json!({"error": "InternalError"})),
109            )
110                .into_response();
111        }
112    };
113    let user_did_key = signing_key_to_did_key(&signing_key);
114    let server_rotation_key =
115        std::env::var("PLC_ROTATION_KEY").unwrap_or_else(|_| user_did_key.clone());
116    if let Some(rotation_keys) = op.get("rotationKeys").and_then(|v| v.as_array()) {
117        let has_server_key = rotation_keys
118            .iter()
119            .any(|k| k.as_str() == Some(&server_rotation_key));
120        if !has_server_key {
121            return (
122                StatusCode::BAD_REQUEST,
123                Json(json!({
124                    "error": "InvalidRequest",
125                    "message": "Rotation keys do not include server's rotation key"
126                })),
127            )
128                .into_response();
129        }
130    }
131    if let Some(services) = op.get("services").and_then(|v| v.as_object())
132        && let Some(pds) = services.get("atproto_pds").and_then(|v| v.as_object())
133    {
134        let service_type = pds.get("type").and_then(|v| v.as_str());
135        let endpoint = pds.get("endpoint").and_then(|v| v.as_str());
136        if service_type != Some("AtprotoPersonalDataServer") {
137            return (
138                StatusCode::BAD_REQUEST,
139                Json(json!({
140                    "error": "InvalidRequest",
141                    "message": "Incorrect type on atproto_pds service"
142                })),
143            )
144                .into_response();
145        }
146        if endpoint != Some(&public_url) {
147            return (
148                StatusCode::BAD_REQUEST,
149                Json(json!({
150                    "error": "InvalidRequest",
151                    "message": "Incorrect endpoint on atproto_pds service"
152                })),
153            )
154                .into_response();
155        }
156    }
157    if let Some(verification_methods) = op.get("verificationMethods").and_then(|v| v.as_object())
158        && let Some(atproto_key) = verification_methods.get("atproto").and_then(|v| v.as_str())
159        && atproto_key != user_did_key
160    {
161        return (
162            StatusCode::BAD_REQUEST,
163            Json(json!({
164                "error": "InvalidRequest",
165                "message": "Incorrect signing key in verificationMethods"
166            })),
167        )
168            .into_response();
169    }
170    if let Some(also_known_as) = (!user.handle.is_empty())
171        .then(|| op.get("alsoKnownAs").and_then(|v| v.as_array()))
172        .flatten()
173    {
174        let expected_handle = format!("at://{}", user.handle);
175        let first_aka = also_known_as.first().and_then(|v| v.as_str());
176        if first_aka != Some(&expected_handle) {
177            return (
178                StatusCode::BAD_REQUEST,
179                Json(json!({
180                    "error": "InvalidRequest",
181                    "message": "Incorrect handle in alsoKnownAs"
182                })),
183            )
184                .into_response();
185        }
186    }
187    let plc_client = PlcClient::with_cache(None, Some(state.cache.clone()));
188    let operation_clone = input.operation.clone();
189    let did_clone = did.clone();
190    let result: Result<(), CircuitBreakerError<PlcError>> =
191        with_circuit_breaker(&state.circuit_breakers.plc_directory, || async {
192            plc_client
193                .send_operation(&did_clone, &operation_clone)
194                .await
195        })
196        .await;
197    match result {
198        Ok(()) => {}
199        Err(CircuitBreakerError::CircuitOpen(e)) => {
200            warn!("PLC directory circuit breaker open: {}", e);
201            return (
202                StatusCode::SERVICE_UNAVAILABLE,
203                Json(json!({
204                    "error": "ServiceUnavailable",
205                    "message": "PLC directory service temporarily unavailable"
206                })),
207            )
208                .into_response();
209        }
210        Err(CircuitBreakerError::OperationFailed(e)) => {
211            error!("PLC operation failed: {:?}", e);
212            return (
213                StatusCode::BAD_GATEWAY,
214                Json(json!({
215                    "error": "UpstreamError",
216                    "message": format!("Failed to submit to PLC directory: {}", e)
217                })),
218            )
219                .into_response();
220        }
221    }
222    match sqlx::query!(
223        "INSERT INTO repo_seq (did, event_type, handle) VALUES ($1, 'identity', $2) RETURNING seq",
224        did,
225        user.handle
226    )
227    .fetch_one(&state.db)
228    .await
229    {
230        Ok(row) => {
231            if let Err(e) = sqlx::query(&format!("NOTIFY repo_updates, '{}'", row.seq))
232                .execute(&state.db)
233                .await
234            {
235                warn!("Failed to notify identity event: {:?}", e);
236            }
237        }
238        Err(e) => {
239            warn!("Failed to sequence identity event: {:?}", e);
240        }
241    }
242    let _ = state.cache.delete(&format!("handle:{}", user.handle)).await;
243    if state.did_resolver.refresh_did(did).await.is_none() {
244        warn!(did = %did, "Failed to refresh DID cache after PLC update");
245    }
246    info!(did = %did, "PLC operation submitted successfully");
247    (StatusCode::OK, Json(json!({}))).into_response()
248}