tranquil.farm
Our Personal Data Server from scratch!
tranquil.farm
oauth
atproto
pds
rust
postgresql
objectstorage
fun
fix: bulk type safety improvements, added a couple of tests
lewis.moe
+8
.config/nextest.toml
+8
.config/nextest.toml
···
33
filter = "test(/two_node_stress_concurrent_load/)"
34
test-group = "heavy-load-tests"
35
36
[[profile.ci.overrides]]
37
filter = "test(/import_with_verification/) | test(/plc_migration/)"
38
test-group = "serial-env-tests"
···
48
[[profile.ci.overrides]]
49
filter = "test(/two_node_stress_concurrent_load/)"
50
test-group = "heavy-load-tests"
···
33
filter = "test(/two_node_stress_concurrent_load/)"
34
test-group = "heavy-load-tests"
35
36
+
[[profile.default.overrides]]
37
+
filter = "binary(repo_lifecycle)"
38
+
test-group = "heavy-load-tests"
39
+
40
[[profile.ci.overrides]]
41
filter = "test(/import_with_verification/) | test(/plc_migration/)"
42
test-group = "serial-env-tests"
···
52
[[profile.ci.overrides]]
53
filter = "test(/two_node_stress_concurrent_load/)"
54
test-group = "heavy-load-tests"
55
+
56
+
[[profile.ci.overrides]]
57
+
filter = "binary(repo_lifecycle)"
58
+
test-group = "heavy-load-tests"
+15
-14
Cargo.lock
+15
-14
Cargo.lock
···
5893
5894
[[package]]
5895
name = "tranquil-auth"
5896
-
version = "0.2.0"
5897
dependencies = [
5898
"anyhow",
5899
"base32",
···
5915
5916
[[package]]
5917
name = "tranquil-cache"
5918
-
version = "0.2.0"
5919
dependencies = [
5920
"async-trait",
5921
"base64 0.22.1",
···
5928
5929
[[package]]
5930
name = "tranquil-comms"
5931
-
version = "0.2.0"
5932
dependencies = [
5933
"async-trait",
5934
"base64 0.22.1",
···
5942
5943
[[package]]
5944
name = "tranquil-crypto"
5945
-
version = "0.2.0"
5946
dependencies = [
5947
"aes-gcm",
5948
"base64 0.22.1",
···
5958
5959
[[package]]
5960
name = "tranquil-db"
5961
-
version = "0.2.0"
5962
dependencies = [
5963
"async-trait",
5964
"chrono",
···
5975
5976
[[package]]
5977
name = "tranquil-db-traits"
5978
-
version = "0.2.0"
5979
dependencies = [
5980
"async-trait",
5981
"base64 0.22.1",
···
5991
5992
[[package]]
5993
name = "tranquil-infra"
5994
-
version = "0.2.0"
5995
dependencies = [
5996
"async-trait",
5997
"bytes",
···
6001
6002
[[package]]
6003
name = "tranquil-oauth"
6004
-
version = "0.2.0"
6005
dependencies = [
6006
"anyhow",
6007
"axum",
···
6024
6025
[[package]]
6026
name = "tranquil-pds"
6027
-
version = "0.2.0"
6028
dependencies = [
6029
"aes-gcm",
6030
"anyhow",
···
6109
6110
[[package]]
6111
name = "tranquil-repo"
6112
-
version = "0.2.0"
6113
dependencies = [
6114
"bytes",
6115
"cid",
···
6121
6122
[[package]]
6123
name = "tranquil-ripple"
6124
-
version = "0.2.0"
6125
dependencies = [
6126
"async-trait",
6127
"backon",
···
6145
6146
[[package]]
6147
name = "tranquil-scopes"
6148
-
version = "0.2.0"
6149
dependencies = [
6150
"axum",
6151
"futures",
···
6153
"reqwest",
6154
"serde",
6155
"serde_json",
6156
"tokio",
6157
"tracing",
6158
"urlencoding",
···
6160
6161
[[package]]
6162
name = "tranquil-storage"
6163
-
version = "0.2.0"
6164
dependencies = [
6165
"async-trait",
6166
"aws-config",
···
6176
6177
[[package]]
6178
name = "tranquil-types"
6179
-
version = "0.2.0"
6180
dependencies = [
6181
"chrono",
6182
"cid",
···
5893
5894
[[package]]
5895
name = "tranquil-auth"
5896
+
version = "0.2.1"
5897
dependencies = [
5898
"anyhow",
5899
"base32",
···
5915
5916
[[package]]
5917
name = "tranquil-cache"
5918
+
version = "0.2.1"
5919
dependencies = [
5920
"async-trait",
5921
"base64 0.22.1",
···
5928
5929
[[package]]
5930
name = "tranquil-comms"
5931
+
version = "0.2.1"
5932
dependencies = [
5933
"async-trait",
5934
"base64 0.22.1",
···
5942
5943
[[package]]
5944
name = "tranquil-crypto"
5945
+
version = "0.2.1"
5946
dependencies = [
5947
"aes-gcm",
5948
"base64 0.22.1",
···
5958
5959
[[package]]
5960
name = "tranquil-db"
5961
+
version = "0.2.1"
5962
dependencies = [
5963
"async-trait",
5964
"chrono",
···
5975
5976
[[package]]
5977
name = "tranquil-db-traits"
5978
+
version = "0.2.1"
5979
dependencies = [
5980
"async-trait",
5981
"base64 0.22.1",
···
5991
5992
[[package]]
5993
name = "tranquil-infra"
5994
+
version = "0.2.1"
5995
dependencies = [
5996
"async-trait",
5997
"bytes",
···
6001
6002
[[package]]
6003
name = "tranquil-oauth"
6004
+
version = "0.2.1"
6005
dependencies = [
6006
"anyhow",
6007
"axum",
···
6024
6025
[[package]]
6026
name = "tranquil-pds"
6027
+
version = "0.2.1"
6028
dependencies = [
6029
"aes-gcm",
6030
"anyhow",
···
6109
6110
[[package]]
6111
name = "tranquil-repo"
6112
+
version = "0.2.1"
6113
dependencies = [
6114
"bytes",
6115
"cid",
···
6121
6122
[[package]]
6123
name = "tranquil-ripple"
6124
+
version = "0.2.1"
6125
dependencies = [
6126
"async-trait",
6127
"backon",
···
6145
6146
[[package]]
6147
name = "tranquil-scopes"
6148
+
version = "0.2.1"
6149
dependencies = [
6150
"axum",
6151
"futures",
···
6153
"reqwest",
6154
"serde",
6155
"serde_json",
6156
+
"thiserror 2.0.17",
6157
"tokio",
6158
"tracing",
6159
"urlencoding",
···
6161
6162
[[package]]
6163
name = "tranquil-storage"
6164
+
version = "0.2.1"
6165
dependencies = [
6166
"async-trait",
6167
"aws-config",
···
6177
6178
[[package]]
6179
name = "tranquil-types"
6180
+
version = "0.2.1"
6181
dependencies = [
6182
"chrono",
6183
"cid",
+1
-1
Cargo.toml
+1
-1
Cargo.toml
+2
-34
TODO.md
+2
-34
TODO.md
···
5
### Storage backend abstraction
6
Make storage layers swappable via traits.
7
8
-
filesystem blob storage
9
-
- [ ] FilesystemBlobStorage implementation
10
-
- [ ] directory structure (content-addressed like blobs/{cid} already used in objsto)
11
-
- [ ] atomic writes (write to temp, rename)
12
-
- [ ] config option to choose backend (env var or config flag)
13
-
- [ ] also traitify BackupStorage (currently hardcoded to objsto)
14
-
15
sqlite database backend
16
- [ ] abstract db layer behind trait (queries, transactions, migrations)
17
- [ ] sqlite implementation matching postgres behavior
···
20
- [ ] testing: run full test suite against both backends
21
- [ ] config option to choose backend (postgres vs sqlite)
22
- [ ] document tradeoffs (sqlite for single-user/small, postgres for multi-user/scale)
23
24
### Plugin system
25
WASM component model plugins. Compile to wasm32-wasip2, sandboxed via wasmtime, capability-gated. Based on zed's extensions.
···
131
- [ ] on_access_grant_request for custom authorization
132
- [ ] on_key_rotation to notify interested parties
133
134
-
---
135
-
136
-
## Completed
137
-
138
-
Core ATProto: Health, describeServer, all session endpoints, full repo CRUD, applyWrites, blob upload, importRepo, firehose with cursor replay, CAR export, blob sync, crawler notifications, handle resolution, PLC operations, full admin API, moderation reports.
139
-
140
-
did:web support: Self-hosted did:web (subdomain format `did:web:handle.pds.com`), external/BYOD did:web, DID document serving via `/.well-known/did.json`, clear registration warnings about did:web trade-offs vs did:plc.
141
-
142
-
OAuth 2.1: Authorization server metadata, JWKS, PAR, authorize endpoint with login UI, token endpoint (auth code + refresh), revocation, introspection, DPoP, PKCE S256, client metadata validation, private_key_jwt verification.
143
-
144
-
OAuth Scope Enforcement: Full granular scope system with consent UI, human-readable scope descriptions, per-client scope preferences, scope parsing (repo/blob/rpc/account/identity), endpoint-level scope checks, DPoP token support in auth extractors, token revocation on re-authorization, response_mode support (query/fragment).
145
-
146
-
App endpoints: getPreferences, putPreferences, getProfile, getProfiles, getTimeline, getAuthorFeed, getActorLikes, getPostThread, getFeed, registerPush (all with local-first + proxy fallback).
147
-
148
-
Infrastructure: Sequencer with cursor replay, postgres repo storage with atomic transactions, valkey DID cache, debounced crawler notifications with circuit breakers, multi-channel notifications (email/Discord/Telegram/Signal), image processing, distributed rate limiting, security hardening.
149
-
150
-
Web UI: OAuth login, registration, email verification, password reset, multi-account selector, dashboard, sessions, app passwords, invites, notification preferences, repo browser, CAR export, admin panel, OAuth consent screen with scope selection.
151
-
152
-
Auth: ES256K + HS256 dual support, JTI-only token storage, refresh token family tracking, encrypted signing keys (AES-256-GCM), DPoP replay protection, constant-time comparisons.
153
-
154
-
Passkeys and 2FA: WebAuthn/FIDO2 passkey registration and authentication, TOTP with QR setup, backup codes (hashed, one-time use), passkey-only account creation, trusted devices (remember this browser), re-auth for sensitive actions, rate-limited 2FA attempts, settings UI for managing all auth methods.
155
-
156
-
App password scopes: Granular permissions for app passwords using the same scope system as OAuth. Preset buttons for common use cases (full access, read-only, post-only), scope stored in session and preserved across token refresh, explicit RPC/repo/blob scope enforcement for restricted passwords.
157
-
158
-
Account Delegation: Delegated accounts controlled by other accounts instead of passwords. OAuth delegation flow (authenticate as controller), scope-based permissions (owner/admin/editor/viewer presets), scope intersection (tokens limited to granted permissions), `act` claim for delegation tracking, creating delegated account flow, controller management UI, "act as" account switcher, comprehensive audit logging with actor/controller tracking, delegation-aware OAuth consent with permission limitation notices.
159
-
160
-
Migration: OAuth-based inbound migration wizard with PLC token flow, offline restore from CAR file + rotation key for disaster recovery, scheduled automatic backups, standalone repo/blob export, did:web DID document editor for self-service identity management, handle preservation (keep existing external handle via DNS/HTTP verification or create new PDS-subdomain handle).
···
5
### Storage backend abstraction
6
Make storage layers swappable via traits.
7
8
sqlite database backend
9
- [ ] abstract db layer behind trait (queries, transactions, migrations)
10
- [ ] sqlite implementation matching postgres behavior
···
13
- [ ] testing: run full test suite against both backends
14
- [ ] config option to choose backend (postgres vs sqlite)
15
- [ ] document tradeoffs (sqlite for single-user/small, postgres for multi-user/scale)
16
+
17
+
- [ ] skip sqlite and just straight-up do our own db?!
18
19
### Plugin system
20
WASM component model plugins. Compile to wasm32-wasip2, sandboxed via wasmtime, capability-gated. Based on zed's extensions.
···
126
- [ ] on_access_grant_request for custom authorization
127
- [ ] on_key_rotation to notify interested parties
128
+10
-10
crates/tranquil-auth/src/lib.rs
+10
-10
crates/tranquil-auth/src/lib.rs
···
4
mod verify;
5
6
pub use token::{
7
-
SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED, SCOPE_REFRESH, TOKEN_TYPE_ACCESS,
8
-
TOKEN_TYPE_REFRESH, TOKEN_TYPE_SERVICE, create_access_token, create_access_token_hs256,
9
-
create_access_token_hs256_with_metadata, create_access_token_with_delegation,
10
-
create_access_token_with_metadata, create_access_token_with_scope_metadata,
11
-
create_refresh_token, create_refresh_token_hs256, create_refresh_token_hs256_with_metadata,
12
-
create_refresh_token_with_metadata, create_service_token, create_service_token_hs256,
13
};
14
15
pub use totp::{
16
-
decrypt_totp_secret, encrypt_totp_secret, generate_backup_codes, generate_qr_png_base64,
17
-
generate_totp_secret, generate_totp_uri, hash_backup_code, is_backup_code_format,
18
-
verify_backup_code, verify_totp_code,
19
};
20
21
pub use types::{
22
-
ActClaim, Claims, Header, TokenData, TokenVerifyError, TokenWithMetadata, UnsafeClaims,
23
};
24
25
pub use verify::{
···
4
mod verify;
5
6
pub use token::{
7
+
create_access_token, create_access_token_hs256, create_access_token_hs256_with_metadata,
8
+
create_access_token_with_delegation, create_access_token_with_metadata,
9
+
create_access_token_with_scope_metadata, create_refresh_token, create_refresh_token_hs256,
10
+
create_refresh_token_hs256_with_metadata, create_refresh_token_with_metadata,
11
+
create_service_token, create_service_token_hs256,
12
};
13
14
pub use totp::{
15
+
TotpError, decrypt_totp_secret, encrypt_totp_secret, generate_backup_codes,
16
+
generate_qr_png_base64, generate_totp_secret, generate_totp_uri, hash_backup_code,
17
+
is_backup_code_format, verify_backup_code, verify_totp_code,
18
};
19
20
pub use types::{
21
+
ActClaim, Claims, Header, SigningAlgorithm, TokenData, TokenDecodeError, TokenScope, TokenType,
22
+
TokenVerifyError, TokenWithMetadata, UnsafeClaims,
23
};
24
25
pub use verify::{
+32
-38
crates/tranquil-auth/src/token.rs
+32
-38
crates/tranquil-auth/src/token.rs
···
1
-
use super::types::{ActClaim, Claims, Header, TokenWithMetadata};
2
use anyhow::Result;
3
use base64::Engine as _;
4
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
···
9
10
type HmacSha256 = Hmac<Sha256>;
11
12
-
pub const TOKEN_TYPE_ACCESS: &str = "at+jwt";
13
-
pub const TOKEN_TYPE_REFRESH: &str = "refresh+jwt";
14
-
pub const TOKEN_TYPE_SERVICE: &str = "jwt";
15
-
pub const SCOPE_ACCESS: &str = "com.atproto.access";
16
-
pub const SCOPE_REFRESH: &str = "com.atproto.refresh";
17
-
pub const SCOPE_APP_PASS: &str = "com.atproto.appPass";
18
-
pub const SCOPE_APP_PASS_PRIVILEGED: &str = "com.atproto.appPassPrivileged";
19
-
20
pub fn create_access_token(did: &str, key_bytes: &[u8]) -> Result<String> {
21
Ok(create_access_token_with_metadata(did, key_bytes)?.token)
22
}
···
35
scopes: Option<&str>,
36
hostname: Option<&str>,
37
) -> Result<TokenWithMetadata> {
38
-
let scope = scopes.unwrap_or(SCOPE_ACCESS);
39
create_signed_token_with_metadata(
40
did,
41
scope,
42
-
TOKEN_TYPE_ACCESS,
43
key_bytes,
44
Duration::minutes(15),
45
hostname,
···
53
controller_did: Option<&str>,
54
hostname: Option<&str>,
55
) -> Result<TokenWithMetadata> {
56
-
let scope = scopes.unwrap_or(SCOPE_ACCESS);
57
let act = controller_did.map(|c| ActClaim { sub: c.to_string() });
58
create_signed_token_with_act(
59
did,
60
scope,
61
-
TOKEN_TYPE_ACCESS,
62
key_bytes,
63
Duration::minutes(15),
64
act,
···
72
) -> Result<TokenWithMetadata> {
73
create_signed_token_with_metadata(
74
did,
75
-
SCOPE_REFRESH,
76
-
TOKEN_TYPE_REFRESH,
77
key_bytes,
78
Duration::days(14),
79
None,
···
92
iss: did.to_owned(),
93
sub: did.to_owned(),
94
aud: aud.to_owned(),
95
-
exp: expiration as usize,
96
-
iat: Utc::now().timestamp() as usize,
97
scope: None,
98
lxm: Some(lxm.to_string()),
99
jti: uuid::Uuid::new_v4().to_string(),
···
106
fn create_signed_token_with_metadata(
107
did: &str,
108
scope: &str,
109
-
typ: &str,
110
key_bytes: &[u8],
111
duration: Duration,
112
hostname: Option<&str>,
···
117
fn create_signed_token_with_act(
118
did: &str,
119
scope: &str,
120
-
typ: &str,
121
key_bytes: &[u8],
122
duration: Duration,
123
act: Option<ActClaim>,
···
140
iss: did.to_owned(),
141
sub: did.to_owned(),
142
aud: format!("did:web:{}", aud_hostname),
143
-
exp: expiration as usize,
144
-
iat: Utc::now().timestamp() as usize,
145
scope: Some(scope.to_string()),
146
lxm: None,
147
jti: jti.clone(),
···
158
}
159
160
fn sign_claims(claims: Claims, key: &SigningKey) -> Result<String> {
161
-
sign_claims_with_type(claims, key, TOKEN_TYPE_SERVICE)
162
}
163
164
-
fn sign_claims_with_type(claims: Claims, key: &SigningKey, typ: &str) -> Result<String> {
165
let header = Header {
166
-
alg: "ES256K".to_string(),
167
-
typ: typ.to_string(),
168
};
169
170
let header_json = serde_json::to_string(&header)?;
···
194
) -> Result<TokenWithMetadata> {
195
create_hs256_token_with_metadata(
196
did,
197
-
SCOPE_ACCESS,
198
-
TOKEN_TYPE_ACCESS,
199
secret,
200
Duration::minutes(15),
201
)
···
207
) -> Result<TokenWithMetadata> {
208
create_hs256_token_with_metadata(
209
did,
210
-
SCOPE_REFRESH,
211
-
TOKEN_TYPE_REFRESH,
212
secret,
213
Duration::days(14),
214
)
···
229
iss: did.to_owned(),
230
sub: did.to_owned(),
231
aud: aud.to_owned(),
232
-
exp: expiration as usize,
233
-
iat: Utc::now().timestamp() as usize,
234
scope: None,
235
lxm: Some(lxm.to_string()),
236
jti: uuid::Uuid::new_v4().to_string(),
237
act: None,
238
};
239
240
-
sign_claims_hs256(claims, TOKEN_TYPE_SERVICE, secret)
241
}
242
243
fn create_hs256_token_with_metadata(
244
did: &str,
245
scope: &str,
246
-
typ: &str,
247
secret: &[u8],
248
duration: Duration,
249
) -> Result<TokenWithMetadata> {
···
261
"did:web:{}",
262
std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string())
263
),
264
-
exp: expiration as usize,
265
-
iat: Utc::now().timestamp() as usize,
266
scope: Some(scope.to_string()),
267
lxm: None,
268
jti: jti.clone(),
···
278
})
279
}
280
281
-
fn sign_claims_hs256(claims: Claims, typ: &str, secret: &[u8]) -> Result<String> {
282
let header = Header {
283
-
alg: "HS256".to_string(),
284
-
typ: typ.to_string(),
285
};
286
287
let header_json = serde_json::to_string(&header)?;
···
1
+
use super::types::{
2
+
ActClaim, Claims, Header, SigningAlgorithm, TokenScope, TokenType, TokenWithMetadata,
3
+
};
4
use anyhow::Result;
5
use base64::Engine as _;
6
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
···
11
12
type HmacSha256 = Hmac<Sha256>;
13
14
pub fn create_access_token(did: &str, key_bytes: &[u8]) -> Result<String> {
15
Ok(create_access_token_with_metadata(did, key_bytes)?.token)
16
}
···
29
scopes: Option<&str>,
30
hostname: Option<&str>,
31
) -> Result<TokenWithMetadata> {
32
+
let scope = scopes.unwrap_or(TokenScope::Access.as_str());
33
create_signed_token_with_metadata(
34
did,
35
scope,
36
+
TokenType::Access,
37
key_bytes,
38
Duration::minutes(15),
39
hostname,
···
47
controller_did: Option<&str>,
48
hostname: Option<&str>,
49
) -> Result<TokenWithMetadata> {
50
+
let scope = scopes.unwrap_or(TokenScope::Access.as_str());
51
let act = controller_did.map(|c| ActClaim { sub: c.to_string() });
52
create_signed_token_with_act(
53
did,
54
scope,
55
+
TokenType::Access,
56
key_bytes,
57
Duration::minutes(15),
58
act,
···
66
) -> Result<TokenWithMetadata> {
67
create_signed_token_with_metadata(
68
did,
69
+
TokenScope::Refresh.as_str(),
70
+
TokenType::Refresh,
71
key_bytes,
72
Duration::days(14),
73
None,
···
86
iss: did.to_owned(),
87
sub: did.to_owned(),
88
aud: aud.to_owned(),
89
+
exp: expiration,
90
+
iat: Utc::now().timestamp(),
91
scope: None,
92
lxm: Some(lxm.to_string()),
93
jti: uuid::Uuid::new_v4().to_string(),
···
100
fn create_signed_token_with_metadata(
101
did: &str,
102
scope: &str,
103
+
typ: TokenType,
104
key_bytes: &[u8],
105
duration: Duration,
106
hostname: Option<&str>,
···
111
fn create_signed_token_with_act(
112
did: &str,
113
scope: &str,
114
+
typ: TokenType,
115
key_bytes: &[u8],
116
duration: Duration,
117
act: Option<ActClaim>,
···
134
iss: did.to_owned(),
135
sub: did.to_owned(),
136
aud: format!("did:web:{}", aud_hostname),
137
+
exp: expiration,
138
+
iat: Utc::now().timestamp(),
139
scope: Some(scope.to_string()),
140
lxm: None,
141
jti: jti.clone(),
···
152
}
153
154
fn sign_claims(claims: Claims, key: &SigningKey) -> Result<String> {
155
+
sign_claims_with_type(claims, key, TokenType::Service)
156
}
157
158
+
fn sign_claims_with_type(claims: Claims, key: &SigningKey, typ: TokenType) -> Result<String> {
159
let header = Header {
160
+
alg: SigningAlgorithm::ES256K,
161
+
typ,
162
};
163
164
let header_json = serde_json::to_string(&header)?;
···
188
) -> Result<TokenWithMetadata> {
189
create_hs256_token_with_metadata(
190
did,
191
+
TokenScope::Access.as_str(),
192
+
TokenType::Access,
193
secret,
194
Duration::minutes(15),
195
)
···
201
) -> Result<TokenWithMetadata> {
202
create_hs256_token_with_metadata(
203
did,
204
+
TokenScope::Refresh.as_str(),
205
+
TokenType::Refresh,
206
secret,
207
Duration::days(14),
208
)
···
223
iss: did.to_owned(),
224
sub: did.to_owned(),
225
aud: aud.to_owned(),
226
+
exp: expiration,
227
+
iat: Utc::now().timestamp(),
228
scope: None,
229
lxm: Some(lxm.to_string()),
230
jti: uuid::Uuid::new_v4().to_string(),
231
act: None,
232
};
233
234
+
sign_claims_hs256(claims, TokenType::Service, secret)
235
}
236
237
fn create_hs256_token_with_metadata(
238
did: &str,
239
scope: &str,
240
+
typ: TokenType,
241
secret: &[u8],
242
duration: Duration,
243
) -> Result<TokenWithMetadata> {
···
255
"did:web:{}",
256
std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string())
257
),
258
+
exp: expiration,
259
+
iat: Utc::now().timestamp(),
260
scope: Some(scope.to_string()),
261
lxm: None,
262
jti: jti.clone(),
···
272
})
273
}
274
275
+
fn sign_claims_hs256(claims: Claims, typ: TokenType, secret: &[u8]) -> Result<String> {
276
let header = Header {
277
+
alg: SigningAlgorithm::HS256,
278
+
typ,
279
};
280
281
let header_json = serde_json::to_string(&header)?;
+29
-9
crates/tranquil-auth/src/totp.rs
+29
-9
crates/tranquil-auth/src/totp.rs
···
1
use base32::Alphabet;
2
-
use rand::RngCore;
3
use subtle::ConstantTimeEq;
4
use totp_rs::{Algorithm, TOTP};
5
6
const TOTP_DIGITS: usize = 6;
7
const TOTP_STEP: u64 = 30;
8
const TOTP_SECRET_LENGTH: usize = 20;
9
10
pub fn generate_totp_secret() -> Vec<u8> {
11
let mut secret = vec![0u8; TOTP_SECRET_LENGTH];
12
rand::thread_rng().fill_bytes(&mut secret);
···
31
secret: Vec<u8>,
32
issuer: Option<String>,
33
account_name: String,
34
-
) -> Result<TOTP, String> {
35
TOTP::new(
36
Algorithm::SHA1,
37
TOTP_DIGITS,
···
41
issuer,
42
account_name,
43
)
44
-
.map_err(|e| format!("Failed to create TOTP: {}", e))
45
}
46
47
pub fn verify_totp_code(secret: &[u8], code: &str) -> bool {
···
60
.unwrap_or(0);
61
62
[-1i64, 0, 1].iter().any(|&offset| {
63
-
let time = (now as i64 + offset * TOTP_STEP as i64) as u64;
64
let expected = totp.generate(time);
65
let is_valid: bool = code.as_bytes().ct_eq(expected.as_bytes()).into();
66
is_valid
···
84
secret: &[u8],
85
account_name: &str,
86
issuer: &str,
87
-
) -> Result<String, String> {
88
use base64::{Engine, engine::general_purpose::STANDARD};
89
90
let totp = create_totp(
···
95
96
let qr_png = totp
97
.get_qr_png()
98
-
.map_err(|e| format!("Failed to generate QR code: {}", e))?;
99
100
Ok(STANDARD.encode(qr_png))
101
}
···
112
(0..BACKUP_CODE_COUNT).for_each(|_| {
113
let code: String = (0..BACKUP_CODE_LENGTH)
114
.map(|_| {
115
-
let idx = (rng.next_u32() as usize) % BACKUP_CODE_ALPHABET.len();
116
BACKUP_CODE_ALPHABET[idx] as char
117
})
118
.collect();
···
122
codes
123
}
124
125
-
pub fn hash_backup_code(code: &str) -> Result<String, String> {
126
-
bcrypt::hash(code, BACKUP_CODE_BCRYPT_COST).map_err(|e| format!("Failed to hash code: {}", e))
127
}
128
129
pub fn verify_backup_code(code: &str, hash: &str) -> bool {
···
1
use base32::Alphabet;
2
+
use rand::{Rng, RngCore};
3
use subtle::ConstantTimeEq;
4
use totp_rs::{Algorithm, TOTP};
5
6
const TOTP_DIGITS: usize = 6;
7
const TOTP_STEP: u64 = 30;
8
+
const TOTP_STEP_SIGNED: i64 = TOTP_STEP as i64;
9
const TOTP_SECRET_LENGTH: usize = 20;
10
11
+
#[derive(Debug)]
12
+
pub enum TotpError {
13
+
CreationFailed(String),
14
+
QrGenerationFailed(String),
15
+
HashFailed(String),
16
+
}
17
+
18
+
impl std::fmt::Display for TotpError {
19
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
20
+
match self {
21
+
Self::CreationFailed(e) => write!(f, "TOTP creation failed: {}", e),
22
+
Self::QrGenerationFailed(e) => write!(f, "QR generation failed: {}", e),
23
+
Self::HashFailed(e) => write!(f, "Hash failed: {}", e),
24
+
}
25
+
}
26
+
}
27
+
28
+
impl std::error::Error for TotpError {}
29
+
30
pub fn generate_totp_secret() -> Vec<u8> {
31
let mut secret = vec![0u8; TOTP_SECRET_LENGTH];
32
rand::thread_rng().fill_bytes(&mut secret);
···
51
secret: Vec<u8>,
52
issuer: Option<String>,
53
account_name: String,
54
+
) -> Result<TOTP, TotpError> {
55
TOTP::new(
56
Algorithm::SHA1,
57
TOTP_DIGITS,
···
61
issuer,
62
account_name,
63
)
64
+
.map_err(|e| TotpError::CreationFailed(e.to_string()))
65
}
66
67
pub fn verify_totp_code(secret: &[u8], code: &str) -> bool {
···
80
.unwrap_or(0);
81
82
[-1i64, 0, 1].iter().any(|&offset| {
83
+
let time = now.wrapping_add_signed(offset * TOTP_STEP_SIGNED);
84
let expected = totp.generate(time);
85
let is_valid: bool = code.as_bytes().ct_eq(expected.as_bytes()).into();
86
is_valid
···
104
secret: &[u8],
105
account_name: &str,
106
issuer: &str,
107
+
) -> Result<String, TotpError> {
108
use base64::{Engine, engine::general_purpose::STANDARD};
109
110
let totp = create_totp(
···
115
116
let qr_png = totp
117
.get_qr_png()
118
+
.map_err(|e| TotpError::QrGenerationFailed(e.to_string()))?;
119
120
Ok(STANDARD.encode(qr_png))
121
}
···
132
(0..BACKUP_CODE_COUNT).for_each(|_| {
133
let code: String = (0..BACKUP_CODE_LENGTH)
134
.map(|_| {
135
+
let idx = rng.gen_range(0..BACKUP_CODE_ALPHABET.len());
136
BACKUP_CODE_ALPHABET[idx] as char
137
})
138
.collect();
···
142
codes
143
}
144
145
+
pub fn hash_backup_code(code: &str) -> Result<String, TotpError> {
146
+
bcrypt::hash(code, BACKUP_CODE_BCRYPT_COST).map_err(|e| TotpError::HashFailed(e.to_string()))
147
}
148
149
pub fn verify_backup_code(code: &str, hash: &str) -> bool {
+202
-5
crates/tranquil-auth/src/types.rs
+202
-5
crates/tranquil-auth/src/types.rs
···
1
use chrono::{DateTime, Utc};
2
-
use serde::{Deserialize, Serialize};
3
use std::fmt;
4
5
#[derive(Debug, Clone, Serialize, Deserialize)]
6
pub struct ActClaim {
···
12
pub iss: String,
13
pub sub: String,
14
pub aud: String,
15
-
pub exp: usize,
16
-
pub iat: usize,
17
#[serde(skip_serializing_if = "Option::is_none")]
18
pub scope: Option<String>,
19
#[serde(skip_serializing_if = "Option::is_none")]
···
25
26
#[derive(Debug, Serialize, Deserialize)]
27
pub struct Header {
28
-
pub alg: String,
29
-
pub typ: String,
30
}
31
32
#[derive(Debug, Serialize, Deserialize)]
···
1
use chrono::{DateTime, Utc};
2
+
use serde::{Deserialize, Serialize, de, ser};
3
use std::fmt;
4
+
use std::str::FromStr;
5
+
6
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
7
+
pub enum TokenType {
8
+
Access,
9
+
Refresh,
10
+
Service,
11
+
}
12
+
13
+
impl TokenType {
14
+
pub fn as_str(&self) -> &'static str {
15
+
match self {
16
+
Self::Access => "at+jwt",
17
+
Self::Refresh => "refresh+jwt",
18
+
Self::Service => "jwt",
19
+
}
20
+
}
21
+
}
22
+
23
+
impl fmt::Display for TokenType {
24
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
25
+
f.write_str(self.as_str())
26
+
}
27
+
}
28
+
29
+
impl FromStr for TokenType {
30
+
type Err = TokenTypeParseError;
31
+
32
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
33
+
match s {
34
+
"at+jwt" => Ok(Self::Access),
35
+
"refresh+jwt" => Ok(Self::Refresh),
36
+
"jwt" => Ok(Self::Service),
37
+
_ => Err(TokenTypeParseError(s.to_string())),
38
+
}
39
+
}
40
+
}
41
+
42
+
#[derive(Debug, Clone)]
43
+
pub struct TokenTypeParseError(pub String);
44
+
45
+
impl fmt::Display for TokenTypeParseError {
46
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
47
+
write!(f, "unknown token type: {}", self.0)
48
+
}
49
+
}
50
+
51
+
impl std::error::Error for TokenTypeParseError {}
52
+
53
+
impl Serialize for TokenType {
54
+
fn serialize<S: ser::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
55
+
serializer.serialize_str(self.as_str())
56
+
}
57
+
}
58
+
59
+
impl<'de> Deserialize<'de> for TokenType {
60
+
fn deserialize<D: de::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
61
+
let s = String::deserialize(deserializer)?;
62
+
Self::from_str(&s).map_err(de::Error::custom)
63
+
}
64
+
}
65
+
66
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
67
+
pub enum SigningAlgorithm {
68
+
ES256K,
69
+
HS256,
70
+
}
71
+
72
+
impl SigningAlgorithm {
73
+
pub fn as_str(&self) -> &'static str {
74
+
match self {
75
+
Self::ES256K => "ES256K",
76
+
Self::HS256 => "HS256",
77
+
}
78
+
}
79
+
}
80
+
81
+
impl fmt::Display for SigningAlgorithm {
82
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
83
+
f.write_str(self.as_str())
84
+
}
85
+
}
86
+
87
+
impl FromStr for SigningAlgorithm {
88
+
type Err = SigningAlgorithmParseError;
89
+
90
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
91
+
match s {
92
+
"ES256K" => Ok(Self::ES256K),
93
+
"HS256" => Ok(Self::HS256),
94
+
_ => Err(SigningAlgorithmParseError(s.to_string())),
95
+
}
96
+
}
97
+
}
98
+
99
+
#[derive(Debug, Clone)]
100
+
pub struct SigningAlgorithmParseError(pub String);
101
+
102
+
impl fmt::Display for SigningAlgorithmParseError {
103
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
104
+
write!(f, "unknown signing algorithm: {}", self.0)
105
+
}
106
+
}
107
+
108
+
impl std::error::Error for SigningAlgorithmParseError {}
109
+
110
+
impl Serialize for SigningAlgorithm {
111
+
fn serialize<S: ser::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
112
+
serializer.serialize_str(self.as_str())
113
+
}
114
+
}
115
+
116
+
impl<'de> Deserialize<'de> for SigningAlgorithm {
117
+
fn deserialize<D: de::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
118
+
let s = String::deserialize(deserializer)?;
119
+
Self::from_str(&s).map_err(de::Error::custom)
120
+
}
121
+
}
122
+
123
+
#[derive(Debug, Clone, PartialEq, Eq)]
124
+
pub enum TokenScope {
125
+
Access,
126
+
Refresh,
127
+
AppPass,
128
+
AppPassPrivileged,
129
+
Custom(String),
130
+
}
131
+
132
+
impl TokenScope {
133
+
pub fn as_str(&self) -> &str {
134
+
match self {
135
+
Self::Access => "com.atproto.access",
136
+
Self::Refresh => "com.atproto.refresh",
137
+
Self::AppPass => "com.atproto.appPass",
138
+
Self::AppPassPrivileged => "com.atproto.appPassPrivileged",
139
+
Self::Custom(s) => s,
140
+
}
141
+
}
142
+
143
+
pub fn is_access_like(&self) -> bool {
144
+
matches!(self, Self::Access | Self::AppPass | Self::AppPassPrivileged)
145
+
}
146
+
}
147
+
148
+
impl fmt::Display for TokenScope {
149
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
150
+
f.write_str(self.as_str())
151
+
}
152
+
}
153
+
154
+
impl FromStr for TokenScope {
155
+
type Err = std::convert::Infallible;
156
+
157
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
158
+
Ok(match s {
159
+
"com.atproto.access" => Self::Access,
160
+
"com.atproto.refresh" => Self::Refresh,
161
+
"com.atproto.appPass" => Self::AppPass,
162
+
"com.atproto.appPassPrivileged" => Self::AppPassPrivileged,
163
+
other => Self::Custom(other.to_string()),
164
+
})
165
+
}
166
+
}
167
+
168
+
impl Serialize for TokenScope {
169
+
fn serialize<S: ser::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
170
+
serializer.serialize_str(self.as_str())
171
+
}
172
+
}
173
+
174
+
impl<'de> Deserialize<'de> for TokenScope {
175
+
fn deserialize<D: de::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
176
+
let s = String::deserialize(deserializer)?;
177
+
Ok(Self::from_str(&s).unwrap_or_else(|e| match e {}))
178
+
}
179
+
}
180
+
181
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
182
+
pub enum TokenDecodeError {
183
+
InvalidFormat,
184
+
Base64DecodeFailed,
185
+
JsonDecodeFailed,
186
+
MissingClaim,
187
+
}
188
+
189
+
impl fmt::Display for TokenDecodeError {
190
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
191
+
match self {
192
+
Self::InvalidFormat => write!(f, "Invalid token format"),
193
+
Self::Base64DecodeFailed => write!(f, "Base64 decode failed"),
194
+
Self::JsonDecodeFailed => write!(f, "JSON decode failed"),
195
+
Self::MissingClaim => write!(f, "Missing required claim"),
196
+
}
197
+
}
198
+
}
199
+
200
+
impl std::error::Error for TokenDecodeError {}
201
202
#[derive(Debug, Clone, Serialize, Deserialize)]
203
pub struct ActClaim {
···
209
pub iss: String,
210
pub sub: String,
211
pub aud: String,
212
+
pub exp: i64,
213
+
pub iat: i64,
214
#[serde(skip_serializing_if = "Option::is_none")]
215
pub scope: Option<String>,
216
#[serde(skip_serializing_if = "Option::is_none")]
···
222
223
#[derive(Debug, Serialize, Deserialize)]
224
pub struct Header {
225
+
pub alg: SigningAlgorithm,
226
+
pub typ: TokenType,
227
}
228
229
#[derive(Debug, Serialize, Deserialize)]
+61
-39
crates/tranquil-auth/src/verify.rs
+61
-39
crates/tranquil-auth/src/verify.rs
···
1
-
use super::token::{
2
-
SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED, SCOPE_REFRESH, TOKEN_TYPE_ACCESS,
3
-
TOKEN_TYPE_REFRESH,
4
};
5
-
use super::types::{Claims, Header, TokenData, TokenVerifyError, UnsafeClaims};
6
use anyhow::{Context, Result, anyhow};
7
use base64::Engine as _;
8
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
···
14
15
type HmacSha256 = Hmac<Sha256>;
16
17
-
pub fn get_did_from_token(token: &str) -> Result<String, String> {
18
let parts: Vec<&str> = token.split('.').collect();
19
if parts.len() != 3 {
20
-
return Err("Invalid token format".to_string());
21
}
22
23
let payload_bytes = URL_SAFE_NO_PAD
24
.decode(parts[1])
25
-
.map_err(|e| format!("Base64 decode failed: {}", e))?;
26
27
let claims: UnsafeClaims =
28
-
serde_json::from_slice(&payload_bytes).map_err(|e| format!("JSON decode failed: {}", e))?;
29
30
Ok(claims.sub.unwrap_or(claims.iss))
31
}
32
33
-
pub fn get_jti_from_token(token: &str) -> Result<String, String> {
34
let parts: Vec<&str> = token.split('.').collect();
35
if parts.len() != 3 {
36
-
return Err("Invalid token format".to_string());
37
}
38
39
let payload_bytes = URL_SAFE_NO_PAD
40
.decode(parts[1])
41
-
.map_err(|e| format!("Base64 decode failed: {}", e))?;
42
43
let claims: serde_json::Value =
44
-
serde_json::from_slice(&payload_bytes).map_err(|e| format!("JSON decode failed: {}", e))?;
45
46
claims
47
.get("jti")
48
.and_then(|j| j.as_str())
49
.map(|s| s.to_string())
50
-
.ok_or_else(|| "No jti claim in token".to_string())
51
}
52
53
-
pub fn get_algorithm_from_token(token: &str) -> Result<String, String> {
54
let parts: Vec<&str> = token.split('.').collect();
55
if parts.len() != 3 {
56
-
return Err("Invalid token format".to_string());
57
}
58
59
let header_bytes = URL_SAFE_NO_PAD
60
.decode(parts[0])
61
-
.map_err(|e| format!("Base64 decode failed: {}", e))?;
62
63
let header: Header =
64
-
serde_json::from_slice(&header_bytes).map_err(|e| format!("JSON decode failed: {}", e))?;
65
66
Ok(header.alg)
67
}
···
74
verify_token_internal(
75
token,
76
key_bytes,
77
-
Some(TOKEN_TYPE_ACCESS),
78
-
Some(&[SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED]),
79
)
80
}
81
···
83
verify_token_internal(
84
token,
85
key_bytes,
86
-
Some(TOKEN_TYPE_REFRESH),
87
-
Some(&[SCOPE_REFRESH]),
88
)
89
}
90
···
92
verify_token_hs256_internal(
93
token,
94
secret,
95
-
Some(TOKEN_TYPE_ACCESS),
96
-
Some(&[SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED]),
97
)
98
}
99
···
101
verify_token_hs256_internal(
102
token,
103
secret,
104
-
Some(TOKEN_TYPE_REFRESH),
105
-
Some(&[SCOPE_REFRESH]),
106
)
107
}
108
109
fn verify_token_internal(
110
token: &str,
111
key_bytes: &[u8],
112
-
expected_typ: Option<&str>,
113
-
allowed_scopes: Option<&[&str]>,
114
) -> Result<TokenData<Claims>> {
115
let parts: Vec<&str> = token.split('.').collect();
116
if parts.len() != 3 {
···
160
let claims: Claims =
161
serde_json::from_slice(&claims_bytes).context("JSON decode of claims failed")?;
162
163
-
let now = Utc::now().timestamp() as usize;
164
if claims.exp < now {
165
return Err(anyhow!("Token expired"));
166
}
167
168
if let Some(scopes) = allowed_scopes {
169
-
let token_scope = claims.scope.as_deref().unwrap_or("");
170
if !scopes.contains(&token_scope) {
171
return Err(anyhow!("Invalid token scope: {}", token_scope));
172
}
···
178
fn verify_token_hs256_internal(
179
token: &str,
180
secret: &[u8],
181
-
expected_typ: Option<&str>,
182
-
allowed_scopes: Option<&[&str]>,
183
) -> Result<TokenData<Claims>> {
184
let parts: Vec<&str> = token.split('.').collect();
185
if parts.len() != 3 {
···
197
let header: Header =
198
serde_json::from_slice(&header_bytes).context("JSON decode of header failed")?;
199
200
-
if header.alg != "HS256" {
201
return Err(anyhow!("Expected HS256 algorithm, got {}", header.alg));
202
}
203
···
235
let claims: Claims =
236
serde_json::from_slice(&claims_bytes).context("JSON decode of claims failed")?;
237
238
-
let now = Utc::now().timestamp() as usize;
239
if claims.exp < now {
240
return Err(anyhow!("Token expired"));
241
}
242
243
if let Some(scopes) = allowed_scopes {
244
-
let token_scope = claims.scope.as_deref().unwrap_or("");
245
if !scopes.contains(&token_scope) {
246
return Err(anyhow!("Invalid token scope: {}", token_scope));
247
}
···
254
token: &str,
255
key_bytes: &[u8],
256
) -> Result<TokenData<Claims>, TokenVerifyError> {
257
-
verify_token_typed_internal(token, key_bytes, Some(TOKEN_TYPE_ACCESS), None)
258
}
259
260
fn verify_token_typed_internal(
261
token: &str,
262
key_bytes: &[u8],
263
-
expected_typ: Option<&str>,
264
-
allowed_scopes: Option<&[&str]>,
265
) -> Result<TokenData<Claims>, TokenVerifyError> {
266
let parts: Vec<&str> = token.split('.').collect();
267
if parts.len() != 3 {
···
315
return Err(TokenVerifyError::Invalid);
316
};
317
318
-
let now = Utc::now().timestamp() as usize;
319
if claims.exp < now {
320
return Err(TokenVerifyError::Expired);
321
}
322
323
if let Some(scopes) = allowed_scopes {
324
-
let token_scope = claims.scope.as_deref().unwrap_or("");
325
if !scopes.contains(&token_scope) {
326
return Err(TokenVerifyError::Invalid);
327
}
···
1
+
use super::types::{
2
+
Claims, Header, SigningAlgorithm, TokenData, TokenDecodeError, TokenScope, TokenType,
3
+
TokenVerifyError, UnsafeClaims,
4
};
5
use anyhow::{Context, Result, anyhow};
6
use base64::Engine as _;
7
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
···
13
14
type HmacSha256 = Hmac<Sha256>;
15
16
+
pub fn get_did_from_token(token: &str) -> Result<String, TokenDecodeError> {
17
let parts: Vec<&str> = token.split('.').collect();
18
if parts.len() != 3 {
19
+
return Err(TokenDecodeError::InvalidFormat);
20
}
21
22
let payload_bytes = URL_SAFE_NO_PAD
23
.decode(parts[1])
24
+
.map_err(|_| TokenDecodeError::Base64DecodeFailed)?;
25
26
let claims: UnsafeClaims =
27
+
serde_json::from_slice(&payload_bytes).map_err(|_| TokenDecodeError::JsonDecodeFailed)?;
28
29
Ok(claims.sub.unwrap_or(claims.iss))
30
}
31
32
+
pub fn get_jti_from_token(token: &str) -> Result<String, TokenDecodeError> {
33
let parts: Vec<&str> = token.split('.').collect();
34
if parts.len() != 3 {
35
+
return Err(TokenDecodeError::InvalidFormat);
36
}
37
38
let payload_bytes = URL_SAFE_NO_PAD
39
.decode(parts[1])
40
+
.map_err(|_| TokenDecodeError::Base64DecodeFailed)?;
41
42
let claims: serde_json::Value =
43
+
serde_json::from_slice(&payload_bytes).map_err(|_| TokenDecodeError::JsonDecodeFailed)?;
44
45
claims
46
.get("jti")
47
.and_then(|j| j.as_str())
48
.map(|s| s.to_string())
49
+
.ok_or(TokenDecodeError::MissingClaim)
50
}
51
52
+
pub fn get_algorithm_from_token(token: &str) -> Result<SigningAlgorithm, TokenDecodeError> {
53
let parts: Vec<&str> = token.split('.').collect();
54
if parts.len() != 3 {
55
+
return Err(TokenDecodeError::InvalidFormat);
56
}
57
58
let header_bytes = URL_SAFE_NO_PAD
59
.decode(parts[0])
60
+
.map_err(|_| TokenDecodeError::Base64DecodeFailed)?;
61
62
let header: Header =
63
+
serde_json::from_slice(&header_bytes).map_err(|_| TokenDecodeError::JsonDecodeFailed)?;
64
65
Ok(header.alg)
66
}
···
73
verify_token_internal(
74
token,
75
key_bytes,
76
+
Some(TokenType::Access),
77
+
Some(&[
78
+
TokenScope::Access,
79
+
TokenScope::AppPass,
80
+
TokenScope::AppPassPrivileged,
81
+
]),
82
)
83
}
84
···
86
verify_token_internal(
87
token,
88
key_bytes,
89
+
Some(TokenType::Refresh),
90
+
Some(&[TokenScope::Refresh]),
91
)
92
}
93
···
95
verify_token_hs256_internal(
96
token,
97
secret,
98
+
Some(TokenType::Access),
99
+
Some(&[
100
+
TokenScope::Access,
101
+
TokenScope::AppPass,
102
+
TokenScope::AppPassPrivileged,
103
+
]),
104
)
105
}
106
···
108
verify_token_hs256_internal(
109
token,
110
secret,
111
+
Some(TokenType::Refresh),
112
+
Some(&[TokenScope::Refresh]),
113
)
114
}
115
116
fn verify_token_internal(
117
token: &str,
118
key_bytes: &[u8],
119
+
expected_typ: Option<TokenType>,
120
+
allowed_scopes: Option<&[TokenScope]>,
121
) -> Result<TokenData<Claims>> {
122
let parts: Vec<&str> = token.split('.').collect();
123
if parts.len() != 3 {
···
167
let claims: Claims =
168
serde_json::from_slice(&claims_bytes).context("JSON decode of claims failed")?;
169
170
+
let now = Utc::now().timestamp();
171
if claims.exp < now {
172
return Err(anyhow!("Token expired"));
173
}
174
175
if let Some(scopes) = allowed_scopes {
176
+
let token_scope: TokenScope = claims
177
+
.scope
178
+
.as_deref()
179
+
.unwrap_or("")
180
+
.parse()
181
+
.unwrap_or_else(|e| match e {});
182
if !scopes.contains(&token_scope) {
183
return Err(anyhow!("Invalid token scope: {}", token_scope));
184
}
···
190
fn verify_token_hs256_internal(
191
token: &str,
192
secret: &[u8],
193
+
expected_typ: Option<TokenType>,
194
+
allowed_scopes: Option<&[TokenScope]>,
195
) -> Result<TokenData<Claims>> {
196
let parts: Vec<&str> = token.split('.').collect();
197
if parts.len() != 3 {
···
209
let header: Header =
210
serde_json::from_slice(&header_bytes).context("JSON decode of header failed")?;
211
212
+
if header.alg != SigningAlgorithm::HS256 {
213
return Err(anyhow!("Expected HS256 algorithm, got {}", header.alg));
214
}
215
···
247
let claims: Claims =
248
serde_json::from_slice(&claims_bytes).context("JSON decode of claims failed")?;
249
250
+
let now = Utc::now().timestamp();
251
if claims.exp < now {
252
return Err(anyhow!("Token expired"));
253
}
254
255
if let Some(scopes) = allowed_scopes {
256
+
let token_scope: TokenScope = claims
257
+
.scope
258
+
.as_deref()
259
+
.unwrap_or("")
260
+
.parse()
261
+
.unwrap_or_else(|e| match e {});
262
if !scopes.contains(&token_scope) {
263
return Err(anyhow!("Invalid token scope: {}", token_scope));
264
}
···
271
token: &str,
272
key_bytes: &[u8],
273
) -> Result<TokenData<Claims>, TokenVerifyError> {
274
+
verify_token_typed_internal(token, key_bytes, Some(TokenType::Access), None)
275
}
276
277
fn verify_token_typed_internal(
278
token: &str,
279
key_bytes: &[u8],
280
+
expected_typ: Option<TokenType>,
281
+
allowed_scopes: Option<&[TokenScope]>,
282
) -> Result<TokenData<Claims>, TokenVerifyError> {
283
let parts: Vec<&str> = token.split('.').collect();
284
if parts.len() != 3 {
···
332
return Err(TokenVerifyError::Invalid);
333
};
334
335
+
let now = Utc::now().timestamp();
336
if claims.exp < now {
337
return Err(TokenVerifyError::Expired);
338
}
339
340
if let Some(scopes) = allowed_scopes {
341
+
let token_scope: TokenScope = claims
342
+
.scope
343
+
.as_deref()
344
+
.unwrap_or("")
345
+
.parse()
346
+
.unwrap_or_else(|e| match e {});
347
if !scopes.contains(&token_scope) {
348
return Err(TokenVerifyError::Invalid);
349
}
+3
-3
crates/tranquil-cache/src/lib.rs
+3
-3
crates/tranquil-cache/src/lib.rs
···
48
.arg(key)
49
.arg(value)
50
.arg("PX")
51
-
.arg(ttl.as_millis().min(i64::MAX as u128) as i64)
52
.query_async::<()>(&mut conn)
53
.await
54
.map_err(|e| CacheError::Connection(e.to_string()))
···
94
async fn check_rate_limit(&self, key: &str, limit: u32, window_ms: u64) -> bool {
95
let mut conn = self.conn.clone();
96
let full_key = format!("rl:{}", key);
97
-
let window_secs = window_ms.div_ceil(1000).max(1) as i64;
98
let result: Result<i64, _> = redis::Script::new(
99
r"local c = redis.call('INCR', KEYS[1])
100
if c == 1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
···
106
.invoke_async(&mut conn)
107
.await;
108
match result {
109
-
Ok(count) => count <= limit as i64,
110
Err(e) => {
111
tracing::warn!(error = %e, "redis rate limit script failed, allowing request");
112
true
···
48
.arg(key)
49
.arg(value)
50
.arg("PX")
51
+
.arg(i64::try_from(ttl.as_millis()).unwrap_or(i64::MAX))
52
.query_async::<()>(&mut conn)
53
.await
54
.map_err(|e| CacheError::Connection(e.to_string()))
···
94
async fn check_rate_limit(&self, key: &str, limit: u32, window_ms: u64) -> bool {
95
let mut conn = self.conn.clone();
96
let full_key = format!("rl:{}", key);
97
+
let window_secs = i64::try_from(window_ms.div_ceil(1000).max(1)).unwrap_or(i64::MAX);
98
let result: Result<i64, _> = redis::Script::new(
99
r"local c = redis.call('INCR', KEYS[1])
100
if c == 1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
···
106
.invoke_async(&mut conn)
107
.await;
108
match result {
109
+
Ok(count) => count <= i64::from(limit),
110
Err(e) => {
111
tracing::warn!(error = %e, "redis rate limit script failed, allowing request");
112
true
+48
-1
crates/tranquil-db-traits/src/backlink.rs
+48
-1
crates/tranquil-db-traits/src/backlink.rs
···
1
+
use std::fmt;
2
+
use std::str::FromStr;
3
+
4
use async_trait::async_trait;
5
use tranquil_types::{AtUri, Nsid};
6
use uuid::Uuid;
7
8
use crate::DbError;
9
10
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
11
+
pub enum BacklinkPath {
12
+
Subject,
13
+
SubjectUri,
14
+
}
15
+
16
+
impl BacklinkPath {
17
+
pub fn as_str(&self) -> &'static str {
18
+
match self {
19
+
Self::Subject => "subject",
20
+
Self::SubjectUri => "subject.uri",
21
+
}
22
+
}
23
+
}
24
+
25
+
impl fmt::Display for BacklinkPath {
26
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
27
+
f.write_str(self.as_str())
28
+
}
29
+
}
30
+
31
+
#[derive(Debug, Clone)]
32
+
pub struct BacklinkPathParseError(String);
33
+
34
+
impl fmt::Display for BacklinkPathParseError {
35
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
36
+
write!(f, "unknown backlink path: {}", self.0)
37
+
}
38
+
}
39
+
40
+
impl std::error::Error for BacklinkPathParseError {}
41
+
42
+
impl FromStr for BacklinkPath {
43
+
type Err = BacklinkPathParseError;
44
+
45
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
46
+
match s {
47
+
"subject" => Ok(Self::Subject),
48
+
"subject.uri" => Ok(Self::SubjectUri),
49
+
_ => Err(BacklinkPathParseError(s.to_owned())),
50
+
}
51
+
}
52
+
}
53
+
54
#[derive(Debug, Clone)]
55
pub struct Backlink {
56
pub uri: AtUri,
57
+
pub path: BacklinkPath,
58
pub link_to: String,
59
}
60
+10
-1
crates/tranquil-db-traits/src/channel_verification.rs
+10
-1
crates/tranquil-db-traits/src/channel_verification.rs
···
10
}
11
12
impl ChannelVerificationStatus {
13
+
pub fn from_db_row(email: bool, discord: bool, telegram: bool, signal: bool) -> Self {
14
Self {
15
email,
16
discord,
17
telegram,
18
signal,
19
+
}
20
+
}
21
+
22
+
pub fn from_verified_channels(channels: &[CommsChannel]) -> Self {
23
+
Self {
24
+
email: channels.contains(&CommsChannel::Email),
25
+
discord: channels.contains(&CommsChannel::Discord),
26
+
telegram: channels.contains(&CommsChannel::Telegram),
27
+
signal: channels.contains(&CommsChannel::Signal),
28
}
29
}
30
+3
crates/tranquil-db-traits/src/error.rs
+3
crates/tranquil-db-traits/src/error.rs
+53
-17
crates/tranquil-db-traits/src/infra.rs
+53
-17
crates/tranquil-db-traits/src/infra.rs
···
31
}
32
}
33
34
-
impl From<bool> for InviteCodeState {
35
-
fn from(disabled: bool) -> Self {
36
-
if disabled {
37
-
Self::Disabled
38
-
} else {
39
-
Self::Active
40
}
41
}
42
-
}
43
44
-
impl From<Option<bool>> for InviteCodeState {
45
-
fn from(disabled: Option<bool>) -> Self {
46
-
Self::from(disabled.unwrap_or(false))
47
-
}
48
-
}
49
-
50
-
impl From<InviteCodeState> for bool {
51
-
fn from(state: InviteCodeState) -> Self {
52
-
matches!(state, InviteCodeState::Disabled)
53
}
54
}
55
···
62
Telegram,
63
Signal,
64
}
65
66
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, sqlx::Type)]
67
#[sqlx(type_name = "comms_type", rename_all = "snake_case")]
···
139
140
impl InviteCodeRow {
141
pub fn state(&self) -> InviteCodeState {
142
-
InviteCodeState::from(self.disabled)
143
}
144
}
145
···
31
}
32
}
33
34
+
impl InviteCodeState {
35
+
pub fn from_disabled_flag(disabled: bool) -> Self {
36
+
match disabled {
37
+
true => Self::Disabled,
38
+
false => Self::Active,
39
}
40
}
41
42
+
pub fn from_optional_disabled_flag(disabled: Option<bool>) -> Self {
43
+
Self::from_disabled_flag(disabled.unwrap_or(false))
44
}
45
}
46
···
53
Telegram,
54
Signal,
55
}
56
+
57
+
impl CommsChannel {
58
+
pub fn as_str(self) -> &'static str {
59
+
match self {
60
+
Self::Email => "email",
61
+
Self::Discord => "discord",
62
+
Self::Telegram => "telegram",
63
+
Self::Signal => "signal",
64
+
}
65
+
}
66
+
67
+
pub fn display_name(self) -> &'static str {
68
+
match self {
69
+
Self::Email => "email",
70
+
Self::Discord => "Discord",
71
+
Self::Telegram => "Telegram",
72
+
Self::Signal => "Signal",
73
+
}
74
+
}
75
+
}
76
+
77
+
impl std::str::FromStr for CommsChannel {
78
+
type Err = InvalidCommsChannel;
79
+
80
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
81
+
match s {
82
+
"email" => Ok(Self::Email),
83
+
"discord" => Ok(Self::Discord),
84
+
"telegram" => Ok(Self::Telegram),
85
+
"signal" => Ok(Self::Signal),
86
+
_ => Err(InvalidCommsChannel),
87
+
}
88
+
}
89
+
}
90
+
91
+
#[derive(Debug, Clone)]
92
+
pub struct InvalidCommsChannel;
93
+
94
+
impl std::fmt::Display for InvalidCommsChannel {
95
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
96
+
f.write_str("invalid comms channel")
97
+
}
98
+
}
99
+
100
+
impl std::error::Error for InvalidCommsChannel {}
101
102
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, sqlx::Type)]
103
#[sqlx(type_name = "comms_type", rename_all = "snake_case")]
···
175
176
impl InviteCodeRow {
177
pub fn state(&self) -> InviteCodeState {
178
+
InviteCodeState::from_optional_disabled_flag(self.disabled)
179
}
180
}
181
+2
-2
crates/tranquil-db-traits/src/lib.rs
+2
-2
crates/tranquil-db-traits/src/lib.rs
···
14
mod sso;
15
mod user;
16
17
-
pub use backlink::{Backlink, BacklinkRepository};
18
pub use backup::{
19
BackupForDeletion, BackupRepository, BackupRow, BackupStorageInfo, BlobExportInfo,
20
OldBackupInfo, UserBackupInfo,
···
68
UserInfoForAuth, UserKeyInfo, UserKeyWithId, UserLegacyLoginPref, UserLoginCheck,
69
UserLoginFull, UserLoginInfo, UserPasswordInfo, UserRepository, UserResendVerification,
70
UserResetCodeInfo, UserRow, UserSessionInfo, UserStatus, UserVerificationInfo, UserWithKey,
71
-
VerifiedTotpRecord,
72
};
···
14
mod sso;
15
mod user;
16
17
+
pub use backlink::{Backlink, BacklinkPath, BacklinkRepository};
18
pub use backup::{
19
BackupForDeletion, BackupRepository, BackupRow, BackupStorageInfo, BlobExportInfo,
20
OldBackupInfo, UserBackupInfo,
···
68
UserInfoForAuth, UserKeyInfo, UserKeyWithId, UserLegacyLoginPref, UserLoginCheck,
69
UserLoginFull, UserLoginInfo, UserPasswordInfo, UserRepository, UserResendVerification,
70
UserResetCodeInfo, UserRow, UserSessionInfo, UserStatus, UserVerificationInfo, UserWithKey,
71
+
VerifiedTotpRecord, WebauthnChallengeType,
72
};
+7
crates/tranquil-db-traits/src/repo.rs
+7
crates/tranquil-db-traits/src/repo.rs
+9
-23
crates/tranquil-db-traits/src/session.rs
+9
-23
crates/tranquil-db-traits/src/session.rs
···
20
pub fn is_modern(self) -> bool {
21
matches!(self, Self::Modern)
22
}
23
-
}
24
25
-
impl From<bool> for LoginType {
26
-
fn from(legacy: bool) -> Self {
27
-
if legacy { Self::Legacy } else { Self::Modern }
28
-
}
29
-
}
30
-
31
-
impl From<LoginType> for bool {
32
-
fn from(lt: LoginType) -> Self {
33
-
matches!(lt, LoginType::Legacy)
34
}
35
}
36
···
45
pub fn is_privileged(self) -> bool {
46
matches!(self, Self::Privileged)
47
}
48
-
}
49
50
-
impl From<bool> for AppPasswordPrivilege {
51
-
fn from(privileged: bool) -> Self {
52
-
if privileged {
53
-
Self::Privileged
54
-
} else {
55
-
Self::Standard
56
}
57
-
}
58
-
}
59
-
60
-
impl From<AppPasswordPrivilege> for bool {
61
-
fn from(p: AppPasswordPrivilege) -> Self {
62
-
matches!(p, AppPasswordPrivilege::Privileged)
63
}
64
}
65
···
20
pub fn is_modern(self) -> bool {
21
matches!(self, Self::Modern)
22
}
23
24
+
pub fn from_legacy_flag(legacy: bool) -> Self {
25
+
match legacy {
26
+
true => Self::Legacy,
27
+
false => Self::Modern,
28
+
}
29
}
30
}
31
···
40
pub fn is_privileged(self) -> bool {
41
matches!(self, Self::Privileged)
42
}
43
44
+
pub fn from_privileged_flag(privileged: bool) -> Self {
45
+
match privileged {
46
+
true => Self::Privileged,
47
+
false => Self::Standard,
48
}
49
}
50
}
51
+41
-2
crates/tranquil-db-traits/src/sso.rs
+41
-2
crates/tranquil-db-traits/src/sso.rs
···
113
114
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize, sqlx::Type)]
115
#[sqlx(type_name = "sso_provider_type", rename_all = "lowercase")]
116
pub enum SsoProviderType {
117
Github,
118
Discord,
···
141
}
142
143
pub fn parse(s: &str) -> Option<Self> {
144
-
match s.to_lowercase().as_str() {
145
"login" => Some(Self::Login),
146
"link" => Some(Self::Link),
147
"register" => Some(Self::Register),
···
156
}
157
}
158
159
impl SsoProviderType {
160
pub fn as_str(&self) -> &'static str {
161
match self {
···
169
}
170
171
pub fn parse(s: &str) -> Option<Self> {
172
-
match s.to_lowercase().as_str() {
173
"github" => Some(Self::Github),
174
"discord" => Some(Self::Discord),
175
"google" => Some(Self::Google),
···
113
114
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize, sqlx::Type)]
115
#[sqlx(type_name = "sso_provider_type", rename_all = "lowercase")]
116
+
#[serde(rename_all = "lowercase")]
117
pub enum SsoProviderType {
118
Github,
119
Discord,
···
142
}
143
144
pub fn parse(s: &str) -> Option<Self> {
145
+
match s {
146
"login" => Some(Self::Login),
147
"link" => Some(Self::Link),
148
"register" => Some(Self::Register),
···
157
}
158
}
159
160
+
impl std::str::FromStr for SsoProviderType {
161
+
type Err = InvalidSsoProviderType;
162
+
163
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
164
+
Self::parse(s).ok_or(InvalidSsoProviderType)
165
+
}
166
+
}
167
+
168
+
#[derive(Debug, Clone)]
169
+
pub struct InvalidSsoProviderType;
170
+
171
+
impl std::fmt::Display for InvalidSsoProviderType {
172
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
173
+
f.write_str("invalid SSO provider type")
174
+
}
175
+
}
176
+
177
+
impl std::error::Error for InvalidSsoProviderType {}
178
+
179
+
impl std::str::FromStr for SsoAction {
180
+
type Err = InvalidSsoAction;
181
+
182
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
183
+
Self::parse(s).ok_or(InvalidSsoAction)
184
+
}
185
+
}
186
+
187
+
#[derive(Debug, Clone)]
188
+
pub struct InvalidSsoAction;
189
+
190
+
impl std::fmt::Display for InvalidSsoAction {
191
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
192
+
f.write_str("invalid SSO action")
193
+
}
194
+
}
195
+
196
+
impl std::error::Error for InvalidSsoAction {}
197
+
198
impl SsoProviderType {
199
pub fn as_str(&self) -> &'static str {
200
match self {
···
208
}
209
210
pub fn parse(s: &str) -> Option<Self> {
211
+
match s {
212
"github" => Some(Self::Github),
213
"discord" => Some(Self::Discord),
214
"google" => Some(Self::Google),
+18
-3
crates/tranquil-db-traits/src/user.rs
+18
-3
crates/tranquil-db-traits/src/user.rs
···
6
7
use crate::{ChannelVerificationStatus, CommsChannel, DbError, SsoProviderType};
8
9
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize, sqlx::Type)]
10
#[sqlx(type_name = "account_type", rename_all = "snake_case")]
11
pub enum AccountType {
···
325
async fn save_webauthn_challenge(
326
&self,
327
did: &Did,
328
-
challenge_type: &str,
329
state_json: &str,
330
) -> Result<Uuid, DbError>;
331
332
async fn load_webauthn_challenge(
333
&self,
334
did: &Did,
335
-
challenge_type: &str,
336
) -> Result<Option<String>, DbError>;
337
338
async fn delete_webauthn_challenge(
339
&self,
340
did: &Did,
341
-
challenge_type: &str,
342
) -> Result<(), DbError>;
343
344
async fn get_totp_record(&self, did: &Did) -> Result<Option<TotpRecord>, DbError>;
···
6
7
use crate::{ChannelVerificationStatus, CommsChannel, DbError, SsoProviderType};
8
9
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
10
+
pub enum WebauthnChallengeType {
11
+
Registration,
12
+
Authentication,
13
+
}
14
+
15
+
impl WebauthnChallengeType {
16
+
pub fn as_str(self) -> &'static str {
17
+
match self {
18
+
Self::Registration => "registration",
19
+
Self::Authentication => "authentication",
20
+
}
21
+
}
22
+
}
23
+
24
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize, sqlx::Type)]
25
#[sqlx(type_name = "account_type", rename_all = "snake_case")]
26
pub enum AccountType {
···
340
async fn save_webauthn_challenge(
341
&self,
342
did: &Did,
343
+
challenge_type: WebauthnChallengeType,
344
state_json: &str,
345
) -> Result<Uuid, DbError>;
346
347
async fn load_webauthn_challenge(
348
&self,
349
did: &Did,
350
+
challenge_type: WebauthnChallengeType,
351
) -> Result<Option<String>, DbError>;
352
353
async fn delete_webauthn_challenge(
354
&self,
355
did: &Did,
356
+
challenge_type: WebauthnChallengeType,
357
) -> Result<(), DbError>;
358
359
async fn get_totp_record(&self, did: &Did) -> Result<Option<TotpRecord>, DbError>;
+4
-4
crates/tranquil-db/src/postgres/infra.rs
+4
-4
crates/tranquil-db/src/postgres/infra.rs
···
261
.map(|r| InviteCodeInfo {
262
code: r.code,
263
available_uses: r.available_uses,
264
-
state: InviteCodeState::from(r.disabled),
265
for_account: Some(Did::from(r.for_account)),
266
created_at: r.created_at,
267
created_by: None,
···
438
.map(|r| InviteCodeInfo {
439
code: r.code,
440
available_uses: r.available_uses,
441
-
state: InviteCodeState::from(r.disabled),
442
for_account: Some(Did::from(r.for_account)),
443
created_at: r.created_at,
444
created_by: Some(Did::from(r.created_by)),
···
461
Ok(result.map(|r| InviteCodeInfo {
462
code: r.code,
463
available_uses: r.available_uses,
464
-
state: InviteCodeState::from(r.disabled),
465
for_account: Some(Did::from(r.for_account)),
466
created_at: r.created_at,
467
created_by: Some(Did::from(r.created_by)),
···
492
InviteCodeInfo {
493
code: r.code,
494
available_uses: r.available_uses,
495
-
state: InviteCodeState::from(r.disabled),
496
for_account: Some(Did::from(r.for_account)),
497
created_at: r.created_at,
498
created_by: Some(Did::from(r.created_by)),
···
261
.map(|r| InviteCodeInfo {
262
code: r.code,
263
available_uses: r.available_uses,
264
+
state: InviteCodeState::from_optional_disabled_flag(r.disabled),
265
for_account: Some(Did::from(r.for_account)),
266
created_at: r.created_at,
267
created_by: None,
···
438
.map(|r| InviteCodeInfo {
439
code: r.code,
440
available_uses: r.available_uses,
441
+
state: InviteCodeState::from_optional_disabled_flag(r.disabled),
442
for_account: Some(Did::from(r.for_account)),
443
created_at: r.created_at,
444
created_by: Some(Did::from(r.created_by)),
···
461
Ok(result.map(|r| InviteCodeInfo {
462
code: r.code,
463
available_uses: r.available_uses,
464
+
state: InviteCodeState::from_optional_disabled_flag(r.disabled),
465
for_account: Some(Did::from(r.for_account)),
466
created_at: r.created_at,
467
created_by: Some(Did::from(r.created_by)),
···
492
InviteCodeInfo {
493
code: r.code,
494
available_uses: r.available_uses,
495
+
state: InviteCodeState::from_optional_disabled_flag(r.disabled),
496
for_account: Some(Did::from(r.for_account)),
497
created_at: r.created_at,
498
created_by: Some(Did::from(r.created_by)),
+7
-7
crates/tranquil-db/src/postgres/session.rs
+7
-7
crates/tranquil-db/src/postgres/session.rs
···
37
data.refresh_jti,
38
data.access_expires_at,
39
data.refresh_expires_at,
40
-
bool::from(data.login_type),
41
data.mfa_verified,
42
data.scope,
43
data.controller_did.as_ref().map(|d| d.as_str()),
···
75
refresh_jti: r.refresh_jti,
76
access_expires_at: r.access_expires_at,
77
refresh_expires_at: r.refresh_expires_at,
78
-
login_type: LoginType::from(r.legacy_login),
79
mfa_verified: r.mfa_verified,
80
scope: r.scope,
81
controller_did: r.controller_did.map(Did::from),
···
325
name: r.name,
326
password_hash: r.password_hash,
327
created_at: r.created_at,
328
-
privilege: AppPasswordPrivilege::from(r.privileged),
329
scopes: r.scopes,
330
created_by_controller_did: r.created_by_controller_did.map(Did::from),
331
})
···
358
name: r.name,
359
password_hash: r.password_hash,
360
created_at: r.created_at,
361
-
privilege: AppPasswordPrivilege::from(r.privileged),
362
scopes: r.scopes,
363
created_by_controller_did: r.created_by_controller_did.map(Did::from),
364
})
···
389
name: r.name,
390
password_hash: r.password_hash,
391
created_at: r.created_at,
392
-
privilege: AppPasswordPrivilege::from(r.privileged),
393
scopes: r.scopes,
394
created_by_controller_did: r.created_by_controller_did.map(Did::from),
395
}))
···
405
data.user_id,
406
data.name,
407
data.password_hash,
408
-
bool::from(data.privilege),
409
data.scopes,
410
data.created_by_controller_did.as_ref().map(|d| d.as_str())
411
)
···
486
.map_err(map_sqlx_error)?;
487
488
Ok(row.map(|r| SessionMfaStatus {
489
-
login_type: LoginType::from(r.legacy_login),
490
mfa_verified: r.mfa_verified,
491
last_reauth_at: r.last_reauth_at,
492
}))
···
37
data.refresh_jti,
38
data.access_expires_at,
39
data.refresh_expires_at,
40
+
data.login_type.is_legacy(),
41
data.mfa_verified,
42
data.scope,
43
data.controller_did.as_ref().map(|d| d.as_str()),
···
75
refresh_jti: r.refresh_jti,
76
access_expires_at: r.access_expires_at,
77
refresh_expires_at: r.refresh_expires_at,
78
+
login_type: LoginType::from_legacy_flag(r.legacy_login),
79
mfa_verified: r.mfa_verified,
80
scope: r.scope,
81
controller_did: r.controller_did.map(Did::from),
···
325
name: r.name,
326
password_hash: r.password_hash,
327
created_at: r.created_at,
328
+
privilege: AppPasswordPrivilege::from_privileged_flag(r.privileged),
329
scopes: r.scopes,
330
created_by_controller_did: r.created_by_controller_did.map(Did::from),
331
})
···
358
name: r.name,
359
password_hash: r.password_hash,
360
created_at: r.created_at,
361
+
privilege: AppPasswordPrivilege::from_privileged_flag(r.privileged),
362
scopes: r.scopes,
363
created_by_controller_did: r.created_by_controller_did.map(Did::from),
364
})
···
389
name: r.name,
390
password_hash: r.password_hash,
391
created_at: r.created_at,
392
+
privilege: AppPasswordPrivilege::from_privileged_flag(r.privileged),
393
scopes: r.scopes,
394
created_by_controller_did: r.created_by_controller_did.map(Did::from),
395
}))
···
405
data.user_id,
406
data.name,
407
data.password_hash,
408
+
data.privilege.is_privileged(),
409
data.scopes,
410
data.created_by_controller_did.as_ref().map(|d| d.as_str())
411
)
···
486
.map_err(map_sqlx_error)?;
487
488
Ok(row.map(|r| SessionMfaStatus {
489
+
login_type: LoginType::from_legacy_flag(r.legacy_login),
490
mfa_verified: r.mfa_verified,
491
last_reauth_at: r.last_reauth_at,
492
}))
+37
-26
crates/tranquil-db/src/postgres/sso.rs
+37
-26
crates/tranquil-db/src/postgres/sso.rs
···
68
.await
69
.map_err(map_sqlx_error)?;
70
71
-
Ok(row.map(|r| ExternalIdentity {
72
-
id: r.id,
73
-
did: unsafe { Did::new_unchecked(&r.did) },
74
-
provider: r.provider,
75
-
provider_user_id: ExternalUserId::from(r.provider_user_id),
76
-
provider_username: r.provider_username.map(ExternalUsername::from),
77
-
provider_email: r.provider_email.map(ExternalEmail::from),
78
-
created_at: r.created_at,
79
-
updated_at: r.updated_at,
80
-
last_login_at: r.last_login_at,
81
-
}))
82
}
83
84
async fn get_external_identities_by_did(
···
99
.await
100
.map_err(map_sqlx_error)?;
101
102
-
Ok(rows
103
-
.into_iter()
104
-
.map(|r| ExternalIdentity {
105
-
id: r.id,
106
-
did: unsafe { Did::new_unchecked(&r.did) },
107
-
provider: r.provider,
108
-
provider_user_id: ExternalUserId::from(r.provider_user_id),
109
-
provider_username: r.provider_username.map(ExternalUsername::from),
110
-
provider_email: r.provider_email.map(ExternalEmail::from),
111
-
created_at: r.created_at,
112
-
updated_at: r.updated_at,
113
-
last_login_at: r.last_login_at,
114
})
115
-
.collect())
116
}
117
118
async fn update_external_identity_login(
···
202
.map_err(map_sqlx_error)?;
203
204
row.map(|r| {
205
-
let action = SsoAction::parse(&r.action).ok_or(DbError::NotFound)?;
206
Ok(SsoAuthState {
207
state: r.state,
208
request_uri: r.request_uri,
···
210
action,
211
nonce: r.nonce,
212
code_verifier: r.code_verifier,
213
-
did: r.did.map(|d| unsafe { Did::new_unchecked(&d) }),
214
created_at: r.created_at,
215
expires_at: r.expires_at,
216
})
···
68
.await
69
.map_err(map_sqlx_error)?;
70
71
+
row.map(|r| {
72
+
Ok(ExternalIdentity {
73
+
id: r.id,
74
+
did: r.did.parse().map_err(|_| DbError::CorruptData("DID"))?,
75
+
provider: r.provider,
76
+
provider_user_id: ExternalUserId::from(r.provider_user_id),
77
+
provider_username: r.provider_username.map(ExternalUsername::from),
78
+
provider_email: r.provider_email.map(ExternalEmail::from),
79
+
created_at: r.created_at,
80
+
updated_at: r.updated_at,
81
+
last_login_at: r.last_login_at,
82
+
})
83
+
})
84
+
.transpose()
85
}
86
87
async fn get_external_identities_by_did(
···
102
.await
103
.map_err(map_sqlx_error)?;
104
105
+
rows.into_iter()
106
+
.map(|r| {
107
+
Ok(ExternalIdentity {
108
+
id: r.id,
109
+
did: r.did.parse().map_err(|_| DbError::CorruptData("DID"))?,
110
+
provider: r.provider,
111
+
provider_user_id: ExternalUserId::from(r.provider_user_id),
112
+
provider_username: r.provider_username.map(ExternalUsername::from),
113
+
provider_email: r.provider_email.map(ExternalEmail::from),
114
+
created_at: r.created_at,
115
+
updated_at: r.updated_at,
116
+
last_login_at: r.last_login_at,
117
+
})
118
})
119
+
.collect()
120
}
121
122
async fn update_external_identity_login(
···
206
.map_err(map_sqlx_error)?;
207
208
row.map(|r| {
209
+
let action: SsoAction = r
210
+
.action
211
+
.parse()
212
+
.map_err(|_| DbError::CorruptData("sso_action"))?;
213
Ok(SsoAuthState {
214
state: r.state,
215
request_uri: r.request_uri,
···
217
action,
218
nonce: r.nonce,
219
code_verifier: r.code_verifier,
220
+
did: r
221
+
.did
222
+
.map(|d| d.parse::<Did>())
223
+
.transpose()
224
+
.map_err(|_| DbError::CorruptData("DID"))?,
225
created_at: r.created_at,
226
expires_at: r.expires_at,
227
})
+14
-14
crates/tranquil-db/src/postgres/user.rs
+14
-14
crates/tranquil-db/src/postgres/user.rs
···
14
UserIdHandleEmail, UserInfoForAuth, UserKeyInfo, UserKeyWithId, UserLegacyLoginPref,
15
UserLoginCheck, UserLoginFull, UserLoginInfo, UserPasswordInfo, UserRepository,
16
UserResendVerification, UserResetCodeInfo, UserRow, UserSessionInfo, UserStatus,
17
-
UserVerificationInfo, UserWithKey,
18
};
19
20
pub struct PostgresUserRepository {
···
281
password_hash: r.password_hash,
282
deactivated_at: r.deactivated_at,
283
takedown_ref: r.takedown_ref,
284
-
channel_verification: ChannelVerificationStatus::new(
285
r.email_verified,
286
r.discord_verified,
287
r.telegram_verified,
···
746
id: r.id,
747
handle: Handle::from(r.handle),
748
email: r.email,
749
-
channel_verification: ChannelVerificationStatus::new(
750
r.email_verified,
751
r.discord_verified,
752
r.telegram_verified,
···
1029
async fn save_webauthn_challenge(
1030
&self,
1031
did: &Did,
1032
-
challenge_type: &str,
1033
state_json: &str,
1034
) -> Result<Uuid, DbError> {
1035
let id = Uuid::new_v4();
···
1041
id,
1042
did.as_str(),
1043
challenge,
1044
-
challenge_type,
1045
state_json,
1046
expires_at,
1047
)
···
1055
async fn load_webauthn_challenge(
1056
&self,
1057
did: &Did,
1058
-
challenge_type: &str,
1059
) -> Result<Option<String>, DbError> {
1060
let row = sqlx::query_scalar!(
1061
r#"SELECT state_json FROM webauthn_challenges
1062
WHERE did = $1 AND challenge_type = $2 AND expires_at > NOW()
1063
ORDER BY created_at DESC LIMIT 1"#,
1064
did.as_str(),
1065
-
challenge_type
1066
)
1067
.fetch_optional(&self.pool)
1068
.await
···
1074
async fn delete_webauthn_challenge(
1075
&self,
1076
did: &Did,
1077
-
challenge_type: &str,
1078
) -> Result<(), DbError> {
1079
sqlx::query!(
1080
"DELETE FROM webauthn_challenges WHERE did = $1 AND challenge_type = $2",
1081
did.as_str(),
1082
-
challenge_type
1083
)
1084
.execute(&self.pool)
1085
.await
···
1365
preferred_comms_channel: row.preferred_comms_channel,
1366
deactivated_at: row.deactivated_at,
1367
takedown_ref: row.takedown_ref,
1368
-
channel_verification: ChannelVerificationStatus::new(
1369
row.email_verified,
1370
row.discord_verified,
1371
row.telegram_verified,
···
1395
id: row.id,
1396
two_factor_enabled: row.two_factor_enabled,
1397
preferred_comms_channel: row.preferred_comms_channel,
1398
-
channel_verification: ChannelVerificationStatus::new(
1399
row.email_verified,
1400
row.discord_verified,
1401
row.telegram_verified,
···
1432
takedown_ref: row.takedown_ref,
1433
preferred_locale: row.preferred_locale,
1434
preferred_comms_channel: row.preferred_comms_channel,
1435
-
channel_verification: ChannelVerificationStatus::new(
1436
row.email_verified,
1437
row.discord_verified,
1438
row.telegram_verified,
···
1525
email: row.email,
1526
deactivated_at: row.deactivated_at,
1527
takedown_ref: row.takedown_ref,
1528
-
channel_verification: ChannelVerificationStatus::new(
1529
row.email_verified,
1530
row.discord_verified,
1531
row.telegram_verified,
···
1602
discord_username: row.discord_username,
1603
telegram_username: row.telegram_username,
1604
signal_username: row.signal_username,
1605
-
channel_verification: ChannelVerificationStatus::new(
1606
row.email_verified,
1607
row.discord_verified,
1608
row.telegram_verified,
···
14
UserIdHandleEmail, UserInfoForAuth, UserKeyInfo, UserKeyWithId, UserLegacyLoginPref,
15
UserLoginCheck, UserLoginFull, UserLoginInfo, UserPasswordInfo, UserRepository,
16
UserResendVerification, UserResetCodeInfo, UserRow, UserSessionInfo, UserStatus,
17
+
UserVerificationInfo, UserWithKey, WebauthnChallengeType,
18
};
19
20
pub struct PostgresUserRepository {
···
281
password_hash: r.password_hash,
282
deactivated_at: r.deactivated_at,
283
takedown_ref: r.takedown_ref,
284
+
channel_verification: ChannelVerificationStatus::from_db_row(
285
r.email_verified,
286
r.discord_verified,
287
r.telegram_verified,
···
746
id: r.id,
747
handle: Handle::from(r.handle),
748
email: r.email,
749
+
channel_verification: ChannelVerificationStatus::from_db_row(
750
r.email_verified,
751
r.discord_verified,
752
r.telegram_verified,
···
1029
async fn save_webauthn_challenge(
1030
&self,
1031
did: &Did,
1032
+
challenge_type: WebauthnChallengeType,
1033
state_json: &str,
1034
) -> Result<Uuid, DbError> {
1035
let id = Uuid::new_v4();
···
1041
id,
1042
did.as_str(),
1043
challenge,
1044
+
challenge_type.as_str(),
1045
state_json,
1046
expires_at,
1047
)
···
1055
async fn load_webauthn_challenge(
1056
&self,
1057
did: &Did,
1058
+
challenge_type: WebauthnChallengeType,
1059
) -> Result<Option<String>, DbError> {
1060
let row = sqlx::query_scalar!(
1061
r#"SELECT state_json FROM webauthn_challenges
1062
WHERE did = $1 AND challenge_type = $2 AND expires_at > NOW()
1063
ORDER BY created_at DESC LIMIT 1"#,
1064
did.as_str(),
1065
+
challenge_type.as_str()
1066
)
1067
.fetch_optional(&self.pool)
1068
.await
···
1074
async fn delete_webauthn_challenge(
1075
&self,
1076
did: &Did,
1077
+
challenge_type: WebauthnChallengeType,
1078
) -> Result<(), DbError> {
1079
sqlx::query!(
1080
"DELETE FROM webauthn_challenges WHERE did = $1 AND challenge_type = $2",
1081
did.as_str(),
1082
+
challenge_type.as_str()
1083
)
1084
.execute(&self.pool)
1085
.await
···
1365
preferred_comms_channel: row.preferred_comms_channel,
1366
deactivated_at: row.deactivated_at,
1367
takedown_ref: row.takedown_ref,
1368
+
channel_verification: ChannelVerificationStatus::from_db_row(
1369
row.email_verified,
1370
row.discord_verified,
1371
row.telegram_verified,
···
1395
id: row.id,
1396
two_factor_enabled: row.two_factor_enabled,
1397
preferred_comms_channel: row.preferred_comms_channel,
1398
+
channel_verification: ChannelVerificationStatus::from_db_row(
1399
row.email_verified,
1400
row.discord_verified,
1401
row.telegram_verified,
···
1432
takedown_ref: row.takedown_ref,
1433
preferred_locale: row.preferred_locale,
1434
preferred_comms_channel: row.preferred_comms_channel,
1435
+
channel_verification: ChannelVerificationStatus::from_db_row(
1436
row.email_verified,
1437
row.discord_verified,
1438
row.telegram_verified,
···
1525
email: row.email,
1526
deactivated_at: row.deactivated_at,
1527
takedown_ref: row.takedown_ref,
1528
+
channel_verification: ChannelVerificationStatus::from_db_row(
1529
row.email_verified,
1530
row.discord_verified,
1531
row.telegram_verified,
···
1602
discord_username: row.discord_username,
1603
telegram_username: row.telegram_username,
1604
signal_username: row.signal_username,
1605
+
channel_verification: ChannelVerificationStatus::from_db_row(
1606
row.email_verified,
1607
row.discord_verified,
1608
row.telegram_verified,
+1
-1
crates/tranquil-pds/src/api/actor/preferences.rs
+1
-1
crates/tranquil-pds/src/api/actor/preferences.rs
···
21
let bday = NaiveDate::parse_from_str(birth_date, "%Y-%m-%d").ok()?;
22
let today = Utc::now().date_naive();
23
let mut age = today.year() - bday.year();
24
+
let m = i32::try_from(today.month()).unwrap_or(0) - i32::try_from(bday.month()).unwrap_or(0);
25
if m < 0 || (m == 0 && today.day() < bday.day()) {
26
age -= 1;
27
}
+4
-1
crates/tranquil-pds/src/api/admin/account/delete.rs
+4
-1
crates/tranquil-pds/src/api/admin/account/delete.rs
+2
-2
crates/tranquil-pds/src/api/admin/account/email.rs
+2
-2
crates/tranquil-pds/src/api/admin/account/email.rs
···
1
-
use crate::api::error::{ApiError, AtpJson, DbResultExt};
2
use crate::auth::{Admin, Auth};
3
use crate::state::AppState;
4
use crate::types::Did;
···
30
pub async fn send_email(
31
State(state): State<AppState>,
32
_auth: Auth<Admin>,
33
-
AtpJson(input): AtpJson<SendEmailInput>,
34
) -> Result<Response, ApiError> {
35
let content = input.content.trim();
36
if content.is_empty() {
···
1
+
use crate::api::error::{ApiError, DbResultExt};
2
use crate::auth::{Admin, Auth};
3
use crate::state::AppState;
4
use crate::types::Did;
···
30
pub async fn send_email(
31
State(state): State<AppState>,
32
_auth: Auth<Admin>,
33
+
Json(input): Json<SendEmailInput>,
34
) -> Result<Response, ApiError> {
35
let content = input.content.trim();
36
if content.is_empty() {
+3
-2
crates/tranquil-pds/src/api/admin/account/search.rs
+3
-2
crates/tranquil-pds/src/api/admin/account/search.rs
···
67
.await
68
.log_db_err("in search_accounts")?;
69
70
+
let limit_usize = usize::try_from(limit).unwrap_or(0);
71
+
let has_more = rows.len() > limit_usize;
72
let accounts: Vec<AccountView> = rows
73
.into_iter()
74
+
.take(limit_usize)
75
.map(|row| AccountView {
76
did: row.did.clone(),
77
handle: row.handle,
+9
-3
crates/tranquil-pds/src/api/admin/account/update.rs
+9
-3
crates/tranquil-pds/src/api/admin/account/update.rs
···
84
.ok()
85
.flatten()
86
.ok_or(ApiError::AccountNotFound)?;
87
-
let handle_for_check = unsafe { Handle::new_unchecked(&handle) };
88
if let Ok(true) = state
89
.user_repo
90
.check_handle_exists(&handle_for_check, user_id)
···
100
Ok(0) => Err(ApiError::AccountNotFound),
101
Ok(_) => {
102
if let Some(old) = old_handle {
103
-
let _ = state.cache.delete(&format!("handle:{}", old)).await;
104
}
105
-
let _ = state.cache.delete(&format!("handle:{}", handle)).await;
106
if let Err(e) = crate::api::repo::record::sequence_identity_event(
107
&state,
108
did,
···
84
.ok()
85
.flatten()
86
.ok_or(ApiError::AccountNotFound)?;
87
+
let handle_for_check: Handle = handle.parse().map_err(|_| ApiError::InvalidHandle(None))?;
88
if let Ok(true) = state
89
.user_repo
90
.check_handle_exists(&handle_for_check, user_id)
···
100
Ok(0) => Err(ApiError::AccountNotFound),
101
Ok(_) => {
102
if let Some(old) = old_handle {
103
+
let _ = state
104
+
.cache
105
+
.delete(&crate::cache_keys::handle_key(&old))
106
+
.await;
107
}
108
+
let _ = state
109
+
.cache
110
+
.delete(&crate::cache_keys::handle_key(&handle))
111
+
.await;
112
if let Err(e) = crate::api::repo::record::sequence_identity_event(
113
&state,
114
did,
+18
-9
crates/tranquil-pds/src/api/admin/config.rs
+18
-9
crates/tranquil-pds/src/api/admin/config.rs
···
3
use crate::state::AppState;
4
use axum::{Json, extract::State};
5
use serde::{Deserialize, Serialize};
6
-
use tracing::error;
7
use tranquil_types::CidLink;
8
9
#[derive(Serialize)]
···
187
};
188
189
if let Some(old_cid_str) = should_delete_old {
190
-
let old_cid = unsafe { CidLink::new_unchecked(old_cid_str) };
191
-
if let Ok(Some(storage_key)) =
192
-
state.infra_repo.get_blob_storage_key_by_cid(&old_cid).await
193
-
{
194
-
if let Err(e) = state.blob_store.delete(&storage_key).await {
195
-
error!("Failed to delete old logo blob from storage: {:?}", e);
196
}
197
-
if let Err(e) = state.infra_repo.delete_blob_by_cid(&old_cid).await {
198
-
error!("Failed to delete old logo blob record: {:?}", e);
199
}
200
}
201
}
···
3
use crate::state::AppState;
4
use axum::{Json, extract::State};
5
use serde::{Deserialize, Serialize};
6
+
use tracing::{error, warn};
7
use tranquil_types::CidLink;
8
9
#[derive(Serialize)]
···
187
};
188
189
if let Some(old_cid_str) = should_delete_old {
190
+
match CidLink::new(old_cid_str) {
191
+
Ok(old_cid) => {
192
+
if let Ok(Some(storage_key)) =
193
+
state.infra_repo.get_blob_storage_key_by_cid(&old_cid).await
194
+
{
195
+
if let Err(e) = state.blob_store.delete(&storage_key).await {
196
+
error!("Failed to delete old logo blob from storage: {:?}", e);
197
+
}
198
+
if let Err(e) = state.infra_repo.delete_blob_by_cid(&old_cid).await {
199
+
error!("Failed to delete old logo blob record: {:?}", e);
200
+
}
201
+
}
202
}
203
+
Err(e) => {
204
+
warn!(
205
+
"Old logo CID in database is invalid, skipping cleanup: {:?}",
206
+
e
207
+
);
208
}
209
}
210
}
+1
-1
crates/tranquil-pds/src/api/admin/invite.rs
+1
-1
crates/tranquil-pds/src/api/admin/invite.rs
+8
-2
crates/tranquil-pds/src/api/admin/status.rs
+8
-2
crates/tranquil-pds/src/api/admin/status.rs
···
175
Some("com.atproto.admin.defs#repoRef") => {
176
let did_str = input.subject.get("did").and_then(|d| d.as_str());
177
if let Some(did_str) = did_str {
178
-
let did = unsafe { Did::new_unchecked(did_str) };
179
if let Some(takedown) = &input.takedown {
180
let takedown_ref = if takedown.applied {
181
takedown.r#ref.as_deref()
···
230
}
231
}
232
if let Ok(Some(handle)) = state.user_repo.get_handle_by_did(&did).await {
233
-
let _ = state.cache.delete(&format!("handle:{}", handle)).await;
234
}
235
return Ok((
236
StatusCode::OK,
···
175
Some("com.atproto.admin.defs#repoRef") => {
176
let did_str = input.subject.get("did").and_then(|d| d.as_str());
177
if let Some(did_str) = did_str {
178
+
let did: Did = match did_str.parse() {
179
+
Ok(d) => d,
180
+
Err(_) => return Err(ApiError::InvalidDid("Invalid DID format".into())),
181
+
};
182
if let Some(takedown) = &input.takedown {
183
let takedown_ref = if takedown.applied {
184
takedown.r#ref.as_deref()
···
233
}
234
}
235
if let Ok(Some(handle)) = state.user_repo.get_handle_by_did(&did).await {
236
+
let _ = state
237
+
.cache
238
+
.delete(&crate::cache_keys::handle_key(&handle))
239
+
.await;
240
}
241
return Ok((
242
StatusCode::OK,
+7
-8
crates/tranquil-pds/src/api/age_assurance.rs
+7
-8
crates/tranquil-pds/src/api/age_assurance.rs
···
1
-
use crate::auth::{extract_auth_token_from_header, validate_token_with_dpop};
2
use crate::state::AppState;
3
use axum::{
4
Json,
5
extract::State,
6
-
http::{HeaderMap, StatusCode},
7
response::{IntoResponse, Response},
8
};
9
use serde_json::json;
···
33
}
34
35
async fn get_account_created_at(state: &AppState, headers: &HeaderMap) -> Option<String> {
36
-
let auth_header = crate::util::get_header_str(headers, "Authorization");
37
tracing::debug!(?auth_header, "age assurance: extracting token");
38
39
let extracted = extract_auth_token_from_header(auth_header)?;
40
tracing::debug!("age assurance: got token, validating");
41
42
-
let dpop_proof = crate::util::get_header_str(headers, "DPoP");
43
let http_uri = "/";
44
45
let auth_user = match validate_token_with_dpop(
46
state.user_repo.as_ref(),
47
state.oauth_repo.as_ref(),
48
&extracted.token,
49
-
extracted.is_dpop,
50
dpop_proof,
51
-
"GET",
52
http_uri,
53
-
false,
54
-
false,
55
)
56
.await
57
{
···
1
+
use crate::auth::{AccountRequirement, extract_auth_token_from_header, validate_token_with_dpop};
2
use crate::state::AppState;
3
use axum::{
4
Json,
5
extract::State,
6
+
http::{HeaderMap, Method, StatusCode},
7
response::{IntoResponse, Response},
8
};
9
use serde_json::json;
···
33
}
34
35
async fn get_account_created_at(state: &AppState, headers: &HeaderMap) -> Option<String> {
36
+
let auth_header = crate::util::get_header_str(headers, http::header::AUTHORIZATION);
37
tracing::debug!(?auth_header, "age assurance: extracting token");
38
39
let extracted = extract_auth_token_from_header(auth_header)?;
40
tracing::debug!("age assurance: got token, validating");
41
42
+
let dpop_proof = crate::util::get_header_str(headers, crate::util::HEADER_DPOP);
43
let http_uri = "/";
44
45
let auth_user = match validate_token_with_dpop(
46
state.user_repo.as_ref(),
47
state.oauth_repo.as_ref(),
48
&extracted.token,
49
+
extracted.scheme,
50
dpop_proof,
51
+
Method::GET.as_str(),
52
http_uri,
53
+
AccountRequirement::Active,
54
)
55
.await
56
{
+6
-5
crates/tranquil-pds/src/api/backup.rs
+6
-5
crates/tranquil-pds/src/api/backup.rs
···
4
use crate::scheduled::generate_full_backup;
5
use crate::state::AppState;
6
use crate::storage::{BackupStorage, backup_retention_count};
7
use axum::{
8
Json,
9
extract::{Query, State},
···
213
};
214
215
let block_count = crate::scheduled::count_car_blocks(&car_bytes);
216
-
let size_bytes = car_bytes.len() as i64;
217
218
let storage_key = match backup_storage
219
.put_backup(&user.did, &repo_rev, &car_bytes)
···
292
backup_storage: &dyn BackupStorage,
293
user_id: uuid::Uuid,
294
retention_count: u32,
295
-
) -> Result<(), String> {
296
let old_backups: Vec<OldBackupInfo> = backup_repo
297
-
.get_old_backups(user_id, retention_count as i64)
298
.await
299
-
.map_err(|e| format!("DB error fetching old backups: {}", e))?;
300
301
for backup in old_backups {
302
if let Err(e) = backup_storage.delete_backup(&backup.storage_key).await {
···
311
backup_repo
312
.delete_backup(backup.id)
313
.await
314
-
.map_err(|e| format!("Failed to delete old backup record: {}", e))?;
315
}
316
317
Ok(())
···
4
use crate::scheduled::generate_full_backup;
5
use crate::state::AppState;
6
use crate::storage::{BackupStorage, backup_retention_count};
7
+
use anyhow::Context;
8
use axum::{
9
Json,
10
extract::{Query, State},
···
214
};
215
216
let block_count = crate::scheduled::count_car_blocks(&car_bytes);
217
+
let size_bytes = i64::try_from(car_bytes.len()).unwrap_or(i64::MAX);
218
219
let storage_key = match backup_storage
220
.put_backup(&user.did, &repo_rev, &car_bytes)
···
293
backup_storage: &dyn BackupStorage,
294
user_id: uuid::Uuid,
295
retention_count: u32,
296
+
) -> anyhow::Result<()> {
297
let old_backups: Vec<OldBackupInfo> = backup_repo
298
+
.get_old_backups(user_id, i64::from(retention_count))
299
.await
300
+
.context("DB error fetching old backups")?;
301
302
for backup in old_backups {
303
if let Err(e) = backup_storage.delete_backup(&backup.storage_key).await {
···
312
backup_repo
313
.delete_backup(backup.id)
314
.await
315
+
.context("Failed to delete old backup record")?;
316
}
317
318
Ok(())
+12
-11
crates/tranquil-pds/src/api/delegation.rs
+12
-11
crates/tranquil-pds/src/api/delegation.rs
···
7
};
8
use crate::rate_limit::{AccountCreationLimit, RateLimited};
9
use crate::state::AppState;
10
-
use crate::types::{Did, Handle, Nsid, Rkey};
11
use crate::util::{pds_hostname, pds_hostname_without_port};
12
use axum::{
13
Json,
···
164
.session_repo
165
.delete_app_passwords_by_controller(&auth.did, &input.controller_did)
166
.await
167
-
.unwrap_or(0) as usize;
168
169
let revoked_oauth_tokens = state
170
.oauth_repo
···
473
Err(_) => return Ok(ApiError::InvalidInviteCode.into_response()),
474
}
475
} else {
476
-
let invite_required = std::env::var("INVITE_CODE_REQUIRED")
477
-
.map(|v| v == "true" || v == "1")
478
-
.unwrap_or(false);
479
if invite_required {
480
return Ok(ApiError::InviteCodeRequired.into_response());
481
}
···
529
.into_response());
530
}
531
532
-
let did = unsafe { Did::new_unchecked(&genesis_result.did) };
533
-
let handle = unsafe { Handle::new_unchecked(&handle) };
534
info!(did = %did, handle = %handle, controller = %can_control.did(), "Created DID for delegated account");
535
536
let encrypted_key_bytes = match crate::config::encrypt_key(&secret_key_bytes) {
···
627
"$type": "app.bsky.actor.profile",
628
"displayName": handle
629
});
630
-
let profile_collection = unsafe { Nsid::new_unchecked("app.bsky.actor.profile") };
631
-
let profile_rkey = unsafe { Rkey::new_unchecked("self") };
632
if let Err(e) = crate::api::repo::record::create_record_internal(
633
&state,
634
&did,
635
-
&profile_collection,
636
-
&profile_rkey,
637
&profile_record,
638
)
639
.await
···
7
};
8
use crate::rate_limit::{AccountCreationLimit, RateLimited};
9
use crate::state::AppState;
10
+
use crate::types::{Did, Handle};
11
use crate::util::{pds_hostname, pds_hostname_without_port};
12
use axum::{
13
Json,
···
164
.session_repo
165
.delete_app_passwords_by_controller(&auth.did, &input.controller_did)
166
.await
167
+
.unwrap_or(0)
168
+
.try_into()
169
+
.unwrap_or(0usize);
170
171
let revoked_oauth_tokens = state
172
.oauth_repo
···
475
Err(_) => return Ok(ApiError::InvalidInviteCode.into_response()),
476
}
477
} else {
478
+
let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED");
479
if invite_required {
480
return Ok(ApiError::InviteCodeRequired.into_response());
481
}
···
529
.into_response());
530
}
531
532
+
let did: Did = genesis_result
533
+
.did
534
+
.parse()
535
+
.map_err(|_| ApiError::InternalError(Some("PLC genesis returned invalid DID".into())))?;
536
+
let handle: Handle = handle.parse().map_err(|_| ApiError::InvalidHandle(None))?;
537
info!(did = %did, handle = %handle, controller = %can_control.did(), "Created DID for delegated account");
538
539
let encrypted_key_bytes = match crate::config::encrypt_key(&secret_key_bytes) {
···
630
"$type": "app.bsky.actor.profile",
631
"displayName": handle
632
});
633
if let Err(e) = crate::api::repo::record::create_record_internal(
634
&state,
635
&did,
636
+
&crate::types::PROFILE_COLLECTION,
637
+
&crate::types::PROFILE_RKEY,
638
&profile_record,
639
)
640
.await
+1
-1
crates/tranquil-pds/src/api/discord_webhook.rs
+1
-1
crates/tranquil-pds/src/api/discord_webhook.rs
+13
-68
crates/tranquil-pds/src/api/error.rs
+13
-68
crates/tranquil-pds/src/api/error.rs
···
1
use axum::{
2
Json,
3
-
extract::{FromRequest, Request, rejection::JsonRejection},
4
-
http::StatusCode,
5
response::{IntoResponse, Response},
6
};
7
-
use serde::{Serialize, de::DeserializeOwned};
8
use std::borrow::Cow;
9
10
#[derive(Debug, Serialize)]
···
103
UpstreamTimeout,
104
UpstreamUnavailable(String),
105
UpstreamError {
106
-
status: u16,
107
error: Option<String>,
108
message: Option<String>,
109
},
···
127
}
128
Self::ServiceUnavailable(_) | Self::BackupsDisabled => StatusCode::SERVICE_UNAVAILABLE,
129
Self::UpstreamTimeout => StatusCode::GATEWAY_TIMEOUT,
130
-
Self::UpstreamError { status, .. } => {
131
-
StatusCode::from_u16(*status).unwrap_or(StatusCode::BAD_GATEWAY)
132
-
}
133
Self::AuthenticationRequired
134
| Self::AuthenticationFailed(_)
135
| Self::AccountDeactivated
···
451
_ => None,
452
}
453
}
454
-
pub fn from_upstream_response(status: u16, body: &[u8]) -> Self {
455
if let Ok(parsed) = serde_json::from_slice::<serde_json::Value>(body) {
456
let error = parsed
457
.get("error")
···
485
match &self {
486
Self::ExpiredToken(_) => {
487
response.headers_mut().insert(
488
-
"WWW-Authenticate",
489
-
"Bearer error=\"invalid_token\", error_description=\"Token has expired\""
490
-
.parse()
491
-
.unwrap(),
492
);
493
}
494
Self::OAuthExpiredToken(_) => {
495
response.headers_mut().insert(
496
-
"WWW-Authenticate",
497
-
"DPoP error=\"invalid_token\", error_description=\"Token has expired\""
498
-
.parse()
499
-
.unwrap(),
500
);
501
}
502
_ => {}
···
721
#[allow(clippy::result_large_err)]
722
pub fn parse_did_option(s: Option<&str>) -> Result<Option<tranquil_types::Did>, Response> {
723
s.map(parse_did).transpose()
724
-
}
725
-
726
-
pub struct AtpJson<T>(pub T);
727
-
728
-
impl<T, S> FromRequest<S> for AtpJson<T>
729
-
where
730
-
T: DeserializeOwned,
731
-
S: Send + Sync,
732
-
{
733
-
type Rejection = (StatusCode, Json<serde_json::Value>);
734
-
735
-
async fn from_request(req: Request, state: &S) -> Result<Self, Self::Rejection> {
736
-
match Json::<T>::from_request(req, state).await {
737
-
Ok(Json(value)) => Ok(AtpJson(value)),
738
-
Err(rejection) => {
739
-
let message = extract_json_error_message(&rejection);
740
-
Err((
741
-
StatusCode::BAD_REQUEST,
742
-
Json(serde_json::json!({
743
-
"error": "InvalidRequest",
744
-
"message": message
745
-
})),
746
-
))
747
-
}
748
-
}
749
-
}
750
-
}
751
-
752
-
fn extract_json_error_message(rejection: &JsonRejection) -> String {
753
-
match rejection {
754
-
JsonRejection::JsonDataError(e) => {
755
-
let inner = e.body_text();
756
-
if inner.contains("missing field") {
757
-
let field = inner
758
-
.split("missing field `")
759
-
.nth(1)
760
-
.and_then(|s| s.split('`').next())
761
-
.unwrap_or("unknown");
762
-
format!("Missing required field: {}", field)
763
-
} else if inner.contains("invalid type") {
764
-
format!("Invalid field type: {}", inner)
765
-
} else {
766
-
inner
767
-
}
768
-
}
769
-
JsonRejection::JsonSyntaxError(_) => "Invalid JSON syntax".to_string(),
770
-
JsonRejection::MissingJsonContentType(_) => {
771
-
"Content-Type must be application/json".to_string()
772
-
}
773
-
JsonRejection::BytesRejection(_) => "Failed to read request body".to_string(),
774
-
_ => "Invalid request body".to_string(),
775
-
}
776
}
777
778
pub trait DbResultExt<T> {
···
1
use axum::{
2
Json,
3
+
http::{HeaderValue, StatusCode},
4
response::{IntoResponse, Response},
5
};
6
+
use serde::Serialize;
7
use std::borrow::Cow;
8
9
#[derive(Debug, Serialize)]
···
102
UpstreamTimeout,
103
UpstreamUnavailable(String),
104
UpstreamError {
105
+
status: StatusCode,
106
error: Option<String>,
107
message: Option<String>,
108
},
···
126
}
127
Self::ServiceUnavailable(_) | Self::BackupsDisabled => StatusCode::SERVICE_UNAVAILABLE,
128
Self::UpstreamTimeout => StatusCode::GATEWAY_TIMEOUT,
129
+
Self::UpstreamError { status, .. } => *status,
130
Self::AuthenticationRequired
131
| Self::AuthenticationFailed(_)
132
| Self::AccountDeactivated
···
448
_ => None,
449
}
450
}
451
+
pub fn from_upstream_response(status: StatusCode, body: &[u8]) -> Self {
452
if let Ok(parsed) = serde_json::from_slice::<serde_json::Value>(body) {
453
let error = parsed
454
.get("error")
···
482
match &self {
483
Self::ExpiredToken(_) => {
484
response.headers_mut().insert(
485
+
http::header::WWW_AUTHENTICATE,
486
+
HeaderValue::from_static(
487
+
"Bearer error=\"invalid_token\", error_description=\"Token has expired\"",
488
+
),
489
);
490
}
491
Self::OAuthExpiredToken(_) => {
492
response.headers_mut().insert(
493
+
http::header::WWW_AUTHENTICATE,
494
+
HeaderValue::from_static(
495
+
"DPoP error=\"invalid_token\", error_description=\"Token has expired\"",
496
+
),
497
);
498
}
499
_ => {}
···
718
#[allow(clippy::result_large_err)]
719
pub fn parse_did_option(s: Option<&str>) -> Result<Option<tranquil_types::Did>, Response> {
720
s.map(parse_did).transpose()
721
}
722
723
pub trait DbResultExt<T> {
+56
-55
crates/tranquil-pds/src/api/identity/account.rs
+56
-55
crates/tranquil-pds/src/api/identity/account.rs
···
5
use crate::plc::{PlcClient, create_genesis_operation, signing_key_to_did_key};
6
use crate::rate_limit::{AccountCreationLimit, RateLimited};
7
use crate::state::AppState;
8
-
use crate::types::{Did, Handle, Nsid, PlainPassword, Rkey};
9
use crate::util::{pds_hostname, pds_hostname_without_port};
10
use crate::validation::validate_password;
11
use axum::{
···
34
pub did: Option<String>,
35
pub did_type: Option<String>,
36
pub signing_key: Option<String>,
37
-
pub verification_channel: Option<String>,
38
pub discord_username: Option<String>,
39
pub telegram_username: Option<String>,
40
pub signal_username: Option<String>,
···
50
pub access_jwt: String,
51
pub refresh_jwt: String,
52
pub verification_required: bool,
53
-
pub verification_channel: String,
54
}
55
56
pub async fn create_account(
···
73
info!("create_account called");
74
}
75
76
-
let migration_auth = if let Some(extracted) =
77
-
extract_auth_token_from_header(crate::util::get_header_str(&headers, "Authorization"))
78
-
{
79
let token = extracted.token;
80
if is_service_token(&token) {
81
let verifier = ServiceTokenVerifier::new();
···
190
{
191
return ApiError::InvalidEmail.into_response();
192
}
193
-
let verification_channel = input.verification_channel.as_deref().unwrap_or("email");
194
-
let valid_channels = ["email", "discord", "telegram", "signal"];
195
-
if !valid_channels.contains(&verification_channel) && !is_migration {
196
-
return ApiError::InvalidVerificationChannel.into_response();
197
-
}
198
let verification_recipient = if is_migration {
199
None
200
} else {
201
Some(match verification_channel {
202
-
"email" => match &input.email {
203
Some(email) if !email.trim().is_empty() => email.trim().to_string(),
204
_ => return ApiError::MissingEmail.into_response(),
205
},
206
-
"discord" => match &input.discord_username {
207
Some(username) if !username.trim().is_empty() => {
208
let clean = username.trim().to_lowercase();
209
if !crate::api::validation::is_valid_discord_username(&clean) {
···
215
}
216
_ => return ApiError::MissingDiscordId.into_response(),
217
},
218
-
"telegram" => match &input.telegram_username {
219
Some(username) if !username.trim().is_empty() => {
220
let clean = username.trim().trim_start_matches('@');
221
if !crate::api::validation::is_valid_telegram_username(clean) {
···
227
}
228
_ => return ApiError::MissingTelegramUsername.into_response(),
229
},
230
-
"signal" => match &input.signal_username {
231
Some(username) if !username.trim().is_empty() => {
232
username.trim().trim_start_matches('@').to_lowercase()
233
}
234
_ => return ApiError::MissingSignalNumber.into_response(),
235
},
236
-
_ => return ApiError::InvalidVerificationChannel.into_response(),
237
})
238
};
239
let hostname = pds_hostname();
···
304
&& let Err(e) =
305
verify_did_web(d, hostname, &input.handle, input.signing_key.as_deref()).await
306
{
307
-
return ApiError::InvalidDid(e).into_response();
308
}
309
info!(did = %d, "Creating external did:web account");
310
d.clone()
···
320
verify_did_web(d, hostname, &input.handle, input.signing_key.as_deref())
321
.await
322
{
323
-
return ApiError::InvalidDid(e).into_response();
324
}
325
d.clone()
326
} else if !d.trim().is_empty() {
···
397
}
398
};
399
if is_migration {
400
let reactivate_input = tranquil_db_traits::MigrationReactivationInput {
401
-
did: unsafe { Did::new_unchecked(&did) },
402
-
new_handle: unsafe { Handle::new_unchecked(&handle) },
403
new_email: email.clone(),
404
};
405
match state
···
453
}
454
};
455
let session_data = tranquil_db_traits::SessionTokenCreate {
456
-
did: unsafe { Did::new_unchecked(&did) },
457
access_jti: access_meta.jti.clone(),
458
refresh_jti: refresh_meta.jti.clone(),
459
access_expires_at: access_meta.expires_at,
···
470
}
471
let hostname = pds_hostname();
472
let verification_required = if let Some(ref user_email) = email {
473
-
let token =
474
-
crate::auth::verification_token::generate_migration_token(&did, user_email);
475
let formatted_token =
476
crate::auth::verification_token::format_token_for_display(&token);
477
if let Err(e) = crate::comms::comms_repo::enqueue_migration_verification(
···
494
axum::http::StatusCode::OK,
495
Json(CreateAccountOutput {
496
handle: handle.clone().into(),
497
-
did: unsafe { Did::new_unchecked(&did) },
498
did_doc: state.did_resolver.resolve_did_document(&did).await,
499
access_jwt: access_meta.token,
500
refresh_jwt: refresh_meta.token,
501
verification_required,
502
-
verification_channel: "email".to_string(),
503
}),
504
)
505
.into_response();
···
518
}
519
}
520
521
-
let handle_typed = unsafe { Handle::new_unchecked(&handle) };
522
let handle_available = match state
523
.user_repo
524
.check_handle_available_for_new_account(&handle_typed)
···
534
return ApiError::HandleTaken.into_response();
535
}
536
537
-
let invite_code_required = std::env::var("INVITE_CODE_REQUIRED")
538
-
.map(|v| v == "true" || v == "1")
539
-
.unwrap_or(false);
540
if invite_code_required
541
&& input
542
.invite_code
···
602
}
603
};
604
let rev = Tid::now(LimitedU32::MIN);
605
-
let did_for_commit = unsafe { Did::new_unchecked(&did) };
606
let (commit_bytes, _sig) =
607
match create_signed_commit(&did_for_commit, mst_root, rev.as_ref(), None, &signing_key) {
608
Ok(result) => result,
···
629
})
630
});
631
632
-
let preferred_comms_channel = match verification_channel {
633
-
"email" => tranquil_db_traits::CommsChannel::Email,
634
-
"discord" => tranquil_db_traits::CommsChannel::Discord,
635
-
"telegram" => tranquil_db_traits::CommsChannel::Telegram,
636
-
"signal" => tranquil_db_traits::CommsChannel::Signal,
637
-
_ => tranquil_db_traits::CommsChannel::Email,
638
-
};
639
640
let create_input = tranquil_db_traits::CreatePasswordAccountInput {
641
-
handle: unsafe { Handle::new_unchecked(&handle) },
642
email: email.clone(),
643
-
did: unsafe { Did::new_unchecked(&did) },
644
password_hash,
645
preferred_comms_channel,
646
discord_username: input
···
689
};
690
let user_id = create_result.user_id;
691
if !is_migration && !is_did_web_byod {
692
-
let did_typed = unsafe { Did::new_unchecked(&did) };
693
-
let handle_typed = unsafe { Handle::new_unchecked(&handle) };
694
if let Err(e) = crate::api::repo::record::sequence_identity_event(
695
&state,
696
-
&did_typed,
697
Some(&handle_typed),
698
)
699
.await
···
702
}
703
if let Err(e) = crate::api::repo::record::sequence_account_event(
704
&state,
705
-
&did_typed,
706
tranquil_db_traits::AccountStatus::Active,
707
)
708
.await
···
711
}
712
if let Err(e) = crate::api::repo::record::sequence_genesis_commit(
713
&state,
714
-
&did_typed,
715
&commit_cid,
716
&mst_root,
717
&rev_str,
···
722
}
723
if let Err(e) = crate::api::repo::record::sequence_sync_event(
724
&state,
725
-
&did_typed,
726
&commit_cid_str,
727
Some(rev.as_ref()),
728
)
···
734
"$type": "app.bsky.actor.profile",
735
"displayName": input.handle
736
});
737
-
let profile_collection = unsafe { Nsid::new_unchecked("app.bsky.actor.profile") };
738
-
let profile_rkey = unsafe { Rkey::new_unchecked("self") };
739
if let Err(e) = crate::api::repo::record::create_record_internal(
740
&state,
741
-
&did_typed,
742
-
&profile_collection,
743
-
&profile_rkey,
744
&profile_record,
745
)
746
.await
···
752
if !is_migration {
753
if let Some(ref recipient) = verification_recipient {
754
let verification_token = crate::auth::verification_token::generate_signup_token(
755
-
&did,
756
verification_channel,
757
recipient,
758
);
···
776
}
777
}
778
} else if let Some(ref user_email) = email {
779
-
let token = crate::auth::verification_token::generate_migration_token(&did, user_email);
780
let formatted_token = crate::auth::verification_token::format_token_for_display(&token);
781
if let Err(e) = crate::comms::comms_repo::enqueue_migration_verification(
782
state.user_repo.as_ref(),
···
809
}
810
};
811
let session_data = tranquil_db_traits::SessionTokenCreate {
812
-
did: unsafe { Did::new_unchecked(&did) },
813
access_jti: access_meta.jti.clone(),
814
refresh_jti: refresh_meta.jti.clone(),
815
access_expires_at: access_meta.expires_at,
···
838
StatusCode::OK,
839
Json(CreateAccountOutput {
840
handle: handle.clone().into(),
841
-
did: unsafe { Did::new_unchecked(&did) },
842
did_doc,
843
access_jwt: access_meta.token,
844
refresh_jwt: refresh_meta.token,
845
verification_required: !is_migration,
846
-
verification_channel: verification_channel.to_string(),
847
}),
848
)
849
.into_response()
···
5
use crate::plc::{PlcClient, create_genesis_operation, signing_key_to_did_key};
6
use crate::rate_limit::{AccountCreationLimit, RateLimited};
7
use crate::state::AppState;
8
+
use crate::types::{Did, Handle, PlainPassword};
9
use crate::util::{pds_hostname, pds_hostname_without_port};
10
use crate::validation::validate_password;
11
use axum::{
···
34
pub did: Option<String>,
35
pub did_type: Option<String>,
36
pub signing_key: Option<String>,
37
+
pub verification_channel: Option<tranquil_db_traits::CommsChannel>,
38
pub discord_username: Option<String>,
39
pub telegram_username: Option<String>,
40
pub signal_username: Option<String>,
···
50
pub access_jwt: String,
51
pub refresh_jwt: String,
52
pub verification_required: bool,
53
+
pub verification_channel: tranquil_db_traits::CommsChannel,
54
}
55
56
pub async fn create_account(
···
73
info!("create_account called");
74
}
75
76
+
let migration_auth = if let Some(extracted) = extract_auth_token_from_header(
77
+
crate::util::get_header_str(&headers, http::header::AUTHORIZATION),
78
+
) {
79
let token = extracted.token;
80
if is_service_token(&token) {
81
let verifier = ServiceTokenVerifier::new();
···
190
{
191
return ApiError::InvalidEmail.into_response();
192
}
193
+
let verification_channel = input
194
+
.verification_channel
195
+
.unwrap_or(tranquil_db_traits::CommsChannel::Email);
196
let verification_recipient = if is_migration {
197
None
198
} else {
199
Some(match verification_channel {
200
+
tranquil_db_traits::CommsChannel::Email => match &input.email {
201
Some(email) if !email.trim().is_empty() => email.trim().to_string(),
202
_ => return ApiError::MissingEmail.into_response(),
203
},
204
+
tranquil_db_traits::CommsChannel::Discord => match &input.discord_username {
205
Some(username) if !username.trim().is_empty() => {
206
let clean = username.trim().to_lowercase();
207
if !crate::api::validation::is_valid_discord_username(&clean) {
···
213
}
214
_ => return ApiError::MissingDiscordId.into_response(),
215
},
216
+
tranquil_db_traits::CommsChannel::Telegram => match &input.telegram_username {
217
Some(username) if !username.trim().is_empty() => {
218
let clean = username.trim().trim_start_matches('@');
219
if !crate::api::validation::is_valid_telegram_username(clean) {
···
225
}
226
_ => return ApiError::MissingTelegramUsername.into_response(),
227
},
228
+
tranquil_db_traits::CommsChannel::Signal => match &input.signal_username {
229
Some(username) if !username.trim().is_empty() => {
230
username.trim().trim_start_matches('@').to_lowercase()
231
}
232
_ => return ApiError::MissingSignalNumber.into_response(),
233
},
234
})
235
};
236
let hostname = pds_hostname();
···
301
&& let Err(e) =
302
verify_did_web(d, hostname, &input.handle, input.signing_key.as_deref()).await
303
{
304
+
return ApiError::InvalidDid(e.to_string()).into_response();
305
}
306
info!(did = %d, "Creating external did:web account");
307
d.clone()
···
317
verify_did_web(d, hostname, &input.handle, input.signing_key.as_deref())
318
.await
319
{
320
+
return ApiError::InvalidDid(e.to_string()).into_response();
321
}
322
d.clone()
323
} else if !d.trim().is_empty() {
···
394
}
395
};
396
if is_migration {
397
+
let did_typed: Did = match did.parse() {
398
+
Ok(d) => d,
399
+
Err(_) => return ApiError::InternalError(Some("Invalid DID".into())).into_response(),
400
+
};
401
+
let handle_typed: Handle = match handle.parse() {
402
+
Ok(h) => h,
403
+
Err(_) => return ApiError::InvalidHandle(None).into_response(),
404
+
};
405
let reactivate_input = tranquil_db_traits::MigrationReactivationInput {
406
+
did: did_typed.clone(),
407
+
new_handle: handle_typed.clone(),
408
new_email: email.clone(),
409
};
410
match state
···
458
}
459
};
460
let session_data = tranquil_db_traits::SessionTokenCreate {
461
+
did: did_typed.clone(),
462
access_jti: access_meta.jti.clone(),
463
refresh_jti: refresh_meta.jti.clone(),
464
access_expires_at: access_meta.expires_at,
···
475
}
476
let hostname = pds_hostname();
477
let verification_required = if let Some(ref user_email) = email {
478
+
let token = crate::auth::verification_token::generate_migration_token(
479
+
&did_typed, user_email,
480
+
);
481
let formatted_token =
482
crate::auth::verification_token::format_token_for_display(&token);
483
if let Err(e) = crate::comms::comms_repo::enqueue_migration_verification(
···
500
axum::http::StatusCode::OK,
501
Json(CreateAccountOutput {
502
handle: handle.clone().into(),
503
+
did: did_typed.clone(),
504
did_doc: state.did_resolver.resolve_did_document(&did).await,
505
access_jwt: access_meta.token,
506
refresh_jwt: refresh_meta.token,
507
verification_required,
508
+
verification_channel: tranquil_db_traits::CommsChannel::Email,
509
}),
510
)
511
.into_response();
···
524
}
525
}
526
527
+
let handle_typed: Handle = match handle.parse() {
528
+
Ok(h) => h,
529
+
Err(_) => return ApiError::InvalidHandle(None).into_response(),
530
+
};
531
let handle_available = match state
532
.user_repo
533
.check_handle_available_for_new_account(&handle_typed)
···
543
return ApiError::HandleTaken.into_response();
544
}
545
546
+
let invite_code_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED");
547
if invite_code_required
548
&& input
549
.invite_code
···
609
}
610
};
611
let rev = Tid::now(LimitedU32::MIN);
612
+
let did_for_commit: Did = match did.parse() {
613
+
Ok(d) => d,
614
+
Err(_) => return ApiError::InternalError(Some("Invalid DID".into())).into_response(),
615
+
};
616
let (commit_bytes, _sig) =
617
match create_signed_commit(&did_for_commit, mst_root, rev.as_ref(), None, &signing_key) {
618
Ok(result) => result,
···
639
})
640
});
641
642
+
let preferred_comms_channel = verification_channel;
643
644
let create_input = tranquil_db_traits::CreatePasswordAccountInput {
645
+
handle: handle_typed.clone(),
646
email: email.clone(),
647
+
did: did_for_commit.clone(),
648
password_hash,
649
preferred_comms_channel,
650
discord_username: input
···
693
};
694
let user_id = create_result.user_id;
695
if !is_migration && !is_did_web_byod {
696
if let Err(e) = crate::api::repo::record::sequence_identity_event(
697
&state,
698
+
&did_for_commit,
699
Some(&handle_typed),
700
)
701
.await
···
704
}
705
if let Err(e) = crate::api::repo::record::sequence_account_event(
706
&state,
707
+
&did_for_commit,
708
tranquil_db_traits::AccountStatus::Active,
709
)
710
.await
···
713
}
714
if let Err(e) = crate::api::repo::record::sequence_genesis_commit(
715
&state,
716
+
&did_for_commit,
717
&commit_cid,
718
&mst_root,
719
&rev_str,
···
724
}
725
if let Err(e) = crate::api::repo::record::sequence_sync_event(
726
&state,
727
+
&did_for_commit,
728
&commit_cid_str,
729
Some(rev.as_ref()),
730
)
···
736
"$type": "app.bsky.actor.profile",
737
"displayName": input.handle
738
});
739
if let Err(e) = crate::api::repo::record::create_record_internal(
740
&state,
741
+
&did_for_commit,
742
+
&crate::types::PROFILE_COLLECTION,
743
+
&crate::types::PROFILE_RKEY,
744
&profile_record,
745
)
746
.await
···
752
if !is_migration {
753
if let Some(ref recipient) = verification_recipient {
754
let verification_token = crate::auth::verification_token::generate_signup_token(
755
+
&did_for_commit,
756
verification_channel,
757
recipient,
758
);
···
776
}
777
}
778
} else if let Some(ref user_email) = email {
779
+
let token =
780
+
crate::auth::verification_token::generate_migration_token(&did_for_commit, user_email);
781
let formatted_token = crate::auth::verification_token::format_token_for_display(&token);
782
if let Err(e) = crate::comms::comms_repo::enqueue_migration_verification(
783
state.user_repo.as_ref(),
···
810
}
811
};
812
let session_data = tranquil_db_traits::SessionTokenCreate {
813
+
did: did_for_commit.clone(),
814
access_jti: access_meta.jti.clone(),
815
refresh_jti: refresh_meta.jti.clone(),
816
access_expires_at: access_meta.expires_at,
···
839
StatusCode::OK,
840
Json(CreateAccountOutput {
841
handle: handle.clone().into(),
842
+
did: did_for_commit,
843
did_doc,
844
access_jwt: access_meta.token,
845
refresh_jwt: refresh_meta.token,
846
verification_required: !is_migration,
847
+
verification_channel,
848
}),
849
)
850
.into_response()
+100
-52
crates/tranquil-pds/src/api/identity/did.rs
+100
-52
crates/tranquil-pds/src/api/identity/did.rs
···
42
if handle_str.is_empty() {
43
return ApiError::InvalidRequest("handle is required".into()).into_response();
44
}
45
-
let cache_key = format!("handle:{}", handle_str);
46
if let Some(did) = state.cache.get(&cache_key).await {
47
return DidResponse::response(did).into_response();
48
}
···
78
}
79
}
80
81
-
pub fn get_jwk(key_bytes: &[u8]) -> Result<serde_json::Value, &'static str> {
82
-
let secret_key = SecretKey::from_slice(key_bytes).map_err(|_| "Invalid key length")?;
83
let public_key = secret_key.public_key();
84
let encoded = public_key.to_encoded_point(false);
85
-
let x = encoded.x().ok_or("Missing x coordinate")?;
86
-
let y = encoded.y().ok_or("Missing y coordinate")?;
87
let x_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(x);
88
let y_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(y);
89
Ok(json!({
···
94
}))
95
}
96
97
-
pub fn get_public_key_multibase(key_bytes: &[u8]) -> Result<String, &'static str> {
98
-
let secret_key = SecretKey::from_slice(key_bytes).map_err(|_| "Invalid key length")?;
99
let public_key = secret_key.public_key();
100
let compressed = public_key.to_encoded_point(true);
101
let compressed_bytes = compressed.as_bytes();
···
107
pub async fn well_known_did(State(state): State<AppState>, headers: HeaderMap) -> Response {
108
let hostname = pds_hostname();
109
let hostname_without_port = pds_hostname_without_port();
110
-
let host_header = get_header_str(&headers, "host").unwrap_or(hostname);
111
let host_without_port = host_header.split(':').next().unwrap_or(host_header);
112
if host_without_port != hostname_without_port
113
&& host_without_port.ends_with(&format!(".{}", hostname_without_port))
···
127
"id": did,
128
"service": [{
129
"id": "#atproto_pds",
130
-
"type": "AtprotoPersonalDataServer",
131
"serviceEndpoint": format!("https://{}", hostname)
132
}]
133
}))
···
197
})).collect::<Vec<_>>(),
198
"service": [{
199
"id": "#atproto_pds",
200
-
"type": "AtprotoPersonalDataServer",
201
"serviceEndpoint": service_endpoint
202
}]
203
}))
···
250
}],
251
"service": [{
252
"id": "#atproto_pds",
253
-
"type": "AtprotoPersonalDataServer",
254
"serviceEndpoint": service_endpoint
255
}]
256
}))
···
332
})).collect::<Vec<_>>(),
333
"service": [{
334
"id": "#atproto_pds",
335
-
"type": "AtprotoPersonalDataServer",
336
"serviceEndpoint": service_endpoint
337
}]
338
}))
···
385
}],
386
"service": [{
387
"id": "#atproto_pds",
388
-
"type": "AtprotoPersonalDataServer",
389
"serviceEndpoint": service_endpoint
390
}]
391
}))
392
.into_response()
393
}
394
395
pub async fn verify_did_web(
396
did: &str,
397
hostname: &str,
398
handle: &str,
399
expected_signing_key: Option<&str>,
400
-
) -> Result<(), String> {
401
let hostname_for_handles = hostname.split(':').next().unwrap_or(hostname);
402
let subdomain_host = format!("{}.{}", handle, hostname_for_handles);
403
let encoded_subdomain = subdomain_host.replace(':', "%3A");
···
413
if did.starts_with(&expected_prefix) {
414
let suffix = &did[expected_prefix.len()..];
415
let expected_suffix = format!(":u:{}", handle);
416
-
if suffix == expected_suffix {
417
-
return Ok(());
418
} else {
419
-
return Err(format!(
420
-
"Invalid DID path for this PDS. Expected {}",
421
-
expected_suffix
422
-
));
423
-
}
424
}
425
-
let expected_signing_key = expected_signing_key.ok_or_else(|| {
426
-
"External did:web requires a pre-reserved signing key. Call com.atproto.server.reserveSigningKey first, configure your DID document with the returned key, then provide the signingKey in createAccount.".to_string()
427
-
})?;
428
let parts: Vec<&str> = did.split(':').collect();
429
if parts.len() < 3 || parts[0] != "did" || parts[1] != "web" {
430
-
return Err("Invalid did:web format".into());
431
}
432
let domain_segment = parts[2];
433
let domain = domain_segment.replace("%3A", ":");
···
447
.get(&url)
448
.send()
449
.await
450
-
.map_err(|e| format!("Failed to fetch DID doc: {}", e))?;
451
if !resp.status().is_success() {
452
-
return Err(format!("Failed to fetch DID doc: HTTP {}", resp.status()));
453
}
454
let doc: serde_json::Value = resp
455
.json()
456
.await
457
-
.map_err(|e| format!("Failed to parse DID doc: {}", e))?;
458
let services = doc["service"]
459
.as_array()
460
-
.ok_or("No services found in DID doc")?;
461
let pds_endpoint = format!("https://{}", hostname);
462
-
let has_valid_service = services
463
-
.iter()
464
-
.any(|s| s["type"] == "AtprotoPersonalDataServer" && s["serviceEndpoint"] == pds_endpoint);
465
if !has_valid_service {
466
-
return Err(format!(
467
-
"DID document does not list this PDS ({}) as AtprotoPersonalDataServer",
468
-
pds_endpoint
469
-
));
470
}
471
-
let verification_methods = doc["verificationMethod"]
472
-
.as_array()
473
-
.ok_or("No verificationMethod found in DID doc")?;
474
let expected_multibase = expected_signing_key
475
.strip_prefix("did:key:")
476
-
.ok_or("Invalid signing key format")?;
477
let has_matching_key = verification_methods.iter().any(|vm| {
478
vm["publicKeyMultibase"]
479
.as_str()
480
-
.map(|pk| pk == expected_multibase)
481
-
.unwrap_or(false)
482
});
483
if !has_matching_key {
484
-
return Err(format!(
485
-
"DID document verification key does not match reserved signing key. Expected publicKeyMultibase: {}",
486
-
expected_multibase
487
));
488
}
489
Ok(())
···
559
verification_methods: VerificationMethods { atproto: did_key },
560
services: Services {
561
atproto_pds: AtprotoPds {
562
-
service_type: "AtprotoPersonalDataServer".to_string(),
563
endpoint: pds_endpoint,
564
},
565
},
···
579
Json(input): Json<UpdateHandleInput>,
580
) -> Result<Response, ApiError> {
581
if let Err(e) = crate::auth::scope_check::check_identity_scope(
582
-
auth.is_oauth(),
583
auth.scope.as_deref(),
584
crate::oauth::scopes::IdentityAttr::Handle,
585
) {
···
652
format!("{}.{}", new_handle, hostname_for_handles)
653
};
654
if full_handle == current_handle {
655
-
let handle_typed = unsafe { Handle::new_unchecked(&full_handle) };
656
if let Err(e) =
657
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed))
658
.await
···
675
full_handle
676
} else {
677
if new_handle == current_handle {
678
-
let handle_typed = unsafe { Handle::new_unchecked(&new_handle) };
679
if let Err(e) =
680
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed))
681
.await
···
728
if !current_handle.is_empty() {
729
let _ = state
730
.cache
731
-
.delete(&format!("handle:{}", current_handle))
732
.await;
733
}
734
-
let _ = state.cache.delete(&format!("handle:{}", handle)).await;
735
if let Err(e) =
736
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed)).await
737
{
···
768
}
769
770
pub async fn well_known_atproto_did(State(state): State<AppState>, headers: HeaderMap) -> Response {
771
-
let host = match crate::util::get_header_str(&headers, "host") {
772
Some(h) => h,
773
None => return (StatusCode::BAD_REQUEST, "Missing host header").into_response(),
774
};
···
42
if handle_str.is_empty() {
43
return ApiError::InvalidRequest("handle is required".into()).into_response();
44
}
45
+
let cache_key = crate::cache_keys::handle_key(handle_str);
46
if let Some(did) = state.cache.get(&cache_key).await {
47
return DidResponse::response(did).into_response();
48
}
···
78
}
79
}
80
81
+
#[derive(Debug)]
82
+
pub enum KeyError {
83
+
InvalidKeyLength,
84
+
MissingCoordinate,
85
+
}
86
+
87
+
impl std::fmt::Display for KeyError {
88
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
89
+
match self {
90
+
Self::InvalidKeyLength => write!(f, "invalid key length"),
91
+
Self::MissingCoordinate => write!(f, "missing elliptic curve coordinate"),
92
+
}
93
+
}
94
+
}
95
+
96
+
impl std::error::Error for KeyError {}
97
+
98
+
pub fn get_jwk(key_bytes: &[u8]) -> Result<serde_json::Value, KeyError> {
99
+
let secret_key = SecretKey::from_slice(key_bytes).map_err(|_| KeyError::InvalidKeyLength)?;
100
let public_key = secret_key.public_key();
101
let encoded = public_key.to_encoded_point(false);
102
+
let x = encoded.x().ok_or(KeyError::MissingCoordinate)?;
103
+
let y = encoded.y().ok_or(KeyError::MissingCoordinate)?;
104
let x_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(x);
105
let y_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(y);
106
Ok(json!({
···
111
}))
112
}
113
114
+
pub fn get_public_key_multibase(key_bytes: &[u8]) -> Result<String, KeyError> {
115
+
let secret_key = SecretKey::from_slice(key_bytes).map_err(|_| KeyError::InvalidKeyLength)?;
116
let public_key = secret_key.public_key();
117
let compressed = public_key.to_encoded_point(true);
118
let compressed_bytes = compressed.as_bytes();
···
124
pub async fn well_known_did(State(state): State<AppState>, headers: HeaderMap) -> Response {
125
let hostname = pds_hostname();
126
let hostname_without_port = pds_hostname_without_port();
127
+
let host_header = get_header_str(&headers, http::header::HOST).unwrap_or(hostname);
128
let host_without_port = host_header.split(':').next().unwrap_or(host_header);
129
if host_without_port != hostname_without_port
130
&& host_without_port.ends_with(&format!(".{}", hostname_without_port))
···
144
"id": did,
145
"service": [{
146
"id": "#atproto_pds",
147
+
"type": crate::plc::ServiceType::Pds.as_str(),
148
"serviceEndpoint": format!("https://{}", hostname)
149
}]
150
}))
···
214
})).collect::<Vec<_>>(),
215
"service": [{
216
"id": "#atproto_pds",
217
+
"type": crate::plc::ServiceType::Pds.as_str(),
218
"serviceEndpoint": service_endpoint
219
}]
220
}))
···
267
}],
268
"service": [{
269
"id": "#atproto_pds",
270
+
"type": crate::plc::ServiceType::Pds.as_str(),
271
"serviceEndpoint": service_endpoint
272
}]
273
}))
···
349
})).collect::<Vec<_>>(),
350
"service": [{
351
"id": "#atproto_pds",
352
+
"type": crate::plc::ServiceType::Pds.as_str(),
353
"serviceEndpoint": service_endpoint
354
}]
355
}))
···
402
}],
403
"service": [{
404
"id": "#atproto_pds",
405
+
"type": crate::plc::ServiceType::Pds.as_str(),
406
"serviceEndpoint": service_endpoint
407
}]
408
}))
409
.into_response()
410
}
411
412
+
#[derive(Debug, thiserror::Error)]
413
+
pub enum DidWebVerifyError {
414
+
#[error("Invalid did:web format")]
415
+
InvalidFormat,
416
+
#[error("Invalid DID path for this PDS. Expected {0}")]
417
+
InvalidPath(String),
418
+
#[error(
419
+
"External did:web requires a pre-reserved signing key. Call com.atproto.server.reserveSigningKey first, configure your DID document with the returned key, then provide the signingKey in createAccount."
420
+
)]
421
+
MissingSigningKey,
422
+
#[error("Failed to fetch DID doc: {0}")]
423
+
FetchFailed(String),
424
+
#[error("Invalid DID document: {0}")]
425
+
InvalidDocument(String),
426
+
#[error("DID document does not list this PDS ({0}) as AtprotoPersonalDataServer")]
427
+
PdsNotListed(String),
428
+
#[error(
429
+
"DID document verification key does not match reserved signing key. Expected publicKeyMultibase: {0}"
430
+
)]
431
+
KeyMismatch(String),
432
+
#[error("Invalid signing key format")]
433
+
InvalidSigningKey,
434
+
}
435
+
436
pub async fn verify_did_web(
437
did: &str,
438
hostname: &str,
439
handle: &str,
440
expected_signing_key: Option<&str>,
441
+
) -> Result<(), DidWebVerifyError> {
442
let hostname_for_handles = hostname.split(':').next().unwrap_or(hostname);
443
let subdomain_host = format!("{}.{}", handle, hostname_for_handles);
444
let encoded_subdomain = subdomain_host.replace(':', "%3A");
···
454
if did.starts_with(&expected_prefix) {
455
let suffix = &did[expected_prefix.len()..];
456
let expected_suffix = format!(":u:{}", handle);
457
+
return if suffix == expected_suffix {
458
+
Ok(())
459
} else {
460
+
Err(DidWebVerifyError::InvalidPath(expected_suffix))
461
+
};
462
}
463
+
let expected_signing_key = expected_signing_key.ok_or(DidWebVerifyError::MissingSigningKey)?;
464
let parts: Vec<&str> = did.split(':').collect();
465
if parts.len() < 3 || parts[0] != "did" || parts[1] != "web" {
466
+
return Err(DidWebVerifyError::InvalidFormat);
467
}
468
let domain_segment = parts[2];
469
let domain = domain_segment.replace("%3A", ":");
···
483
.get(&url)
484
.send()
485
.await
486
+
.map_err(|e| DidWebVerifyError::FetchFailed(e.to_string()))?;
487
if !resp.status().is_success() {
488
+
return Err(DidWebVerifyError::FetchFailed(format!(
489
+
"HTTP {}",
490
+
resp.status()
491
+
)));
492
}
493
let doc: serde_json::Value = resp
494
.json()
495
.await
496
+
.map_err(|e| DidWebVerifyError::InvalidDocument(e.to_string()))?;
497
let services = doc["service"]
498
.as_array()
499
+
.ok_or(DidWebVerifyError::InvalidDocument(
500
+
"No services found".to_string(),
501
+
))?;
502
let pds_endpoint = format!("https://{}", hostname);
503
+
let has_valid_service = services.iter().any(|s| {
504
+
s["type"] == crate::plc::ServiceType::Pds.as_str() && s["serviceEndpoint"] == pds_endpoint
505
+
});
506
if !has_valid_service {
507
+
return Err(DidWebVerifyError::PdsNotListed(pds_endpoint));
508
}
509
+
let verification_methods =
510
+
doc["verificationMethod"]
511
+
.as_array()
512
+
.ok_or(DidWebVerifyError::InvalidDocument(
513
+
"No verificationMethod found".to_string(),
514
+
))?;
515
let expected_multibase = expected_signing_key
516
.strip_prefix("did:key:")
517
+
.ok_or(DidWebVerifyError::InvalidSigningKey)?;
518
let has_matching_key = verification_methods.iter().any(|vm| {
519
vm["publicKeyMultibase"]
520
.as_str()
521
+
.is_some_and(|pk| pk == expected_multibase)
522
});
523
if !has_matching_key {
524
+
return Err(DidWebVerifyError::KeyMismatch(
525
+
expected_multibase.to_string(),
526
));
527
}
528
Ok(())
···
598
verification_methods: VerificationMethods { atproto: did_key },
599
services: Services {
600
atproto_pds: AtprotoPds {
601
+
service_type: crate::plc::ServiceType::Pds.as_str().to_string(),
602
endpoint: pds_endpoint,
603
},
604
},
···
618
Json(input): Json<UpdateHandleInput>,
619
) -> Result<Response, ApiError> {
620
if let Err(e) = crate::auth::scope_check::check_identity_scope(
621
+
&auth.auth_source,
622
auth.scope.as_deref(),
623
crate::oauth::scopes::IdentityAttr::Handle,
624
) {
···
691
format!("{}.{}", new_handle, hostname_for_handles)
692
};
693
if full_handle == current_handle {
694
+
let handle_typed: Handle = match full_handle.parse() {
695
+
Ok(h) => h,
696
+
Err(_) => return Err(ApiError::InvalidHandle(None)),
697
+
};
698
if let Err(e) =
699
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed))
700
.await
···
717
full_handle
718
} else {
719
if new_handle == current_handle {
720
+
let handle_typed: Handle = match new_handle.parse() {
721
+
Ok(h) => h,
722
+
Err(_) => return Err(ApiError::InvalidHandle(None)),
723
+
};
724
if let Err(e) =
725
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed))
726
.await
···
773
if !current_handle.is_empty() {
774
let _ = state
775
.cache
776
+
.delete(&crate::cache_keys::handle_key(¤t_handle))
777
.await;
778
}
779
+
let _ = state
780
+
.cache
781
+
.delete(&crate::cache_keys::handle_key(&handle))
782
+
.await;
783
if let Err(e) =
784
crate::api::repo::record::sequence_identity_event(&state, &did, Some(&handle_typed)).await
785
{
···
816
}
817
818
pub async fn well_known_atproto_did(State(state): State<AppState>, headers: HeaderMap) -> Response {
819
+
let host = match crate::util::get_header_str(&headers, http::header::HOST) {
820
Some(h) => h,
821
None => return (StatusCode::BAD_REQUEST, "Missing host header").into_response(),
822
};
+2
-10
crates/tranquil-pds/src/api/identity/handle.rs
+2
-10
crates/tranquil-pds/src/api/identity/handle.rs
···
1
-
use crate::api::error::ApiError;
2
use crate::rate_limit::{HandleVerificationLimit, RateLimited};
3
use crate::types::{Did, Handle};
4
use axum::{
···
9
10
#[derive(Deserialize)]
11
pub struct VerifyHandleOwnershipInput {
12
-
pub handle: String,
13
pub did: Did,
14
}
15
···
27
_rate_limit: RateLimited<HandleVerificationLimit>,
28
Json(input): Json<VerifyHandleOwnershipInput>,
29
) -> Response {
30
-
let handle: Handle = match input.handle.parse() {
31
-
Ok(h) => h,
32
-
Err(_) => {
33
-
return ApiError::InvalidHandle(Some("Invalid handle format".into())).into_response();
34
-
}
35
-
};
36
-
37
-
let handle_str = handle.as_str();
38
let did_str = input.did.as_str();
39
40
let dns_mismatch = match crate::handle::resolve_handle_dns(handle_str).await {
···
1
use crate::rate_limit::{HandleVerificationLimit, RateLimited};
2
use crate::types::{Did, Handle};
3
use axum::{
···
8
9
#[derive(Deserialize)]
10
pub struct VerifyHandleOwnershipInput {
11
+
pub handle: Handle,
12
pub did: Did,
13
}
14
···
26
_rate_limit: RateLimited<HandleVerificationLimit>,
27
Json(input): Json<VerifyHandleOwnershipInput>,
28
) -> Response {
29
+
let handle_str = input.handle.as_str();
30
let did_str = input.did.as_str();
31
32
let dns_mismatch = match crate::handle::resolve_handle_dns(handle_str).await {
+1
-1
crates/tranquil-pds/src/api/identity/plc/request.rs
+1
-1
crates/tranquil-pds/src/api/identity/plc/request.rs
+3
-3
crates/tranquil-pds/src/api/identity/plc/sign.rs
+3
-3
crates/tranquil-pds/src/api/identity/plc/sign.rs
···
2
use crate::api::error::DbResultExt;
3
use crate::auth::{Auth, Permissive};
4
use crate::circuit_breaker::with_circuit_breaker;
5
-
use crate::plc::{PlcClient, PlcError, PlcService, create_update_op, sign_operation};
6
use crate::state::AppState;
7
use axum::{
8
Json,
···
30
#[derive(Debug, Deserialize, Clone)]
31
pub struct ServiceInput {
32
#[serde(rename = "type")]
33
-
pub service_type: String,
34
pub endpoint: String,
35
}
36
···
45
Json(input): Json<SignPlcOperationInput>,
46
) -> Result<Response, ApiError> {
47
if let Err(e) = crate::auth::scope_check::check_identity_scope(
48
-
auth.is_oauth(),
49
auth.scope.as_deref(),
50
crate::oauth::scopes::IdentityAttr::Wildcard,
51
) {
···
2
use crate::api::error::DbResultExt;
3
use crate::auth::{Auth, Permissive};
4
use crate::circuit_breaker::with_circuit_breaker;
5
+
use crate::plc::{PlcClient, PlcError, PlcService, ServiceType, create_update_op, sign_operation};
6
use crate::state::AppState;
7
use axum::{
8
Json,
···
30
#[derive(Debug, Deserialize, Clone)]
31
pub struct ServiceInput {
32
#[serde(rename = "type")]
33
+
pub service_type: ServiceType,
34
pub endpoint: String,
35
}
36
···
45
Json(input): Json<SignPlcOperationInput>,
46
) -> Result<Response, ApiError> {
47
if let Err(e) = crate::auth::scope_check::check_identity_scope(
48
+
&auth.auth_source,
49
auth.scope.as_deref(),
50
crate::oauth::scopes::IdentityAttr::Wildcard,
51
) {
+14
-5
crates/tranquil-pds/src/api/identity/plc/submit.rs
+14
-5
crates/tranquil-pds/src/api/identity/plc/submit.rs
···
26
Json(input): Json<SubmitPlcOperationInput>,
27
) -> Result<Response, ApiError> {
28
if let Err(e) = crate::auth::scope_check::check_identity_scope(
29
-
auth.is_oauth(),
30
auth.scope.as_deref(),
31
crate::oauth::scopes::IdentityAttr::Wildcard,
32
) {
···
87
{
88
let service_type = pds.get("type").and_then(|v| v.as_str());
89
let endpoint = pds.get("endpoint").and_then(|v| v.as_str());
90
-
if service_type != Some("AtprotoPersonalDataServer") {
91
return Err(ApiError::InvalidRequest(
92
"Incorrect type on atproto_pds service".into(),
93
));
···
143
warn!("Failed to sequence identity event: {:?}", e);
144
}
145
}
146
-
let _ = state.cache.delete(&format!("handle:{}", user.handle)).await;
147
-
let _ = state.cache.delete(&format!("plc:doc:{}", did)).await;
148
-
let _ = state.cache.delete(&format!("plc:data:{}", did)).await;
149
if state.did_resolver.refresh_did(did).await.is_none() {
150
warn!(did = %did, "Failed to refresh DID cache after PLC update");
151
}
···
26
Json(input): Json<SubmitPlcOperationInput>,
27
) -> Result<Response, ApiError> {
28
if let Err(e) = crate::auth::scope_check::check_identity_scope(
29
+
&auth.auth_source,
30
auth.scope.as_deref(),
31
crate::oauth::scopes::IdentityAttr::Wildcard,
32
) {
···
87
{
88
let service_type = pds.get("type").and_then(|v| v.as_str());
89
let endpoint = pds.get("endpoint").and_then(|v| v.as_str());
90
+
if service_type != Some(crate::plc::ServiceType::Pds.as_str()) {
91
return Err(ApiError::InvalidRequest(
92
"Incorrect type on atproto_pds service".into(),
93
));
···
143
warn!("Failed to sequence identity event: {:?}", e);
144
}
145
}
146
+
let _ = state
147
+
.cache
148
+
.delete(&crate::cache_keys::handle_key(&user.handle))
149
+
.await;
150
+
let _ = state
151
+
.cache
152
+
.delete(&crate::cache_keys::plc_doc_key(did))
153
+
.await;
154
+
let _ = state
155
+
.cache
156
+
.delete(&crate::cache_keys::plc_data_key(did))
157
+
.await;
158
if state.did_resolver.refresh_did(did).await.is_none() {
159
warn!(did = %did, "Failed to refresh DID cache after PLC update");
160
}
+1
-1
crates/tranquil-pds/src/api/mod.rs
+1
-1
crates/tranquil-pds/src/api/mod.rs
···
19
pub mod verification;
20
21
pub use error::ApiError;
22
-
pub use proxy_client::{AtUriParts, proxy_client, validate_at_uri, validate_did, validate_limit};
23
pub use responses::{
24
DidResponse, EmptyResponse, EnabledResponse, HasPasswordResponse, OptionsResponse,
25
StatusResponse, SuccessResponse, TokenRequiredResponse, VerifiedResponse,
···
19
pub mod verification;
20
21
pub use error::ApiError;
22
+
pub use proxy_client::{AtUriParts, proxy_client, validate_at_uri, validate_limit};
23
pub use responses::{
24
DidResponse, EmptyResponse, EnabledResponse, HasPasswordResponse, OptionsResponse,
25
StatusResponse, SuccessResponse, TokenRequiredResponse, VerifiedResponse,
+48
-26
crates/tranquil-pds/src/api/moderation/mod.rs
+48
-26
crates/tranquil-pds/src/api/moderation/mod.rs
···
12
use serde_json::{Value, json};
13
use tracing::{error, info};
14
15
#[derive(Deserialize)]
16
#[serde(rename_all = "camelCase")]
17
pub struct CreateReportInput {
18
-
pub reason_type: String,
19
pub reason: Option<String>,
20
pub subject: Value,
21
}
···
24
#[serde(rename_all = "camelCase")]
25
pub struct CreateReportOutput {
26
pub id: i64,
27
-
pub reason_type: String,
28
pub reason: Option<String>,
29
pub subject: Value,
30
pub reported_by: String,
31
pub created_at: String,
32
}
33
34
-
fn get_report_service_config() -> Option<(String, String)> {
35
let url = std::env::var("REPORT_SERVICE_URL").ok()?;
36
let did = std::env::var("REPORT_SERVICE_DID").ok()?;
37
if url.is_empty() || did.is_empty() {
38
return None;
39
}
40
-
Some((url, did))
41
}
42
43
pub async fn create_report(
···
47
) -> Response {
48
let did = &auth.did;
49
50
-
if let Some((service_url, service_did)) = get_report_service_config() {
51
-
return proxy_to_report_service(&state, &auth, &service_url, &service_did, &input).await;
52
}
53
54
create_report_locally(&state, did, auth.status.is_takendown(), input).await
···
177
is_takendown: bool,
178
input: CreateReportInput,
179
) -> Response {
180
-
const REASON_APPEAL: &str = "com.atproto.moderation.defs#reasonAppeal";
181
-
182
-
if is_takendown && input.reason_type != REASON_APPEAL {
183
return ApiError::InvalidRequest("Report not accepted from takendown account".into())
184
.into_response();
185
}
186
187
-
let valid_reason_types = [
188
-
"com.atproto.moderation.defs#reasonSpam",
189
-
"com.atproto.moderation.defs#reasonViolation",
190
-
"com.atproto.moderation.defs#reasonMisleading",
191
-
"com.atproto.moderation.defs#reasonSexual",
192
-
"com.atproto.moderation.defs#reasonRude",
193
-
"com.atproto.moderation.defs#reasonOther",
194
-
REASON_APPEAL,
195
-
];
196
-
197
-
if !valid_reason_types.contains(&input.reason_type.as_str()) {
198
-
return ApiError::InvalidRequest("Invalid reasonType".into()).into_response();
199
-
}
200
-
201
let created_at = chrono::Utc::now();
202
-
let report_id = (uuid::Uuid::now_v7().as_u128() & 0x7FFF_FFFF_FFFF_FFFF) as i64;
203
let subject_json = json!(input.subject);
204
205
if let Err(e) = state
206
.infra_repo
207
.insert_report(
208
report_id,
209
-
&input.reason_type,
210
input.reason.as_deref(),
211
subject_json,
212
did,
···
221
info!(
222
report_id = %report_id,
223
reported_by = %did,
224
-
reason_type = %input.reason_type,
225
"Report created locally (no report service configured)"
226
);
227
···
12
use serde_json::{Value, json};
13
use tracing::{error, info};
14
15
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
16
+
pub enum ReportReasonType {
17
+
#[serde(rename = "com.atproto.moderation.defs#reasonSpam")]
18
+
Spam,
19
+
#[serde(rename = "com.atproto.moderation.defs#reasonViolation")]
20
+
Violation,
21
+
#[serde(rename = "com.atproto.moderation.defs#reasonMisleading")]
22
+
Misleading,
23
+
#[serde(rename = "com.atproto.moderation.defs#reasonSexual")]
24
+
Sexual,
25
+
#[serde(rename = "com.atproto.moderation.defs#reasonRude")]
26
+
Rude,
27
+
#[serde(rename = "com.atproto.moderation.defs#reasonOther")]
28
+
Other,
29
+
#[serde(rename = "com.atproto.moderation.defs#reasonAppeal")]
30
+
Appeal,
31
+
}
32
+
33
+
impl ReportReasonType {
34
+
pub fn as_str(self) -> &'static str {
35
+
match self {
36
+
Self::Spam => "com.atproto.moderation.defs#reasonSpam",
37
+
Self::Violation => "com.atproto.moderation.defs#reasonViolation",
38
+
Self::Misleading => "com.atproto.moderation.defs#reasonMisleading",
39
+
Self::Sexual => "com.atproto.moderation.defs#reasonSexual",
40
+
Self::Rude => "com.atproto.moderation.defs#reasonRude",
41
+
Self::Other => "com.atproto.moderation.defs#reasonOther",
42
+
Self::Appeal => "com.atproto.moderation.defs#reasonAppeal",
43
+
}
44
+
}
45
+
}
46
+
47
#[derive(Deserialize)]
48
#[serde(rename_all = "camelCase")]
49
pub struct CreateReportInput {
50
+
pub reason_type: ReportReasonType,
51
pub reason: Option<String>,
52
pub subject: Value,
53
}
···
56
#[serde(rename_all = "camelCase")]
57
pub struct CreateReportOutput {
58
pub id: i64,
59
+
pub reason_type: ReportReasonType,
60
pub reason: Option<String>,
61
pub subject: Value,
62
pub reported_by: String,
63
pub created_at: String,
64
}
65
66
+
struct ReportServiceConfig {
67
+
url: String,
68
+
did: String,
69
+
}
70
+
71
+
fn get_report_service_config() -> Option<ReportServiceConfig> {
72
let url = std::env::var("REPORT_SERVICE_URL").ok()?;
73
let did = std::env::var("REPORT_SERVICE_DID").ok()?;
74
if url.is_empty() || did.is_empty() {
75
return None;
76
}
77
+
Some(ReportServiceConfig { url, did })
78
}
79
80
pub async fn create_report(
···
84
) -> Response {
85
let did = &auth.did;
86
87
+
if let Some(config) = get_report_service_config() {
88
+
return proxy_to_report_service(&state, &auth, &config.url, &config.did, &input).await;
89
}
90
91
create_report_locally(&state, did, auth.status.is_takendown(), input).await
···
214
is_takendown: bool,
215
input: CreateReportInput,
216
) -> Response {
217
+
if is_takendown && input.reason_type != ReportReasonType::Appeal {
218
return ApiError::InvalidRequest("Report not accepted from takendown account".into())
219
.into_response();
220
}
221
222
let created_at = chrono::Utc::now();
223
+
let report_id = i64::try_from(uuid::Uuid::now_v7().as_u128() & 0x7FFF_FFFF_FFFF_FFFF)
224
+
.expect("masked to 63 bits, always fits i64");
225
let subject_json = json!(input.subject);
226
227
if let Err(e) = state
228
.infra_repo
229
.insert_report(
230
report_id,
231
+
input.reason_type.as_str(),
232
input.reason.as_deref(),
233
subject_json,
234
did,
···
243
info!(
244
report_id = %report_id,
245
reported_by = %did,
246
+
reason_type = input.reason_type.as_str(),
247
"Report created locally (no report service configured)"
248
);
249
+100
-103
crates/tranquil-pds/src/api/notification_prefs.rs
+100
-103
crates/tranquil-pds/src/api/notification_prefs.rs
···
11
use serde_json::json;
12
use tracing::info;
13
use tranquil_db_traits::{CommsChannel, CommsStatus, CommsType};
14
15
#[derive(Serialize)]
16
#[serde(rename_all = "camelCase")]
···
130
pub struct UpdateNotificationPrefsResponse {
131
pub success: bool,
132
#[serde(skip_serializing_if = "Vec::is_empty")]
133
-
pub verification_required: Vec<String>,
134
}
135
136
pub async fn request_channel_verification(
137
state: &AppState,
138
user_id: uuid::Uuid,
139
-
did: &str,
140
-
channel: &str,
141
identifier: &str,
142
handle: Option<&str>,
143
-
) -> Result<String, String> {
144
let token =
145
crate::auth::verification_token::generate_channel_update_token(did, channel, identifier);
146
let formatted_token = crate::auth::verification_token::format_token_for_display(&token);
147
148
-
if channel == "email" {
149
-
let hostname = pds_hostname();
150
-
let handle_str = handle.unwrap_or("user");
151
-
crate::comms::comms_repo::enqueue_email_update(
152
-
state.infra_repo.as_ref(),
153
-
user_id,
154
-
identifier,
155
-
handle_str,
156
-
&formatted_token,
157
-
hostname,
158
-
)
159
-
.await
160
-
.map_err(|e| format!("Failed to enqueue email notification: {}", e))?;
161
-
} else {
162
-
let comms_channel = match channel {
163
-
"discord" => tranquil_db_traits::CommsChannel::Discord,
164
-
"telegram" => tranquil_db_traits::CommsChannel::Telegram,
165
-
"signal" => tranquil_db_traits::CommsChannel::Signal,
166
-
_ => return Err("Invalid channel".to_string()),
167
-
};
168
-
let hostname = pds_hostname();
169
-
let encoded_token = urlencoding::encode(&formatted_token);
170
-
let encoded_identifier = urlencoding::encode(identifier);
171
-
let verify_link = format!(
172
-
"https://{}/app/verify?token={}&identifier={}",
173
-
hostname, encoded_token, encoded_identifier
174
-
);
175
-
let prefs = state
176
-
.user_repo
177
-
.get_comms_prefs(user_id)
178
.await
179
-
.ok()
180
-
.flatten();
181
-
let locale = prefs
182
-
.as_ref()
183
-
.and_then(|p| p.preferred_locale.as_deref())
184
-
.unwrap_or("en");
185
-
let strings = crate::comms::get_strings(locale);
186
-
let body = crate::comms::format_message(
187
-
strings.channel_verification_body,
188
-
&[("code", &formatted_token), ("verify_link", &verify_link)],
189
-
);
190
-
let subject = crate::comms::format_message(
191
-
strings.channel_verification_subject,
192
-
&[("hostname", hostname)],
193
-
);
194
-
let recipient = match comms_channel {
195
-
tranquil_db_traits::CommsChannel::Telegram => state
196
.user_repo
197
-
.get_telegram_chat_id(user_id)
198
.await
199
.ok()
200
-
.flatten()
201
-
.map(|id| id.to_string())
202
-
.unwrap_or_else(|| identifier.to_string()),
203
-
_ => identifier.to_string(),
204
-
};
205
-
state
206
-
.infra_repo
207
-
.enqueue_comms(
208
-
Some(user_id),
209
-
comms_channel,
210
-
tranquil_db_traits::CommsType::ChannelVerification,
211
-
&recipient,
212
-
Some(&subject),
213
-
&body,
214
-
Some(json!({"code": formatted_token})),
215
-
)
216
-
.await
217
-
.map_err(|e| format!("Failed to enqueue notification: {}", e))?;
218
}
219
220
Ok(token)
···
246
let effective_channel = input
247
.preferred_channel
248
.as_deref()
249
-
.map(|ch| match ch {
250
-
"email" => Ok(CommsChannel::Email),
251
-
"discord" => Ok(CommsChannel::Discord),
252
-
"telegram" => Ok(CommsChannel::Telegram),
253
-
"signal" => Ok(CommsChannel::Signal),
254
-
_ => Err(ApiError::InvalidRequest(
255
-
"Invalid channel. Must be one of: email, discord, telegram, signal".into(),
256
-
)),
257
})
258
.transpose()?
259
.unwrap_or(current_prefs.preferred_channel);
260
261
-
let mut verification_required: Vec<String> = Vec::new();
262
263
-
if let Some(ref channel_str) = input.preferred_channel {
264
-
let channel = match channel_str.as_str() {
265
-
"email" => CommsChannel::Email,
266
-
"discord" => CommsChannel::Discord,
267
-
"telegram" => CommsChannel::Telegram,
268
-
"signal" => CommsChannel::Signal,
269
-
_ => {
270
-
return Err(ApiError::InvalidRequest(
271
-
"Invalid channel. Must be one of: email, discord, telegram, signal".into(),
272
-
));
273
-
}
274
-
};
275
state
276
.user_repo
277
-
.update_preferred_comms_channel(&auth.did, channel)
278
.await
279
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
280
-
info!(did = %auth.did, channel = ?channel, "Updated preferred notification channel");
281
}
282
283
if let Some(ref new_email) = input.email {
···
295
&state,
296
user_id,
297
&auth.did,
298
-
"email",
299
&email_clean,
300
Some(&handle),
301
)
302
-
.await
303
-
.map_err(|e| ApiError::InternalError(Some(e)))?;
304
-
verification_required.push("email".to_string());
305
info!(did = %auth.did, "Requested email verification");
306
}
307
}
···
331
.set_unverified_discord(user_id, &discord_clean)
332
.await
333
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
334
-
verification_required.push("discord".to_string());
335
info!(did = %auth.did, discord_username = %discord_clean, "Stored unverified Discord username");
336
}
337
}
···
361
.set_unverified_telegram(user_id, telegram_clean)
362
.await
363
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
364
-
verification_required.push("telegram".to_string());
365
info!(did = %auth.did, telegram_username = %telegram_clean, "Stored unverified Telegram username");
366
}
367
}
···
391
.set_unverified_signal(user_id, &signal_clean)
392
.await
393
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
394
-
request_channel_verification(&state, user_id, &auth.did, "signal", &signal_clean, None)
395
-
.await
396
-
.map_err(|e| ApiError::InternalError(Some(e)))?;
397
-
verification_required.push("signal".to_string());
398
info!(did = %auth.did, signal_username = %signal_clean, "Stored unverified Signal username");
399
}
400
}
···
11
use serde_json::json;
12
use tracing::info;
13
use tranquil_db_traits::{CommsChannel, CommsStatus, CommsType};
14
+
use tranquil_types::Did;
15
16
#[derive(Serialize)]
17
#[serde(rename_all = "camelCase")]
···
131
pub struct UpdateNotificationPrefsResponse {
132
pub success: bool,
133
#[serde(skip_serializing_if = "Vec::is_empty")]
134
+
pub verification_required: Vec<CommsChannel>,
135
}
136
137
pub async fn request_channel_verification(
138
state: &AppState,
139
user_id: uuid::Uuid,
140
+
did: &Did,
141
+
channel: CommsChannel,
142
identifier: &str,
143
handle: Option<&str>,
144
+
) -> Result<String, ApiError> {
145
let token =
146
crate::auth::verification_token::generate_channel_update_token(did, channel, identifier);
147
let formatted_token = crate::auth::verification_token::format_token_for_display(&token);
148
149
+
match channel {
150
+
CommsChannel::Email => {
151
+
let hostname = pds_hostname();
152
+
let handle_str = handle.unwrap_or("user");
153
+
crate::comms::comms_repo::enqueue_email_update(
154
+
state.infra_repo.as_ref(),
155
+
user_id,
156
+
identifier,
157
+
handle_str,
158
+
&formatted_token,
159
+
hostname,
160
+
)
161
.await
162
+
.map_err(|e| {
163
+
ApiError::InternalError(Some(format!(
164
+
"Failed to enqueue email notification: {}",
165
+
e
166
+
)))
167
+
})?;
168
+
}
169
+
_ => {
170
+
let hostname = pds_hostname();
171
+
let encoded_token = urlencoding::encode(&formatted_token);
172
+
let encoded_identifier = urlencoding::encode(identifier);
173
+
let verify_link = format!(
174
+
"https://{}/app/verify?token={}&identifier={}",
175
+
hostname, encoded_token, encoded_identifier
176
+
);
177
+
let prefs = state
178
.user_repo
179
+
.get_comms_prefs(user_id)
180
.await
181
.ok()
182
+
.flatten();
183
+
let locale = prefs
184
+
.as_ref()
185
+
.and_then(|p| p.preferred_locale.as_deref())
186
+
.unwrap_or("en");
187
+
let strings = crate::comms::get_strings(locale);
188
+
let body = crate::comms::format_message(
189
+
strings.channel_verification_body,
190
+
&[("code", &formatted_token), ("verify_link", &verify_link)],
191
+
);
192
+
let subject = crate::comms::format_message(
193
+
strings.channel_verification_subject,
194
+
&[("hostname", hostname)],
195
+
);
196
+
let recipient = match channel {
197
+
CommsChannel::Telegram => state
198
+
.user_repo
199
+
.get_telegram_chat_id(user_id)
200
+
.await
201
+
.ok()
202
+
.flatten()
203
+
.map(|id| id.to_string())
204
+
.unwrap_or_else(|| identifier.to_string()),
205
+
_ => identifier.to_string(),
206
+
};
207
+
state
208
+
.infra_repo
209
+
.enqueue_comms(
210
+
Some(user_id),
211
+
channel,
212
+
tranquil_db_traits::CommsType::ChannelVerification,
213
+
&recipient,
214
+
Some(&subject),
215
+
&body,
216
+
Some(json!({"code": formatted_token})),
217
+
)
218
+
.await
219
+
.map_err(|e| {
220
+
ApiError::InternalError(Some(format!("Failed to enqueue notification: {}", e)))
221
+
})?;
222
+
}
223
}
224
225
Ok(token)
···
251
let effective_channel = input
252
.preferred_channel
253
.as_deref()
254
+
.map(|ch| {
255
+
ch.parse::<CommsChannel>().map_err(|_| {
256
+
ApiError::InvalidRequest(
257
+
"Invalid channel. Must be one of: email, discord, telegram, signal".into(),
258
+
)
259
+
})
260
})
261
.transpose()?
262
.unwrap_or(current_prefs.preferred_channel);
263
264
+
let mut verification_required: Vec<CommsChannel> = Vec::new();
265
266
+
if input.preferred_channel.is_some() {
267
state
268
.user_repo
269
+
.update_preferred_comms_channel(&auth.did, effective_channel)
270
.await
271
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
272
+
info!(did = %auth.did, channel = ?effective_channel, "Updated preferred notification channel");
273
}
274
275
if let Some(ref new_email) = input.email {
···
287
&state,
288
user_id,
289
&auth.did,
290
+
CommsChannel::Email,
291
&email_clean,
292
Some(&handle),
293
)
294
+
.await?;
295
+
verification_required.push(CommsChannel::Email);
296
info!(did = %auth.did, "Requested email verification");
297
}
298
}
···
322
.set_unverified_discord(user_id, &discord_clean)
323
.await
324
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
325
+
verification_required.push(CommsChannel::Discord);
326
info!(did = %auth.did, discord_username = %discord_clean, "Stored unverified Discord username");
327
}
328
}
···
352
.set_unverified_telegram(user_id, telegram_clean)
353
.await
354
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
355
+
verification_required.push(CommsChannel::Telegram);
356
info!(did = %auth.did, telegram_username = %telegram_clean, "Stored unverified Telegram username");
357
}
358
}
···
382
.set_unverified_signal(user_id, &signal_clean)
383
.await
384
.map_err(|e| ApiError::InternalError(Some(format!("Database error: {}", e))))?;
385
+
request_channel_verification(
386
+
&state,
387
+
user_id,
388
+
&auth.did,
389
+
CommsChannel::Signal,
390
+
&signal_clean,
391
+
None,
392
+
)
393
+
.await?;
394
+
verification_required.push(CommsChannel::Signal);
395
info!(did = %auth.did, signal_username = %signal_clean, "Stored unverified Signal username");
396
}
397
}
+106
-97
crates/tranquil-pds/src/api/proxy.rs
+106
-97
crates/tranquil-pds/src/api/proxy.rs
···
1
use std::convert::Infallible;
2
3
use crate::api::error::ApiError;
4
use crate::api::proxy_client::proxy_client;
···
15
use tower::{Service, util::BoxCloneSyncService};
16
use tracing::{error, info, warn};
17
18
-
const PROTECTED_METHODS: &[&str] = &[
19
-
"app.bsky.actor.getPreferences",
20
-
"app.bsky.actor.putPreferences",
21
-
"com.atproto.admin.deleteAccount",
22
-
"com.atproto.admin.disableAccountInvites",
23
-
"com.atproto.admin.disableInviteCodes",
24
-
"com.atproto.admin.enableAccountInvites",
25
-
"com.atproto.admin.getAccountInfo",
26
-
"com.atproto.admin.getAccountInfos",
27
-
"com.atproto.admin.getInviteCodes",
28
-
"com.atproto.admin.getSubjectStatus",
29
-
"com.atproto.admin.searchAccounts",
30
-
"com.atproto.admin.sendEmail",
31
-
"com.atproto.admin.updateAccountEmail",
32
-
"com.atproto.admin.updateAccountHandle",
33
-
"com.atproto.admin.updateAccountPassword",
34
-
"com.atproto.admin.updateSubjectStatus",
35
-
"com.atproto.identity.getRecommendedDidCredentials",
36
-
"com.atproto.identity.requestPlcOperationSignature",
37
-
"com.atproto.identity.signPlcOperation",
38
-
"com.atproto.identity.submitPlcOperation",
39
-
"com.atproto.identity.updateHandle",
40
-
"com.atproto.repo.applyWrites",
41
-
"com.atproto.repo.createRecord",
42
-
"com.atproto.repo.deleteRecord",
43
-
"com.atproto.repo.importRepo",
44
-
"com.atproto.repo.putRecord",
45
-
"com.atproto.repo.uploadBlob",
46
-
"com.atproto.server.activateAccount",
47
-
"com.atproto.server.checkAccountStatus",
48
-
"com.atproto.server.confirmEmail",
49
-
"com.atproto.server.confirmSignup",
50
-
"com.atproto.server.createAccount",
51
-
"com.atproto.server.createAppPassword",
52
-
"com.atproto.server.createInviteCode",
53
-
"com.atproto.server.createInviteCodes",
54
-
"com.atproto.server.createSession",
55
-
"com.atproto.server.createTotpSecret",
56
-
"com.atproto.server.deactivateAccount",
57
-
"com.atproto.server.deleteAccount",
58
-
"com.atproto.server.deletePasskey",
59
-
"com.atproto.server.deleteSession",
60
-
"com.atproto.server.describeServer",
61
-
"com.atproto.server.disableTotp",
62
-
"com.atproto.server.enableTotp",
63
-
"com.atproto.server.finishPasskeyRegistration",
64
-
"com.atproto.server.getAccountInviteCodes",
65
-
"com.atproto.server.getServiceAuth",
66
-
"com.atproto.server.getSession",
67
-
"com.atproto.server.getTotpStatus",
68
-
"com.atproto.server.listAppPasswords",
69
-
"com.atproto.server.listPasskeys",
70
-
"com.atproto.server.refreshSession",
71
-
"com.atproto.server.regenerateBackupCodes",
72
-
"com.atproto.server.requestAccountDelete",
73
-
"com.atproto.server.requestEmailConfirmation",
74
-
"com.atproto.server.requestEmailUpdate",
75
-
"com.atproto.server.requestPasswordReset",
76
-
"com.atproto.server.resendMigrationVerification",
77
-
"com.atproto.server.resendVerification",
78
-
"com.atproto.server.reserveSigningKey",
79
-
"com.atproto.server.resetPassword",
80
-
"com.atproto.server.revokeAppPassword",
81
-
"com.atproto.server.startPasskeyRegistration",
82
-
"com.atproto.server.updateEmail",
83
-
"com.atproto.server.updatePasskey",
84
-
"com.atproto.server.verifyMigrationEmail",
85
-
"com.atproto.sync.getBlob",
86
-
"com.atproto.sync.getBlocks",
87
-
"com.atproto.sync.getCheckout",
88
-
"com.atproto.sync.getHead",
89
-
"com.atproto.sync.getLatestCommit",
90
-
"com.atproto.sync.getRecord",
91
-
"com.atproto.sync.getRepo",
92
-
"com.atproto.sync.getRepoStatus",
93
-
"com.atproto.sync.listBlobs",
94
-
"com.atproto.sync.listRepos",
95
-
"com.atproto.sync.notifyOfUpdate",
96
-
"com.atproto.sync.requestCrawl",
97
-
"com.atproto.sync.subscribeRepos",
98
-
"com.atproto.temp.checkSignupQueue",
99
-
"com.atproto.temp.dereferenceScope",
100
-
];
101
102
fn is_protected_method(method: &str) -> bool {
103
-
PROTECTED_METHODS.contains(&method)
104
}
105
106
pub struct XrpcProxyLayer {
···
192
.into_response();
193
}
194
195
-
let Some(proxy_header) = get_header_str(&headers, "atproto-proxy").map(String::from) else {
196
return ApiError::InvalidRequest("Missing required atproto-proxy header".into())
197
.into_response();
198
};
···
212
let client = proxy_client();
213
let mut request_builder = client.request(method_verb.clone(), &target_url);
214
215
-
let mut auth_header_val = headers.get("Authorization").cloned();
216
if let Some(extracted) = crate::auth::extract_auth_token_from_header(
217
-
crate::util::get_header_str(&headers, "Authorization"),
218
) {
219
let token = extracted.token;
220
-
let dpop_proof = crate::util::get_header_str(&headers, "DPoP");
221
let http_uri = crate::util::build_full_url(&format!("/xrpc{}", uri));
222
223
match crate::auth::validate_token_with_dpop(
224
state.user_repo.as_ref(),
225
state.oauth_repo.as_ref(),
226
&token,
227
-
extracted.is_dpop,
228
dpop_proof,
229
method_verb.as_str(),
230
&http_uri,
231
-
false,
232
-
false,
233
)
234
.await
235
{
236
Ok(auth_user) => {
237
if let Err(e) = crate::auth::scope_check::check_rpc_scope(
238
-
auth_user.is_oauth(),
239
auth_user.scope.as_deref(),
240
&resolved.did,
241
method,
···
298
info!(error = ?e, "Proxy token validation failed, returning error to client");
299
let mut response = ApiError::from(e).into_response();
300
if let Ok(nonce_val) = crate::oauth::verify::generate_dpop_nonce().parse() {
301
-
response.headers_mut().insert("DPoP-Nonce", nonce_val);
302
}
303
return response;
304
}
···
306
}
307
308
if let Some(val) = auth_header_val {
309
-
request_builder = request_builder.header("Authorization", val);
310
}
311
request_builder = crate::api::proxy_client::HEADERS_TO_FORWARD
312
.iter()
313
-
.filter_map(|name| headers.get(*name).map(|val| (*name, val)))
314
.fold(request_builder, |builder, (name, val)| {
315
-
builder.header(name, val)
316
});
317
if !body.is_empty() {
318
request_builder = request_builder.body(body);
···
333
let mut response_builder = Response::builder().status(status);
334
response_builder = crate::api::proxy_client::RESPONSE_HEADERS_TO_FORWARD
335
.iter()
336
-
.filter_map(|name| headers.get(*name).map(|val| (*name, val)))
337
.fold(response_builder, |builder, (name, val)| {
338
builder.header(name, val)
339
});
···
1
+
use std::collections::HashSet;
2
use std::convert::Infallible;
3
+
use std::sync::LazyLock;
4
5
use crate::api::error::ApiError;
6
use crate::api::proxy_client::proxy_client;
···
17
use tower::{Service, util::BoxCloneSyncService};
18
use tracing::{error, info, warn};
19
20
+
static PROTECTED_METHODS: LazyLock<HashSet<&'static str>> = LazyLock::new(|| {
21
+
[
22
+
"app.bsky.actor.getPreferences",
23
+
"app.bsky.actor.putPreferences",
24
+
"com.atproto.admin.deleteAccount",
25
+
"com.atproto.admin.disableAccountInvites",
26
+
"com.atproto.admin.disableInviteCodes",
27
+
"com.atproto.admin.enableAccountInvites",
28
+
"com.atproto.admin.getAccountInfo",
29
+
"com.atproto.admin.getAccountInfos",
30
+
"com.atproto.admin.getInviteCodes",
31
+
"com.atproto.admin.getSubjectStatus",
32
+
"com.atproto.admin.searchAccounts",
33
+
"com.atproto.admin.sendEmail",
34
+
"com.atproto.admin.updateAccountEmail",
35
+
"com.atproto.admin.updateAccountHandle",
36
+
"com.atproto.admin.updateAccountPassword",
37
+
"com.atproto.admin.updateSubjectStatus",
38
+
"com.atproto.identity.getRecommendedDidCredentials",
39
+
"com.atproto.identity.requestPlcOperationSignature",
40
+
"com.atproto.identity.signPlcOperation",
41
+
"com.atproto.identity.submitPlcOperation",
42
+
"com.atproto.identity.updateHandle",
43
+
"com.atproto.repo.applyWrites",
44
+
"com.atproto.repo.createRecord",
45
+
"com.atproto.repo.deleteRecord",
46
+
"com.atproto.repo.importRepo",
47
+
"com.atproto.repo.putRecord",
48
+
"com.atproto.repo.uploadBlob",
49
+
"com.atproto.server.activateAccount",
50
+
"com.atproto.server.checkAccountStatus",
51
+
"com.atproto.server.confirmEmail",
52
+
"com.atproto.server.confirmSignup",
53
+
"com.atproto.server.createAccount",
54
+
"com.atproto.server.createAppPassword",
55
+
"com.atproto.server.createInviteCode",
56
+
"com.atproto.server.createInviteCodes",
57
+
"com.atproto.server.createSession",
58
+
"com.atproto.server.createTotpSecret",
59
+
"com.atproto.server.deactivateAccount",
60
+
"com.atproto.server.deleteAccount",
61
+
"com.atproto.server.deletePasskey",
62
+
"com.atproto.server.deleteSession",
63
+
"com.atproto.server.describeServer",
64
+
"com.atproto.server.disableTotp",
65
+
"com.atproto.server.enableTotp",
66
+
"com.atproto.server.finishPasskeyRegistration",
67
+
"com.atproto.server.getAccountInviteCodes",
68
+
"com.atproto.server.getServiceAuth",
69
+
"com.atproto.server.getSession",
70
+
"com.atproto.server.getTotpStatus",
71
+
"com.atproto.server.listAppPasswords",
72
+
"com.atproto.server.listPasskeys",
73
+
"com.atproto.server.refreshSession",
74
+
"com.atproto.server.regenerateBackupCodes",
75
+
"com.atproto.server.requestAccountDelete",
76
+
"com.atproto.server.requestEmailConfirmation",
77
+
"com.atproto.server.requestEmailUpdate",
78
+
"com.atproto.server.requestPasswordReset",
79
+
"com.atproto.server.resendMigrationVerification",
80
+
"com.atproto.server.resendVerification",
81
+
"com.atproto.server.reserveSigningKey",
82
+
"com.atproto.server.resetPassword",
83
+
"com.atproto.server.revokeAppPassword",
84
+
"com.atproto.server.startPasskeyRegistration",
85
+
"com.atproto.server.updateEmail",
86
+
"com.atproto.server.updatePasskey",
87
+
"com.atproto.server.verifyMigrationEmail",
88
+
"com.atproto.sync.getBlob",
89
+
"com.atproto.sync.getBlocks",
90
+
"com.atproto.sync.getCheckout",
91
+
"com.atproto.sync.getHead",
92
+
"com.atproto.sync.getLatestCommit",
93
+
"com.atproto.sync.getRecord",
94
+
"com.atproto.sync.getRepo",
95
+
"com.atproto.sync.getRepoStatus",
96
+
"com.atproto.sync.listBlobs",
97
+
"com.atproto.sync.listRepos",
98
+
"com.atproto.sync.notifyOfUpdate",
99
+
"com.atproto.sync.requestCrawl",
100
+
"com.atproto.sync.subscribeRepos",
101
+
"com.atproto.temp.checkSignupQueue",
102
+
"com.atproto.temp.dereferenceScope",
103
+
]
104
+
.into_iter()
105
+
.collect()
106
+
});
107
108
fn is_protected_method(method: &str) -> bool {
109
+
PROTECTED_METHODS.contains(method)
110
}
111
112
pub struct XrpcProxyLayer {
···
198
.into_response();
199
}
200
201
+
let Some(proxy_header) =
202
+
get_header_str(&headers, crate::util::HEADER_ATPROTO_PROXY).map(String::from)
203
+
else {
204
return ApiError::InvalidRequest("Missing required atproto-proxy header".into())
205
.into_response();
206
};
···
220
let client = proxy_client();
221
let mut request_builder = client.request(method_verb.clone(), &target_url);
222
223
+
let mut auth_header_val = headers.get(http::header::AUTHORIZATION).cloned();
224
if let Some(extracted) = crate::auth::extract_auth_token_from_header(
225
+
crate::util::get_header_str(&headers, http::header::AUTHORIZATION),
226
) {
227
let token = extracted.token;
228
+
let dpop_proof = crate::util::get_header_str(&headers, crate::util::HEADER_DPOP);
229
let http_uri = crate::util::build_full_url(&format!("/xrpc{}", uri));
230
231
match crate::auth::validate_token_with_dpop(
232
state.user_repo.as_ref(),
233
state.oauth_repo.as_ref(),
234
&token,
235
+
extracted.scheme,
236
dpop_proof,
237
method_verb.as_str(),
238
&http_uri,
239
+
crate::auth::AccountRequirement::Active,
240
)
241
.await
242
{
243
Ok(auth_user) => {
244
if let Err(e) = crate::auth::scope_check::check_rpc_scope(
245
+
&auth_user.auth_source,
246
auth_user.scope.as_deref(),
247
&resolved.did,
248
method,
···
305
info!(error = ?e, "Proxy token validation failed, returning error to client");
306
let mut response = ApiError::from(e).into_response();
307
if let Ok(nonce_val) = crate::oauth::verify::generate_dpop_nonce().parse() {
308
+
response
309
+
.headers_mut()
310
+
.insert(crate::util::HEADER_DPOP_NONCE, nonce_val);
311
}
312
return response;
313
}
···
315
}
316
317
if let Some(val) = auth_header_val {
318
+
request_builder = request_builder.header(http::header::AUTHORIZATION, val);
319
}
320
request_builder = crate::api::proxy_client::HEADERS_TO_FORWARD
321
.iter()
322
+
.filter_map(|name| headers.get(name).map(|val| (name, val)))
323
.fold(request_builder, |builder, (name, val)| {
324
+
builder.header(name.as_str(), val)
325
});
326
if !body.is_empty() {
327
request_builder = request_builder.body(body);
···
342
let mut response_builder = Response::builder().status(status);
343
response_builder = crate::api::proxy_client::RESPONSE_HEADERS_TO_FORWARD
344
.iter()
345
+
.filter_map(|name| headers.get(name).map(|val| (name, val)))
346
.fold(response_builder, |builder, (name, val)| {
347
builder.header(name, val)
348
});
+44
-56
crates/tranquil-pds/src/api/proxy_client.rs
+44
-56
crates/tranquil-pds/src/api/proxy_client.rs
···
1
use reqwest::{Client, ClientBuilder, Url};
2
use std::net::{IpAddr, SocketAddr, ToSocketAddrs};
3
-
use std::sync::OnceLock;
4
use std::time::Duration;
5
use tracing::warn;
6
7
pub const DEFAULT_HEADERS_TIMEOUT: Duration = Duration::from_secs(10);
8
pub const DEFAULT_BODY_TIMEOUT: Duration = Duration::from_secs(30);
···
146
147
impl std::error::Error for SsrfError {}
148
149
-
pub const HEADERS_TO_FORWARD: &[&str] = &[
150
-
"accept-language",
151
-
"atproto-accept-labelers",
152
-
"x-bsky-topics",
153
-
"content-type",
154
-
];
155
-
pub const RESPONSE_HEADERS_TO_FORWARD: &[&str] = &[
156
-
"atproto-repo-rev",
157
-
"atproto-content-labelers",
158
-
"retry-after",
159
-
"content-type",
160
-
"cache-control",
161
-
"etag",
162
-
];
163
164
pub fn validate_at_uri(uri: &str) -> Result<AtUriParts, &'static str> {
165
if !uri.starts_with("at://") {
···
170
if parts.is_empty() {
171
return Err("URI missing DID");
172
}
173
-
let did = parts[0];
174
-
if !did.starts_with("did:") {
175
-
return Err("Invalid DID in URI");
176
-
}
177
-
if parts.len() > 1 {
178
-
let collection = parts[1];
179
-
if collection.is_empty() || !collection.contains('.') {
180
-
return Err("Invalid collection NSID");
181
-
}
182
-
}
183
Ok(AtUriParts {
184
-
did: did.to_string(),
185
-
collection: parts.get(1).map(|s| s.to_string()),
186
-
rkey: parts.get(2).map(|s| s.to_string()),
187
})
188
}
189
190
#[derive(Debug, Clone)]
191
pub struct AtUriParts {
192
-
pub did: String,
193
-
pub collection: Option<String>,
194
-
pub rkey: Option<String>,
195
}
196
197
pub fn validate_limit(limit: Option<u32>, default: u32, max: u32) -> u32 {
···
203
}
204
}
205
206
-
pub fn validate_did(did: &str) -> Result<(), &'static str> {
207
-
if !did.starts_with("did:") {
208
-
return Err("Invalid DID format");
209
-
}
210
-
let parts: Vec<&str> = did.split(':').collect();
211
-
if parts.len() < 3 {
212
-
return Err("DID must have at least method and identifier");
213
-
}
214
-
let method = parts[1];
215
-
if method != "plc" && method != "web" {
216
-
return Err("Unsupported DID method");
217
-
}
218
-
Ok(())
219
-
}
220
-
221
#[cfg(test)]
222
mod tests {
223
use super::*;
···
243
let result = validate_at_uri("at://did:plc:test/app.bsky.feed.post/abc123");
244
assert!(result.is_ok());
245
let parts = result.unwrap();
246
-
assert_eq!(parts.did, "did:plc:test");
247
-
assert_eq!(parts.collection, Some("app.bsky.feed.post".to_string()));
248
-
assert_eq!(parts.rkey, Some("abc123".to_string()));
249
}
250
#[test]
251
fn test_validate_at_uri_invalid() {
···
258
assert_eq!(validate_limit(Some(0), 50, 100), 50);
259
assert_eq!(validate_limit(Some(200), 50, 100), 100);
260
assert_eq!(validate_limit(Some(75), 50, 100), 75);
261
-
}
262
-
#[test]
263
-
fn test_validate_did() {
264
-
assert!(validate_did("did:plc:abc123").is_ok());
265
-
assert!(validate_did("did:web:example.com").is_ok());
266
-
assert!(validate_did("notadid").is_err());
267
-
assert!(validate_did("did:unknown:test").is_err());
268
}
269
}
···
1
+
use axum::http::HeaderName;
2
use reqwest::{Client, ClientBuilder, Url};
3
use std::net::{IpAddr, SocketAddr, ToSocketAddrs};
4
+
use std::sync::{LazyLock, OnceLock};
5
use std::time::Duration;
6
use tracing::warn;
7
+
use tranquil_types::{Did, Nsid, Rkey};
8
9
pub const DEFAULT_HEADERS_TIMEOUT: Duration = Duration::from_secs(10);
10
pub const DEFAULT_BODY_TIMEOUT: Duration = Duration::from_secs(30);
···
148
149
impl std::error::Error for SsrfError {}
150
151
+
pub static HEADERS_TO_FORWARD: LazyLock<[HeaderName; 4]> = LazyLock::new(|| {
152
+
[
153
+
HeaderName::from_static("accept-language"),
154
+
crate::util::HEADER_ATPROTO_ACCEPT_LABELERS,
155
+
crate::util::HEADER_X_BSKY_TOPICS,
156
+
http::header::CONTENT_TYPE,
157
+
]
158
+
});
159
+
pub static RESPONSE_HEADERS_TO_FORWARD: LazyLock<[HeaderName; 6]> = LazyLock::new(|| {
160
+
[
161
+
crate::util::HEADER_ATPROTO_REPO_REV,
162
+
crate::util::HEADER_ATPROTO_CONTENT_LABELERS,
163
+
HeaderName::from_static("retry-after"),
164
+
http::header::CONTENT_TYPE,
165
+
http::header::CACHE_CONTROL,
166
+
http::header::ETAG,
167
+
]
168
+
});
169
170
pub fn validate_at_uri(uri: &str) -> Result<AtUriParts, &'static str> {
171
if !uri.starts_with("at://") {
···
176
if parts.is_empty() {
177
return Err("URI missing DID");
178
}
179
+
let did: Did = parts[0].parse().map_err(|_| "Invalid DID in URI")?;
180
+
let collection = parts
181
+
.get(1)
182
+
.map(|s| s.parse::<Nsid>())
183
+
.transpose()
184
+
.map_err(|_| "Invalid collection NSID")?;
185
+
let rkey = parts
186
+
.get(2)
187
+
.map(|s| s.parse::<Rkey>())
188
+
.transpose()
189
+
.map_err(|_| "Invalid rkey")?;
190
Ok(AtUriParts {
191
+
did,
192
+
collection,
193
+
rkey,
194
})
195
}
196
197
#[derive(Debug, Clone)]
198
pub struct AtUriParts {
199
+
pub did: Did,
200
+
pub collection: Option<Nsid>,
201
+
pub rkey: Option<Rkey>,
202
}
203
204
pub fn validate_limit(limit: Option<u32>, default: u32, max: u32) -> u32 {
···
210
}
211
}
212
213
#[cfg(test)]
214
mod tests {
215
use super::*;
···
235
let result = validate_at_uri("at://did:plc:test/app.bsky.feed.post/abc123");
236
assert!(result.is_ok());
237
let parts = result.unwrap();
238
+
assert_eq!(parts.did, "did:plc:test".parse::<Did>().unwrap());
239
+
assert_eq!(
240
+
parts.collection,
241
+
Some("app.bsky.feed.post".parse::<Nsid>().unwrap())
242
+
);
243
+
assert_eq!(parts.rkey, Some("abc123".parse::<Rkey>().unwrap()));
244
}
245
#[test]
246
fn test_validate_at_uri_invalid() {
···
253
assert_eq!(validate_limit(Some(0), 50, 100), 50);
254
assert_eq!(validate_limit(Some(200), 50, 100), 100);
255
assert_eq!(validate_limit(Some(75), 50, 100), 75);
256
}
257
}
+14
-7
crates/tranquil-pds/src/api/repo/blob.rs
+14
-7
crates/tranquil-pds/src/api/repo/blob.rs
···
56
if user.status.is_takendown() {
57
return Err(ApiError::AccountTakedown);
58
}
59
-
let mime_type_for_check =
60
-
get_header_str(&headers, "content-type").unwrap_or("application/octet-stream");
61
let scope_proof = match user.verify_blob_upload(mime_type_for_check) {
62
Ok(proof) => proof,
63
Err(e) => return Ok(e.into_response()),
···
79
}
80
81
let client_mime_hint =
82
-
get_header_str(&headers, "content-type").unwrap_or("application/octet-stream");
83
84
let user_id = state
85
.user_repo
···
89
.ok_or(ApiError::InternalError(None))?;
90
91
let temp_key = format!("temp/{}", uuid::Uuid::new_v4());
92
-
let max_size = get_max_blob_size() as u64;
93
94
let body_stream = body.into_data_stream();
95
let mapped_stream =
···
148
149
match state
150
.blob_repo
151
-
.insert_blob(&cid_link, &mime_type, size as i64, user_id, &storage_key)
152
.await
153
{
154
Ok(_) => {}
···
248
.await
249
.log_db_err("fetching missing blobs")?;
250
251
-
let has_more = missing.len() > limit as usize;
252
let blobs: Vec<RecordBlob> = missing
253
.into_iter()
254
-
.take(limit as usize)
255
.map(|m| RecordBlob {
256
cid: m.blob_cid.to_string(),
257
record_uri: m.record_uri.to_string(),
···
56
if user.status.is_takendown() {
57
return Err(ApiError::AccountTakedown);
58
}
59
+
let mime_type_for_check = get_header_str(&headers, http::header::CONTENT_TYPE)
60
+
.unwrap_or("application/octet-stream");
61
let scope_proof = match user.verify_blob_upload(mime_type_for_check) {
62
Ok(proof) => proof,
63
Err(e) => return Ok(e.into_response()),
···
79
}
80
81
let client_mime_hint =
82
+
get_header_str(&headers, http::header::CONTENT_TYPE).unwrap_or("application/octet-stream");
83
84
let user_id = state
85
.user_repo
···
89
.ok_or(ApiError::InternalError(None))?;
90
91
let temp_key = format!("temp/{}", uuid::Uuid::new_v4());
92
+
let max_size = u64::try_from(get_max_blob_size()).unwrap_or(u64::MAX);
93
94
let body_stream = body.into_data_stream();
95
let mapped_stream =
···
148
149
match state
150
.blob_repo
151
+
.insert_blob(
152
+
&cid_link,
153
+
&mime_type,
154
+
i64::try_from(size).unwrap_or(i64::MAX),
155
+
user_id,
156
+
&storage_key,
157
+
)
158
.await
159
{
160
Ok(_) => {}
···
254
.await
255
.log_db_err("fetching missing blobs")?;
256
257
+
let limit_usize = usize::try_from(limit).unwrap_or(0);
258
+
let has_more = missing.len() > limit_usize;
259
let blobs: Vec<RecordBlob> = missing
260
.into_iter()
261
+
.take(limit_usize)
262
.map(|m| RecordBlob {
263
cid: m.blob_cid.to_string(),
264
record_uri: m.record_uri.to_string(),
+20
-13
crates/tranquil-pds/src/api/repo/import.rs
+20
-13
crates/tranquil-pds/src/api/repo/import.rs
···
92
"Root block not found in CAR file".into(),
93
));
94
};
95
-
let commit_did = match jacquard_repo::commit::Commit::from_cbor(root_block) {
96
-
Ok(commit) => commit.did().to_string(),
97
Err(e) => {
98
return Err(ApiError::InvalidRequest(format!("Invalid commit: {}", e)));
99
}
···
104
commit_did, did
105
)));
106
}
107
-
let skip_verification = std::env::var("SKIP_IMPORT_VERIFICATION")
108
-
.map(|v| v == "true" || v == "1")
109
-
.unwrap_or(false);
110
let is_migration = user.deactivated_at.is_some();
111
if skip_verification {
112
warn!("Skipping all CAR verification for import (SKIP_IMPORT_VERIFICATION=true)");
···
221
.flat_map(|record| {
222
let record_uri =
223
AtUri::from_parts(did.as_str(), &record.collection, &record.rkey);
224
-
record.blob_refs.iter().map(move |blob_ref| {
225
-
(record_uri.clone(), unsafe {
226
-
CidLink::new_unchecked(blob_ref.cid.clone())
227
-
})
228
})
229
})
230
.collect();
···
289
error!("Failed to store new commit block: {:?}", e);
290
ApiError::InternalError(None)
291
})?;
292
-
let new_root_cid_link = unsafe { CidLink::new_unchecked(new_root_cid.to_string()) };
293
state
294
.repo_repo
295
.update_repo_root(user_id, &new_root_cid_link, &new_rev_str)
···
313
"Created new commit for imported repo: cid={}, rev={}",
314
new_root_str, new_rev_str
315
);
316
-
if !is_migration && let Err(e) = sequence_import_event(&state, did, &new_root_str).await
317
{
318
warn!("Failed to sequence import event: {:?}", e);
319
}
···
378
async fn sequence_import_event(
379
state: &AppState,
380
did: &Did,
381
-
commit_cid: &str,
382
) -> Result<(), tranquil_db::DbError> {
383
let data = tranquil_db::CommitEventData {
384
did: did.clone(),
385
event_type: tranquil_db::RepoEventType::Commit,
386
-
commit_cid: Some(unsafe { CidLink::new_unchecked(commit_cid) }),
387
prev_cid: None,
388
ops: Some(serde_json::json!([])),
389
blobs: Some(vec![]),
···
92
"Root block not found in CAR file".into(),
93
));
94
};
95
+
let commit_did: Did = match jacquard_repo::commit::Commit::from_cbor(root_block) {
96
+
Ok(commit) => commit
97
+
.did()
98
+
.as_str()
99
+
.parse()
100
+
.map_err(|_| ApiError::InvalidRequest("Commit contains invalid DID".into()))?,
101
Err(e) => {
102
return Err(ApiError::InvalidRequest(format!("Invalid commit: {}", e)));
103
}
···
108
commit_did, did
109
)));
110
}
111
+
let skip_verification = crate::util::parse_env_bool("SKIP_IMPORT_VERIFICATION");
112
let is_migration = user.deactivated_at.is_some();
113
if skip_verification {
114
warn!("Skipping all CAR verification for import (SKIP_IMPORT_VERIFICATION=true)");
···
223
.flat_map(|record| {
224
let record_uri =
225
AtUri::from_parts(did.as_str(), &record.collection, &record.rkey);
226
+
record.blob_refs.iter().filter_map(move |blob_ref| {
227
+
match CidLink::new(&blob_ref.cid) {
228
+
Ok(cid_link) => Some((record_uri.clone(), cid_link)),
229
+
Err(_) => {
230
+
tracing::warn!(cid = %blob_ref.cid, "skipping unparseable blob CID reference during import");
231
+
None
232
+
}
233
+
}
234
})
235
})
236
.collect();
···
295
error!("Failed to store new commit block: {:?}", e);
296
ApiError::InternalError(None)
297
})?;
298
+
let new_root_cid_link = CidLink::from(&new_root_cid);
299
state
300
.repo_repo
301
.update_repo_root(user_id, &new_root_cid_link, &new_rev_str)
···
319
"Created new commit for imported repo: cid={}, rev={}",
320
new_root_str, new_rev_str
321
);
322
+
if !is_migration
323
+
&& let Err(e) = sequence_import_event(&state, did, &new_root_cid_link).await
324
{
325
warn!("Failed to sequence import event: {:?}", e);
326
}
···
385
async fn sequence_import_event(
386
state: &AppState,
387
did: &Did,
388
+
commit_cid: &CidLink,
389
) -> Result<(), tranquil_db::DbError> {
390
let data = tranquil_db::CommitEventData {
391
did: did.clone(),
392
event_type: tranquil_db::RepoEventType::Commit,
393
+
commit_cid: Some(commit_cid.clone()),
394
prev_cid: None,
395
ops: Some(serde_json::json!([])),
396
blobs: Some(vec![]),
+7
-14
crates/tranquil-pds/src/api/repo/record/batch.rs
+7
-14
crates/tranquil-pds/src/api/repo/record/batch.rs
···
11
use crate::repo::tracking::TrackingBlockStore;
12
use crate::state::AppState;
13
use crate::types::{AtIdentifier, AtUri, Did, Nsid, Rkey};
14
use axum::{
15
Json,
16
extract::State,
···
23
use serde_json::json;
24
use std::str::FromStr;
25
use std::sync::Arc;
26
-
use tracing::{error, info};
27
28
const MAX_BATCH_WRITES: usize = 200;
29
···
87
results.push(WriteResult::CreateResult {
88
uri,
89
cid: record_cid.to_string(),
90
-
validation_status: validation_status.map(|s| s.to_string()),
91
});
92
ops.push(RecordOp::Create {
93
collection: collection.clone(),
···
138
results.push(WriteResult::UpdateResult {
139
uri,
140
cid: record_cid.to_string(),
141
-
validation_status: validation_status.map(|s| s.to_string()),
142
});
143
ops.push(RecordOp::Update {
144
collection: collection.clone(),
···
237
uri: AtUri,
238
cid: String,
239
#[serde(rename = "validationStatus", skip_serializing_if = "Option::is_none")]
240
-
validation_status: Option<String>,
241
},
242
#[serde(rename = "com.atproto.repo.applyWrites#updateResult")]
243
UpdateResult {
244
uri: AtUri,
245
cid: String,
246
#[serde(rename = "validationStatus", skip_serializing_if = "Option::is_none")]
247
-
validation_status: Option<String>,
248
},
249
#[serde(rename = "com.atproto.repo.applyWrites#deleteResult")]
250
DeleteResult {},
···
441
.await
442
{
443
Ok(res) => res,
444
-
Err(e) if e.contains("ConcurrentModification") => {
445
-
return Err(ApiError::InvalidSwap(Some("Repo has been modified".into())));
446
-
}
447
-
Err(e) => {
448
-
error!("Commit failed: {}", e);
449
-
return Err(ApiError::InternalError(Some(
450
-
"Failed to commit changes".into(),
451
-
)));
452
-
}
453
};
454
455
if let Some(ref controller) = controller_did {
···
11
use crate::repo::tracking::TrackingBlockStore;
12
use crate::state::AppState;
13
use crate::types::{AtIdentifier, AtUri, Did, Nsid, Rkey};
14
+
use crate::validation::ValidationStatus;
15
use axum::{
16
Json,
17
extract::State,
···
24
use serde_json::json;
25
use std::str::FromStr;
26
use std::sync::Arc;
27
+
use tracing::info;
28
29
const MAX_BATCH_WRITES: usize = 200;
30
···
88
results.push(WriteResult::CreateResult {
89
uri,
90
cid: record_cid.to_string(),
91
+
validation_status,
92
});
93
ops.push(RecordOp::Create {
94
collection: collection.clone(),
···
139
results.push(WriteResult::UpdateResult {
140
uri,
141
cid: record_cid.to_string(),
142
+
validation_status,
143
});
144
ops.push(RecordOp::Update {
145
collection: collection.clone(),
···
238
uri: AtUri,
239
cid: String,
240
#[serde(rename = "validationStatus", skip_serializing_if = "Option::is_none")]
241
+
validation_status: Option<ValidationStatus>,
242
},
243
#[serde(rename = "com.atproto.repo.applyWrites#updateResult")]
244
UpdateResult {
245
uri: AtUri,
246
cid: String,
247
#[serde(rename = "validationStatus", skip_serializing_if = "Option::is_none")]
248
+
validation_status: Option<ValidationStatus>,
249
},
250
#[serde(rename = "com.atproto.repo.applyWrites#deleteResult")]
251
DeleteResult {},
···
442
.await
443
{
444
Ok(res) => res,
445
+
Err(e) => return Err(ApiError::from(e)),
446
};
447
448
if let Some(ref controller) = controller_did {
+17
-18
crates/tranquil-pds/src/api/repo/record/delete.rs
+17
-18
crates/tranquil-pds/src/api/repo/record/delete.rs
···
1
use crate::api::error::ApiError;
2
use crate::api::repo::record::utils::{
3
-
CommitParams, RecordOp, commit_and_log, get_current_root_cid,
4
};
5
use crate::api::repo::record::write::{CommitInfo, prepare_repo_write};
6
use crate::auth::{Active, Auth, VerifyScope};
···
186
.await
187
{
188
Ok(res) => res,
189
-
Err(e) if e.contains("ConcurrentModification") => {
190
-
return Ok(ApiError::InvalidSwap(Some("Repo has been modified".into())).into_response());
191
-
}
192
-
Err(e) => return Ok(ApiError::InternalError(Some(e)).into_response()),
193
};
194
195
if let Some(ref controller) = controller_did {
···
241
user_id: Uuid,
242
collection: &Nsid,
243
rkey: &Rkey,
244
-
) -> Result<(), String> {
245
let _write_lock = state.repo_write_locks.lock(user_id).await;
246
247
let root_cid_str = state
248
.repo_repo
249
.get_repo_root_cid_by_user_id(user_id)
250
.await
251
-
.map_err(|e| format!("DB error: {}", e))?
252
-
.ok_or_else(|| "Repo root not found".to_string())?;
253
254
let current_root_cid =
255
-
Cid::from_str(root_cid_str.as_str()).map_err(|_| "Invalid repo root CID".to_string())?;
256
257
let tracking_store = TrackingBlockStore::new(state.block_store.clone());
258
let commit_bytes = tracking_store
259
.get(¤t_root_cid)
260
.await
261
-
.map_err(|e| format!("Failed to fetch commit: {:?}", e))?
262
-
.ok_or_else(|| "Commit block not found".to_string())?;
263
264
-
let commit =
265
-
Commit::from_cbor(&commit_bytes).map_err(|e| format!("Failed to parse commit: {:?}", e))?;
266
267
let mst = Mst::load(Arc::new(tracking_store.clone()), commit.data, None);
268
let key = format!("{}/{}", collection, rkey);
···
270
let prev_record_cid = mst
271
.get(&key)
272
.await
273
-
.map_err(|e| format!("MST get error: {:?}", e))?;
274
275
let Some(prev_cid) = prev_record_cid else {
276
return Ok(());
···
279
let new_mst = mst
280
.delete(&key)
281
.await
282
-
.map_err(|e| format!("Failed to delete from MST: {:?}", e))?;
283
284
let new_mst_root = new_mst
285
.persist()
286
.await
287
-
.map_err(|e| format!("Failed to persist MST: {:?}", e))?;
288
289
let op = RecordOp::Delete {
290
collection: collection.clone(),
···
298
new_mst
299
.blocks_for_path(&key, &mut new_mst_blocks)
300
.await
301
-
.map_err(|e| format!("Failed to get new MST blocks: {:?}", e))?;
302
303
mst.blocks_for_path(&key, &mut old_mst_blocks)
304
.await
305
-
.map_err(|e| format!("Failed to get old MST blocks: {:?}", e))?;
306
307
let mut relevant_blocks = new_mst_blocks.clone();
308
relevant_blocks.extend(old_mst_blocks.iter().map(|(k, v)| (*k, v.clone())));
···
1
use crate::api::error::ApiError;
2
use crate::api::repo::record::utils::{
3
+
CommitError, CommitParams, RecordOp, commit_and_log, get_current_root_cid,
4
};
5
use crate::api::repo::record::write::{CommitInfo, prepare_repo_write};
6
use crate::auth::{Active, Auth, VerifyScope};
···
186
.await
187
{
188
Ok(res) => res,
189
+
Err(e) => return Ok(ApiError::from(e).into_response()),
190
};
191
192
if let Some(ref controller) = controller_did {
···
238
user_id: Uuid,
239
collection: &Nsid,
240
rkey: &Rkey,
241
+
) -> Result<(), CommitError> {
242
let _write_lock = state.repo_write_locks.lock(user_id).await;
243
244
let root_cid_str = state
245
.repo_repo
246
.get_repo_root_cid_by_user_id(user_id)
247
.await
248
+
.map_err(|e| CommitError::DatabaseError(e.to_string()))?
249
+
.ok_or(CommitError::RepoNotFound)?;
250
251
let current_root_cid =
252
+
Cid::from_str(root_cid_str.as_str()).map_err(|e| CommitError::InvalidCid(e.to_string()))?;
253
254
let tracking_store = TrackingBlockStore::new(state.block_store.clone());
255
let commit_bytes = tracking_store
256
.get(¤t_root_cid)
257
.await
258
+
.map_err(|e| CommitError::BlockStoreFailed(format!("{:?}", e)))?
259
+
.ok_or(CommitError::BlockStoreFailed(
260
+
"Commit block not found".into(),
261
+
))?;
262
263
+
let commit = Commit::from_cbor(&commit_bytes)
264
+
.map_err(|e| CommitError::CommitParseFailed(format!("{:?}", e)))?;
265
266
let mst = Mst::load(Arc::new(tracking_store.clone()), commit.data, None);
267
let key = format!("{}/{}", collection, rkey);
···
269
let prev_record_cid = mst
270
.get(&key)
271
.await
272
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
273
274
let Some(prev_cid) = prev_record_cid else {
275
return Ok(());
···
278
let new_mst = mst
279
.delete(&key)
280
.await
281
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
282
283
let new_mst_root = new_mst
284
.persist()
285
.await
286
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
287
288
let op = RecordOp::Delete {
289
collection: collection.clone(),
···
297
new_mst
298
.blocks_for_path(&key, &mut new_mst_blocks)
299
.await
300
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
301
302
mst.blocks_for_path(&key, &mut old_mst_blocks)
303
.await
304
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
305
306
let mut relevant_blocks = new_mst_blocks.clone();
307
relevant_blocks.extend(old_mst_blocks.iter().map(|(k, v)| (*k, v.clone())));
+1
-1
crates/tranquil-pds/src/api/repo/record/read.rs
+1
-1
crates/tranquil-pds/src/api/repo/record/read.rs
+119
-56
crates/tranquil-pds/src/api/repo/record/utils.rs
+119
-56
crates/tranquil-pds/src/api/repo/record/utils.rs
···
14
use tranquil_db_traits::SequenceNumber;
15
use uuid::Uuid;
16
17
pub async fn get_current_root_cid(state: &AppState, user_id: Uuid) -> Result<CommitCid, ApiError> {
18
let root_cid_str = state
19
.repo_repo
···
55
}
56
57
use crate::types::AtUri;
58
-
use tranquil_db_traits::Backlink;
59
60
pub fn extract_backlinks(uri: &AtUri, record: &Value) -> Vec<Backlink> {
61
let record_type = record
···
71
.map(|subject| {
72
vec![Backlink {
73
uri: uri.clone(),
74
-
path: "subject".to_string(),
75
link_to: subject.to_string(),
76
}]
77
})
···
84
.map(|subject_uri| {
85
vec![Backlink {
86
uri: uri.clone(),
87
-
path: "subject.uri".to_string(),
88
link_to: subject_uri.to_string(),
89
}]
90
})
···
99
rev: &str,
100
prev: Option<Cid>,
101
signing_key: &SigningKey,
102
-
) -> Result<(Vec<u8>, Bytes), String> {
103
let did = jacquard_common::types::string::Did::new(did.as_str())
104
-
.map_err(|e| format!("Invalid DID: {:?}", e))?;
105
let rev = jacquard_common::types::string::Tid::from_str(rev)
106
-
.map_err(|e| format!("Invalid TID: {:?}", e))?;
107
let unsigned = Commit::new_unsigned(did, data, rev, prev);
108
let signed = unsigned
109
.sign(signing_key)
110
-
.map_err(|e| format!("Failed to sign commit: {:?}", e))?;
111
let sig_bytes = signed.sig().clone();
112
let signed_bytes = signed
113
.to_cbor()
114
-
.map_err(|e| format!("Failed to serialize signed commit: {:?}", e))?;
115
Ok((signed_bytes, sig_bytes))
116
}
117
···
154
pub async fn commit_and_log(
155
state: &AppState,
156
params: CommitParams<'_>,
157
-
) -> Result<CommitResult, String> {
158
use tranquil_db_traits::{
159
ApplyCommitError, ApplyCommitInput, CommitEventData, RecordDelete, RecordUpsert,
160
RepoEventType,
···
175
.user_repo
176
.get_user_key_by_id(user_id)
177
.await
178
-
.map_err(|e| format!("Failed to fetch signing key: {}", e))?
179
-
.ok_or_else(|| "Signing key not found".to_string())?;
180
let key_bytes = crate::config::decrypt_key(&key_row.key_bytes, key_row.encryption_version)
181
-
.map_err(|e| format!("Failed to decrypt signing key: {}", e))?;
182
let signing_key =
183
-
SigningKey::from_slice(&key_bytes).map_err(|e| format!("Invalid signing key: {}", e))?;
184
let rev = Tid::now(LimitedU32::MIN);
185
let rev_str = rev.to_string();
186
let (new_commit_bytes, _sig) =
···
189
.block_store
190
.put(&new_commit_bytes)
191
.await
192
-
.map_err(|e| format!("Failed to save commit block: {:?}", e))?;
193
194
let mut all_block_cids: Vec<Vec<u8>> = blocks_cids
195
.iter()
···
218
upserts.push(RecordUpsert {
219
collection: collection.clone(),
220
rkey: rkey.clone(),
221
-
cid: unsafe { crate::types::CidLink::new_unchecked(cid.to_string()) },
222
});
223
}
224
RecordOp::Delete {
···
283
let commit_event = CommitEventData {
284
did: did.clone(),
285
event_type: RepoEventType::Commit,
286
-
commit_cid: Some(unsafe { crate::types::CidLink::new_unchecked(new_root_cid.to_string()) }),
287
-
prev_cid: current_root_cid
288
-
.map(|c| unsafe { crate::types::CidLink::new_unchecked(c.to_string()) }),
289
ops: Some(json!(ops_json)),
290
blobs: Some(blobs.to_vec()),
291
blocks_cids: Some(blocks_cids.to_vec()),
292
-
prev_data_cid: prev_data_cid
293
-
.map(|c| unsafe { crate::types::CidLink::new_unchecked(c.to_string()) }),
294
rev: Some(rev_str.clone()),
295
};
296
297
let input = ApplyCommitInput {
298
user_id,
299
did: did.clone(),
300
-
expected_root_cid: current_root_cid
301
-
.map(|c| unsafe { crate::types::CidLink::new_unchecked(c.to_string()) }),
302
-
new_root_cid: unsafe { crate::types::CidLink::new_unchecked(new_root_cid.to_string()) },
303
new_rev: rev_str.clone(),
304
new_block_cids: all_block_cids,
305
obsolete_block_cids: obsolete_bytes,
···
313
.apply_commit(input)
314
.await
315
.map_err(|e| match e {
316
-
ApplyCommitError::RepoNotFound => "Repo not found".to_string(),
317
-
ApplyCommitError::ConcurrentModification => {
318
-
"ConcurrentModification: Repo has been modified since last read".to_string()
319
-
}
320
-
ApplyCommitError::Database(msg) => format!("DB Error: {}", msg),
321
})?;
322
323
if result.is_account_active {
···
335
collection: &Nsid,
336
rkey: &Rkey,
337
record: &serde_json::Value,
338
-
) -> Result<(String, Cid), String> {
339
use crate::repo::tracking::TrackingBlockStore;
340
use jacquard_repo::mst::Mst;
341
use std::sync::Arc;
···
343
.user_repo
344
.get_id_by_did(did)
345
.await
346
-
.map_err(|e| format!("DB error: {}", e))?
347
-
.ok_or_else(|| "User not found".to_string())?;
348
349
let _write_lock = state.repo_write_locks.lock(user_id).await;
350
···
352
.repo_repo
353
.get_repo_root_cid_by_user_id(user_id)
354
.await
355
-
.map_err(|e| format!("DB error: {}", e))?
356
-
.ok_or_else(|| "Repo not found".to_string())?;
357
-
let current_root_cid =
358
-
Cid::from_str(root_cid_link.as_str()).map_err(|_| "Invalid repo root CID".to_string())?;
359
let tracking_store = TrackingBlockStore::new(state.block_store.clone());
360
let commit_bytes = tracking_store
361
.get(¤t_root_cid)
362
.await
363
-
.map_err(|e| format!("Failed to fetch commit: {:?}", e))?
364
-
.ok_or_else(|| "Commit block not found".to_string())?;
365
let commit = jacquard_repo::commit::Commit::from_cbor(&commit_bytes)
366
-
.map_err(|e| format!("Failed to parse commit: {:?}", e))?;
367
let mst = Mst::load(Arc::new(tracking_store.clone()), commit.data, None);
368
let record_ipld = crate::util::json_to_ipld(record);
369
let mut record_bytes = Vec::new();
370
serde_ipld_dagcbor::to_writer(&mut record_bytes, &record_ipld)
371
-
.map_err(|e| format!("Failed to serialize record: {:?}", e))?;
372
let record_cid = tracking_store
373
.put(&record_bytes)
374
.await
375
-
.map_err(|e| format!("Failed to save record block: {:?}", e))?;
376
let key = format!("{}/{}", collection, rkey);
377
let new_mst = mst
378
.add(&key, record_cid)
379
.await
380
-
.map_err(|e| format!("Failed to add to MST: {:?}", e))?;
381
let new_mst_root = new_mst
382
.persist()
383
.await
384
-
.map_err(|e| format!("Failed to persist MST: {:?}", e))?;
385
let op = RecordOp::Create {
386
collection: collection.clone(),
387
rkey: rkey.clone(),
···
392
new_mst
393
.blocks_for_path(&key, &mut new_mst_blocks)
394
.await
395
-
.map_err(|e| format!("Failed to get new MST blocks for path: {:?}", e))?;
396
mst.blocks_for_path(&key, &mut old_mst_blocks)
397
.await
398
-
.map_err(|e| format!("Failed to get old MST blocks for path: {:?}", e))?;
399
let obsolete_cids: Vec<Cid> = std::iter::once(current_root_cid)
400
.chain(
401
old_mst_blocks
···
439
state: &AppState,
440
did: &Did,
441
handle: Option<&Handle>,
442
-
) -> Result<SequenceNumber, String> {
443
state
444
.repo_repo
445
.insert_identity_event(did, handle)
446
.await
447
-
.map_err(|e| format!("DB Error (identity event): {}", e))
448
}
449
pub async fn sequence_account_event(
450
state: &AppState,
451
did: &Did,
452
status: tranquil_db_traits::AccountStatus,
453
-
) -> Result<SequenceNumber, String> {
454
state
455
.repo_repo
456
.insert_account_event(did, status)
457
.await
458
-
.map_err(|e| format!("DB Error (account event): {}", e))
459
}
460
pub async fn sequence_sync_event(
461
state: &AppState,
462
did: &Did,
463
commit_cid: &str,
464
rev: Option<&str>,
465
-
) -> Result<SequenceNumber, String> {
466
-
let cid_link = unsafe { crate::types::CidLink::new_unchecked(commit_cid) };
467
state
468
.repo_repo
469
.insert_sync_event(did, &cid_link, rev)
470
.await
471
-
.map_err(|e| format!("DB Error (sync event): {}", e))
472
}
473
474
pub async fn sequence_genesis_commit(
···
477
commit_cid: &Cid,
478
mst_root_cid: &Cid,
479
rev: &str,
480
-
) -> Result<SequenceNumber, String> {
481
-
let commit_cid_link = unsafe { crate::types::CidLink::new_unchecked(commit_cid.to_string()) };
482
-
let mst_root_cid_link =
483
-
unsafe { crate::types::CidLink::new_unchecked(mst_root_cid.to_string()) };
484
state
485
.repo_repo
486
.insert_genesis_commit_event(did, &commit_cid_link, &mst_root_cid_link, rev)
487
.await
488
-
.map_err(|e| format!("DB Error (genesis commit event): {}", e))
489
}
···
14
use tranquil_db_traits::SequenceNumber;
15
use uuid::Uuid;
16
17
+
#[derive(Debug)]
18
+
pub enum CommitError {
19
+
InvalidDid(String),
20
+
InvalidTid(String),
21
+
SigningFailed(String),
22
+
SerializationFailed(String),
23
+
KeyNotFound,
24
+
KeyDecryptionFailed(String),
25
+
InvalidKey(String),
26
+
BlockStoreFailed(String),
27
+
RepoNotFound,
28
+
ConcurrentModification,
29
+
DatabaseError(String),
30
+
UserNotFound,
31
+
CommitParseFailed(String),
32
+
MstOperationFailed(String),
33
+
RecordSerializationFailed(String),
34
+
InvalidCid(String),
35
+
}
36
+
37
+
impl std::fmt::Display for CommitError {
38
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
39
+
match self {
40
+
Self::InvalidDid(e) => write!(f, "Invalid DID: {}", e),
41
+
Self::InvalidTid(e) => write!(f, "Invalid TID: {}", e),
42
+
Self::SigningFailed(e) => write!(f, "Failed to sign commit: {}", e),
43
+
Self::SerializationFailed(e) => write!(f, "Failed to serialize signed commit: {}", e),
44
+
Self::KeyNotFound => write!(f, "Signing key not found"),
45
+
Self::KeyDecryptionFailed(e) => write!(f, "Failed to decrypt signing key: {}", e),
46
+
Self::InvalidKey(e) => write!(f, "Invalid signing key: {}", e),
47
+
Self::BlockStoreFailed(e) => write!(f, "Block store operation failed: {}", e),
48
+
Self::RepoNotFound => write!(f, "Repo not found"),
49
+
Self::ConcurrentModification => {
50
+
write!(f, "Repo has been modified since last read")
51
+
}
52
+
Self::DatabaseError(e) => write!(f, "Database error: {}", e),
53
+
Self::UserNotFound => write!(f, "User not found"),
54
+
Self::CommitParseFailed(e) => write!(f, "Failed to parse commit: {}", e),
55
+
Self::MstOperationFailed(e) => write!(f, "MST operation failed: {}", e),
56
+
Self::RecordSerializationFailed(e) => {
57
+
write!(f, "Failed to serialize record: {}", e)
58
+
}
59
+
Self::InvalidCid(e) => write!(f, "Invalid CID: {}", e),
60
+
}
61
+
}
62
+
}
63
+
64
+
impl std::error::Error for CommitError {}
65
+
66
+
impl From<CommitError> for ApiError {
67
+
fn from(err: CommitError) -> Self {
68
+
match err {
69
+
CommitError::ConcurrentModification => {
70
+
ApiError::InvalidSwap(Some("Repo has been modified".into()))
71
+
}
72
+
CommitError::RepoNotFound => ApiError::RepoNotFound(None),
73
+
CommitError::UserNotFound => ApiError::RepoNotFound(Some("User not found".into())),
74
+
other => {
75
+
error!("Commit failed: {}", other);
76
+
ApiError::InternalError(Some("Failed to commit changes".into()))
77
+
}
78
+
}
79
+
}
80
+
}
81
+
82
pub async fn get_current_root_cid(state: &AppState, user_id: Uuid) -> Result<CommitCid, ApiError> {
83
let root_cid_str = state
84
.repo_repo
···
120
}
121
122
use crate::types::AtUri;
123
+
use tranquil_db_traits::{Backlink, BacklinkPath};
124
125
pub fn extract_backlinks(uri: &AtUri, record: &Value) -> Vec<Backlink> {
126
let record_type = record
···
136
.map(|subject| {
137
vec![Backlink {
138
uri: uri.clone(),
139
+
path: BacklinkPath::Subject,
140
link_to: subject.to_string(),
141
}]
142
})
···
149
.map(|subject_uri| {
150
vec![Backlink {
151
uri: uri.clone(),
152
+
path: BacklinkPath::SubjectUri,
153
link_to: subject_uri.to_string(),
154
}]
155
})
···
164
rev: &str,
165
prev: Option<Cid>,
166
signing_key: &SigningKey,
167
+
) -> Result<(Vec<u8>, Bytes), CommitError> {
168
let did = jacquard_common::types::string::Did::new(did.as_str())
169
+
.map_err(|e| CommitError::InvalidDid(format!("{:?}", e)))?;
170
let rev = jacquard_common::types::string::Tid::from_str(rev)
171
+
.map_err(|e| CommitError::InvalidTid(format!("{:?}", e)))?;
172
let unsigned = Commit::new_unsigned(did, data, rev, prev);
173
let signed = unsigned
174
.sign(signing_key)
175
+
.map_err(|e| CommitError::SigningFailed(format!("{:?}", e)))?;
176
let sig_bytes = signed.sig().clone();
177
let signed_bytes = signed
178
.to_cbor()
179
+
.map_err(|e| CommitError::SerializationFailed(format!("{:?}", e)))?;
180
Ok((signed_bytes, sig_bytes))
181
}
182
···
219
pub async fn commit_and_log(
220
state: &AppState,
221
params: CommitParams<'_>,
222
+
) -> Result<CommitResult, CommitError> {
223
use tranquil_db_traits::{
224
ApplyCommitError, ApplyCommitInput, CommitEventData, RecordDelete, RecordUpsert,
225
RepoEventType,
···
240
.user_repo
241
.get_user_key_by_id(user_id)
242
.await
243
+
.map_err(|e| CommitError::DatabaseError(format!("Failed to fetch signing key: {}", e)))?
244
+
.ok_or(CommitError::KeyNotFound)?;
245
let key_bytes = crate::config::decrypt_key(&key_row.key_bytes, key_row.encryption_version)
246
+
.map_err(|e| CommitError::KeyDecryptionFailed(e.to_string()))?;
247
let signing_key =
248
+
SigningKey::from_slice(&key_bytes).map_err(|e| CommitError::InvalidKey(e.to_string()))?;
249
let rev = Tid::now(LimitedU32::MIN);
250
let rev_str = rev.to_string();
251
let (new_commit_bytes, _sig) =
···
254
.block_store
255
.put(&new_commit_bytes)
256
.await
257
+
.map_err(|e| CommitError::BlockStoreFailed(format!("{:?}", e)))?;
258
259
let mut all_block_cids: Vec<Vec<u8>> = blocks_cids
260
.iter()
···
283
upserts.push(RecordUpsert {
284
collection: collection.clone(),
285
rkey: rkey.clone(),
286
+
cid: crate::types::CidLink::from(cid),
287
});
288
}
289
RecordOp::Delete {
···
348
let commit_event = CommitEventData {
349
did: did.clone(),
350
event_type: RepoEventType::Commit,
351
+
commit_cid: Some(crate::types::CidLink::from(new_root_cid)),
352
+
prev_cid: current_root_cid.map(crate::types::CidLink::from),
353
ops: Some(json!(ops_json)),
354
blobs: Some(blobs.to_vec()),
355
blocks_cids: Some(blocks_cids.to_vec()),
356
+
prev_data_cid: prev_data_cid.map(crate::types::CidLink::from),
357
rev: Some(rev_str.clone()),
358
};
359
360
let input = ApplyCommitInput {
361
user_id,
362
did: did.clone(),
363
+
expected_root_cid: current_root_cid.map(crate::types::CidLink::from),
364
+
new_root_cid: crate::types::CidLink::from(new_root_cid),
365
new_rev: rev_str.clone(),
366
new_block_cids: all_block_cids,
367
obsolete_block_cids: obsolete_bytes,
···
375
.apply_commit(input)
376
.await
377
.map_err(|e| match e {
378
+
ApplyCommitError::RepoNotFound => CommitError::RepoNotFound,
379
+
ApplyCommitError::ConcurrentModification => CommitError::ConcurrentModification,
380
+
ApplyCommitError::Database(msg) => CommitError::DatabaseError(msg),
381
})?;
382
383
if result.is_account_active {
···
395
collection: &Nsid,
396
rkey: &Rkey,
397
record: &serde_json::Value,
398
+
) -> Result<(String, Cid), CommitError> {
399
use crate::repo::tracking::TrackingBlockStore;
400
use jacquard_repo::mst::Mst;
401
use std::sync::Arc;
···
403
.user_repo
404
.get_id_by_did(did)
405
.await
406
+
.map_err(|e| CommitError::DatabaseError(e.to_string()))?
407
+
.ok_or(CommitError::UserNotFound)?;
408
409
let _write_lock = state.repo_write_locks.lock(user_id).await;
410
···
412
.repo_repo
413
.get_repo_root_cid_by_user_id(user_id)
414
.await
415
+
.map_err(|e| CommitError::DatabaseError(e.to_string()))?
416
+
.ok_or(CommitError::RepoNotFound)?;
417
+
let current_root_cid = Cid::from_str(root_cid_link.as_str())
418
+
.map_err(|e| CommitError::InvalidCid(e.to_string()))?;
419
let tracking_store = TrackingBlockStore::new(state.block_store.clone());
420
let commit_bytes = tracking_store
421
.get(¤t_root_cid)
422
.await
423
+
.map_err(|e| CommitError::BlockStoreFailed(format!("{:?}", e)))?
424
+
.ok_or(CommitError::BlockStoreFailed(
425
+
"Commit block not found".into(),
426
+
))?;
427
let commit = jacquard_repo::commit::Commit::from_cbor(&commit_bytes)
428
+
.map_err(|e| CommitError::CommitParseFailed(format!("{:?}", e)))?;
429
let mst = Mst::load(Arc::new(tracking_store.clone()), commit.data, None);
430
let record_ipld = crate::util::json_to_ipld(record);
431
let mut record_bytes = Vec::new();
432
serde_ipld_dagcbor::to_writer(&mut record_bytes, &record_ipld)
433
+
.map_err(|e| CommitError::RecordSerializationFailed(format!("{:?}", e)))?;
434
let record_cid = tracking_store
435
.put(&record_bytes)
436
.await
437
+
.map_err(|e| CommitError::BlockStoreFailed(format!("{:?}", e)))?;
438
let key = format!("{}/{}", collection, rkey);
439
let new_mst = mst
440
.add(&key, record_cid)
441
.await
442
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
443
let new_mst_root = new_mst
444
.persist()
445
.await
446
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
447
let op = RecordOp::Create {
448
collection: collection.clone(),
449
rkey: rkey.clone(),
···
454
new_mst
455
.blocks_for_path(&key, &mut new_mst_blocks)
456
.await
457
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
458
mst.blocks_for_path(&key, &mut old_mst_blocks)
459
.await
460
+
.map_err(|e| CommitError::MstOperationFailed(format!("{:?}", e)))?;
461
let obsolete_cids: Vec<Cid> = std::iter::once(current_root_cid)
462
.chain(
463
old_mst_blocks
···
501
state: &AppState,
502
did: &Did,
503
handle: Option<&Handle>,
504
+
) -> Result<SequenceNumber, CommitError> {
505
state
506
.repo_repo
507
.insert_identity_event(did, handle)
508
.await
509
+
.map_err(|e| CommitError::DatabaseError(format!("identity event: {}", e)))
510
}
511
pub async fn sequence_account_event(
512
state: &AppState,
513
did: &Did,
514
status: tranquil_db_traits::AccountStatus,
515
+
) -> Result<SequenceNumber, CommitError> {
516
state
517
.repo_repo
518
.insert_account_event(did, status)
519
.await
520
+
.map_err(|e| CommitError::DatabaseError(format!("account event: {}", e)))
521
}
522
pub async fn sequence_sync_event(
523
state: &AppState,
524
did: &Did,
525
commit_cid: &str,
526
rev: Option<&str>,
527
+
) -> Result<SequenceNumber, CommitError> {
528
+
let cid_link: crate::types::CidLink = commit_cid
529
+
.parse()
530
+
.map_err(|_| CommitError::InvalidCid(commit_cid.to_string()))?;
531
state
532
.repo_repo
533
.insert_sync_event(did, &cid_link, rev)
534
.await
535
+
.map_err(|e| CommitError::DatabaseError(format!("sync event: {}", e)))
536
}
537
538
pub async fn sequence_genesis_commit(
···
541
commit_cid: &Cid,
542
mst_root_cid: &Cid,
543
rev: &str,
544
+
) -> Result<SequenceNumber, CommitError> {
545
+
let commit_cid_link = crate::types::CidLink::from(commit_cid);
546
+
let mst_root_cid_link = crate::types::CidLink::from(mst_root_cid);
547
state
548
.repo_repo
549
.insert_genesis_commit_event(did, &commit_cid_link, &mst_root_cid_link, rev)
550
.await
551
+
.map_err(|e| CommitError::DatabaseError(format!("genesis commit event: {}", e)))
552
}
+11
-16
crates/tranquil-pds/src/api/repo/record/write.rs
+11
-16
crates/tranquil-pds/src/api/repo/record/write.rs
···
6
get_current_root_cid,
7
};
8
use crate::auth::{
9
-
Active, Auth, RepoScopeAction, ScopeVerified, VerifyScope, require_not_migrated,
10
require_verified_or_delegated,
11
};
12
use crate::cid_types::CommitCid;
···
14
use crate::repo::tracking::TrackingBlockStore;
15
use crate::state::AppState;
16
use crate::types::{AtIdentifier, AtUri, Did, Nsid, Rkey};
17
use axum::{
18
Json,
19
extract::State,
···
32
pub struct RepoWriteAuth {
33
pub did: Did,
34
pub user_id: Uuid,
35
-
pub is_oauth: bool,
36
pub scope: Option<String>,
37
pub controller_did: Option<Did>,
38
}
···
66
Ok(RepoWriteAuth {
67
did: principal_did.into_did(),
68
user_id,
69
-
is_oauth: user.is_oauth(),
70
scope: user.scope.clone(),
71
controller_did: scope_proof.controller_did().map(|c| c.into_did()),
72
})
···
97
pub cid: String,
98
pub commit: CommitInfo,
99
#[serde(skip_serializing_if = "Option::is_none")]
100
-
pub validation_status: Option<String>,
101
}
102
pub async fn create_record(
103
State(state): State<AppState>,
···
323
.await
324
{
325
Ok(res) => res,
326
-
Err(e) if e.contains("ConcurrentModification") => {
327
-
return Ok(ApiError::InvalidSwap(Some("Repo has been modified".into())).into_response());
328
-
}
329
-
Err(e) => return Ok(ApiError::InternalError(Some(e)).into_response()),
330
};
331
332
for conflict_uri in conflict_uris_to_cleanup {
···
375
cid: commit_result.commit_cid.to_string(),
376
rev: commit_result.rev,
377
},
378
-
validation_status: validation_status.map(|s| s.to_string()),
379
}),
380
)
381
.into_response())
···
402
#[serde(skip_serializing_if = "Option::is_none")]
403
pub commit: Option<CommitInfo>,
404
#[serde(skip_serializing_if = "Option::is_none")]
405
-
pub validation_status: Option<String>,
406
}
407
pub async fn put_record(
408
State(state): State<AppState>,
···
494
uri: AtUri::from_parts(&did, &input.collection, &input.rkey),
495
cid: record_cid.to_string(),
496
commit: None,
497
-
validation_status: validation_status.map(|s| s.to_string()),
498
}),
499
)
500
.into_response());
···
600
.await
601
{
602
Ok(res) => res,
603
-
Err(e) if e.contains("ConcurrentModification") => {
604
-
return Ok(ApiError::InvalidSwap(Some("Repo has been modified".into())).into_response());
605
-
}
606
-
Err(e) => return Ok(ApiError::InternalError(Some(e)).into_response()),
607
};
608
609
if let Some(ref controller) = controller_did {
···
634
cid: commit_result.commit_cid.to_string(),
635
rev: commit_result.rev,
636
}),
637
-
validation_status: validation_status.map(|s| s.to_string()),
638
}),
639
)
640
.into_response())
···
6
get_current_root_cid,
7
};
8
use crate::auth::{
9
+
Active, Auth, AuthSource, RepoScopeAction, ScopeVerified, VerifyScope, require_not_migrated,
10
require_verified_or_delegated,
11
};
12
use crate::cid_types::CommitCid;
···
14
use crate::repo::tracking::TrackingBlockStore;
15
use crate::state::AppState;
16
use crate::types::{AtIdentifier, AtUri, Did, Nsid, Rkey};
17
+
use crate::validation::ValidationStatus;
18
use axum::{
19
Json,
20
extract::State,
···
33
pub struct RepoWriteAuth {
34
pub did: Did,
35
pub user_id: Uuid,
36
+
pub auth_source: AuthSource,
37
pub scope: Option<String>,
38
pub controller_did: Option<Did>,
39
}
···
67
Ok(RepoWriteAuth {
68
did: principal_did.into_did(),
69
user_id,
70
+
auth_source: user.auth_source.clone(),
71
scope: user.scope.clone(),
72
controller_did: scope_proof.controller_did().map(|c| c.into_did()),
73
})
···
98
pub cid: String,
99
pub commit: CommitInfo,
100
#[serde(skip_serializing_if = "Option::is_none")]
101
+
pub validation_status: Option<ValidationStatus>,
102
}
103
pub async fn create_record(
104
State(state): State<AppState>,
···
324
.await
325
{
326
Ok(res) => res,
327
+
Err(e) => return Ok(ApiError::from(e).into_response()),
328
};
329
330
for conflict_uri in conflict_uris_to_cleanup {
···
373
cid: commit_result.commit_cid.to_string(),
374
rev: commit_result.rev,
375
},
376
+
validation_status,
377
}),
378
)
379
.into_response())
···
400
#[serde(skip_serializing_if = "Option::is_none")]
401
pub commit: Option<CommitInfo>,
402
#[serde(skip_serializing_if = "Option::is_none")]
403
+
pub validation_status: Option<ValidationStatus>,
404
}
405
pub async fn put_record(
406
State(state): State<AppState>,
···
492
uri: AtUri::from_parts(&did, &input.collection, &input.rkey),
493
cid: record_cid.to_string(),
494
commit: None,
495
+
validation_status,
496
}),
497
)
498
.into_response());
···
598
.await
599
{
600
Ok(res) => res,
601
+
Err(e) => return Ok(ApiError::from(e).into_response()),
602
};
603
604
if let Some(ref controller) = controller_did {
···
629
cid: commit_result.commit_cid.to_string(),
630
rev: commit_result.rev,
631
}),
632
+
validation_status,
633
}),
634
)
635
.into_response())
+17
-8
crates/tranquil-pds/src/api/server/account_status.rs
+17
-8
crates/tranquil-pds/src/api/server/account_status.rs
···
285
arr.iter().find(|svc| {
286
svc.get("id").and_then(|id| id.as_str()) == Some("#atproto_pds")
287
|| svc.get("type").and_then(|t| t.as_str())
288
-
== Some("AtprotoPersonalDataServer")
289
})
290
})
291
.and_then(|svc| svc.get("serviceEndpoint"))
···
316
);
317
318
if let Err(e) = crate::auth::scope_check::check_account_scope(
319
-
auth.is_oauth(),
320
auth.scope.as_deref(),
321
crate::oauth::scopes::AccountAttr::Repo,
322
crate::oauth::scopes::AccountAction::Manage,
···
366
did
367
);
368
if let Some(ref h) = handle {
369
-
let _ = state.cache.delete(&format!("handle:{}", h)).await;
370
}
371
-
let _ = state.cache.delete(&format!("plc:doc:{}", did)).await;
372
-
let _ = state.cache.delete(&format!("plc:data:{}", did)).await;
373
if state.did_resolver.refresh_did(did.as_str()).await.is_none() {
374
warn!(
375
"[MIGRATION] activateAccount: Failed to refresh DID cache for {}",
···
479
Json(input): Json<DeactivateAccountInput>,
480
) -> Result<Response, ApiError> {
481
if let Err(e) = crate::auth::scope_check::check_account_scope(
482
-
auth.is_oauth(),
483
auth.scope.as_deref(),
484
crate::oauth::scopes::AccountAttr::Repo,
485
crate::oauth::scopes::AccountAction::Manage,
···
502
match result {
503
Ok(true) => {
504
if let Some(ref h) = handle {
505
-
let _ = state.cache.delete(&format!("handle:{}", h)).await;
506
}
507
if let Err(e) = crate::api::repo::record::sequence_account_event(
508
&state,
···
659
);
660
}
661
}
662
-
let _ = state.cache.delete(&format!("handle:{}", handle)).await;
663
info!("Account {} deleted successfully", did);
664
EmptyResponse::ok().into_response()
665
}
···
285
arr.iter().find(|svc| {
286
svc.get("id").and_then(|id| id.as_str()) == Some("#atproto_pds")
287
|| svc.get("type").and_then(|t| t.as_str())
288
+
== Some(crate::plc::ServiceType::Pds.as_str())
289
})
290
})
291
.and_then(|svc| svc.get("serviceEndpoint"))
···
316
);
317
318
if let Err(e) = crate::auth::scope_check::check_account_scope(
319
+
&auth.auth_source,
320
auth.scope.as_deref(),
321
crate::oauth::scopes::AccountAttr::Repo,
322
crate::oauth::scopes::AccountAction::Manage,
···
366
did
367
);
368
if let Some(ref h) = handle {
369
+
let _ = state.cache.delete(&crate::cache_keys::handle_key(h)).await;
370
}
371
+
let _ = state
372
+
.cache
373
+
.delete(&crate::cache_keys::plc_doc_key(&did))
374
+
.await;
375
+
let _ = state
376
+
.cache
377
+
.delete(&crate::cache_keys::plc_data_key(&did))
378
+
.await;
379
if state.did_resolver.refresh_did(did.as_str()).await.is_none() {
380
warn!(
381
"[MIGRATION] activateAccount: Failed to refresh DID cache for {}",
···
485
Json(input): Json<DeactivateAccountInput>,
486
) -> Result<Response, ApiError> {
487
if let Err(e) = crate::auth::scope_check::check_account_scope(
488
+
&auth.auth_source,
489
auth.scope.as_deref(),
490
crate::oauth::scopes::AccountAttr::Repo,
491
crate::oauth::scopes::AccountAction::Manage,
···
508
match result {
509
Ok(true) => {
510
if let Some(ref h) = handle {
511
+
let _ = state.cache.delete(&crate::cache_keys::handle_key(h)).await;
512
}
513
if let Err(e) = crate::api::repo::record::sequence_account_event(
514
&state,
···
665
);
666
}
667
}
668
+
let _ = state
669
+
.cache
670
+
.delete(&crate::cache_keys::handle_key(&handle))
671
+
.await;
672
info!("Account {} deleted successfully", did);
673
EmptyResponse::ok().into_response()
674
}
+4
-3
crates/tranquil-pds/src/api/server/app_password.rs
+4
-3
crates/tranquil-pds/src/api/server/app_password.rs
···
150
ApiError::InternalError(None)
151
})?;
152
153
-
let privilege =
154
-
tranquil_db_traits::AppPasswordPrivilege::from(input.privileged.unwrap_or(false));
155
let created_at = chrono::Utc::now();
156
157
let create_data = AppPasswordCreate {
···
232
.log_db_err("revoking sessions for app password")?;
233
234
futures::future::join_all(sessions_to_invalidate.iter().map(|jti| {
235
-
let cache_key = format!("auth:session:{}:{}", &auth.did, jti);
236
let cache = state.cache.clone();
237
async move {
238
let _ = cache.delete(&cache_key).await;
···
150
ApiError::InternalError(None)
151
})?;
152
153
+
let privilege = tranquil_db_traits::AppPasswordPrivilege::from_privileged_flag(
154
+
input.privileged.unwrap_or(false),
155
+
);
156
let created_at = chrono::Utc::now();
157
158
let create_data = AppPasswordCreate {
···
233
.log_db_err("revoking sessions for app password")?;
234
235
futures::future::join_all(sessions_to_invalidate.iter().map(|jti| {
236
+
let cache_key = crate::cache_keys::session_key(&auth.did, jti);
237
let cache = state.cache.clone();
238
async move {
239
let _ = cache.delete(&cache_key).await;
+22
-44
crates/tranquil-pds/src/api/server/email.rs
+22
-44
crates/tranquil-pds/src/api/server/email.rs
···
21
const EMAIL_UPDATE_TTL: Duration = Duration::from_secs(30 * 60);
22
23
fn email_update_cache_key(did: &str) -> String {
24
-
format!("email_update:{}", did)
25
}
26
27
fn hash_token(token: &str) -> String {
···
51
input: Option<Json<RequestEmailUpdateInput>>,
52
) -> Result<Response, ApiError> {
53
if let Err(e) = crate::auth::scope_check::check_account_scope(
54
-
auth.is_oauth(),
55
auth.scope.as_deref(),
56
crate::oauth::scopes::AccountAttr::Email,
57
crate::oauth::scopes::AccountAction::Manage,
···
111
state.infra_repo.as_ref(),
112
user.id,
113
&token,
114
-
"email_update",
115
hostname,
116
)
117
.await
···
138
Json(input): Json<ConfirmEmailInput>,
139
) -> Result<Response, ApiError> {
140
if let Err(e) = crate::auth::scope_check::check_account_scope(
141
-
auth.is_oauth(),
142
auth.scope.as_deref(),
143
crate::oauth::scopes::AccountAttr::Email,
144
crate::oauth::scopes::AccountAction::Manage,
···
173
174
let verified = crate::auth::verification_token::verify_signup_token(
175
&confirmation_code,
176
-
"email",
177
&provided_email,
178
);
179
180
match verified {
181
Ok(token_data) => {
182
-
if token_data.did != did.as_str() {
183
return Err(ApiError::InvalidToken(None));
184
}
185
}
···
216
Json(input): Json<UpdateEmailInput>,
217
) -> Result<Response, ApiError> {
218
if let Err(e) = crate::auth::scope_check::check_account_scope(
219
-
auth.is_oauth(),
220
auth.scope.as_deref(),
221
crate::oauth::scopes::AccountAttr::Email,
222
crate::oauth::scopes::AccountAction::Manage,
···
324
325
let verified = crate::auth::verification_token::verify_channel_update_token(
326
&confirmation_token,
327
-
"email_update",
328
¤t_email_lower,
329
);
330
331
match verified {
332
Ok(token_data) => {
333
-
if token_data.did != did.as_str() {
334
return Err(ApiError::InvalidToken(None));
335
}
336
}
···
361
.await
362
.log_db_err("updating email")?;
363
364
-
let verification_token =
365
-
crate::auth::verification_token::generate_signup_token(did, "email", &new_email);
366
let formatted_token =
367
crate::auth::verification_token::format_token_for_display(&verification_token);
368
let hostname = pds_hostname();
···
370
state.user_repo.as_ref(),
371
state.infra_repo.as_ref(),
372
user_id,
373
-
"email",
374
&new_email,
375
&formatted_token,
376
hostname,
···
422
423
#[derive(Deserialize)]
424
pub struct CheckChannelVerifiedInput {
425
-
pub did: String,
426
-
pub channel: String,
427
}
428
429
pub async fn check_channel_verified(
···
431
_rate_limit: RateLimited<VerificationCheckLimit>,
432
Json(input): Json<CheckChannelVerifiedInput>,
433
) -> Response {
434
-
let channel = match input.channel.to_lowercase().as_str() {
435
-
"email" => CommsChannel::Email,
436
-
"discord" => CommsChannel::Discord,
437
-
"telegram" => CommsChannel::Telegram,
438
-
"signal" => CommsChannel::Signal,
439
-
_ => {
440
-
return ApiError::InvalidRequest("invalid channel".into()).into_response();
441
-
}
442
-
};
443
-
444
-
let did = match crate::Did::new(input.did) {
445
-
Ok(d) => d,
446
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
447
-
};
448
match state
449
.user_repo
450
-
.check_channel_verified_by_did(&did, channel)
451
.await
452
{
453
Ok(Some(verified)) => VerifiedResponse::response(verified).into_response(),
···
490
);
491
return ApiError::InvalidToken(None).into_response();
492
}
493
-
if token_data.channel != "email_update" {
494
warn!(
495
-
"authorize_email_update: wrong channel: {}",
496
token_data.channel
497
);
498
return ApiError::InvalidToken(None).into_response();
···
558
auth: Auth<NotTakendown>,
559
) -> Result<Response, ApiError> {
560
if let Err(e) = crate::auth::scope_check::check_account_scope(
561
-
auth.is_oauth(),
562
auth.scope.as_deref(),
563
crate::oauth::scopes::AccountAttr::Email,
564
crate::oauth::scopes::AccountAction::Read,
···
620
621
#[derive(Deserialize)]
622
pub struct CheckCommsChannelInUseInput {
623
-
pub channel: String,
624
pub identifier: String,
625
}
626
···
629
_rate_limit: RateLimited<VerificationCheckLimit>,
630
Json(input): Json<CheckCommsChannelInUseInput>,
631
) -> Response {
632
-
let channel = match input.channel.to_lowercase().as_str() {
633
-
"email" => CommsChannel::Email,
634
-
"discord" => CommsChannel::Discord,
635
-
"telegram" => CommsChannel::Telegram,
636
-
"signal" => CommsChannel::Signal,
637
-
_ => {
638
-
return ApiError::InvalidRequest("invalid channel".into()).into_response();
639
-
}
640
-
};
641
-
642
let identifier = input.identifier.trim();
643
if identifier.is_empty() {
644
return ApiError::InvalidRequest("identifier is required".into()).into_response();
···
646
647
let count = match state
648
.user_repo
649
-
.count_accounts_by_comms_identifier(channel, identifier)
650
.await
651
{
652
Ok(c) => c,
···
21
const EMAIL_UPDATE_TTL: Duration = Duration::from_secs(30 * 60);
22
23
fn email_update_cache_key(did: &str) -> String {
24
+
crate::cache_keys::email_update_key(did)
25
}
26
27
fn hash_token(token: &str) -> String {
···
51
input: Option<Json<RequestEmailUpdateInput>>,
52
) -> Result<Response, ApiError> {
53
if let Err(e) = crate::auth::scope_check::check_account_scope(
54
+
&auth.auth_source,
55
auth.scope.as_deref(),
56
crate::oauth::scopes::AccountAttr::Email,
57
crate::oauth::scopes::AccountAction::Manage,
···
111
state.infra_repo.as_ref(),
112
user.id,
113
&token,
114
hostname,
115
)
116
.await
···
137
Json(input): Json<ConfirmEmailInput>,
138
) -> Result<Response, ApiError> {
139
if let Err(e) = crate::auth::scope_check::check_account_scope(
140
+
&auth.auth_source,
141
auth.scope.as_deref(),
142
crate::oauth::scopes::AccountAttr::Email,
143
crate::oauth::scopes::AccountAction::Manage,
···
172
173
let verified = crate::auth::verification_token::verify_signup_token(
174
&confirmation_code,
175
+
CommsChannel::Email,
176
&provided_email,
177
);
178
179
match verified {
180
Ok(token_data) => {
181
+
if token_data.did != *did {
182
return Err(ApiError::InvalidToken(None));
183
}
184
}
···
215
Json(input): Json<UpdateEmailInput>,
216
) -> Result<Response, ApiError> {
217
if let Err(e) = crate::auth::scope_check::check_account_scope(
218
+
&auth.auth_source,
219
auth.scope.as_deref(),
220
crate::oauth::scopes::AccountAttr::Email,
221
crate::oauth::scopes::AccountAction::Manage,
···
323
324
let verified = crate::auth::verification_token::verify_channel_update_token(
325
&confirmation_token,
326
+
CommsChannel::Email,
327
¤t_email_lower,
328
);
329
330
match verified {
331
Ok(token_data) => {
332
+
if token_data.did != *did {
333
return Err(ApiError::InvalidToken(None));
334
}
335
}
···
360
.await
361
.log_db_err("updating email")?;
362
363
+
let verification_token = crate::auth::verification_token::generate_signup_token(
364
+
did,
365
+
CommsChannel::Email,
366
+
&new_email,
367
+
);
368
let formatted_token =
369
crate::auth::verification_token::format_token_for_display(&verification_token);
370
let hostname = pds_hostname();
···
372
state.user_repo.as_ref(),
373
state.infra_repo.as_ref(),
374
user_id,
375
+
tranquil_db_traits::CommsChannel::Email,
376
&new_email,
377
&formatted_token,
378
hostname,
···
424
425
#[derive(Deserialize)]
426
pub struct CheckChannelVerifiedInput {
427
+
pub did: crate::types::Did,
428
+
pub channel: CommsChannel,
429
}
430
431
pub async fn check_channel_verified(
···
433
_rate_limit: RateLimited<VerificationCheckLimit>,
434
Json(input): Json<CheckChannelVerifiedInput>,
435
) -> Response {
436
match state
437
.user_repo
438
+
.check_channel_verified_by_did(&input.did, input.channel)
439
.await
440
{
441
Ok(Some(verified)) => VerifiedResponse::response(verified).into_response(),
···
478
);
479
return ApiError::InvalidToken(None).into_response();
480
}
481
+
if token_data.channel != CommsChannel::Email {
482
warn!(
483
+
"authorize_email_update: wrong channel: {:?}",
484
token_data.channel
485
);
486
return ApiError::InvalidToken(None).into_response();
···
546
auth: Auth<NotTakendown>,
547
) -> Result<Response, ApiError> {
548
if let Err(e) = crate::auth::scope_check::check_account_scope(
549
+
&auth.auth_source,
550
auth.scope.as_deref(),
551
crate::oauth::scopes::AccountAttr::Email,
552
crate::oauth::scopes::AccountAction::Read,
···
608
609
#[derive(Deserialize)]
610
pub struct CheckCommsChannelInUseInput {
611
+
pub channel: CommsChannel,
612
pub identifier: String,
613
}
614
···
617
_rate_limit: RateLimited<VerificationCheckLimit>,
618
Json(input): Json<CheckCommsChannelInUseInput>,
619
) -> Response {
620
let identifier = input.identifier.trim();
621
if identifier.is_empty() {
622
return ApiError::InvalidRequest("identifier is required".into()).into_response();
···
624
625
let count = match state
626
.user_repo
627
+
.count_accounts_by_comms_identifier(input.channel, identifier)
628
.await
629
{
630
Ok(c) => c,
+1
-1
crates/tranquil-pds/src/api/server/invite.rs
+1
-1
crates/tranquil-pds/src/api/server/invite.rs
+5
-2
crates/tranquil-pds/src/api/server/logo.rs
+5
-2
crates/tranquil-pds/src/api/server/logo.rs
···
21
Some(c) if !c.is_empty() => c,
22
_ => return StatusCode::NOT_FOUND.into_response(),
23
};
24
-
let cid = unsafe { crate::types::CidLink::new_unchecked(&cid_str) };
25
26
let metadata = match state.blob_repo.get_blob_metadata(&cid).await {
27
Ok(Some(m)) => m,
···
38
.header(header::CONTENT_TYPE, &metadata.mime_type)
39
.header(header::CACHE_CONTROL, "public, max-age=3600")
40
.body(Body::from(data))
41
-
.unwrap(),
42
Err(e) => {
43
error!("Failed to fetch logo from storage: {:?}", e);
44
StatusCode::NOT_FOUND.into_response()
···
21
Some(c) if !c.is_empty() => c,
22
_ => return StatusCode::NOT_FOUND.into_response(),
23
};
24
+
let cid = match crate::types::CidLink::new(&cid_str) {
25
+
Ok(c) => c,
26
+
Err(_) => return StatusCode::NOT_FOUND.into_response(),
27
+
};
28
29
let metadata = match state.blob_repo.get_blob_metadata(&cid).await {
30
Ok(Some(m)) => m,
···
41
.header(header::CONTENT_TYPE, &metadata.mime_type)
42
.header(header::CACHE_CONTROL, "public, max-age=3600")
43
.body(Body::from(data))
44
+
.unwrap_or_else(|_| StatusCode::INTERNAL_SERVER_ERROR.into_response()),
45
Err(e) => {
46
error!("Failed to fetch logo from storage: {:?}", e);
47
StatusCode::NOT_FOUND.into_response()
+7
-8
crates/tranquil-pds/src/api/server/meta.rs
+7
-8
crates/tranquil-pds/src/api/server/meta.rs
···
3
use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
4
use serde_json::json;
5
6
-
fn get_available_comms_channels() -> Vec<&'static str> {
7
-
let mut channels = vec!["email"];
8
if std::env::var("DISCORD_BOT_TOKEN").is_ok() {
9
-
channels.push("discord");
10
}
11
if std::env::var("TELEGRAM_BOT_TOKEN").is_ok() {
12
-
channels.push("telegram");
13
}
14
if std::env::var("SIGNAL_CLI_PATH").is_ok() && std::env::var("SIGNAL_SENDER_NUMBER").is_ok() {
15
-
channels.push("signal");
16
}
17
channels
18
}
···
35
let domains_str =
36
std::env::var("AVAILABLE_USER_DOMAINS").unwrap_or_else(|_| pds_hostname.to_string());
37
let domains: Vec<&str> = domains_str.split(',').map(|s| s.trim()).collect();
38
-
let invite_code_required = std::env::var("INVITE_CODE_REQUIRED")
39
-
.map(|v| v == "true" || v == "1")
40
-
.unwrap_or(false);
41
let privacy_policy = std::env::var("PRIVACY_POLICY_URL").ok();
42
let terms_of_service = std::env::var("TERMS_OF_SERVICE_URL").ok();
43
let contact_email = std::env::var("CONTACT_EMAIL").ok();
···
3
use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
4
use serde_json::json;
5
6
+
fn get_available_comms_channels() -> Vec<tranquil_db_traits::CommsChannel> {
7
+
use tranquil_db_traits::CommsChannel;
8
+
let mut channels = vec![CommsChannel::Email];
9
if std::env::var("DISCORD_BOT_TOKEN").is_ok() {
10
+
channels.push(CommsChannel::Discord);
11
}
12
if std::env::var("TELEGRAM_BOT_TOKEN").is_ok() {
13
+
channels.push(CommsChannel::Telegram);
14
}
15
if std::env::var("SIGNAL_CLI_PATH").is_ok() && std::env::var("SIGNAL_SENDER_NUMBER").is_ok() {
16
+
channels.push(CommsChannel::Signal);
17
}
18
channels
19
}
···
36
let domains_str =
37
std::env::var("AVAILABLE_USER_DOMAINS").unwrap_or_else(|_| pds_hostname.to_string());
38
let domains: Vec<&str> = domains_str.split(',').map(|s| s.trim()).collect();
39
+
let invite_code_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED");
40
let privacy_policy = std::env::var("PRIVACY_POLICY_URL").ok();
41
let terms_of_service = std::env::var("TERMS_OF_SERVICE_URL").ok();
42
let contact_email = std::env::var("CONTACT_EMAIL").ok();
+2
-2
crates/tranquil-pds/src/api/server/migration.rs
+2
-2
crates/tranquil-pds/src/api/server/migration.rs
···
196
})).collect::<Vec<_>>(),
197
"service": [{
198
"id": "#atproto_pds",
199
-
"type": "AtprotoPersonalDataServer",
200
"serviceEndpoint": service_endpoint
201
}]
202
});
···
244
}],
245
"service": [{
246
"id": "#atproto_pds",
247
-
"type": "AtprotoPersonalDataServer",
248
"serviceEndpoint": service_endpoint
249
}]
250
})
···
196
})).collect::<Vec<_>>(),
197
"service": [{
198
"id": "#atproto_pds",
199
+
"type": crate::plc::ServiceType::Pds.as_str(),
200
"serviceEndpoint": service_endpoint
201
}]
202
});
···
244
}],
245
"service": [{
246
"id": "#atproto_pds",
247
+
"type": crate::plc::ServiceType::Pds.as_str(),
248
"serviceEndpoint": service_endpoint
249
}]
250
})
+27
-31
crates/tranquil-pds/src/api/server/passkey_account.rs
+27
-31
crates/tranquil-pds/src/api/server/passkey_account.rs
···
16
use serde_json::json;
17
use std::sync::Arc;
18
use tracing::{debug, error, info, warn};
19
use uuid::Uuid;
20
21
use crate::api::repo::record::utils::create_signed_commit;
22
use crate::auth::{ServiceTokenVerifier, generate_app_password, is_service_token};
23
use crate::rate_limit::{AccountCreationLimit, PasswordResetLimit, RateLimited};
24
use crate::state::AppState;
25
-
use crate::types::{Did, Handle, Nsid, PlainPassword, Rkey};
26
use crate::util::{pds_hostname, pds_hostname_without_port};
27
use crate::validation::validate_password;
28
···
49
pub did: Option<String>,
50
pub did_type: Option<String>,
51
pub signing_key: Option<String>,
52
-
pub verification_channel: Option<String>,
53
pub discord_username: Option<String>,
54
pub telegram_username: Option<String>,
55
pub signal_username: Option<String>,
···
73
Json(input): Json<CreatePasskeyAccountInput>,
74
) -> Response {
75
let byod_auth = if let Some(extracted) = crate::auth::extract_auth_token_from_header(
76
-
crate::util::get_header_str(&headers, "Authorization"),
77
) {
78
let token = extracted.token;
79
if is_service_token(&token) {
···
152
Err(_) => return ApiError::InvalidInviteCode.into_response(),
153
}
154
} else {
155
-
let invite_required = std::env::var("INVITE_CODE_REQUIRED")
156
-
.map(|v| v == "true" || v == "1")
157
-
.unwrap_or(false);
158
if invite_required {
159
return ApiError::InviteCodeRequired.into_response();
160
}
161
None
162
};
163
164
-
let verification_channel = input.verification_channel.as_deref().unwrap_or("email");
165
let verification_recipient = match verification_channel {
166
-
"email" => match &email {
167
Some(e) if !e.is_empty() => e.clone(),
168
_ => return ApiError::MissingEmail.into_response(),
169
},
170
-
"discord" => match &input.discord_username {
171
Some(username) if !username.trim().is_empty() => {
172
let clean = username.trim().to_lowercase();
173
if !crate::api::validation::is_valid_discord_username(&clean) {
···
179
}
180
_ => return ApiError::MissingDiscordId.into_response(),
181
},
182
-
"telegram" => match &input.telegram_username {
183
Some(username) if !username.trim().is_empty() => {
184
let clean = username.trim().trim_start_matches('@');
185
if !crate::api::validation::is_valid_telegram_username(clean) {
···
191
}
192
_ => return ApiError::MissingTelegramUsername.into_response(),
193
},
194
-
"signal" => match &input.signal_username {
195
Some(username) if !username.trim().is_empty() => {
196
username.trim().trim_start_matches('@').to_lowercase()
197
}
198
_ => return ApiError::MissingSignalNumber.into_response(),
199
},
200
-
_ => return ApiError::InvalidVerificationChannel.into_response(),
201
};
202
203
use k256::ecdsa::SigningKey;
···
277
)
278
.await
279
{
280
-
return ApiError::InvalidDid(e).into_response();
281
}
282
info!(did = %d, "Creating external did:web passkey account (reserved key)");
283
}
···
380
}
381
};
382
let rev = Tid::now(LimitedU32::MIN);
383
-
let did_typed = unsafe { Did::new_unchecked(&did) };
384
let (commit_bytes, _sig) =
385
match create_signed_commit(&did_typed, mst_root, rev.as_ref(), None, &secret_key) {
386
Ok(result) => result,
···
405
})
406
});
407
408
-
let preferred_comms_channel = match verification_channel {
409
-
"email" => tranquil_db_traits::CommsChannel::Email,
410
-
"discord" => tranquil_db_traits::CommsChannel::Discord,
411
-
"telegram" => tranquil_db_traits::CommsChannel::Telegram,
412
-
"signal" => tranquil_db_traits::CommsChannel::Signal,
413
-
_ => tranquil_db_traits::CommsChannel::Email,
414
};
415
-
416
-
let handle_typed = unsafe { Handle::new_unchecked(&handle) };
417
let create_input = tranquil_db_traits::CreatePasskeyAccountInput {
418
handle: handle_typed.clone(),
419
email: email.clone().unwrap_or_default(),
420
did: did_typed.clone(),
421
-
preferred_comms_channel,
422
discord_username: input
423
.discord_username
424
.as_deref()
···
487
"$type": "app.bsky.actor.profile",
488
"displayName": handle
489
});
490
-
let profile_collection = unsafe { Nsid::new_unchecked("app.bsky.actor.profile") };
491
-
let profile_rkey = unsafe { Rkey::new_unchecked("self") };
492
if let Err(e) = crate::api::repo::record::create_record_internal(
493
&state,
494
&did_typed,
495
-
&profile_collection,
496
-
&profile_rkey,
497
&profile_record,
498
)
499
.await
···
503
}
504
505
let verification_token = crate::auth::verification_token::generate_signup_token(
506
-
&did,
507
verification_channel,
508
&verification_recipient,
509
);
···
625
626
let reg_state = match state
627
.user_repo
628
-
.load_webauthn_challenge(&input.did, "registration")
629
.await
630
{
631
Ok(Some(json)) => match serde_json::from_str(&json) {
···
706
707
let _ = state
708
.user_repo
709
-
.delete_webauthn_challenge(&input.did, "registration")
710
.await;
711
712
info!(did = %input.did, "Passkey-only account setup completed");
···
793
};
794
if let Err(e) = state
795
.user_repo
796
-
.save_webauthn_challenge(&input.did, "registration", &state_json)
797
.await
798
{
799
error!("Failed to save registration state: {:?}", e);
···
16
use serde_json::json;
17
use std::sync::Arc;
18
use tracing::{debug, error, info, warn};
19
+
use tranquil_db_traits::WebauthnChallengeType;
20
use uuid::Uuid;
21
22
use crate::api::repo::record::utils::create_signed_commit;
23
use crate::auth::{ServiceTokenVerifier, generate_app_password, is_service_token};
24
use crate::rate_limit::{AccountCreationLimit, PasswordResetLimit, RateLimited};
25
use crate::state::AppState;
26
+
use crate::types::{Did, Handle, PlainPassword};
27
use crate::util::{pds_hostname, pds_hostname_without_port};
28
use crate::validation::validate_password;
29
···
50
pub did: Option<String>,
51
pub did_type: Option<String>,
52
pub signing_key: Option<String>,
53
+
pub verification_channel: Option<tranquil_db_traits::CommsChannel>,
54
pub discord_username: Option<String>,
55
pub telegram_username: Option<String>,
56
pub signal_username: Option<String>,
···
74
Json(input): Json<CreatePasskeyAccountInput>,
75
) -> Response {
76
let byod_auth = if let Some(extracted) = crate::auth::extract_auth_token_from_header(
77
+
crate::util::get_header_str(&headers, http::header::AUTHORIZATION),
78
) {
79
let token = extracted.token;
80
if is_service_token(&token) {
···
153
Err(_) => return ApiError::InvalidInviteCode.into_response(),
154
}
155
} else {
156
+
let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED");
157
if invite_required {
158
return ApiError::InviteCodeRequired.into_response();
159
}
160
None
161
};
162
163
+
let verification_channel = input
164
+
.verification_channel
165
+
.unwrap_or(tranquil_db_traits::CommsChannel::Email);
166
let verification_recipient = match verification_channel {
167
+
tranquil_db_traits::CommsChannel::Email => match &email {
168
Some(e) if !e.is_empty() => e.clone(),
169
_ => return ApiError::MissingEmail.into_response(),
170
},
171
+
tranquil_db_traits::CommsChannel::Discord => match &input.discord_username {
172
Some(username) if !username.trim().is_empty() => {
173
let clean = username.trim().to_lowercase();
174
if !crate::api::validation::is_valid_discord_username(&clean) {
···
180
}
181
_ => return ApiError::MissingDiscordId.into_response(),
182
},
183
+
tranquil_db_traits::CommsChannel::Telegram => match &input.telegram_username {
184
Some(username) if !username.trim().is_empty() => {
185
let clean = username.trim().trim_start_matches('@');
186
if !crate::api::validation::is_valid_telegram_username(clean) {
···
192
}
193
_ => return ApiError::MissingTelegramUsername.into_response(),
194
},
195
+
tranquil_db_traits::CommsChannel::Signal => match &input.signal_username {
196
Some(username) if !username.trim().is_empty() => {
197
username.trim().trim_start_matches('@').to_lowercase()
198
}
199
_ => return ApiError::MissingSignalNumber.into_response(),
200
},
201
};
202
203
use k256::ecdsa::SigningKey;
···
277
)
278
.await
279
{
280
+
return ApiError::InvalidDid(e.to_string()).into_response();
281
}
282
info!(did = %d, "Creating external did:web passkey account (reserved key)");
283
}
···
380
}
381
};
382
let rev = Tid::now(LimitedU32::MIN);
383
+
let did_typed: Did = match did.parse() {
384
+
Ok(d) => d,
385
+
Err(_) => return ApiError::InternalError(Some("Invalid DID".into())).into_response(),
386
+
};
387
let (commit_bytes, _sig) =
388
match create_signed_commit(&did_typed, mst_root, rev.as_ref(), None, &secret_key) {
389
Ok(result) => result,
···
408
})
409
});
410
411
+
let handle_typed: Handle = match handle.parse() {
412
+
Ok(h) => h,
413
+
Err(_) => return ApiError::InvalidHandle(None).into_response(),
414
};
415
let create_input = tranquil_db_traits::CreatePasskeyAccountInput {
416
handle: handle_typed.clone(),
417
email: email.clone().unwrap_or_default(),
418
did: did_typed.clone(),
419
+
preferred_comms_channel: verification_channel,
420
discord_username: input
421
.discord_username
422
.as_deref()
···
485
"$type": "app.bsky.actor.profile",
486
"displayName": handle
487
});
488
if let Err(e) = crate::api::repo::record::create_record_internal(
489
&state,
490
&did_typed,
491
+
&crate::types::PROFILE_COLLECTION,
492
+
&crate::types::PROFILE_RKEY,
493
&profile_record,
494
)
495
.await
···
499
}
500
501
let verification_token = crate::auth::verification_token::generate_signup_token(
502
+
&did_typed,
503
verification_channel,
504
&verification_recipient,
505
);
···
621
622
let reg_state = match state
623
.user_repo
624
+
.load_webauthn_challenge(&input.did, WebauthnChallengeType::Registration)
625
.await
626
{
627
Ok(Some(json)) => match serde_json::from_str(&json) {
···
702
703
let _ = state
704
.user_repo
705
+
.delete_webauthn_challenge(&input.did, WebauthnChallengeType::Registration)
706
.await;
707
708
info!(did = %input.did, "Passkey-only account setup completed");
···
789
};
790
if let Err(e) = state
791
.user_repo
792
+
.save_webauthn_challenge(&input.did, WebauthnChallengeType::Registration, &state_json)
793
.await
794
{
795
error!("Failed to save registration state: {:?}", e);
+4
-3
crates/tranquil-pds/src/api/server/passkeys.rs
+4
-3
crates/tranquil-pds/src/api/server/passkeys.rs
···
9
};
10
use serde::{Deserialize, Serialize};
11
use tracing::{error, info, warn};
12
use webauthn_rs::prelude::*;
13
14
#[derive(Deserialize)]
···
64
65
state
66
.user_repo
67
-
.save_webauthn_challenge(&auth.did, "registration", &state_json)
68
.await
69
.log_db_err("saving registration state")?;
70
···
98
99
let reg_state_json = state
100
.user_repo
101
-
.load_webauthn_challenge(&auth.did, "registration")
102
.await
103
.log_db_err("loading registration state")?
104
.ok_or(ApiError::NoRegistrationInProgress)?;
···
140
141
if let Err(e) = state
142
.user_repo
143
-
.delete_webauthn_challenge(&auth.did, "registration")
144
.await
145
{
146
warn!("Failed to delete registration state: {:?}", e);
···
9
};
10
use serde::{Deserialize, Serialize};
11
use tracing::{error, info, warn};
12
+
use tranquil_db_traits::WebauthnChallengeType;
13
use webauthn_rs::prelude::*;
14
15
#[derive(Deserialize)]
···
65
66
state
67
.user_repo
68
+
.save_webauthn_challenge(&auth.did, WebauthnChallengeType::Registration, &state_json)
69
.await
70
.log_db_err("saving registration state")?;
71
···
99
100
let reg_state_json = state
101
.user_repo
102
+
.load_webauthn_challenge(&auth.did, WebauthnChallengeType::Registration)
103
.await
104
.log_db_err("loading registration state")?
105
.ok_or(ApiError::NoRegistrationInProgress)?;
···
141
142
if let Err(e) = state
143
.user_repo
144
+
.delete_webauthn_challenge(&auth.did, WebauthnChallengeType::Registration)
145
.await
146
{
147
warn!("Failed to delete registration state: {:?}", e);
+1
-1
crates/tranquil-pds/src/api/server/password.rs
+1
-1
crates/tranquil-pds/src/api/server/password.rs
+31
-16
crates/tranquil-pds/src/api/server/reauth.rs
+31
-16
crates/tranquil-pds/src/api/server/reauth.rs
···
8
use chrono::{DateTime, Utc};
9
use serde::{Deserialize, Serialize};
10
use tracing::{error, info, warn};
11
-
use tranquil_db_traits::{SessionRepository, UserRepository};
12
13
use crate::auth::{Active, Auth};
14
use crate::rate_limit::{TotpVerifyLimit, check_user_rate_limit_with_message};
···
17
18
pub const REAUTH_WINDOW_SECONDS: i64 = 300;
19
20
#[derive(Serialize)]
21
#[serde(rename_all = "camelCase")]
22
pub struct ReauthStatusResponse {
23
pub last_reauth_at: Option<DateTime<Utc>>,
24
pub reauth_required: bool,
25
-
pub available_methods: Vec<String>,
26
}
27
28
pub async fn get_reauth_status(
···
180
181
state
182
.user_repo
183
-
.save_webauthn_challenge(&auth.did, "authentication", &state_json)
184
.await
185
.log_db_err("saving authentication state")?;
186
···
201
) -> Result<Response, ApiError> {
202
let auth_state_json = state
203
.user_repo
204
-
.load_webauthn_challenge(&auth.did, "authentication")
205
.await
206
.log_db_err("loading authentication state")?
207
.ok_or(ApiError::NoChallengeInProgress)?;
···
229
let cred_id_bytes = auth_result.cred_id().as_ref();
230
match state
231
.user_repo
232
-
.update_passkey_counter(cred_id_bytes, auth_result.counter() as i32)
233
.await
234
{
235
Ok(false) => {
236
warn!(did = %&auth.did, "Passkey counter anomaly detected - possible cloned key");
237
let _ = state
238
.user_repo
239
-
.delete_webauthn_challenge(&auth.did, "authentication")
240
.await;
241
return Err(ApiError::PasskeyCounterAnomaly);
242
}
···
248
249
let _ = state
250
.user_repo
251
-
.delete_webauthn_challenge(&auth.did, "authentication")
252
.await;
253
254
let reauthed_at = update_last_reauth_cached(&*state.session_repo, &state.cache, &auth.did)
···
265
did: &crate::types::Did,
266
) -> Result<DateTime<Utc>, tranquil_db_traits::DbError> {
267
let now = session_repo.update_last_reauth(did).await?;
268
-
let cache_key = format!("reauth:{}", did);
269
let _ = cache
270
.set(
271
&cache_key,
272
&now.timestamp().to_string(),
273
-
std::time::Duration::from_secs(REAUTH_WINDOW_SECONDS as u64),
274
)
275
.await;
276
Ok(now)
···
290
user_repo: &dyn UserRepository,
291
_session_repo: &dyn SessionRepository,
292
did: &crate::types::Did,
293
-
) -> Vec<String> {
294
let mut methods = Vec::new();
295
296
let has_password = user_repo
···
301
.is_some();
302
303
if has_password {
304
-
methods.push("password".to_string());
305
}
306
307
let has_totp = user_repo.has_totp_enabled(did).await.unwrap_or(false);
308
if has_totp {
309
-
methods.push("totp".to_string());
310
}
311
312
let has_passkeys = user_repo.has_passkeys(did).await.unwrap_or(false);
313
if has_passkeys {
314
-
methods.push("passkey".to_string());
315
}
316
317
methods
···
332
cache: &std::sync::Arc<dyn crate::cache::Cache>,
333
did: &crate::types::Did,
334
) -> bool {
335
-
let cache_key = format!("reauth:{}", did);
336
if let Some(timestamp_str) = cache.get(&cache_key).await
337
&& let Ok(timestamp) = timestamp_str.parse::<i64>()
338
{
···
355
pub struct ReauthRequiredError {
356
pub error: String,
357
pub message: String,
358
-
pub reauth_methods: Vec<String>,
359
}
360
361
pub async fn reauth_required_response(
···
428
pub struct MfaVerificationRequiredError {
429
pub error: String,
430
pub message: String,
431
-
pub reauth_methods: Vec<String>,
432
}
···
8
use chrono::{DateTime, Utc};
9
use serde::{Deserialize, Serialize};
10
use tracing::{error, info, warn};
11
+
use tranquil_db_traits::{SessionRepository, UserRepository, WebauthnChallengeType};
12
13
use crate::auth::{Active, Auth};
14
use crate::rate_limit::{TotpVerifyLimit, check_user_rate_limit_with_message};
···
17
18
pub const REAUTH_WINDOW_SECONDS: i64 = 300;
19
20
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
21
+
#[serde(rename_all = "lowercase")]
22
+
pub enum ReauthMethod {
23
+
Password,
24
+
Totp,
25
+
Passkey,
26
+
}
27
+
28
#[derive(Serialize)]
29
#[serde(rename_all = "camelCase")]
30
pub struct ReauthStatusResponse {
31
pub last_reauth_at: Option<DateTime<Utc>>,
32
pub reauth_required: bool,
33
+
pub available_methods: Vec<ReauthMethod>,
34
}
35
36
pub async fn get_reauth_status(
···
188
189
state
190
.user_repo
191
+
.save_webauthn_challenge(
192
+
&auth.did,
193
+
WebauthnChallengeType::Authentication,
194
+
&state_json,
195
+
)
196
.await
197
.log_db_err("saving authentication state")?;
198
···
213
) -> Result<Response, ApiError> {
214
let auth_state_json = state
215
.user_repo
216
+
.load_webauthn_challenge(&auth.did, WebauthnChallengeType::Authentication)
217
.await
218
.log_db_err("loading authentication state")?
219
.ok_or(ApiError::NoChallengeInProgress)?;
···
241
let cred_id_bytes = auth_result.cred_id().as_ref();
242
match state
243
.user_repo
244
+
.update_passkey_counter(
245
+
cred_id_bytes,
246
+
i32::try_from(auth_result.counter()).unwrap_or(i32::MAX),
247
+
)
248
.await
249
{
250
Ok(false) => {
251
warn!(did = %&auth.did, "Passkey counter anomaly detected - possible cloned key");
252
let _ = state
253
.user_repo
254
+
.delete_webauthn_challenge(&auth.did, WebauthnChallengeType::Authentication)
255
.await;
256
return Err(ApiError::PasskeyCounterAnomaly);
257
}
···
263
264
let _ = state
265
.user_repo
266
+
.delete_webauthn_challenge(&auth.did, WebauthnChallengeType::Authentication)
267
.await;
268
269
let reauthed_at = update_last_reauth_cached(&*state.session_repo, &state.cache, &auth.did)
···
280
did: &crate::types::Did,
281
) -> Result<DateTime<Utc>, tranquil_db_traits::DbError> {
282
let now = session_repo.update_last_reauth(did).await?;
283
+
let cache_key = crate::cache_keys::reauth_key(did);
284
let _ = cache
285
.set(
286
&cache_key,
287
&now.timestamp().to_string(),
288
+
std::time::Duration::from_secs(u64::try_from(REAUTH_WINDOW_SECONDS).unwrap_or(300)),
289
)
290
.await;
291
Ok(now)
···
305
user_repo: &dyn UserRepository,
306
_session_repo: &dyn SessionRepository,
307
did: &crate::types::Did,
308
+
) -> Vec<ReauthMethod> {
309
let mut methods = Vec::new();
310
311
let has_password = user_repo
···
316
.is_some();
317
318
if has_password {
319
+
methods.push(ReauthMethod::Password);
320
}
321
322
let has_totp = user_repo.has_totp_enabled(did).await.unwrap_or(false);
323
if has_totp {
324
+
methods.push(ReauthMethod::Totp);
325
}
326
327
let has_passkeys = user_repo.has_passkeys(did).await.unwrap_or(false);
328
if has_passkeys {
329
+
methods.push(ReauthMethod::Passkey);
330
}
331
332
methods
···
347
cache: &std::sync::Arc<dyn crate::cache::Cache>,
348
did: &crate::types::Did,
349
) -> bool {
350
+
let cache_key = crate::cache_keys::reauth_key(did);
351
if let Some(timestamp_str) = cache.get(&cache_key).await
352
&& let Ok(timestamp) = timestamp_str.parse::<i64>()
353
{
···
370
pub struct ReauthRequiredError {
371
pub error: String,
372
pub message: String,
373
+
pub reauth_methods: Vec<ReauthMethod>,
374
}
375
376
pub async fn reauth_required_response(
···
443
pub struct MfaVerificationRequiredError {
444
pub error: String,
445
pub message: String,
446
+
pub reauth_methods: Vec<ReauthMethod>,
447
}
+69
-51
crates/tranquil-pds/src/api/server/service_auth.rs
+69
-51
crates/tranquil-pds/src/api/server/service_auth.rs
···
2
use crate::api::error::ApiError;
3
use crate::state::AppState;
4
use crate::types::Did;
5
use axum::{
6
Json,
7
extract::{Query, State},
···
10
};
11
use serde::{Deserialize, Serialize};
12
use serde_json::json;
13
use tracing::{error, info, warn};
14
15
const HOUR_SECS: i64 = 3600;
16
const MINUTE_SECS: i64 = 60;
17
18
-
const PROTECTED_METHODS: &[&str] = &[
19
-
"com.atproto.admin.sendEmail",
20
-
"com.atproto.identity.requestPlcOperationSignature",
21
-
"com.atproto.identity.signPlcOperation",
22
-
"com.atproto.identity.updateHandle",
23
-
"com.atproto.server.activateAccount",
24
-
"com.atproto.server.confirmEmail",
25
-
"com.atproto.server.createAppPassword",
26
-
"com.atproto.server.deactivateAccount",
27
-
"com.atproto.server.getAccountInviteCodes",
28
-
"com.atproto.server.getSession",
29
-
"com.atproto.server.listAppPasswords",
30
-
"com.atproto.server.requestAccountDelete",
31
-
"com.atproto.server.requestEmailConfirmation",
32
-
"com.atproto.server.requestEmailUpdate",
33
-
"com.atproto.server.revokeAppPassword",
34
-
"com.atproto.server.updateEmail",
35
-
];
36
37
#[derive(Deserialize)]
38
pub struct GetServiceAuthParams {
39
-
pub aud: String,
40
-
pub lxm: Option<String>,
41
pub exp: Option<i64>,
42
}
43
···
51
headers: axum::http::HeaderMap,
52
Query(params): Query<GetServiceAuthParams>,
53
) -> Response {
54
-
let auth_header = crate::util::get_header_str(&headers, "Authorization");
55
-
let dpop_proof = crate::util::get_header_str(&headers, "DPoP");
56
info!(
57
has_auth_header = auth_header.is_some(),
58
has_dpop_proof = dpop_proof.is_some(),
···
68
}
69
};
70
71
-
let (token, is_dpop) = if auth_header.len() >= 7
72
-
&& auth_header[..7].eq_ignore_ascii_case("bearer ")
73
-
{
74
-
(auth_header[7..].trim().to_string(), false)
75
-
} else if auth_header.len() >= 5 && auth_header[..5].eq_ignore_ascii_case("dpop ") {
76
-
(auth_header[5..].trim().to_string(), true)
77
-
} else {
78
-
warn!(auth_scheme = ?auth_header.split_whitespace().next(), "getServiceAuth: invalid auth scheme");
79
-
return ApiError::AuthenticationRequired.into_response();
80
};
81
82
-
let auth_user = if is_dpop {
83
match crate::oauth::verify::verify_oauth_access_token(
84
state.oauth_repo.as_ref(),
85
&token,
86
dpop_proof,
87
-
"GET",
88
&crate::util::build_full_url(&format!(
89
"/xrpc/com.atproto.server.getServiceAuth?aud={}&lxm={}",
90
params.aud,
91
-
params.lxm.as_deref().unwrap_or("")
92
)),
93
)
94
.await
95
{
96
-
Ok(result) => crate::auth::AuthenticatedUser {
97
-
did: unsafe { Did::new_unchecked(result.did) },
98
-
is_admin: false,
99
-
status: AccountStatus::Active,
100
-
scope: result.scope,
101
-
key_bytes: None,
102
-
controller_did: None,
103
-
auth_source: crate::auth::AuthSource::OAuth,
104
-
},
105
Err(crate::oauth::OAuthError::UseDpopNonce(nonce)) => {
106
return (
107
StatusCode::UNAUTHORIZED,
···
179
}
180
};
181
182
-
let lxm = params.lxm.as_deref();
183
-
let lxm_for_token = lxm.unwrap_or("*");
184
185
if let Some(method) = lxm {
186
if let Err(e) = crate::auth::scope_check::check_rpc_scope(
187
-
auth_user.is_oauth(),
188
auth_user.scope.as_deref(),
189
-
¶ms.aud,
190
-
method,
191
) {
192
return e;
193
}
···
209
.flatten()
210
.is_some_and(|s| s.takedown_ref.is_some());
211
212
-
if is_takendown && lxm != Some("com.atproto.server.createAccount") {
213
return ApiError::InvalidToken(Some("Bad token scope".into())).into_response();
214
}
215
216
if let Some(method) = lxm
217
-
&& PROTECTED_METHODS.contains(&method)
218
{
219
return ApiError::InvalidRequest(format!(
220
"cannot request a service auth token for the following protected method: {}",
···
248
249
let service_token = match crate::auth::create_service_token(
250
&auth_user.did,
251
-
¶ms.aud,
252
lxm_for_token,
253
&key_bytes,
254
) {
···
2
use crate::api::error::ApiError;
3
use crate::state::AppState;
4
use crate::types::Did;
5
+
use axum::http::Method;
6
use axum::{
7
Json,
8
extract::{Query, State},
···
11
};
12
use serde::{Deserialize, Serialize};
13
use serde_json::json;
14
+
use std::collections::HashSet;
15
+
use std::sync::LazyLock;
16
use tracing::{error, info, warn};
17
+
use tranquil_types::Nsid;
18
+
19
+
static CREATE_ACCOUNT_NSID: LazyLock<Nsid> =
20
+
LazyLock::new(|| "com.atproto.server.createAccount".parse().unwrap());
21
22
const HOUR_SECS: i64 = 3600;
23
const MINUTE_SECS: i64 = 60;
24
25
+
static PROTECTED_METHODS: LazyLock<HashSet<&'static str>> = LazyLock::new(|| {
26
+
[
27
+
"com.atproto.admin.sendEmail",
28
+
"com.atproto.identity.requestPlcOperationSignature",
29
+
"com.atproto.identity.signPlcOperation",
30
+
"com.atproto.identity.updateHandle",
31
+
"com.atproto.server.activateAccount",
32
+
"com.atproto.server.confirmEmail",
33
+
"com.atproto.server.createAppPassword",
34
+
"com.atproto.server.deactivateAccount",
35
+
"com.atproto.server.getAccountInviteCodes",
36
+
"com.atproto.server.getSession",
37
+
"com.atproto.server.listAppPasswords",
38
+
"com.atproto.server.requestAccountDelete",
39
+
"com.atproto.server.requestEmailConfirmation",
40
+
"com.atproto.server.requestEmailUpdate",
41
+
"com.atproto.server.revokeAppPassword",
42
+
"com.atproto.server.updateEmail",
43
+
]
44
+
.into_iter()
45
+
.collect()
46
+
});
47
48
#[derive(Deserialize)]
49
pub struct GetServiceAuthParams {
50
+
pub aud: Did,
51
+
pub lxm: Option<Nsid>,
52
pub exp: Option<i64>,
53
}
54
···
62
headers: axum::http::HeaderMap,
63
Query(params): Query<GetServiceAuthParams>,
64
) -> Response {
65
+
let auth_header = crate::util::get_header_str(&headers, axum::http::header::AUTHORIZATION);
66
+
let dpop_proof = crate::util::get_header_str(&headers, crate::util::HEADER_DPOP);
67
info!(
68
has_auth_header = auth_header.is_some(),
69
has_dpop_proof = dpop_proof.is_some(),
···
79
}
80
};
81
82
+
let extracted = match crate::auth::extract_auth_token_from_header(Some(auth_header)) {
83
+
Some(e) => e,
84
+
None => {
85
+
warn!(auth_scheme = ?auth_header.split_whitespace().next(), "getServiceAuth: invalid auth scheme");
86
+
return ApiError::AuthenticationRequired.into_response();
87
+
}
88
};
89
+
let token = extracted.token;
90
91
+
let auth_user = if extracted.scheme.is_dpop() {
92
match crate::oauth::verify::verify_oauth_access_token(
93
state.oauth_repo.as_ref(),
94
&token,
95
dpop_proof,
96
+
Method::GET.as_str(),
97
&crate::util::build_full_url(&format!(
98
"/xrpc/com.atproto.server.getServiceAuth?aud={}&lxm={}",
99
params.aud,
100
+
params.lxm.as_ref().map_or("", |n| n.as_str())
101
)),
102
)
103
.await
104
{
105
+
Ok(result) => {
106
+
let did: Did = match result.did.parse() {
107
+
Ok(d) => d,
108
+
Err(_) => {
109
+
return ApiError::InternalError(Some("Invalid DID in token".into()))
110
+
.into_response();
111
+
}
112
+
};
113
+
crate::auth::AuthenticatedUser {
114
+
did,
115
+
is_admin: false,
116
+
status: AccountStatus::Active,
117
+
scope: result.scope,
118
+
key_bytes: None,
119
+
controller_did: None,
120
+
auth_source: crate::auth::AuthSource::OAuth,
121
+
}
122
+
}
123
Err(crate::oauth::OAuthError::UseDpopNonce(nonce)) => {
124
return (
125
StatusCode::UNAUTHORIZED,
···
197
}
198
};
199
200
+
let lxm = params.lxm.as_ref();
201
+
let lxm_for_token = lxm.map_or("*", |n| n.as_str());
202
203
if let Some(method) = lxm {
204
if let Err(e) = crate::auth::scope_check::check_rpc_scope(
205
+
&auth_user.auth_source,
206
auth_user.scope.as_deref(),
207
+
params.aud.as_str(),
208
+
method.as_str(),
209
) {
210
return e;
211
}
···
227
.flatten()
228
.is_some_and(|s| s.takedown_ref.is_some());
229
230
+
if is_takendown && lxm != Some(&*CREATE_ACCOUNT_NSID) {
231
return ApiError::InvalidToken(Some("Bad token scope".into())).into_response();
232
}
233
234
if let Some(method) = lxm
235
+
&& PROTECTED_METHODS.contains(&method.as_str())
236
{
237
return ApiError::InvalidRequest(format!(
238
"cannot request a service auth token for the following protected method: {}",
···
266
267
let service_token = match crate::auth::create_service_token(
268
&auth_user.did,
269
+
params.aud.as_str(),
270
lxm_for_token,
271
&key_bytes,
272
) {
+36
-54
crates/tranquil-pds/src/api/server/session.rs
+36
-54
crates/tranquil-pds/src/api/server/session.rs
···
266
refresh_jti: refresh_meta.jti.clone(),
267
access_expires_at: access_meta.expires_at,
268
refresh_expires_at: refresh_meta.expires_at,
269
-
login_type: tranquil_db_traits::LoginType::from(is_legacy_login),
270
mfa_verified: false,
271
scope: app_password_scopes.clone(),
272
controller_did: app_password_controller.clone(),
···
338
);
339
match db_result {
340
Ok(Some(row)) => {
341
-
let preferred_channel = match row.preferred_comms_channel {
342
-
tranquil_db_traits::CommsChannel::Email => "email",
343
-
tranquil_db_traits::CommsChannel::Discord => "discord",
344
-
tranquil_db_traits::CommsChannel::Telegram => "telegram",
345
-
tranquil_db_traits::CommsChannel::Signal => "signal",
346
-
};
347
let preferred_channel_verified = row
348
.channel_verification
349
.is_verified(row.preferred_comms_channel);
···
365
"handle": handle,
366
"did": &auth.did,
367
"active": account_state.is_active(),
368
-
"preferredChannel": preferred_channel,
369
"preferredChannelVerified": preferred_channel_verified,
370
"preferredLocale": row.preferred_locale,
371
"isAdmin": row.is_admin
···
404
) -> Result<Response, ApiError> {
405
let extracted = crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
406
&headers,
407
-
"Authorization",
408
))
409
.ok_or(ApiError::AuthenticationRequired)?;
410
let jti = crate::auth::get_jti_from_token(&extracted.token)
···
413
match state.session_repo.delete_session_by_access_jti(&jti).await {
414
Ok(rows) if rows > 0 => {
415
if let Some(did) = did {
416
-
let session_cache_key = format!("auth:session:{}:{}", did, jti);
417
let _ = state.cache.delete(&session_cache_key).await;
418
}
419
Ok(EmptyResponse::ok().into_response())
···
430
) -> Response {
431
let extracted = match crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
432
&headers,
433
-
"Authorization",
434
)) {
435
Some(t) => t,
436
None => return ApiError::AuthenticationRequired.into_response(),
···
548
);
549
match db_result {
550
Ok(Some(u)) => {
551
-
let preferred_channel = match u.preferred_comms_channel {
552
-
tranquil_db_traits::CommsChannel::Email => "email",
553
-
tranquil_db_traits::CommsChannel::Discord => "discord",
554
-
tranquil_db_traits::CommsChannel::Telegram => "telegram",
555
-
tranquil_db_traits::CommsChannel::Signal => "signal",
556
-
};
557
let preferred_channel_verified = u
558
.channel_verification
559
.is_verified(u.preferred_comms_channel);
···
568
"did": session_row.did,
569
"email": u.email,
570
"emailConfirmed": u.channel_verification.email,
571
-
"preferredChannel": preferred_channel,
572
"preferredChannelVerified": preferred_channel_verified,
573
"preferredLocale": u.preferred_locale,
574
"isAdmin": u.is_admin,
···
609
pub did: Did,
610
pub email: Option<String>,
611
pub email_verified: bool,
612
-
pub preferred_channel: String,
613
pub preferred_channel_verified: bool,
614
}
615
···
631
}
632
};
633
634
-
let (channel_str, identifier) = match row.channel {
635
-
tranquil_db_traits::CommsChannel::Email => ("email", row.email.clone().unwrap_or_default()),
636
tranquil_db_traits::CommsChannel::Discord => {
637
-
("discord", row.discord_username.clone().unwrap_or_default())
638
}
639
-
tranquil_db_traits::CommsChannel::Telegram => (
640
-
"telegram",
641
-
row.telegram_username.clone().unwrap_or_default(),
642
-
),
643
-
tranquil_db_traits::CommsChannel::Signal => {
644
-
("signal", row.signal_username.clone().unwrap_or_default())
645
}
646
};
647
648
let normalized_token =
649
crate::auth::verification_token::normalize_token_input(&input.verification_code);
650
match crate::auth::verification_token::verify_signup_token(
651
&normalized_token,
652
-
channel_str,
653
&identifier,
654
) {
655
Ok(token_data) => {
656
-
if token_data.did != input.did.as_str() {
657
warn!(
658
"Token DID mismatch for confirm_signup: expected {}, got {}",
659
input.did, token_data.did
···
733
{
734
warn!("Failed to enqueue welcome notification: {:?}", e);
735
}
736
-
let email_verified = matches!(row.channel, tranquil_db_traits::CommsChannel::Email);
737
-
let preferred_channel = match row.channel {
738
-
tranquil_db_traits::CommsChannel::Email => "email",
739
-
tranquil_db_traits::CommsChannel::Discord => "discord",
740
-
tranquil_db_traits::CommsChannel::Telegram => "telegram",
741
-
tranquil_db_traits::CommsChannel::Signal => "signal",
742
-
};
743
Json(ConfirmSignupOutput {
744
access_jwt: access_meta.token,
745
refresh_jwt: refresh_meta.token,
746
handle: row.handle,
747
did: row.did,
748
email: row.email,
749
-
email_verified,
750
-
preferred_channel: preferred_channel.to_string(),
751
preferred_channel_verified: true,
752
})
753
.into_response()
···
783
return ApiError::InvalidRequest("Account is already verified".into()).into_response();
784
}
785
786
-
let (channel_str, recipient) = match row.channel {
787
-
tranquil_db_traits::CommsChannel::Email => ("email", row.email.clone().unwrap_or_default()),
788
tranquil_db_traits::CommsChannel::Discord => {
789
-
("discord", row.discord_username.clone().unwrap_or_default())
790
}
791
-
tranquil_db_traits::CommsChannel::Telegram => (
792
-
"telegram",
793
-
row.telegram_username.clone().unwrap_or_default(),
794
-
),
795
-
tranquil_db_traits::CommsChannel::Signal => {
796
-
("signal", row.signal_username.clone().unwrap_or_default())
797
}
798
};
799
800
let verification_token =
801
-
crate::auth::verification_token::generate_signup_token(&input.did, channel_str, &recipient);
802
let formatted_token =
803
crate::auth::verification_token::format_token_for_display(&verification_token);
804
···
807
state.user_repo.as_ref(),
808
state.infra_repo.as_ref(),
809
row.id,
810
-
channel_str,
811
&recipient,
812
&formatted_token,
813
hostname,
···
820
}
821
822
#[derive(Serialize)]
823
#[serde(rename_all = "camelCase")]
824
pub struct SessionInfo {
825
pub id: String,
826
-
pub session_type: String,
827
pub client_name: Option<String>,
828
pub created_at: String,
829
pub expires_at: String,
···
861
862
let jwt_sessions = jwt_rows.into_iter().map(|row| SessionInfo {
863
id: format!("jwt:{}", row.id),
864
-
session_type: "legacy".to_string(),
865
client_name: None,
866
created_at: row.created_at.to_rfc3339(),
867
expires_at: row.refresh_expires_at.to_rfc3339(),
···
874
let is_current_oauth = is_oauth && current_jti.as_deref() == Some(row.token_id.as_str());
875
SessionInfo {
876
id: format!("oauth:{}", row.id),
877
-
session_type: "oauth".to_string(),
878
client_name: Some(client_name),
879
created_at: row.created_at.to_rfc3339(),
880
expires_at: row.expires_at.to_rfc3339(),
···
925
.delete_session_by_id(session_id)
926
.await
927
.log_db_err("deleting session")?;
928
-
let cache_key = format!("auth:session:{}:{}", &auth.did, access_jti);
929
if let Err(e) = state.cache.delete(&cache_key).await {
930
warn!("Failed to invalidate session cache: {:?}", e);
931
}
···
266
refresh_jti: refresh_meta.jti.clone(),
267
access_expires_at: access_meta.expires_at,
268
refresh_expires_at: refresh_meta.expires_at,
269
+
login_type: tranquil_db_traits::LoginType::from_legacy_flag(is_legacy_login),
270
mfa_verified: false,
271
scope: app_password_scopes.clone(),
272
controller_did: app_password_controller.clone(),
···
338
);
339
match db_result {
340
Ok(Some(row)) => {
341
let preferred_channel_verified = row
342
.channel_verification
343
.is_verified(row.preferred_comms_channel);
···
359
"handle": handle,
360
"did": &auth.did,
361
"active": account_state.is_active(),
362
+
"preferredChannel": row.preferred_comms_channel.as_str(),
363
"preferredChannelVerified": preferred_channel_verified,
364
"preferredLocale": row.preferred_locale,
365
"isAdmin": row.is_admin
···
398
) -> Result<Response, ApiError> {
399
let extracted = crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
400
&headers,
401
+
http::header::AUTHORIZATION,
402
))
403
.ok_or(ApiError::AuthenticationRequired)?;
404
let jti = crate::auth::get_jti_from_token(&extracted.token)
···
407
match state.session_repo.delete_session_by_access_jti(&jti).await {
408
Ok(rows) if rows > 0 => {
409
if let Some(did) = did {
410
+
let session_cache_key = crate::cache_keys::session_key(&did, &jti);
411
let _ = state.cache.delete(&session_cache_key).await;
412
}
413
Ok(EmptyResponse::ok().into_response())
···
424
) -> Response {
425
let extracted = match crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
426
&headers,
427
+
http::header::AUTHORIZATION,
428
)) {
429
Some(t) => t,
430
None => return ApiError::AuthenticationRequired.into_response(),
···
542
);
543
match db_result {
544
Ok(Some(u)) => {
545
let preferred_channel_verified = u
546
.channel_verification
547
.is_verified(u.preferred_comms_channel);
···
556
"did": session_row.did,
557
"email": u.email,
558
"emailConfirmed": u.channel_verification.email,
559
+
"preferredChannel": u.preferred_comms_channel.as_str(),
560
"preferredChannelVerified": preferred_channel_verified,
561
"preferredLocale": u.preferred_locale,
562
"isAdmin": u.is_admin,
···
597
pub did: Did,
598
pub email: Option<String>,
599
pub email_verified: bool,
600
+
pub preferred_channel: tranquil_db_traits::CommsChannel,
601
pub preferred_channel_verified: bool,
602
}
603
···
619
}
620
};
621
622
+
let identifier = match row.channel {
623
+
tranquil_db_traits::CommsChannel::Email => row.email.clone().unwrap_or_default(),
624
tranquil_db_traits::CommsChannel::Discord => {
625
+
row.discord_username.clone().unwrap_or_default()
626
}
627
+
tranquil_db_traits::CommsChannel::Telegram => {
628
+
row.telegram_username.clone().unwrap_or_default()
629
}
630
+
tranquil_db_traits::CommsChannel::Signal => row.signal_username.clone().unwrap_or_default(),
631
};
632
633
let normalized_token =
634
crate::auth::verification_token::normalize_token_input(&input.verification_code);
635
match crate::auth::verification_token::verify_signup_token(
636
&normalized_token,
637
+
row.channel,
638
&identifier,
639
) {
640
Ok(token_data) => {
641
+
if token_data.did != input.did {
642
warn!(
643
"Token DID mismatch for confirm_signup: expected {}, got {}",
644
input.did, token_data.did
···
718
{
719
warn!("Failed to enqueue welcome notification: {:?}", e);
720
}
721
Json(ConfirmSignupOutput {
722
access_jwt: access_meta.token,
723
refresh_jwt: refresh_meta.token,
724
handle: row.handle,
725
did: row.did,
726
email: row.email,
727
+
email_verified: matches!(row.channel, tranquil_db_traits::CommsChannel::Email),
728
+
preferred_channel: row.channel,
729
preferred_channel_verified: true,
730
})
731
.into_response()
···
761
return ApiError::InvalidRequest("Account is already verified".into()).into_response();
762
}
763
764
+
let recipient = match row.channel {
765
+
tranquil_db_traits::CommsChannel::Email => row.email.clone().unwrap_or_default(),
766
tranquil_db_traits::CommsChannel::Discord => {
767
+
row.discord_username.clone().unwrap_or_default()
768
}
769
+
tranquil_db_traits::CommsChannel::Telegram => {
770
+
row.telegram_username.clone().unwrap_or_default()
771
}
772
+
tranquil_db_traits::CommsChannel::Signal => row.signal_username.clone().unwrap_or_default(),
773
};
774
775
let verification_token =
776
+
crate::auth::verification_token::generate_signup_token(&input.did, row.channel, &recipient);
777
let formatted_token =
778
crate::auth::verification_token::format_token_for_display(&verification_token);
779
···
782
state.user_repo.as_ref(),
783
state.infra_repo.as_ref(),
784
row.id,
785
+
row.channel,
786
&recipient,
787
&formatted_token,
788
hostname,
···
795
}
796
797
#[derive(Serialize)]
798
+
#[serde(rename_all = "lowercase")]
799
+
pub enum SessionType {
800
+
Legacy,
801
+
OAuth,
802
+
}
803
+
804
+
#[derive(Serialize)]
805
#[serde(rename_all = "camelCase")]
806
pub struct SessionInfo {
807
pub id: String,
808
+
pub session_type: SessionType,
809
pub client_name: Option<String>,
810
pub created_at: String,
811
pub expires_at: String,
···
843
844
let jwt_sessions = jwt_rows.into_iter().map(|row| SessionInfo {
845
id: format!("jwt:{}", row.id),
846
+
session_type: SessionType::Legacy,
847
client_name: None,
848
created_at: row.created_at.to_rfc3339(),
849
expires_at: row.refresh_expires_at.to_rfc3339(),
···
856
let is_current_oauth = is_oauth && current_jti.as_deref() == Some(row.token_id.as_str());
857
SessionInfo {
858
id: format!("oauth:{}", row.id),
859
+
session_type: SessionType::OAuth,
860
client_name: Some(client_name),
861
created_at: row.created_at.to_rfc3339(),
862
expires_at: row.expires_at.to_rfc3339(),
···
907
.delete_session_by_id(session_id)
908
.await
909
.log_db_err("deleting session")?;
910
+
let cache_key = crate::cache_keys::session_key(&auth.did, &access_jti);
911
if let Err(e) = state.cache.delete(&cache_key).await {
912
warn!("Failed to invalidate session cache: {:?}", e);
913
}
+7
-9
crates/tranquil-pds/src/api/server/signing_key.rs
+7
-9
crates/tranquil-pds/src/api/server/signing_key.rs
···
25
26
#[derive(Deserialize)]
27
pub struct ReserveSigningKeyInput {
28
-
pub did: Option<String>,
29
}
30
31
#[derive(Serialize)]
···
38
State(state): State<AppState>,
39
Json(input): Json<ReserveSigningKeyInput>,
40
) -> Response {
41
-
let did: Option<crate::types::Did> = match input.did {
42
-
Some(ref d) => match d.parse() {
43
-
Ok(parsed) => Some(parsed),
44
-
Err(_) => return ApiError::InvalidDid("Invalid DID format".into()).into_response(),
45
-
},
46
-
None => None,
47
-
};
48
let signing_key = SigningKey::random(&mut rand::thread_rng());
49
let private_key_bytes = signing_key.to_bytes();
50
let public_key_did_key = public_key_to_did_key(&signing_key);
···
52
let private_bytes: &[u8] = &private_key_bytes;
53
match state
54
.infra_repo
55
-
.reserve_signing_key(did.as_ref(), &public_key_did_key, private_bytes, expires_at)
56
.await
57
{
58
Ok(key_id) => {
···
25
26
#[derive(Deserialize)]
27
pub struct ReserveSigningKeyInput {
28
+
pub did: Option<crate::types::Did>,
29
}
30
31
#[derive(Serialize)]
···
38
State(state): State<AppState>,
39
Json(input): Json<ReserveSigningKeyInput>,
40
) -> Response {
41
let signing_key = SigningKey::random(&mut rand::thread_rng());
42
let private_key_bytes = signing_key.to_bytes();
43
let public_key_did_key = public_key_to_did_key(&signing_key);
···
45
let private_bytes: &[u8] = &private_key_bytes;
46
match state
47
.infra_repo
48
+
.reserve_signing_key(
49
+
input.did.as_ref(),
50
+
&public_key_did_key,
51
+
private_bytes,
52
+
expires_at,
53
+
)
54
.await
55
{
56
Ok(key_id) => {
+13
-23
crates/tranquil-pds/src/api/server/trusted_devices.rs
+13
-23
crates/tranquil-pds/src/api/server/trusted_devices.rs
···
103
#[derive(Deserialize)]
104
#[serde(rename_all = "camelCase")]
105
pub struct RevokeTrustedDeviceInput {
106
-
pub device_id: String,
107
}
108
109
pub async fn revoke_trusted_device(
···
111
auth: Auth<Active>,
112
Json(input): Json<RevokeTrustedDeviceInput>,
113
) -> Result<Response, ApiError> {
114
-
let device_id = DeviceId::from(input.device_id.clone());
115
match state
116
.oauth_repo
117
-
.device_belongs_to_user(&device_id, &auth.did)
118
.await
119
{
120
Ok(true) => {}
···
129
130
state
131
.oauth_repo
132
-
.revoke_device_trust(&device_id)
133
.await
134
.log_db_err("revoking device trust")?;
135
···
140
#[derive(Deserialize)]
141
#[serde(rename_all = "camelCase")]
142
pub struct UpdateTrustedDeviceInput {
143
-
pub device_id: String,
144
pub friendly_name: Option<String>,
145
}
146
···
149
auth: Auth<Active>,
150
Json(input): Json<UpdateTrustedDeviceInput>,
151
) -> Result<Response, ApiError> {
152
-
let device_id = DeviceId::from(input.device_id.clone());
153
match state
154
.oauth_repo
155
-
.device_belongs_to_user(&device_id, &auth.did)
156
.await
157
{
158
Ok(true) => {}
···
167
168
state
169
.oauth_repo
170
-
.update_device_friendly_name(&device_id, input.friendly_name.as_deref())
171
.await
172
.log_db_err("updating device friendly name")?;
173
···
177
178
pub async fn get_device_trust_state(
179
oauth_repo: &dyn OAuthRepository,
180
-
device_id: &str,
181
did: &tranquil_types::Did,
182
) -> DeviceTrustState {
183
-
let device_id_typed = DeviceId::from(device_id.to_string());
184
-
match oauth_repo
185
-
.get_device_trust_info(&device_id_typed, did)
186
-
.await
187
-
{
188
Ok(Some(info)) => DeviceTrustState::from_timestamps(info.trusted_at, info.trusted_until),
189
_ => DeviceTrustState::Untrusted,
190
}
···
192
193
pub async fn is_device_trusted(
194
oauth_repo: &dyn OAuthRepository,
195
-
device_id: &str,
196
did: &tranquil_types::Did,
197
) -> bool {
198
get_device_trust_state(oauth_repo, device_id, did)
···
202
203
pub async fn trust_device(
204
oauth_repo: &dyn OAuthRepository,
205
-
device_id: &str,
206
) -> Result<(), tranquil_db_traits::DbError> {
207
let now = Utc::now();
208
let trusted_until = now + Duration::days(TRUST_DURATION_DAYS);
209
-
let device_id_typed = DeviceId::from(device_id.to_string());
210
-
oauth_repo
211
-
.trust_device(&device_id_typed, now, trusted_until)
212
-
.await
213
}
214
215
pub async fn extend_device_trust(
216
oauth_repo: &dyn OAuthRepository,
217
-
device_id: &str,
218
) -> Result<(), tranquil_db_traits::DbError> {
219
let trusted_until = Utc::now() + Duration::days(TRUST_DURATION_DAYS);
220
-
let device_id_typed = DeviceId::from(device_id.to_string());
221
oauth_repo
222
-
.extend_device_trust(&device_id_typed, trusted_until)
223
.await
224
}
···
103
#[derive(Deserialize)]
104
#[serde(rename_all = "camelCase")]
105
pub struct RevokeTrustedDeviceInput {
106
+
pub device_id: DeviceId,
107
}
108
109
pub async fn revoke_trusted_device(
···
111
auth: Auth<Active>,
112
Json(input): Json<RevokeTrustedDeviceInput>,
113
) -> Result<Response, ApiError> {
114
match state
115
.oauth_repo
116
+
.device_belongs_to_user(&input.device_id, &auth.did)
117
.await
118
{
119
Ok(true) => {}
···
128
129
state
130
.oauth_repo
131
+
.revoke_device_trust(&input.device_id)
132
.await
133
.log_db_err("revoking device trust")?;
134
···
139
#[derive(Deserialize)]
140
#[serde(rename_all = "camelCase")]
141
pub struct UpdateTrustedDeviceInput {
142
+
pub device_id: DeviceId,
143
pub friendly_name: Option<String>,
144
}
145
···
148
auth: Auth<Active>,
149
Json(input): Json<UpdateTrustedDeviceInput>,
150
) -> Result<Response, ApiError> {
151
match state
152
.oauth_repo
153
+
.device_belongs_to_user(&input.device_id, &auth.did)
154
.await
155
{
156
Ok(true) => {}
···
165
166
state
167
.oauth_repo
168
+
.update_device_friendly_name(&input.device_id, input.friendly_name.as_deref())
169
.await
170
.log_db_err("updating device friendly name")?;
171
···
175
176
pub async fn get_device_trust_state(
177
oauth_repo: &dyn OAuthRepository,
178
+
device_id: &DeviceId,
179
did: &tranquil_types::Did,
180
) -> DeviceTrustState {
181
+
match oauth_repo.get_device_trust_info(device_id, did).await {
182
Ok(Some(info)) => DeviceTrustState::from_timestamps(info.trusted_at, info.trusted_until),
183
_ => DeviceTrustState::Untrusted,
184
}
···
186
187
pub async fn is_device_trusted(
188
oauth_repo: &dyn OAuthRepository,
189
+
device_id: &DeviceId,
190
did: &tranquil_types::Did,
191
) -> bool {
192
get_device_trust_state(oauth_repo, device_id, did)
···
196
197
pub async fn trust_device(
198
oauth_repo: &dyn OAuthRepository,
199
+
device_id: &DeviceId,
200
) -> Result<(), tranquil_db_traits::DbError> {
201
let now = Utc::now();
202
let trusted_until = now + Duration::days(TRUST_DURATION_DAYS);
203
+
oauth_repo.trust_device(device_id, now, trusted_until).await
204
}
205
206
pub async fn extend_device_trust(
207
oauth_repo: &dyn OAuthRepository,
208
+
device_id: &DeviceId,
209
) -> Result<(), tranquil_db_traits::DbError> {
210
let trusted_until = Utc::now() + Duration::days(TRUST_DURATION_DAYS);
211
oauth_repo
212
+
.extend_device_trust(device_id, trusted_until)
213
.await
214
}
+40
-54
crates/tranquil-pds/src/api/server/verify_token.rs
+40
-54
crates/tranquil-pds/src/api/server/verify_token.rs
···
10
VerificationPurpose, normalize_token_input, verify_token_signature,
11
};
12
use crate::state::AppState;
13
14
#[derive(Deserialize, Clone)]
15
#[serde(rename_all = "camelCase")]
···
23
pub struct VerifyTokenOutput {
24
pub success: bool,
25
pub did: Did,
26
-
pub purpose: String,
27
-
pub channel: String,
28
}
29
30
pub async fn verify_token(
···
53
54
match token_data.purpose {
55
VerificationPurpose::Migration => {
56
-
handle_migration_verification(state, &token_data.did, &token_data.channel, &identifier)
57
.await
58
}
59
VerificationPurpose::ChannelUpdate => {
60
-
handle_channel_update(state, &token_data.did, &token_data.channel, &identifier).await
61
}
62
VerificationPurpose::Signup => {
63
-
handle_signup_verification(state, &token_data.did, &token_data.channel, &identifier)
64
.await
65
}
66
}
···
68
69
async fn handle_migration_verification(
70
state: &AppState,
71
-
did: &str,
72
-
channel: &str,
73
identifier: &str,
74
) -> Result<Json<VerifyTokenOutput>, ApiError> {
75
-
if channel != "email" {
76
return Err(ApiError::InvalidChannel);
77
}
78
79
-
let did_typed: Did = did
80
-
.parse()
81
-
.map_err(|_| ApiError::InvalidDid("Invalid DID format".into()))?;
82
let user = state
83
.user_repo
84
-
.get_verification_info(&did_typed)
85
.await
86
.log_db_err("during migration verification")?
87
.ok_or(ApiError::AccountNotFound)?;
···
102
103
Ok(Json(VerifyTokenOutput {
104
success: true,
105
-
did: did.to_string().into(),
106
-
purpose: "migration".to_string(),
107
-
channel: channel.to_string(),
108
}))
109
}
110
111
async fn handle_channel_update(
112
state: &AppState,
113
-
did: &str,
114
-
channel: &str,
115
identifier: &str,
116
) -> Result<Json<VerifyTokenOutput>, ApiError> {
117
-
let did_typed: Did = did
118
-
.parse()
119
-
.map_err(|_| ApiError::InvalidDid("Invalid DID format".into()))?;
120
let user_id = state
121
.user_repo
122
-
.get_id_by_did(&did_typed)
123
.await
124
.log_db_err("fetching user id")?
125
.ok_or(ApiError::AccountNotFound)?;
126
127
match channel {
128
-
"email" => {
129
let success = state
130
.user_repo
131
.verify_email_channel(user_id, identifier)
···
135
return Err(ApiError::EmailTaken);
136
}
137
}
138
-
"discord" => {
139
state
140
.user_repo
141
.verify_discord_channel(user_id, identifier)
142
.await
143
.log_db_err("updating discord channel")?;
144
}
145
-
"telegram" => {
146
state
147
.user_repo
148
.verify_telegram_channel(user_id, identifier)
149
.await
150
.log_db_err("updating telegram channel")?;
151
}
152
-
"signal" => {
153
state
154
.user_repo
155
.verify_signal_channel(user_id, identifier)
156
.await
157
.log_db_err("updating signal channel")?;
158
}
159
-
_ => {
160
-
return Err(ApiError::InvalidChannel);
161
-
}
162
};
163
164
-
info!(did = %did, channel = %channel, "Channel verified successfully");
165
166
let recipient = resolve_verified_recipient(state, user_id, channel, identifier).await;
167
if let Err(e) = comms_repo::enqueue_channel_verified(
···
179
180
Ok(Json(VerifyTokenOutput {
181
success: true,
182
-
did: did.to_string().into(),
183
-
purpose: "channel_update".to_string(),
184
-
channel: channel.to_string(),
185
}))
186
}
187
188
async fn resolve_verified_recipient(
189
state: &AppState,
190
user_id: uuid::Uuid,
191
-
channel: &str,
192
identifier: &str,
193
) -> String {
194
match channel {
195
-
"telegram" => state
196
.user_repo
197
.get_telegram_chat_id(user_id)
198
.await
···
206
207
async fn handle_signup_verification(
208
state: &AppState,
209
-
did: &str,
210
-
channel: &str,
211
identifier: &str,
212
) -> Result<Json<VerifyTokenOutput>, ApiError> {
213
-
let did_typed: Did = did
214
-
.parse()
215
-
.map_err(|_| ApiError::InvalidDid("Invalid DID format".into()))?;
216
let user = state
217
.user_repo
218
-
.get_verification_info(&did_typed)
219
.await
220
.log_db_err("during signup verification")?
221
.ok_or(ApiError::AccountNotFound)?;
···
225
info!(did = %did, "Account already verified");
226
return Ok(Json(VerifyTokenOutput {
227
success: true,
228
-
did: did.to_string().into(),
229
-
purpose: "signup".to_string(),
230
-
channel: channel.to_string(),
231
}));
232
}
233
234
match channel {
235
-
"email" => {
236
state
237
.user_repo
238
.set_email_verified_flag(user.id)
239
.await
240
.log_db_err("updating email verified status")?;
241
}
242
-
"discord" => {
243
state
244
.user_repo
245
.set_discord_verified_flag(user.id)
246
.await
247
.log_db_err("updating discord verified status")?;
248
}
249
-
"telegram" => {
250
state
251
.user_repo
252
.set_telegram_verified_flag(user.id)
253
.await
254
.log_db_err("updating telegram verified status")?;
255
}
256
-
"signal" => {
257
state
258
.user_repo
259
.set_signal_verified_flag(user.id)
260
.await
261
.log_db_err("updating signal verified status")?;
262
}
263
-
_ => {
264
-
return Err(ApiError::InvalidChannel);
265
-
}
266
};
267
268
-
info!(did = %did, channel = %channel, "Signup verified successfully");
269
270
let recipient = resolve_verified_recipient(state, user.id, channel, identifier).await;
271
if let Err(e) = comms_repo::enqueue_channel_verified(
···
283
284
Ok(Json(VerifyTokenOutput {
285
success: true,
286
-
did: did.to_string().into(),
287
-
purpose: "signup".to_string(),
288
-
channel: channel.to_string(),
289
}))
290
}
···
10
VerificationPurpose, normalize_token_input, verify_token_signature,
11
};
12
use crate::state::AppState;
13
+
use tranquil_db_traits::CommsChannel;
14
15
#[derive(Deserialize, Clone)]
16
#[serde(rename_all = "camelCase")]
···
24
pub struct VerifyTokenOutput {
25
pub success: bool,
26
pub did: Did,
27
+
pub purpose: VerificationPurpose,
28
+
pub channel: CommsChannel,
29
}
30
31
pub async fn verify_token(
···
54
55
match token_data.purpose {
56
VerificationPurpose::Migration => {
57
+
handle_migration_verification(state, &token_data.did, token_data.channel, &identifier)
58
.await
59
}
60
VerificationPurpose::ChannelUpdate => {
61
+
handle_channel_update(state, &token_data.did, token_data.channel, &identifier).await
62
}
63
VerificationPurpose::Signup => {
64
+
handle_signup_verification(state, &token_data.did, token_data.channel, &identifier)
65
.await
66
}
67
}
···
69
70
async fn handle_migration_verification(
71
state: &AppState,
72
+
did: &Did,
73
+
channel: CommsChannel,
74
identifier: &str,
75
) -> Result<Json<VerifyTokenOutput>, ApiError> {
76
+
if channel != CommsChannel::Email {
77
return Err(ApiError::InvalidChannel);
78
}
79
80
let user = state
81
.user_repo
82
+
.get_verification_info(did)
83
.await
84
.log_db_err("during migration verification")?
85
.ok_or(ApiError::AccountNotFound)?;
···
100
101
Ok(Json(VerifyTokenOutput {
102
success: true,
103
+
did: did.clone(),
104
+
purpose: VerificationPurpose::Migration,
105
+
channel,
106
}))
107
}
108
109
async fn handle_channel_update(
110
state: &AppState,
111
+
did: &Did,
112
+
channel: CommsChannel,
113
identifier: &str,
114
) -> Result<Json<VerifyTokenOutput>, ApiError> {
115
let user_id = state
116
.user_repo
117
+
.get_id_by_did(did)
118
.await
119
.log_db_err("fetching user id")?
120
.ok_or(ApiError::AccountNotFound)?;
121
122
match channel {
123
+
CommsChannel::Email => {
124
let success = state
125
.user_repo
126
.verify_email_channel(user_id, identifier)
···
130
return Err(ApiError::EmailTaken);
131
}
132
}
133
+
CommsChannel::Discord => {
134
state
135
.user_repo
136
.verify_discord_channel(user_id, identifier)
137
.await
138
.log_db_err("updating discord channel")?;
139
}
140
+
CommsChannel::Telegram => {
141
state
142
.user_repo
143
.verify_telegram_channel(user_id, identifier)
144
.await
145
.log_db_err("updating telegram channel")?;
146
}
147
+
CommsChannel::Signal => {
148
state
149
.user_repo
150
.verify_signal_channel(user_id, identifier)
151
.await
152
.log_db_err("updating signal channel")?;
153
}
154
};
155
156
+
info!(did = %did, channel = ?channel, "Channel verified successfully");
157
158
let recipient = resolve_verified_recipient(state, user_id, channel, identifier).await;
159
if let Err(e) = comms_repo::enqueue_channel_verified(
···
171
172
Ok(Json(VerifyTokenOutput {
173
success: true,
174
+
did: did.clone(),
175
+
purpose: VerificationPurpose::ChannelUpdate,
176
+
channel,
177
}))
178
}
179
180
async fn resolve_verified_recipient(
181
state: &AppState,
182
user_id: uuid::Uuid,
183
+
channel: tranquil_db_traits::CommsChannel,
184
identifier: &str,
185
) -> String {
186
match channel {
187
+
tranquil_db_traits::CommsChannel::Telegram => state
188
.user_repo
189
.get_telegram_chat_id(user_id)
190
.await
···
198
199
async fn handle_signup_verification(
200
state: &AppState,
201
+
did: &Did,
202
+
channel: CommsChannel,
203
identifier: &str,
204
) -> Result<Json<VerifyTokenOutput>, ApiError> {
205
let user = state
206
.user_repo
207
+
.get_verification_info(did)
208
.await
209
.log_db_err("during signup verification")?
210
.ok_or(ApiError::AccountNotFound)?;
···
214
info!(did = %did, "Account already verified");
215
return Ok(Json(VerifyTokenOutput {
216
success: true,
217
+
did: did.clone(),
218
+
purpose: VerificationPurpose::Signup,
219
+
channel,
220
}));
221
}
222
223
match channel {
224
+
CommsChannel::Email => {
225
state
226
.user_repo
227
.set_email_verified_flag(user.id)
228
.await
229
.log_db_err("updating email verified status")?;
230
}
231
+
CommsChannel::Discord => {
232
state
233
.user_repo
234
.set_discord_verified_flag(user.id)
235
.await
236
.log_db_err("updating discord verified status")?;
237
}
238
+
CommsChannel::Telegram => {
239
state
240
.user_repo
241
.set_telegram_verified_flag(user.id)
242
.await
243
.log_db_err("updating telegram verified status")?;
244
}
245
+
CommsChannel::Signal => {
246
state
247
.user_repo
248
.set_signal_verified_flag(user.id)
249
.await
250
.log_db_err("updating signal verified status")?;
251
}
252
};
253
254
+
info!(did = %did, channel = ?channel, "Signup verified successfully");
255
256
let recipient = resolve_verified_recipient(state, user.id, channel, identifier).await;
257
if let Err(e) = comms_repo::enqueue_channel_verified(
···
269
270
Ok(Json(VerifyTokenOutput {
271
success: true,
272
+
did: did.clone(),
273
+
purpose: VerificationPurpose::Signup,
274
+
channel,
275
}))
276
}
+1
-1
crates/tranquil-pds/src/api/telegram_webhook.rs
+1
-1
crates/tranquil-pds/src/api/telegram_webhook.rs
+1
-1
crates/tranquil-pds/src/api/temp.rs
+1
-1
crates/tranquil-pds/src/api/temp.rs
···
57
58
for part in scope_parts {
59
if let Some(cid_str) = part.strip_prefix("ref:") {
60
+
let cache_key = crate::cache_keys::scope_ref_key(cid_str);
61
if let Some(cached) = state.cache.get(&cache_key).await {
62
for s in cached.split_whitespace() {
63
if !resolved_scopes.contains(&s.to_string()) {
+18
-7
crates/tranquil-pds/src/api/validation.rs
+18
-7
crates/tranquil-pds/src/api/validation.rs
···
23
}
24
25
pub fn new_allow_reserved(handle: impl AsRef<str>) -> Result<Self, HandleValidationError> {
26
-
let validated = validate_service_handle(handle.as_ref(), true)?;
27
Ok(Self(validated))
28
}
29
···
252
253
impl std::error::Error for HandleValidationError {}
254
255
pub fn validate_short_handle(handle: &str) -> Result<String, HandleValidationError> {
256
-
validate_service_handle(handle, false)
257
}
258
259
pub fn validate_service_handle(
260
handle: &str,
261
-
allow_reserved: bool,
262
) -> Result<String, HandleValidationError> {
263
let handle = handle.trim();
264
···
301
return Err(HandleValidationError::BannedWord);
302
}
303
304
-
if !allow_reserved && crate::handle::reserved::is_reserved_subdomain(handle) {
305
return Err(HandleValidationError::Reserved);
306
}
307
···
501
#[test]
502
fn test_allow_reserved() {
503
assert_eq!(
504
-
validate_service_handle("admin", true),
505
Ok("admin".to_string())
506
);
507
-
assert_eq!(validate_service_handle("api", true), Ok("api".to_string()));
508
assert_eq!(
509
-
validate_service_handle("admin", false),
510
Err(HandleValidationError::Reserved)
511
);
512
}
···
23
}
24
25
pub fn new_allow_reserved(handle: impl AsRef<str>) -> Result<Self, HandleValidationError> {
26
+
let validated = validate_service_handle(handle.as_ref(), ReservedHandlePolicy::Allow)?;
27
Ok(Self(validated))
28
}
29
···
252
253
impl std::error::Error for HandleValidationError {}
254
255
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
256
+
pub enum ReservedHandlePolicy {
257
+
Allow,
258
+
Reject,
259
+
}
260
+
261
pub fn validate_short_handle(handle: &str) -> Result<String, HandleValidationError> {
262
+
validate_service_handle(handle, ReservedHandlePolicy::Reject)
263
}
264
265
pub fn validate_service_handle(
266
handle: &str,
267
+
reserved_policy: ReservedHandlePolicy,
268
) -> Result<String, HandleValidationError> {
269
let handle = handle.trim();
270
···
307
return Err(HandleValidationError::BannedWord);
308
}
309
310
+
if reserved_policy == ReservedHandlePolicy::Reject
311
+
&& crate::handle::reserved::is_reserved_subdomain(handle)
312
+
{
313
return Err(HandleValidationError::Reserved);
314
}
315
···
509
#[test]
510
fn test_allow_reserved() {
511
assert_eq!(
512
+
validate_service_handle("admin", ReservedHandlePolicy::Allow),
513
Ok("admin".to_string())
514
);
515
+
assert_eq!(
516
+
validate_service_handle("api", ReservedHandlePolicy::Allow),
517
+
Ok("api".to_string())
518
+
);
519
assert_eq!(
520
+
validate_service_handle("admin", ReservedHandlePolicy::Reject),
521
Err(HandleValidationError::Reserved)
522
);
523
}
+1
-1
crates/tranquil-pds/src/api/verification.rs
+1
-1
crates/tranquil-pds/src/api/verification.rs
+51
-21
crates/tranquil-pds/src/appview/mod.rs
+51
-21
crates/tranquil-pds/src/appview/mod.rs
···
6
use tokio::sync::RwLock;
7
use tracing::{debug, error, info, warn};
8
9
#[derive(Debug, Clone, Serialize, Deserialize)]
10
pub struct DidDocument {
11
pub id: String,
···
78
}
79
}
80
81
-
fn build_did_web_url(did: &str) -> Result<String, String> {
82
let host = did
83
.strip_prefix("did:web:")
84
-
.ok_or("Invalid did:web format")?;
85
86
let (host, path) = if host.contains(':') {
87
let decoded = host.replace("%3A", ":");
···
184
self.extract_service_endpoint(&doc)
185
}
186
187
-
async fn resolve_did_web(&self, did: &str) -> Result<DidDocument, String> {
188
let url = Self::build_did_web_url(did)?;
189
190
debug!("Resolving did:web {} via {}", did, url);
···
194
.get(&url)
195
.send()
196
.await
197
-
.map_err(|e| format!("HTTP request failed: {}", e))?;
198
199
if !resp.status().is_success() {
200
-
return Err(format!("HTTP {}", resp.status()));
201
}
202
203
resp.json::<DidDocument>()
204
.await
205
-
.map_err(|e| format!("Failed to parse DID document: {}", e))
206
}
207
208
-
async fn resolve_did_plc(&self, did: &str) -> Result<DidDocument, String> {
209
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
210
211
debug!("Resolving did:plc {} via {}", did, url);
···
215
.get(&url)
216
.send()
217
.await
218
-
.map_err(|e| format!("HTTP request failed: {}", e))?;
219
220
if resp.status() == reqwest::StatusCode::NOT_FOUND {
221
-
return Err("DID not found".to_string());
222
}
223
224
if !resp.status().is_success() {
225
-
return Err(format!("HTTP {}", resp.status()));
226
}
227
228
resp.json::<DidDocument>()
229
.await
230
-
.map_err(|e| format!("Failed to parse DID document: {}", e))
231
}
232
233
fn extract_service_endpoint(&self, doc: &DidDocument) -> Option<ResolvedService> {
234
if let Some(service) = doc.service.iter().find(|s| {
235
-
s.service_type == "AtprotoAppView"
236
|| s.id.contains("atproto_appview")
237
|| s.id.ends_with("#bsky_appview")
238
}) {
···
329
}
330
}
331
332
-
async fn fetch_did_document_web(&self, did: &str) -> Result<serde_json::Value, String> {
333
let url = Self::build_did_web_url(did)?;
334
335
let resp = self
···
337
.get(&url)
338
.send()
339
.await
340
-
.map_err(|e| format!("HTTP request failed: {}", e))?;
341
342
if !resp.status().is_success() {
343
-
return Err(format!("HTTP {}", resp.status()));
344
}
345
346
resp.json::<serde_json::Value>()
347
.await
348
-
.map_err(|e| format!("Failed to parse DID document: {}", e))
349
}
350
351
-
async fn fetch_did_document_plc(&self, did: &str) -> Result<serde_json::Value, String> {
352
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
353
354
let resp = self
···
356
.get(&url)
357
.send()
358
.await
359
-
.map_err(|e| format!("HTTP request failed: {}", e))?;
360
361
if resp.status() == reqwest::StatusCode::NOT_FOUND {
362
-
return Err("DID not found".to_string());
363
}
364
365
if !resp.status().is_success() {
366
-
return Err(format!("HTTP {}", resp.status()));
367
}
368
369
resp.json::<serde_json::Value>()
370
.await
371
-
.map_err(|e| format!("Failed to parse DID document: {}", e))
372
}
373
374
pub async fn invalidate_cache(&self, did: &str) {
···
6
use tokio::sync::RwLock;
7
use tracing::{debug, error, info, warn};
8
9
+
#[derive(Debug, thiserror::Error)]
10
+
pub enum DidResolutionError {
11
+
#[error("Invalid did:web format")]
12
+
InvalidDidWeb,
13
+
#[error("HTTP request failed: {0}")]
14
+
HttpFailed(String),
15
+
#[error("Invalid DID document: {0}")]
16
+
InvalidDocument(String),
17
+
#[error("DID not found")]
18
+
NotFound,
19
+
}
20
+
21
#[derive(Debug, Clone, Serialize, Deserialize)]
22
pub struct DidDocument {
23
pub id: String,
···
90
}
91
}
92
93
+
fn build_did_web_url(did: &str) -> Result<String, DidResolutionError> {
94
let host = did
95
.strip_prefix("did:web:")
96
+
.ok_or(DidResolutionError::InvalidDidWeb)?;
97
98
let (host, path) = if host.contains(':') {
99
let decoded = host.replace("%3A", ":");
···
196
self.extract_service_endpoint(&doc)
197
}
198
199
+
async fn resolve_did_web(&self, did: &str) -> Result<DidDocument, DidResolutionError> {
200
let url = Self::build_did_web_url(did)?;
201
202
debug!("Resolving did:web {} via {}", did, url);
···
206
.get(&url)
207
.send()
208
.await
209
+
.map_err(|e| DidResolutionError::HttpFailed(e.to_string()))?;
210
211
if !resp.status().is_success() {
212
+
return Err(DidResolutionError::HttpFailed(format!(
213
+
"HTTP {}",
214
+
resp.status()
215
+
)));
216
}
217
218
resp.json::<DidDocument>()
219
.await
220
+
.map_err(|e| DidResolutionError::InvalidDocument(e.to_string()))
221
}
222
223
+
async fn resolve_did_plc(&self, did: &str) -> Result<DidDocument, DidResolutionError> {
224
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
225
226
debug!("Resolving did:plc {} via {}", did, url);
···
230
.get(&url)
231
.send()
232
.await
233
+
.map_err(|e| DidResolutionError::HttpFailed(e.to_string()))?;
234
235
if resp.status() == reqwest::StatusCode::NOT_FOUND {
236
+
return Err(DidResolutionError::NotFound);
237
}
238
239
if !resp.status().is_success() {
240
+
return Err(DidResolutionError::HttpFailed(format!(
241
+
"HTTP {}",
242
+
resp.status()
243
+
)));
244
}
245
246
resp.json::<DidDocument>()
247
.await
248
+
.map_err(|e| DidResolutionError::InvalidDocument(e.to_string()))
249
}
250
251
fn extract_service_endpoint(&self, doc: &DidDocument) -> Option<ResolvedService> {
252
if let Some(service) = doc.service.iter().find(|s| {
253
+
s.service_type == crate::plc::ServiceType::AppView.as_str()
254
|| s.id.contains("atproto_appview")
255
|| s.id.ends_with("#bsky_appview")
256
}) {
···
347
}
348
}
349
350
+
async fn fetch_did_document_web(
351
+
&self,
352
+
did: &str,
353
+
) -> Result<serde_json::Value, DidResolutionError> {
354
let url = Self::build_did_web_url(did)?;
355
356
let resp = self
···
358
.get(&url)
359
.send()
360
.await
361
+
.map_err(|e| DidResolutionError::HttpFailed(e.to_string()))?;
362
363
if !resp.status().is_success() {
364
+
return Err(DidResolutionError::HttpFailed(format!(
365
+
"HTTP {}",
366
+
resp.status()
367
+
)));
368
}
369
370
resp.json::<serde_json::Value>()
371
.await
372
+
.map_err(|e| DidResolutionError::InvalidDocument(e.to_string()))
373
}
374
375
+
async fn fetch_did_document_plc(
376
+
&self,
377
+
did: &str,
378
+
) -> Result<serde_json::Value, DidResolutionError> {
379
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
380
381
let resp = self
···
383
.get(&url)
384
.send()
385
.await
386
+
.map_err(|e| DidResolutionError::HttpFailed(e.to_string()))?;
387
388
if resp.status() == reqwest::StatusCode::NOT_FOUND {
389
+
return Err(DidResolutionError::NotFound);
390
}
391
392
if !resp.status().is_success() {
393
+
return Err(DidResolutionError::HttpFailed(format!(
394
+
"HTTP {}",
395
+
resp.status()
396
+
)));
397
}
398
399
resp.json::<serde_json::Value>()
400
.await
401
+
.map_err(|e| DidResolutionError::InvalidDocument(e.to_string()))
402
}
403
404
pub async fn invalidate_cache(&self, did: &str) {
+1
-1
crates/tranquil-pds/src/auth/email_token.rs
+1
-1
crates/tranquil-pds/src/auth/email_token.rs
+19
-7
crates/tranquil-pds/src/auth/extractor.rs
+19
-7
crates/tranquil-pds/src/auth/extractor.rs
···
64
}
65
}
66
67
pub struct ExtractedToken {
68
pub token: String,
69
-
pub is_dpop: bool,
70
}
71
72
pub fn extract_bearer_token_from_header(auth_header: Option<&str>) -> Option<String> {
···
100
}
101
return Some(ExtractedToken {
102
token: token.to_string(),
103
-
is_dpop: false,
104
});
105
}
106
···
111
}
112
return Some(ExtractedToken {
113
token: token.to_string(),
114
-
is_dpop: true,
115
});
116
}
117
···
255
}
256
}
257
258
-
async fn verify_service_token(token: &str) -> Result<ServiceTokenClaims, AuthError> {
259
let verifier = ServiceTokenVerifier::new();
260
let claims = verifier
261
.verify_service_token(token, None)
···
289
extract_auth_token_from_header(Some(auth_header)).ok_or(AuthError::InvalidFormat)?;
290
291
if is_service_token(&extracted.token) {
292
-
let claims = verify_service_token(&extracted.token).await?;
293
return Ok(ExtractedAuth::Service(claims));
294
}
295
296
-
let dpop_proof = crate::util::get_header_str(&parts.headers, "DPoP");
297
let method = parts.method.as_str();
298
let original_uri = parts
299
.extensions
···
418
impl ServiceAuth {
419
pub fn require_lxm(&self, expected_lxm: &str) -> Result<(), ApiError> {
420
match &self.claims.lxm {
421
-
Some(lxm) if lxm == "*" || lxm == expected_lxm => Ok(()),
422
Some(lxm) => Err(ApiError::AuthorizationError(format!(
423
"Token lxm '{}' does not permit '{}'",
424
lxm, expected_lxm
···
64
}
65
}
66
67
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
68
+
pub enum AuthScheme {
69
+
Bearer,
70
+
DPoP,
71
+
}
72
+
73
+
impl AuthScheme {
74
+
pub fn is_dpop(self) -> bool {
75
+
matches!(self, Self::DPoP)
76
+
}
77
+
}
78
+
79
pub struct ExtractedToken {
80
pub token: String,
81
+
pub scheme: AuthScheme,
82
}
83
84
pub fn extract_bearer_token_from_header(auth_header: Option<&str>) -> Option<String> {
···
112
}
113
return Some(ExtractedToken {
114
token: token.to_string(),
115
+
scheme: AuthScheme::Bearer,
116
});
117
}
118
···
123
}
124
return Some(ExtractedToken {
125
token: token.to_string(),
126
+
scheme: AuthScheme::DPoP,
127
});
128
}
129
···
267
}
268
}
269
270
+
async fn verify_service_token_claims(token: &str) -> Result<ServiceTokenClaims, AuthError> {
271
let verifier = ServiceTokenVerifier::new();
272
let claims = verifier
273
.verify_service_token(token, None)
···
301
extract_auth_token_from_header(Some(auth_header)).ok_or(AuthError::InvalidFormat)?;
302
303
if is_service_token(&extracted.token) {
304
+
let claims = verify_service_token_claims(&extracted.token).await?;
305
return Ok(ExtractedAuth::Service(claims));
306
}
307
308
+
let dpop_proof = crate::util::get_header_str(&parts.headers, crate::util::HEADER_DPOP);
309
let method = parts.method.as_str();
310
let original_uri = parts
311
.extensions
···
430
impl ServiceAuth {
431
pub fn require_lxm(&self, expected_lxm: &str) -> Result<(), ApiError> {
432
match &self.claims.lxm {
433
+
Some(lxm) if crate::auth::lxm_permits(lxm, expected_lxm) => Ok(()),
434
Some(lxm) => Err(ApiError::AuthorizationError(format!(
435
"Token lxm '{}' does not permit '{}'",
436
lxm, expected_lxm
+1
-1
crates/tranquil-pds/src/auth/legacy_2fa.rs
+1
-1
crates/tranquil-pds/src/auth/legacy_2fa.rs
+100
-38
crates/tranquil-pds/src/auth/mod.rs
+100
-38
crates/tranquil-pds/src/auth/mod.rs
···
26
27
pub use account_verified::{AccountVerified, require_not_migrated, require_verified_or_delegated};
28
pub use extractor::{
29
-
Active, Admin, AnyUser, Auth, AuthAny, AuthError, AuthPolicy, ExtractedToken, NotTakendown,
30
-
Permissive, ServiceAuth, extract_auth_token_from_header, extract_bearer_token_from_header,
31
};
32
pub use mfa_verified::{
33
MfaMethod, MfaVerified, require_legacy_session_mfa, require_reauth_window,
···
39
RpcCall, ScopeAction, ScopeVerificationError, ScopeVerified, VerifyScope, WriteOpKind,
40
verify_batch_write_scopes,
41
};
42
-
pub use service::{ServiceTokenClaims, ServiceTokenVerifier, is_service_token};
43
44
pub use tranquil_auth::{
45
-
ActClaim, Claims, Header, SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED,
46
-
SCOPE_REFRESH, TOKEN_TYPE_ACCESS, TOKEN_TYPE_REFRESH, TOKEN_TYPE_SERVICE, TokenData,
47
-
TokenVerifyError, TokenWithMetadata, UnsafeClaims, create_access_token,
48
create_access_token_hs256, create_access_token_hs256_with_metadata,
49
create_access_token_with_delegation, create_access_token_with_metadata,
50
create_access_token_with_scope_metadata, create_refresh_token, create_refresh_token_hs256,
···
56
verify_refresh_token, verify_refresh_token_hs256, verify_token, verify_totp_code,
57
};
58
59
-
pub fn encrypt_totp_secret(secret: &[u8]) -> Result<Vec<u8>, String> {
60
crate::config::encrypt_key(secret)
61
}
62
63
-
pub fn decrypt_totp_secret(encrypted: &[u8], version: i32) -> Result<Vec<u8>, String> {
64
crate::config::decrypt_key(encrypted, Some(version))
65
}
66
···
113
}
114
}
115
116
pub enum AuthSource {
117
Session,
118
OAuth,
···
162
pub fn require_lxm(&self, expected_lxm: &str) -> Result<(), ApiError> {
163
match self.auth_source.service_claims() {
164
Some(claims) => match &claims.lxm {
165
-
Some(lxm) if lxm == "*" || lxm == expected_lxm => Ok(()),
166
Some(lxm) => Err(ApiError::AuthorizationError(format!(
167
"Token lxm '{}' does not permit '{}'",
168
lxm, expected_lxm
···
192
impl AuthenticatedUser {
193
pub fn permissions(&self) -> ScopePermissions {
194
if let Some(ref scope) = self.scope
195
-
&& scope != SCOPE_ACCESS
196
{
197
return ScopePermissions::from_scope_string(Some(scope));
198
}
···
265
Ok(d) => d,
266
Err(_) => return Err(TokenValidationError::InvalidToken),
267
};
268
-
let key_cache_key = format!("auth:key:{}", did_str);
269
let mut cached_key: Option<Vec<u8>> = None;
270
271
if let Some(c) = cache {
···
279
280
let (decrypted_key, deactivated_at, takedown_ref, is_admin) = if let Some(key) = cached_key
281
{
282
-
let status_cache_key = format!("auth:status:{}", did_str);
283
let cached_status: Option<CachedUserStatus> = if let Some(c) = cache {
284
c.get(&status_cache_key)
285
.await
···
347
)
348
.await;
349
350
-
let status_cache_key = format!("auth:status:{}", did);
351
let cached = CachedUserStatus {
352
deactivated: user.deactivated_at.is_some(),
353
takendown: user.takedown_ref.is_some(),
···
386
match verify_access_token_typed(token, &decrypted_key) {
387
Ok(token_data) => {
388
let jti = &token_data.claims.jti;
389
-
let session_cache_key = format!("auth:session:{}:{}", did, jti);
390
let mut session_valid = false;
391
392
if let Some(c) = cache {
···
424
}
425
426
if session_valid {
427
-
let controller_did = token_data
428
-
.claims
429
-
.act
430
-
.as_ref()
431
-
.map(|a| unsafe { Did::new_unchecked(a.sub.clone()) });
432
let status =
433
AccountStatus::from_db_fields(takedown_ref.as_deref(), deactivated_at);
434
return Ok(AuthenticatedUser {
···
479
} else {
480
None
481
};
482
return Ok(AuthenticatedUser {
483
-
did: unsafe { Did::new_unchecked(oauth_token.did) },
484
key_bytes,
485
is_admin: oauth_token.is_admin,
486
status,
487
scope: oauth_info.scope,
488
-
controller_did: oauth_info
489
-
.controller_did
490
-
.map(|d| unsafe { Did::new_unchecked(d) }),
491
auth_source: AuthSource::OAuth,
492
});
493
} else {
···
499
}
500
501
pub async fn invalidate_auth_cache(cache: &dyn Cache, did: &str) {
502
-
let key_cache_key = format!("auth:key:{}", did);
503
-
let status_cache_key = format!("auth:status:{}", did);
504
let _ = cache.delete(&key_cache_key).await;
505
let _ = cache.delete(&status_cache_key).await;
506
}
507
508
-
#[allow(clippy::too_many_arguments)]
509
pub async fn validate_token_with_dpop(
510
user_repo: &dyn UserRepository,
511
oauth_repo: &dyn OAuthRepository,
512
token: &str,
513
-
is_dpop_token: bool,
514
dpop_proof: Option<&str>,
515
http_method: &str,
516
http_uri: &str,
517
-
allow_deactivated: bool,
518
-
allow_takendown: bool,
519
) -> Result<AuthenticatedUser, TokenValidationError> {
520
-
if !is_dpop_token {
521
-
if allow_takendown {
522
-
return validate_bearer_token_allow_takendown(user_repo, token).await;
523
-
} else if allow_deactivated {
524
-
return validate_bearer_token_allow_deactivated(user_repo, token).await;
525
-
} else {
526
-
return validate_bearer_token(user_repo, token).await;
527
-
}
528
}
529
match crate::oauth::verify::verify_oauth_access_token(
530
oauth_repo,
531
token,
···
566
None
567
};
568
Ok(AuthenticatedUser {
569
-
did: unsafe { Did::new_unchecked(result.did) },
570
key_bytes,
571
is_admin: user_info.is_admin,
572
status,
···
581
Err(_) => Err(TokenValidationError::AuthenticationFailed),
582
}
583
}
···
26
27
pub use account_verified::{AccountVerified, require_not_migrated, require_verified_or_delegated};
28
pub use extractor::{
29
+
Active, Admin, AnyUser, Auth, AuthAny, AuthError, AuthPolicy, AuthScheme, ExtractedToken,
30
+
NotTakendown, Permissive, ServiceAuth, extract_auth_token_from_header,
31
+
extract_bearer_token_from_header,
32
};
33
pub use mfa_verified::{
34
MfaMethod, MfaVerified, require_legacy_session_mfa, require_reauth_window,
···
40
RpcCall, ScopeAction, ScopeVerificationError, ScopeVerified, VerifyScope, WriteOpKind,
41
verify_batch_write_scopes,
42
};
43
+
pub use service::{ServiceTokenClaims, ServiceTokenError, ServiceTokenVerifier, is_service_token};
44
45
pub use tranquil_auth::{
46
+
ActClaim, Claims, Header, SigningAlgorithm, TokenData, TokenDecodeError, TokenScope, TokenType,
47
+
TokenVerifyError, TokenWithMetadata, TotpError, UnsafeClaims, create_access_token,
48
create_access_token_hs256, create_access_token_hs256_with_metadata,
49
create_access_token_with_delegation, create_access_token_with_metadata,
50
create_access_token_with_scope_metadata, create_refresh_token, create_refresh_token_hs256,
···
56
verify_refresh_token, verify_refresh_token_hs256, verify_token, verify_totp_code,
57
};
58
59
+
pub fn lxm_permits(lxm: &str, expected: &str) -> bool {
60
+
lxm == "*" || lxm == expected
61
+
}
62
+
63
+
pub fn encrypt_totp_secret(secret: &[u8]) -> Result<Vec<u8>, crate::config::CryptoError> {
64
crate::config::encrypt_key(secret)
65
}
66
67
+
pub fn decrypt_totp_secret(
68
+
encrypted: &[u8],
69
+
version: i32,
70
+
) -> Result<Vec<u8>, crate::config::CryptoError> {
71
crate::config::decrypt_key(encrypted, Some(version))
72
}
73
···
120
}
121
}
122
123
+
#[derive(Debug, Clone)]
124
pub enum AuthSource {
125
Session,
126
OAuth,
···
170
pub fn require_lxm(&self, expected_lxm: &str) -> Result<(), ApiError> {
171
match self.auth_source.service_claims() {
172
Some(claims) => match &claims.lxm {
173
+
Some(lxm) if lxm_permits(lxm, expected_lxm) => Ok(()),
174
Some(lxm) => Err(ApiError::AuthorizationError(format!(
175
"Token lxm '{}' does not permit '{}'",
176
lxm, expected_lxm
···
200
impl AuthenticatedUser {
201
pub fn permissions(&self) -> ScopePermissions {
202
if let Some(ref scope) = self.scope
203
+
&& scope != TokenScope::Access.as_str()
204
{
205
return ScopePermissions::from_scope_string(Some(scope));
206
}
···
273
Ok(d) => d,
274
Err(_) => return Err(TokenValidationError::InvalidToken),
275
};
276
+
let key_cache_key = crate::cache_keys::signing_key_key(did_str);
277
let mut cached_key: Option<Vec<u8>> = None;
278
279
if let Some(c) = cache {
···
287
288
let (decrypted_key, deactivated_at, takedown_ref, is_admin) = if let Some(key) = cached_key
289
{
290
+
let status_cache_key = crate::cache_keys::user_status_key(did_str);
291
let cached_status: Option<CachedUserStatus> = if let Some(c) = cache {
292
c.get(&status_cache_key)
293
.await
···
355
)
356
.await;
357
358
+
let status_cache_key = crate::cache_keys::user_status_key(&did.to_string());
359
let cached = CachedUserStatus {
360
deactivated: user.deactivated_at.is_some(),
361
takendown: user.takedown_ref.is_some(),
···
394
match verify_access_token_typed(token, &decrypted_key) {
395
Ok(token_data) => {
396
let jti = &token_data.claims.jti;
397
+
let session_cache_key = crate::cache_keys::session_key(&did, &jti);
398
let mut session_valid = false;
399
400
if let Some(c) = cache {
···
432
}
433
434
if session_valid {
435
+
let controller_did: Option<Did> = match &token_data.claims.act {
436
+
Some(act) => Some(
437
+
act.sub
438
+
.parse()
439
+
.map_err(|_| TokenValidationError::InvalidToken)?,
440
+
),
441
+
None => None,
442
+
};
443
let status =
444
AccountStatus::from_db_fields(takedown_ref.as_deref(), deactivated_at);
445
return Ok(AuthenticatedUser {
···
490
} else {
491
None
492
};
493
+
let did: Did = oauth_token
494
+
.did
495
+
.parse()
496
+
.map_err(|_| TokenValidationError::InvalidToken)?;
497
+
let controller_did: Option<Did> = oauth_info
498
+
.controller_did
499
+
.map(|d| d.parse())
500
+
.transpose()
501
+
.map_err(|_| TokenValidationError::InvalidToken)?;
502
return Ok(AuthenticatedUser {
503
+
did,
504
key_bytes,
505
is_admin: oauth_token.is_admin,
506
status,
507
scope: oauth_info.scope,
508
+
controller_did,
509
auth_source: AuthSource::OAuth,
510
});
511
} else {
···
517
}
518
519
pub async fn invalidate_auth_cache(cache: &dyn Cache, did: &str) {
520
+
let key_cache_key = crate::cache_keys::signing_key_key(did);
521
+
let status_cache_key = crate::cache_keys::user_status_key(did);
522
let _ = cache.delete(&key_cache_key).await;
523
let _ = cache.delete(&status_cache_key).await;
524
}
525
526
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
527
+
pub enum AccountRequirement {
528
+
Active,
529
+
NotTakendown,
530
+
AnyStatus,
531
+
}
532
+
533
pub async fn validate_token_with_dpop(
534
user_repo: &dyn UserRepository,
535
oauth_repo: &dyn OAuthRepository,
536
token: &str,
537
+
scheme: AuthScheme,
538
dpop_proof: Option<&str>,
539
http_method: &str,
540
http_uri: &str,
541
+
requirement: AccountRequirement,
542
) -> Result<AuthenticatedUser, TokenValidationError> {
543
+
if !scheme.is_dpop() {
544
+
return match requirement {
545
+
AccountRequirement::AnyStatus => {
546
+
validate_bearer_token_allow_takendown(user_repo, token).await
547
+
}
548
+
AccountRequirement::NotTakendown => {
549
+
validate_bearer_token_allow_deactivated(user_repo, token).await
550
+
}
551
+
AccountRequirement::Active => validate_bearer_token(user_repo, token).await,
552
+
};
553
}
554
+
let (allow_deactivated, allow_takendown) = match requirement {
555
+
AccountRequirement::Active => (false, false),
556
+
AccountRequirement::NotTakendown => (true, false),
557
+
AccountRequirement::AnyStatus => (true, true),
558
+
};
559
match crate::oauth::verify::verify_oauth_access_token(
560
oauth_repo,
561
token,
···
596
None
597
};
598
Ok(AuthenticatedUser {
599
+
did: result_did,
600
key_bytes,
601
is_admin: user_info.is_admin,
602
status,
···
611
Err(_) => Err(TokenValidationError::AuthenticationFailed),
612
}
613
}
614
+
615
+
#[cfg(test)]
616
+
mod tests {
617
+
use super::*;
618
+
619
+
#[test]
620
+
fn test_lxm_permits_exact_match() {
621
+
assert!(lxm_permits(
622
+
"com.atproto.repo.uploadBlob",
623
+
"com.atproto.repo.uploadBlob"
624
+
));
625
+
}
626
+
627
+
#[test]
628
+
fn test_lxm_permits_wildcard() {
629
+
assert!(lxm_permits("*", "com.atproto.repo.uploadBlob"));
630
+
assert!(lxm_permits("*", "anything.at.all"));
631
+
}
632
+
633
+
#[test]
634
+
fn test_lxm_permits_mismatch() {
635
+
assert!(!lxm_permits(
636
+
"com.atproto.repo.uploadBlob",
637
+
"com.atproto.repo.createRecord"
638
+
));
639
+
}
640
+
641
+
#[test]
642
+
fn test_lxm_permits_partial_not_wildcard() {
643
+
assert!(!lxm_permits("com.atproto.*", "com.atproto.repo.uploadBlob"));
644
+
}
645
+
}
+22
-15
crates/tranquil-pds/src/auth/scope_check.rs
+22
-15
crates/tranquil-pds/src/auth/scope_check.rs
···
7
AccountAction, AccountAttr, IdentityAttr, RepoAction, ScopePermissions,
8
};
9
10
-
use super::SCOPE_ACCESS;
11
12
-
fn has_custom_scope(scope: Option<&str>) -> bool {
13
-
match scope {
14
-
None => false,
15
-
Some(s) => s != SCOPE_ACCESS,
16
}
17
}
18
19
pub fn check_repo_scope(
20
-
is_oauth: bool,
21
scope: Option<&str>,
22
action: RepoAction,
23
collection: &str,
24
) -> Result<(), Response> {
25
-
if !is_oauth && !has_custom_scope(scope) {
26
return Ok(());
27
}
28
···
32
.map_err(|e| ApiError::InsufficientScope(Some(e.to_string())).into_response())
33
}
34
35
-
pub fn check_blob_scope(is_oauth: bool, scope: Option<&str>, mime: &str) -> Result<(), Response> {
36
-
if !is_oauth && !has_custom_scope(scope) {
37
return Ok(());
38
}
39
···
44
}
45
46
pub fn check_rpc_scope(
47
-
is_oauth: bool,
48
scope: Option<&str>,
49
aud: &str,
50
lxm: &str,
51
) -> Result<(), Response> {
52
-
if !is_oauth && !has_custom_scope(scope) {
53
return Ok(());
54
}
55
···
60
}
61
62
pub fn check_account_scope(
63
-
is_oauth: bool,
64
scope: Option<&str>,
65
attr: AccountAttr,
66
action: AccountAction,
67
) -> Result<(), Response> {
68
-
if !is_oauth && !has_custom_scope(scope) {
69
return Ok(());
70
}
71
···
76
}
77
78
pub fn check_identity_scope(
79
-
is_oauth: bool,
80
scope: Option<&str>,
81
attr: IdentityAttr,
82
) -> Result<(), Response> {
83
-
if !is_oauth && !has_custom_scope(scope) {
84
return Ok(());
85
}
86
···
7
AccountAction, AccountAttr, IdentityAttr, RepoAction, ScopePermissions,
8
};
9
10
+
use super::{AuthSource, TokenScope};
11
12
+
fn requires_scope_check(auth_source: &AuthSource, scope: Option<&str>) -> bool {
13
+
match auth_source {
14
+
AuthSource::OAuth => true,
15
+
_ => match scope {
16
+
None => false,
17
+
Some(s) => s != TokenScope::Access.as_str(),
18
+
},
19
}
20
}
21
22
pub fn check_repo_scope(
23
+
auth_source: &AuthSource,
24
scope: Option<&str>,
25
action: RepoAction,
26
collection: &str,
27
) -> Result<(), Response> {
28
+
if !requires_scope_check(auth_source, scope) {
29
return Ok(());
30
}
31
···
35
.map_err(|e| ApiError::InsufficientScope(Some(e.to_string())).into_response())
36
}
37
38
+
pub fn check_blob_scope(
39
+
auth_source: &AuthSource,
40
+
scope: Option<&str>,
41
+
mime: &str,
42
+
) -> Result<(), Response> {
43
+
if !requires_scope_check(auth_source, scope) {
44
return Ok(());
45
}
46
···
51
}
52
53
pub fn check_rpc_scope(
54
+
auth_source: &AuthSource,
55
scope: Option<&str>,
56
aud: &str,
57
lxm: &str,
58
) -> Result<(), Response> {
59
+
if !requires_scope_check(auth_source, scope) {
60
return Ok(());
61
}
62
···
67
}
68
69
pub fn check_account_scope(
70
+
auth_source: &AuthSource,
71
scope: Option<&str>,
72
attr: AccountAttr,
73
action: AccountAction,
74
) -> Result<(), Response> {
75
+
if !requires_scope_check(auth_source, scope) {
76
return Ok(());
77
}
78
···
83
}
84
85
pub fn check_identity_scope(
86
+
auth_source: &AuthSource,
87
scope: Option<&str>,
88
attr: IdentityAttr,
89
) -> Result<(), Response> {
90
+
if !requires_scope_check(auth_source, scope) {
91
return Ok(());
92
}
93
+180
-92
crates/tranquil-pds/src/auth/service.rs
+180
-92
crates/tranquil-pds/src/auth/service.rs
···
1
-
use crate::types::Did;
2
use crate::util::pds_hostname;
3
-
use anyhow::{Result, anyhow};
4
use base64::Engine as _;
5
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
6
use chrono::Utc;
···
9
use serde::{Deserialize, Serialize};
10
use std::time::Duration;
11
use tracing::debug;
12
13
#[derive(Debug, Clone, Serialize, Deserialize)]
14
#[serde(rename_all = "camelCase")]
···
48
#[serde(default)]
49
pub sub: Option<Did>,
50
pub aud: Did,
51
-
pub exp: usize,
52
#[serde(default)]
53
-
pub iat: Option<usize>,
54
#[serde(skip_serializing_if = "Option::is_none")]
55
pub lxm: Option<String>,
56
#[serde(default)]
···
65
66
#[derive(Debug, Clone, Serialize, Deserialize)]
67
struct TokenHeader {
68
-
pub alg: String,
69
-
pub typ: String,
70
}
71
72
pub struct ServiceTokenVerifier {
73
client: Client,
74
plc_directory_url: String,
75
-
pds_did: String,
76
}
77
78
impl ServiceTokenVerifier {
···
81
.unwrap_or_else(|_| "https://plc.directory".to_string());
82
83
let pds_hostname = pds_hostname();
84
-
let pds_did = format!("did:web:{}", pds_hostname);
85
86
let client = Client::builder()
87
.timeout(Duration::from_secs(10))
···
102
&self,
103
token: &str,
104
required_lxm: Option<&str>,
105
-
) -> Result<ServiceTokenClaims> {
106
-
let parts: Vec<&str> = token.split('.').collect();
107
-
if parts.len() != 3 {
108
-
return Err(anyhow!("Invalid token format"));
109
-
}
110
111
let header_bytes = URL_SAFE_NO_PAD
112
-
.decode(parts[0])
113
-
.map_err(|e| anyhow!("Base64 decode of header failed: {}", e))?;
114
115
-
let header: TokenHeader = serde_json::from_slice(&header_bytes)
116
-
.map_err(|e| anyhow!("JSON decode of header failed: {}", e))?;
117
118
-
if header.alg != "ES256K" {
119
-
return Err(anyhow!("Unsupported algorithm: {}", header.alg));
120
}
121
122
let claims_bytes = URL_SAFE_NO_PAD
123
-
.decode(parts[1])
124
-
.map_err(|e| anyhow!("Base64 decode of claims failed: {}", e))?;
125
126
-
let claims: ServiceTokenClaims = serde_json::from_slice(&claims_bytes)
127
-
.map_err(|e| anyhow!("JSON decode of claims failed: {}", e))?;
128
129
-
let now = Utc::now().timestamp() as usize;
130
if claims.exp < now {
131
-
return Err(anyhow!("Token expired"));
132
}
133
134
-
if claims.aud.as_str() != self.pds_did {
135
-
return Err(anyhow!(
136
-
"Invalid audience: expected {}, got {}",
137
-
self.pds_did,
138
-
claims.aud
139
-
));
140
}
141
142
if let Some(required) = required_lxm {
143
match &claims.lxm {
144
-
Some(lxm) if lxm == "*" || lxm == required => {}
145
Some(lxm) => {
146
-
return Err(anyhow!(
147
-
"Token lxm '{}' does not permit '{}'",
148
-
lxm,
149
-
required
150
-
));
151
}
152
None => {
153
-
return Err(anyhow!("Token missing lxm claim"));
154
}
155
}
156
}
···
159
let public_key = self.resolve_signing_key(did).await?;
160
161
let signature_bytes = URL_SAFE_NO_PAD
162
-
.decode(parts[2])
163
-
.map_err(|e| anyhow!("Base64 decode of signature failed: {}", e))?;
164
165
-
let signature = Signature::from_slice(&signature_bytes)
166
-
.map_err(|e| anyhow!("Invalid signature format: {}", e))?;
167
168
-
let message = format!("{}.{}", parts[0], parts[1]);
169
170
public_key
171
.verify(message.as_bytes(), &signature)
172
-
.map_err(|e| anyhow!("Signature verification failed: {}", e))?;
173
174
debug!("Service token verified for DID: {}", did);
175
176
Ok(claims)
177
}
178
179
-
async fn resolve_signing_key(&self, did: &str) -> Result<VerifyingKey> {
180
let did_doc = self.resolve_did_document(did).await?;
181
182
let atproto_key = did_doc
183
.verification_method
184
.iter()
185
.find(|vm| vm.id.ends_with("#atproto") || vm.id == format!("{}#atproto", did))
186
-
.ok_or_else(|| anyhow!("No atproto verification method found in DID document"))?;
187
188
let multibase = atproto_key
189
.public_key_multibase
190
.as_ref()
191
-
.ok_or_else(|| anyhow!("Verification method missing publicKeyMultibase"))?;
192
193
parse_did_key_multibase(multibase)
194
}
195
196
-
async fn resolve_did_document(&self, did: &str) -> Result<FullDidDocument> {
197
if did.starts_with("did:plc:") {
198
self.resolve_did_plc(did).await
199
} else if did.starts_with("did:web:") {
200
self.resolve_did_web(did).await
201
} else {
202
-
Err(anyhow!("Unsupported DID method: {}", did))
203
}
204
}
205
206
-
async fn resolve_did_plc(&self, did: &str) -> Result<FullDidDocument> {
207
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
208
debug!("Resolving did:plc {} via {}", did, url);
209
···
212
.get(&url)
213
.send()
214
.await
215
-
.map_err(|e| anyhow!("HTTP request failed: {}", e))?;
216
217
if resp.status() == reqwest::StatusCode::NOT_FOUND {
218
-
return Err(anyhow!("DID not found: {}", did));
219
}
220
221
if !resp.status().is_success() {
222
-
return Err(anyhow!("HTTP {}", resp.status()));
223
}
224
225
resp.json::<FullDidDocument>()
226
.await
227
-
.map_err(|e| anyhow!("Failed to parse DID document: {}", e))
228
}
229
230
-
async fn resolve_did_web(&self, did: &str) -> Result<FullDidDocument> {
231
let host = did
232
.strip_prefix("did:web:")
233
-
.ok_or_else(|| anyhow!("Invalid did:web format"))?;
234
235
-
let parts: Vec<&str> = host.split(':').collect();
236
-
if parts.is_empty() {
237
-
return Err(anyhow!("Invalid did:web format - no host"));
238
-
}
239
-
240
-
let host_part = parts[0].replace("%3A", ":");
241
242
let scheme = if host_part.starts_with("localhost")
243
|| host_part.starts_with("127.0.0.1")
···
248
"https"
249
};
250
251
-
let url = if parts.len() == 1 {
252
-
format!("{}://{}/.well-known/did.json", scheme, host_part)
253
-
} else {
254
-
let path = parts[1..].join("/");
255
-
format!("{}://{}/{}/did.json", scheme, host_part, path)
256
};
257
258
debug!("Resolving did:web {} via {}", did, url);
···
262
.get(&url)
263
.send()
264
.await
265
-
.map_err(|e| anyhow!("HTTP request failed: {}", e))?;
266
267
if !resp.status().is_success() {
268
-
return Err(anyhow!("HTTP {}", resp.status()));
269
}
270
271
resp.json::<FullDidDocument>()
272
.await
273
-
.map_err(|e| anyhow!("Failed to parse DID document: {}", e))
274
}
275
}
276
···
280
}
281
}
282
283
-
fn parse_did_key_multibase(multibase: &str) -> Result<VerifyingKey> {
284
if !multibase.starts_with('z') {
285
-
return Err(anyhow!(
286
-
"Expected base58btc multibase encoding (starts with 'z')"
287
));
288
}
289
290
-
let (_, decoded) =
291
-
multibase::decode(multibase).map_err(|e| anyhow!("Failed to decode multibase: {}", e))?;
292
293
if decoded.len() < 2 {
294
-
return Err(anyhow!("Invalid multicodec data"));
295
}
296
297
-
let (codec, key_bytes) = if decoded[0] == 0xe7 && decoded[1] == 0x01 {
298
-
(0xe701u16, &decoded[2..])
299
} else {
300
-
return Err(anyhow!(
301
-
"Unsupported key type. Expected secp256k1 (0xe701), got {:02x}{:02x}",
302
-
decoded[0],
303
-
decoded[1]
304
-
));
305
};
306
307
-
if codec != 0xe701 {
308
-
return Err(anyhow!("Only secp256k1 keys are supported"));
309
-
}
310
-
311
-
VerifyingKey::from_sec1_bytes(key_bytes).map_err(|e| anyhow!("Invalid public key: {}", e))
312
}
313
314
pub fn is_service_token(token: &str) -> bool {
315
-
let parts: Vec<&str> = token.split('.').collect();
316
-
if parts.len() != 3 {
317
return false;
318
-
}
319
320
-
let Ok(claims_bytes) = URL_SAFE_NO_PAD.decode(parts[1]) else {
321
return false;
322
};
323
···
376
let test_key = "zQ3shcXtVCEBjUvAhzTW3r12DkpFdR2KmA3rHmuEMFx4GMBDB";
377
let result = parse_did_key_multibase(test_key);
378
assert!(result.is_ok(), "Failed to parse valid multibase key");
379
}
380
}
···
1
use crate::util::pds_hostname;
2
use base64::Engine as _;
3
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
4
use chrono::Utc;
···
7
use serde::{Deserialize, Serialize};
8
use std::time::Duration;
9
use tracing::debug;
10
+
use tranquil_types::Did;
11
+
12
+
#[derive(Debug, thiserror::Error)]
13
+
pub enum ServiceTokenError {
14
+
#[error("Invalid token format")]
15
+
InvalidFormat,
16
+
#[error("Base64 decode failed")]
17
+
Base64Decode(#[source] base64::DecodeError),
18
+
#[error("JSON decode failed")]
19
+
JsonDecode(#[source] serde_json::Error),
20
+
#[error("Unsupported algorithm: {0}")]
21
+
UnsupportedAlgorithm(super::SigningAlgorithm),
22
+
#[error("Token expired")]
23
+
Expired,
24
+
#[error("Invalid audience: expected {expected}, got {actual}")]
25
+
InvalidAudience { expected: Did, actual: Did },
26
+
#[error("Token lxm '{token_lxm}' does not permit '{required}'")]
27
+
LxmMismatch { token_lxm: String, required: String },
28
+
#[error("Token missing lxm claim")]
29
+
MissingLxm,
30
+
#[error("Invalid signature format")]
31
+
InvalidSignature(#[source] k256::ecdsa::Error),
32
+
#[error("Signature verification failed")]
33
+
SignatureVerificationFailed(#[source] k256::ecdsa::Error),
34
+
#[error("No atproto verification method found")]
35
+
NoVerificationMethod,
36
+
#[error("Verification method missing publicKeyMultibase")]
37
+
MissingPublicKey,
38
+
#[error("Unsupported DID method")]
39
+
UnsupportedDidMethod,
40
+
#[error("DID not found: {0}")]
41
+
DidNotFound(String),
42
+
#[error("HTTP request failed")]
43
+
HttpFailed(#[source] reqwest::Error),
44
+
#[error("Failed to parse DID document")]
45
+
InvalidDidDocument(#[source] reqwest::Error),
46
+
#[error("HTTP {0}")]
47
+
HttpStatus(reqwest::StatusCode),
48
+
#[error("Invalid multibase encoding")]
49
+
InvalidMultibase(#[source] multibase::Error),
50
+
#[error("Invalid multicodec data")]
51
+
InvalidMulticodec,
52
+
#[error("Unsupported key type: expected secp256k1")]
53
+
UnsupportedKeyType,
54
+
#[error("Invalid public key")]
55
+
InvalidPublicKey(#[source] k256::ecdsa::Error),
56
+
}
57
+
58
+
struct JwtParts<'a> {
59
+
header: &'a str,
60
+
claims: &'a str,
61
+
signature: &'a str,
62
+
}
63
+
64
+
impl<'a> JwtParts<'a> {
65
+
fn parse(token: &'a str) -> Result<Self, ServiceTokenError> {
66
+
let mut parts = token.splitn(4, '.');
67
+
match (parts.next(), parts.next(), parts.next(), parts.next()) {
68
+
(Some(header), Some(claims), Some(signature), None) => Ok(Self {
69
+
header,
70
+
claims,
71
+
signature,
72
+
}),
73
+
_ => Err(ServiceTokenError::InvalidFormat),
74
+
}
75
+
}
76
+
77
+
fn signing_input(&self) -> String {
78
+
format!("{}.{}", self.header, self.claims)
79
+
}
80
+
}
81
82
#[derive(Debug, Clone, Serialize, Deserialize)]
83
#[serde(rename_all = "camelCase")]
···
117
#[serde(default)]
118
pub sub: Option<Did>,
119
pub aud: Did,
120
+
pub exp: i64,
121
#[serde(default)]
122
+
pub iat: Option<i64>,
123
#[serde(skip_serializing_if = "Option::is_none")]
124
pub lxm: Option<String>,
125
#[serde(default)]
···
134
135
#[derive(Debug, Clone, Serialize, Deserialize)]
136
struct TokenHeader {
137
+
pub alg: super::SigningAlgorithm,
138
+
pub typ: super::TokenType,
139
}
140
141
pub struct ServiceTokenVerifier {
142
client: Client,
143
plc_directory_url: String,
144
+
pds_did: Did,
145
}
146
147
impl ServiceTokenVerifier {
···
150
.unwrap_or_else(|_| "https://plc.directory".to_string());
151
152
let pds_hostname = pds_hostname();
153
+
let pds_did: Did = format!("did:web:{}", pds_hostname)
154
+
.parse()
155
+
.expect("PDS hostname produces a valid DID");
156
157
let client = Client::builder()
158
.timeout(Duration::from_secs(10))
···
173
&self,
174
token: &str,
175
required_lxm: Option<&str>,
176
+
) -> Result<ServiceTokenClaims, ServiceTokenError> {
177
+
let jwt = JwtParts::parse(token)?;
178
179
let header_bytes = URL_SAFE_NO_PAD
180
+
.decode(jwt.header)
181
+
.map_err(ServiceTokenError::Base64Decode)?;
182
183
+
let header: TokenHeader =
184
+
serde_json::from_slice(&header_bytes).map_err(ServiceTokenError::JsonDecode)?;
185
186
+
if header.alg != super::SigningAlgorithm::ES256K {
187
+
return Err(ServiceTokenError::UnsupportedAlgorithm(header.alg));
188
}
189
190
let claims_bytes = URL_SAFE_NO_PAD
191
+
.decode(jwt.claims)
192
+
.map_err(ServiceTokenError::Base64Decode)?;
193
194
+
let claims: ServiceTokenClaims =
195
+
serde_json::from_slice(&claims_bytes).map_err(ServiceTokenError::JsonDecode)?;
196
197
+
let now = Utc::now().timestamp();
198
if claims.exp < now {
199
+
return Err(ServiceTokenError::Expired);
200
}
201
202
+
if claims.aud != self.pds_did {
203
+
return Err(ServiceTokenError::InvalidAudience {
204
+
expected: self.pds_did.clone(),
205
+
actual: claims.aud.clone(),
206
+
});
207
}
208
209
if let Some(required) = required_lxm {
210
match &claims.lxm {
211
+
Some(lxm) if crate::auth::lxm_permits(lxm, required) => {}
212
Some(lxm) => {
213
+
return Err(ServiceTokenError::LxmMismatch {
214
+
token_lxm: lxm.clone(),
215
+
required: required.to_string(),
216
+
});
217
}
218
None => {
219
+
return Err(ServiceTokenError::MissingLxm);
220
}
221
}
222
}
···
225
let public_key = self.resolve_signing_key(did).await?;
226
227
let signature_bytes = URL_SAFE_NO_PAD
228
+
.decode(jwt.signature)
229
+
.map_err(ServiceTokenError::Base64Decode)?;
230
231
+
let signature =
232
+
Signature::from_slice(&signature_bytes).map_err(ServiceTokenError::InvalidSignature)?;
233
234
+
let message = jwt.signing_input();
235
236
public_key
237
.verify(message.as_bytes(), &signature)
238
+
.map_err(ServiceTokenError::SignatureVerificationFailed)?;
239
240
debug!("Service token verified for DID: {}", did);
241
242
Ok(claims)
243
}
244
245
+
async fn resolve_signing_key(&self, did: &str) -> Result<VerifyingKey, ServiceTokenError> {
246
let did_doc = self.resolve_did_document(did).await?;
247
248
let atproto_key = did_doc
249
.verification_method
250
.iter()
251
.find(|vm| vm.id.ends_with("#atproto") || vm.id == format!("{}#atproto", did))
252
+
.ok_or(ServiceTokenError::NoVerificationMethod)?;
253
254
let multibase = atproto_key
255
.public_key_multibase
256
.as_ref()
257
+
.ok_or(ServiceTokenError::MissingPublicKey)?;
258
259
parse_did_key_multibase(multibase)
260
}
261
262
+
async fn resolve_did_document(&self, did: &str) -> Result<FullDidDocument, ServiceTokenError> {
263
if did.starts_with("did:plc:") {
264
self.resolve_did_plc(did).await
265
} else if did.starts_with("did:web:") {
266
self.resolve_did_web(did).await
267
} else {
268
+
Err(ServiceTokenError::UnsupportedDidMethod)
269
}
270
}
271
272
+
async fn resolve_did_plc(&self, did: &str) -> Result<FullDidDocument, ServiceTokenError> {
273
let url = format!("{}/{}", self.plc_directory_url, urlencoding::encode(did));
274
debug!("Resolving did:plc {} via {}", did, url);
275
···
278
.get(&url)
279
.send()
280
.await
281
+
.map_err(ServiceTokenError::HttpFailed)?;
282
283
if resp.status() == reqwest::StatusCode::NOT_FOUND {
284
+
return Err(ServiceTokenError::DidNotFound(did.to_string()));
285
}
286
287
if !resp.status().is_success() {
288
+
return Err(ServiceTokenError::HttpStatus(resp.status()));
289
}
290
291
resp.json::<FullDidDocument>()
292
.await
293
+
.map_err(ServiceTokenError::InvalidDidDocument)
294
}
295
296
+
async fn resolve_did_web(&self, did: &str) -> Result<FullDidDocument, ServiceTokenError> {
297
let host = did
298
.strip_prefix("did:web:")
299
+
.ok_or(ServiceTokenError::InvalidFormat)?;
300
301
+
let mut host_parts = host.splitn(2, ':');
302
+
let host_part = host_parts
303
+
.next()
304
+
.ok_or(ServiceTokenError::InvalidFormat)?
305
+
.replace("%3A", ":");
306
+
let path_part = host_parts.next();
307
308
let scheme = if host_part.starts_with("localhost")
309
|| host_part.starts_with("127.0.0.1")
···
314
"https"
315
};
316
317
+
let url = match path_part {
318
+
None => format!("{}://{}/.well-known/did.json", scheme, host_part),
319
+
Some(path) => {
320
+
let resolved_path = path.replace(':', "/");
321
+
format!("{}://{}/{}/did.json", scheme, host_part, resolved_path)
322
+
}
323
};
324
325
debug!("Resolving did:web {} via {}", did, url);
···
329
.get(&url)
330
.send()
331
.await
332
+
.map_err(ServiceTokenError::HttpFailed)?;
333
334
if !resp.status().is_success() {
335
+
return Err(ServiceTokenError::HttpStatus(resp.status()));
336
}
337
338
resp.json::<FullDidDocument>()
339
.await
340
+
.map_err(ServiceTokenError::InvalidDidDocument)
341
}
342
}
343
···
347
}
348
}
349
350
+
fn parse_did_key_multibase(multibase: &str) -> Result<VerifyingKey, ServiceTokenError> {
351
if !multibase.starts_with('z') {
352
+
let base_char = multibase.chars().next().unwrap_or('?');
353
+
return Err(ServiceTokenError::InvalidMultibase(
354
+
multibase::Error::UnknownBase(base_char),
355
));
356
}
357
358
+
let (_, decoded) = multibase::decode(multibase).map_err(ServiceTokenError::InvalidMultibase)?;
359
360
if decoded.len() < 2 {
361
+
return Err(ServiceTokenError::InvalidMulticodec);
362
}
363
364
+
let key_bytes = if decoded.starts_with(&crate::plc::SECP256K1_MULTICODEC_PREFIX) {
365
+
&decoded[crate::plc::SECP256K1_MULTICODEC_PREFIX.len()..]
366
} else {
367
+
return Err(ServiceTokenError::UnsupportedKeyType);
368
};
369
370
+
VerifyingKey::from_sec1_bytes(key_bytes).map_err(ServiceTokenError::InvalidPublicKey)
371
}
372
373
pub fn is_service_token(token: &str) -> bool {
374
+
let Ok(jwt) = JwtParts::parse(token) else {
375
return false;
376
+
};
377
378
+
let Ok(claims_bytes) = URL_SAFE_NO_PAD.decode(jwt.claims) else {
379
return false;
380
};
381
···
434
let test_key = "zQ3shcXtVCEBjUvAhzTW3r12DkpFdR2KmA3rHmuEMFx4GMBDB";
435
let result = parse_did_key_multibase(test_key);
436
assert!(result.is_ok(), "Failed to parse valid multibase key");
437
+
}
438
+
439
+
#[test]
440
+
fn test_jwt_parts_parse_valid() {
441
+
let jwt = JwtParts::parse("a.b.c").unwrap();
442
+
assert_eq!(jwt.header, "a");
443
+
assert_eq!(jwt.claims, "b");
444
+
assert_eq!(jwt.signature, "c");
445
+
}
446
+
447
+
#[test]
448
+
fn test_jwt_parts_parse_too_few() {
449
+
assert!(matches!(
450
+
JwtParts::parse("a.b"),
451
+
Err(ServiceTokenError::InvalidFormat)
452
+
));
453
+
}
454
+
455
+
#[test]
456
+
fn test_jwt_parts_parse_too_many() {
457
+
assert!(matches!(
458
+
JwtParts::parse("a.b.c.d"),
459
+
Err(ServiceTokenError::InvalidFormat)
460
+
));
461
+
}
462
+
463
+
#[test]
464
+
fn test_jwt_parts_signing_input() {
465
+
let jwt = JwtParts::parse("header.claims.sig").unwrap();
466
+
assert_eq!(jwt.signing_input(), "header.claims");
467
}
468
}
+76
-56
crates/tranquil-pds/src/auth/verification_token.rs
+76
-56
crates/tranquil-pds/src/auth/verification_token.rs
···
1
use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
2
use hmac::Mac;
3
use sha2::{Digest, Sha256};
4
5
type HmacSha256 = hmac::Hmac<Sha256>;
6
···
9
const DEFAULT_MIGRATION_EXPIRY_HOURS: u64 = 48;
10
const DEFAULT_CHANNEL_UPDATE_EXPIRY_MINUTES: u64 = 10;
11
12
-
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
13
pub enum VerificationPurpose {
14
Signup,
15
Migration,
···
25
}
26
}
27
28
-
fn from_str(s: &str) -> Option<Self> {
29
-
match s {
30
-
"signup" => Some(Self::Signup),
31
-
"migration" => Some(Self::Migration),
32
-
"channel_update" => Some(Self::ChannelUpdate),
33
-
_ => None,
34
-
}
35
-
}
36
-
37
fn default_expiry_seconds(&self) -> u64 {
38
match self {
39
Self::Signup => DEFAULT_SIGNUP_EXPIRY_MINUTES * 60,
···
43
}
44
}
45
46
#[derive(Debug)]
47
pub struct VerificationToken {
48
-
pub did: String,
49
pub purpose: VerificationPurpose,
50
-
pub channel: String,
51
pub identifier_hash: String,
52
pub expires_at: u64,
53
}
···
75
URL_SAFE_NO_PAD.encode(&result[..16])
76
}
77
78
-
pub fn generate_signup_token(did: &str, channel: &str, identifier: &str) -> String {
79
generate_token(did, VerificationPurpose::Signup, channel, identifier)
80
}
81
82
-
pub fn generate_migration_token(did: &str, email: &str) -> String {
83
-
generate_token(did, VerificationPurpose::Migration, "email", email)
84
}
85
86
-
pub fn generate_channel_update_token(did: &str, channel: &str, identifier: &str) -> String {
87
generate_token(did, VerificationPurpose::ChannelUpdate, channel, identifier)
88
}
89
90
pub fn generate_token(
91
-
did: &str,
92
purpose: VerificationPurpose,
93
-
channel: &str,
94
identifier: &str,
95
) -> String {
96
generate_token_with_expiry(
···
103
}
104
105
pub fn generate_token_with_expiry(
106
-
did: &str,
107
purpose: VerificationPurpose,
108
-
channel: &str,
109
identifier: &str,
110
expiry_seconds: u64,
111
) -> String {
112
let key = derive_verification_key();
113
let identifier_hash = hash_identifier(identifier);
114
let expires_at = std::time::SystemTime::now()
115
.duration_since(std::time::UNIX_EPOCH)
116
.unwrap_or_default()
···
121
"{}|{}|{}|{}|{}",
122
did,
123
purpose.as_str(),
124
-
channel,
125
identifier_hash,
126
expires_at
127
);
···
135
TOKEN_VERSION,
136
did,
137
purpose.as_str(),
138
-
channel,
139
identifier_hash,
140
expires_at,
141
signature
···
170
171
pub fn verify_signup_token(
172
token: &str,
173
-
expected_channel: &str,
174
expected_identifier: &str,
175
) -> Result<VerificationToken, VerifyError> {
176
let parsed = verify_token_signature(token)?;
···
195
if parsed.purpose != VerificationPurpose::Migration {
196
return Err(VerifyError::PurposeMismatch);
197
}
198
-
if parsed.channel != "email" {
199
return Err(VerifyError::ChannelMismatch);
200
}
201
let expected_hash = hash_identifier(expected_email);
···
207
208
pub fn verify_channel_update_token(
209
token: &str,
210
-
expected_channel: &str,
211
expected_identifier: &str,
212
) -> Result<VerificationToken, VerifyError> {
213
let parsed = verify_token_signature(token)?;
···
226
227
pub fn verify_token_for_did(
228
token: &str,
229
-
expected_did: &str,
230
) -> Result<VerificationToken, VerifyError> {
231
let parsed = verify_token_signature(token)?;
232
-
if parsed.did != expected_did {
233
return Err(VerifyError::IdentifierMismatch);
234
}
235
Ok(parsed)
···
253
254
let did = parts[1];
255
let purpose_str = parts[2];
256
-
let channel = parts[3];
257
let identifier_hash = parts[4];
258
let expires_at: u64 = parts[5].parse().map_err(|_| VerifyError::InvalidFormat)?;
259
let provided_signature = parts[6];
260
261
-
let purpose = VerificationPurpose::from_str(purpose_str).ok_or(VerifyError::InvalidFormat)?;
262
263
let now = std::time::SystemTime::now()
264
.duration_since(std::time::UNIX_EPOCH)
···
271
let key = derive_verification_key();
272
let payload = format!(
273
"{}|{}|{}|{}|{}",
274
-
did, purpose_str, channel, identifier_hash, expires_at
275
);
276
let mut mac = <HmacSha256 as Mac>::new_from_slice(&key).expect("HMAC key size is valid");
277
mac.update(payload.as_bytes());
···
286
return Err(VerifyError::InvalidSignature);
287
}
288
289
Ok(VerificationToken {
290
-
did: did.to_string(),
291
purpose,
292
-
channel: channel.to_string(),
293
identifier_hash: identifier_hash.to_string(),
294
expires_at,
295
})
···
309
310
#[test]
311
fn test_signup_token() {
312
-
let did = "did:plc:test123";
313
-
let channel = "email";
314
let identifier = "test@example.com";
315
-
let token = generate_signup_token(did, channel, identifier);
316
let result = verify_signup_token(&token, channel, identifier);
317
assert!(result.is_ok(), "Expected Ok, got {:?}", result);
318
let parsed = result.unwrap();
···
323
324
#[test]
325
fn test_migration_token() {
326
-
let did = "did:plc:test123";
327
let email = "test@example.com";
328
-
let token = generate_migration_token(did, email);
329
let result = verify_migration_token(&token, email);
330
assert!(result.is_ok(), "Expected Ok, got {:?}", result);
331
let parsed = result.unwrap();
···
335
336
#[test]
337
fn test_token_case_insensitive() {
338
-
let did = "did:plc:test123";
339
-
let token = generate_signup_token(did, "email", "Test@Example.COM");
340
-
let result = verify_signup_token(&token, "email", "test@example.com");
341
assert!(result.is_ok());
342
}
343
344
#[test]
345
fn test_token_wrong_identifier() {
346
-
let did = "did:plc:test123";
347
-
let token = generate_signup_token(did, "email", "test@example.com");
348
-
let result = verify_signup_token(&token, "email", "other@example.com");
349
assert!(matches!(result, Err(VerifyError::IdentifierMismatch)));
350
}
351
352
#[test]
353
fn test_token_wrong_channel() {
354
-
let did = "did:plc:test123";
355
-
let token = generate_signup_token(did, "email", "test@example.com");
356
-
let result = verify_signup_token(&token, "discord", "test@example.com");
357
assert!(matches!(result, Err(VerifyError::ChannelMismatch)));
358
}
359
360
#[test]
361
fn test_expired_token() {
362
-
let did = "did:plc:test123";
363
let token = generate_token_with_expiry(
364
-
did,
365
VerificationPurpose::Signup,
366
-
"email",
367
"test@example.com",
368
0,
369
);
370
std::thread::sleep(std::time::Duration::from_millis(1100));
371
-
let result = verify_signup_token(&token, "email", "test@example.com");
372
assert!(matches!(result, Err(VerifyError::Expired)));
373
}
374
375
#[test]
376
fn test_invalid_token() {
377
-
let result = verify_signup_token("invalid-token", "email", "test@example.com");
378
assert!(matches!(result, Err(VerifyError::InvalidFormat)));
379
}
380
381
#[test]
382
fn test_purpose_mismatch() {
383
-
let did = "did:plc:test123";
384
let email = "test@example.com";
385
-
let signup_token = generate_signup_token(did, "email", email);
386
let result = verify_migration_token(&signup_token, email);
387
assert!(matches!(result, Err(VerifyError::PurposeMismatch)));
388
}
389
390
#[test]
391
fn test_discord_channel() {
392
-
let did = "did:plc:test123";
393
let discord_id = "123456789012345678";
394
-
let token = generate_signup_token(did, "discord", discord_id);
395
-
let result = verify_signup_token(&token, "discord", discord_id);
396
assert!(result.is_ok());
397
}
398
···
1
use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
2
use hmac::Mac;
3
use sha2::{Digest, Sha256};
4
+
use tranquil_db_traits::CommsChannel;
5
+
use tranquil_types::Did;
6
7
type HmacSha256 = hmac::Hmac<Sha256>;
8
···
11
const DEFAULT_MIGRATION_EXPIRY_HOURS: u64 = 48;
12
const DEFAULT_CHANNEL_UPDATE_EXPIRY_MINUTES: u64 = 10;
13
14
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize)]
15
+
#[serde(rename_all = "snake_case")]
16
pub enum VerificationPurpose {
17
Signup,
18
Migration,
···
28
}
29
}
30
31
fn default_expiry_seconds(&self) -> u64 {
32
match self {
33
Self::Signup => DEFAULT_SIGNUP_EXPIRY_MINUTES * 60,
···
37
}
38
}
39
40
+
impl std::str::FromStr for VerificationPurpose {
41
+
type Err = ();
42
+
43
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
44
+
match s {
45
+
"signup" => Ok(Self::Signup),
46
+
"migration" => Ok(Self::Migration),
47
+
"channel_update" => Ok(Self::ChannelUpdate),
48
+
_ => Err(()),
49
+
}
50
+
}
51
+
}
52
+
53
#[derive(Debug)]
54
pub struct VerificationToken {
55
+
pub did: Did,
56
pub purpose: VerificationPurpose,
57
+
pub channel: CommsChannel,
58
pub identifier_hash: String,
59
pub expires_at: u64,
60
}
···
82
URL_SAFE_NO_PAD.encode(&result[..16])
83
}
84
85
+
pub fn generate_signup_token(did: &Did, channel: CommsChannel, identifier: &str) -> String {
86
generate_token(did, VerificationPurpose::Signup, channel, identifier)
87
}
88
89
+
pub fn generate_migration_token(did: &Did, email: &str) -> String {
90
+
generate_token(
91
+
did,
92
+
VerificationPurpose::Migration,
93
+
CommsChannel::Email,
94
+
email,
95
+
)
96
}
97
98
+
pub fn generate_channel_update_token(did: &Did, channel: CommsChannel, identifier: &str) -> String {
99
generate_token(did, VerificationPurpose::ChannelUpdate, channel, identifier)
100
}
101
102
pub fn generate_token(
103
+
did: &Did,
104
purpose: VerificationPurpose,
105
+
channel: CommsChannel,
106
identifier: &str,
107
) -> String {
108
generate_token_with_expiry(
···
115
}
116
117
pub fn generate_token_with_expiry(
118
+
did: &Did,
119
purpose: VerificationPurpose,
120
+
channel: CommsChannel,
121
identifier: &str,
122
expiry_seconds: u64,
123
) -> String {
124
let key = derive_verification_key();
125
let identifier_hash = hash_identifier(identifier);
126
+
let channel_str = channel.as_str();
127
let expires_at = std::time::SystemTime::now()
128
.duration_since(std::time::UNIX_EPOCH)
129
.unwrap_or_default()
···
134
"{}|{}|{}|{}|{}",
135
did,
136
purpose.as_str(),
137
+
channel_str,
138
identifier_hash,
139
expires_at
140
);
···
148
TOKEN_VERSION,
149
did,
150
purpose.as_str(),
151
+
channel_str,
152
identifier_hash,
153
expires_at,
154
signature
···
183
184
pub fn verify_signup_token(
185
token: &str,
186
+
expected_channel: CommsChannel,
187
expected_identifier: &str,
188
) -> Result<VerificationToken, VerifyError> {
189
let parsed = verify_token_signature(token)?;
···
208
if parsed.purpose != VerificationPurpose::Migration {
209
return Err(VerifyError::PurposeMismatch);
210
}
211
+
if parsed.channel != CommsChannel::Email {
212
return Err(VerifyError::ChannelMismatch);
213
}
214
let expected_hash = hash_identifier(expected_email);
···
220
221
pub fn verify_channel_update_token(
222
token: &str,
223
+
expected_channel: CommsChannel,
224
expected_identifier: &str,
225
) -> Result<VerificationToken, VerifyError> {
226
let parsed = verify_token_signature(token)?;
···
239
240
pub fn verify_token_for_did(
241
token: &str,
242
+
expected_did: &Did,
243
) -> Result<VerificationToken, VerifyError> {
244
let parsed = verify_token_signature(token)?;
245
+
if parsed.did != *expected_did {
246
return Err(VerifyError::IdentifierMismatch);
247
}
248
Ok(parsed)
···
266
267
let did = parts[1];
268
let purpose_str = parts[2];
269
+
let channel_str = parts[3];
270
let identifier_hash = parts[4];
271
let expires_at: u64 = parts[5].parse().map_err(|_| VerifyError::InvalidFormat)?;
272
let provided_signature = parts[6];
273
274
+
let purpose: VerificationPurpose = purpose_str
275
+
.parse()
276
+
.map_err(|_| VerifyError::InvalidFormat)?;
277
+
let channel: CommsChannel = channel_str
278
+
.parse()
279
+
.map_err(|_| VerifyError::InvalidFormat)?;
280
281
let now = std::time::SystemTime::now()
282
.duration_since(std::time::UNIX_EPOCH)
···
289
let key = derive_verification_key();
290
let payload = format!(
291
"{}|{}|{}|{}|{}",
292
+
did, purpose_str, channel_str, identifier_hash, expires_at
293
);
294
let mut mac = <HmacSha256 as Mac>::new_from_slice(&key).expect("HMAC key size is valid");
295
mac.update(payload.as_bytes());
···
304
return Err(VerifyError::InvalidSignature);
305
}
306
307
+
let parsed_did: Did = did.parse().map_err(|_| VerifyError::InvalidFormat)?;
308
+
309
Ok(VerificationToken {
310
+
did: parsed_did,
311
purpose,
312
+
channel,
313
identifier_hash: identifier_hash.to_string(),
314
expires_at,
315
})
···
329
330
#[test]
331
fn test_signup_token() {
332
+
let did: Did = "did:plc:test123".parse().unwrap();
333
+
let channel = CommsChannel::Email;
334
let identifier = "test@example.com";
335
+
let token = generate_signup_token(&did, channel, identifier);
336
let result = verify_signup_token(&token, channel, identifier);
337
assert!(result.is_ok(), "Expected Ok, got {:?}", result);
338
let parsed = result.unwrap();
···
343
344
#[test]
345
fn test_migration_token() {
346
+
let did: Did = "did:plc:test123".parse().unwrap();
347
let email = "test@example.com";
348
+
let token = generate_migration_token(&did, email);
349
let result = verify_migration_token(&token, email);
350
assert!(result.is_ok(), "Expected Ok, got {:?}", result);
351
let parsed = result.unwrap();
···
355
356
#[test]
357
fn test_token_case_insensitive() {
358
+
let did: Did = "did:plc:test123".parse().unwrap();
359
+
let token = generate_signup_token(&did, CommsChannel::Email, "Test@Example.COM");
360
+
let result = verify_signup_token(&token, CommsChannel::Email, "test@example.com");
361
assert!(result.is_ok());
362
}
363
364
#[test]
365
fn test_token_wrong_identifier() {
366
+
let did: Did = "did:plc:test123".parse().unwrap();
367
+
let token = generate_signup_token(&did, CommsChannel::Email, "test@example.com");
368
+
let result = verify_signup_token(&token, CommsChannel::Email, "other@example.com");
369
assert!(matches!(result, Err(VerifyError::IdentifierMismatch)));
370
}
371
372
#[test]
373
fn test_token_wrong_channel() {
374
+
let did: Did = "did:plc:test123".parse().unwrap();
375
+
let token = generate_signup_token(&did, CommsChannel::Email, "test@example.com");
376
+
let result = verify_signup_token(&token, CommsChannel::Discord, "test@example.com");
377
assert!(matches!(result, Err(VerifyError::ChannelMismatch)));
378
}
379
380
#[test]
381
fn test_expired_token() {
382
+
let did: Did = "did:plc:test123".parse().unwrap();
383
let token = generate_token_with_expiry(
384
+
&did,
385
VerificationPurpose::Signup,
386
+
CommsChannel::Email,
387
"test@example.com",
388
0,
389
);
390
std::thread::sleep(std::time::Duration::from_millis(1100));
391
+
let result = verify_signup_token(&token, CommsChannel::Email, "test@example.com");
392
assert!(matches!(result, Err(VerifyError::Expired)));
393
}
394
395
#[test]
396
fn test_invalid_token() {
397
+
let result = verify_signup_token("invalid-token", CommsChannel::Email, "test@example.com");
398
assert!(matches!(result, Err(VerifyError::InvalidFormat)));
399
}
400
401
#[test]
402
fn test_purpose_mismatch() {
403
+
let did: Did = "did:plc:test123".parse().unwrap();
404
let email = "test@example.com";
405
+
let signup_token = generate_signup_token(&did, CommsChannel::Email, email);
406
let result = verify_migration_token(&signup_token, email);
407
assert!(matches!(result, Err(VerifyError::PurposeMismatch)));
408
}
409
410
#[test]
411
fn test_discord_channel() {
412
+
let did: Did = "did:plc:test123".parse().unwrap();
413
let discord_id = "123456789012345678";
414
+
let token = generate_signup_token(&did, CommsChannel::Discord, discord_id);
415
+
let result = verify_signup_token(&token, CommsChannel::Discord, discord_id);
416
assert!(result.is_ok());
417
}
418
+24
-12
crates/tranquil-pds/src/auth/webauthn.rs
+24
-12
crates/tranquil-pds/src/auth/webauthn.rs
···
1
use uuid::Uuid;
2
use webauthn_rs::prelude::*;
3
4
pub struct WebAuthnConfig {
5
webauthn: Webauthn,
6
}
7
8
impl WebAuthnConfig {
9
-
pub fn new(hostname: &str) -> Result<Self, String> {
10
let rp_id = hostname.split(':').next().unwrap_or(hostname).to_string();
11
let rp_origin = Url::parse(&format!("https://{}", hostname))
12
-
.map_err(|e| format!("Invalid origin URL: {}", e))?;
13
14
let builder = WebauthnBuilder::new(&rp_id, &rp_origin)
15
-
.map_err(|e| format!("Failed to create WebAuthn builder: {}", e))?
16
.rp_name("Tranquil PDS")
17
.danger_set_user_presence_only_security_keys(true);
18
19
let webauthn = builder
20
.build()
21
-
.map_err(|e| format!("Failed to build WebAuthn: {}", e))?;
22
23
Ok(Self { webauthn })
24
}
···
29
username: &str,
30
display_name: &str,
31
exclude_credentials: Vec<CredentialID>,
32
-
) -> Result<(CreationChallengeResponse, SecurityKeyRegistration), String> {
33
let user_unique_id = Uuid::new_v5(&Uuid::NAMESPACE_OID, user_id.as_bytes());
34
35
self.webauthn
···
45
None,
46
None,
47
)
48
-
.map_err(|e| format!("Failed to start registration: {}", e))
49
}
50
51
pub fn finish_registration(
52
&self,
53
reg: &RegisterPublicKeyCredential,
54
state: &SecurityKeyRegistration,
55
-
) -> Result<SecurityKey, String> {
56
self.webauthn
57
.finish_securitykey_registration(reg, state)
58
-
.map_err(|e| format!("Failed to finish registration: {}", e))
59
}
60
61
pub fn start_authentication(
62
&self,
63
credentials: Vec<SecurityKey>,
64
-
) -> Result<(RequestChallengeResponse, SecurityKeyAuthentication), String> {
65
self.webauthn
66
.start_securitykey_authentication(&credentials)
67
-
.map_err(|e| format!("Failed to start authentication: {}", e))
68
}
69
70
pub fn finish_authentication(
71
&self,
72
auth: &PublicKeyCredential,
73
state: &SecurityKeyAuthentication,
74
-
) -> Result<AuthenticationResult, String> {
75
self.webauthn
76
.finish_securitykey_authentication(auth, state)
77
-
.map_err(|e| format!("Failed to finish authentication: {}", e))
78
}
79
}
···
1
use uuid::Uuid;
2
use webauthn_rs::prelude::*;
3
4
+
#[derive(Debug, thiserror::Error)]
5
+
pub enum WebauthnError {
6
+
#[error("Invalid origin URL: {0}")]
7
+
InvalidOrigin(String),
8
+
#[error("Failed to create WebAuthn builder: {0}")]
9
+
BuilderFailed(String),
10
+
#[error("Registration failed: {0}")]
11
+
RegistrationFailed(String),
12
+
#[error("Authentication failed: {0}")]
13
+
AuthenticationFailed(String),
14
+
}
15
+
16
pub struct WebAuthnConfig {
17
webauthn: Webauthn,
18
}
19
20
impl WebAuthnConfig {
21
+
pub fn new(hostname: &str) -> Result<Self, WebauthnError> {
22
let rp_id = hostname.split(':').next().unwrap_or(hostname).to_string();
23
let rp_origin = Url::parse(&format!("https://{}", hostname))
24
+
.map_err(|e| WebauthnError::InvalidOrigin(e.to_string()))?;
25
26
let builder = WebauthnBuilder::new(&rp_id, &rp_origin)
27
+
.map_err(|e| WebauthnError::BuilderFailed(e.to_string()))?
28
.rp_name("Tranquil PDS")
29
.danger_set_user_presence_only_security_keys(true);
30
31
let webauthn = builder
32
.build()
33
+
.map_err(|e| WebauthnError::BuilderFailed(e.to_string()))?;
34
35
Ok(Self { webauthn })
36
}
···
41
username: &str,
42
display_name: &str,
43
exclude_credentials: Vec<CredentialID>,
44
+
) -> Result<(CreationChallengeResponse, SecurityKeyRegistration), WebauthnError> {
45
let user_unique_id = Uuid::new_v5(&Uuid::NAMESPACE_OID, user_id.as_bytes());
46
47
self.webauthn
···
57
None,
58
None,
59
)
60
+
.map_err(|e| WebauthnError::RegistrationFailed(e.to_string()))
61
}
62
63
pub fn finish_registration(
64
&self,
65
reg: &RegisterPublicKeyCredential,
66
state: &SecurityKeyRegistration,
67
+
) -> Result<SecurityKey, WebauthnError> {
68
self.webauthn
69
.finish_securitykey_registration(reg, state)
70
+
.map_err(|e| WebauthnError::RegistrationFailed(e.to_string()))
71
}
72
73
pub fn start_authentication(
74
&self,
75
credentials: Vec<SecurityKey>,
76
+
) -> Result<(RequestChallengeResponse, SecurityKeyAuthentication), WebauthnError> {
77
self.webauthn
78
.start_securitykey_authentication(&credentials)
79
+
.map_err(|e| WebauthnError::AuthenticationFailed(e.to_string()))
80
}
81
82
pub fn finish_authentication(
83
&self,
84
auth: &PublicKeyCredential,
85
state: &SecurityKeyAuthentication,
86
+
) -> Result<AuthenticationResult, WebauthnError> {
87
self.webauthn
88
.finish_securitykey_authentication(auth, state)
89
+
.map_err(|e| WebauthnError::AuthenticationFailed(e.to_string()))
90
}
91
}
+35
crates/tranquil-pds/src/cache_keys.rs
+35
crates/tranquil-pds/src/cache_keys.rs
···
···
1
+
pub fn session_key(did: &str, jti: &str) -> String {
2
+
format!("auth:session:{}:{}", did, jti)
3
+
}
4
+
5
+
pub fn signing_key_key(did: &str) -> String {
6
+
format!("auth:key:{}", did)
7
+
}
8
+
9
+
pub fn user_status_key(did: &str) -> String {
10
+
format!("auth:status:{}", did)
11
+
}
12
+
13
+
pub fn handle_key(handle: &str) -> String {
14
+
format!("handle:{}", handle)
15
+
}
16
+
17
+
pub fn reauth_key(did: &str) -> String {
18
+
format!("reauth:{}", did)
19
+
}
20
+
21
+
pub fn plc_doc_key(did: &str) -> String {
22
+
format!("plc:doc:{}", did)
23
+
}
24
+
25
+
pub fn plc_data_key(did: &str) -> String {
26
+
format!("plc:data:{}", did)
27
+
}
28
+
29
+
pub fn email_update_key(did: &str) -> String {
30
+
format!("email_update:{}", did)
31
+
}
32
+
33
+
pub fn scope_ref_key(cid: &str) -> String {
34
+
format!("scope_ref:{}", cid)
35
+
}
+35
-19
crates/tranquil-pds/src/circuit_breaker.rs
+35
-19
crates/tranquil-pds/src/circuit_breaker.rs
···
1
use std::sync::Arc;
2
use std::sync::atomic::{AtomicU32, AtomicU64, Ordering};
3
use std::time::Duration;
···
24
impl CircuitBreaker {
25
pub fn new(
26
name: &str,
27
-
failure_threshold: u32,
28
-
success_threshold: u32,
29
-
timeout_secs: u64,
30
) -> Self {
31
Self {
32
name: name.to_string(),
33
-
failure_threshold,
34
-
success_threshold,
35
-
timeout: Duration::from_secs(timeout_secs),
36
state: Arc::new(RwLock::new(CircuitState::Closed)),
37
failure_count: AtomicU32::new(0),
38
success_count: AtomicU32::new(0),
···
49
let last_failure = self.last_failure_time.load(Ordering::SeqCst);
50
let now = std::time::SystemTime::now()
51
.duration_since(std::time::UNIX_EPOCH)
52
-
.unwrap()
53
.as_secs();
54
55
-
if now - last_failure >= self.timeout.as_secs() {
56
drop(state);
57
let mut state = self.state.write().await;
58
if *state == CircuitState::Open {
···
100
*state = CircuitState::Open;
101
let now = std::time::SystemTime::now()
102
.duration_since(std::time::UNIX_EPOCH)
103
-
.unwrap()
104
.as_secs();
105
self.last_failure_time.store(now, Ordering::SeqCst);
106
tracing::warn!(
···
150
impl CircuitBreakers {
151
pub fn new() -> Self {
152
Self {
153
-
plc_directory: Arc::new(CircuitBreaker::new("plc_directory", 5, 3, 60)),
154
-
relay_notification: Arc::new(CircuitBreaker::new("relay_notification", 10, 5, 30)),
155
}
156
}
157
}
···
223
mod tests {
224
use super::*;
225
226
#[tokio::test]
227
async fn test_circuit_breaker_starts_closed() {
228
-
let cb = CircuitBreaker::new("test", 3, 2, 10);
229
assert_eq!(cb.state().await, CircuitState::Closed);
230
assert!(cb.can_execute().await);
231
}
232
233
#[tokio::test]
234
async fn test_circuit_breaker_opens_after_failures() {
235
-
let cb = CircuitBreaker::new("test", 3, 2, 10);
236
237
cb.record_failure().await;
238
assert_eq!(cb.state().await, CircuitState::Closed);
···
247
248
#[tokio::test]
249
async fn test_circuit_breaker_success_resets_failures() {
250
-
let cb = CircuitBreaker::new("test", 3, 2, 10);
251
252
cb.record_failure().await;
253
cb.record_failure().await;
···
263
264
#[tokio::test]
265
async fn test_circuit_breaker_half_open_closes_after_successes() {
266
-
let cb = CircuitBreaker::new("test", 3, 2, 0);
267
268
futures::future::join_all((0..3).map(|_| cb.record_failure())).await;
269
assert_eq!(cb.state().await, CircuitState::Open);
270
271
-
tokio::time::sleep(Duration::from_millis(100)).await;
272
assert!(cb.can_execute().await);
273
assert_eq!(cb.state().await, CircuitState::HalfOpen);
274
···
281
282
#[tokio::test]
283
async fn test_circuit_breaker_half_open_reopens_on_failure() {
284
-
let cb = CircuitBreaker::new("test", 3, 2, 0);
285
286
futures::future::join_all((0..3).map(|_| cb.record_failure())).await;
287
288
-
tokio::time::sleep(Duration::from_millis(100)).await;
289
cb.can_execute().await;
290
291
cb.record_failure().await;
···
294
295
#[tokio::test]
296
async fn test_with_circuit_breaker_helper() {
297
-
let cb = CircuitBreaker::new("test", 3, 2, 10);
298
299
let result: Result<i32, CircuitBreakerError<std::io::Error>> =
300
with_circuit_breaker(&cb, || async { Ok(42) }).await;
···
1
+
use std::num::{NonZeroU32, NonZeroU64};
2
use std::sync::Arc;
3
use std::sync::atomic::{AtomicU32, AtomicU64, Ordering};
4
use std::time::Duration;
···
25
impl CircuitBreaker {
26
pub fn new(
27
name: &str,
28
+
failure_threshold: NonZeroU32,
29
+
success_threshold: NonZeroU32,
30
+
timeout_secs: NonZeroU64,
31
) -> Self {
32
Self {
33
name: name.to_string(),
34
+
failure_threshold: failure_threshold.get(),
35
+
success_threshold: success_threshold.get(),
36
+
timeout: Duration::from_secs(timeout_secs.get()),
37
state: Arc::new(RwLock::new(CircuitState::Closed)),
38
failure_count: AtomicU32::new(0),
39
success_count: AtomicU32::new(0),
···
50
let last_failure = self.last_failure_time.load(Ordering::SeqCst);
51
let now = std::time::SystemTime::now()
52
.duration_since(std::time::UNIX_EPOCH)
53
+
.unwrap_or_default()
54
.as_secs();
55
56
+
if now.saturating_sub(last_failure) >= self.timeout.as_secs() {
57
drop(state);
58
let mut state = self.state.write().await;
59
if *state == CircuitState::Open {
···
101
*state = CircuitState::Open;
102
let now = std::time::SystemTime::now()
103
.duration_since(std::time::UNIX_EPOCH)
104
+
.unwrap_or_default()
105
.as_secs();
106
self.last_failure_time.store(now, Ordering::SeqCst);
107
tracing::warn!(
···
151
impl CircuitBreakers {
152
pub fn new() -> Self {
153
Self {
154
+
plc_directory: Arc::new(CircuitBreaker::new(
155
+
"plc_directory",
156
+
const { NonZeroU32::new(5).unwrap() },
157
+
const { NonZeroU32::new(3).unwrap() },
158
+
const { NonZeroU64::new(60).unwrap() },
159
+
)),
160
+
relay_notification: Arc::new(CircuitBreaker::new(
161
+
"relay_notification",
162
+
const { NonZeroU32::new(10).unwrap() },
163
+
const { NonZeroU32::new(5).unwrap() },
164
+
const { NonZeroU64::new(30).unwrap() },
165
+
)),
166
}
167
}
168
}
···
234
mod tests {
235
use super::*;
236
237
+
const TEST_FAILURE: NonZeroU32 = const { NonZeroU32::new(3).unwrap() };
238
+
const TEST_SUCCESS: NonZeroU32 = const { NonZeroU32::new(2).unwrap() };
239
+
const TEST_TIMEOUT: NonZeroU64 = const { NonZeroU64::new(10).unwrap() };
240
+
const TEST_ZERO_TIMEOUT: NonZeroU64 = const { NonZeroU64::new(1).unwrap() };
241
+
242
#[tokio::test]
243
async fn test_circuit_breaker_starts_closed() {
244
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_TIMEOUT);
245
assert_eq!(cb.state().await, CircuitState::Closed);
246
assert!(cb.can_execute().await);
247
}
248
249
#[tokio::test]
250
async fn test_circuit_breaker_opens_after_failures() {
251
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_TIMEOUT);
252
253
cb.record_failure().await;
254
assert_eq!(cb.state().await, CircuitState::Closed);
···
263
264
#[tokio::test]
265
async fn test_circuit_breaker_success_resets_failures() {
266
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_TIMEOUT);
267
268
cb.record_failure().await;
269
cb.record_failure().await;
···
279
280
#[tokio::test]
281
async fn test_circuit_breaker_half_open_closes_after_successes() {
282
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_ZERO_TIMEOUT);
283
284
futures::future::join_all((0..3).map(|_| cb.record_failure())).await;
285
assert_eq!(cb.state().await, CircuitState::Open);
286
287
+
tokio::time::sleep(Duration::from_millis(1100)).await;
288
assert!(cb.can_execute().await);
289
assert_eq!(cb.state().await, CircuitState::HalfOpen);
290
···
297
298
#[tokio::test]
299
async fn test_circuit_breaker_half_open_reopens_on_failure() {
300
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_ZERO_TIMEOUT);
301
302
futures::future::join_all((0..3).map(|_| cb.record_failure())).await;
303
304
+
tokio::time::sleep(Duration::from_millis(1100)).await;
305
cb.can_execute().await;
306
307
cb.record_failure().await;
···
310
311
#[tokio::test]
312
async fn test_with_circuit_breaker_helper() {
313
+
let cb = CircuitBreaker::new("test", TEST_FAILURE, TEST_SUCCESS, TEST_TIMEOUT);
314
315
let result: Result<i32, CircuitBreakerError<std::io::Error>> =
316
with_circuit_breaker(&cb, || async { Ok(42) }).await;
+1
-1
crates/tranquil-pds/src/comms/mod.rs
+1
-1
crates/tranquil-pds/src/comms/mod.rs
+22
-123
crates/tranquil-pds/src/comms/service.rs
+22
-123
crates/tranquil-pds/src/comms/service.rs
···
7
use tokio_util::sync::CancellationToken;
8
use tracing::{debug, error, info, warn};
9
use tranquil_comms::{
10
-
CommsChannel, CommsSender, CommsStatus, CommsType, NewComms, SendError, format_message,
11
-
get_strings,
12
};
13
use tranquil_db_traits::{InfraRepository, QueuedComms, UserCommsPrefs, UserRepository};
14
use uuid::Uuid;
···
54
}
55
56
pub async fn enqueue(&self, item: NewComms) -> Result<Uuid, tranquil_db_traits::DbError> {
57
-
let channel = match item.channel {
58
-
CommsChannel::Email => tranquil_db_traits::CommsChannel::Email,
59
-
CommsChannel::Discord => tranquil_db_traits::CommsChannel::Discord,
60
-
CommsChannel::Telegram => tranquil_db_traits::CommsChannel::Telegram,
61
-
CommsChannel::Signal => tranquil_db_traits::CommsChannel::Signal,
62
-
};
63
-
let comms_type = match item.comms_type {
64
-
CommsType::Welcome => tranquil_db_traits::CommsType::Welcome,
65
-
CommsType::EmailVerification => tranquil_db_traits::CommsType::EmailVerification,
66
-
CommsType::PasswordReset => tranquil_db_traits::CommsType::PasswordReset,
67
-
CommsType::EmailUpdate => tranquil_db_traits::CommsType::EmailUpdate,
68
-
CommsType::AccountDeletion => tranquil_db_traits::CommsType::AccountDeletion,
69
-
CommsType::AdminEmail => tranquil_db_traits::CommsType::AdminEmail,
70
-
CommsType::PlcOperation => tranquil_db_traits::CommsType::PlcOperation,
71
-
CommsType::TwoFactorCode => tranquil_db_traits::CommsType::TwoFactorCode,
72
-
CommsType::PasskeyRecovery => tranquil_db_traits::CommsType::PasskeyRecovery,
73
-
CommsType::LegacyLoginAlert => tranquil_db_traits::CommsType::LegacyLoginAlert,
74
-
CommsType::MigrationVerification => {
75
-
tranquil_db_traits::CommsType::MigrationVerification
76
-
}
77
-
CommsType::ChannelVerification => tranquil_db_traits::CommsType::ChannelVerification,
78
-
CommsType::ChannelVerified => tranquil_db_traits::CommsType::ChannelVerified,
79
-
};
80
let id = self
81
.infra_repo
82
.enqueue_comms(
83
Some(item.user_id),
84
-
channel,
85
-
comms_type,
86
&item.recipient,
87
item.subject.as_deref(),
88
&item.body,
···
144
145
async fn process_item(&self, item: QueuedComms) {
146
let comms_id = item.id;
147
-
let channel = match item.channel {
148
-
tranquil_db_traits::CommsChannel::Email => CommsChannel::Email,
149
-
tranquil_db_traits::CommsChannel::Discord => CommsChannel::Discord,
150
-
tranquil_db_traits::CommsChannel::Telegram => CommsChannel::Telegram,
151
-
tranquil_db_traits::CommsChannel::Signal => CommsChannel::Signal,
152
-
};
153
-
let comms_item = tranquil_comms::QueuedComms {
154
-
id: item.id,
155
-
user_id: item.user_id,
156
-
channel,
157
-
comms_type: match item.comms_type {
158
-
tranquil_db_traits::CommsType::Welcome => CommsType::Welcome,
159
-
tranquil_db_traits::CommsType::EmailVerification => CommsType::EmailVerification,
160
-
tranquil_db_traits::CommsType::PasswordReset => CommsType::PasswordReset,
161
-
tranquil_db_traits::CommsType::EmailUpdate => CommsType::EmailUpdate,
162
-
tranquil_db_traits::CommsType::AccountDeletion => CommsType::AccountDeletion,
163
-
tranquil_db_traits::CommsType::AdminEmail => CommsType::AdminEmail,
164
-
tranquil_db_traits::CommsType::PlcOperation => CommsType::PlcOperation,
165
-
tranquil_db_traits::CommsType::TwoFactorCode => CommsType::TwoFactorCode,
166
-
tranquil_db_traits::CommsType::PasskeyRecovery => CommsType::PasskeyRecovery,
167
-
tranquil_db_traits::CommsType::LegacyLoginAlert => CommsType::LegacyLoginAlert,
168
-
tranquil_db_traits::CommsType::MigrationVerification => {
169
-
CommsType::MigrationVerification
170
-
}
171
-
tranquil_db_traits::CommsType::ChannelVerification => {
172
-
CommsType::ChannelVerification
173
-
}
174
-
tranquil_db_traits::CommsType::ChannelVerified => CommsType::ChannelVerified,
175
-
},
176
-
status: match item.status {
177
-
tranquil_db_traits::CommsStatus::Pending => CommsStatus::Pending,
178
-
tranquil_db_traits::CommsStatus::Processing => CommsStatus::Processing,
179
-
tranquil_db_traits::CommsStatus::Sent => CommsStatus::Sent,
180
-
tranquil_db_traits::CommsStatus::Failed => CommsStatus::Failed,
181
-
},
182
-
recipient: item.recipient,
183
-
subject: item.subject,
184
-
body: item.body,
185
-
metadata: item.metadata,
186
-
attempts: item.attempts,
187
-
max_attempts: item.max_attempts,
188
-
last_error: item.last_error,
189
-
created_at: item.created_at,
190
-
updated_at: item.updated_at,
191
-
scheduled_for: item.scheduled_for,
192
-
processed_at: item.processed_at,
193
-
};
194
-
let result = match self.senders.get(&channel) {
195
-
Some(sender) => sender.send(&comms_item).await,
196
None => {
197
warn!(
198
comms_id = %comms_id,
199
-
channel = ?channel,
200
"No sender registered for channel"
201
);
202
-
Err(SendError::NotConfigured(channel))
203
}
204
};
205
match result {
···
240
}
241
}
242
243
-
pub fn channel_display_name(channel: CommsChannel) -> &'static str {
244
-
match channel {
245
-
CommsChannel::Email => "email",
246
-
CommsChannel::Discord => "Discord",
247
-
CommsChannel::Telegram => "Telegram",
248
-
CommsChannel::Signal => "Signal",
249
-
}
250
-
}
251
-
252
struct ResolvedRecipient {
253
channel: tranquil_db_traits::CommsChannel,
254
recipient: String,
···
289
recipient: n.clone(),
290
})
291
.unwrap_or_else(email_fallback),
292
-
}
293
-
}
294
-
295
-
fn channel_from_str(s: &str) -> tranquil_db_traits::CommsChannel {
296
-
match s {
297
-
"discord" => tranquil_db_traits::CommsChannel::Discord,
298
-
"telegram" => tranquil_db_traits::CommsChannel::Telegram,
299
-
"signal" => tranquil_db_traits::CommsChannel::Signal,
300
-
_ => tranquil_db_traits::CommsChannel::Email,
301
}
302
}
303
···
453
infra_repo: &dyn InfraRepository,
454
user_id: Uuid,
455
token: &str,
456
-
purpose: &str,
457
hostname: &str,
458
) -> Result<Uuid, DbError> {
459
let prefs = user_repo
···
463
let strings = get_strings(prefs.preferred_locale.as_deref().unwrap_or("en"));
464
let current_email = prefs.email.clone().unwrap_or_default();
465
466
-
let (subject_template, body_template, comms_type) = match purpose {
467
-
"email_update" => (
468
-
strings.email_update_subject,
469
-
strings.short_token_body,
470
-
CommsType::EmailUpdate,
471
-
),
472
-
_ => (
473
-
strings.email_update_subject,
474
-
strings.short_token_body,
475
-
CommsType::EmailUpdate,
476
-
),
477
-
};
478
479
let verify_page = format!("https://{}/app/settings", hostname);
480
let body = format_message(
···
642
user_repo: &dyn UserRepository,
643
infra_repo: &dyn InfraRepository,
644
user_id: Uuid,
645
-
channel: &str,
646
recipient: &str,
647
code: &str,
648
hostname: &str,
649
) -> Result<Uuid, DbError> {
650
-
let comms_channel = channel_from_str(channel);
651
-
let prefs = user_repo.get_comms_prefs(user_id).await.ok().flatten();
652
let locale = prefs
653
.as_ref()
654
.and_then(|p| p.preferred_locale.as_deref())
···
762
user_repo: &dyn UserRepository,
763
infra_repo: &dyn InfraRepository,
764
user_id: Uuid,
765
-
channel_name: &str,
766
recipient: &str,
767
hostname: &str,
768
) -> Result<Uuid, DbError> {
···
771
.await?
772
.ok_or(DbError::NotFound)?;
773
let strings = get_strings(prefs.preferred_locale.as_deref().unwrap_or("en"));
774
-
let display_name = match channel_name {
775
-
"email" => "Email",
776
-
"discord" => "Discord",
777
-
"telegram" => "Telegram",
778
-
"signal" => "Signal",
779
-
other => other,
780
-
};
781
let body = format_message(
782
strings.channel_verified_body,
783
&[
784
("handle", &prefs.handle),
785
-
("channel", display_name),
786
("hostname", hostname),
787
],
788
);
789
let subject = format_message(strings.channel_verified_subject, &[("hostname", hostname)]);
790
-
let comms_channel = channel_from_str(channel_name);
791
infra_repo
792
.enqueue_comms(
793
Some(user_id),
794
-
comms_channel,
795
CommsType::ChannelVerified,
796
recipient,
797
Some(&subject),
···
7
use tokio_util::sync::CancellationToken;
8
use tracing::{debug, error, info, warn};
9
use tranquil_comms::{
10
+
CommsChannel, CommsSender, CommsType, NewComms, SendError, format_message, get_strings,
11
};
12
use tranquil_db_traits::{InfraRepository, QueuedComms, UserCommsPrefs, UserRepository};
13
use uuid::Uuid;
···
53
}
54
55
pub async fn enqueue(&self, item: NewComms) -> Result<Uuid, tranquil_db_traits::DbError> {
56
let id = self
57
.infra_repo
58
.enqueue_comms(
59
Some(item.user_id),
60
+
item.channel,
61
+
item.comms_type,
62
&item.recipient,
63
item.subject.as_deref(),
64
&item.body,
···
120
121
async fn process_item(&self, item: QueuedComms) {
122
let comms_id = item.id;
123
+
let result = match self.senders.get(&item.channel) {
124
+
Some(sender) => sender.send(&item).await,
125
None => {
126
warn!(
127
comms_id = %comms_id,
128
+
channel = ?item.channel,
129
"No sender registered for channel"
130
);
131
+
Err(SendError::NotConfigured(item.channel))
132
}
133
};
134
match result {
···
169
}
170
}
171
172
struct ResolvedRecipient {
173
channel: tranquil_db_traits::CommsChannel,
174
recipient: String,
···
209
recipient: n.clone(),
210
})
211
.unwrap_or_else(email_fallback),
212
}
213
}
214
···
364
infra_repo: &dyn InfraRepository,
365
user_id: Uuid,
366
token: &str,
367
hostname: &str,
368
) -> Result<Uuid, DbError> {
369
let prefs = user_repo
···
373
let strings = get_strings(prefs.preferred_locale.as_deref().unwrap_or("en"));
374
let current_email = prefs.email.clone().unwrap_or_default();
375
376
+
let subject_template = strings.email_update_subject;
377
+
let body_template = strings.short_token_body;
378
+
let comms_type = CommsType::EmailUpdate;
379
380
let verify_page = format!("https://{}/app/settings", hostname);
381
let body = format_message(
···
543
user_repo: &dyn UserRepository,
544
infra_repo: &dyn InfraRepository,
545
user_id: Uuid,
546
+
channel: tranquil_db_traits::CommsChannel,
547
recipient: &str,
548
code: &str,
549
hostname: &str,
550
) -> Result<Uuid, DbError> {
551
+
let comms_channel = channel;
552
+
let prefs = match user_repo.get_comms_prefs(user_id).await {
553
+
Ok(p) => p,
554
+
Err(e) => {
555
+
tracing::warn!(user_id = %user_id, error = %e, "failed to fetch comms preferences, using defaults");
556
+
None
557
+
}
558
+
};
559
let locale = prefs
560
.as_ref()
561
.and_then(|p| p.preferred_locale.as_deref())
···
669
user_repo: &dyn UserRepository,
670
infra_repo: &dyn InfraRepository,
671
user_id: Uuid,
672
+
channel: tranquil_db_traits::CommsChannel,
673
recipient: &str,
674
hostname: &str,
675
) -> Result<Uuid, DbError> {
···
678
.await?
679
.ok_or(DbError::NotFound)?;
680
let strings = get_strings(prefs.preferred_locale.as_deref().unwrap_or("en"));
681
let body = format_message(
682
strings.channel_verified_body,
683
&[
684
("handle", &prefs.handle),
685
+
("channel", channel.display_name()),
686
("hostname", hostname),
687
],
688
);
689
let subject = format_message(strings.channel_verified_subject, &[("hostname", hostname)]);
690
infra_repo
691
.enqueue_comms(
692
Some(user_id),
693
+
channel,
694
CommsType::ChannelVerified,
695
recipient,
696
Some(&subject),
+55
-13
crates/tranquil-pds/src/config.rs
+55
-13
crates/tranquil-pds/src/config.rs
···
6
use sha2::{Digest, Sha256};
7
use std::sync::OnceLock;
8
9
static CONFIG: OnceLock<AuthConfig> = OnceLock::new();
10
11
pub const ENCRYPTION_VERSION: i32 = 1;
···
208
}
209
}
210
211
-
pub fn encrypt_user_key(&self, plaintext: &[u8]) -> Result<Vec<u8>, String> {
212
use rand::RngCore;
213
214
let cipher = Aes256Gcm::new_from_slice(&self.key_encryption_key)
215
-
.map_err(|e| format!("Failed to create cipher: {}", e))?;
216
217
let mut nonce_bytes = [0u8; 12];
218
rand::thread_rng().fill_bytes(&mut nonce_bytes);
···
222
223
let ciphertext = cipher
224
.encrypt(nonce, plaintext)
225
-
.map_err(|e| format!("Encryption failed: {}", e))?;
226
227
let mut result = Vec::with_capacity(12 + ciphertext.len());
228
result.extend_from_slice(&nonce_bytes);
···
231
Ok(result)
232
}
233
234
-
pub fn decrypt_user_key(&self, encrypted: &[u8]) -> Result<Vec<u8>, String> {
235
if encrypted.len() < 12 {
236
-
return Err("Encrypted data too short".to_string());
237
}
238
239
let cipher = Aes256Gcm::new_from_slice(&self.key_encryption_key)
240
-
.map_err(|e| format!("Failed to create cipher: {}", e))?;
241
242
#[allow(deprecated)]
243
let nonce = Nonce::from_slice(&encrypted[..12]);
···
245
246
cipher
247
.decrypt(nonce, ciphertext)
248
-
.map_err(|e| format!("Decryption failed: {}", e))
249
}
250
}
251
252
-
pub fn encrypt_key(plaintext: &[u8]) -> Result<Vec<u8>, String> {
253
AuthConfig::get().encrypt_user_key(plaintext)
254
}
255
256
-
pub fn decrypt_key(encrypted: &[u8], version: Option<i32>) -> Result<Vec<u8>, String> {
257
-
match version.unwrap_or(0) {
258
-
0 => Ok(encrypted.to_vec()),
259
-
1 => AuthConfig::get().decrypt_user_key(encrypted),
260
-
v => Err(format!("Unknown encryption version: {}", v)),
261
}
262
}
···
6
use sha2::{Digest, Sha256};
7
use std::sync::OnceLock;
8
9
+
#[derive(Debug)]
10
+
pub enum CryptoError {
11
+
CipherCreationFailed(String),
12
+
EncryptionFailed(String),
13
+
DecryptionFailed(String),
14
+
DataTooShort,
15
+
UnknownEncryptionVersion(i32),
16
+
}
17
+
18
+
impl std::fmt::Display for CryptoError {
19
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
20
+
match self {
21
+
Self::CipherCreationFailed(e) => write!(f, "Failed to create cipher: {}", e),
22
+
Self::EncryptionFailed(e) => write!(f, "Encryption failed: {}", e),
23
+
Self::DecryptionFailed(e) => write!(f, "Decryption failed: {}", e),
24
+
Self::DataTooShort => write!(f, "Encrypted data too short"),
25
+
Self::UnknownEncryptionVersion(v) => write!(f, "Unknown encryption version: {}", v),
26
+
}
27
+
}
28
+
}
29
+
30
+
impl std::error::Error for CryptoError {}
31
+
32
static CONFIG: OnceLock<AuthConfig> = OnceLock::new();
33
34
pub const ENCRYPTION_VERSION: i32 = 1;
···
231
}
232
}
233
234
+
pub fn encrypt_user_key(&self, plaintext: &[u8]) -> Result<Vec<u8>, CryptoError> {
235
use rand::RngCore;
236
237
let cipher = Aes256Gcm::new_from_slice(&self.key_encryption_key)
238
+
.map_err(|e| CryptoError::CipherCreationFailed(e.to_string()))?;
239
240
let mut nonce_bytes = [0u8; 12];
241
rand::thread_rng().fill_bytes(&mut nonce_bytes);
···
245
246
let ciphertext = cipher
247
.encrypt(nonce, plaintext)
248
+
.map_err(|e| CryptoError::EncryptionFailed(e.to_string()))?;
249
250
let mut result = Vec::with_capacity(12 + ciphertext.len());
251
result.extend_from_slice(&nonce_bytes);
···
254
Ok(result)
255
}
256
257
+
pub fn decrypt_user_key(&self, encrypted: &[u8]) -> Result<Vec<u8>, CryptoError> {
258
if encrypted.len() < 12 {
259
+
return Err(CryptoError::DataTooShort);
260
}
261
262
let cipher = Aes256Gcm::new_from_slice(&self.key_encryption_key)
263
+
.map_err(|e| CryptoError::CipherCreationFailed(e.to_string()))?;
264
265
#[allow(deprecated)]
266
let nonce = Nonce::from_slice(&encrypted[..12]);
···
268
269
cipher
270
.decrypt(nonce, ciphertext)
271
+
.map_err(|e| CryptoError::DecryptionFailed(e.to_string()))
272
}
273
}
274
275
+
pub fn encrypt_key(plaintext: &[u8]) -> Result<Vec<u8>, CryptoError> {
276
AuthConfig::get().encrypt_user_key(plaintext)
277
}
278
279
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
280
+
pub enum EncryptionVersion {
281
+
Unencrypted,
282
+
AesGcm,
283
+
}
284
+
285
+
impl EncryptionVersion {
286
+
pub fn from_db(version: Option<i32>) -> Result<Self, CryptoError> {
287
+
match version.unwrap_or(0) {
288
+
0 => Ok(Self::Unencrypted),
289
+
1 => Ok(Self::AesGcm),
290
+
v => Err(CryptoError::UnknownEncryptionVersion(v)),
291
+
}
292
+
}
293
+
294
+
pub fn from_db_required(version: i32) -> Result<Self, CryptoError> {
295
+
Self::from_db(Some(version))
296
+
}
297
+
}
298
+
299
+
pub fn decrypt_key(encrypted: &[u8], version: Option<i32>) -> Result<Vec<u8>, CryptoError> {
300
+
match EncryptionVersion::from_db(version)? {
301
+
EncryptionVersion::Unencrypted => Ok(encrypted.to_vec()),
302
+
EncryptionVersion::AesGcm => AuthConfig::get().decrypt_user_key(encrypted),
303
}
304
}
+12
crates/tranquil-pds/src/delegation/scopes.rs
+12
crates/tranquil-pds/src/delegation/scopes.rs
···
163
fn test_validate_scopes_invalid() {
164
assert!(validate_delegation_scopes("invalid:scope").is_err());
165
}
166
+
167
+
#[test]
168
+
fn test_scope_presets_parse() {
169
+
SCOPE_PRESETS.iter().for_each(|p| {
170
+
validate_delegation_scopes(p.scopes).unwrap_or_else(|e| {
171
+
panic!(
172
+
"preset '{}' has invalid scopes '{}': {}",
173
+
p.name, p.scopes, e
174
+
)
175
+
});
176
+
});
177
+
}
178
}
+8
-4
crates/tranquil-pds/src/image/mod.rs
+8
-4
crates/tranquil-pds/src/image/mod.rs
···
197
max_size: u32,
198
) -> Result<ProcessedImage, ImageError> {
199
let (orig_width, orig_height) = (img.width(), img.height());
200
let (new_width, new_height) = if orig_width > orig_height {
201
-
let ratio = max_size as f64 / orig_width as f64;
202
-
(max_size, (orig_height as f64 * ratio) as u32)
203
} else {
204
-
let ratio = max_size as f64 / orig_height as f64;
205
-
((orig_width as f64 * ratio) as u32, max_size)
206
};
207
let thumb = img.resize(new_width, new_height, FilterType::Lanczos3);
208
self.encode_image(&thumb)
···
197
max_size: u32,
198
) -> Result<ProcessedImage, ImageError> {
199
let (orig_width, orig_height) = (img.width(), img.height());
200
+
let safe_f64_to_u32 =
201
+
|v: f64| -> u32 { u32::try_from(v.round() as u64).unwrap_or(u32::MAX) };
202
let (new_width, new_height) = if orig_width > orig_height {
203
+
let ratio = f64::from(max_size) / f64::from(orig_width);
204
+
let scaled = safe_f64_to_u32((f64::from(orig_height) * ratio).max(1.0));
205
+
(max_size, scaled.min(max_size))
206
} else {
207
+
let ratio = f64::from(max_size) / f64::from(orig_height);
208
+
let scaled = safe_f64_to_u32((f64::from(orig_width) * ratio).max(1.0));
209
+
(scaled.min(max_size), max_size)
210
};
211
let thumb = img.resize(new_width, new_height, FilterType::Lanczos3);
212
self.encode_image(&thumb)
+77
-12
crates/tranquil-pds/src/lib.rs
+77
-12
crates/tranquil-pds/src/lib.rs
···
2
pub mod appview;
3
pub mod auth;
4
pub mod cache;
5
pub mod cid_types;
6
pub mod circuit_breaker;
7
pub mod comms;
···
658
.layer(DefaultBodyLimit::max(64 * 1024)),
659
)
660
.layer(DefaultBodyLimit::max(util::get_max_blob_size()))
661
.layer(middleware::from_fn(metrics::metrics_middleware))
662
.layer(
663
CorsLayer::new()
664
.allow_origin(Any)
665
.allow_methods([Method::GET, Method::POST, Method::OPTIONS])
666
.allow_headers([
667
-
"Authorization".parse().unwrap(),
668
-
"Content-Type".parse().unwrap(),
669
-
"Content-Encoding".parse().unwrap(),
670
-
"Accept-Encoding".parse().unwrap(),
671
-
"DPoP".parse().unwrap(),
672
-
"atproto-proxy".parse().unwrap(),
673
-
"atproto-accept-labelers".parse().unwrap(),
674
-
"x-bsky-topics".parse().unwrap(),
675
])
676
.expose_headers([
677
-
"WWW-Authenticate".parse().unwrap(),
678
-
"DPoP-Nonce".parse().unwrap(),
679
-
"atproto-repo-rev".parse().unwrap(),
680
-
"atproto-content-labelers".parse().unwrap(),
681
]),
682
)
683
.with_state(state)
684
}
···
2
pub mod appview;
3
pub mod auth;
4
pub mod cache;
5
+
pub mod cache_keys;
6
pub mod cid_types;
7
pub mod circuit_breaker;
8
pub mod comms;
···
659
.layer(DefaultBodyLimit::max(64 * 1024)),
660
)
661
.layer(DefaultBodyLimit::max(util::get_max_blob_size()))
662
+
.layer(axum::middleware::map_response(rewrite_422_to_400))
663
.layer(middleware::from_fn(metrics::metrics_middleware))
664
.layer(
665
CorsLayer::new()
666
.allow_origin(Any)
667
.allow_methods([Method::GET, Method::POST, Method::OPTIONS])
668
.allow_headers([
669
+
http::header::AUTHORIZATION,
670
+
http::header::CONTENT_TYPE,
671
+
http::header::CONTENT_ENCODING,
672
+
http::header::ACCEPT_ENCODING,
673
+
util::HEADER_DPOP,
674
+
util::HEADER_ATPROTO_PROXY,
675
+
util::HEADER_ATPROTO_ACCEPT_LABELERS,
676
+
util::HEADER_X_BSKY_TOPICS,
677
])
678
.expose_headers([
679
+
http::header::WWW_AUTHENTICATE,
680
+
util::HEADER_DPOP_NONCE,
681
+
util::HEADER_ATPROTO_REPO_REV,
682
+
util::HEADER_ATPROTO_CONTENT_LABELERS,
683
]),
684
)
685
.with_state(state)
686
}
687
+
688
+
async fn rewrite_422_to_400(response: axum::response::Response) -> axum::response::Response {
689
+
if response.status() != StatusCode::UNPROCESSABLE_ENTITY {
690
+
return response;
691
+
}
692
+
let (mut parts, body) = response.into_parts();
693
+
let bytes = match axum::body::to_bytes(body, 64 * 1024).await {
694
+
Ok(b) => b,
695
+
Err(_) => {
696
+
parts.status = StatusCode::BAD_REQUEST;
697
+
parts.headers.remove(http::header::CONTENT_LENGTH);
698
+
let fallback = json!({"error": "InvalidRequest", "message": "Invalid request body"});
699
+
return axum::response::Response::from_parts(
700
+
parts,
701
+
axum::body::Body::from(serde_json::to_vec(&fallback).unwrap_or_default()),
702
+
);
703
+
}
704
+
};
705
+
let raw = serde_json::from_slice::<serde_json::Value>(&bytes)
706
+
.ok()
707
+
.and_then(|v| v.get("message").and_then(|m| m.as_str()).map(String::from))
708
+
.unwrap_or_else(|| {
709
+
String::from_utf8(bytes.to_vec()).unwrap_or_else(|_| "Invalid request body".into())
710
+
});
711
+
let message = humanize_json_error(&raw);
712
+
713
+
parts.status = StatusCode::BAD_REQUEST;
714
+
parts.headers.remove(http::header::CONTENT_LENGTH);
715
+
let error_name = classify_deserialization_error(&raw);
716
+
let new_body = json!({
717
+
"error": error_name,
718
+
"message": message
719
+
});
720
+
axum::response::Response::from_parts(
721
+
parts,
722
+
axum::body::Body::from(serde_json::to_vec(&new_body).unwrap_or_default()),
723
+
)
724
+
}
725
+
726
+
fn humanize_json_error(raw: &str) -> String {
727
+
if raw.contains("missing field") {
728
+
raw.split("missing field `")
729
+
.nth(1)
730
+
.and_then(|s| s.split('`').next())
731
+
.map(|field| format!("Missing required field: {}", field))
732
+
.unwrap_or_else(|| raw.to_string())
733
+
} else if raw.contains("invalid type") {
734
+
format!("Invalid field type: {}", raw)
735
+
} else if raw.contains("Invalid JSON") || raw.contains("syntax") {
736
+
"Invalid JSON syntax".to_string()
737
+
} else if raw.contains("Content-Type") || raw.contains("content type") {
738
+
"Content-Type must be application/json".to_string()
739
+
} else {
740
+
raw.to_string()
741
+
}
742
+
}
743
+
744
+
fn classify_deserialization_error(raw: &str) -> &'static str {
745
+
match raw {
746
+
s if s.contains("invalid handle") => "InvalidHandle",
747
+
_ => "InvalidRequest",
748
+
}
749
+
}
+1
-1
crates/tranquil-pds/src/oauth/endpoints/par.rs
+1
-1
crates/tranquil-pds/src/oauth/endpoints/par.rs
+58
-34
crates/tranquil-pds/src/oauth/endpoints/token/grants.rs
+58
-34
crates/tranquil-pds/src/oauth/endpoints/token/grants.rs
···
1
use super::helpers::{create_access_token_with_delegation, verify_pkce};
2
-
use super::types::{TokenGrant, TokenResponse, ValidatedTokenRequest};
3
use crate::config::AuthConfig;
4
use crate::delegation::intersect_scopes;
5
use crate::oauth::{
···
12
use crate::state::AppState;
13
use crate::util::pds_hostname;
14
use axum::Json;
15
-
use axum::http::HeaderMap;
16
use chrono::{Duration, Utc};
17
use tranquil_db_traits::RefreshTokenLookup;
18
use tranquil_types::{AuthorizationCode, Did, RefreshToken as RefreshTokenType};
19
20
-
const ACCESS_TOKEN_EXPIRY_SECONDS: i64 = 300;
21
const REFRESH_TOKEN_EXPIRY_DAYS_CONFIDENTIAL: i64 = 60;
22
const REFRESH_TOKEN_EXPIRY_DAYS_PUBLIC: i64 = 14;
23
···
29
) -> Result<(HeaderMap, Json<TokenResponse>), OAuthError> {
30
tracing::info!(
31
has_dpop = dpop_proof.is_some(),
32
-
client_id = ?request.client_auth.client_id,
33
"Authorization code grant requested"
34
);
35
let (code, code_verifier, redirect_uri) = match request.grant {
···
59
.require_authorized()
60
.map_err(|_| OAuthError::InvalidGrant("Authorization not completed".to_string()))?;
61
62
-
if let Some(request_client_id) = &request.client_auth.client_id
63
-
&& request_client_id != &authorized.client_id
64
{
65
return Err(OAuthError::InvalidGrant("client_id mismatch".to_string()));
66
}
67
let did = authorized.did.to_string();
68
let client_metadata_cache = ClientMetadataCache::new(3600);
69
let client_metadata = client_metadata_cache.get(&authorized.client_id).await?;
70
-
let client_auth = if let (Some(assertion), Some(assertion_type)) = (
71
-
&request.client_auth.client_assertion,
72
-
&request.client_auth.client_assertion_type,
73
-
) {
74
-
if assertion_type != "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" {
75
-
return Err(OAuthError::InvalidClient(
76
-
"Unsupported client_assertion_type".to_string(),
77
-
));
78
-
}
79
-
ClientAuth::PrivateKeyJwt {
80
-
client_assertion: assertion.clone(),
81
}
82
-
} else if let Some(secret) = &request.client_auth.client_secret {
83
-
ClientAuth::SecretPost {
84
-
client_secret: secret.clone(),
85
-
}
86
-
} else {
87
-
ClientAuth::None
88
};
89
verify_client_auth(&client_metadata_cache, &client_metadata, &client_auth).await?;
90
verify_pkce(&authorized.parameters.code_challenge, &code_verifier)?;
···
100
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
101
let pds_hostname = pds_hostname();
102
let token_endpoint = format!("https://{}/oauth/token", pds_hostname);
103
-
let result = verifier.verify_proof(proof, "POST", &token_endpoint, None)?;
104
if !state
105
.oauth_repo
106
.check_and_record_dpop_jti(&result.jti)
···
220
let mut response_headers = HeaderMap::new();
221
let config = AuthConfig::get();
222
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
223
-
response_headers.insert("DPoP-Nonce", verifier.generate_nonce().parse().unwrap());
224
Ok((
225
response_headers,
226
Json(TokenResponse {
227
access_token,
228
-
token_type: if dpop_jkt.is_some() { "DPoP" } else { "Bearer" }.to_string(),
229
-
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS as u64,
230
refresh_token: Some(refresh_token.0),
231
scope: final_scope,
232
sub: Some(did),
···
283
let mut response_headers = HeaderMap::new();
284
let config = AuthConfig::get();
285
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
286
-
response_headers.insert("DPoP-Nonce", verifier.generate_nonce().parse().unwrap());
287
return Ok((
288
response_headers,
289
Json(TokenResponse {
290
access_token,
291
-
token_type: if dpop_jkt.is_some() { "DPoP" } else { "Bearer" }.to_string(),
292
-
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS as u64,
293
refresh_token: token_data.current_refresh_token.map(|r| r.0),
294
scope: token_data.scope,
295
sub: Some(token_data.did.to_string()),
···
333
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
334
let pds_hostname = pds_hostname();
335
let token_endpoint = format!("https://{}/oauth/token", pds_hostname);
336
-
let result = verifier.verify_proof(proof, "POST", &token_endpoint, None)?;
337
if !state
338
.oauth_repo
339
.check_and_record_dpop_jti(&result.jti)
···
387
let mut response_headers = HeaderMap::new();
388
let config = AuthConfig::get();
389
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
390
-
response_headers.insert("DPoP-Nonce", verifier.generate_nonce().parse().unwrap());
391
Ok((
392
response_headers,
393
Json(TokenResponse {
394
access_token,
395
-
token_type: if dpop_jkt.is_some() { "DPoP" } else { "Bearer" }.to_string(),
396
-
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS as u64,
397
refresh_token: Some(new_refresh_token.0),
398
scope: token_data.scope,
399
sub: Some(token_data.did.to_string()),
···
1
use super::helpers::{create_access_token_with_delegation, verify_pkce};
2
+
use super::types::{
3
+
RequestClientAuth, TokenGrant, TokenResponse, TokenType, ValidatedTokenRequest,
4
+
};
5
use crate::config::AuthConfig;
6
use crate::delegation::intersect_scopes;
7
use crate::oauth::{
···
14
use crate::state::AppState;
15
use crate::util::pds_hostname;
16
use axum::Json;
17
+
use axum::http::{HeaderMap, Method};
18
use chrono::{Duration, Utc};
19
use tranquil_db_traits::RefreshTokenLookup;
20
use tranquil_types::{AuthorizationCode, Did, RefreshToken as RefreshTokenType};
21
22
+
const ACCESS_TOKEN_EXPIRY_SECONDS: u64 = 300;
23
const REFRESH_TOKEN_EXPIRY_DAYS_CONFIDENTIAL: i64 = 60;
24
const REFRESH_TOKEN_EXPIRY_DAYS_PUBLIC: i64 = 14;
25
···
31
) -> Result<(HeaderMap, Json<TokenResponse>), OAuthError> {
32
tracing::info!(
33
has_dpop = dpop_proof.is_some(),
34
+
client_id = ?request.client_auth.client_id(),
35
"Authorization code grant requested"
36
);
37
let (code, code_verifier, redirect_uri) = match request.grant {
···
61
.require_authorized()
62
.map_err(|_| OAuthError::InvalidGrant("Authorization not completed".to_string()))?;
63
64
+
if let Some(request_client_id) = request.client_auth.client_id()
65
+
&& request_client_id != authorized.client_id
66
{
67
return Err(OAuthError::InvalidGrant("client_id mismatch".to_string()));
68
}
69
let did = authorized.did.to_string();
70
let client_metadata_cache = ClientMetadataCache::new(3600);
71
let client_metadata = client_metadata_cache.get(&authorized.client_id).await?;
72
+
let client_auth = match &request.client_auth {
73
+
RequestClientAuth::PrivateKeyJwt {
74
+
assertion,
75
+
assertion_type,
76
+
..
77
+
} => {
78
+
if assertion_type != "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" {
79
+
return Err(OAuthError::InvalidClient(
80
+
"Unsupported client_assertion_type".to_string(),
81
+
));
82
+
}
83
+
ClientAuth::PrivateKeyJwt {
84
+
client_assertion: assertion.clone(),
85
+
}
86
}
87
+
RequestClientAuth::SecretPost { client_secret, .. } => ClientAuth::SecretPost {
88
+
client_secret: client_secret.clone(),
89
+
},
90
+
RequestClientAuth::None { .. } => ClientAuth::None,
91
};
92
verify_client_auth(&client_metadata_cache, &client_metadata, &client_auth).await?;
93
verify_pkce(&authorized.parameters.code_challenge, &code_verifier)?;
···
103
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
104
let pds_hostname = pds_hostname();
105
let token_endpoint = format!("https://{}/oauth/token", pds_hostname);
106
+
let result = verifier.verify_proof(proof, Method::POST.as_str(), &token_endpoint, None)?;
107
if !state
108
.oauth_repo
109
.check_and_record_dpop_jti(&result.jti)
···
223
let mut response_headers = HeaderMap::new();
224
let config = AuthConfig::get();
225
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
226
+
let nonce = verifier.generate_nonce();
227
+
let nonce_header = nonce.parse().map_err(|_| {
228
+
OAuthError::ServerError("Failed to encode DPoP nonce as header value".to_string())
229
+
})?;
230
+
response_headers.insert("DPoP-Nonce", nonce_header);
231
Ok((
232
response_headers,
233
Json(TokenResponse {
234
access_token,
235
+
token_type: match dpop_jkt {
236
+
Some(_) => TokenType::DPoP,
237
+
None => TokenType::Bearer,
238
+
},
239
+
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS,
240
refresh_token: Some(refresh_token.0),
241
scope: final_scope,
242
sub: Some(did),
···
293
let mut response_headers = HeaderMap::new();
294
let config = AuthConfig::get();
295
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
296
+
let nonce = verifier.generate_nonce();
297
+
let nonce_header = nonce.parse().map_err(|_| {
298
+
OAuthError::ServerError("Failed to encode DPoP nonce as header value".to_string())
299
+
})?;
300
+
response_headers.insert("DPoP-Nonce", nonce_header);
301
return Ok((
302
response_headers,
303
Json(TokenResponse {
304
access_token,
305
+
token_type: match dpop_jkt {
306
+
Some(_) => TokenType::DPoP,
307
+
None => TokenType::Bearer,
308
+
},
309
+
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS,
310
refresh_token: token_data.current_refresh_token.map(|r| r.0),
311
scope: token_data.scope,
312
sub: Some(token_data.did.to_string()),
···
350
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
351
let pds_hostname = pds_hostname();
352
let token_endpoint = format!("https://{}/oauth/token", pds_hostname);
353
+
let result = verifier.verify_proof(proof, Method::POST.as_str(), &token_endpoint, None)?;
354
if !state
355
.oauth_repo
356
.check_and_record_dpop_jti(&result.jti)
···
404
let mut response_headers = HeaderMap::new();
405
let config = AuthConfig::get();
406
let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes());
407
+
let nonce = verifier.generate_nonce();
408
+
let nonce_header = nonce.parse().map_err(|_| {
409
+
OAuthError::ServerError("Failed to encode DPoP nonce as header value".to_string())
410
+
})?;
411
+
response_headers.insert("DPoP-Nonce", nonce_header);
412
Ok((
413
response_headers,
414
Json(TokenResponse {
415
access_token,
416
+
token_type: match dpop_jkt {
417
+
Some(_) => TokenType::DPoP,
418
+
None => TokenType::Bearer,
419
+
},
420
+
expires_in: ACCESS_TOKEN_EXPIRY_SECONDS,
421
refresh_token: Some(new_refresh_token.0),
422
scope: token_data.scope,
423
sub: Some(token_data.did.to_string()),
+8
-2
crates/tranquil-pds/src/oauth/endpoints/token/helpers.rs
+8
-2
crates/tranquil-pds/src/oauth/endpoints/token/helpers.rs
···
77
"alg": "HS256",
78
"typ": "at+jwt"
79
});
80
-
let header_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&header).unwrap());
81
-
let payload_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&payload).unwrap());
82
let signing_input = format!("{}.{}", header_b64, payload_b64);
83
let config = AuthConfig::get();
84
type HmacSha256 = hmac::Hmac<Sha256>;
···
77
"alg": "HS256",
78
"typ": "at+jwt"
79
});
80
+
let header_b64 =
81
+
URL_SAFE_NO_PAD.encode(serde_json::to_string(&header).map_err(|_| {
82
+
OAuthError::ServerError("token header serialization failed".to_string())
83
+
})?);
84
+
let payload_b64 =
85
+
URL_SAFE_NO_PAD.encode(serde_json::to_string(&payload).map_err(|_| {
86
+
OAuthError::ServerError("token payload serialization failed".to_string())
87
+
})?);
88
let signing_input = format!("{}.{}", header_b64, payload_b64);
89
let config = AuthConfig::get();
90
type HmacSha256 = hmac::Hmac<Sha256>;
+2
-2
crates/tranquil-pds/src/oauth/endpoints/token/mod.rs
+2
-2
crates/tranquil-pds/src/oauth/endpoints/token/mod.rs
···
15
IntrospectRequest, IntrospectResponse, RevokeRequest, introspect_token, revoke_token,
16
};
17
pub use types::{
18
-
ClientAuthParams, GrantType, TokenGrant, TokenRequest, TokenResponse, ValidatedTokenRequest,
19
};
20
21
pub async fn token_endpoint(
···
41
));
42
};
43
let dpop_proof = headers
44
-
.get("DPoP")
45
.and_then(|v| v.to_str().ok())
46
.map(|s| s.to_string());
47
let validated = request.validate()?;
···
15
IntrospectRequest, IntrospectResponse, RevokeRequest, introspect_token, revoke_token,
16
};
17
pub use types::{
18
+
GrantType, RequestClientAuth, TokenGrant, TokenRequest, TokenResponse, ValidatedTokenRequest,
19
};
20
21
pub async fn token_endpoint(
···
41
));
42
};
43
let dpop_proof = headers
44
+
.get(crate::util::HEADER_DPOP)
45
.and_then(|v| v.to_str().ok())
46
.map(|s| s.to_string());
47
let validated = request.validate()?;
+70
-43
crates/tranquil-pds/src/oauth/endpoints/token/types.rs
+70
-43
crates/tranquil-pds/src/oauth/endpoints/token/types.rs
···
5
pub enum GrantType {
6
AuthorizationCode,
7
RefreshToken,
8
-
Unsupported(String),
9
}
10
11
impl GrantType {
···
13
match self {
14
Self::AuthorizationCode => "authorization_code",
15
Self::RefreshToken => "refresh_token",
16
-
Self::Unsupported(s) => s,
17
}
18
}
19
}
20
21
-
impl std::str::FromStr for GrantType {
22
-
type Err = std::convert::Infallible;
23
24
-
fn from_str(s: &str) -> Result<Self, Self::Err> {
25
-
Ok(match s {
26
-
"authorization_code" => Self::AuthorizationCode,
27
-
"refresh_token" => Self::RefreshToken,
28
-
other => Self::Unsupported(other.to_string()),
29
-
})
30
}
31
}
32
33
-
impl<'de> Deserialize<'de> for GrantType {
34
-
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
35
-
where
36
-
D: serde::Deserializer<'de>,
37
-
{
38
-
let s = String::deserialize(deserializer)?;
39
-
Ok(s.parse().unwrap())
40
-
}
41
-
}
42
43
-
impl Serialize for GrantType {
44
-
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
45
-
where
46
-
S: serde::Serializer,
47
-
{
48
-
serializer.serialize_str(self.as_str())
49
}
50
}
51
52
#[derive(Debug, Deserialize)]
53
pub struct TokenRequest {
54
-
pub grant_type: GrantType,
55
#[serde(default)]
56
pub code: Option<String>,
57
#[serde(default)]
···
82
},
83
}
84
85
-
#[derive(Debug, Clone, Default)]
86
-
pub struct ClientAuthParams {
87
-
pub client_id: Option<String>,
88
-
pub client_secret: Option<String>,
89
-
pub client_assertion: Option<String>,
90
-
pub client_assertion_type: Option<String>,
91
}
92
93
#[derive(Debug, Clone)]
94
pub struct ValidatedTokenRequest {
95
pub grant: TokenGrant,
96
-
pub client_auth: ClientAuthParams,
97
}
98
99
impl TokenRequest {
100
pub fn validate(self) -> Result<ValidatedTokenRequest, OAuthError> {
101
-
let grant = match self.grant_type {
102
GrantType::AuthorizationCode => {
103
let code = self.code.ok_or_else(|| {
104
OAuthError::InvalidRequest(
···
124
})?;
125
TokenGrant::RefreshToken { refresh_token }
126
}
127
-
GrantType::Unsupported(grant_type) => {
128
-
return Err(OAuthError::UnsupportedGrantType(grant_type));
129
-
}
130
};
131
132
-
let client_auth = ClientAuthParams {
133
-
client_id: self.client_id,
134
-
client_secret: self.client_secret,
135
-
client_assertion: self.client_assertion,
136
-
client_assertion_type: self.client_assertion_type,
137
};
138
139
Ok(ValidatedTokenRequest { grant, client_auth })
140
}
141
}
142
143
#[derive(Debug, Serialize)]
144
pub struct TokenResponse {
145
pub access_token: String,
146
-
pub token_type: String,
147
pub expires_in: u64,
148
#[serde(skip_serializing_if = "Option::is_none")]
149
pub refresh_token: Option<String>,
···
5
pub enum GrantType {
6
AuthorizationCode,
7
RefreshToken,
8
}
9
10
impl GrantType {
···
12
match self {
13
Self::AuthorizationCode => "authorization_code",
14
Self::RefreshToken => "refresh_token",
15
}
16
}
17
}
18
19
+
#[derive(Debug, Clone)]
20
+
pub struct UnsupportedGrantType(pub String);
21
22
+
impl std::fmt::Display for UnsupportedGrantType {
23
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
24
+
write!(f, "unsupported grant type: {}", self.0)
25
}
26
}
27
28
+
impl std::error::Error for UnsupportedGrantType {}
29
+
30
+
impl std::str::FromStr for GrantType {
31
+
type Err = UnsupportedGrantType;
32
33
+
fn from_str(s: &str) -> Result<Self, Self::Err> {
34
+
match s {
35
+
"authorization_code" => Ok(Self::AuthorizationCode),
36
+
"refresh_token" => Ok(Self::RefreshToken),
37
+
other => Err(UnsupportedGrantType(other.to_string())),
38
+
}
39
}
40
}
41
42
#[derive(Debug, Deserialize)]
43
pub struct TokenRequest {
44
+
pub grant_type: String,
45
#[serde(default)]
46
pub code: Option<String>,
47
#[serde(default)]
···
72
},
73
}
74
75
+
#[derive(Debug, Clone)]
76
+
pub enum RequestClientAuth {
77
+
None {
78
+
client_id: Option<String>,
79
+
},
80
+
SecretPost {
81
+
client_id: Option<String>,
82
+
client_secret: String,
83
+
},
84
+
PrivateKeyJwt {
85
+
client_id: Option<String>,
86
+
assertion: String,
87
+
assertion_type: String,
88
+
},
89
+
}
90
+
91
+
impl RequestClientAuth {
92
+
pub fn client_id(&self) -> Option<&str> {
93
+
match self {
94
+
Self::None { client_id }
95
+
| Self::SecretPost { client_id, .. }
96
+
| Self::PrivateKeyJwt { client_id, .. } => client_id.as_deref(),
97
+
}
98
+
}
99
}
100
101
#[derive(Debug, Clone)]
102
pub struct ValidatedTokenRequest {
103
pub grant: TokenGrant,
104
+
pub client_auth: RequestClientAuth,
105
}
106
107
impl TokenRequest {
108
pub fn validate(self) -> Result<ValidatedTokenRequest, OAuthError> {
109
+
let grant_type: GrantType = self
110
+
.grant_type
111
+
.parse()
112
+
.map_err(|e: UnsupportedGrantType| OAuthError::UnsupportedGrantType(e.0))?;
113
+
let grant = match grant_type {
114
GrantType::AuthorizationCode => {
115
let code = self.code.ok_or_else(|| {
116
OAuthError::InvalidRequest(
···
136
})?;
137
TokenGrant::RefreshToken { refresh_token }
138
}
139
};
140
141
+
let client_auth = match (self.client_assertion, self.client_assertion_type) {
142
+
(Some(assertion), Some(assertion_type)) => RequestClientAuth::PrivateKeyJwt {
143
+
client_id: self.client_id,
144
+
assertion,
145
+
assertion_type,
146
+
},
147
+
_ => match self.client_secret {
148
+
Some(secret) => RequestClientAuth::SecretPost {
149
+
client_id: self.client_id,
150
+
client_secret: secret,
151
+
},
152
+
None => RequestClientAuth::None {
153
+
client_id: self.client_id,
154
+
},
155
+
},
156
};
157
158
Ok(ValidatedTokenRequest { grant, client_auth })
159
}
160
}
161
162
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
163
+
#[serde(rename_all = "PascalCase")]
164
+
pub enum TokenType {
165
+
Bearer,
166
+
#[serde(rename = "DPoP")]
167
+
DPoP,
168
+
}
169
+
170
#[derive(Debug, Serialize)]
171
pub struct TokenResponse {
172
pub access_token: String,
173
+
pub token_type: TokenType,
174
pub expires_in: u64,
175
#[serde(skip_serializing_if = "Option::is_none")]
176
pub refresh_token: Option<String>,
+22
-10
crates/tranquil-pds/src/oauth/verify.rs
+22
-10
crates/tranquil-pds/src/oauth/verify.rs
···
12
use tranquil_db_traits::{OAuthRepository, UserRepository};
13
use tranquil_types::{ClientId, TokenId};
14
15
use crate::types::Did;
16
17
use super::scopes::ScopePermissions;
···
217
pub did: Did,
218
pub client_id: Option<ClientId>,
219
pub scope: Option<String>,
220
-
pub is_oauth: bool,
221
pub permissions: ScopePermissions,
222
}
223
···
240
)
241
.into_response();
242
if let Some(nonce) = self.dpop_nonce {
243
-
response
244
-
.headers_mut()
245
-
.insert("DPoP-Nonce", nonce.parse().unwrap());
246
}
247
if let Some(www_auth) = self.www_authenticate {
248
-
response
249
-
.headers_mut()
250
-
.insert("WWW-Authenticate", www_auth.parse().unwrap());
251
}
252
response
253
}
···
289
www_authenticate: None,
290
});
291
};
292
-
let dpop_proof = parts.headers.get("DPoP").and_then(|v| v.to_str().ok());
293
if let Ok(result) = try_legacy_auth(state.user_repo.as_ref(), token).await {
294
return Ok(OAuthUser {
295
did: result.did,
296
client_id: None,
297
scope: None,
298
-
is_oauth: false,
299
permissions: ScopePermissions::default(),
300
});
301
}
···
316
did: result.did,
317
client_id: Some(result.client_id),
318
scope: result.scope,
319
-
is_oauth: true,
320
permissions,
321
})
322
}
···
12
use tranquil_db_traits::{OAuthRepository, UserRepository};
13
use tranquil_types::{ClientId, TokenId};
14
15
+
use crate::auth::AuthSource;
16
use crate::types::Did;
17
18
use super::scopes::ScopePermissions;
···
218
pub did: Did,
219
pub client_id: Option<ClientId>,
220
pub scope: Option<String>,
221
+
pub auth_source: AuthSource,
222
pub permissions: ScopePermissions,
223
}
224
···
241
)
242
.into_response();
243
if let Some(nonce) = self.dpop_nonce {
244
+
match nonce.parse() {
245
+
Ok(val) => {
246
+
response.headers_mut().insert("DPoP-Nonce", val);
247
+
}
248
+
Err(e) => tracing::warn!(error = %e, "DPoP-Nonce header value failed to encode"),
249
+
}
250
}
251
if let Some(www_auth) = self.www_authenticate {
252
+
match www_auth.parse() {
253
+
Ok(val) => {
254
+
response.headers_mut().insert("WWW-Authenticate", val);
255
+
}
256
+
Err(e) => {
257
+
tracing::warn!(error = %e, "WWW-Authenticate header value failed to encode")
258
+
}
259
+
}
260
}
261
response
262
}
···
298
www_authenticate: None,
299
});
300
};
301
+
let dpop_proof = parts
302
+
.headers
303
+
.get(crate::util::HEADER_DPOP)
304
+
.and_then(|v| v.to_str().ok());
305
if let Ok(result) = try_legacy_auth(state.user_repo.as_ref(), token).await {
306
return Ok(OAuthUser {
307
did: result.did,
308
client_id: None,
309
scope: None,
310
+
auth_source: AuthSource::Session,
311
permissions: ScopePermissions::default(),
312
});
313
}
···
328
did: result.did,
329
client_id: Some(result.client_id),
330
scope: result.scope,
331
+
auth_source: AuthSource::OAuth,
332
permissions,
333
})
334
}
+71
-49
crates/tranquil-pds/src/plc/mod.rs
+71
-49
crates/tranquil-pds/src/plc/mod.rs
···
31
CircuitBreakerOpen,
32
}
33
34
#[derive(Debug, Clone, Serialize, Deserialize)]
35
pub struct PlcOperation {
36
#[serde(rename = "type")]
37
-
pub op_type: String,
38
#[serde(rename = "rotationKeys")]
39
pub rotation_keys: Vec<String>,
40
#[serde(rename = "verificationMethods")]
···
50
#[derive(Debug, Clone, Serialize, Deserialize)]
51
pub struct PlcService {
52
#[serde(rename = "type")]
53
-
pub service_type: String,
54
pub endpoint: String,
55
}
56
57
#[derive(Debug, Clone, Serialize, Deserialize)]
58
pub struct PlcTombstone {
59
#[serde(rename = "type")]
60
-
pub op_type: String,
61
pub prev: String,
62
#[serde(skip_serializing_if = "Option::is_none")]
63
pub sig: Option<String>,
···
74
pub fn is_tombstone(&self) -> bool {
75
match self {
76
PlcOpOrTombstone::Tombstone(_) => true,
77
-
PlcOpOrTombstone::Operation(op) => op.op_type == "plc_tombstone",
78
}
79
}
80
}
···
124
}
125
126
pub async fn get_document(&self, did: &str) -> Result<Value, PlcError> {
127
-
let cache_key = format!("plc:doc:{}", did);
128
if let Some(ref cache) = self.cache
129
&& let Some(cached) = cache.get(&cache_key).await
130
&& let Ok(value) = serde_json::from_str(&cached)
···
163
}
164
165
pub async fn get_document_data(&self, did: &str) -> Result<Value, PlcError> {
166
-
let cache_key = format!("plc:data:{}", did);
167
if let Some(ref cache) = self.cache
168
&& let Some(cached) = cache.get(&cache_key).await
169
&& let Ok(value) = serde_json::from_str(&cached)
···
313
}
314
};
315
let new_op = PlcOperation {
316
-
op_type: "plc_operation".to_string(),
317
rotation_keys: rotation_keys.unwrap_or(base_rotation_keys),
318
verification_methods: verification_methods.unwrap_or(base_verification_methods),
319
also_known_as: also_known_as.unwrap_or(base_also_known_as),
···
328
let verifying_key = signing_key.verifying_key();
329
let point = verifying_key.to_encoded_point(true);
330
let compressed_bytes = point.as_bytes();
331
-
let mut prefixed = vec![0xe7, 0x01];
332
prefixed.extend_from_slice(compressed_bytes);
333
let encoded = multibase::encode(multibase::Base::Base58Btc, &prefixed);
334
format!("did:key:{}", encoded)
···
352
services.insert(
353
"atproto_pds".to_string(),
354
PlcService {
355
-
service_type: "AtprotoPersonalDataServer".to_string(),
356
endpoint: pds_endpoint.to_string(),
357
},
358
);
359
let genesis_op = PlcOperation {
360
-
op_type: "plc_operation".to_string(),
361
rotation_keys: vec![rotation_key.to_string()],
362
verification_methods,
363
also_known_as: vec![format!("at://{}", handle)],
···
386
Ok(format!("did:plc:{}", truncated))
387
}
388
389
-
pub fn validate_plc_operation(op: &Value) -> Result<(), PlcError> {
390
let obj = op
391
.as_object()
392
.ok_or_else(|| PlcError::InvalidResponse("Operation must be an object".to_string()))?;
393
-
let op_type = obj
394
.get("type")
395
-
.and_then(|v| v.as_str())
396
.ok_or_else(|| PlcError::InvalidResponse("Missing type field".to_string()))?;
397
-
if op_type != "plc_operation" && op_type != "plc_tombstone" {
398
-
return Err(PlcError::InvalidResponse(format!(
399
"Invalid type: {}",
400
-
op_type
401
-
)));
402
-
}
403
-
if op_type == "plc_operation" {
404
-
if obj.get("rotationKeys").is_none() {
405
-
return Err(PlcError::InvalidResponse(
406
-
"Missing rotationKeys".to_string(),
407
-
));
408
-
}
409
-
if obj.get("verificationMethods").is_none() {
410
-
return Err(PlcError::InvalidResponse(
411
-
"Missing verificationMethods".to_string(),
412
-
));
413
-
}
414
-
if obj.get("alsoKnownAs").is_none() {
415
-
return Err(PlcError::InvalidResponse("Missing alsoKnownAs".to_string()));
416
-
}
417
-
if obj.get("services").is_none() {
418
-
return Err(PlcError::InvalidResponse("Missing services".to_string()));
419
}
420
}
421
if obj.get("sig").is_none() {
422
return Err(PlcError::InvalidResponse("Missing sig".to_string()));
423
}
424
-
Ok(())
425
}
426
427
pub struct PlcValidationContext {
···
435
op: &Value,
436
ctx: &PlcValidationContext,
437
) -> Result<(), PlcError> {
438
-
validate_plc_operation(op)?;
439
let obj = op
440
.as_object()
441
.ok_or_else(|| PlcError::InvalidResponse("Operation must be an object".to_string()))?;
442
-
let op_type = obj.get("type").and_then(|v| v.as_str()).unwrap_or("");
443
-
if op_type != "plc_operation" {
444
-
return Ok(());
445
-
}
446
let rotation_keys = obj
447
.get("rotationKeys")
448
.and_then(|v| v.as_array())
···
489
.get("type")
490
.and_then(|v| v.as_str())
491
.unwrap_or("");
492
-
if service_type != "AtprotoPersonalDataServer" {
493
return Err(PlcError::InvalidResponse(
494
"Incorrect type on atproto_pds service".to_string(),
495
));
···
551
"Invalid did:key data".to_string(),
552
));
553
}
554
-
let (codec, key_bytes) = if decoded[0] == 0xe7 && decoded[1] == 0x01 {
555
-
(0xe701u16, &decoded[2..])
556
} else {
557
return Err(PlcError::InvalidResponse(
558
-
"Unsupported key type in did:key".to_string(),
559
));
560
};
561
-
if codec != 0xe701 {
562
-
return Err(PlcError::InvalidResponse(
563
-
"Only secp256k1 keys are supported".to_string(),
564
-
));
565
-
}
566
let verifying_key = VerifyingKey::from_sec1_bytes(key_bytes)
567
.map_err(|e| PlcError::InvalidResponse(format!("Invalid public key: {}", e)))?;
568
Ok(verifying_key.verify(message, signature).is_ok())
···
31
CircuitBreakerOpen,
32
}
33
34
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
35
+
pub enum PlcOpType {
36
+
#[serde(rename = "plc_operation")]
37
+
Operation,
38
+
#[serde(rename = "plc_tombstone")]
39
+
Tombstone,
40
+
}
41
+
42
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
43
+
pub enum ServiceType {
44
+
#[serde(rename = "AtprotoPersonalDataServer")]
45
+
Pds,
46
+
#[serde(rename = "AtprotoAppView")]
47
+
AppView,
48
+
}
49
+
50
+
impl ServiceType {
51
+
pub fn as_str(self) -> &'static str {
52
+
match self {
53
+
Self::Pds => "AtprotoPersonalDataServer",
54
+
Self::AppView => "AtprotoAppView",
55
+
}
56
+
}
57
+
58
+
pub fn is_pds(self) -> bool {
59
+
matches!(self, Self::Pds)
60
+
}
61
+
}
62
+
63
+
pub const SECP256K1_MULTICODEC_PREFIX: [u8; 2] = [0xe7, 0x01];
64
+
65
#[derive(Debug, Clone, Serialize, Deserialize)]
66
pub struct PlcOperation {
67
#[serde(rename = "type")]
68
+
pub op_type: PlcOpType,
69
#[serde(rename = "rotationKeys")]
70
pub rotation_keys: Vec<String>,
71
#[serde(rename = "verificationMethods")]
···
81
#[derive(Debug, Clone, Serialize, Deserialize)]
82
pub struct PlcService {
83
#[serde(rename = "type")]
84
+
pub service_type: ServiceType,
85
pub endpoint: String,
86
}
87
88
#[derive(Debug, Clone, Serialize, Deserialize)]
89
pub struct PlcTombstone {
90
#[serde(rename = "type")]
91
+
pub op_type: PlcOpType,
92
pub prev: String,
93
#[serde(skip_serializing_if = "Option::is_none")]
94
pub sig: Option<String>,
···
105
pub fn is_tombstone(&self) -> bool {
106
match self {
107
PlcOpOrTombstone::Tombstone(_) => true,
108
+
PlcOpOrTombstone::Operation(op) => op.op_type == PlcOpType::Tombstone,
109
}
110
}
111
}
···
155
}
156
157
pub async fn get_document(&self, did: &str) -> Result<Value, PlcError> {
158
+
let cache_key = crate::cache_keys::plc_doc_key(did);
159
if let Some(ref cache) = self.cache
160
&& let Some(cached) = cache.get(&cache_key).await
161
&& let Ok(value) = serde_json::from_str(&cached)
···
194
}
195
196
pub async fn get_document_data(&self, did: &str) -> Result<Value, PlcError> {
197
+
let cache_key = crate::cache_keys::plc_data_key(did);
198
if let Some(ref cache) = self.cache
199
&& let Some(cached) = cache.get(&cache_key).await
200
&& let Ok(value) = serde_json::from_str(&cached)
···
344
}
345
};
346
let new_op = PlcOperation {
347
+
op_type: PlcOpType::Operation,
348
rotation_keys: rotation_keys.unwrap_or(base_rotation_keys),
349
verification_methods: verification_methods.unwrap_or(base_verification_methods),
350
also_known_as: also_known_as.unwrap_or(base_also_known_as),
···
359
let verifying_key = signing_key.verifying_key();
360
let point = verifying_key.to_encoded_point(true);
361
let compressed_bytes = point.as_bytes();
362
+
let mut prefixed = Vec::from(SECP256K1_MULTICODEC_PREFIX);
363
prefixed.extend_from_slice(compressed_bytes);
364
let encoded = multibase::encode(multibase::Base::Base58Btc, &prefixed);
365
format!("did:key:{}", encoded)
···
383
services.insert(
384
"atproto_pds".to_string(),
385
PlcService {
386
+
service_type: ServiceType::Pds,
387
endpoint: pds_endpoint.to_string(),
388
},
389
);
390
let genesis_op = PlcOperation {
391
+
op_type: PlcOpType::Operation,
392
rotation_keys: vec![rotation_key.to_string()],
393
verification_methods,
394
also_known_as: vec![format!("at://{}", handle)],
···
417
Ok(format!("did:plc:{}", truncated))
418
}
419
420
+
pub fn validate_plc_operation(op: &Value) -> Result<PlcOpType, PlcError> {
421
let obj = op
422
.as_object()
423
.ok_or_else(|| PlcError::InvalidResponse("Operation must be an object".to_string()))?;
424
+
let op_type_str = obj
425
.get("type")
426
.ok_or_else(|| PlcError::InvalidResponse("Missing type field".to_string()))?;
427
+
let op_type: PlcOpType = serde_json::from_value(op_type_str.clone()).map_err(|_| {
428
+
PlcError::InvalidResponse(format!(
429
"Invalid type: {}",
430
+
op_type_str.as_str().unwrap_or("<non-string>")
431
+
))
432
+
})?;
433
+
match op_type {
434
+
PlcOpType::Operation => {
435
+
let required_fields = [
436
+
"rotationKeys",
437
+
"verificationMethods",
438
+
"alsoKnownAs",
439
+
"services",
440
+
];
441
+
required_fields.iter().try_for_each(|field| {
442
+
obj.get(*field)
443
+
.map(|_| ())
444
+
.ok_or_else(|| PlcError::InvalidResponse(format!("Missing {}", field)))
445
+
})?;
446
}
447
+
PlcOpType::Tombstone => {}
448
}
449
if obj.get("sig").is_none() {
450
return Err(PlcError::InvalidResponse("Missing sig".to_string()));
451
}
452
+
Ok(op_type)
453
}
454
455
pub struct PlcValidationContext {
···
463
op: &Value,
464
ctx: &PlcValidationContext,
465
) -> Result<(), PlcError> {
466
+
let op_type = validate_plc_operation(op)?;
467
+
if op_type != PlcOpType::Operation {
468
+
return Ok(());
469
+
}
470
let obj = op
471
.as_object()
472
.ok_or_else(|| PlcError::InvalidResponse("Operation must be an object".to_string()))?;
473
let rotation_keys = obj
474
.get("rotationKeys")
475
.and_then(|v| v.as_array())
···
516
.get("type")
517
.and_then(|v| v.as_str())
518
.unwrap_or("");
519
+
if service_type != ServiceType::Pds.as_str() {
520
return Err(PlcError::InvalidResponse(
521
"Incorrect type on atproto_pds service".to_string(),
522
));
···
578
"Invalid did:key data".to_string(),
579
));
580
}
581
+
let key_bytes = if decoded.starts_with(&SECP256K1_MULTICODEC_PREFIX) {
582
+
&decoded[SECP256K1_MULTICODEC_PREFIX.len()..]
583
} else {
584
return Err(PlcError::InvalidResponse(
585
+
"Unsupported key type in did:key (expected secp256k1)".to_string(),
586
));
587
};
588
let verifying_key = VerifyingKey::from_sec1_bytes(key_bytes)
589
.map_err(|e| PlcError::InvalidResponse(format!("Invalid public key: {}", e)))?;
590
Ok(verifying_key.verify(message, signature).is_ok())
+29
-29
crates/tranquil-pds/src/rate_limit/mod.rs
+29
-29
crates/tranquil-pds/src/rate_limit/mod.rs
···
46
pub fn new() -> Self {
47
Self {
48
login: Arc::new(RateLimiter::keyed(Quota::per_minute(
49
-
NonZeroU32::new(10).unwrap(),
50
))),
51
oauth_token: Arc::new(RateLimiter::keyed(Quota::per_minute(
52
-
NonZeroU32::new(300).unwrap(),
53
))),
54
oauth_authorize: Arc::new(RateLimiter::keyed(Quota::per_minute(
55
-
NonZeroU32::new(10).unwrap(),
56
))),
57
password_reset: Arc::new(RateLimiter::keyed(Quota::per_hour(
58
-
NonZeroU32::new(5).unwrap(),
59
))),
60
account_creation: Arc::new(RateLimiter::keyed(Quota::per_hour(
61
-
NonZeroU32::new(10).unwrap(),
62
))),
63
refresh_session: Arc::new(RateLimiter::keyed(Quota::per_minute(
64
-
NonZeroU32::new(60).unwrap(),
65
))),
66
reset_password: Arc::new(RateLimiter::keyed(Quota::per_minute(
67
-
NonZeroU32::new(10).unwrap(),
68
))),
69
oauth_par: Arc::new(RateLimiter::keyed(Quota::per_minute(
70
-
NonZeroU32::new(30).unwrap(),
71
))),
72
oauth_introspect: Arc::new(RateLimiter::keyed(Quota::per_minute(
73
-
NonZeroU32::new(30).unwrap(),
74
))),
75
app_password: Arc::new(RateLimiter::keyed(Quota::per_minute(
76
-
NonZeroU32::new(10).unwrap(),
77
))),
78
email_update: Arc::new(RateLimiter::keyed(Quota::per_hour(
79
-
NonZeroU32::new(5).unwrap(),
80
))),
81
totp_verify: Arc::new(RateLimiter::keyed(
82
Quota::with_period(std::time::Duration::from_secs(60))
83
.unwrap()
84
-
.allow_burst(NonZeroU32::new(5).unwrap()),
85
)),
86
handle_update: Arc::new(RateLimiter::keyed(
87
Quota::with_period(std::time::Duration::from_secs(30))
88
.unwrap()
89
-
.allow_burst(NonZeroU32::new(10).unwrap()),
90
)),
91
handle_update_daily: Arc::new(RateLimiter::keyed(
92
Quota::with_period(std::time::Duration::from_secs(1728))
93
.unwrap()
94
-
.allow_burst(NonZeroU32::new(50).unwrap()),
95
)),
96
verification_check: Arc::new(RateLimiter::keyed(Quota::per_minute(
97
-
NonZeroU32::new(60).unwrap(),
98
))),
99
sso_initiate: Arc::new(RateLimiter::keyed(Quota::per_minute(
100
-
NonZeroU32::new(10).unwrap(),
101
))),
102
sso_callback: Arc::new(RateLimiter::keyed(Quota::per_minute(
103
-
NonZeroU32::new(30).unwrap(),
104
))),
105
sso_unlink: Arc::new(RateLimiter::keyed(Quota::per_minute(
106
-
NonZeroU32::new(10).unwrap(),
107
))),
108
oauth_register_complete: Arc::new(RateLimiter::keyed(
109
Quota::with_period(std::time::Duration::from_secs(60))
110
.unwrap()
111
-
.allow_burst(NonZeroU32::new(5).unwrap()),
112
)),
113
handle_verification: Arc::new(RateLimiter::keyed(Quota::per_minute(
114
-
NonZeroU32::new(10).unwrap(),
115
))),
116
}
117
}
118
119
pub fn with_login_limit(mut self, per_minute: u32) -> Self {
120
self.login = Arc::new(RateLimiter::keyed(Quota::per_minute(
121
-
NonZeroU32::new(per_minute).unwrap_or(NonZeroU32::new(10).unwrap()),
122
)));
123
self
124
}
125
126
pub fn with_oauth_token_limit(mut self, per_minute: u32) -> Self {
127
self.oauth_token = Arc::new(RateLimiter::keyed(Quota::per_minute(
128
-
NonZeroU32::new(per_minute).unwrap_or(NonZeroU32::new(30).unwrap()),
129
)));
130
self
131
}
132
133
pub fn with_oauth_authorize_limit(mut self, per_minute: u32) -> Self {
134
self.oauth_authorize = Arc::new(RateLimiter::keyed(Quota::per_minute(
135
-
NonZeroU32::new(per_minute).unwrap_or(NonZeroU32::new(10).unwrap()),
136
)));
137
self
138
}
139
140
pub fn with_password_reset_limit(mut self, per_hour: u32) -> Self {
141
self.password_reset = Arc::new(RateLimiter::keyed(Quota::per_hour(
142
-
NonZeroU32::new(per_hour).unwrap_or(NonZeroU32::new(5).unwrap()),
143
)));
144
self
145
}
146
147
pub fn with_account_creation_limit(mut self, per_hour: u32) -> Self {
148
self.account_creation = Arc::new(RateLimiter::keyed(Quota::per_hour(
149
-
NonZeroU32::new(per_hour).unwrap_or(NonZeroU32::new(10).unwrap()),
150
)));
151
self
152
}
153
154
pub fn with_email_update_limit(mut self, per_hour: u32) -> Self {
155
self.email_update = Arc::new(RateLimiter::keyed(Quota::per_hour(
156
-
NonZeroU32::new(per_hour).unwrap_or(NonZeroU32::new(5).unwrap()),
157
)));
158
self
159
}
160
161
pub fn with_sso_initiate_limit(mut self, per_minute: u32) -> Self {
162
self.sso_initiate = Arc::new(RateLimiter::keyed(Quota::per_minute(
163
-
NonZeroU32::new(per_minute).unwrap_or(NonZeroU32::new(10).unwrap()),
164
)));
165
self
166
}
···
178
179
#[test]
180
fn test_rate_limiter_exhaustion() {
181
-
let limiter = RateLimiter::keyed(Quota::per_minute(NonZeroU32::new(2).unwrap()));
182
let key = "test_ip".to_string();
183
184
assert!(limiter.check_key(&key).is_ok());
···
188
189
#[test]
190
fn test_different_keys_have_separate_limits() {
191
-
let limiter = RateLimiter::keyed(Quota::per_minute(NonZeroU32::new(1).unwrap()));
192
193
assert!(limiter.check_key(&"ip1".to_string()).is_ok());
194
assert!(limiter.check_key(&"ip1".to_string()).is_err());
···
46
pub fn new() -> Self {
47
Self {
48
login: Arc::new(RateLimiter::keyed(Quota::per_minute(
49
+
const { NonZeroU32::new(10).unwrap() },
50
))),
51
oauth_token: Arc::new(RateLimiter::keyed(Quota::per_minute(
52
+
const { NonZeroU32::new(300).unwrap() },
53
))),
54
oauth_authorize: Arc::new(RateLimiter::keyed(Quota::per_minute(
55
+
const { NonZeroU32::new(10).unwrap() },
56
))),
57
password_reset: Arc::new(RateLimiter::keyed(Quota::per_hour(
58
+
const { NonZeroU32::new(5).unwrap() },
59
))),
60
account_creation: Arc::new(RateLimiter::keyed(Quota::per_hour(
61
+
const { NonZeroU32::new(10).unwrap() },
62
))),
63
refresh_session: Arc::new(RateLimiter::keyed(Quota::per_minute(
64
+
const { NonZeroU32::new(60).unwrap() },
65
))),
66
reset_password: Arc::new(RateLimiter::keyed(Quota::per_minute(
67
+
const { NonZeroU32::new(10).unwrap() },
68
))),
69
oauth_par: Arc::new(RateLimiter::keyed(Quota::per_minute(
70
+
const { NonZeroU32::new(30).unwrap() },
71
))),
72
oauth_introspect: Arc::new(RateLimiter::keyed(Quota::per_minute(
73
+
const { NonZeroU32::new(30).unwrap() },
74
))),
75
app_password: Arc::new(RateLimiter::keyed(Quota::per_minute(
76
+
const { NonZeroU32::new(10).unwrap() },
77
))),
78
email_update: Arc::new(RateLimiter::keyed(Quota::per_hour(
79
+
const { NonZeroU32::new(5).unwrap() },
80
))),
81
totp_verify: Arc::new(RateLimiter::keyed(
82
Quota::with_period(std::time::Duration::from_secs(60))
83
.unwrap()
84
+
.allow_burst(const { NonZeroU32::new(5).unwrap() }),
85
)),
86
handle_update: Arc::new(RateLimiter::keyed(
87
Quota::with_period(std::time::Duration::from_secs(30))
88
.unwrap()
89
+
.allow_burst(const { NonZeroU32::new(10).unwrap() }),
90
)),
91
handle_update_daily: Arc::new(RateLimiter::keyed(
92
Quota::with_period(std::time::Duration::from_secs(1728))
93
.unwrap()
94
+
.allow_burst(const { NonZeroU32::new(50).unwrap() }),
95
)),
96
verification_check: Arc::new(RateLimiter::keyed(Quota::per_minute(
97
+
const { NonZeroU32::new(60).unwrap() },
98
))),
99
sso_initiate: Arc::new(RateLimiter::keyed(Quota::per_minute(
100
+
const { NonZeroU32::new(10).unwrap() },
101
))),
102
sso_callback: Arc::new(RateLimiter::keyed(Quota::per_minute(
103
+
const { NonZeroU32::new(30).unwrap() },
104
))),
105
sso_unlink: Arc::new(RateLimiter::keyed(Quota::per_minute(
106
+
const { NonZeroU32::new(10).unwrap() },
107
))),
108
oauth_register_complete: Arc::new(RateLimiter::keyed(
109
Quota::with_period(std::time::Duration::from_secs(60))
110
.unwrap()
111
+
.allow_burst(const { NonZeroU32::new(5).unwrap() }),
112
)),
113
handle_verification: Arc::new(RateLimiter::keyed(Quota::per_minute(
114
+
const { NonZeroU32::new(10).unwrap() },
115
))),
116
}
117
}
118
119
pub fn with_login_limit(mut self, per_minute: u32) -> Self {
120
self.login = Arc::new(RateLimiter::keyed(Quota::per_minute(
121
+
NonZeroU32::new(per_minute).unwrap_or(const { NonZeroU32::new(10).unwrap() }),
122
)));
123
self
124
}
125
126
pub fn with_oauth_token_limit(mut self, per_minute: u32) -> Self {
127
self.oauth_token = Arc::new(RateLimiter::keyed(Quota::per_minute(
128
+
NonZeroU32::new(per_minute).unwrap_or(const { NonZeroU32::new(30).unwrap() }),
129
)));
130
self
131
}
132
133
pub fn with_oauth_authorize_limit(mut self, per_minute: u32) -> Self {
134
self.oauth_authorize = Arc::new(RateLimiter::keyed(Quota::per_minute(
135
+
NonZeroU32::new(per_minute).unwrap_or(const { NonZeroU32::new(10).unwrap() }),
136
)));
137
self
138
}
139
140
pub fn with_password_reset_limit(mut self, per_hour: u32) -> Self {
141
self.password_reset = Arc::new(RateLimiter::keyed(Quota::per_hour(
142
+
NonZeroU32::new(per_hour).unwrap_or(const { NonZeroU32::new(5).unwrap() }),
143
)));
144
self
145
}
146
147
pub fn with_account_creation_limit(mut self, per_hour: u32) -> Self {
148
self.account_creation = Arc::new(RateLimiter::keyed(Quota::per_hour(
149
+
NonZeroU32::new(per_hour).unwrap_or(const { NonZeroU32::new(10).unwrap() }),
150
)));
151
self
152
}
153
154
pub fn with_email_update_limit(mut self, per_hour: u32) -> Self {
155
self.email_update = Arc::new(RateLimiter::keyed(Quota::per_hour(
156
+
NonZeroU32::new(per_hour).unwrap_or(const { NonZeroU32::new(5).unwrap() }),
157
)));
158
self
159
}
160
161
pub fn with_sso_initiate_limit(mut self, per_minute: u32) -> Self {
162
self.sso_initiate = Arc::new(RateLimiter::keyed(Quota::per_minute(
163
+
NonZeroU32::new(per_minute).unwrap_or(const { NonZeroU32::new(10).unwrap() }),
164
)));
165
self
166
}
···
178
179
#[test]
180
fn test_rate_limiter_exhaustion() {
181
+
let limiter = RateLimiter::keyed(Quota::per_minute(const { NonZeroU32::new(2).unwrap() }));
182
let key = "test_ip".to_string();
183
184
assert!(limiter.check_key(&key).is_ok());
···
188
189
#[test]
190
fn test_different_keys_have_separate_limits() {
191
+
let limiter = RateLimiter::keyed(Quota::per_minute(const { NonZeroU32::new(1).unwrap() }));
192
193
assert!(limiter.check_key(&"ip1".to_string()).is_ok());
194
assert!(limiter.check_key(&"ip1".to_string()).is_err());
+121
-55
crates/tranquil-pds/src/scheduled.rs
+121
-55
crates/tranquil-pds/src/scheduled.rs
···
1
use cid::Cid;
2
use ipld_core::ipld::Ipld;
3
use jacquard_repo::commit::Commit;
···
18
use crate::storage::{BackupStorage, BlobStorage, backup_interval_secs, backup_retention_count};
19
use crate::sync::car::encode_car_header;
20
21
async fn process_genesis_commit(
22
repo_repo: &dyn RepoRepository,
23
block_store: &PostgresBlockStore,
24
row: BrokenGenesisCommit,
25
-
) -> Result<(Did, SequenceNumber), (SequenceNumber, &'static str)> {
26
-
let commit_cid_str = row.commit_cid.ok_or((row.seq, "missing commit_cid"))?;
27
-
let commit_cid = Cid::from_str(&commit_cid_str).map_err(|_| (row.seq, "invalid CID"))?;
28
let block = block_store
29
.get(&commit_cid)
30
.await
31
-
.map_err(|_| (row.seq, "failed to fetch block"))?
32
-
.ok_or((row.seq, "block not found"))?;
33
-
let commit = Commit::from_cbor(&block).map_err(|_| (row.seq, "failed to parse commit"))?;
34
let blocks_cids = vec![commit.data.to_string(), commit_cid.to_string()];
35
repo_repo
36
.update_seq_blocks_cids(row.seq, &blocks_cids)
37
.await
38
-
.map_err(|_| (row.seq, "failed to update"))?;
39
Ok((row.did, row.seq))
40
}
41
···
79
Err((seq, reason)) => {
80
warn!(
81
seq = seq.as_i64(),
82
-
reason = reason,
83
"Failed to process genesis commit"
84
);
85
(s, f + 1)
···
99
repo_root_cid: String,
100
) -> Result<uuid::Uuid, uuid::Uuid> {
101
let cid = Cid::from_str(&repo_root_cid).map_err(|_| user_id)?;
102
-
let block = block_store.get(&cid).await.ok().flatten().ok_or(user_id)?;
103
let commit = Commit::from_cbor(&block).map_err(|_| user_id)?;
104
let rev = commit.rev().to_string();
105
repo_repo
···
235
pub async fn collect_current_repo_blocks(
236
block_store: &PostgresBlockStore,
237
head_cid: &Cid,
238
-
) -> Result<Vec<Vec<u8>>, String> {
239
let mut block_cids: Vec<Vec<u8>> = Vec::new();
240
let mut to_visit = vec![*head_cid];
241
let mut visited = std::collections::HashSet::new();
···
250
let block = match block_store.get(&cid).await {
251
Ok(Some(b)) => b,
252
Ok(None) => continue,
253
-
Err(e) => return Err(format!("Failed to get block {}: {:?}", cid, e)),
254
};
255
256
if let Ok(commit) = Commit::from_cbor(&block) {
···
308
Some(
309
blob_refs
310
.into_iter()
311
-
.map(|blob_ref| {
312
let record_uri = AtUri::from_parts(
313
did.as_str(),
314
record.collection.as_str(),
315
record.rkey.as_str(),
316
);
317
-
(record_uri, unsafe { CidLink::new_unchecked(blob_ref.cid) })
318
})
319
.collect::<Vec<_>>(),
320
)
···
462
user_repo: &dyn UserRepository,
463
blob_repo: &dyn BlobRepository,
464
blob_store: &dyn BlobStorage,
465
-
) -> Result<(), String> {
466
let accounts_to_delete = user_repo
467
.get_accounts_scheduled_for_deletion(100)
468
.await
469
-
.map_err(|e| format!("DB error fetching accounts to delete: {:?}", e))?;
470
471
if accounts_to_delete.is_empty() {
472
debug!("No accounts scheduled for deletion");
···
501
blob_store: &dyn BlobStorage,
502
user_id: uuid::Uuid,
503
did: &Did,
504
-
) -> Result<(), String> {
505
let blob_storage_keys = blob_repo
506
.get_blob_storage_keys_by_user(user_id)
507
.await
508
-
.map_err(|e| format!("DB error fetching blob keys: {:?}", e))?;
509
510
futures::future::join_all(blob_storage_keys.iter().map(|storage_key| async move {
511
(storage_key, blob_store.delete(storage_key).await)
···
520
let _account_seq = user_repo
521
.delete_account_with_firehose(user_id, did)
522
.await
523
-
.map_err(|e| format!("Failed to delete account: {:?}", e))?;
524
525
info!(
526
did = %did,
···
570
}
571
572
struct BackupResult {
573
-
did: String,
574
repo_rev: String,
575
size_bytes: i64,
576
block_count: i32,
···
579
580
enum BackupOutcome {
581
Success(BackupResult),
582
-
Skipped(String, &'static str),
583
-
Failed(String, String),
584
}
585
586
#[allow(clippy::too_many_arguments)]
···
590
block_store: &PostgresBlockStore,
591
backup_storage: &dyn BackupStorage,
592
user_id: uuid::Uuid,
593
-
did: String,
594
repo_root_cid: String,
595
repo_rev: Option<String>,
596
) -> BackupOutcome {
···
610
};
611
612
let block_count = count_car_blocks(&car_bytes);
613
-
let size_bytes = car_bytes.len() as i64;
614
615
-
let storage_key = match backup_storage.put_backup(&did, &repo_rev, &car_bytes).await {
616
Ok(key) => key,
617
Err(e) => return BackupOutcome::Failed(did, format!("S3 upload: {}", e)),
618
};
···
653
backup_repo: &dyn BackupRepository,
654
block_store: &PostgresBlockStore,
655
backup_storage: &dyn BackupStorage,
656
-
) -> Result<(), String> {
657
-
let interval_secs = backup_interval_secs() as i64;
658
let retention = backup_retention_count();
659
660
let users_needing_backup = backup_repo
661
.get_users_needing_backup(interval_secs, 50)
662
.await
663
-
.map_err(|e| format!("DB error fetching users for backup: {:?}", e))?;
664
665
if users_needing_backup.is_empty() {
666
debug!("No accounts need backup");
···
679
block_store,
680
backup_storage,
681
user.id,
682
-
user.did.to_string(),
683
user.repo_root_cid.to_string(),
684
user.repo_rev,
685
)
···
719
pub async fn generate_repo_car(
720
block_store: &PostgresBlockStore,
721
head_cid: &Cid,
722
-
) -> Result<Vec<u8>, String> {
723
use jacquard_repo::storage::BlockStore;
724
725
let block_cids_bytes = collect_current_repo_blocks(block_store, head_cid).await?;
726
let block_cids: Vec<Cid> = block_cids_bytes
727
.iter()
728
-
.filter_map(|b| Cid::try_from(b.as_slice()).ok())
729
.collect();
730
731
-
let car_bytes =
732
-
encode_car_header(head_cid).map_err(|e| format!("Failed to encode CAR header: {}", e))?;
733
734
let blocks = block_store
735
.get_many(&block_cids)
736
.await
737
-
.map_err(|e| format!("Failed to fetch blocks: {:?}", e))?;
738
739
let car_bytes = block_cids
740
.iter()
···
753
let cid_bytes = cid.to_bytes();
754
let total_len = cid_bytes.len() + block.len();
755
let mut writer = Vec::new();
756
-
crate::sync::car::write_varint(&mut writer, total_len as u64)
757
.expect("Writing to Vec<u8> should never fail");
758
writer
759
.write_all(&cid_bytes)
···
769
block_store: &PostgresBlockStore,
770
user_id: uuid::Uuid,
771
_head_cid: &Cid,
772
-
) -> Result<Vec<u8>, String> {
773
use std::str::FromStr;
774
775
let repo_root_cid_str: String = repo_repo
776
.get_repo_root_cid_by_user_id(user_id)
777
.await
778
-
.map_err(|e| format!("Failed to fetch repo: {:?}", e))?
779
-
.ok_or_else(|| "Repository not found".to_string())?
780
.to_string();
781
782
-
let actual_head_cid =
783
-
Cid::from_str(&repo_root_cid_str).map_err(|e| format!("Invalid repo_root_cid: {}", e))?;
784
785
generate_repo_car(block_store, &actual_head_cid).await
786
}
···
790
block_store: &PostgresBlockStore,
791
user_id: uuid::Uuid,
792
head_cid: &Cid,
793
-
) -> Result<Vec<u8>, String> {
794
generate_repo_car_from_user_blocks(repo_repo, block_store, user_id, head_cid).await
795
}
796
797
pub fn count_car_blocks(car_bytes: &[u8]) -> i32 {
798
-
let mut count = 0;
799
-
let mut pos = 0;
800
801
if let Some((header_len, header_varint_len)) = read_varint(&car_bytes[pos..]) {
802
-
pos += header_varint_len + header_len as usize;
803
} else {
804
return 0;
805
}
806
807
while pos < car_bytes.len() {
808
if let Some((block_len, varint_len)) = read_varint(&car_bytes[pos..]) {
809
-
pos += varint_len + block_len as usize;
810
-
count += 1;
811
} else {
812
break;
813
}
···
839
backup_storage: &dyn BackupStorage,
840
user_id: uuid::Uuid,
841
retention_count: u32,
842
-
) -> Result<(), String> {
843
let old_backups = backup_repo
844
-
.get_old_backups(user_id, retention_count as i64)
845
.await
846
-
.map_err(|e| format!("DB error fetching old backups: {:?}", e))?;
847
848
let results = futures::future::join_all(old_backups.into_iter().map(|backup| async move {
849
match backup_storage.delete_backup(&backup.storage_key).await {
850
-
Ok(()) => match backup_repo.delete_backup(backup.id).await {
851
-
Ok(()) => Ok(()),
852
-
Err(e) => Err(format!(
853
-
"DB delete failed for {}: {:?}",
854
-
backup.storage_key, e
855
-
)),
856
-
},
857
Err(e) => {
858
warn!(
859
storage_key = %backup.storage_key,
···
1
+
use anyhow::Context;
2
use cid::Cid;
3
use ipld_core::ipld::Ipld;
4
use jacquard_repo::commit::Commit;
···
19
use crate::storage::{BackupStorage, BlobStorage, backup_interval_secs, backup_retention_count};
20
use crate::sync::car::encode_car_header;
21
22
+
#[derive(Debug)]
23
+
enum GenesisBackfillError {
24
+
MissingCommitCid,
25
+
InvalidCid,
26
+
BlockFetchFailed,
27
+
BlockNotFound,
28
+
CommitParseFailed,
29
+
UpdateFailed,
30
+
}
31
+
32
+
impl std::fmt::Display for GenesisBackfillError {
33
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
34
+
match self {
35
+
Self::MissingCommitCid => f.write_str("missing commit_cid"),
36
+
Self::InvalidCid => f.write_str("invalid CID"),
37
+
Self::BlockFetchFailed => f.write_str("failed to fetch block"),
38
+
Self::BlockNotFound => f.write_str("block not found"),
39
+
Self::CommitParseFailed => f.write_str("failed to parse commit"),
40
+
Self::UpdateFailed => f.write_str("failed to update"),
41
+
}
42
+
}
43
+
}
44
+
45
async fn process_genesis_commit(
46
repo_repo: &dyn RepoRepository,
47
block_store: &PostgresBlockStore,
48
row: BrokenGenesisCommit,
49
+
) -> Result<(Did, SequenceNumber), (SequenceNumber, GenesisBackfillError)> {
50
+
let commit_cid_str = row
51
+
.commit_cid
52
+
.ok_or((row.seq, GenesisBackfillError::MissingCommitCid))?;
53
+
let commit_cid =
54
+
Cid::from_str(&commit_cid_str).map_err(|_| (row.seq, GenesisBackfillError::InvalidCid))?;
55
let block = block_store
56
.get(&commit_cid)
57
.await
58
+
.map_err(|_| (row.seq, GenesisBackfillError::BlockFetchFailed))?
59
+
.ok_or((row.seq, GenesisBackfillError::BlockNotFound))?;
60
+
let commit = Commit::from_cbor(&block)
61
+
.map_err(|_| (row.seq, GenesisBackfillError::CommitParseFailed))?;
62
let blocks_cids = vec![commit.data.to_string(), commit_cid.to_string()];
63
repo_repo
64
.update_seq_blocks_cids(row.seq, &blocks_cids)
65
.await
66
+
.map_err(|_| (row.seq, GenesisBackfillError::UpdateFailed))?;
67
Ok((row.did, row.seq))
68
}
69
···
107
Err((seq, reason)) => {
108
warn!(
109
seq = seq.as_i64(),
110
+
reason = %reason,
111
"Failed to process genesis commit"
112
);
113
(s, f + 1)
···
127
repo_root_cid: String,
128
) -> Result<uuid::Uuid, uuid::Uuid> {
129
let cid = Cid::from_str(&repo_root_cid).map_err(|_| user_id)?;
130
+
let block = match block_store.get(&cid).await {
131
+
Ok(Some(b)) => b,
132
+
Ok(None) => {
133
+
tracing::warn!(user_id = %user_id, cid = %cid, "block not found for repo rev backfill");
134
+
return Err(user_id);
135
+
}
136
+
Err(e) => {
137
+
tracing::warn!(user_id = %user_id, cid = %cid, error = %e, "block store error during repo rev backfill");
138
+
return Err(user_id);
139
+
}
140
+
};
141
let commit = Commit::from_cbor(&block).map_err(|_| user_id)?;
142
let rev = commit.rev().to_string();
143
repo_repo
···
273
pub async fn collect_current_repo_blocks(
274
block_store: &PostgresBlockStore,
275
head_cid: &Cid,
276
+
) -> anyhow::Result<Vec<Vec<u8>>> {
277
let mut block_cids: Vec<Vec<u8>> = Vec::new();
278
let mut to_visit = vec![*head_cid];
279
let mut visited = std::collections::HashSet::new();
···
288
let block = match block_store.get(&cid).await {
289
Ok(Some(b)) => b,
290
Ok(None) => continue,
291
+
Err(e) => anyhow::bail!("Failed to get block {}: {:?}", cid, e),
292
};
293
294
if let Ok(commit) = Commit::from_cbor(&block) {
···
346
Some(
347
blob_refs
348
.into_iter()
349
+
.filter_map(|blob_ref| {
350
let record_uri = AtUri::from_parts(
351
did.as_str(),
352
record.collection.as_str(),
353
record.rkey.as_str(),
354
);
355
+
match CidLink::new(&blob_ref.cid) {
356
+
Ok(cid_link) => Some((record_uri, cid_link)),
357
+
Err(_) => {
358
+
tracing::warn!(cid = %blob_ref.cid, "skipping unparseable blob CID in record blob backfill");
359
+
None
360
+
}
361
+
}
362
})
363
.collect::<Vec<_>>(),
364
)
···
506
user_repo: &dyn UserRepository,
507
blob_repo: &dyn BlobRepository,
508
blob_store: &dyn BlobStorage,
509
+
) -> anyhow::Result<()> {
510
let accounts_to_delete = user_repo
511
.get_accounts_scheduled_for_deletion(100)
512
.await
513
+
.context("DB error fetching accounts to delete")?;
514
515
if accounts_to_delete.is_empty() {
516
debug!("No accounts scheduled for deletion");
···
545
blob_store: &dyn BlobStorage,
546
user_id: uuid::Uuid,
547
did: &Did,
548
+
) -> anyhow::Result<()> {
549
let blob_storage_keys = blob_repo
550
.get_blob_storage_keys_by_user(user_id)
551
.await
552
+
.context("DB error fetching blob keys")?;
553
554
futures::future::join_all(blob_storage_keys.iter().map(|storage_key| async move {
555
(storage_key, blob_store.delete(storage_key).await)
···
564
let _account_seq = user_repo
565
.delete_account_with_firehose(user_id, did)
566
.await
567
+
.context("Failed to delete account")?;
568
569
info!(
570
did = %did,
···
614
}
615
616
struct BackupResult {
617
+
did: Did,
618
repo_rev: String,
619
size_bytes: i64,
620
block_count: i32,
···
623
624
enum BackupOutcome {
625
Success(BackupResult),
626
+
Skipped(Did, &'static str),
627
+
Failed(Did, String),
628
}
629
630
#[allow(clippy::too_many_arguments)]
···
634
block_store: &PostgresBlockStore,
635
backup_storage: &dyn BackupStorage,
636
user_id: uuid::Uuid,
637
+
did: Did,
638
repo_root_cid: String,
639
repo_rev: Option<String>,
640
) -> BackupOutcome {
···
654
};
655
656
let block_count = count_car_blocks(&car_bytes);
657
+
let size_bytes = i64::try_from(car_bytes.len()).unwrap_or(i64::MAX);
658
659
+
let storage_key = match backup_storage
660
+
.put_backup(did.as_str(), &repo_rev, &car_bytes)
661
+
.await
662
+
{
663
Ok(key) => key,
664
Err(e) => return BackupOutcome::Failed(did, format!("S3 upload: {}", e)),
665
};
···
700
backup_repo: &dyn BackupRepository,
701
block_store: &PostgresBlockStore,
702
backup_storage: &dyn BackupStorage,
703
+
) -> anyhow::Result<()> {
704
+
let interval_secs = i64::try_from(backup_interval_secs()).unwrap_or(i64::MAX);
705
let retention = backup_retention_count();
706
707
let users_needing_backup = backup_repo
708
.get_users_needing_backup(interval_secs, 50)
709
.await
710
+
.context("DB error fetching users for backup")?;
711
712
if users_needing_backup.is_empty() {
713
debug!("No accounts need backup");
···
726
block_store,
727
backup_storage,
728
user.id,
729
+
user.did,
730
user.repo_root_cid.to_string(),
731
user.repo_rev,
732
)
···
766
pub async fn generate_repo_car(
767
block_store: &PostgresBlockStore,
768
head_cid: &Cid,
769
+
) -> anyhow::Result<Vec<u8>> {
770
use jacquard_repo::storage::BlockStore;
771
772
let block_cids_bytes = collect_current_repo_blocks(block_store, head_cid).await?;
773
let block_cids: Vec<Cid> = block_cids_bytes
774
.iter()
775
+
.filter_map(|b| match Cid::try_from(b.as_slice()) {
776
+
Ok(cid) => Some(cid),
777
+
Err(e) => {
778
+
tracing::warn!(error = %e, "skipping unparseable CID in backup generation");
779
+
None
780
+
}
781
+
})
782
.collect();
783
784
+
let car_bytes = encode_car_header(head_cid).context("Failed to encode CAR header")?;
785
786
let blocks = block_store
787
.get_many(&block_cids)
788
.await
789
+
.context("Failed to fetch blocks")?;
790
791
let car_bytes = block_cids
792
.iter()
···
805
let cid_bytes = cid.to_bytes();
806
let total_len = cid_bytes.len() + block.len();
807
let mut writer = Vec::new();
808
+
crate::sync::car::write_varint(&mut writer, u64::try_from(total_len).expect("len fits u64"))
809
.expect("Writing to Vec<u8> should never fail");
810
writer
811
.write_all(&cid_bytes)
···
821
block_store: &PostgresBlockStore,
822
user_id: uuid::Uuid,
823
_head_cid: &Cid,
824
+
) -> anyhow::Result<Vec<u8>> {
825
use std::str::FromStr;
826
827
let repo_root_cid_str: String = repo_repo
828
.get_repo_root_cid_by_user_id(user_id)
829
.await
830
+
.context("Failed to fetch repo")?
831
+
.ok_or_else(|| anyhow::anyhow!("Repository not found"))?
832
.to_string();
833
834
+
let actual_head_cid = Cid::from_str(&repo_root_cid_str).context("Invalid repo_root_cid")?;
835
836
generate_repo_car(block_store, &actual_head_cid).await
837
}
···
841
block_store: &PostgresBlockStore,
842
user_id: uuid::Uuid,
843
head_cid: &Cid,
844
+
) -> anyhow::Result<Vec<u8>> {
845
generate_repo_car_from_user_blocks(repo_repo, block_store, user_id, head_cid).await
846
}
847
848
pub fn count_car_blocks(car_bytes: &[u8]) -> i32 {
849
+
let mut count: i32 = 0;
850
+
let mut pos: usize = 0;
851
852
if let Some((header_len, header_varint_len)) = read_varint(&car_bytes[pos..]) {
853
+
let Some(header_size) = usize::try_from(header_len).ok() else {
854
+
return 0;
855
+
};
856
+
let Some(next_pos) = header_varint_len
857
+
.checked_add(header_size)
858
+
.and_then(|skip| pos.checked_add(skip))
859
+
else {
860
+
return 0;
861
+
};
862
+
pos = next_pos;
863
} else {
864
return 0;
865
}
866
867
while pos < car_bytes.len() {
868
if let Some((block_len, varint_len)) = read_varint(&car_bytes[pos..]) {
869
+
let Some(block_size) = usize::try_from(block_len).ok() else {
870
+
break;
871
+
};
872
+
let Some(next_pos) = varint_len
873
+
.checked_add(block_size)
874
+
.and_then(|skip| pos.checked_add(skip))
875
+
else {
876
+
break;
877
+
};
878
+
pos = next_pos;
879
+
count = count.saturating_add(1);
880
} else {
881
break;
882
}
···
908
backup_storage: &dyn BackupStorage,
909
user_id: uuid::Uuid,
910
retention_count: u32,
911
+
) -> anyhow::Result<()> {
912
let old_backups = backup_repo
913
+
.get_old_backups(user_id, i64::from(retention_count))
914
.await
915
+
.context("DB error fetching old backups")?;
916
917
let results = futures::future::join_all(old_backups.into_iter().map(|backup| async move {
918
match backup_storage.delete_backup(&backup.storage_key).await {
919
+
Ok(()) => backup_repo
920
+
.delete_backup(backup.id)
921
+
.await
922
+
.with_context(|| format!("DB delete failed for {}", backup.storage_key)),
923
Err(e) => {
924
warn!(
925
storage_key = %backup.storage_key,
+18
-32
crates/tranquil-pds/src/sso/config.rs
+18
-32
crates/tranquil-pds/src/sso/config.rs
···
80
}
81
82
fn load_provider(name: &str, needs_issuer: bool) -> Option<ProviderConfig> {
83
-
let enabled = std::env::var(format!("SSO_{}_ENABLED", name))
84
-
.map(|v| v == "true" || v == "1")
85
-
.unwrap_or(false);
86
87
if !enabled {
88
return None;
···
121
}
122
123
fn load_apple_provider() -> Option<AppleProviderConfig> {
124
-
let enabled = std::env::var("SSO_APPLE_ENABLED")
125
-
.map(|v| v == "true" || v == "1")
126
-
.unwrap_or(false);
127
128
if !enabled {
129
return None;
···
178
self.apple.as_ref()
179
}
180
181
pub fn enabled_providers(&self) -> Vec<SsoProviderType> {
182
-
let mut providers = Vec::new();
183
-
if self.github.is_some() {
184
-
providers.push(SsoProviderType::Github);
185
-
}
186
-
if self.discord.is_some() {
187
-
providers.push(SsoProviderType::Discord);
188
-
}
189
-
if self.google.is_some() {
190
-
providers.push(SsoProviderType::Google);
191
-
}
192
-
if self.gitlab.is_some() {
193
-
providers.push(SsoProviderType::Gitlab);
194
-
}
195
-
if self.oidc.is_some() {
196
-
providers.push(SsoProviderType::Oidc);
197
-
}
198
-
if self.apple.is_some() {
199
-
providers.push(SsoProviderType::Apple);
200
-
}
201
-
providers
202
}
203
204
pub fn is_any_enabled(&self) -> bool {
205
-
self.github.is_some()
206
-
|| self.discord.is_some()
207
-
|| self.google.is_some()
208
-
|| self.gitlab.is_some()
209
-
|| self.oidc.is_some()
210
-
|| self.apple.is_some()
211
}
212
}
···
80
}
81
82
fn load_provider(name: &str, needs_issuer: bool) -> Option<ProviderConfig> {
83
+
let enabled = crate::util::parse_env_bool(&format!("SSO_{}_ENABLED", name));
84
85
if !enabled {
86
return None;
···
119
}
120
121
fn load_apple_provider() -> Option<AppleProviderConfig> {
122
+
let enabled = crate::util::parse_env_bool("SSO_APPLE_ENABLED");
123
124
if !enabled {
125
return None;
···
174
self.apple.as_ref()
175
}
176
177
+
fn provider_configs(&self) -> [(SsoProviderType, bool); 6] {
178
+
[
179
+
(SsoProviderType::Github, self.github.is_some()),
180
+
(SsoProviderType::Discord, self.discord.is_some()),
181
+
(SsoProviderType::Google, self.google.is_some()),
182
+
(SsoProviderType::Gitlab, self.gitlab.is_some()),
183
+
(SsoProviderType::Oidc, self.oidc.is_some()),
184
+
(SsoProviderType::Apple, self.apple.is_some()),
185
+
]
186
+
}
187
+
188
pub fn enabled_providers(&self) -> Vec<SsoProviderType> {
189
+
self.provider_configs()
190
+
.into_iter()
191
+
.filter_map(|(p, enabled)| enabled.then_some(p))
192
+
.collect()
193
}
194
195
pub fn is_any_enabled(&self) -> bool {
196
+
self.provider_configs().into_iter().any(|(_, e)| e)
197
}
198
}
+33
-52
crates/tranquil-pds/src/sso/endpoints.rs
+33
-52
crates/tranquil-pds/src/sso/endpoints.rs
···
36
37
#[derive(Debug, Serialize)]
38
pub struct SsoProviderInfo {
39
-
pub provider: String,
40
pub name: String,
41
pub icon: String,
42
}
···
52
.enabled_providers()
53
.iter()
54
.map(|(t, name, icon)| SsoProviderInfo {
55
-
provider: t.as_str().to_string(),
56
name: name.to_string(),
57
icon: icon.to_string(),
58
})
···
63
64
#[derive(Debug, Deserialize)]
65
pub struct SsoInitiateRequest {
66
-
pub provider: String,
67
pub request_uri: Option<String>,
68
-
pub action: Option<String>,
69
}
70
71
#[derive(Debug, Serialize)]
···
79
headers: HeaderMap,
80
Json(input): Json<SsoInitiateRequest>,
81
) -> Result<Json<SsoInitiateResponse>, ApiError> {
82
-
if input.provider.len() > 20 {
83
-
return Err(ApiError::SsoProviderNotFound);
84
-
}
85
if let Some(ref uri) = input.request_uri
86
&& uri.len() > 500
87
{
88
return Err(ApiError::InvalidRequest("Request URI too long".into()));
89
}
90
-
if let Some(ref action) = input.action
91
-
&& action.len() > 20
92
-
{
93
-
return Err(ApiError::SsoInvalidAction);
94
-
}
95
96
-
let provider_type =
97
-
SsoProviderType::parse(&input.provider).ok_or(ApiError::SsoProviderNotFound)?;
98
99
let provider = state
100
.sso_manager
101
.get_provider(provider_type)
102
.ok_or(ApiError::SsoProviderNotEnabled)?;
103
104
-
let action = input
105
-
.action
106
-
.as_deref()
107
-
.map(SsoAction::parse)
108
-
.unwrap_or(Some(SsoAction::Login))
109
-
.ok_or(ApiError::SsoInvalidAction)?;
110
111
let is_standalone = action == SsoAction::Register && input.request_uri.is_none();
112
let request_uri = input
···
616
#[derive(Debug, Serialize)]
617
pub struct LinkedAccountInfo {
618
pub id: String,
619
-
pub provider: String,
620
pub provider_name: String,
621
pub provider_username: Option<String>,
622
pub provider_email: Option<String>,
···
642
.into_iter()
643
.map(|id| LinkedAccountInfo {
644
id: id.id.to_string(),
645
-
provider: id.provider.as_str().to_string(),
646
provider_name: id.provider.display_name().to_string(),
647
provider_username: id.provider_username.map(|u| u.into_inner()),
648
provider_email: id.provider_email.map(|e| e.into_inner()),
···
723
#[derive(Debug, Serialize)]
724
pub struct PendingRegistrationResponse {
725
pub request_uri: String,
726
-
pub provider: String,
727
pub provider_user_id: String,
728
pub provider_username: Option<String>,
729
pub provider_email: Option<String>,
···
747
748
Ok(Json(PendingRegistrationResponse {
749
request_uri: pending.request_uri,
750
-
provider: pending.provider.as_str().to_string(),
751
provider_user_id: pending.provider_user_id.into_inner(),
752
provider_username: pending.provider_username.map(|u| u.into_inner()),
753
provider_email: pending.provider_email.map(|e| e.into_inner()),
···
789
790
let hostname_for_handles = pds_hostname_without_port();
791
let full_handle = format!("{}.{}", validated, hostname_for_handles);
792
-
let handle_typed = unsafe { crate::types::Handle::new_unchecked(&full_handle) };
793
794
let db_available = state
795
.user_repo
···
816
pub handle: String,
817
pub email: Option<String>,
818
pub invite_code: Option<String>,
819
-
pub verification_channel: Option<String>,
820
pub discord_username: Option<String>,
821
pub telegram_username: Option<String>,
822
pub signal_username: Option<String>,
···
875
Err(_) => return Err(ApiError::InvalidHandle(None)),
876
};
877
878
-
let verification_channel = input.verification_channel.as_deref().unwrap_or("email");
879
let verification_recipient = match verification_channel {
880
-
"email" => {
881
let email = input
882
.email
883
.clone()
···
894
_ => return Err(ApiError::MissingEmail),
895
}
896
}
897
-
"discord" => match &input.discord_username {
898
Some(username) if !username.trim().is_empty() => {
899
let clean = username.trim().to_lowercase();
900
if !crate::api::validation::is_valid_discord_username(&clean) {
···
906
}
907
_ => return Err(ApiError::MissingDiscordId),
908
},
909
-
"telegram" => match &input.telegram_username {
910
Some(username) if !username.trim().is_empty() => {
911
let clean = username.trim().trim_start_matches('@');
912
if !crate::api::validation::is_valid_telegram_username(clean) {
···
918
}
919
_ => return Err(ApiError::MissingTelegramUsername),
920
},
921
-
"signal" => match &input.signal_username {
922
Some(username) if !username.trim().is_empty() => {
923
username.trim().trim_start_matches('@').to_lowercase()
924
}
925
_ => return Err(ApiError::MissingSignalNumber),
926
},
927
-
_ => return Err(ApiError::InvalidVerificationChannel),
928
};
929
930
let email = input
···
958
Err(_) => return Err(ApiError::InvalidInviteCode),
959
}
960
} else {
961
-
let invite_required = std::env::var("INVITE_CODE_REQUIRED")
962
-
.map(|v| v == "true" || v == "1")
963
-
.unwrap_or(false);
964
if invite_required {
965
return Err(ApiError::InviteCodeRequired);
966
}
967
None
968
};
969
970
-
let handle_typed = unsafe { crate::types::Handle::new_unchecked(&handle) };
971
let reserved = state
972
.user_repo
973
.reserve_handle(&handle_typed, client_ip)
···
1069
};
1070
1071
let rev = Tid::now(LimitedU32::MIN);
1072
-
let did_typed = unsafe { crate::types::Did::new_unchecked(&did) };
1073
let (commit_bytes, _sig) = match crate::api::repo::record::utils::create_signed_commit(
1074
&did_typed,
1075
mst_root,
···
1101
})
1102
});
1103
1104
-
let preferred_comms_channel = match verification_channel {
1105
-
"email" => tranquil_db_traits::CommsChannel::Email,
1106
-
"discord" => tranquil_db_traits::CommsChannel::Discord,
1107
-
"telegram" => tranquil_db_traits::CommsChannel::Telegram,
1108
-
"signal" => tranquil_db_traits::CommsChannel::Signal,
1109
-
_ => tranquil_db_traits::CommsChannel::Email,
1110
-
};
1111
-
1112
let create_input = tranquil_db_traits::CreateSsoAccountInput {
1113
handle: handle_typed.clone(),
1114
email: email.clone(),
1115
did: did_typed.clone(),
1116
-
preferred_comms_channel,
1117
discord_username: input
1118
.discord_username
1119
.clone()
···
1192
"$type": "app.bsky.actor.profile",
1193
"displayName": handle_typed.as_str()
1194
});
1195
-
let profile_collection = unsafe { crate::types::Nsid::new_unchecked("app.bsky.actor.profile") };
1196
-
let profile_rkey = unsafe { crate::types::Rkey::new_unchecked("self") };
1197
if let Err(e) = crate::api::repo::record::create_record_internal(
1198
&state,
1199
&did_typed,
1200
-
&profile_collection,
1201
-
&profile_rkey,
1202
&profile_record,
1203
)
1204
.await
···
1261
.await
1262
.unwrap_or(None);
1263
1264
-
let channel_auto_verified = verification_channel == "email"
1265
&& pending_preview.provider_email_verified
1266
&& pending_preview.provider_email.as_ref().map(|e| e.as_str()) == email.as_deref();
1267
···
1357
1358
if let Some(uid) = user_id {
1359
let verification_token = crate::auth::verification_token::generate_signup_token(
1360
-
&did,
1361
verification_channel,
1362
&verification_recipient,
1363
);
···
36
37
#[derive(Debug, Serialize)]
38
pub struct SsoProviderInfo {
39
+
pub provider: SsoProviderType,
40
pub name: String,
41
pub icon: String,
42
}
···
52
.enabled_providers()
53
.iter()
54
.map(|(t, name, icon)| SsoProviderInfo {
55
+
provider: *t,
56
name: name.to_string(),
57
icon: icon.to_string(),
58
})
···
63
64
#[derive(Debug, Deserialize)]
65
pub struct SsoInitiateRequest {
66
+
pub provider: SsoProviderType,
67
pub request_uri: Option<String>,
68
+
pub action: Option<SsoAction>,
69
}
70
71
#[derive(Debug, Serialize)]
···
79
headers: HeaderMap,
80
Json(input): Json<SsoInitiateRequest>,
81
) -> Result<Json<SsoInitiateResponse>, ApiError> {
82
if let Some(ref uri) = input.request_uri
83
&& uri.len() > 500
84
{
85
return Err(ApiError::InvalidRequest("Request URI too long".into()));
86
}
87
88
+
let provider_type = input.provider;
89
90
let provider = state
91
.sso_manager
92
.get_provider(provider_type)
93
.ok_or(ApiError::SsoProviderNotEnabled)?;
94
95
+
let action = input.action.unwrap_or(SsoAction::Login);
96
97
let is_standalone = action == SsoAction::Register && input.request_uri.is_none();
98
let request_uri = input
···
602
#[derive(Debug, Serialize)]
603
pub struct LinkedAccountInfo {
604
pub id: String,
605
+
pub provider: SsoProviderType,
606
pub provider_name: String,
607
pub provider_username: Option<String>,
608
pub provider_email: Option<String>,
···
628
.into_iter()
629
.map(|id| LinkedAccountInfo {
630
id: id.id.to_string(),
631
+
provider: id.provider,
632
provider_name: id.provider.display_name().to_string(),
633
provider_username: id.provider_username.map(|u| u.into_inner()),
634
provider_email: id.provider_email.map(|e| e.into_inner()),
···
709
#[derive(Debug, Serialize)]
710
pub struct PendingRegistrationResponse {
711
pub request_uri: String,
712
+
pub provider: SsoProviderType,
713
pub provider_user_id: String,
714
pub provider_username: Option<String>,
715
pub provider_email: Option<String>,
···
733
734
Ok(Json(PendingRegistrationResponse {
735
request_uri: pending.request_uri,
736
+
provider: pending.provider,
737
provider_user_id: pending.provider_user_id.into_inner(),
738
provider_username: pending.provider_username.map(|u| u.into_inner()),
739
provider_email: pending.provider_email.map(|e| e.into_inner()),
···
775
776
let hostname_for_handles = pds_hostname_without_port();
777
let full_handle = format!("{}.{}", validated, hostname_for_handles);
778
+
let handle_typed: crate::types::Handle = match full_handle.parse() {
779
+
Ok(h) => h,
780
+
Err(_) => return Err(ApiError::InvalidHandle(None)),
781
+
};
782
783
let db_available = state
784
.user_repo
···
805
pub handle: String,
806
pub email: Option<String>,
807
pub invite_code: Option<String>,
808
+
pub verification_channel: Option<tranquil_db_traits::CommsChannel>,
809
pub discord_username: Option<String>,
810
pub telegram_username: Option<String>,
811
pub signal_username: Option<String>,
···
864
Err(_) => return Err(ApiError::InvalidHandle(None)),
865
};
866
867
+
let verification_channel = input
868
+
.verification_channel
869
+
.unwrap_or(tranquil_db_traits::CommsChannel::Email);
870
let verification_recipient = match verification_channel {
871
+
tranquil_db_traits::CommsChannel::Email => {
872
let email = input
873
.email
874
.clone()
···
885
_ => return Err(ApiError::MissingEmail),
886
}
887
}
888
+
tranquil_db_traits::CommsChannel::Discord => match &input.discord_username {
889
Some(username) if !username.trim().is_empty() => {
890
let clean = username.trim().to_lowercase();
891
if !crate::api::validation::is_valid_discord_username(&clean) {
···
897
}
898
_ => return Err(ApiError::MissingDiscordId),
899
},
900
+
tranquil_db_traits::CommsChannel::Telegram => match &input.telegram_username {
901
Some(username) if !username.trim().is_empty() => {
902
let clean = username.trim().trim_start_matches('@');
903
if !crate::api::validation::is_valid_telegram_username(clean) {
···
909
}
910
_ => return Err(ApiError::MissingTelegramUsername),
911
},
912
+
tranquil_db_traits::CommsChannel::Signal => match &input.signal_username {
913
Some(username) if !username.trim().is_empty() => {
914
username.trim().trim_start_matches('@').to_lowercase()
915
}
916
_ => return Err(ApiError::MissingSignalNumber),
917
},
918
};
919
920
let email = input
···
948
Err(_) => return Err(ApiError::InvalidInviteCode),
949
}
950
} else {
951
+
let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED");
952
if invite_required {
953
return Err(ApiError::InviteCodeRequired);
954
}
955
None
956
};
957
958
+
let handle_typed: crate::types::Handle =
959
+
handle.parse().map_err(|_| ApiError::InvalidHandle(None))?;
960
let reserved = state
961
.user_repo
962
.reserve_handle(&handle_typed, client_ip)
···
1058
};
1059
1060
let rev = Tid::now(LimitedU32::MIN);
1061
+
let did_typed: crate::types::Did = did
1062
+
.parse()
1063
+
.map_err(|_| ApiError::InternalError(Some("Invalid DID".into())))?;
1064
let (commit_bytes, _sig) = match crate::api::repo::record::utils::create_signed_commit(
1065
&did_typed,
1066
mst_root,
···
1092
})
1093
});
1094
1095
let create_input = tranquil_db_traits::CreateSsoAccountInput {
1096
handle: handle_typed.clone(),
1097
email: email.clone(),
1098
did: did_typed.clone(),
1099
+
preferred_comms_channel: verification_channel,
1100
discord_username: input
1101
.discord_username
1102
.clone()
···
1175
"$type": "app.bsky.actor.profile",
1176
"displayName": handle_typed.as_str()
1177
});
1178
if let Err(e) = crate::api::repo::record::create_record_internal(
1179
&state,
1180
&did_typed,
1181
+
&crate::types::PROFILE_COLLECTION,
1182
+
&crate::types::PROFILE_RKEY,
1183
&profile_record,
1184
)
1185
.await
···
1242
.await
1243
.unwrap_or(None);
1244
1245
+
let channel_auto_verified = verification_channel == tranquil_db_traits::CommsChannel::Email
1246
&& pending_preview.provider_email_verified
1247
&& pending_preview.provider_email.as_ref().map(|e| e.as_str()) == email.as_deref();
1248
···
1338
1339
if let Some(uid) = user_id {
1340
let verification_token = crate::auth::verification_token::generate_signup_token(
1341
+
&did_typed,
1342
verification_channel,
1343
&verification_recipient,
1344
);
+32
-16
crates/tranquil-pds/src/sso/providers.rs
+32
-16
crates/tranquil-pds/src/sso/providers.rs
···
14
15
const SSO_HTTP_TIMEOUT: Duration = Duration::from_secs(15);
16
17
fn create_http_client() -> Client {
18
Client::builder()
19
.timeout(SSO_HTTP_TIMEOUT)
···
473
.await
474
}
475
476
-
fn generate_pkce() -> (String, String) {
477
use rand::RngCore;
478
let mut verifier_bytes = [0u8; 32];
479
rand::thread_rng().fill_bytes(&mut verifier_bytes);
480
-
let verifier = URL_SAFE_NO_PAD.encode(verifier_bytes);
481
482
use sha2::{Digest, Sha256};
483
-
let challenge_bytes = Sha256::digest(verifier.as_bytes());
484
-
let challenge = URL_SAFE_NO_PAD.encode(challenge_bytes);
485
486
-
(verifier, challenge)
487
}
488
489
fn validate_id_token(
···
585
redirect_uri: &str,
586
nonce: Option<&str>,
587
) -> Result<AuthUrlResult, SsoError> {
588
-
let (verifier, challenge) = Self::generate_pkce();
589
590
let auth_endpoint = match self.provider_type {
591
SsoProviderType::Google => "https://accounts.google.com/o/oauth2/v2/auth".to_string(),
···
604
urlencoding::encode(&self.client_id),
605
urlencoding::encode(redirect_uri),
606
urlencoding::encode(state),
607
-
urlencoding::encode(&challenge),
608
);
609
610
if let Some(n) = nonce {
···
613
614
Ok(AuthUrlResult {
615
url,
616
-
code_verifier: Some(verifier),
617
})
618
}
619
···
785
})
786
}
787
788
-
fn generate_client_secret(&self) -> Result<(String, u64), SsoError> {
789
let now = SystemTime::now()
790
.duration_since(UNIX_EPOCH)
791
-
.unwrap()
792
.as_secs();
793
let exp = now + (150 * 24 * 60 * 60);
794
···
821
SsoError::Provider(format!("Failed to generate Apple client secret: {}", e))
822
})?;
823
824
-
Ok((token, exp))
825
}
826
827
async fn get_client_secret(&self) -> Result<String, SsoError> {
828
let now = SystemTime::now()
829
.duration_since(UNIX_EPOCH)
830
-
.unwrap()
831
.as_secs();
832
833
{
···
839
}
840
}
841
842
-
let (secret, expires_at) = self.generate_client_secret()?;
843
844
{
845
let mut cache = self.client_secret_cache.write().await;
846
*cache = Some(CachedClientSecret {
847
-
secret: secret.clone(),
848
-
expires_at,
849
});
850
}
851
852
-
Ok(secret)
853
}
854
855
async fn get_jwks(&self) -> Result<&JwkSet, SsoError> {
···
14
15
const SSO_HTTP_TIMEOUT: Duration = Duration::from_secs(15);
16
17
+
struct PkceChallenge {
18
+
code_verifier: String,
19
+
code_challenge: String,
20
+
}
21
+
22
+
struct ClientSecretWithExpiry {
23
+
secret: String,
24
+
expires_at: u64,
25
+
}
26
+
27
fn create_http_client() -> Client {
28
Client::builder()
29
.timeout(SSO_HTTP_TIMEOUT)
···
483
.await
484
}
485
486
+
fn generate_pkce() -> PkceChallenge {
487
use rand::RngCore;
488
let mut verifier_bytes = [0u8; 32];
489
rand::thread_rng().fill_bytes(&mut verifier_bytes);
490
+
let code_verifier = URL_SAFE_NO_PAD.encode(verifier_bytes);
491
492
use sha2::{Digest, Sha256};
493
+
let challenge_bytes = Sha256::digest(code_verifier.as_bytes());
494
+
let code_challenge = URL_SAFE_NO_PAD.encode(challenge_bytes);
495
496
+
PkceChallenge {
497
+
code_verifier,
498
+
code_challenge,
499
+
}
500
}
501
502
fn validate_id_token(
···
598
redirect_uri: &str,
599
nonce: Option<&str>,
600
) -> Result<AuthUrlResult, SsoError> {
601
+
let pkce = Self::generate_pkce();
602
603
let auth_endpoint = match self.provider_type {
604
SsoProviderType::Google => "https://accounts.google.com/o/oauth2/v2/auth".to_string(),
···
617
urlencoding::encode(&self.client_id),
618
urlencoding::encode(redirect_uri),
619
urlencoding::encode(state),
620
+
urlencoding::encode(&pkce.code_challenge),
621
);
622
623
if let Some(n) = nonce {
···
626
627
Ok(AuthUrlResult {
628
url,
629
+
code_verifier: Some(pkce.code_verifier),
630
})
631
}
632
···
798
})
799
}
800
801
+
fn generate_client_secret(&self) -> Result<ClientSecretWithExpiry, SsoError> {
802
let now = SystemTime::now()
803
.duration_since(UNIX_EPOCH)
804
+
.unwrap_or_default()
805
.as_secs();
806
let exp = now + (150 * 24 * 60 * 60);
807
···
834
SsoError::Provider(format!("Failed to generate Apple client secret: {}", e))
835
})?;
836
837
+
Ok(ClientSecretWithExpiry {
838
+
secret: token,
839
+
expires_at: exp,
840
+
})
841
}
842
843
async fn get_client_secret(&self) -> Result<String, SsoError> {
844
let now = SystemTime::now()
845
.duration_since(UNIX_EPOCH)
846
+
.unwrap_or_default()
847
.as_secs();
848
849
{
···
855
}
856
}
857
858
+
let generated = self.generate_client_secret()?;
859
860
{
861
let mut cache = self.client_secret_cache.write().await;
862
*cache = Some(CachedClientSecret {
863
+
secret: generated.secret.clone(),
864
+
expires_at: generated.expires_at,
865
});
866
}
867
868
+
Ok(generated.secret)
869
}
870
871
async fn get_jwks(&self) -> Result<&JwkSet, SsoError> {
+90
-24
crates/tranquil-pds/src/state.rs
+90
-24
crates/tranquil-pds/src/state.rs
···
62
}
63
64
#[derive(Debug, Clone, Copy)]
65
pub enum RateLimitKind {
66
Login,
67
AccountCreation,
···
86
}
87
88
impl RateLimitKind {
89
-
fn key_prefix(&self) -> &'static str {
90
match self {
91
Self::Login => "login",
92
Self::AccountCreation => "account_creation",
···
111
}
112
}
113
114
-
fn limit_and_window_ms(&self) -> (u32, u64) {
115
match self {
116
-
Self::Login => (10, 60_000),
117
-
Self::AccountCreation => (10, 3_600_000),
118
-
Self::PasswordReset => (5, 3_600_000),
119
-
Self::ResetPassword => (10, 60_000),
120
-
Self::RefreshSession => (60, 60_000),
121
-
Self::OAuthToken => (300, 60_000),
122
-
Self::OAuthAuthorize => (10, 60_000),
123
-
Self::OAuthPar => (30, 60_000),
124
-
Self::OAuthIntrospect => (30, 60_000),
125
-
Self::AppPassword => (10, 60_000),
126
-
Self::EmailUpdate => (5, 3_600_000),
127
-
Self::TotpVerify => (5, 300_000),
128
-
Self::HandleUpdate => (10, 300_000),
129
-
Self::HandleUpdateDaily => (50, 86_400_000),
130
-
Self::VerificationCheck => (60, 60_000),
131
-
Self::SsoInitiate => (10, 60_000),
132
-
Self::SsoCallback => (30, 60_000),
133
-
Self::SsoUnlink => (10, 60_000),
134
-
Self::OAuthRegisterComplete => (5, 300_000),
135
-
Self::HandleVerification => (10, 60_000),
136
}
137
}
138
}
···
294
}
295
296
let key = format!("{}:{}", kind.key_prefix(), client_ip);
297
-
let (limit, window_ms) = kind.limit_and_window_ms();
298
299
if !self
300
.distributed_rate_limiter
301
-
.check_rate_limit(&key, limit, window_ms)
302
.await
303
{
304
crate::metrics::record_rate_limit_rejection(limiter_name);
···
62
}
63
64
#[derive(Debug, Clone, Copy)]
65
+
pub struct RateLimitParams {
66
+
pub limit: u32,
67
+
pub window_ms: u64,
68
+
}
69
+
70
+
#[derive(Debug, Clone, Copy)]
71
pub enum RateLimitKind {
72
Login,
73
AccountCreation,
···
92
}
93
94
impl RateLimitKind {
95
+
const fn key_prefix(&self) -> &'static str {
96
match self {
97
Self::Login => "login",
98
Self::AccountCreation => "account_creation",
···
117
}
118
}
119
120
+
const fn params(&self) -> RateLimitParams {
121
match self {
122
+
Self::Login => RateLimitParams {
123
+
limit: 10,
124
+
window_ms: 60_000,
125
+
},
126
+
Self::AccountCreation => RateLimitParams {
127
+
limit: 10,
128
+
window_ms: 3_600_000,
129
+
},
130
+
Self::PasswordReset => RateLimitParams {
131
+
limit: 5,
132
+
window_ms: 3_600_000,
133
+
},
134
+
Self::ResetPassword => RateLimitParams {
135
+
limit: 10,
136
+
window_ms: 60_000,
137
+
},
138
+
Self::RefreshSession => RateLimitParams {
139
+
limit: 60,
140
+
window_ms: 60_000,
141
+
},
142
+
Self::OAuthToken => RateLimitParams {
143
+
limit: 300,
144
+
window_ms: 60_000,
145
+
},
146
+
Self::OAuthAuthorize => RateLimitParams {
147
+
limit: 10,
148
+
window_ms: 60_000,
149
+
},
150
+
Self::OAuthPar => RateLimitParams {
151
+
limit: 30,
152
+
window_ms: 60_000,
153
+
},
154
+
Self::OAuthIntrospect => RateLimitParams {
155
+
limit: 30,
156
+
window_ms: 60_000,
157
+
},
158
+
Self::AppPassword => RateLimitParams {
159
+
limit: 10,
160
+
window_ms: 60_000,
161
+
},
162
+
Self::EmailUpdate => RateLimitParams {
163
+
limit: 5,
164
+
window_ms: 3_600_000,
165
+
},
166
+
Self::TotpVerify => RateLimitParams {
167
+
limit: 5,
168
+
window_ms: 300_000,
169
+
},
170
+
Self::HandleUpdate => RateLimitParams {
171
+
limit: 10,
172
+
window_ms: 300_000,
173
+
},
174
+
Self::HandleUpdateDaily => RateLimitParams {
175
+
limit: 50,
176
+
window_ms: 86_400_000,
177
+
},
178
+
Self::VerificationCheck => RateLimitParams {
179
+
limit: 60,
180
+
window_ms: 60_000,
181
+
},
182
+
Self::SsoInitiate => RateLimitParams {
183
+
limit: 10,
184
+
window_ms: 60_000,
185
+
},
186
+
Self::SsoCallback => RateLimitParams {
187
+
limit: 30,
188
+
window_ms: 60_000,
189
+
},
190
+
Self::SsoUnlink => RateLimitParams {
191
+
limit: 10,
192
+
window_ms: 60_000,
193
+
},
194
+
Self::OAuthRegisterComplete => RateLimitParams {
195
+
limit: 5,
196
+
window_ms: 300_000,
197
+
},
198
+
Self::HandleVerification => RateLimitParams {
199
+
limit: 10,
200
+
window_ms: 60_000,
201
+
},
202
}
203
}
204
}
···
360
}
361
362
let key = format!("{}:{}", kind.key_prefix(), client_ip);
363
+
let params = kind.params();
364
365
if !self
366
.distributed_rate_limiter
367
+
.check_rate_limit(&key, params.limit, params.window_ms)
368
.await
369
{
370
crate::metrics::record_rate_limit_rejection(limiter_name);
+26
-40
crates/tranquil-pds/src/sync/blob.rs
+26
-40
crates/tranquil-pds/src/sync/blob.rs
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
-
use crate::sync::util::assert_repo_availability;
4
use axum::{
5
Json,
6
body::Body,
···
15
16
#[derive(Deserialize)]
17
pub struct GetBlobParams {
18
-
pub did: String,
19
-
pub cid: String,
20
}
21
22
pub async fn get_blob(
23
State(state): State<AppState>,
24
Query(params): Query<GetBlobParams>,
25
) -> Response {
26
-
let did_str = params.did.trim();
27
-
let cid_str = params.cid.trim();
28
-
if did_str.is_empty() {
29
-
return ApiError::InvalidRequest("did is required".into()).into_response();
30
-
}
31
-
if cid_str.is_empty() {
32
-
return ApiError::InvalidRequest("cid is required".into()).into_response();
33
-
}
34
-
let did: Did = match did_str.parse() {
35
-
Ok(d) => d,
36
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
37
-
};
38
-
let cid: CidLink = match cid_str.parse() {
39
-
Ok(c) => c,
40
-
Err(_) => return ApiError::InvalidRequest("invalid cid".into()).into_response(),
41
-
};
42
43
-
let _account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
44
-
Ok(a) => a,
45
-
Err(e) => return e.into_response(),
46
-
};
47
48
let blob_result = state.blob_repo.get_blob_metadata(&cid).await;
49
match blob_result {
···
55
.header("x-content-type-options", "nosniff")
56
.header("content-security-policy", "default-src 'none'; sandbox")
57
.body(Body::from(data))
58
-
.unwrap(),
59
Err(e) => {
60
error!("Failed to fetch blob from storage: {:?}", e);
61
ApiError::BlobNotFound(Some("Blob not found in storage".into())).into_response()
···
71
72
#[derive(Deserialize)]
73
pub struct ListBlobsParams {
74
-
pub did: String,
75
pub since: Option<String>,
76
pub limit: Option<i64>,
77
pub cursor: Option<String>,
···
88
State(state): State<AppState>,
89
Query(params): Query<ListBlobsParams>,
90
) -> Response {
91
-
let did_str = params.did.trim();
92
-
if did_str.is_empty() {
93
-
return ApiError::InvalidRequest("did is required".into()).into_response();
94
-
}
95
-
let did: Did = match did_str.parse() {
96
-
Ok(d) => d,
97
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
98
-
};
99
100
-
let account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
101
-
Ok(a) => a,
102
-
Err(e) => return e.into_response(),
103
-
};
104
105
let limit = params.limit.unwrap_or(500).clamp(1, 1000);
106
let cursor_cid = params.cursor.as_deref().unwrap_or("");
···
117
cid_strs
118
.into_iter()
119
.filter(|c| c.as_str() > cursor_cid)
120
-
.take((limit + 1) as usize)
121
.collect()
122
})
123
} else {
···
129
};
130
match cids_result {
131
Ok(cids) => {
132
-
let has_more = cids.len() as i64 > limit;
133
-
let cids: Vec<String> = cids.into_iter().take(limit as usize).collect();
134
let next_cursor = if has_more { cids.last().cloned() } else { None };
135
(
136
StatusCode::OK,
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
+
use crate::sync::util::{RepoAccessLevel, assert_repo_availability};
4
use axum::{
5
Json,
6
body::Body,
···
15
16
#[derive(Deserialize)]
17
pub struct GetBlobParams {
18
+
pub did: Did,
19
+
pub cid: CidLink,
20
}
21
22
pub async fn get_blob(
23
State(state): State<AppState>,
24
Query(params): Query<GetBlobParams>,
25
) -> Response {
26
+
let did = params.did;
27
+
let cid = params.cid;
28
29
+
let _account =
30
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
31
+
.await
32
+
{
33
+
Ok(a) => a,
34
+
Err(e) => return e.into_response(),
35
+
};
36
37
let blob_result = state.blob_repo.get_blob_metadata(&cid).await;
38
match blob_result {
···
44
.header("x-content-type-options", "nosniff")
45
.header("content-security-policy", "default-src 'none'; sandbox")
46
.body(Body::from(data))
47
+
.unwrap_or_else(|_| ApiError::InternalError(None).into_response()),
48
Err(e) => {
49
error!("Failed to fetch blob from storage: {:?}", e);
50
ApiError::BlobNotFound(Some("Blob not found in storage".into())).into_response()
···
60
61
#[derive(Deserialize)]
62
pub struct ListBlobsParams {
63
+
pub did: Did,
64
pub since: Option<String>,
65
pub limit: Option<i64>,
66
pub cursor: Option<String>,
···
77
State(state): State<AppState>,
78
Query(params): Query<ListBlobsParams>,
79
) -> Response {
80
+
let did = params.did;
81
82
+
let account =
83
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
84
+
.await
85
+
{
86
+
Ok(a) => a,
87
+
Err(e) => return e.into_response(),
88
+
};
89
90
let limit = params.limit.unwrap_or(500).clamp(1, 1000);
91
let cursor_cid = params.cursor.as_deref().unwrap_or("");
···
102
cid_strs
103
.into_iter()
104
.filter(|c| c.as_str() > cursor_cid)
105
+
.take(usize::try_from(limit + 1).unwrap_or(0))
106
.collect()
107
})
108
} else {
···
114
};
115
match cids_result {
116
Ok(cids) => {
117
+
let limit_usize = usize::try_from(limit).unwrap_or(0);
118
+
let has_more = cids.len() > limit_usize;
119
+
let cids: Vec<String> = cids.into_iter().take(limit_usize).collect();
120
let next_cursor = if has_more { cids.last().cloned() } else { None };
121
(
122
StatusCode::OK,
+45
-16
crates/tranquil-pds/src/sync/car.rs
+45
-16
crates/tranquil-pds/src/sync/car.rs
···
2
use iroh_car::CarHeader;
3
use std::io::Write;
4
5
pub fn write_varint<W: Write>(mut writer: W, mut value: u64) -> std::io::Result<()> {
6
loop {
7
let mut byte = (value & 0x7F) as u8;
···
18
}
19
20
pub fn ld_write<W: Write>(mut writer: W, data: &[u8]) -> std::io::Result<()> {
21
-
write_varint(&mut writer, data.len() as u64)?;
22
writer.write_all(data)?;
23
Ok(())
24
}
25
26
-
pub fn encode_car_header(root_cid: &Cid) -> Result<Vec<u8>, String> {
27
-
let header = CarHeader::new_v1(vec![*root_cid]);
28
let header_cbor = header
29
.encode()
30
-
.map_err(|e| format!("Failed to encode CAR header: {:?}", e))?;
31
let mut result = Vec::new();
32
-
write_varint(&mut result, header_cbor.len() as u64)
33
-
.expect("Writing to Vec<u8> should never fail");
34
result.extend_from_slice(&header_cbor);
35
Ok(result)
36
}
37
38
-
pub fn encode_car_header_null_root() -> Result<Vec<u8>, String> {
39
-
let header = CarHeader::new_v1(vec![]);
40
-
let header_cbor = header
41
-
.encode()
42
-
.map_err(|e| format!("Failed to encode CAR header: {:?}", e))?;
43
-
let mut result = Vec::new();
44
-
write_varint(&mut result, header_cbor.len() as u64)
45
-
.expect("Writing to Vec<u8> should never fail");
46
-
result.extend_from_slice(&header_cbor);
47
-
Ok(result)
48
}
···
2
use iroh_car::CarHeader;
3
use std::io::Write;
4
5
+
#[derive(Debug)]
6
+
pub enum CarEncodeError {
7
+
CborEncodeFailed(String),
8
+
}
9
+
10
+
impl std::fmt::Display for CarEncodeError {
11
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
12
+
match self {
13
+
Self::CborEncodeFailed(e) => write!(f, "Failed to encode CAR header: {}", e),
14
+
}
15
+
}
16
+
}
17
+
18
+
impl std::error::Error for CarEncodeError {}
19
+
20
pub fn write_varint<W: Write>(mut writer: W, mut value: u64) -> std::io::Result<()> {
21
loop {
22
let mut byte = (value & 0x7F) as u8;
···
33
}
34
35
pub fn ld_write<W: Write>(mut writer: W, data: &[u8]) -> std::io::Result<()> {
36
+
write_varint(
37
+
&mut writer,
38
+
u64::try_from(data.len()).expect("len fits u64"),
39
+
)?;
40
writer.write_all(data)?;
41
Ok(())
42
}
43
44
+
pub fn encode_car_header_with_root(root_cid: Option<&Cid>) -> Result<Vec<u8>, CarEncodeError> {
45
+
let roots = root_cid.map_or_else(Vec::new, |cid| vec![*cid]);
46
+
let header = CarHeader::new_v1(roots);
47
let header_cbor = header
48
.encode()
49
+
.map_err(|e| CarEncodeError::CborEncodeFailed(format!("{:?}", e)))?;
50
let mut result = Vec::new();
51
+
write_varint(
52
+
&mut result,
53
+
u64::try_from(header_cbor.len()).expect("len fits u64"),
54
+
)
55
+
.expect("Writing to Vec<u8> should never fail");
56
result.extend_from_slice(&header_cbor);
57
Ok(result)
58
}
59
60
+
pub fn encode_car_header(root_cid: &Cid) -> Result<Vec<u8>, CarEncodeError> {
61
+
encode_car_header_with_root(Some(root_cid))
62
+
}
63
+
64
+
pub fn encode_car_header_null_root() -> Result<Vec<u8>, CarEncodeError> {
65
+
encode_car_header_with_root(None)
66
+
}
67
+
68
+
pub fn encode_car_block(cid: &Cid, block: &[u8]) -> Vec<u8> {
69
+
let cid_bytes = cid.to_bytes();
70
+
let total_len = cid_bytes.len() + block.len();
71
+
let mut buf = Vec::with_capacity(10 + total_len);
72
+
write_varint(&mut buf, u64::try_from(total_len).unwrap_or(u64::MAX))
73
+
.unwrap_or_else(|_| unreachable!());
74
+
buf.extend_from_slice(&cid_bytes);
75
+
buf.extend_from_slice(block);
76
+
buf
77
}
+26
-39
crates/tranquil-pds/src/sync/commit.rs
+26
-39
crates/tranquil-pds/src/sync/commit.rs
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
-
use crate::sync::util::{assert_repo_availability, get_account_with_status};
4
use axum::{
5
Json,
6
extract::{Query, State},
···
25
26
#[derive(Deserialize)]
27
pub struct GetLatestCommitParams {
28
-
pub did: String,
29
}
30
31
#[derive(Serialize)]
···
38
State(state): State<AppState>,
39
Query(params): Query<GetLatestCommitParams>,
40
) -> Response {
41
-
let did_str = params.did.trim();
42
-
if did_str.is_empty() {
43
-
return ApiError::InvalidRequest("did is required".into()).into_response();
44
-
}
45
-
let did: Did = match did_str.parse() {
46
-
Ok(d) => d,
47
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
48
-
};
49
50
-
let account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
51
-
Ok(a) => a,
52
-
Err(e) => return e.into_response(),
53
-
};
54
55
let Some(repo_root_cid) = account.repo_root_cid else {
56
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
···
59
let Some(rev) = get_rev_from_commit(&state, &repo_root_cid).await else {
60
error!(
61
"Failed to parse commit for DID {}: CID {}",
62
-
did_str, repo_root_cid
63
);
64
return ApiError::InternalError(Some("Failed to read repo commit".into())).into_response();
65
};
···
83
#[derive(Serialize)]
84
#[serde(rename_all = "camelCase")]
85
pub struct RepoInfo {
86
-
pub did: String,
87
pub head: String,
88
pub rev: String,
89
pub active: bool,
90
#[serde(skip_serializing_if = "Option::is_none")]
91
-
pub status: Option<String>,
92
}
93
94
#[derive(Serialize)]
···
111
.await;
112
match result {
113
Ok(rows) => {
114
-
let has_more = rows.len() as i64 > limit;
115
let mut repos: Vec<RepoInfo> = Vec::new();
116
-
for row in rows.iter().take(limit as usize) {
117
let cid_str = row.repo_root_cid.to_string();
118
let rev = get_rev_from_commit(&state, &cid_str)
119
.await
···
127
AccountStatus::Active
128
};
129
repos.push(RepoInfo {
130
-
did: row.did.to_string(),
131
head: cid_str,
132
rev,
133
active: status.is_active(),
134
-
status: status.for_firehose().map(String::from),
135
});
136
}
137
let next_cursor = if has_more {
138
-
repos.last().map(|r| r.did.clone())
139
} else {
140
None
141
};
···
157
158
#[derive(Deserialize)]
159
pub struct GetRepoStatusParams {
160
-
pub did: String,
161
}
162
163
#[derive(Serialize)]
164
pub struct GetRepoStatusOutput {
165
-
pub did: String,
166
pub active: bool,
167
#[serde(skip_serializing_if = "Option::is_none")]
168
-
pub status: Option<String>,
169
#[serde(skip_serializing_if = "Option::is_none")]
170
pub rev: Option<String>,
171
}
···
174
State(state): State<AppState>,
175
Query(params): Query<GetRepoStatusParams>,
176
) -> Response {
177
-
let did_str = params.did.trim();
178
-
if did_str.is_empty() {
179
-
return ApiError::InvalidRequest("did is required".into()).into_response();
180
-
}
181
-
let did: Did = match did_str.parse() {
182
-
Ok(d) => d,
183
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
184
-
};
185
186
let account = match get_account_with_status(state.repo_repo.as_ref(), &did).await {
187
Ok(Some(a)) => a,
188
Ok(None) => {
189
-
return ApiError::RepoNotFound(Some(format!(
190
-
"Could not find repo for DID: {}",
191
-
did_str
192
-
)))
193
-
.into_response();
194
}
195
Err(e) => {
196
error!("DB error in get_repo_status: {:?}", e);
···
213
Json(GetRepoStatusOutput {
214
did: account.did,
215
active: account.status.is_active(),
216
-
status: account.status.for_firehose().map(String::from),
217
rev,
218
}),
219
)
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
+
use crate::sync::util::{RepoAccessLevel, assert_repo_availability, get_account_with_status};
4
use axum::{
5
Json,
6
extract::{Query, State},
···
25
26
#[derive(Deserialize)]
27
pub struct GetLatestCommitParams {
28
+
pub did: Did,
29
}
30
31
#[derive(Serialize)]
···
38
State(state): State<AppState>,
39
Query(params): Query<GetLatestCommitParams>,
40
) -> Response {
41
+
let did = params.did;
42
43
+
let account =
44
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
45
+
.await
46
+
{
47
+
Ok(a) => a,
48
+
Err(e) => return e.into_response(),
49
+
};
50
51
let Some(repo_root_cid) = account.repo_root_cid else {
52
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
···
55
let Some(rev) = get_rev_from_commit(&state, &repo_root_cid).await else {
56
error!(
57
"Failed to parse commit for DID {}: CID {}",
58
+
did, repo_root_cid
59
);
60
return ApiError::InternalError(Some("Failed to read repo commit".into())).into_response();
61
};
···
79
#[derive(Serialize)]
80
#[serde(rename_all = "camelCase")]
81
pub struct RepoInfo {
82
+
pub did: Did,
83
pub head: String,
84
pub rev: String,
85
pub active: bool,
86
#[serde(skip_serializing_if = "Option::is_none")]
87
+
pub status: Option<AccountStatus>,
88
}
89
90
#[derive(Serialize)]
···
107
.await;
108
match result {
109
Ok(rows) => {
110
+
let limit_usize = usize::try_from(limit).unwrap_or(0);
111
+
let has_more = rows.len() > limit_usize;
112
let mut repos: Vec<RepoInfo> = Vec::new();
113
+
for row in rows.iter().take(limit_usize) {
114
let cid_str = row.repo_root_cid.to_string();
115
let rev = get_rev_from_commit(&state, &cid_str)
116
.await
···
124
AccountStatus::Active
125
};
126
repos.push(RepoInfo {
127
+
did: row.did.clone(),
128
head: cid_str,
129
rev,
130
active: status.is_active(),
131
+
status: status.for_firehose_typed(),
132
});
133
}
134
let next_cursor = if has_more {
135
+
repos.last().map(|r| r.did.to_string())
136
} else {
137
None
138
};
···
154
155
#[derive(Deserialize)]
156
pub struct GetRepoStatusParams {
157
+
pub did: Did,
158
}
159
160
#[derive(Serialize)]
161
pub struct GetRepoStatusOutput {
162
+
pub did: Did,
163
pub active: bool,
164
#[serde(skip_serializing_if = "Option::is_none")]
165
+
pub status: Option<AccountStatus>,
166
#[serde(skip_serializing_if = "Option::is_none")]
167
pub rev: Option<String>,
168
}
···
171
State(state): State<AppState>,
172
Query(params): Query<GetRepoStatusParams>,
173
) -> Response {
174
+
let did = params.did;
175
176
let account = match get_account_with_status(state.repo_repo.as_ref(), &did).await {
177
Ok(Some(a)) => a,
178
Ok(None) => {
179
+
return ApiError::RepoNotFound(Some(format!("Could not find repo for DID: {}", did)))
180
+
.into_response();
181
}
182
Err(e) => {
183
error!("DB error in get_repo_status: {:?}", e);
···
200
Json(GetRepoStatusOutput {
201
did: account.did,
202
active: account.status.is_active(),
203
+
status: account.status.for_firehose_typed(),
204
rev,
205
}),
206
)
+42
-37
crates/tranquil-pds/src/sync/deprecated.rs
+42
-37
crates/tranquil-pds/src/sync/deprecated.rs
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
-
use crate::sync::car::encode_car_header;
4
-
use crate::sync::util::assert_repo_availability;
5
use axum::{
6
Json,
7
extract::{Query, State},
8
-
http::{HeaderMap, StatusCode},
9
response::{IntoResponse, Response},
10
};
11
use cid::Cid;
12
use ipld_core::ipld::Ipld;
13
use jacquard_repo::storage::BlockStore;
14
use serde::{Deserialize, Serialize};
15
-
use std::io::Write;
16
use std::str::FromStr;
17
use tranquil_types::Did;
18
19
const MAX_REPO_BLOCKS_TRAVERSAL: usize = 20_000;
20
21
-
async fn check_admin_or_self(state: &AppState, headers: &HeaderMap, did: &str) -> bool {
22
let extracted = match crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
23
headers,
24
-
"Authorization",
25
)) {
26
Some(t) => t,
27
None => return false,
28
};
29
-
let dpop_proof = crate::util::get_header_str(headers, "DPoP");
30
let http_uri = "/";
31
match crate::auth::validate_token_with_dpop(
32
state.user_repo.as_ref(),
33
state.oauth_repo.as_ref(),
34
&extracted.token,
35
-
extracted.is_dpop,
36
dpop_proof,
37
-
"GET",
38
http_uri,
39
-
false,
40
-
true,
41
)
42
.await
43
{
44
-
Ok(auth_user) => auth_user.is_admin || auth_user.did == did,
45
Err(_) => false,
46
}
47
}
···
69
Ok(d) => d,
70
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
71
};
72
-
let is_admin_or_self = check_admin_or_self(&state, &headers, did_str).await;
73
-
let account =
74
-
match assert_repo_availability(state.repo_repo.as_ref(), &did, is_admin_or_self).await {
75
-
Ok(a) => a,
76
-
Err(e) => return e.into_response(),
77
-
};
78
match account.repo_root_cid {
79
Some(root) => (StatusCode::OK, Json(GetHeadOutput { root })).into_response(),
80
-
None => ApiError::RepoNotFound(Some(format!("Could not find root for DID: {}", did_str)))
81
.into_response(),
82
}
83
}
···
100
Ok(d) => d,
101
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
102
};
103
-
let is_admin_or_self = check_admin_or_self(&state, &headers, did_str).await;
104
-
let account =
105
-
match assert_repo_availability(state.repo_repo.as_ref(), &did, is_admin_or_self).await {
106
-
Ok(a) => a,
107
-
Err(e) => return e.into_response(),
108
-
};
109
let Some(head_str) = account.repo_root_cid else {
110
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
111
};
···
128
}
129
remaining -= 1;
130
if let Ok(Some(block)) = state.block_store.get(&cid).await {
131
-
let cid_bytes = cid.to_bytes();
132
-
let total_len = cid_bytes.len() + block.len();
133
-
let mut writer = Vec::new();
134
-
crate::sync::car::write_varint(&mut writer, total_len as u64)
135
-
.expect("Writing to Vec<u8> should never fail");
136
-
writer
137
-
.write_all(&cid_bytes)
138
-
.expect("Writing to Vec<u8> should never fail");
139
-
writer
140
-
.write_all(&block)
141
-
.expect("Writing to Vec<u8> should never fail");
142
-
car_bytes.extend_from_slice(&writer);
143
if let Ok(value) = serde_ipld_dagcbor::from_slice::<Ipld>(&block) {
144
extract_links_ipld(&value, &mut stack);
145
}
···
1
use crate::api::error::ApiError;
2
use crate::state::AppState;
3
+
use crate::sync::car::{encode_car_block, encode_car_header};
4
+
use crate::sync::util::{RepoAccessLevel, assert_repo_availability};
5
use axum::{
6
Json,
7
extract::{Query, State},
8
+
http::{HeaderMap, Method, StatusCode},
9
response::{IntoResponse, Response},
10
};
11
use cid::Cid;
12
use ipld_core::ipld::Ipld;
13
use jacquard_repo::storage::BlockStore;
14
use serde::{Deserialize, Serialize};
15
use std::str::FromStr;
16
use tranquil_types::Did;
17
18
const MAX_REPO_BLOCKS_TRAVERSAL: usize = 20_000;
19
20
+
async fn check_admin_or_self(state: &AppState, headers: &HeaderMap, did: &Did) -> bool {
21
let extracted = match crate::auth::extract_auth_token_from_header(crate::util::get_header_str(
22
headers,
23
+
axum::http::header::AUTHORIZATION,
24
)) {
25
Some(t) => t,
26
None => return false,
27
};
28
+
let dpop_proof = crate::util::get_header_str(headers, crate::util::HEADER_DPOP);
29
let http_uri = "/";
30
match crate::auth::validate_token_with_dpop(
31
state.user_repo.as_ref(),
32
state.oauth_repo.as_ref(),
33
&extracted.token,
34
+
extracted.scheme,
35
dpop_proof,
36
+
Method::GET.as_str(),
37
http_uri,
38
+
crate::auth::AccountRequirement::AnyStatus,
39
)
40
.await
41
{
42
+
Ok(auth_user) => auth_user.is_admin || auth_user.did == *did,
43
Err(_) => false,
44
}
45
}
···
67
Ok(d) => d,
68
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
69
};
70
+
let is_admin_or_self = check_admin_or_self(&state, &headers, &did).await;
71
+
let account = match assert_repo_availability(
72
+
state.repo_repo.as_ref(),
73
+
&did,
74
+
if is_admin_or_self {
75
+
RepoAccessLevel::Privileged
76
+
} else {
77
+
RepoAccessLevel::Public
78
+
},
79
+
)
80
+
.await
81
+
{
82
+
Ok(a) => a,
83
+
Err(e) => return e.into_response(),
84
+
};
85
match account.repo_root_cid {
86
Some(root) => (StatusCode::OK, Json(GetHeadOutput { root })).into_response(),
87
+
None => ApiError::RepoNotFound(Some(format!("Could not find root for DID: {}", did)))
88
.into_response(),
89
}
90
}
···
107
Ok(d) => d,
108
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
109
};
110
+
let is_admin_or_self = check_admin_or_self(&state, &headers, &did).await;
111
+
let account = match assert_repo_availability(
112
+
state.repo_repo.as_ref(),
113
+
&did,
114
+
if is_admin_or_self {
115
+
RepoAccessLevel::Privileged
116
+
} else {
117
+
RepoAccessLevel::Public
118
+
},
119
+
)
120
+
.await
121
+
{
122
+
Ok(a) => a,
123
+
Err(e) => return e.into_response(),
124
+
};
125
let Some(head_str) = account.repo_root_cid else {
126
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
127
};
···
144
}
145
remaining -= 1;
146
if let Ok(Some(block)) = state.block_store.get(&cid).await {
147
+
car_bytes.extend_from_slice(&encode_car_block(&cid, &block));
148
if let Ok(value) = serde_ipld_dagcbor::from_slice::<Ipld>(&block) {
149
extract_links_ipld(&value, &mut stack);
150
}
+38
-11
crates/tranquil-pds/src/sync/frame.rs
+38
-11
crates/tranquil-pds/src/sync/frame.rs
···
3
use serde::{Deserialize, Serialize};
4
use std::str::FromStr;
5
use tranquil_scopes::RepoAction;
6
7
#[derive(Debug, Serialize, Deserialize)]
8
pub struct FrameHeader {
9
pub op: i64,
10
-
pub t: String,
11
}
12
13
#[derive(Debug, Serialize, Deserialize)]
···
16
pub rebase: bool,
17
#[serde(rename = "tooBig")]
18
pub too_big: bool,
19
-
pub repo: String,
20
pub commit: Cid,
21
pub rev: String,
22
pub since: Option<String>,
···
48
49
#[derive(Debug, Serialize, Deserialize)]
50
pub struct IdentityFrame {
51
-
pub did: String,
52
#[serde(skip_serializing_if = "Option::is_none")]
53
pub handle: Option<String>,
54
pub seq: i64,
···
57
58
#[derive(Debug, Serialize, Deserialize)]
59
pub struct AccountFrame {
60
-
pub did: String,
61
pub active: bool,
62
#[serde(skip_serializing_if = "Option::is_none")]
63
-
pub status: Option<String>,
64
pub seq: i64,
65
pub time: String,
66
}
67
68
#[derive(Debug, Serialize, Deserialize)]
69
pub struct SyncFrame {
70
-
pub did: String,
71
pub rev: String,
72
#[serde(with = "serde_bytes")]
73
pub blocks: Vec<u8>,
···
75
pub time: String,
76
}
77
78
#[derive(Debug, Serialize, Deserialize)]
79
pub struct InfoFrame {
80
-
pub name: String,
81
#[serde(skip_serializing_if = "Option::is_none")]
82
pub message: Option<String>,
83
}
···
89
90
#[derive(Debug, Serialize, Deserialize)]
91
pub struct ErrorFrameBody {
92
-
pub error: String,
93
#[serde(skip_serializing_if = "Option::is_none")]
94
pub message: Option<String>,
95
}
···
113
114
pub struct CommitFrameBuilder {
115
seq: i64,
116
-
did: String,
117
commit_cid: Cid,
118
prev_cid: Option<Cid>,
119
ops_json: serde_json::Value,
···
126
#[allow(clippy::too_many_arguments)]
127
pub fn new(
128
seq: i64,
129
-
did: String,
130
commit_cid_str: &str,
131
prev_cid_str: Option<&str>,
132
ops_json: serde_json::Value,
···
206
})?;
207
let builder = CommitFrameBuilder::new(
208
event.seq.as_i64(),
209
-
event.did.to_string(),
210
commit_cid.as_str(),
211
event.prev_cid.as_ref().map(|c| c.as_str()),
212
event.ops.unwrap_or_default(),
···
3
use serde::{Deserialize, Serialize};
4
use std::str::FromStr;
5
use tranquil_scopes::RepoAction;
6
+
use tranquil_types::Did;
7
+
8
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
9
+
pub enum FrameType {
10
+
#[serde(rename = "#commit")]
11
+
Commit,
12
+
#[serde(rename = "#identity")]
13
+
Identity,
14
+
#[serde(rename = "#account")]
15
+
Account,
16
+
#[serde(rename = "#sync")]
17
+
Sync,
18
+
#[serde(rename = "#info")]
19
+
Info,
20
+
}
21
22
#[derive(Debug, Serialize, Deserialize)]
23
pub struct FrameHeader {
24
pub op: i64,
25
+
pub t: FrameType,
26
}
27
28
#[derive(Debug, Serialize, Deserialize)]
···
31
pub rebase: bool,
32
#[serde(rename = "tooBig")]
33
pub too_big: bool,
34
+
pub repo: Did,
35
pub commit: Cid,
36
pub rev: String,
37
pub since: Option<String>,
···
63
64
#[derive(Debug, Serialize, Deserialize)]
65
pub struct IdentityFrame {
66
+
pub did: Did,
67
#[serde(skip_serializing_if = "Option::is_none")]
68
pub handle: Option<String>,
69
pub seq: i64,
···
72
73
#[derive(Debug, Serialize, Deserialize)]
74
pub struct AccountFrame {
75
+
pub did: Did,
76
pub active: bool,
77
#[serde(skip_serializing_if = "Option::is_none")]
78
+
pub status: Option<tranquil_db_traits::AccountStatus>,
79
pub seq: i64,
80
pub time: String,
81
}
82
83
#[derive(Debug, Serialize, Deserialize)]
84
pub struct SyncFrame {
85
+
pub did: Did,
86
pub rev: String,
87
#[serde(with = "serde_bytes")]
88
pub blocks: Vec<u8>,
···
90
pub time: String,
91
}
92
93
+
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
94
+
pub enum InfoFrameName {
95
+
#[serde(rename = "OutdatedCursor")]
96
+
OutdatedCursor,
97
+
}
98
+
99
+
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
100
+
pub enum ErrorFrameName {
101
+
#[serde(rename = "FutureCursor")]
102
+
FutureCursor,
103
+
}
104
+
105
#[derive(Debug, Serialize, Deserialize)]
106
pub struct InfoFrame {
107
+
pub name: InfoFrameName,
108
#[serde(skip_serializing_if = "Option::is_none")]
109
pub message: Option<String>,
110
}
···
116
117
#[derive(Debug, Serialize, Deserialize)]
118
pub struct ErrorFrameBody {
119
+
pub error: ErrorFrameName,
120
#[serde(skip_serializing_if = "Option::is_none")]
121
pub message: Option<String>,
122
}
···
140
141
pub struct CommitFrameBuilder {
142
seq: i64,
143
+
did: Did,
144
commit_cid: Cid,
145
prev_cid: Option<Cid>,
146
ops_json: serde_json::Value,
···
153
#[allow(clippy::too_many_arguments)]
154
pub fn new(
155
seq: i64,
156
+
did: Did,
157
commit_cid_str: &str,
158
prev_cid_str: Option<&str>,
159
ops_json: serde_json::Value,
···
233
})?;
234
let builder = CommitFrameBuilder::new(
235
event.seq.as_i64(),
236
+
event.did.clone(),
237
commit_cid.as_str(),
238
event.prev_cid.as_ref().map(|c| c.as_str()),
239
event.ops.unwrap_or_default(),
+3
-6
crates/tranquil-pds/src/sync/import.rs
+3
-6
crates/tranquil-pds/src/sync/import.rs
+2
-1
crates/tranquil-pds/src/sync/mod.rs
+2
-1
crates/tranquil-pds/src/sync/mod.rs
+57
-86
crates/tranquil-pds/src/sync/repo.rs
+57
-86
crates/tranquil-pds/src/sync/repo.rs
···
1
use crate::api::error::ApiError;
2
use crate::scheduled::generate_repo_car_from_user_blocks;
3
use crate::state::AppState;
4
-
use crate::sync::car::encode_car_header;
5
-
use crate::sync::util::assert_repo_availability;
6
use axum::{
7
extract::{Query, RawQuery, State},
8
http::StatusCode,
···
11
use cid::Cid;
12
use jacquard_repo::storage::BlockStore;
13
use serde::Deserialize;
14
-
use std::io::Write;
15
use std::str::FromStr;
16
use tracing::error;
17
use tranquil_types::Did;
18
19
-
fn parse_get_blocks_query(query_string: &str) -> Result<(String, Vec<String>), String> {
20
-
let did = crate::util::parse_repeated_query_param(Some(query_string), "did")
21
.into_iter()
22
.next()
23
-
.ok_or("Missing required parameter: did")?;
24
let cids = crate::util::parse_repeated_query_param(Some(query_string), "cids");
25
-
Ok((did, cids))
26
}
27
28
pub async fn get_blocks(State(state): State<AppState>, RawQuery(query): RawQuery) -> Response {
···
30
return ApiError::InvalidRequest("Missing query parameters".into()).into_response();
31
};
32
33
-
let (did_str, cid_strings) = match parse_get_blocks_query(&query_string) {
34
Ok(parsed) => parsed,
35
-
Err(msg) => return ApiError::InvalidRequest(msg).into_response(),
36
-
};
37
-
let did: Did = match did_str.parse() {
38
-
Ok(d) => d,
39
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
40
-
};
41
-
42
-
let _account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
43
-
Ok(a) => a,
44
Err(e) => return e.into_response(),
45
};
46
47
let cids: Vec<Cid> = match cid_strings
48
.iter()
49
.map(|s| Cid::from_str(s).map_err(|_| s.clone()))
···
89
}
90
};
91
let mut car_bytes = header;
92
-
for (i, block_opt) in blocks.into_iter().enumerate() {
93
-
if let Some(block) = block_opt {
94
-
let cid = cids[i];
95
-
let cid_bytes = cid.to_bytes();
96
-
let total_len = cid_bytes.len() + block.len();
97
-
let mut writer = Vec::new();
98
-
crate::sync::car::write_varint(&mut writer, total_len as u64)
99
-
.expect("Writing to Vec<u8> should never fail");
100
-
writer
101
-
.write_all(&cid_bytes)
102
-
.expect("Writing to Vec<u8> should never fail");
103
-
writer
104
-
.write_all(&block)
105
-
.expect("Writing to Vec<u8> should never fail");
106
-
car_bytes.extend_from_slice(&writer);
107
-
}
108
-
}
109
(
110
StatusCode::OK,
111
[(axum::http::header::CONTENT_TYPE, "application/vnd.ipld.car")],
···
116
117
#[derive(Deserialize)]
118
pub struct GetRepoQuery {
119
-
pub did: String,
120
pub since: Option<String>,
121
}
122
···
124
State(state): State<AppState>,
125
Query(query): Query<GetRepoQuery>,
126
) -> Response {
127
-
let did: Did = match query.did.parse() {
128
-
Ok(d) => d,
129
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
130
-
};
131
-
let account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
132
-
Ok(a) => a,
133
-
Err(e) => return e.into_response(),
134
-
};
135
136
let Some(head_str) = account.repo_root_cid else {
137
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
···
223
}
224
};
225
226
-
for (i, block_opt) in blocks.into_iter().enumerate() {
227
-
if let Some(block) = block_opt {
228
-
let cid = block_cids[i];
229
-
let cid_bytes = cid.to_bytes();
230
-
let total_len = cid_bytes.len() + block.len();
231
-
let mut writer = Vec::new();
232
-
crate::sync::car::write_varint(&mut writer, total_len as u64)
233
-
.expect("Writing to Vec<u8> should never fail");
234
-
writer
235
-
.write_all(&cid_bytes)
236
-
.expect("Writing to Vec<u8> should never fail");
237
-
writer
238
-
.write_all(&block)
239
-
.expect("Writing to Vec<u8> should never fail");
240
-
car_bytes.extend_from_slice(&writer);
241
-
}
242
-
}
243
244
(
245
StatusCode::OK,
···
251
252
#[derive(Deserialize)]
253
pub struct GetRecordQuery {
254
-
pub did: String,
255
pub collection: String,
256
pub rkey: String,
257
}
···
265
use std::collections::BTreeMap;
266
use std::sync::Arc;
267
268
-
let did: Did = match query.did.parse() {
269
-
Ok(d) => d,
270
-
Err(_) => return ApiError::InvalidRequest("invalid did".into()).into_response(),
271
-
};
272
-
let account = match assert_repo_availability(state.repo_repo.as_ref(), &did, false).await {
273
-
Ok(a) => a,
274
-
Err(e) => return e.into_response(),
275
-
};
276
277
let commit_cid_str = match account.repo_root_cid {
278
Some(cid) => cid,
···
321
}
322
};
323
let mut car_bytes = header;
324
-
let write_block = |car: &mut Vec<u8>, cid: &Cid, data: &[u8]| {
325
-
let cid_bytes = cid.to_bytes();
326
-
let total_len = cid_bytes.len() + data.len();
327
-
let mut writer = Vec::new();
328
-
crate::sync::car::write_varint(&mut writer, total_len as u64)
329
-
.expect("Writing to Vec<u8> should never fail");
330
-
writer
331
-
.write_all(&cid_bytes)
332
-
.expect("Writing to Vec<u8> should never fail");
333
-
writer
334
-
.write_all(data)
335
-
.expect("Writing to Vec<u8> should never fail");
336
-
car.extend_from_slice(&writer);
337
-
};
338
-
write_block(&mut car_bytes, &commit_cid, &commit_bytes);
339
proof_blocks
340
.iter()
341
-
.for_each(|(cid, data)| write_block(&mut car_bytes, cid, data));
342
-
write_block(&mut car_bytes, &record_cid, &record_block);
343
(
344
StatusCode::OK,
345
[(axum::http::header::CONTENT_TYPE, "application/vnd.ipld.car")],
···
1
use crate::api::error::ApiError;
2
use crate::scheduled::generate_repo_car_from_user_blocks;
3
use crate::state::AppState;
4
+
use crate::sync::car::{encode_car_block, encode_car_header};
5
+
use crate::sync::util::{RepoAccessLevel, assert_repo_availability};
6
use axum::{
7
extract::{Query, RawQuery, State},
8
http::StatusCode,
···
11
use cid::Cid;
12
use jacquard_repo::storage::BlockStore;
13
use serde::Deserialize;
14
use std::str::FromStr;
15
use tracing::error;
16
use tranquil_types::Did;
17
18
+
struct GetBlocksParams {
19
+
did: Did,
20
+
cids: Vec<String>,
21
+
}
22
+
23
+
fn parse_get_blocks_query(query_string: &str) -> Result<GetBlocksParams, ApiError> {
24
+
let did_str = crate::util::parse_repeated_query_param(Some(query_string), "did")
25
.into_iter()
26
.next()
27
+
.ok_or_else(|| ApiError::InvalidRequest("Missing required parameter: did".into()))?;
28
+
let did: Did = did_str
29
+
.parse()
30
+
.map_err(|_| ApiError::InvalidRequest("invalid did".into()))?;
31
let cids = crate::util::parse_repeated_query_param(Some(query_string), "cids");
32
+
Ok(GetBlocksParams { did, cids })
33
}
34
35
pub async fn get_blocks(State(state): State<AppState>, RawQuery(query): RawQuery) -> Response {
···
37
return ApiError::InvalidRequest("Missing query parameters".into()).into_response();
38
};
39
40
+
let GetBlocksParams {
41
+
did,
42
+
cids: cid_strings,
43
+
} = match parse_get_blocks_query(&query_string) {
44
Ok(parsed) => parsed,
45
Err(e) => return e.into_response(),
46
};
47
48
+
let _account =
49
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
50
+
.await
51
+
{
52
+
Ok(a) => a,
53
+
Err(e) => return e.into_response(),
54
+
};
55
+
56
let cids: Vec<Cid> = match cid_strings
57
.iter()
58
.map(|s| Cid::from_str(s).map_err(|_| s.clone()))
···
98
}
99
};
100
let mut car_bytes = header;
101
+
blocks
102
+
.into_iter()
103
+
.enumerate()
104
+
.filter_map(|(i, block_opt)| block_opt.map(|block| (cids[i], block)))
105
+
.for_each(|(cid, block)| car_bytes.extend_from_slice(&encode_car_block(&cid, &block)));
106
(
107
StatusCode::OK,
108
[(axum::http::header::CONTENT_TYPE, "application/vnd.ipld.car")],
···
113
114
#[derive(Deserialize)]
115
pub struct GetRepoQuery {
116
+
pub did: Did,
117
pub since: Option<String>,
118
}
119
···
121
State(state): State<AppState>,
122
Query(query): Query<GetRepoQuery>,
123
) -> Response {
124
+
let did = query.did;
125
+
let account =
126
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
127
+
.await
128
+
{
129
+
Ok(a) => a,
130
+
Err(e) => return e.into_response(),
131
+
};
132
133
let Some(head_str) = account.repo_root_cid else {
134
return ApiError::RepoNotFound(Some("Repo not initialized".into())).into_response();
···
220
}
221
};
222
223
+
blocks
224
+
.into_iter()
225
+
.enumerate()
226
+
.filter_map(|(i, block_opt)| block_opt.map(|block| (block_cids[i], block)))
227
+
.for_each(|(cid, block)| car_bytes.extend_from_slice(&encode_car_block(&cid, &block)));
228
229
(
230
StatusCode::OK,
···
236
237
#[derive(Deserialize)]
238
pub struct GetRecordQuery {
239
+
pub did: Did,
240
pub collection: String,
241
pub rkey: String,
242
}
···
250
use std::collections::BTreeMap;
251
use std::sync::Arc;
252
253
+
let did = query.did;
254
+
let account =
255
+
match assert_repo_availability(state.repo_repo.as_ref(), &did, RepoAccessLevel::Public)
256
+
.await
257
+
{
258
+
Ok(a) => a,
259
+
Err(e) => return e.into_response(),
260
+
};
261
262
let commit_cid_str = match account.repo_root_cid {
263
Some(cid) => cid,
···
306
}
307
};
308
let mut car_bytes = header;
309
+
car_bytes.extend_from_slice(&encode_car_block(&commit_cid, &commit_bytes));
310
proof_blocks
311
.iter()
312
+
.for_each(|(cid, data)| car_bytes.extend_from_slice(&encode_car_block(cid, data)));
313
+
car_bytes.extend_from_slice(&encode_car_block(&record_cid, &record_block));
314
(
315
StatusCode::OK,
316
[(axum::http::header::CONTENT_TYPE, "application/vnd.ipld.car")],
+4
-3
crates/tranquil-pds/src/sync/subscribe_repos.rs
+4
-3
crates/tranquil-pds/src/sync/subscribe_repos.rs
···
1
use crate::state::AppState;
2
use crate::sync::firehose::SequencedEvent;
3
use crate::sync::util::{
4
format_error_frame, format_event_for_sending, format_event_with_prefetched_blocks,
5
format_info_frame, prefetch_blocks_for_events,
···
82
83
if cursor_seq > current_seq {
84
if let Ok(error_bytes) =
85
-
format_error_frame("FutureCursor", Some("Cursor in the future."))
86
{
87
let _ = socket.send(Message::Binary(error_bytes.into())).await;
88
}
···
105
&& event.created_at < backfill_time
106
{
107
if let Ok(info_bytes) = format_info_frame(
108
-
"OutdatedCursor",
109
Some("Requested cursor exceeded limit. Possibly missing events"),
110
) {
111
let _ = socket.send(Message::Binary(info_bytes.into())).await;
···
161
}
162
crate::metrics::record_firehose_event();
163
}
164
-
if (events_count as i64) < BACKFILL_BATCH_SIZE {
165
break;
166
}
167
}
···
1
use crate::state::AppState;
2
use crate::sync::firehose::SequencedEvent;
3
+
use crate::sync::frame::{ErrorFrameName, InfoFrameName};
4
use crate::sync::util::{
5
format_error_frame, format_event_for_sending, format_event_with_prefetched_blocks,
6
format_info_frame, prefetch_blocks_for_events,
···
83
84
if cursor_seq > current_seq {
85
if let Ok(error_bytes) =
86
+
format_error_frame(ErrorFrameName::FutureCursor, Some("Cursor in the future."))
87
{
88
let _ = socket.send(Message::Binary(error_bytes.into())).await;
89
}
···
106
&& event.created_at < backfill_time
107
{
108
if let Ok(info_bytes) = format_info_frame(
109
+
InfoFrameName::OutdatedCursor,
110
Some("Requested cursor exceeded limit. Possibly missing events"),
111
) {
112
let _ = socket.send(Message::Binary(info_bytes.into())).await;
···
162
}
163
crate::metrics::record_firehose_event();
164
}
165
+
if i64::try_from(events_count).unwrap_or(i64::MAX) < BACKFILL_BATCH_SIZE {
166
break;
167
}
168
}
+133
-63
crates/tranquil-pds/src/sync/util.rs
+133
-63
crates/tranquil-pds/src/sync/util.rs
···
2
use crate::state::AppState;
3
use crate::sync::firehose::SequencedEvent;
4
use crate::sync::frame::{
5
-
AccountFrame, CommitFrame, ErrorFrameBody, ErrorFrameHeader, FrameHeader, IdentityFrame,
6
-
InfoFrame, SyncFrame,
7
};
8
use axum::response::{IntoResponse, Response};
9
use bytes::Bytes;
···
18
use tranquil_db_traits::{AccountStatus, RepoEventType, RepoRepository};
19
use tranquil_types::Did;
20
21
pub struct RepoAccount {
22
-
pub did: String,
23
pub user_id: uuid::Uuid,
24
pub status: AccountStatus,
25
pub repo_root_cid: Option<String>,
26
}
27
28
pub enum RepoAvailabilityError {
29
-
NotFound(String),
30
-
Takendown(String),
31
-
Deactivated(String),
32
Internal(String),
33
}
34
···
64
};
65
66
RepoAccount {
67
-
did: r.did.to_string(),
68
user_id: r.user_id,
69
status,
70
repo_root_cid: r.repo_root_cid.map(|c| c.to_string()),
···
75
pub async fn assert_repo_availability(
76
repo_repo: &dyn RepoRepository,
77
did: &Did,
78
-
is_admin_or_self: bool,
79
) -> Result<RepoAccount, RepoAvailabilityError> {
80
let account = get_account_with_status(repo_repo, did)
81
.await
82
.map_err(|e| RepoAvailabilityError::Internal(e.to_string()))?;
83
84
-
let did_str = did.to_string();
85
let account = match account {
86
Some(a) => a,
87
-
None => return Err(RepoAvailabilityError::NotFound(did_str)),
88
};
89
90
-
if is_admin_or_self {
91
return Ok(account);
92
}
93
94
match account.status {
95
-
AccountStatus::Takendown => return Err(RepoAvailabilityError::Takendown(did_str)),
96
AccountStatus::Deactivated => {
97
-
return Err(RepoAvailabilityError::Deactivated(did_str));
98
}
99
_ => {}
100
}
···
112
commit_cid: Cid,
113
commit_bytes: Option<Bytes>,
114
other_blocks: BTreeMap<Cid, Bytes>,
115
-
) -> Result<Vec<u8>, anyhow::Error> {
116
let mut buffer = Cursor::new(Vec::new());
117
let header = CarHeader::new_v1(vec![commit_cid]);
118
let mut writer = CarWriter::new(header, &mut buffer);
···
120
writer
121
.write(*cid, data.as_ref())
122
.await
123
-
.map_err(|e| anyhow::anyhow!("writing block {}: {}", cid, e))?;
124
}
125
if let Some(data) = commit_bytes {
126
writer
127
.write(commit_cid, data.as_ref())
128
.await
129
-
.map_err(|e| anyhow::anyhow!("writing commit block: {}", e))?;
130
}
131
-
writer
132
-
.finish()
133
-
.await
134
-
.map_err(|e| anyhow::anyhow!("finalizing CAR: {}", e))?;
135
-
buffer
136
-
.flush()
137
-
.await
138
-
.map_err(|e| anyhow::anyhow!("flushing CAR buffer: {}", e))?;
139
Ok(buffer.into_inner())
140
}
141
···
143
dt.format("%Y-%m-%dT%H:%M:%S%.3fZ").to_string()
144
}
145
146
-
fn format_identity_event(event: &SequencedEvent) -> Result<Vec<u8>, anyhow::Error> {
147
let frame = IdentityFrame {
148
-
did: event.did.to_string(),
149
handle: event.handle.as_ref().map(|h| h.to_string()),
150
seq: event.seq.as_i64(),
151
time: format_atproto_time(event.created_at),
152
};
153
let header = FrameHeader {
154
op: 1,
155
-
t: "#identity".to_string(),
156
};
157
let mut bytes = Vec::with_capacity(256);
158
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
160
Ok(bytes)
161
}
162
163
-
fn format_account_event(event: &SequencedEvent) -> Result<Vec<u8>, anyhow::Error> {
164
let frame = AccountFrame {
165
-
did: event.did.to_string(),
166
active: event.active.unwrap_or(true),
167
-
status: event
168
-
.status
169
-
.and_then(|s| s.for_firehose().map(String::from)),
170
seq: event.seq.as_i64(),
171
time: format_atproto_time(event.created_at),
172
};
173
let header = FrameHeader {
174
op: 1,
175
-
t: "#account".to_string(),
176
};
177
let mut bytes = Vec::with_capacity(256);
178
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
192
async fn format_sync_event(
193
state: &AppState,
194
event: &SequencedEvent,
195
-
) -> Result<Vec<u8>, anyhow::Error> {
196
let commit_cid_str = event
197
.commit_cid
198
.as_ref()
199
-
.ok_or_else(|| anyhow::anyhow!("Sync event missing commit_cid"))?;
200
let commit_cid = Cid::from_str(commit_cid_str)?;
201
let commit_bytes = state
202
.block_store
203
.get(&commit_cid)
204
.await?
205
-
.ok_or_else(|| anyhow::anyhow!("Commit block not found"))?;
206
let rev = if let Some(ref stored_rev) = event.rev {
207
stored_rev.clone()
208
} else {
209
-
extract_rev_from_commit_bytes(&commit_bytes)
210
-
.ok_or_else(|| anyhow::anyhow!("Could not extract rev from commit"))?
211
};
212
let car_bytes = write_car_blocks(commit_cid, Some(commit_bytes), BTreeMap::new()).await?;
213
let frame = SyncFrame {
214
-
did: event.did.to_string(),
215
rev,
216
blocks: car_bytes,
217
seq: event.seq.as_i64(),
···
219
};
220
let header = FrameHeader {
221
op: 1,
222
-
t: "#sync".to_string(),
223
};
224
let mut bytes = Vec::with_capacity(512);
225
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
230
pub async fn format_event_for_sending(
231
state: &AppState,
232
event: SequencedEvent,
233
-
) -> Result<Vec<u8>, anyhow::Error> {
234
match event.event_type {
235
RepoEventType::Identity => return format_identity_event(&event),
236
RepoEventType::Account => return format_account_event(&event),
···
240
let block_cids_str = event.blocks_cids.clone().unwrap_or_default();
241
let prev_cid_link = event.prev_cid.clone();
242
let prev_data_cid_link = event.prev_data_cid.clone();
243
-
let mut frame: CommitFrame = event
244
-
.try_into()
245
-
.map_err(|e| anyhow::anyhow!("Invalid event: {}", e))?;
246
if let Some(ref pdc) = prev_data_cid_link
247
&& let Ok(cid) = Cid::from_str(pdc.as_str())
248
{
···
287
frame.blocks = car_bytes;
288
let header = FrameHeader {
289
op: 1,
290
-
t: "#commit".to_string(),
291
};
292
let mut bytes = Vec::with_capacity(frame.blocks.len() + 512);
293
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
298
pub async fn prefetch_blocks_for_events(
299
state: &AppState,
300
events: &[SequencedEvent],
301
-
) -> Result<HashMap<Cid, Bytes>, anyhow::Error> {
302
let mut all_cids: Vec<Cid> = events
303
.iter()
304
.flat_map(|event| {
···
332
fn format_sync_event_with_prefetched(
333
event: &SequencedEvent,
334
prefetched: &HashMap<Cid, Bytes>,
335
-
) -> Result<Vec<u8>, anyhow::Error> {
336
let commit_cid_str = event
337
.commit_cid
338
.as_ref()
339
-
.ok_or_else(|| anyhow::anyhow!("Sync event missing commit_cid"))?;
340
let commit_cid = Cid::from_str(commit_cid_str)?;
341
let commit_bytes = prefetched
342
.get(&commit_cid)
343
-
.ok_or_else(|| anyhow::anyhow!("Commit block not found in prefetched"))?;
344
let rev = if let Some(ref stored_rev) = event.rev {
345
stored_rev.clone()
346
} else {
347
-
extract_rev_from_commit_bytes(commit_bytes)
348
-
.ok_or_else(|| anyhow::anyhow!("Could not extract rev from commit"))?
349
};
350
let car_bytes = futures::executor::block_on(write_car_blocks(
351
commit_cid,
···
353
BTreeMap::new(),
354
))?;
355
let frame = SyncFrame {
356
-
did: event.did.to_string(),
357
rev,
358
blocks: car_bytes,
359
seq: event.seq.as_i64(),
···
361
};
362
let header = FrameHeader {
363
op: 1,
364
-
t: "#sync".to_string(),
365
};
366
let mut bytes = Vec::new();
367
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
372
pub async fn format_event_with_prefetched_blocks(
373
event: SequencedEvent,
374
prefetched: &HashMap<Cid, Bytes>,
375
-
) -> Result<Vec<u8>, anyhow::Error> {
376
match event.event_type {
377
RepoEventType::Identity => return format_identity_event(&event),
378
RepoEventType::Account => return format_account_event(&event),
···
382
let block_cids_str = event.blocks_cids.clone().unwrap_or_default();
383
let prev_cid_link = event.prev_cid.clone();
384
let prev_data_cid_link = event.prev_data_cid.clone();
385
-
let mut frame: CommitFrame = event
386
-
.try_into()
387
-
.map_err(|e| anyhow::anyhow!("Invalid event: {}", e))?;
388
if let Some(ref pdc) = prev_data_cid_link
389
&& let Ok(cid) = Cid::from_str(pdc.as_str())
390
{
···
427
frame.blocks = car_bytes;
428
let header = FrameHeader {
429
op: 1,
430
-
t: "#commit".to_string(),
431
};
432
let mut bytes = Vec::with_capacity(frame.blocks.len() + 512);
433
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
435
Ok(bytes)
436
}
437
438
-
pub fn format_info_frame(name: &str, message: Option<&str>) -> Result<Vec<u8>, anyhow::Error> {
439
let header = FrameHeader {
440
op: 1,
441
-
t: "#info".to_string(),
442
};
443
let frame = InfoFrame {
444
-
name: name.to_string(),
445
message: message.map(String::from),
446
};
447
let mut bytes = Vec::with_capacity(128);
···
450
Ok(bytes)
451
}
452
453
-
pub fn format_error_frame(error: &str, message: Option<&str>) -> Result<Vec<u8>, anyhow::Error> {
454
let header = ErrorFrameHeader { op: -1 };
455
let frame = ErrorFrameBody {
456
-
error: error.to_string(),
457
message: message.map(String::from),
458
};
459
let mut bytes = Vec::with_capacity(128);
···
2
use crate::state::AppState;
3
use crate::sync::firehose::SequencedEvent;
4
use crate::sync::frame::{
5
+
AccountFrame, CommitFrame, ErrorFrameBody, ErrorFrameHeader, ErrorFrameName, FrameHeader,
6
+
FrameType, IdentityFrame, InfoFrame, InfoFrameName, SyncFrame,
7
};
8
use axum::response::{IntoResponse, Response};
9
use bytes::Bytes;
···
18
use tranquil_db_traits::{AccountStatus, RepoEventType, RepoRepository};
19
use tranquil_types::Did;
20
21
+
#[derive(Debug)]
22
+
pub enum SyncFrameError {
23
+
CarWrite(iroh_car::Error),
24
+
CarFinalize(iroh_car::Error),
25
+
IoFlush(std::io::Error),
26
+
CborSerialize(String),
27
+
MissingCommitCid,
28
+
CommitBlockNotFound,
29
+
RevExtraction,
30
+
InvalidEvent(String),
31
+
BlockStore(tranquil_db_traits::DbError),
32
+
CidParse(cid::Error),
33
+
}
34
+
35
+
impl std::fmt::Display for SyncFrameError {
36
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
37
+
match self {
38
+
Self::CarWrite(e) => write!(f, "CAR block write failed: {}", e),
39
+
Self::CarFinalize(e) => write!(f, "CAR finalize failed: {}", e),
40
+
Self::IoFlush(e) => write!(f, "CAR buffer flush failed: {}", e),
41
+
Self::CborSerialize(e) => write!(f, "CBOR serialization failed: {}", e),
42
+
Self::MissingCommitCid => write!(f, "missing commit_cid"),
43
+
Self::CommitBlockNotFound => write!(f, "commit block not found"),
44
+
Self::RevExtraction => write!(f, "could not extract rev from commit"),
45
+
Self::InvalidEvent(msg) => write!(f, "invalid event: {}", msg),
46
+
Self::BlockStore(e) => write!(f, "block store error: {}", e),
47
+
Self::CidParse(e) => write!(f, "CID parse failed: {}", e),
48
+
}
49
+
}
50
+
}
51
+
52
+
impl std::error::Error for SyncFrameError {}
53
+
54
+
impl From<serde_ipld_dagcbor::EncodeError<std::collections::TryReserveError>> for SyncFrameError {
55
+
fn from(e: serde_ipld_dagcbor::EncodeError<std::collections::TryReserveError>) -> Self {
56
+
Self::CborSerialize(e.to_string())
57
+
}
58
+
}
59
+
60
+
impl From<serde_ipld_dagcbor::EncodeError<std::io::Error>> for SyncFrameError {
61
+
fn from(e: serde_ipld_dagcbor::EncodeError<std::io::Error>) -> Self {
62
+
Self::CborSerialize(e.to_string())
63
+
}
64
+
}
65
+
66
+
impl From<cid::Error> for SyncFrameError {
67
+
fn from(e: cid::Error) -> Self {
68
+
Self::CidParse(e)
69
+
}
70
+
}
71
+
72
+
impl From<tranquil_db_traits::DbError> for SyncFrameError {
73
+
fn from(e: tranquil_db_traits::DbError) -> Self {
74
+
Self::BlockStore(e)
75
+
}
76
+
}
77
+
78
+
impl From<jacquard_repo::error::RepoError> for SyncFrameError {
79
+
fn from(e: jacquard_repo::error::RepoError) -> Self {
80
+
Self::BlockStore(tranquil_db_traits::DbError::from_query_error(e.to_string()))
81
+
}
82
+
}
83
+
84
pub struct RepoAccount {
85
+
pub did: Did,
86
pub user_id: uuid::Uuid,
87
pub status: AccountStatus,
88
pub repo_root_cid: Option<String>,
89
}
90
91
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
92
+
pub enum RepoAccessLevel {
93
+
Public,
94
+
Privileged,
95
+
}
96
+
97
pub enum RepoAvailabilityError {
98
+
NotFound(Did),
99
+
Takendown(Did),
100
+
Deactivated(Did),
101
Internal(String),
102
}
103
···
133
};
134
135
RepoAccount {
136
+
did: r.did,
137
user_id: r.user_id,
138
status,
139
repo_root_cid: r.repo_root_cid.map(|c| c.to_string()),
···
144
pub async fn assert_repo_availability(
145
repo_repo: &dyn RepoRepository,
146
did: &Did,
147
+
access_level: RepoAccessLevel,
148
) -> Result<RepoAccount, RepoAvailabilityError> {
149
let account = get_account_with_status(repo_repo, did)
150
.await
151
.map_err(|e| RepoAvailabilityError::Internal(e.to_string()))?;
152
153
let account = match account {
154
Some(a) => a,
155
+
None => return Err(RepoAvailabilityError::NotFound(did.clone())),
156
};
157
158
+
if access_level == RepoAccessLevel::Privileged {
159
return Ok(account);
160
}
161
162
match account.status {
163
+
AccountStatus::Takendown => return Err(RepoAvailabilityError::Takendown(did.clone())),
164
AccountStatus::Deactivated => {
165
+
return Err(RepoAvailabilityError::Deactivated(did.clone()));
166
}
167
_ => {}
168
}
···
180
commit_cid: Cid,
181
commit_bytes: Option<Bytes>,
182
other_blocks: BTreeMap<Cid, Bytes>,
183
+
) -> Result<Vec<u8>, SyncFrameError> {
184
let mut buffer = Cursor::new(Vec::new());
185
let header = CarHeader::new_v1(vec![commit_cid]);
186
let mut writer = CarWriter::new(header, &mut buffer);
···
188
writer
189
.write(*cid, data.as_ref())
190
.await
191
+
.map_err(SyncFrameError::CarWrite)?;
192
}
193
if let Some(data) = commit_bytes {
194
writer
195
.write(commit_cid, data.as_ref())
196
.await
197
+
.map_err(SyncFrameError::CarWrite)?;
198
}
199
+
writer.finish().await.map_err(SyncFrameError::CarFinalize)?;
200
+
buffer.flush().await.map_err(SyncFrameError::IoFlush)?;
201
Ok(buffer.into_inner())
202
}
203
···
205
dt.format("%Y-%m-%dT%H:%M:%S%.3fZ").to_string()
206
}
207
208
+
fn format_identity_event(event: &SequencedEvent) -> Result<Vec<u8>, SyncFrameError> {
209
let frame = IdentityFrame {
210
+
did: event.did.clone(),
211
handle: event.handle.as_ref().map(|h| h.to_string()),
212
seq: event.seq.as_i64(),
213
time: format_atproto_time(event.created_at),
214
};
215
let header = FrameHeader {
216
op: 1,
217
+
t: FrameType::Identity,
218
};
219
let mut bytes = Vec::with_capacity(256);
220
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
222
Ok(bytes)
223
}
224
225
+
fn format_account_event(event: &SequencedEvent) -> Result<Vec<u8>, SyncFrameError> {
226
let frame = AccountFrame {
227
+
did: event.did.clone(),
228
active: event.active.unwrap_or(true),
229
+
status: event.status.filter(|s| !s.is_active()),
230
seq: event.seq.as_i64(),
231
time: format_atproto_time(event.created_at),
232
};
233
let header = FrameHeader {
234
op: 1,
235
+
t: FrameType::Account,
236
};
237
let mut bytes = Vec::with_capacity(256);
238
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
252
async fn format_sync_event(
253
state: &AppState,
254
event: &SequencedEvent,
255
+
) -> Result<Vec<u8>, SyncFrameError> {
256
let commit_cid_str = event
257
.commit_cid
258
.as_ref()
259
+
.ok_or(SyncFrameError::MissingCommitCid)?;
260
let commit_cid = Cid::from_str(commit_cid_str)?;
261
let commit_bytes = state
262
.block_store
263
.get(&commit_cid)
264
.await?
265
+
.ok_or(SyncFrameError::CommitBlockNotFound)?;
266
let rev = if let Some(ref stored_rev) = event.rev {
267
stored_rev.clone()
268
} else {
269
+
extract_rev_from_commit_bytes(&commit_bytes).ok_or(SyncFrameError::RevExtraction)?
270
};
271
let car_bytes = write_car_blocks(commit_cid, Some(commit_bytes), BTreeMap::new()).await?;
272
let frame = SyncFrame {
273
+
did: event.did.clone(),
274
rev,
275
blocks: car_bytes,
276
seq: event.seq.as_i64(),
···
278
};
279
let header = FrameHeader {
280
op: 1,
281
+
t: FrameType::Sync,
282
};
283
let mut bytes = Vec::with_capacity(512);
284
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
289
pub async fn format_event_for_sending(
290
state: &AppState,
291
event: SequencedEvent,
292
+
) -> Result<Vec<u8>, SyncFrameError> {
293
match event.event_type {
294
RepoEventType::Identity => return format_identity_event(&event),
295
RepoEventType::Account => return format_account_event(&event),
···
299
let block_cids_str = event.blocks_cids.clone().unwrap_or_default();
300
let prev_cid_link = event.prev_cid.clone();
301
let prev_data_cid_link = event.prev_data_cid.clone();
302
+
let mut frame: CommitFrame =
303
+
event
304
+
.try_into()
305
+
.map_err(|e: crate::sync::frame::CommitFrameError| {
306
+
SyncFrameError::InvalidEvent(e.to_string())
307
+
})?;
308
if let Some(ref pdc) = prev_data_cid_link
309
&& let Ok(cid) = Cid::from_str(pdc.as_str())
310
{
···
349
frame.blocks = car_bytes;
350
let header = FrameHeader {
351
op: 1,
352
+
t: FrameType::Commit,
353
};
354
let mut bytes = Vec::with_capacity(frame.blocks.len() + 512);
355
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
360
pub async fn prefetch_blocks_for_events(
361
state: &AppState,
362
events: &[SequencedEvent],
363
+
) -> Result<HashMap<Cid, Bytes>, SyncFrameError> {
364
let mut all_cids: Vec<Cid> = events
365
.iter()
366
.flat_map(|event| {
···
394
fn format_sync_event_with_prefetched(
395
event: &SequencedEvent,
396
prefetched: &HashMap<Cid, Bytes>,
397
+
) -> Result<Vec<u8>, SyncFrameError> {
398
let commit_cid_str = event
399
.commit_cid
400
.as_ref()
401
+
.ok_or(SyncFrameError::MissingCommitCid)?;
402
let commit_cid = Cid::from_str(commit_cid_str)?;
403
let commit_bytes = prefetched
404
.get(&commit_cid)
405
+
.ok_or(SyncFrameError::CommitBlockNotFound)?;
406
let rev = if let Some(ref stored_rev) = event.rev {
407
stored_rev.clone()
408
} else {
409
+
extract_rev_from_commit_bytes(commit_bytes).ok_or(SyncFrameError::RevExtraction)?
410
};
411
let car_bytes = futures::executor::block_on(write_car_blocks(
412
commit_cid,
···
414
BTreeMap::new(),
415
))?;
416
let frame = SyncFrame {
417
+
did: event.did.clone(),
418
rev,
419
blocks: car_bytes,
420
seq: event.seq.as_i64(),
···
422
};
423
let header = FrameHeader {
424
op: 1,
425
+
t: FrameType::Sync,
426
};
427
let mut bytes = Vec::new();
428
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
433
pub async fn format_event_with_prefetched_blocks(
434
event: SequencedEvent,
435
prefetched: &HashMap<Cid, Bytes>,
436
+
) -> Result<Vec<u8>, SyncFrameError> {
437
match event.event_type {
438
RepoEventType::Identity => return format_identity_event(&event),
439
RepoEventType::Account => return format_account_event(&event),
···
443
let block_cids_str = event.blocks_cids.clone().unwrap_or_default();
444
let prev_cid_link = event.prev_cid.clone();
445
let prev_data_cid_link = event.prev_data_cid.clone();
446
+
let mut frame: CommitFrame =
447
+
event
448
+
.try_into()
449
+
.map_err(|e: crate::sync::frame::CommitFrameError| {
450
+
SyncFrameError::InvalidEvent(e.to_string())
451
+
})?;
452
if let Some(ref pdc) = prev_data_cid_link
453
&& let Ok(cid) = Cid::from_str(pdc.as_str())
454
{
···
491
frame.blocks = car_bytes;
492
let header = FrameHeader {
493
op: 1,
494
+
t: FrameType::Commit,
495
};
496
let mut bytes = Vec::with_capacity(frame.blocks.len() + 512);
497
serde_ipld_dagcbor::to_writer(&mut bytes, &header)?;
···
499
Ok(bytes)
500
}
501
502
+
pub fn format_info_frame(
503
+
name: InfoFrameName,
504
+
message: Option<&str>,
505
+
) -> Result<Vec<u8>, SyncFrameError> {
506
let header = FrameHeader {
507
op: 1,
508
+
t: FrameType::Info,
509
};
510
let frame = InfoFrame {
511
+
name,
512
message: message.map(String::from),
513
};
514
let mut bytes = Vec::with_capacity(128);
···
517
Ok(bytes)
518
}
519
520
+
pub fn format_error_frame(
521
+
error: ErrorFrameName,
522
+
message: Option<&str>,
523
+
) -> Result<Vec<u8>, SyncFrameError> {
524
let header = ErrorFrameHeader { op: -1 };
525
let frame = ErrorFrameBody {
526
+
error,
527
message: message.map(String::from),
528
};
529
let mut bytes = Vec::with_capacity(128);
+21
-19
crates/tranquil-pds/src/sync/verify.rs
+21
-19
crates/tranquil-pds/src/sync/verify.rs
···
8
use std::collections::HashMap;
9
use thiserror::Error;
10
use tracing::{debug, warn};
11
12
#[derive(Error, Debug)]
13
pub enum VerifyError {
···
57
58
pub async fn verify_car(
59
&self,
60
-
expected_did: &str,
61
root_cid: &Cid,
62
blocks: &HashMap<Cid, Bytes>,
63
) -> Result<VerifiedCar, VerifyError> {
···
67
let commit =
68
Commit::from_cbor(root_block).map_err(|e| VerifyError::InvalidCommit(e.to_string()))?;
69
let commit_did = commit.did().as_str();
70
-
if commit_did != expected_did {
71
return Err(VerifyError::DidMismatch {
72
commit_did: commit_did.to_string(),
73
expected_did: expected_did.to_string(),
74
});
75
}
76
-
let pubkey = self.resolve_did_signing_key(commit_did).await?;
77
commit
78
.verify(&pubkey)
79
.map_err(|_| VerifyError::InvalidSignature)?;
80
-
debug!("Commit signature verified for DID {}", commit_did);
81
let data_cid = commit.data();
82
self.verify_mst_structure(data_cid, blocks)?;
83
-
debug!("MST structure verified for DID {}", commit_did);
84
Ok(VerifiedCar {
85
-
did: commit_did.to_string(),
86
rev: commit.rev().to_string(),
87
data_cid: *data_cid,
88
prev: commit.prev().cloned(),
···
91
92
pub fn verify_car_structure_only(
93
&self,
94
-
expected_did: &str,
95
root_cid: &Cid,
96
blocks: &HashMap<Cid, Bytes>,
97
) -> Result<VerifiedCar, VerifyError> {
···
101
let commit =
102
Commit::from_cbor(root_block).map_err(|e| VerifyError::InvalidCommit(e.to_string()))?;
103
let commit_did = commit.did().as_str();
104
-
if commit_did != expected_did {
105
return Err(VerifyError::DidMismatch {
106
commit_did: commit_did.to_string(),
107
expected_did: expected_did.to_string(),
···
111
self.verify_mst_structure(data_cid, blocks)?;
112
debug!(
113
"MST structure verified for DID {} (signature verification skipped for migration)",
114
-
commit_did
115
);
116
Ok(VerifiedCar {
117
-
did: commit_did.to_string(),
118
rev: commit.rev().to_string(),
119
data_cid: *data_cid,
120
prev: commit.prev().cloned(),
121
})
122
}
123
124
-
async fn resolve_did_signing_key(&self, did: &str) -> Result<PublicKey<'static>, VerifyError> {
125
let did_doc = self.resolve_did_document(did).await?;
126
did_doc
127
.atproto_public_key()
···
129
.ok_or(VerifyError::NoSigningKey)
130
}
131
132
-
async fn resolve_did_document(&self, did: &str) -> Result<DidDocument<'static>, VerifyError> {
133
-
if did.starts_with("did:plc:") {
134
-
self.resolve_plc_did(did).await
135
-
} else if did.starts_with("did:web:") {
136
-
self.resolve_web_did(did).await
137
} else {
138
Err(VerifyError::DidResolutionFailed(format!(
139
"Unsupported DID method: {}",
140
-
did
141
)))
142
}
143
}
···
239
let prefix_len = entry_obj
240
.get("p")
241
.and_then(|p| match p {
242
-
Ipld::Integer(i) => Some(*i as usize),
243
_ => None,
244
})
245
.unwrap_or(0);
···
294
295
#[derive(Debug, Clone)]
296
pub struct VerifiedCar {
297
-
pub did: String,
298
pub rev: String,
299
pub data_cid: Cid,
300
pub prev: Option<Cid>,
···
8
use std::collections::HashMap;
9
use thiserror::Error;
10
use tracing::{debug, warn};
11
+
use tranquil_types::Did;
12
13
#[derive(Error, Debug)]
14
pub enum VerifyError {
···
58
59
pub async fn verify_car(
60
&self,
61
+
expected_did: &Did,
62
root_cid: &Cid,
63
blocks: &HashMap<Cid, Bytes>,
64
) -> Result<VerifiedCar, VerifyError> {
···
68
let commit =
69
Commit::from_cbor(root_block).map_err(|e| VerifyError::InvalidCommit(e.to_string()))?;
70
let commit_did = commit.did().as_str();
71
+
if commit_did != expected_did.as_str() {
72
return Err(VerifyError::DidMismatch {
73
commit_did: commit_did.to_string(),
74
expected_did: expected_did.to_string(),
75
});
76
}
77
+
let pubkey = self.resolve_did_signing_key(expected_did).await?;
78
commit
79
.verify(&pubkey)
80
.map_err(|_| VerifyError::InvalidSignature)?;
81
+
debug!("Commit signature verified for DID {}", expected_did);
82
let data_cid = commit.data();
83
self.verify_mst_structure(data_cid, blocks)?;
84
+
debug!("MST structure verified for DID {}", expected_did);
85
Ok(VerifiedCar {
86
+
did: expected_did.clone(),
87
rev: commit.rev().to_string(),
88
data_cid: *data_cid,
89
prev: commit.prev().cloned(),
···
92
93
pub fn verify_car_structure_only(
94
&self,
95
+
expected_did: &Did,
96
root_cid: &Cid,
97
blocks: &HashMap<Cid, Bytes>,
98
) -> Result<VerifiedCar, VerifyError> {
···
102
let commit =
103
Commit::from_cbor(root_block).map_err(|e| VerifyError::InvalidCommit(e.to_string()))?;
104
let commit_did = commit.did().as_str();
105
+
if commit_did != expected_did.as_str() {
106
return Err(VerifyError::DidMismatch {
107
commit_did: commit_did.to_string(),
108
expected_did: expected_did.to_string(),
···
112
self.verify_mst_structure(data_cid, blocks)?;
113
debug!(
114
"MST structure verified for DID {} (signature verification skipped for migration)",
115
+
expected_did
116
);
117
Ok(VerifiedCar {
118
+
did: expected_did.clone(),
119
rev: commit.rev().to_string(),
120
data_cid: *data_cid,
121
prev: commit.prev().cloned(),
122
})
123
}
124
125
+
async fn resolve_did_signing_key(&self, did: &Did) -> Result<PublicKey<'static>, VerifyError> {
126
let did_doc = self.resolve_did_document(did).await?;
127
did_doc
128
.atproto_public_key()
···
130
.ok_or(VerifyError::NoSigningKey)
131
}
132
133
+
async fn resolve_did_document(&self, did: &Did) -> Result<DidDocument<'static>, VerifyError> {
134
+
let did_str = did.as_str();
135
+
if did_str.starts_with("did:plc:") {
136
+
self.resolve_plc_did(did_str).await
137
+
} else if did_str.starts_with("did:web:") {
138
+
self.resolve_web_did(did_str).await
139
} else {
140
Err(VerifyError::DidResolutionFailed(format!(
141
"Unsupported DID method: {}",
142
+
did_str
143
)))
144
}
145
}
···
241
let prefix_len = entry_obj
242
.get("p")
243
.and_then(|p| match p {
244
+
Ipld::Integer(i) => usize::try_from(*i).ok(),
245
_ => None,
246
})
247
.unwrap_or(0);
···
296
297
#[derive(Debug, Clone)]
298
pub struct VerifiedCar {
299
+
pub did: Did,
300
pub rev: String,
301
pub data_cid: Cid,
302
pub prev: Option<Cid>,
+2
-1
crates/tranquil-pds/src/sync/verify_tests.rs
+2
-1
crates/tranquil-pds/src/sync/verify_tests.rs
···
225
#[tokio::test]
226
async fn test_unsupported_did_method() {
227
let verifier = CarVerifier::new();
228
-
let result = verifier.resolve_did_document("did:unknown:test").await;
229
assert!(result.is_err());
230
let err = result.unwrap_err();
231
assert!(matches!(err, VerifyError::DidResolutionFailed(_)));
···
225
#[tokio::test]
226
async fn test_unsupported_did_method() {
227
let verifier = CarVerifier::new();
228
+
let did: tranquil_types::Did = "did:unknown:test".parse().expect("valid DID format");
229
+
let result = verifier.resolve_did_document(&did).await;
230
assert!(result.is_err());
231
let err = result.unwrap_err();
232
assert!(matches!(err, VerifyError::DidResolutionFailed(_)));
+6
crates/tranquil-pds/src/types.rs
+6
crates/tranquil-pds/src/types.rs
+46
-3
crates/tranquil-pds/src/util.rs
+46
-3
crates/tranquil-pds/src/util.rs
···
1
-
use axum::http::HeaderMap;
2
use cid::Cid;
3
use ipld_core::ipld::Ipld;
4
use rand::Rng;
···
76
.unwrap_or_default()
77
}
78
79
-
pub fn get_header_str<'a>(headers: &'a HeaderMap, name: &str) -> Option<&'a str> {
80
headers.get(name).and_then(|h| h.to_str().ok())
81
}
82
···
140
TELEGRAM_BOT_USERNAME.get().map(|s| s.as_str())
141
}
142
143
pub fn pds_public_url() -> String {
144
format!("https://{}", pds_hostname())
145
}
···
163
JsonValue::Bool(b) => Ipld::Bool(*b),
164
JsonValue::Number(n) => {
165
if let Some(i) = n.as_i64() {
166
-
Ipld::Integer(i as i128)
167
} else if let Some(f) = n.as_f64() {
168
Ipld::Float(f)
169
} else {
···
352
return;
353
}
354
panic!("Failed to find CID link in parsed CBOR");
355
}
356
357
#[test]
···
1
+
use axum::http::{HeaderMap, HeaderName};
2
use cid::Cid;
3
use ipld_core::ipld::Ipld;
4
use rand::Rng;
···
76
.unwrap_or_default()
77
}
78
79
+
pub const HEADER_DPOP: HeaderName = HeaderName::from_static("dpop");
80
+
pub const HEADER_DPOP_NONCE: HeaderName = HeaderName::from_static("dpop-nonce");
81
+
pub const HEADER_ATPROTO_PROXY: HeaderName = HeaderName::from_static("atproto-proxy");
82
+
pub const HEADER_ATPROTO_ACCEPT_LABELERS: HeaderName =
83
+
HeaderName::from_static("atproto-accept-labelers");
84
+
pub const HEADER_ATPROTO_REPO_REV: HeaderName = HeaderName::from_static("atproto-repo-rev");
85
+
pub const HEADER_ATPROTO_CONTENT_LABELERS: HeaderName =
86
+
HeaderName::from_static("atproto-content-labelers");
87
+
pub const HEADER_X_BSKY_TOPICS: HeaderName = HeaderName::from_static("x-bsky-topics");
88
+
89
+
pub fn get_header_str(
90
+
headers: &HeaderMap,
91
+
name: impl axum::http::header::AsHeaderName,
92
+
) -> Option<&str> {
93
headers.get(name).and_then(|h| h.to_str().ok())
94
}
95
···
153
TELEGRAM_BOT_USERNAME.get().map(|s| s.as_str())
154
}
155
156
+
pub fn parse_env_bool(key: &str) -> bool {
157
+
std::env::var(key)
158
+
.map(|v| v == "true" || v == "1")
159
+
.unwrap_or(false)
160
+
}
161
+
162
pub fn pds_public_url() -> String {
163
format!("https://{}", pds_hostname())
164
}
···
182
JsonValue::Bool(b) => Ipld::Bool(*b),
183
JsonValue::Number(n) => {
184
if let Some(i) = n.as_i64() {
185
+
Ipld::Integer(i128::from(i))
186
} else if let Some(f) = n.as_f64() {
187
Ipld::Float(f)
188
} else {
···
371
return;
372
}
373
panic!("Failed to find CID link in parsed CBOR");
374
+
}
375
+
376
+
#[test]
377
+
fn test_parse_env_bool_true_values() {
378
+
unsafe { std::env::set_var("TEST_PARSE_ENV_BOOL_1", "true") };
379
+
assert!(parse_env_bool("TEST_PARSE_ENV_BOOL_1"));
380
+
unsafe { std::env::set_var("TEST_PARSE_ENV_BOOL_1", "1") };
381
+
assert!(parse_env_bool("TEST_PARSE_ENV_BOOL_1"));
382
+
}
383
+
384
+
#[test]
385
+
fn test_parse_env_bool_false_values() {
386
+
unsafe { std::env::set_var("TEST_PARSE_ENV_BOOL_2", "false") };
387
+
assert!(!parse_env_bool("TEST_PARSE_ENV_BOOL_2"));
388
+
unsafe { std::env::set_var("TEST_PARSE_ENV_BOOL_2", "0") };
389
+
assert!(!parse_env_bool("TEST_PARSE_ENV_BOOL_2"));
390
+
unsafe { std::env::set_var("TEST_PARSE_ENV_BOOL_2", "yes") };
391
+
assert!(!parse_env_bool("TEST_PARSE_ENV_BOOL_2"));
392
+
}
393
+
394
+
#[test]
395
+
fn test_parse_env_bool_unset() {
396
+
unsafe { std::env::remove_var("TEST_PARSE_ENV_BOOL_UNSET_KEY") };
397
+
assert!(!parse_env_bool("TEST_PARSE_ENV_BOOL_UNSET_KEY"));
398
}
399
400
#[test]
+2
-1
crates/tranquil-pds/src/validation/mod.rs
+2
-1
crates/tranquil-pds/src/validation/mod.rs
+2
-10
crates/tranquil-pds/tests/account_notifications.rs
+2
-10
crates/tranquil-pds/tests/account_notifications.rs
···
112
.send()
113
.await
114
.unwrap();
115
-
assert!(
116
-
resp.status() == 400 || resp.status() == 422,
117
-
"Expected 400 or 422, got {}",
118
-
resp.status()
119
-
);
120
}
121
122
#[tokio::test]
···
137
.send()
138
.await
139
.unwrap();
140
-
assert!(
141
-
resp.status() == 400 || resp.status() == 422,
142
-
"Expected 400 or 422, got {}",
143
-
resp.status()
144
-
);
145
}
146
147
#[tokio::test]
+3
-1
crates/tranquil-pds/tests/commit_signing.rs
+3
-1
crates/tranquil-pds/tests/commit_signing.rs
···
99
use tranquil_pds::api::repo::record::utils::create_signed_commit;
100
101
let signing_key = SigningKey::random(&mut rand::thread_rng());
102
-
let did = unsafe { Did::new_unchecked("did:plc:testuser123456789abcdef") };
103
let data_cid =
104
Cid::from_str("bafyreib2rxk3ryblouj3fxza5jvx6psmwewwessc4m6g6e7pqhhkwqomfi").unwrap();
105
let rev = Tid::now(LimitedU32::MIN).to_string();
···
99
use tranquil_pds::api::repo::record::utils::create_signed_commit;
100
101
let signing_key = SigningKey::random(&mut rand::thread_rng());
102
+
let did: Did = "did:plc:testuser123456789abcdef"
103
+
.parse()
104
+
.expect("valid test DID");
105
let data_cid =
106
Cid::from_str("bafyreib2rxk3ryblouj3fxza5jvx6psmwewwessc4m6g6e7pqhhkwqomfi").unwrap();
107
let rev = Tid::now(LimitedU32::MIN).to_string();
+4
-1
crates/tranquil-pds/tests/common/mod.rs
+4
-1
crates/tranquil-pds/tests/common/mod.rs
+3
-3
crates/tranquil-pds/tests/delete_account.rs
+3
-3
crates/tranquil-pds/tests/delete_account.rs
···
365
.send()
366
.await
367
.expect("Failed to send request");
368
-
assert_eq!(res1.status(), StatusCode::UNPROCESSABLE_ENTITY);
369
let res2 = client
370
.post(format!(
371
"{}/xrpc/com.atproto.server.deleteAccount",
···
378
.send()
379
.await
380
.expect("Failed to send request");
381
-
assert_eq!(res2.status(), StatusCode::UNPROCESSABLE_ENTITY);
382
let res3 = client
383
.post(format!(
384
"{}/xrpc/com.atproto.server.deleteAccount",
···
391
.send()
392
.await
393
.expect("Failed to send request");
394
-
assert_eq!(res3.status(), StatusCode::UNPROCESSABLE_ENTITY);
395
}
396
397
#[tokio::test]
···
365
.send()
366
.await
367
.expect("Failed to send request");
368
+
assert_eq!(res1.status(), StatusCode::BAD_REQUEST);
369
let res2 = client
370
.post(format!(
371
"{}/xrpc/com.atproto.server.deleteAccount",
···
378
.send()
379
.await
380
.expect("Failed to send request");
381
+
assert_eq!(res2.status(), StatusCode::BAD_REQUEST);
382
let res3 = client
383
.post(format!(
384
"{}/xrpc/com.atproto.server.deleteAccount",
···
391
.send()
392
.await
393
.expect("Failed to send request");
394
+
assert_eq!(res3.status(), StatusCode::BAD_REQUEST);
395
}
396
397
#[tokio::test]
+439
crates/tranquil-pds/tests/firehose/mod.rs
+439
crates/tranquil-pds/tests/firehose/mod.rs
···
···
1
+
use cid::Cid;
2
+
use futures::stream::StreamExt;
3
+
use serde::Deserialize;
4
+
use std::sync::{Arc, Mutex};
5
+
use tokio::task::JoinHandle;
6
+
use tokio_tungstenite::{connect_async, tungstenite};
7
+
use tokio_util::sync::CancellationToken;
8
+
use tranquil_scopes::RepoAction;
9
+
10
+
#[derive(Debug)]
11
+
pub enum FirehoseFrame {
12
+
Commit(Box<ParsedCommitFrame>),
13
+
Identity(IdentityData),
14
+
Account(AccountData),
15
+
Info(InfoData),
16
+
Error(ErrorData),
17
+
Unknown(Vec<u8>),
18
+
}
19
+
20
+
#[allow(dead_code)]
21
+
#[derive(Debug, Clone)]
22
+
pub struct ParsedCommitFrame {
23
+
pub seq: i64,
24
+
pub repo: String,
25
+
pub commit: Cid,
26
+
pub rev: String,
27
+
pub since: Option<String>,
28
+
pub blocks: Vec<u8>,
29
+
pub ops: Vec<ParsedRepoOp>,
30
+
pub blobs: Vec<Cid>,
31
+
pub time: String,
32
+
pub prev_data: Option<Cid>,
33
+
}
34
+
35
+
#[derive(Debug, Clone)]
36
+
pub struct ParsedRepoOp {
37
+
pub action: RepoAction,
38
+
pub path: String,
39
+
pub cid: Option<Cid>,
40
+
pub prev: Option<Cid>,
41
+
}
42
+
43
+
#[allow(dead_code)]
44
+
#[derive(Debug, Clone)]
45
+
pub struct IdentityData {
46
+
pub did: String,
47
+
pub seq: i64,
48
+
}
49
+
50
+
#[allow(dead_code)]
51
+
#[derive(Debug, Clone)]
52
+
pub struct AccountData {
53
+
pub did: String,
54
+
pub seq: i64,
55
+
pub active: bool,
56
+
}
57
+
58
+
#[allow(dead_code)]
59
+
#[derive(Debug, Clone)]
60
+
pub struct InfoData {
61
+
pub name: String,
62
+
pub message: Option<String>,
63
+
}
64
+
65
+
#[allow(dead_code)]
66
+
#[derive(Debug, Clone)]
67
+
pub struct ErrorData {
68
+
pub error: String,
69
+
pub message: Option<String>,
70
+
}
71
+
72
+
#[derive(Debug, Deserialize)]
73
+
struct RawFrameHeader {
74
+
op: i64,
75
+
#[serde(default)]
76
+
t: Option<String>,
77
+
}
78
+
79
+
#[derive(Debug, Deserialize)]
80
+
struct RawCommitBody {
81
+
seq: i64,
82
+
repo: String,
83
+
commit: Cid,
84
+
rev: String,
85
+
since: Option<String>,
86
+
#[serde(with = "serde_bytes")]
87
+
blocks: Vec<u8>,
88
+
ops: Vec<RawOp>,
89
+
#[serde(default)]
90
+
blobs: Vec<Cid>,
91
+
time: String,
92
+
#[serde(rename = "prevData")]
93
+
prev_data: Option<Cid>,
94
+
}
95
+
96
+
#[derive(Debug, Deserialize)]
97
+
struct RawOp {
98
+
action: RepoAction,
99
+
path: String,
100
+
cid: Option<Cid>,
101
+
prev: Option<Cid>,
102
+
}
103
+
104
+
#[derive(Debug, Deserialize)]
105
+
struct RawIdentityBody {
106
+
did: String,
107
+
seq: i64,
108
+
}
109
+
110
+
#[derive(Debug, Deserialize)]
111
+
struct RawAccountBody {
112
+
did: String,
113
+
seq: i64,
114
+
active: bool,
115
+
}
116
+
117
+
#[derive(Debug, Deserialize)]
118
+
struct RawInfoBody {
119
+
name: String,
120
+
message: Option<String>,
121
+
}
122
+
123
+
#[derive(Debug, Deserialize)]
124
+
struct RawErrorBody {
125
+
error: String,
126
+
message: Option<String>,
127
+
}
128
+
129
+
pub struct FirehoseConsumer {
130
+
frames: Arc<Mutex<Vec<FirehoseFrame>>>,
131
+
cancel: CancellationToken,
132
+
handle: JoinHandle<()>,
133
+
}
134
+
135
+
impl FirehoseConsumer {
136
+
pub async fn connect(port: u16) -> Self {
137
+
Self::connect_inner(port, None).await
138
+
}
139
+
140
+
pub async fn connect_with_cursor(port: u16, cursor: i64) -> Self {
141
+
Self::connect_inner(port, Some(cursor)).await
142
+
}
143
+
144
+
async fn connect_inner(port: u16, cursor: Option<i64>) -> Self {
145
+
let url = match cursor {
146
+
Some(c) => format!(
147
+
"ws://127.0.0.1:{}/xrpc/com.atproto.sync.subscribeRepos?cursor={}",
148
+
port, c
149
+
),
150
+
None => format!(
151
+
"ws://127.0.0.1:{}/xrpc/com.atproto.sync.subscribeRepos",
152
+
port
153
+
),
154
+
};
155
+
let (ws_stream, _) = connect_async(&url)
156
+
.await
157
+
.expect("Failed to connect to firehose");
158
+
let frames: Arc<Mutex<Vec<FirehoseFrame>>> = Arc::new(Mutex::new(Vec::new()));
159
+
let cancel = CancellationToken::new();
160
+
161
+
let frames_clone = frames.clone();
162
+
let cancel_clone = cancel.clone();
163
+
164
+
let handle = tokio::spawn(async move {
165
+
let (_, mut read) = ws_stream.split();
166
+
loop {
167
+
tokio::select! {
168
+
_ = cancel_clone.cancelled() => break,
169
+
msg = read.next() => {
170
+
match msg {
171
+
Some(Ok(tungstenite::Message::Binary(bin))) => {
172
+
let frame = parse_frame_bytes(&bin);
173
+
frames_clone.lock().unwrap().push(frame);
174
+
}
175
+
Some(Ok(tungstenite::Message::Close(_))) | None => break,
176
+
_ => {}
177
+
}
178
+
}
179
+
}
180
+
}
181
+
});
182
+
183
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
184
+
185
+
Self {
186
+
frames,
187
+
cancel,
188
+
handle,
189
+
}
190
+
}
191
+
192
+
pub async fn wait_for_commits(
193
+
&self,
194
+
did: &str,
195
+
count: usize,
196
+
timeout: std::time::Duration,
197
+
) -> Vec<ParsedCommitFrame> {
198
+
let deadline = tokio::time::Instant::now() + timeout;
199
+
loop {
200
+
let matching: Vec<ParsedCommitFrame> = self
201
+
.frames
202
+
.lock()
203
+
.unwrap()
204
+
.iter()
205
+
.filter_map(|f| match f {
206
+
FirehoseFrame::Commit(c) if c.repo == did => Some(ParsedCommitFrame::clone(c)),
207
+
_ => None,
208
+
})
209
+
.collect();
210
+
if matching.len() >= count {
211
+
return matching;
212
+
}
213
+
if tokio::time::Instant::now() >= deadline {
214
+
panic!(
215
+
"Timed out waiting for {} commits for DID {}, got {}",
216
+
count,
217
+
did,
218
+
matching.len()
219
+
);
220
+
}
221
+
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
222
+
}
223
+
}
224
+
225
+
#[allow(dead_code)]
226
+
pub fn all_frames(&self) -> Vec<FirehoseFrame> {
227
+
self.frames.lock().unwrap().drain(..).collect()
228
+
}
229
+
230
+
pub fn all_commits(&self) -> Vec<ParsedCommitFrame> {
231
+
self.frames
232
+
.lock()
233
+
.unwrap()
234
+
.iter()
235
+
.filter_map(|f| match f {
236
+
FirehoseFrame::Commit(c) => Some(ParsedCommitFrame::clone(c)),
237
+
_ => None,
238
+
})
239
+
.collect()
240
+
}
241
+
}
242
+
243
+
impl Drop for FirehoseConsumer {
244
+
fn drop(&mut self) {
245
+
self.cancel.cancel();
246
+
self.handle.abort();
247
+
}
248
+
}
249
+
250
+
impl Clone for FirehoseFrame {
251
+
fn clone(&self) -> Self {
252
+
match self {
253
+
Self::Commit(c) => Self::Commit(c.clone()),
254
+
Self::Identity(i) => Self::Identity(i.clone()),
255
+
Self::Account(a) => Self::Account(a.clone()),
256
+
Self::Info(i) => Self::Info(i.clone()),
257
+
Self::Error(e) => Self::Error(e.clone()),
258
+
Self::Unknown(b) => Self::Unknown(b.clone()),
259
+
}
260
+
}
261
+
}
262
+
263
+
fn find_cbor_map_end(bytes: &[u8]) -> Result<usize, String> {
264
+
let mut pos = 0;
265
+
266
+
fn read_uint(bytes: &[u8], pos: &mut usize, additional: u8) -> Result<u64, String> {
267
+
match additional {
268
+
0..=23 => Ok(additional as u64),
269
+
24 => {
270
+
if *pos >= bytes.len() {
271
+
return Err("Unexpected end".into());
272
+
}
273
+
let val = bytes[*pos] as u64;
274
+
*pos += 1;
275
+
Ok(val)
276
+
}
277
+
25 => {
278
+
if *pos + 2 > bytes.len() {
279
+
return Err("Unexpected end".into());
280
+
}
281
+
let val = u16::from_be_bytes([bytes[*pos], bytes[*pos + 1]]) as u64;
282
+
*pos += 2;
283
+
Ok(val)
284
+
}
285
+
26 => {
286
+
if *pos + 4 > bytes.len() {
287
+
return Err("Unexpected end".into());
288
+
}
289
+
let val = u32::from_be_bytes([
290
+
bytes[*pos],
291
+
bytes[*pos + 1],
292
+
bytes[*pos + 2],
293
+
bytes[*pos + 3],
294
+
]) as u64;
295
+
*pos += 4;
296
+
Ok(val)
297
+
}
298
+
27 => {
299
+
if *pos + 8 > bytes.len() {
300
+
return Err("Unexpected end".into());
301
+
}
302
+
let val = u64::from_be_bytes([
303
+
bytes[*pos],
304
+
bytes[*pos + 1],
305
+
bytes[*pos + 2],
306
+
bytes[*pos + 3],
307
+
bytes[*pos + 4],
308
+
bytes[*pos + 5],
309
+
bytes[*pos + 6],
310
+
bytes[*pos + 7],
311
+
]);
312
+
*pos += 8;
313
+
Ok(val)
314
+
}
315
+
_ => Err(format!("Invalid additional info: {}", additional)),
316
+
}
317
+
}
318
+
319
+
fn skip_value(bytes: &[u8], pos: &mut usize) -> Result<(), String> {
320
+
if *pos >= bytes.len() {
321
+
return Err("Unexpected end".into());
322
+
}
323
+
let initial = bytes[*pos];
324
+
*pos += 1;
325
+
let major = initial >> 5;
326
+
let additional = initial & 0x1f;
327
+
328
+
match major {
329
+
0 | 1 => {
330
+
read_uint(bytes, pos, additional)?;
331
+
Ok(())
332
+
}
333
+
2 | 3 => {
334
+
let len = read_uint(bytes, pos, additional)? as usize;
335
+
*pos += len;
336
+
Ok(())
337
+
}
338
+
4 => {
339
+
let len = read_uint(bytes, pos, additional)?;
340
+
(0..len).try_for_each(|_| skip_value(bytes, pos))
341
+
}
342
+
5 => {
343
+
let len = read_uint(bytes, pos, additional)?;
344
+
(0..len).try_for_each(|_| {
345
+
skip_value(bytes, pos)?;
346
+
skip_value(bytes, pos)
347
+
})
348
+
}
349
+
6 => {
350
+
read_uint(bytes, pos, additional)?;
351
+
skip_value(bytes, pos)
352
+
}
353
+
7 => Ok(()),
354
+
_ => Err(format!("Unknown major type: {}", major)),
355
+
}
356
+
}
357
+
358
+
skip_value(bytes, &mut pos)?;
359
+
Ok(pos)
360
+
}
361
+
362
+
pub fn parse_frame_bytes(raw: &[u8]) -> FirehoseFrame {
363
+
let header_end = match find_cbor_map_end(raw) {
364
+
Ok(e) => e,
365
+
Err(_) => return FirehoseFrame::Unknown(raw.to_vec()),
366
+
};
367
+
368
+
let header: RawFrameHeader = match serde_ipld_dagcbor::from_slice(&raw[..header_end]) {
369
+
Ok(h) => h,
370
+
Err(_) => return FirehoseFrame::Unknown(raw.to_vec()),
371
+
};
372
+
373
+
let body = &raw[header_end..];
374
+
375
+
if header.op == -1 {
376
+
return serde_ipld_dagcbor::from_slice::<RawErrorBody>(body)
377
+
.map(|b| {
378
+
FirehoseFrame::Error(ErrorData {
379
+
error: b.error,
380
+
message: b.message,
381
+
})
382
+
})
383
+
.unwrap_or_else(|_| FirehoseFrame::Unknown(raw.to_vec()));
384
+
}
385
+
386
+
match header.t.as_deref() {
387
+
Some("#commit") => serde_ipld_dagcbor::from_slice::<RawCommitBody>(body)
388
+
.map(|b| {
389
+
FirehoseFrame::Commit(Box::new(ParsedCommitFrame {
390
+
seq: b.seq,
391
+
repo: b.repo,
392
+
commit: b.commit,
393
+
rev: b.rev,
394
+
since: b.since,
395
+
blocks: b.blocks,
396
+
ops: b
397
+
.ops
398
+
.into_iter()
399
+
.map(|op| ParsedRepoOp {
400
+
action: op.action,
401
+
path: op.path,
402
+
cid: op.cid,
403
+
prev: op.prev,
404
+
})
405
+
.collect(),
406
+
blobs: b.blobs,
407
+
time: b.time,
408
+
prev_data: b.prev_data,
409
+
}))
410
+
})
411
+
.unwrap_or_else(|_| FirehoseFrame::Unknown(raw.to_vec())),
412
+
Some("#identity") => serde_ipld_dagcbor::from_slice::<RawIdentityBody>(body)
413
+
.map(|b| {
414
+
FirehoseFrame::Identity(IdentityData {
415
+
did: b.did,
416
+
seq: b.seq,
417
+
})
418
+
})
419
+
.unwrap_or_else(|_| FirehoseFrame::Unknown(raw.to_vec())),
420
+
Some("#account") => serde_ipld_dagcbor::from_slice::<RawAccountBody>(body)
421
+
.map(|b| {
422
+
FirehoseFrame::Account(AccountData {
423
+
did: b.did,
424
+
seq: b.seq,
425
+
active: b.active,
426
+
})
427
+
})
428
+
.unwrap_or_else(|_| FirehoseFrame::Unknown(raw.to_vec())),
429
+
Some("#info") => serde_ipld_dagcbor::from_slice::<RawInfoBody>(body)
430
+
.map(|b| {
431
+
FirehoseFrame::Info(InfoData {
432
+
name: b.name,
433
+
message: b.message,
434
+
})
435
+
})
436
+
.unwrap_or_else(|_| FirehoseFrame::Unknown(raw.to_vec())),
437
+
_ => FirehoseFrame::Unknown(raw.to_vec()),
438
+
}
439
+
}
+2
-2
crates/tranquil-pds/tests/identity.rs
+2
-2
crates/tranquil-pds/tests/identity.rs
···
547
.send()
548
.await
549
.expect("Failed to send request");
550
-
assert_eq!(res.status(), StatusCode::UNPROCESSABLE_ENTITY);
551
}
552
553
#[tokio::test]
···
582
.send()
583
.await
584
.expect("Failed to send request");
585
-
assert_eq!(res.status(), StatusCode::UNPROCESSABLE_ENTITY);
586
}
587
588
#[tokio::test]
···
547
.send()
548
.await
549
.expect("Failed to send request");
550
+
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
551
}
552
553
#[tokio::test]
···
582
.send()
583
.await
584
.expect("Failed to send request");
585
+
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
586
}
587
588
#[tokio::test]
+28
-25
crates/tranquil-pds/tests/jwt_security.rs
+28
-25
crates/tranquil-pds/tests/jwt_security.rs
···
10
use serde_json::{Value, json};
11
use sha2::{Digest, Sha256};
12
use tranquil_pds::auth::{
13
-
self, SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED, SCOPE_REFRESH,
14
-
TOKEN_TYPE_ACCESS, TOKEN_TYPE_REFRESH, TOKEN_TYPE_SERVICE, create_access_token,
15
-
create_refresh_token, create_service_token, get_did_from_token, get_jti_from_token,
16
-
verify_access_token, verify_refresh_token, verify_token,
17
};
18
19
fn generate_user_key() -> Vec<u8> {
···
100
let key_bytes = generate_user_key();
101
let did = "did:plc:test";
102
103
-
let none_header = json!({ "alg": "none", "typ": TOKEN_TYPE_ACCESS });
104
let claims = json!({
105
"iss": did, "sub": did, "aud": "did:web:test.pds",
106
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
107
-
"jti": "attack-token", "scope": SCOPE_ACCESS
108
});
109
let none_token = create_unsigned_jwt(&none_header, &claims);
110
assert!(
···
112
"Algorithm 'none' must be rejected"
113
);
114
115
-
let hs256_header = json!({ "alg": "HS256", "typ": TOKEN_TYPE_ACCESS });
116
let header_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&hs256_header).unwrap());
117
let claims_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&claims).unwrap());
118
use hmac::{Hmac, Mac};
···
128
);
129
130
for (alg, sig_len) in [("RS256", 256), ("ES256", 64)] {
131
-
let header = json!({ "alg": alg, "typ": TOKEN_TYPE_ACCESS });
132
let header_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&header).unwrap());
133
let fake_sig = URL_SAFE_NO_PAD.encode(vec![1u8; sig_len]);
134
let token = format!("{}.{}.{}", header_b64, claims_b64, fake_sig);
···
179
fn test_scope_validation() {
180
let key_bytes = generate_user_key();
181
let did = "did:plc:test";
182
-
let header = json!({ "alg": "ES256K", "typ": TOKEN_TYPE_ACCESS });
183
184
let invalid_scope = json!({
185
"iss": did, "sub": did, "aud": "did:web:test.pds",
···
225
.is_err()
226
);
227
228
-
for scope in [SCOPE_ACCESS, SCOPE_APP_PASS, SCOPE_APP_PASS_PRIVILEGED] {
229
let claims = json!({
230
"iss": did, "sub": did, "aud": "did:web:test.pds",
231
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
···
240
let refresh_scope = json!({
241
"iss": did, "sub": did, "aud": "did:web:test.pds",
242
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
243
-
"jti": "test", "scope": SCOPE_REFRESH
244
});
245
assert!(
246
verify_access_token(
···
255
fn test_expiration_and_timing() {
256
let key_bytes = generate_user_key();
257
let did = "did:plc:test";
258
-
let header = json!({ "alg": "ES256K", "typ": TOKEN_TYPE_ACCESS });
259
let now = Utc::now().timestamp();
260
261
let expired = json!({
262
"iss": did, "sub": did, "aud": "did:web:test.pds",
263
-
"iat": now - 7200, "exp": now - 3600, "jti": "test", "scope": SCOPE_ACCESS
264
});
265
let result = verify_access_token(
266
&create_custom_jwt(&header, &expired, &key_bytes),
···
270
271
let future_iat = json!({
272
"iss": did, "sub": did, "aud": "did:web:test.pds",
273
-
"iat": now + 60, "exp": now + 7200, "jti": "test", "scope": SCOPE_ACCESS
274
});
275
assert!(
276
verify_access_token(
···
282
283
let just_expired = json!({
284
"iss": did, "sub": did, "aud": "did:web:test.pds",
285
-
"iat": now - 10, "exp": now - 1, "jti": "test", "scope": SCOPE_ACCESS
286
});
287
assert!(
288
verify_access_token(
···
294
295
let far_future = json!({
296
"iss": did, "sub": did, "aud": "did:web:test.pds",
297
-
"iat": now, "exp": i64::MAX, "jti": "test", "scope": SCOPE_ACCESS
298
});
299
let _ = verify_access_token(
300
&create_custom_jwt(&header, &far_future, &key_bytes),
···
303
304
let negative_iat = json!({
305
"iss": did, "sub": did, "aud": "did:web:test.pds",
306
-
"iat": -1000000000i64, "exp": now + 3600, "jti": "test", "scope": SCOPE_ACCESS
307
});
308
let _ = verify_access_token(
309
&create_custom_jwt(&header, &negative_iat, &key_bytes),
···
359
fn test_claim_validation() {
360
let key_bytes = generate_user_key();
361
let did = "did:plc:test";
362
-
let header = json!({ "alg": "ES256K", "typ": TOKEN_TYPE_ACCESS });
363
364
let missing_exp = json!({
365
"iss": did, "sub": did, "aud": "did:web:test",
366
-
"iat": Utc::now().timestamp(), "scope": SCOPE_ACCESS
367
});
368
assert!(
369
verify_access_token(
···
375
376
let missing_iat = json!({
377
"iss": did, "sub": did, "aud": "did:web:test",
378
-
"exp": Utc::now().timestamp() + 3600, "scope": SCOPE_ACCESS
379
});
380
assert!(
381
verify_access_token(
···
387
388
let missing_sub = json!({
389
"iss": did, "aud": "did:web:test",
390
-
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600, "scope": SCOPE_ACCESS
391
});
392
assert!(
393
verify_access_token(
···
399
400
let wrong_types = json!({
401
"iss": 12345, "sub": ["did:plc:test"], "aud": {"url": "did:web:test"},
402
-
"iat": "not a number", "exp": "also not a number", "jti": null, "scope": SCOPE_ACCESS
403
});
404
assert!(
405
verify_access_token(
···
412
let unicode_injection = json!({
413
"iss": "did:plc:test\u{0000}attacker", "sub": "did:plc:test\u{202E}rekatta",
414
"aud": "did:web:test.pds", "iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
415
-
"jti": "test", "scope": SCOPE_ACCESS
416
});
417
if let Ok(data) = verify_access_token(
418
&create_custom_jwt(&header, &unicode_injection, &key_bytes),
···
453
let did = "did:plc:test";
454
455
let header = json!({
456
-
"alg": "ES256K", "typ": TOKEN_TYPE_ACCESS,
457
"kid": "../../../../../../etc/passwd", "jku": "https://attacker.com/keys"
458
});
459
let claims = json!({
460
"iss": did, "sub": did, "aud": "did:web:test.pds",
461
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
462
-
"jti": "test", "scope": SCOPE_ACCESS
463
});
464
assert!(
465
verify_access_token(&create_custom_jwt(&header, &claims, &key_bytes), &key_bytes).is_ok()
···
10
use serde_json::{Value, json};
11
use sha2::{Digest, Sha256};
12
use tranquil_pds::auth::{
13
+
self, TokenScope, TokenType, create_access_token, create_refresh_token, create_service_token,
14
+
get_did_from_token, get_jti_from_token, verify_access_token, verify_refresh_token,
15
+
verify_token,
16
};
17
18
fn generate_user_key() -> Vec<u8> {
···
99
let key_bytes = generate_user_key();
100
let did = "did:plc:test";
101
102
+
let none_header = json!({ "alg": "none", "typ": TokenType::Access.as_str() });
103
let claims = json!({
104
"iss": did, "sub": did, "aud": "did:web:test.pds",
105
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
106
+
"jti": "attack-token", "scope": TokenScope::Access.as_str()
107
});
108
let none_token = create_unsigned_jwt(&none_header, &claims);
109
assert!(
···
111
"Algorithm 'none' must be rejected"
112
);
113
114
+
let hs256_header = json!({ "alg": "HS256", "typ": TokenType::Access.as_str() });
115
let header_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&hs256_header).unwrap());
116
let claims_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&claims).unwrap());
117
use hmac::{Hmac, Mac};
···
127
);
128
129
for (alg, sig_len) in [("RS256", 256), ("ES256", 64)] {
130
+
let header = json!({ "alg": alg, "typ": TokenType::Access.as_str() });
131
let header_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_string(&header).unwrap());
132
let fake_sig = URL_SAFE_NO_PAD.encode(vec![1u8; sig_len]);
133
let token = format!("{}.{}.{}", header_b64, claims_b64, fake_sig);
···
178
fn test_scope_validation() {
179
let key_bytes = generate_user_key();
180
let did = "did:plc:test";
181
+
let header = json!({ "alg": "ES256K", "typ": TokenType::Access.as_str() });
182
183
let invalid_scope = json!({
184
"iss": did, "sub": did, "aud": "did:web:test.pds",
···
224
.is_err()
225
);
226
227
+
for scope in [
228
+
TokenScope::Access.as_str(),
229
+
TokenScope::AppPass.as_str(),
230
+
TokenScope::AppPassPrivileged.as_str(),
231
+
] {
232
let claims = json!({
233
"iss": did, "sub": did, "aud": "did:web:test.pds",
234
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
···
243
let refresh_scope = json!({
244
"iss": did, "sub": did, "aud": "did:web:test.pds",
245
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
246
+
"jti": "test", "scope": TokenScope::Refresh.as_str()
247
});
248
assert!(
249
verify_access_token(
···
258
fn test_expiration_and_timing() {
259
let key_bytes = generate_user_key();
260
let did = "did:plc:test";
261
+
let header = json!({ "alg": "ES256K", "typ": TokenType::Access.as_str() });
262
let now = Utc::now().timestamp();
263
264
let expired = json!({
265
"iss": did, "sub": did, "aud": "did:web:test.pds",
266
+
"iat": now - 7200, "exp": now - 3600, "jti": "test", "scope": TokenScope::Access.as_str()
267
});
268
let result = verify_access_token(
269
&create_custom_jwt(&header, &expired, &key_bytes),
···
273
274
let future_iat = json!({
275
"iss": did, "sub": did, "aud": "did:web:test.pds",
276
+
"iat": now + 60, "exp": now + 7200, "jti": "test", "scope": TokenScope::Access.as_str()
277
});
278
assert!(
279
verify_access_token(
···
285
286
let just_expired = json!({
287
"iss": did, "sub": did, "aud": "did:web:test.pds",
288
+
"iat": now - 10, "exp": now - 1, "jti": "test", "scope": TokenScope::Access.as_str()
289
});
290
assert!(
291
verify_access_token(
···
297
298
let far_future = json!({
299
"iss": did, "sub": did, "aud": "did:web:test.pds",
300
+
"iat": now, "exp": i64::MAX, "jti": "test", "scope": TokenScope::Access.as_str()
301
});
302
let _ = verify_access_token(
303
&create_custom_jwt(&header, &far_future, &key_bytes),
···
306
307
let negative_iat = json!({
308
"iss": did, "sub": did, "aud": "did:web:test.pds",
309
+
"iat": -1000000000i64, "exp": now + 3600, "jti": "test", "scope": TokenScope::Access.as_str()
310
});
311
let _ = verify_access_token(
312
&create_custom_jwt(&header, &negative_iat, &key_bytes),
···
362
fn test_claim_validation() {
363
let key_bytes = generate_user_key();
364
let did = "did:plc:test";
365
+
let header = json!({ "alg": "ES256K", "typ": TokenType::Access.as_str() });
366
367
let missing_exp = json!({
368
"iss": did, "sub": did, "aud": "did:web:test",
369
+
"iat": Utc::now().timestamp(), "scope": TokenScope::Access.as_str()
370
});
371
assert!(
372
verify_access_token(
···
378
379
let missing_iat = json!({
380
"iss": did, "sub": did, "aud": "did:web:test",
381
+
"exp": Utc::now().timestamp() + 3600, "scope": TokenScope::Access.as_str()
382
});
383
assert!(
384
verify_access_token(
···
390
391
let missing_sub = json!({
392
"iss": did, "aud": "did:web:test",
393
+
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600, "scope": TokenScope::Access.as_str()
394
});
395
assert!(
396
verify_access_token(
···
402
403
let wrong_types = json!({
404
"iss": 12345, "sub": ["did:plc:test"], "aud": {"url": "did:web:test"},
405
+
"iat": "not a number", "exp": "also not a number", "jti": null, "scope": TokenScope::Access.as_str()
406
});
407
assert!(
408
verify_access_token(
···
415
let unicode_injection = json!({
416
"iss": "did:plc:test\u{0000}attacker", "sub": "did:plc:test\u{202E}rekatta",
417
"aud": "did:web:test.pds", "iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
418
+
"jti": "test", "scope": TokenScope::Access.as_str()
419
});
420
if let Ok(data) = verify_access_token(
421
&create_custom_jwt(&header, &unicode_injection, &key_bytes),
···
456
let did = "did:plc:test";
457
458
let header = json!({
459
+
"alg": "ES256K", "typ": TokenType::Access.as_str(),
460
"kid": "../../../../../../etc/passwd", "jku": "https://attacker.com/keys"
461
});
462
let claims = json!({
463
"iss": did, "sub": did, "aud": "did:web:test.pds",
464
"iat": Utc::now().timestamp(), "exp": Utc::now().timestamp() + 3600,
465
+
"jti": "test", "scope": TokenScope::Access.as_str()
466
});
467
assert!(
468
verify_access_token(&create_custom_jwt(&header, &claims, &key_bytes), &key_bytes).is_ok()
+5
-5
crates/tranquil-pds/tests/plc_validation.rs
+5
-5
crates/tranquil-pds/tests/plc_validation.rs
···
2
use serde_json::json;
3
use std::collections::HashMap;
4
use tranquil_pds::plc::{
5
-
PlcError, PlcOperation, PlcService, PlcValidationContext, cid_for_cbor, sign_operation,
6
-
signing_key_to_did_key, validate_plc_operation, validate_plc_operation_for_submission,
7
-
verify_operation_signature,
8
};
9
10
fn create_valid_operation() -> serde_json::Value {
···
264
services.insert(
265
"atproto_pds".to_string(),
266
PlcService {
267
-
service_type: "AtprotoPersonalDataServer".to_string(),
268
endpoint: "https://pds.example.com".to_string(),
269
},
270
);
271
let mut verification_methods = HashMap::new();
272
verification_methods.insert("atproto".to_string(), "did:key:zTest123".to_string());
273
let op = PlcOperation {
274
-
op_type: "plc_operation".to_string(),
275
rotation_keys: vec!["did:key:zTest123".to_string()],
276
verification_methods,
277
also_known_as: vec!["at://test.handle".to_string()],
···
2
use serde_json::json;
3
use std::collections::HashMap;
4
use tranquil_pds::plc::{
5
+
PlcError, PlcOpType, PlcOperation, PlcService, PlcValidationContext, cid_for_cbor,
6
+
sign_operation, signing_key_to_did_key, validate_plc_operation,
7
+
validate_plc_operation_for_submission, verify_operation_signature,
8
};
9
10
fn create_valid_operation() -> serde_json::Value {
···
264
services.insert(
265
"atproto_pds".to_string(),
266
PlcService {
267
+
service_type: tranquil_pds::plc::ServiceType::Pds,
268
endpoint: "https://pds.example.com".to_string(),
269
},
270
);
271
let mut verification_methods = HashMap::new();
272
verification_methods.insert("atproto".to_string(), "did:key:zTest123".to_string());
273
let op = PlcOperation {
274
+
op_type: PlcOpType::Operation,
275
rotation_keys: vec!["did:key:zTest123".to_string()],
276
verification_methods,
277
also_known_as: vec!["at://test.handle".to_string()],
+581
crates/tranquil-pds/tests/repo_lifecycle.rs
+581
crates/tranquil-pds/tests/repo_lifecycle.rs
···
···
1
+
mod common;
2
+
mod firehose;
3
+
4
+
use cid::Cid;
5
+
use common::*;
6
+
use firehose::{FirehoseConsumer, ParsedCommitFrame};
7
+
use iroh_car::CarReader;
8
+
use jacquard_repo::commit::Commit;
9
+
use reqwest::StatusCode;
10
+
use serde_json::{Value, json};
11
+
use std::io::Cursor;
12
+
use std::str::FromStr;
13
+
use tranquil_scopes::RepoAction;
14
+
15
+
mod helpers;
16
+
17
+
async fn create_post_record(client: &reqwest::Client, token: &str, did: &str, text: &str) -> Value {
18
+
let payload = json!({
19
+
"repo": did,
20
+
"collection": "app.bsky.feed.post",
21
+
"record": {
22
+
"$type": "app.bsky.feed.post",
23
+
"text": text,
24
+
"createdAt": chrono::Utc::now().to_rfc3339(),
25
+
}
26
+
});
27
+
let res = client
28
+
.post(format!(
29
+
"{}/xrpc/com.atproto.repo.createRecord",
30
+
base_url().await
31
+
))
32
+
.bearer_auth(token)
33
+
.json(&payload)
34
+
.send()
35
+
.await
36
+
.expect("Failed to create post");
37
+
assert_eq!(res.status(), StatusCode::OK);
38
+
res.json().await.expect("Invalid JSON from createRecord")
39
+
}
40
+
41
+
async fn get_latest_commit(client: &reqwest::Client, token: &str, did: &str) -> Value {
42
+
let res = client
43
+
.get(format!(
44
+
"{}/xrpc/com.atproto.sync.getLatestCommit?did={}",
45
+
base_url().await,
46
+
did
47
+
))
48
+
.bearer_auth(token)
49
+
.send()
50
+
.await
51
+
.expect("Failed to get latest commit");
52
+
assert_eq!(res.status(), StatusCode::OK);
53
+
res.json().await.expect("Invalid JSON from getLatestCommit")
54
+
}
55
+
56
+
#[tokio::test]
57
+
async fn test_create_record_cid_matches_firehose() {
58
+
let client = client();
59
+
let (token, did) = create_account_and_login(&client).await;
60
+
61
+
let pool = get_test_db_pool().await;
62
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
63
+
.fetch_one(pool)
64
+
.await
65
+
.unwrap();
66
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
67
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
68
+
69
+
let api_response = create_post_record(&client, &token, &did, "CID match test").await;
70
+
let api_commit_cid = api_response["commit"]["cid"].as_str().unwrap();
71
+
let api_commit_rev = api_response["commit"]["rev"].as_str().unwrap();
72
+
let api_record_cid = api_response["cid"].as_str().unwrap();
73
+
74
+
let frames = consumer
75
+
.wait_for_commits(&did, 1, std::time::Duration::from_secs(10))
76
+
.await;
77
+
let frame = &frames[0];
78
+
79
+
assert_eq!(
80
+
api_commit_cid,
81
+
frame.commit.to_string(),
82
+
"API commit CID must match firehose commit CID"
83
+
);
84
+
assert_eq!(
85
+
api_commit_rev, frame.rev,
86
+
"API commit rev must match firehose rev"
87
+
);
88
+
assert_eq!(frame.ops.len(), 1, "Expected exactly 1 op");
89
+
assert_eq!(
90
+
api_record_cid,
91
+
frame.ops[0].cid.unwrap().to_string(),
92
+
"API record CID must match firehose op CID"
93
+
);
94
+
assert_eq!(frame.ops[0].action, RepoAction::Create);
95
+
assert!(frame.ops[0].prev.is_none(), "Create op must have no prev");
96
+
97
+
let latest = get_latest_commit(&client, &token, &did).await;
98
+
assert_eq!(
99
+
latest["cid"].as_str().unwrap(),
100
+
api_commit_cid,
101
+
"getLatestCommit CID must match"
102
+
);
103
+
assert_eq!(
104
+
latest["rev"].as_str().unwrap(),
105
+
api_commit_rev,
106
+
"getLatestCommit rev must match"
107
+
);
108
+
}
109
+
110
+
#[tokio::test]
111
+
async fn test_update_record_prev_matches_old_cid() {
112
+
let client = client();
113
+
let (token, did) = create_account_and_login(&client).await;
114
+
115
+
let v1_payload = json!({
116
+
"repo": did,
117
+
"collection": "app.bsky.actor.profile",
118
+
"rkey": "self",
119
+
"record": {
120
+
"$type": "app.bsky.actor.profile",
121
+
"displayName": "Profile v1",
122
+
}
123
+
});
124
+
let v1_res = client
125
+
.post(format!(
126
+
"{}/xrpc/com.atproto.repo.putRecord",
127
+
base_url().await
128
+
))
129
+
.bearer_auth(&token)
130
+
.json(&v1_payload)
131
+
.send()
132
+
.await
133
+
.expect("Failed to create profile v1");
134
+
assert_eq!(v1_res.status(), StatusCode::OK);
135
+
let v1_body: Value = v1_res.json().await.unwrap();
136
+
let v1_cid_str = v1_body["cid"].as_str().unwrap();
137
+
let v1_cid = Cid::from_str(v1_cid_str).unwrap();
138
+
139
+
let pool = get_test_db_pool().await;
140
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
141
+
.fetch_one(pool)
142
+
.await
143
+
.unwrap();
144
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
145
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
146
+
147
+
let v2_payload = json!({
148
+
"repo": did,
149
+
"collection": "app.bsky.actor.profile",
150
+
"rkey": "self",
151
+
"record": {
152
+
"$type": "app.bsky.actor.profile",
153
+
"displayName": "Profile v2",
154
+
}
155
+
});
156
+
let v2_res = client
157
+
.post(format!(
158
+
"{}/xrpc/com.atproto.repo.putRecord",
159
+
base_url().await
160
+
))
161
+
.bearer_auth(&token)
162
+
.json(&v2_payload)
163
+
.send()
164
+
.await
165
+
.expect("Failed to update profile v2");
166
+
assert_eq!(v2_res.status(), StatusCode::OK);
167
+
let v2_body: Value = v2_res.json().await.unwrap();
168
+
let v2_cid_str = v2_body["cid"].as_str().unwrap();
169
+
let v2_cid = Cid::from_str(v2_cid_str).unwrap();
170
+
171
+
let frames = consumer
172
+
.wait_for_commits(&did, 1, std::time::Duration::from_secs(10))
173
+
.await;
174
+
let frame = &frames[0];
175
+
176
+
let profile_op = frame
177
+
.ops
178
+
.iter()
179
+
.find(|op| op.path.contains("app.bsky.actor.profile"))
180
+
.expect("No profile op found");
181
+
182
+
assert_eq!(profile_op.action, RepoAction::Update);
183
+
assert_eq!(
184
+
profile_op.prev,
185
+
Some(v1_cid),
186
+
"Update op.prev must be the old CID"
187
+
);
188
+
assert_eq!(
189
+
profile_op.cid,
190
+
Some(v2_cid),
191
+
"Update op.cid must be the new CID"
192
+
);
193
+
assert!(
194
+
frame.prev_data.is_some(),
195
+
"Update commit must have prevData"
196
+
);
197
+
}
198
+
199
+
#[tokio::test]
200
+
async fn test_delete_record_prev_set_cid_none() {
201
+
let client = client();
202
+
let (token, did) = create_account_and_login(&client).await;
203
+
204
+
let create_body = create_post_record(&client, &token, &did, "To be deleted").await;
205
+
let record_cid = Cid::from_str(create_body["cid"].as_str().unwrap()).unwrap();
206
+
let uri = create_body["uri"].as_str().unwrap();
207
+
let parts: Vec<&str> = uri.split('/').collect();
208
+
let collection = parts[parts.len() - 2];
209
+
let rkey = parts[parts.len() - 1];
210
+
211
+
let pool = get_test_db_pool().await;
212
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
213
+
.fetch_one(pool)
214
+
.await
215
+
.unwrap();
216
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
217
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
218
+
219
+
let delete_payload = json!({
220
+
"repo": did,
221
+
"collection": collection,
222
+
"rkey": rkey,
223
+
});
224
+
let del_res = client
225
+
.post(format!(
226
+
"{}/xrpc/com.atproto.repo.deleteRecord",
227
+
base_url().await
228
+
))
229
+
.bearer_auth(&token)
230
+
.json(&delete_payload)
231
+
.send()
232
+
.await
233
+
.expect("Failed to delete record");
234
+
assert_eq!(del_res.status(), StatusCode::OK);
235
+
236
+
let frames = consumer
237
+
.wait_for_commits(&did, 1, std::time::Duration::from_secs(10))
238
+
.await;
239
+
let frame = &frames[0];
240
+
241
+
assert_eq!(frame.ops.len(), 1, "Expected exactly 1 delete op");
242
+
let op = &frame.ops[0];
243
+
assert_eq!(op.action, RepoAction::Delete);
244
+
assert!(op.cid.is_none(), "Delete op.cid must be None");
245
+
assert_eq!(
246
+
op.prev,
247
+
Some(record_cid),
248
+
"Delete op.prev must be the original CID"
249
+
);
250
+
}
251
+
252
+
#[tokio::test]
253
+
async fn test_five_record_commit_chain_integrity() {
254
+
let client = client();
255
+
let (token, did) = create_account_and_login(&client).await;
256
+
257
+
let pool = get_test_db_pool().await;
258
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
259
+
.fetch_one(pool)
260
+
.await
261
+
.unwrap();
262
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
263
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
264
+
265
+
let texts = [
266
+
"Chain post 0",
267
+
"Chain post 1",
268
+
"Chain post 2",
269
+
"Chain post 3",
270
+
"Chain post 4",
271
+
];
272
+
for text in &texts {
273
+
create_post_record(&client, &token, &did, text).await;
274
+
}
275
+
276
+
let mut frames = consumer
277
+
.wait_for_commits(&did, 5, std::time::Duration::from_secs(15))
278
+
.await;
279
+
frames.sort_by_key(|f| f.seq);
280
+
281
+
let revs: Vec<&str> = frames.iter().map(|f| f.rev.as_str()).collect();
282
+
let unique_revs: std::collections::HashSet<&&str> = revs.iter().collect();
283
+
assert_eq!(
284
+
unique_revs.len(),
285
+
5,
286
+
"All rev values must be distinct, got: {:?}",
287
+
revs
288
+
);
289
+
290
+
let seqs: Vec<i64> = frames.iter().map(|f| f.seq).collect();
291
+
seqs.windows(2).for_each(|pair| {
292
+
assert!(
293
+
pair[1] > pair[0],
294
+
"Seq values must be strictly monotonically increasing: {} <= {}",
295
+
pair[1],
296
+
pair[0]
297
+
);
298
+
});
299
+
300
+
frames.iter().enumerate().skip(1).for_each(|(i, frame)| {
301
+
assert_eq!(
302
+
frame.since.as_deref(),
303
+
Some(frames[i - 1].rev.as_str()),
304
+
"Frame {} since must equal frame {} rev",
305
+
i,
306
+
i - 1
307
+
);
308
+
});
309
+
310
+
let latest = get_latest_commit(&client, &token, &did).await;
311
+
let final_frame = frames.last().unwrap();
312
+
assert_eq!(
313
+
latest["cid"].as_str().unwrap(),
314
+
final_frame.commit.to_string(),
315
+
"getLatestCommit CID must match final frame"
316
+
);
317
+
assert_eq!(
318
+
latest["rev"].as_str().unwrap(),
319
+
final_frame.rev,
320
+
"getLatestCommit rev must match final frame"
321
+
);
322
+
}
323
+
324
+
#[tokio::test]
325
+
async fn test_apply_writes_single_commit_multiple_ops() {
326
+
let client = client();
327
+
let (token, did) = create_account_and_login(&client).await;
328
+
329
+
let pool = get_test_db_pool().await;
330
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
331
+
.fetch_one(pool)
332
+
.await
333
+
.unwrap();
334
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
335
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
336
+
337
+
let now = chrono::Utc::now().to_rfc3339();
338
+
let writes: Vec<Value> = (0..3)
339
+
.map(|i| {
340
+
json!({
341
+
"$type": "com.atproto.repo.applyWrites#create",
342
+
"collection": "app.bsky.feed.post",
343
+
"value": {
344
+
"$type": "app.bsky.feed.post",
345
+
"text": format!("Batch post {}", i),
346
+
"createdAt": now,
347
+
}
348
+
})
349
+
})
350
+
.collect();
351
+
352
+
let payload = json!({
353
+
"repo": did,
354
+
"writes": writes,
355
+
});
356
+
let res = client
357
+
.post(format!(
358
+
"{}/xrpc/com.atproto.repo.applyWrites",
359
+
base_url().await
360
+
))
361
+
.bearer_auth(&token)
362
+
.json(&payload)
363
+
.send()
364
+
.await
365
+
.expect("Failed to applyWrites");
366
+
assert_eq!(res.status(), StatusCode::OK);
367
+
let api_body: Value = res.json().await.unwrap();
368
+
let api_results = api_body["results"].as_array().expect("No results array");
369
+
assert_eq!(api_results.len(), 3, "Expected 3 results from applyWrites");
370
+
371
+
let frames = consumer
372
+
.wait_for_commits(&did, 1, std::time::Duration::from_secs(10))
373
+
.await;
374
+
assert_eq!(
375
+
frames.len(),
376
+
1,
377
+
"applyWrites should produce exactly 1 commit"
378
+
);
379
+
let frame = &frames[0];
380
+
assert_eq!(frame.ops.len(), 3, "Commit should contain 3 ops");
381
+
382
+
frame.ops.iter().for_each(|op| {
383
+
assert_eq!(op.action, RepoAction::Create, "All ops should be Create");
384
+
});
385
+
386
+
api_results.iter().enumerate().for_each(|(i, result)| {
387
+
let api_cid = result["cid"].as_str().expect("No cid in result");
388
+
let frame_cid = frame.ops[i].cid.expect("No cid in op").to_string();
389
+
assert_eq!(
390
+
api_cid, frame_cid,
391
+
"API result[{}] CID must match firehose op[{}] CID",
392
+
i, i
393
+
);
394
+
});
395
+
}
396
+
397
+
#[tokio::test]
398
+
async fn test_firehose_commit_signature_verification() {
399
+
let client = client();
400
+
let (token, did) = create_account_and_login(&client).await;
401
+
402
+
let key_bytes = helpers::get_user_signing_key(&did)
403
+
.await
404
+
.expect("Failed to get signing key");
405
+
let signing_key =
406
+
k256::ecdsa::SigningKey::from_slice(&key_bytes).expect("Invalid signing key bytes");
407
+
let pubkey_bytes = signing_key.verifying_key().to_encoded_point(true);
408
+
let pubkey = jacquard_common::types::crypto::PublicKey {
409
+
codec: jacquard_common::types::crypto::KeyCodec::Secp256k1,
410
+
bytes: std::borrow::Cow::Owned(pubkey_bytes.as_bytes().to_vec()),
411
+
};
412
+
413
+
let pool = get_test_db_pool().await;
414
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
415
+
.fetch_one(pool)
416
+
.await
417
+
.unwrap();
418
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
419
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
420
+
421
+
let _api_response =
422
+
create_post_record(&client, &token, &did, "Signature verification test").await;
423
+
424
+
let frames = consumer
425
+
.wait_for_commits(&did, 1, std::time::Duration::from_secs(10))
426
+
.await;
427
+
let frame = &frames[0];
428
+
429
+
let mut car_reader = CarReader::new(Cursor::new(&frame.blocks))
430
+
.await
431
+
.expect("Failed to parse CAR");
432
+
let mut blocks = std::collections::HashMap::new();
433
+
while let Ok(Some((cid, data))) = car_reader.next_block().await {
434
+
blocks.insert(cid, data);
435
+
}
436
+
437
+
let commit_block = blocks
438
+
.get(&frame.commit)
439
+
.expect("Commit block not found in CAR");
440
+
441
+
let commit = Commit::from_cbor(commit_block).expect("Failed to parse commit from CBOR");
442
+
443
+
commit
444
+
.verify(&pubkey)
445
+
.expect("Commit signature verification failed");
446
+
447
+
assert_eq!(
448
+
commit.rev().to_string(),
449
+
frame.rev,
450
+
"Commit rev must match frame rev"
451
+
);
452
+
assert_eq!(
453
+
commit.did().as_str(),
454
+
did,
455
+
"Commit DID must match account DID"
456
+
);
457
+
}
458
+
459
+
#[tokio::test]
460
+
async fn test_cursor_backfill_completeness() {
461
+
let client = client();
462
+
let (token, did) = create_account_and_login(&client).await;
463
+
464
+
let pool = get_test_db_pool().await;
465
+
let baseline_seq: i64 =
466
+
sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
467
+
.fetch_one(pool)
468
+
.await
469
+
.unwrap();
470
+
471
+
let mut expected_cids: Vec<String> = Vec::with_capacity(5);
472
+
let texts = [
473
+
"Backfill 0",
474
+
"Backfill 1",
475
+
"Backfill 2",
476
+
"Backfill 3",
477
+
"Backfill 4",
478
+
];
479
+
for text in &texts {
480
+
let body = create_post_record(&client, &token, &did, text).await;
481
+
expected_cids.push(body["commit"]["cid"].as_str().unwrap().to_string());
482
+
}
483
+
484
+
tokio::time::sleep(std::time::Duration::from_millis(200)).await;
485
+
486
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), baseline_seq).await;
487
+
488
+
let frames = consumer
489
+
.wait_for_commits(&did, 5, std::time::Duration::from_secs(15))
490
+
.await;
491
+
492
+
let mut sorted_frames: Vec<ParsedCommitFrame> = frames;
493
+
sorted_frames.sort_by_key(|f| f.seq);
494
+
495
+
let received_cids: Vec<String> = sorted_frames.iter().map(|f| f.commit.to_string()).collect();
496
+
497
+
expected_cids.iter().for_each(|expected| {
498
+
assert!(
499
+
received_cids.contains(expected),
500
+
"Missing commit {} in backfill",
501
+
expected
502
+
);
503
+
});
504
+
505
+
let seqs: Vec<i64> = sorted_frames.iter().map(|f| f.seq).collect();
506
+
let unique_seqs: std::collections::HashSet<&i64> = seqs.iter().collect();
507
+
assert_eq!(
508
+
unique_seqs.len(),
509
+
seqs.len(),
510
+
"No duplicate seq values allowed in backfill"
511
+
);
512
+
}
513
+
514
+
#[tokio::test]
515
+
async fn test_multi_account_seq_interleaving() {
516
+
let client = client();
517
+
let (alice_token, alice_did) = create_account_and_login(&client).await;
518
+
let (bob_token, bob_did) = create_account_and_login(&client).await;
519
+
520
+
let pool = get_test_db_pool().await;
521
+
let cursor: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
522
+
.fetch_one(pool)
523
+
.await
524
+
.unwrap();
525
+
let consumer = FirehoseConsumer::connect_with_cursor(app_port(), cursor).await;
526
+
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
527
+
528
+
let _a1 = create_post_record(&client, &alice_token, &alice_did, "Alice post 1").await;
529
+
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
530
+
let _b1 = create_post_record(&client, &bob_token, &bob_did, "Bob post 1").await;
531
+
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
532
+
let _a2 = create_post_record(&client, &alice_token, &alice_did, "Alice post 2").await;
533
+
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
534
+
let _b2 = create_post_record(&client, &bob_token, &bob_did, "Bob post 2").await;
535
+
536
+
let alice_frames = consumer
537
+
.wait_for_commits(&alice_did, 2, std::time::Duration::from_secs(10))
538
+
.await;
539
+
let bob_frames = consumer
540
+
.wait_for_commits(&bob_did, 2, std::time::Duration::from_secs(10))
541
+
.await;
542
+
543
+
let mut all_commits = consumer.all_commits();
544
+
all_commits.sort_by_key(|f| f.seq);
545
+
546
+
let global_seqs: Vec<i64> = all_commits.iter().map(|f| f.seq).collect();
547
+
global_seqs.windows(2).for_each(|pair| {
548
+
assert!(
549
+
pair[1] > pair[0],
550
+
"Global seq must be strictly monotonically increasing: {} <= {}",
551
+
pair[1],
552
+
pair[0]
553
+
);
554
+
});
555
+
556
+
let mut alice_sorted: Vec<ParsedCommitFrame> = alice_frames;
557
+
alice_sorted.sort_by_key(|f| f.seq);
558
+
assert_eq!(alice_sorted.len(), 2);
559
+
assert!(
560
+
alice_sorted[1].since.is_some(),
561
+
"Alice's second commit must have since"
562
+
);
563
+
assert_eq!(
564
+
alice_sorted[1].since.as_deref(),
565
+
Some(alice_sorted[0].rev.as_str()),
566
+
"Alice's since chain must be self-consistent"
567
+
);
568
+
569
+
let mut bob_sorted: Vec<ParsedCommitFrame> = bob_frames;
570
+
bob_sorted.sort_by_key(|f| f.seq);
571
+
assert_eq!(bob_sorted.len(), 2);
572
+
assert!(
573
+
bob_sorted[1].since.is_some(),
574
+
"Bob's second commit must have since"
575
+
);
576
+
assert_eq!(
577
+
bob_sorted[1].since.as_deref(),
578
+
Some(bob_sorted[0].rev.as_str()),
579
+
"Bob's since chain must be self-consistent"
580
+
);
581
+
}
+13
crates/tranquil-pds/tests/ripple_cluster.rs
+13
crates/tranquil-pds/tests/ripple_cluster.rs
···
677
let nodes = common::cluster().await;
678
let client = common::client();
679
680
+
let now_ms = u64::try_from(
681
+
std::time::SystemTime::now()
682
+
.duration_since(std::time::UNIX_EPOCH)
683
+
.unwrap()
684
+
.as_millis(),
685
+
)
686
+
.unwrap_or(u64::MAX);
687
+
let login_window_ms: u64 = 60_000;
688
+
let remaining = login_window_ms - (now_ms % login_window_ms);
689
+
if remaining < 35_000 {
690
+
tokio::time::sleep(Duration::from_millis(remaining + 100)).await;
691
+
}
692
+
693
let uuid_bytes = uuid::Uuid::new_v4();
694
let b = uuid_bytes.as_bytes();
695
let unique_ip = format!("10.{}.{}.{}", b[0], b[1], b[2]);
+1
-4
crates/tranquil-pds/tests/server.rs
+1
-4
crates/tranquil-pds/tests/server.rs
···
65
.send()
66
.await
67
.unwrap();
68
-
assert!(
69
-
missing_id.status() == StatusCode::BAD_REQUEST
70
-
|| missing_id.status() == StatusCode::UNPROCESSABLE_ENTITY
71
-
);
72
let invalid_handle = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base))
73
.json(&json!({ "handle": "invalid!handle.com", "email": "test@example.com", "password": "Testpass123!" }))
74
.send().await.unwrap();
···
65
.send()
66
.await
67
.unwrap();
68
+
assert_eq!(missing_id.status(), StatusCode::BAD_REQUEST);
69
let invalid_handle = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base))
70
.json(&json!({ "handle": "invalid!handle.com", "email": "test@example.com", "password": "Testpass123!" }))
71
.send().await.unwrap();
+27
-31
crates/tranquil-pds/tests/sso.rs
+27
-31
crates/tranquil-pds/tests/sso.rs
···
40
41
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
42
let body: Value = res.json().await.unwrap();
43
-
assert_eq!(body["error"], "SsoProviderNotFound");
44
}
45
46
#[tokio::test]
···
61
62
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
63
let body: Value = res.json().await.unwrap();
64
-
assert!(
65
-
body["error"] == "SsoInvalidAction" || body["error"] == "SsoProviderNotEnabled",
66
-
"Expected SsoInvalidAction or SsoProviderNotEnabled, got: {}",
67
-
body["error"]
68
-
);
69
}
70
71
#[tokio::test]
···
232
let _url = base_url().await;
233
let pool = get_test_db_pool().await;
234
235
-
let did = unsafe {
236
-
Did::new_unchecked(format!(
237
-
"did:plc:test{}",
238
-
&uuid::Uuid::new_v4().simple().to_string()[..12]
239
-
))
240
-
};
241
let provider = SsoProviderType::Github;
242
let provider_user_id = format!("github_user_{}", uuid::Uuid::new_v4().simple());
243
···
352
let _url = base_url().await;
353
let pool = get_test_db_pool().await;
354
355
-
let did1 = unsafe {
356
-
Did::new_unchecked(format!(
357
-
"did:plc:uc1{}",
358
-
&uuid::Uuid::new_v4().simple().to_string()[..10]
359
-
))
360
-
};
361
-
let did2 = unsafe {
362
-
Did::new_unchecked(format!(
363
-
"did:plc:uc2{}",
364
-
&uuid::Uuid::new_v4().simple().to_string()[..10]
365
-
))
366
-
};
367
let provider_user_id = format!("unique_test_{}", uuid::Uuid::new_v4().simple());
368
369
sqlx::query!(
···
583
let _url = base_url().await;
584
let pool = get_test_db_pool().await;
585
586
-
let did = unsafe {
587
-
Did::new_unchecked(format!(
588
-
"did:plc:del{}",
589
-
&uuid::Uuid::new_v4().simple().to_string()[..10]
590
-
))
591
-
};
592
-
let wrong_did = unsafe { Did::new_unchecked("did:plc:wrongdid12345") };
593
594
sqlx::query!(
595
"INSERT INTO users (did, handle, email, password_hash) VALUES ($1, $2, $3, 'hash')",
···
40
41
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
42
let body: Value = res.json().await.unwrap();
43
+
assert_eq!(body["error"], "InvalidRequest");
44
}
45
46
#[tokio::test]
···
61
62
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
63
let body: Value = res.json().await.unwrap();
64
+
assert_eq!(body["error"], "InvalidRequest");
65
}
66
67
#[tokio::test]
···
228
let _url = base_url().await;
229
let pool = get_test_db_pool().await;
230
231
+
let did: Did = format!(
232
+
"did:plc:test{}",
233
+
&uuid::Uuid::new_v4().simple().to_string()[..12]
234
+
)
235
+
.parse()
236
+
.expect("valid test DID");
237
let provider = SsoProviderType::Github;
238
let provider_user_id = format!("github_user_{}", uuid::Uuid::new_v4().simple());
239
···
348
let _url = base_url().await;
349
let pool = get_test_db_pool().await;
350
351
+
let did1: Did = format!(
352
+
"did:plc:uc1{}",
353
+
&uuid::Uuid::new_v4().simple().to_string()[..10]
354
+
)
355
+
.parse()
356
+
.expect("valid test DID");
357
+
let did2: Did = format!(
358
+
"did:plc:uc2{}",
359
+
&uuid::Uuid::new_v4().simple().to_string()[..10]
360
+
)
361
+
.parse()
362
+
.expect("valid test DID");
363
let provider_user_id = format!("unique_test_{}", uuid::Uuid::new_v4().simple());
364
365
sqlx::query!(
···
579
let _url = base_url().await;
580
let pool = get_test_db_pool().await;
581
582
+
let did: Did = format!(
583
+
"did:plc:del{}",
584
+
&uuid::Uuid::new_v4().simple().to_string()[..10]
585
+
)
586
+
.parse()
587
+
.expect("valid test DID");
588
+
let wrong_did: Did = "did:plc:wrongdid12345".parse().expect("valid test DID");
589
590
sqlx::query!(
591
"INSERT INTO users (did, handle, email, password_hash) VALUES ($1, $2, $3, 'hash')",
+1
-2
crates/tranquil-ripple/src/transport.rs
+1
-2
crates/tranquil-ripple/src/transport.rs
···
373
if let Err(e) = sock_ref.set_tcp_nodelay(true) {
374
tracing::warn!(error = %e, "failed to set TCP_NODELAY");
375
}
376
-
let keepalive = socket2::TcpKeepalive::new()
377
-
.with_time(Duration::from_secs(30));
378
#[cfg(any(target_os = "linux", target_os = "macos", target_os = "windows"))]
379
let keepalive = keepalive.with_interval(Duration::from_secs(10));
380
let params = keepalive;
···
373
if let Err(e) = sock_ref.set_tcp_nodelay(true) {
374
tracing::warn!(error = %e, "failed to set TCP_NODELAY");
375
}
376
+
let keepalive = socket2::TcpKeepalive::new().with_time(Duration::from_secs(30));
377
#[cfg(any(target_os = "linux", target_os = "macos", target_os = "windows"))]
378
let keepalive = keepalive.with_interval(Duration::from_secs(10));
379
let params = keepalive;
+1
crates/tranquil-scopes/Cargo.toml
+1
crates/tranquil-scopes/Cargo.toml
+65
-29
crates/tranquil-scopes/src/permission_set.rs
+65
-29
crates/tranquil-scopes/src/permission_set.rs
···
6
use tokio::sync::RwLock;
7
use tracing::{debug, warn};
8
9
static LEXICON_CACHE: LazyLock<RwLock<HashMap<String, CachedLexicon>>> =
10
LazyLock::new(|| RwLock::new(HashMap::new()));
11
···
86
.unwrap_or((rest, None))
87
}
88
89
-
async fn expand_permission_set(nsid: &str, aud: Option<&str>) -> Result<String, String> {
90
let cache_key = match aud {
91
Some(a) => format!("{}?aud={}", nsid, a),
92
None => nsid.to_string(),
···
107
let main_def = lexicon
108
.defs
109
.get("main")
110
-
.ok_or("Missing 'main' definition in lexicon")?;
111
112
if main_def.def_type != "permission-set" {
113
-
return Err(format!(
114
-
"Expected permission-set type, got: {}",
115
-
main_def.def_type
116
));
117
}
118
119
-
let permissions = main_def
120
-
.permissions
121
-
.as_ref()
122
-
.ok_or("Missing permissions in permission-set")?;
123
124
let namespace_authority = extract_namespace_authority(nsid);
125
let expanded = build_expanded_scopes(permissions, aud, &namespace_authority);
126
127
if expanded.is_empty() {
128
-
return Err("No valid permissions found in permission-set".to_string());
129
}
130
131
{
···
143
Ok(expanded)
144
}
145
146
-
async fn fetch_lexicon_via_atproto(nsid: &str) -> Result<LexiconDoc, String> {
147
let parts: Vec<&str> = nsid.split('.').collect();
148
if parts.len() < 3 {
149
-
return Err(format!("Invalid NSID format: {}", nsid));
150
}
151
152
let authority = parts[..2]
···
166
let client = Client::builder()
167
.timeout(std::time::Duration::from_secs(10))
168
.build()
169
-
.map_err(|e| format!("Failed to create HTTP client: {}", e))?;
170
171
let url = format!(
172
"{}/xrpc/com.atproto.repo.getRecord?repo={}&collection=com.atproto.lexicon.schema&rkey={}",
···
181
.header("Accept", "application/json")
182
.send()
183
.await
184
-
.map_err(|e| format!("Failed to fetch lexicon: {}", e))?;
185
186
if !response.status().is_success() {
187
-
return Err(format!(
188
-
"Failed to fetch lexicon: HTTP {}",
189
response.status()
190
-
));
191
}
192
193
let record: GetRecordResponse = response
194
.json()
195
.await
196
-
.map_err(|e| format!("Failed to parse lexicon response: {}", e))?;
197
198
Ok(record.value)
199
}
200
201
-
async fn resolve_lexicon_did_authority(authority: &str) -> Result<String, String> {
202
let resolver = TokioAsyncResolver::tokio_from_system_conf()
203
-
.map_err(|e| format!("Failed to create DNS resolver: {}", e))?;
204
205
let dns_name = format!("_lexicon.{}", authority);
206
debug!(dns_name = %dns_name, "Looking up DNS TXT record");
···
208
let txt_records = resolver
209
.txt_lookup(&dns_name)
210
.await
211
-
.map_err(|e| format!("DNS lookup failed for {}: {}", dns_name, e))?;
212
213
txt_records
214
.iter()
···
217
let txt = String::from_utf8_lossy(data);
218
txt.strip_prefix("did=").map(|did| did.to_string())
219
})
220
-
.ok_or_else(|| format!("No valid did= TXT record found at {}", dns_name))
221
}
222
223
-
async fn resolve_did_to_pds(did: &str) -> Result<String, String> {
224
let client = Client::builder()
225
.timeout(std::time::Duration::from_secs(10))
226
.build()
227
-
.map_err(|e| format!("Failed to create HTTP client: {}", e))?;
228
229
let url = if did.starts_with("did:plc:") {
230
format!("https://plc.directory/{}", did)
···
232
let domain = did.strip_prefix("did:web:").unwrap();
233
format!("https://{}/.well-known/did.json", domain)
234
} else {
235
-
return Err(format!("Unsupported DID method: {}", did));
236
};
237
238
let response = client
···
240
.header("Accept", "application/json")
241
.send()
242
.await
243
-
.map_err(|e| format!("Failed to resolve DID: {}", e))?;
244
245
if !response.status().is_success() {
246
-
return Err(format!("Failed to resolve DID: HTTP {}", response.status()));
247
}
248
249
let doc: PlcDocument = response
250
.json()
251
.await
252
-
.map_err(|e| format!("Failed to parse DID document: {}", e))?;
253
254
doc.service
255
.iter()
256
.find(|s| s.id == "#atproto_pds")
257
.map(|s| s.service_endpoint.clone())
258
-
.ok_or_else(|| "No #atproto_pds service found in DID document".to_string())
259
}
260
261
fn extract_namespace_authority(nsid: &str) -> String {
···
6
use tokio::sync::RwLock;
7
use tracing::{debug, warn};
8
9
+
#[derive(Debug, thiserror::Error)]
10
+
pub enum ScopeExpansionError {
11
+
#[error("Invalid NSID format: {0}")]
12
+
InvalidNsid(String),
13
+
#[error("Missing definition: {0}")]
14
+
MissingDefinition(String),
15
+
#[error("Unexpected lexicon type: {0}")]
16
+
UnexpectedType(String),
17
+
#[error("DNS resolution failed: {0}")]
18
+
DnsResolution(String),
19
+
#[error("HTTP request failed: {0}")]
20
+
HttpFailed(String),
21
+
#[error("DID resolution failed: {0}")]
22
+
DidResolution(String),
23
+
#[error("No valid permissions found in permission-set")]
24
+
EmptyPermissions,
25
+
}
26
+
27
static LEXICON_CACHE: LazyLock<RwLock<HashMap<String, CachedLexicon>>> =
28
LazyLock::new(|| RwLock::new(HashMap::new()));
29
···
104
.unwrap_or((rest, None))
105
}
106
107
+
async fn expand_permission_set(
108
+
nsid: &str,
109
+
aud: Option<&str>,
110
+
) -> Result<String, ScopeExpansionError> {
111
let cache_key = match aud {
112
Some(a) => format!("{}?aud={}", nsid, a),
113
None => nsid.to_string(),
···
128
let main_def = lexicon
129
.defs
130
.get("main")
131
+
.ok_or(ScopeExpansionError::MissingDefinition("main".to_string()))?;
132
133
if main_def.def_type != "permission-set" {
134
+
return Err(ScopeExpansionError::UnexpectedType(
135
+
main_def.def_type.clone(),
136
));
137
}
138
139
+
let permissions =
140
+
main_def
141
+
.permissions
142
+
.as_ref()
143
+
.ok_or(ScopeExpansionError::MissingDefinition(
144
+
"permissions".to_string(),
145
+
))?;
146
147
let namespace_authority = extract_namespace_authority(nsid);
148
let expanded = build_expanded_scopes(permissions, aud, &namespace_authority);
149
150
if expanded.is_empty() {
151
+
return Err(ScopeExpansionError::EmptyPermissions);
152
}
153
154
{
···
166
Ok(expanded)
167
}
168
169
+
async fn fetch_lexicon_via_atproto(nsid: &str) -> Result<LexiconDoc, ScopeExpansionError> {
170
let parts: Vec<&str> = nsid.split('.').collect();
171
if parts.len() < 3 {
172
+
return Err(ScopeExpansionError::InvalidNsid(nsid.to_string()));
173
}
174
175
let authority = parts[..2]
···
189
let client = Client::builder()
190
.timeout(std::time::Duration::from_secs(10))
191
.build()
192
+
.map_err(|e| ScopeExpansionError::HttpFailed(e.to_string()))?;
193
194
let url = format!(
195
"{}/xrpc/com.atproto.repo.getRecord?repo={}&collection=com.atproto.lexicon.schema&rkey={}",
···
204
.header("Accept", "application/json")
205
.send()
206
.await
207
+
.map_err(|e| ScopeExpansionError::HttpFailed(e.to_string()))?;
208
209
if !response.status().is_success() {
210
+
return Err(ScopeExpansionError::HttpFailed(format!(
211
+
"HTTP {}",
212
response.status()
213
+
)));
214
}
215
216
let record: GetRecordResponse = response
217
.json()
218
.await
219
+
.map_err(|e| ScopeExpansionError::HttpFailed(e.to_string()))?;
220
221
Ok(record.value)
222
}
223
224
+
async fn resolve_lexicon_did_authority(authority: &str) -> Result<String, ScopeExpansionError> {
225
let resolver = TokioAsyncResolver::tokio_from_system_conf()
226
+
.map_err(|e| ScopeExpansionError::DnsResolution(e.to_string()))?;
227
228
let dns_name = format!("_lexicon.{}", authority);
229
debug!(dns_name = %dns_name, "Looking up DNS TXT record");
···
231
let txt_records = resolver
232
.txt_lookup(&dns_name)
233
.await
234
+
.map_err(|e| ScopeExpansionError::DnsResolution(format!("{}: {}", dns_name, e)))?;
235
236
txt_records
237
.iter()
···
240
let txt = String::from_utf8_lossy(data);
241
txt.strip_prefix("did=").map(|did| did.to_string())
242
})
243
+
.ok_or_else(|| {
244
+
ScopeExpansionError::DnsResolution(format!(
245
+
"No valid did= TXT record found at {}",
246
+
dns_name
247
+
))
248
+
})
249
}
250
251
+
async fn resolve_did_to_pds(did: &str) -> Result<String, ScopeExpansionError> {
252
let client = Client::builder()
253
.timeout(std::time::Duration::from_secs(10))
254
.build()
255
+
.map_err(|e| ScopeExpansionError::HttpFailed(e.to_string()))?;
256
257
let url = if did.starts_with("did:plc:") {
258
format!("https://plc.directory/{}", did)
···
260
let domain = did.strip_prefix("did:web:").unwrap();
261
format!("https://{}/.well-known/did.json", domain)
262
} else {
263
+
return Err(ScopeExpansionError::DidResolution(format!(
264
+
"Unsupported DID method: {}",
265
+
did
266
+
)));
267
};
268
269
let response = client
···
271
.header("Accept", "application/json")
272
.send()
273
.await
274
+
.map_err(|e| ScopeExpansionError::DidResolution(e.to_string()))?;
275
276
if !response.status().is_success() {
277
+
return Err(ScopeExpansionError::DidResolution(format!(
278
+
"HTTP {}",
279
+
response.status()
280
+
)));
281
}
282
283
let doc: PlcDocument = response
284
.json()
285
.await
286
+
.map_err(|e| ScopeExpansionError::DidResolution(e.to_string()))?;
287
288
doc.service
289
.iter()
290
.find(|s| s.id == "#atproto_pds")
291
.map(|s| s.service_endpoint.clone())
292
+
.ok_or(ScopeExpansionError::DidResolution(
293
+
"No #atproto_pds service found in DID document".to_string(),
294
+
))
295
}
296
297
fn extract_namespace_authority(nsid: &str) -> String {
+34
-24
crates/tranquil-types/src/lib.rs
+34
-24
crates/tranquil-types/src/lib.rs
···
101
pub fn new(s: impl Into<String>) -> Self {
102
Self(s.into())
103
}
104
-
105
-
pub fn new_unchecked(s: impl Into<String>) -> Self {
106
-
Self(s.into())
107
-
}
108
}
109
110
impl_string_common!($name);
···
123
124
impl $name {
125
pub fn new(s: impl Into<String>) -> Self {
126
-
Self(s.into())
127
-
}
128
-
129
-
pub fn new_unchecked(s: impl Into<String>) -> Self {
130
Self(s.into())
131
}
132
}
···
140
$(#[$meta:meta])*
141
$vis:vis struct $name:ident;
142
error = $error:ident;
143
validator = $validator:expr;
144
) => {
145
$(#[$meta])*
···
165
validator(&s).map_err(|_| $error::Invalid(s.clone()))?;
166
Ok(Self(s))
167
}
168
-
169
-
#[allow(unsafe_code, clippy::missing_safety_doc)]
170
-
pub unsafe fn new_unchecked(s: impl Into<String>) -> Self {
171
-
Self(s.into())
172
-
}
173
}
174
175
impl FromStr for $name {
···
182
183
impl_string_common!($name);
184
185
-
#[derive(Debug, Clone, thiserror::Error)]
186
pub enum $error {
187
-
#[error("invalid: {0}")]
188
Invalid(String),
189
}
190
};
191
}
192
193
validated_string_newtype! {
194
pub struct Did;
195
error = DidError;
196
validator = |s| jacquard_common::types::string::Did::new(s).map(|_| ()).map_err(|_| ());
197
}
198
···
217
D: serde::Deserializer<'de>,
218
{
219
let s = String::deserialize(deserializer)?;
220
-
Ok(Handle(s))
221
}
222
}
223
···
227
jacquard_common::types::string::Handle::new(&s)
228
.map_err(|_| HandleError::Invalid(s.clone()))?;
229
Ok(Self(s))
230
-
}
231
-
232
-
#[allow(unsafe_code, clippy::missing_safety_doc)]
233
-
pub unsafe fn new_unchecked(s: impl Into<String>) -> Self {
234
-
Self(s.into())
235
}
236
}
237
···
368
validated_string_newtype! {
369
pub struct Rkey;
370
error = RkeyError;
371
validator = |s| jacquard_common::types::string::Rkey::new(s).map(|_| ()).map_err(|_| ());
372
}
373
···
389
validated_string_newtype! {
390
pub struct Nsid;
391
error = NsidError;
392
validator = |s| jacquard_common::types::string::Nsid::new(s).map(|_| ()).map_err(|_| ());
393
}
394
···
405
validated_string_newtype! {
406
pub struct AtUri;
407
error = AtUriError;
408
validator = |s| jacquard_common::types::string::AtUri::new(s).map(|_| ()).map_err(|_| ());
409
}
410
···
435
validated_string_newtype! {
436
pub struct Tid;
437
error = TidError;
438
validator = |s| jacquard_common::types::string::Tid::from_str(s).map(|_| ()).map_err(|_| ());
439
}
440
···
448
validated_string_newtype! {
449
pub struct Datetime;
450
error = DatetimeError;
451
validator = |s| jacquard_common::types::string::Datetime::from_str(s).map(|_| ()).map_err(|_| ());
452
}
453
···
466
validated_string_newtype! {
467
pub struct Language;
468
error = LanguageError;
469
validator = |s| jacquard_common::types::string::Language::from_str(s).map(|_| ()).map_err(|_| ());
470
}
471
···
491
Ok(Self(s))
492
}
493
494
-
#[allow(unsafe_code, clippy::missing_safety_doc)]
495
-
pub unsafe fn new_unchecked(s: impl Into<String>) -> Self {
496
-
Self(s.into())
497
}
498
499
pub fn to_cid(&self) -> Option<cid::Cid> {
500
cid::Cid::from_str(&self.0).ok()
501
}
502
}
503
···
101
pub fn new(s: impl Into<String>) -> Self {
102
Self(s.into())
103
}
104
}
105
106
impl_string_common!($name);
···
119
120
impl $name {
121
pub fn new(s: impl Into<String>) -> Self {
122
Self(s.into())
123
}
124
}
···
132
$(#[$meta:meta])*
133
$vis:vis struct $name:ident;
134
error = $error:ident;
135
+
label = $label:expr;
136
validator = $validator:expr;
137
) => {
138
$(#[$meta])*
···
158
validator(&s).map_err(|_| $error::Invalid(s.clone()))?;
159
Ok(Self(s))
160
}
161
}
162
163
impl FromStr for $name {
···
170
171
impl_string_common!($name);
172
173
+
#[derive(Debug, Clone)]
174
pub enum $error {
175
Invalid(String),
176
}
177
+
178
+
impl std::fmt::Display for $error {
179
+
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
180
+
match self {
181
+
Self::Invalid(s) => write!(f, concat!("invalid ", $label, ": {}"), s),
182
+
}
183
+
}
184
+
}
185
+
186
+
impl std::error::Error for $error {}
187
};
188
}
189
190
validated_string_newtype! {
191
pub struct Did;
192
error = DidError;
193
+
label = "DID";
194
validator = |s| jacquard_common::types::string::Did::new(s).map(|_| ()).map_err(|_| ());
195
}
196
···
215
D: serde::Deserializer<'de>,
216
{
217
let s = String::deserialize(deserializer)?;
218
+
Handle::new(&s).map_err(|e| serde::de::Error::custom(e.to_string()))
219
}
220
}
221
···
225
jacquard_common::types::string::Handle::new(&s)
226
.map_err(|_| HandleError::Invalid(s.clone()))?;
227
Ok(Self(s))
228
}
229
}
230
···
361
validated_string_newtype! {
362
pub struct Rkey;
363
error = RkeyError;
364
+
label = "rkey";
365
validator = |s| jacquard_common::types::string::Rkey::new(s).map(|_| ()).map_err(|_| ());
366
}
367
···
383
validated_string_newtype! {
384
pub struct Nsid;
385
error = NsidError;
386
+
label = "NSID";
387
validator = |s| jacquard_common::types::string::Nsid::new(s).map(|_| ()).map_err(|_| ());
388
}
389
···
400
validated_string_newtype! {
401
pub struct AtUri;
402
error = AtUriError;
403
+
label = "AT URI";
404
validator = |s| jacquard_common::types::string::AtUri::new(s).map(|_| ()).map_err(|_| ());
405
}
406
···
431
validated_string_newtype! {
432
pub struct Tid;
433
error = TidError;
434
+
label = "TID";
435
validator = |s| jacquard_common::types::string::Tid::from_str(s).map(|_| ()).map_err(|_| ());
436
}
437
···
445
validated_string_newtype! {
446
pub struct Datetime;
447
error = DatetimeError;
448
+
label = "datetime";
449
validator = |s| jacquard_common::types::string::Datetime::from_str(s).map(|_| ()).map_err(|_| ());
450
}
451
···
464
validated_string_newtype! {
465
pub struct Language;
466
error = LanguageError;
467
+
label = "language";
468
validator = |s| jacquard_common::types::string::Language::from_str(s).map(|_| ()).map_err(|_| ());
469
}
470
···
490
Ok(Self(s))
491
}
492
493
+
pub fn from_cid(cid: &cid::Cid) -> Self {
494
+
Self(cid.to_string())
495
}
496
497
pub fn to_cid(&self) -> Option<cid::Cid> {
498
cid::Cid::from_str(&self.0).ok()
499
+
}
500
+
}
501
+
502
+
impl From<cid::Cid> for CidLink {
503
+
fn from(cid: cid::Cid) -> Self {
504
+
Self(cid.to_string())
505
+
}
506
+
}
507
+
508
+
impl From<&cid::Cid> for CidLink {
509
+
fn from(cid: &cid::Cid) -> Self {
510
+
Self(cid.to_string())
511
}
512
}
513
-162
frontend/src/components/dashboard/AdminContent.svelte
-162
frontend/src/components/dashboard/AdminContent.svelte
···
35
invitesDisabled?: boolean
36
}
37
38
-
interface Invite {
39
-
code: string
40
-
available: number
41
-
disabled: boolean
42
-
forAccount: string
43
-
createdBy: string
44
-
createdAt: string
45
-
uses: Array<{ usedBy: string; usedAt: string }>
46
-
}
47
-
48
let stats = $state<ServerStats | null>(null)
49
let users = $state<User[]>([])
50
let loading = $state(true)
51
let usersLoading = $state(false)
52
let searchQuery = $state('')
53
let usersCursor = $state<string | undefined>(undefined)
54
-
55
-
let invites = $state<Invite[]>([])
56
-
let invitesLoading = $state(false)
57
-
let invitesCursor = $state<string | undefined>(undefined)
58
-
let showInvites = $state(false)
59
60
let selectedUser = $state<User | null>(null)
61
let userActionLoading = $state(false)
···
219
logoChanged
220
}
221
222
-
async function loadInvites(reset = false) {
223
-
invitesLoading = true
224
-
if (reset) {
225
-
invites = []
226
-
invitesCursor = undefined
227
-
}
228
-
try {
229
-
const result = await api.getInviteCodes(session.accessJwt, {
230
-
cursor: reset ? undefined : invitesCursor,
231
-
limit: 25,
232
-
})
233
-
invites = reset ? result.codes : [...invites, ...result.codes]
234
-
invitesCursor = result.cursor
235
-
showInvites = true
236
-
} catch {
237
-
toast.error($_('admin.failedToLoadInvites'))
238
-
} finally {
239
-
invitesLoading = false
240
-
}
241
-
}
242
-
243
-
async function disableInvite(code: string) {
244
-
if (!confirm($_('admin.disableInviteConfirm', { values: { code } }))) return
245
-
try {
246
-
await api.disableInviteCodes(session.accessJwt, [code])
247
-
invites = invites.map(i => i.code === code ? { ...i, disabled: true } : i)
248
-
toast.success($_('admin.inviteDisabled'))
249
-
} catch (e) {
250
-
toast.error(e instanceof ApiError ? e.message : $_('admin.failedToDisableInvite'))
251
-
}
252
-
}
253
-
254
async function showUserDetail(user: User) {
255
selectedUser = user
256
userDetailLoading = true
···
467
{/if}
468
</section>
469
470
-
<section class="invites-section">
471
-
<h3>{$_('admin.inviteCodes')}</h3>
472
-
<div class="section-actions">
473
-
<button onclick={() => loadInvites(true)} disabled={invitesLoading}>
474
-
{invitesLoading ? $_('common.loading') : showInvites ? $_('admin.refresh') : $_('admin.loadInviteCodes')}
475
-
</button>
476
-
</div>
477
-
{#if showInvites}
478
-
{#if invites.length === 0}
479
-
<p class="empty">{$_('admin.noInvites')}</p>
480
-
{:else}
481
-
<ul class="invite-list">
482
-
{#each invites as invite}
483
-
<li class="invite-item" class:disabled-row={invite.disabled}>
484
-
<div class="invite-info">
485
-
<code class="invite-code">{invite.code}</code>
486
-
<span class="invite-meta">
487
-
{$_('admin.available')}: {invite.available} - {$_('admin.uses')}: {invite.uses.length} - {$_('admin.created')}: {formatDate(invite.createdAt)}
488
-
</span>
489
-
</div>
490
-
<div class="invite-status">
491
-
{#if invite.disabled}
492
-
<span class="badge deactivated">{$_('admin.disabled')}</span>
493
-
{:else if invite.available === 0}
494
-
<span class="badge unverified">{$_('admin.exhausted')}</span>
495
-
{:else}
496
-
<span class="badge verified">{$_('admin.active')}</span>
497
-
{/if}
498
-
</div>
499
-
<div class="invite-actions">
500
-
{#if !invite.disabled}
501
-
<button class="action-btn danger" onclick={() => disableInvite(invite.code)}>
502
-
{$_('admin.disable')}
503
-
</button>
504
-
{/if}
505
-
</div>
506
-
</li>
507
-
{/each}
508
-
</ul>
509
-
{#if invitesCursor}
510
-
<button type="button" class="load-more" onclick={() => loadInvites(false)} disabled={invitesLoading}>
511
-
{invitesLoading ? $_('common.loading') : $_('admin.loadMore')}
512
-
</button>
513
-
{/if}
514
-
{/if}
515
-
{/if}
516
-
</section>
517
</div>
518
519
{#if selectedUser}
···
857
.badge.unverified {
858
background: var(--bg-tertiary);
859
color: var(--text-secondary);
860
-
}
861
-
862
-
.section-actions {
863
-
margin-bottom: var(--space-4);
864
-
}
865
-
866
-
.invite-list {
867
-
list-style: none;
868
-
padding: 0;
869
-
margin: 0;
870
-
display: flex;
871
-
flex-direction: column;
872
-
gap: var(--space-2);
873
-
}
874
-
875
-
.invite-item {
876
-
display: flex;
877
-
align-items: center;
878
-
padding: var(--space-3);
879
-
background: var(--bg-card);
880
-
border: 1px solid var(--border-color);
881
-
border-radius: var(--radius-md);
882
-
gap: var(--space-3);
883
-
}
884
-
885
-
.invite-item.disabled-row {
886
-
opacity: 0.6;
887
-
}
888
-
889
-
.invite-info {
890
-
flex: 1;
891
-
min-width: 0;
892
-
}
893
-
894
-
.invite-code {
895
-
display: block;
896
-
font-family: var(--font-mono);
897
-
font-size: var(--text-sm);
898
-
}
899
-
900
-
.invite-meta {
901
-
font-size: var(--text-xs);
902
-
color: var(--text-secondary);
903
-
}
904
-
905
-
.invite-status {
906
-
flex-shrink: 0;
907
-
}
908
-
909
-
.invite-actions {
910
-
flex-shrink: 0;
911
-
}
912
-
913
-
.action-btn {
914
-
padding: var(--space-2) var(--space-3);
915
-
font-size: var(--text-sm);
916
-
border-radius: var(--radius-md);
917
-
cursor: pointer;
918
-
}
919
-
920
-
.action-btn.danger {
921
-
background: transparent;
922
-
border: 1px solid var(--error-border);
923
-
color: var(--error-text);
924
-
}
925
-
926
-
.action-btn.danger:hover {
927
-
background: var(--error-bg);
928
}
929
930
.modal-overlay {
···
35
invitesDisabled?: boolean
36
}
37
38
let stats = $state<ServerStats | null>(null)
39
let users = $state<User[]>([])
40
let loading = $state(true)
41
let usersLoading = $state(false)
42
let searchQuery = $state('')
43
let usersCursor = $state<string | undefined>(undefined)
44
45
let selectedUser = $state<User | null>(null)
46
let userActionLoading = $state(false)
···
204
logoChanged
205
}
206
207
async function showUserDetail(user: User) {
208
selectedUser = user
209
userDetailLoading = true
···
420
{/if}
421
</section>
422
423
</div>
424
425
{#if selectedUser}
···
763
.badge.unverified {
764
background: var(--bg-tertiary);
765
color: var(--text-secondary);
766
}
767
768
.modal-overlay {
+38
-2
frontend/src/components/dashboard/InviteCodesContent.svelte
+38
-2
frontend/src/components/dashboard/InviteCodesContent.svelte
···
5
import { toast } from '../../lib/toast.svelte'
6
import { formatDate } from '../../lib/date'
7
import type { Session } from '../../lib/types/api'
8
9
interface Props {
10
session: Session
···
15
let codes = $state<InviteCode[]>([])
16
let loading = $state(true)
17
let creating = $state(false)
18
let createdCode = $state<string | null>(null)
19
let createdCodeCopied = $state(false)
20
let copiedCode = $state<string | null>(null)
···
60
}
61
}
62
63
function copyCode(code: string) {
64
navigator.clipboard.writeText(code)
65
copiedCode = code
···
96
<section class="list-section">
97
<h2>{$_('inviteCodes.yourCodes')}</h2>
98
{#if loading}
99
-
<div class="loading">{$_('common.loading')}</div>
100
{:else if codes.length === 0}
101
<p class="empty">{$_('inviteCodes.noCodes')}</p>
102
{:else}
···
174
margin: 0 0 var(--space-4) 0;
175
}
176
177
-
.loading,
178
.empty {
179
color: var(--text-secondary);
180
padding: var(--space-6);
···
195
background: var(--bg-secondary);
196
border: 1px solid var(--border-color);
197
border-radius: var(--radius-lg);
198
}
199
200
.code-item.disabled {
···
221
}
222
223
.copy-btn {
224
flex-shrink: 0;
225
}
226
···
5
import { toast } from '../../lib/toast.svelte'
6
import { formatDate } from '../../lib/date'
7
import type { Session } from '../../lib/types/api'
8
+
import Skeleton from '../Skeleton.svelte'
9
10
interface Props {
11
session: Session
···
16
let codes = $state<InviteCode[]>([])
17
let loading = $state(true)
18
let creating = $state(false)
19
+
let disablingCode = $state<string | null>(null)
20
let createdCode = $state<string | null>(null)
21
let createdCodeCopied = $state(false)
22
let copiedCode = $state<string | null>(null)
···
62
}
63
}
64
65
+
async function disableCode(code: string) {
66
+
if (!confirm($_('inviteCodes.disableConfirm', { values: { code } }))) return
67
+
disablingCode = code
68
+
try {
69
+
await api.disableInviteCodes(session.accessJwt, [code])
70
+
codes = codes.map(c => c.code === code ? { ...c, disabled: true } : c)
71
+
toast.success($_('inviteCodes.disableSuccess'))
72
+
} catch (e) {
73
+
toast.error(e instanceof ApiError ? e.message : $_('inviteCodes.disableFailed'))
74
+
} finally {
75
+
disablingCode = null
76
+
}
77
+
}
78
+
79
function copyCode(code: string) {
80
navigator.clipboard.writeText(code)
81
copiedCode = code
···
112
<section class="list-section">
113
<h2>{$_('inviteCodes.yourCodes')}</h2>
114
{#if loading}
115
+
<ul class="code-list">
116
+
{#each Array(3) as _}
117
+
<li class="code-item skeleton-item">
118
+
<div class="code-main">
119
+
<Skeleton variant="line" size="medium" />
120
+
</div>
121
+
<div class="code-meta">
122
+
<Skeleton variant="line" size="short" />
123
+
<Skeleton variant="line" size="tiny" />
124
+
</div>
125
+
</li>
126
+
{/each}
127
+
</ul>
128
{:else if codes.length === 0}
129
<p class="empty">{$_('inviteCodes.noCodes')}</p>
130
{:else}
···
202
margin: 0 0 var(--space-4) 0;
203
}
204
205
.empty {
206
color: var(--text-secondary);
207
padding: var(--space-6);
···
222
background: var(--bg-secondary);
223
border: 1px solid var(--border-color);
224
border-radius: var(--radius-lg);
225
+
}
226
+
227
+
.skeleton-item {
228
+
pointer-events: none;
229
}
230
231
.code-item.disabled {
···
252
}
253
254
.copy-btn {
255
+
flex-shrink: 0;
256
+
}
257
+
258
+
.danger-text {
259
+
color: var(--error-text);
260
flex-shrink: 0;
261
}
262
+146
-30
frontend/src/lib/migration/plc-ops.ts
+146
-30
frontend/src/lib/migration/plc-ops.ts
···
7
import {
8
P256PrivateKey,
9
parsePrivateMultikey,
10
Secp256k1PrivateKey,
11
Secp256k1PrivateKeyExportable,
12
} from "@atcute/crypto";
13
import * as CBOR from "@atcute/cbor";
14
-
import { fromBase16, toBase64Url } from "@atcute/multibase";
15
16
export type PrivateKey = P256PrivateKey | Secp256k1PrivateKey;
17
···
36
sig?: string;
37
}
38
39
const jsonToB64Url = (obj: unknown): string => {
40
const enc = new TextEncoder();
41
const json = JSON.stringify(obj);
···
88
89
async getKeyPair(
90
privateKeyString: string,
91
-
type: "secp256k1" | "p256" = "secp256k1",
92
): Promise<KeypairInfo> {
93
-
const HEX_REGEX = /^[0-9a-f]+$/i;
94
-
const MULTIKEY_REGEX = /^z[a-km-zA-HJ-NP-Z1-9]+$/;
95
-
let keypair: PrivateKey | undefined;
96
97
-
const trimmed = privateKeyString.trim();
98
99
-
if (HEX_REGEX.test(trimmed) && trimmed.length === 64) {
100
-
const privateKeyBytes = fromBase16(trimmed);
101
-
if (type === "p256") {
102
-
keypair = await P256PrivateKey.importRaw(privateKeyBytes);
103
-
} else {
104
-
keypair = await Secp256k1PrivateKey.importRaw(privateKeyBytes);
105
-
}
106
-
} else if (MULTIKEY_REGEX.test(trimmed)) {
107
-
const match = parsePrivateMultikey(trimmed);
108
-
const privateKeyBytes = match.privateKeyBytes;
109
-
if (match.type === "p256") {
110
-
keypair = await P256PrivateKey.importRaw(privateKeyBytes);
111
-
} else if (match.type === "secp256k1") {
112
-
keypair = await Secp256k1PrivateKey.importRaw(privateKeyBytes);
113
-
} else {
114
-
throw new Error(
115
-
`Unsupported key type: ${(match as { type: string }).type}`,
116
-
);
117
-
}
118
-
} else {
119
throw new Error(
120
-
"Invalid key format. Expected 64-char hex or multikey format.",
121
);
122
}
123
124
-
if (!keypair) {
125
-
throw new Error("Failed to parse private key");
126
-
}
127
128
return {
129
type: "private_key",
···
7
import {
8
P256PrivateKey,
9
parsePrivateMultikey,
10
+
parsePublicMultikey,
11
Secp256k1PrivateKey,
12
Secp256k1PrivateKeyExportable,
13
} from "@atcute/crypto";
14
import * as CBOR from "@atcute/cbor";
15
+
import {
16
+
fromBase16,
17
+
fromBase58Btc,
18
+
fromBase64Url,
19
+
toBase64Url,
20
+
} from "@atcute/multibase";
21
22
export type PrivateKey = P256PrivateKey | Secp256k1PrivateKey;
23
···
42
sig?: string;
43
}
44
45
+
type KeyCurve = "secp256k1" | "p256";
46
+
47
+
const HEX_PRIVATE_KEY_REGEX = /^[0-9a-f]{64}$/i;
48
+
const BASE58BTC_CHARSET_REGEX = /^[a-km-zA-HJ-NP-Z1-9]+$/;
49
+
50
+
const importRawBytes = (
51
+
bytes: Uint8Array,
52
+
curve: KeyCurve,
53
+
): Promise<PrivateKey> =>
54
+
curve === "p256"
55
+
? P256PrivateKey.importRaw(bytes)
56
+
: Secp256k1PrivateKey.importRaw(bytes);
57
+
58
+
const importFromMultikeyMatch = (
59
+
match: ReturnType<typeof parsePrivateMultikey>,
60
+
): Promise<PrivateKey> =>
61
+
match.type === "p256"
62
+
? P256PrivateKey.importRaw(match.privateKeyBytes)
63
+
: Secp256k1PrivateKey.importRaw(match.privateKeyBytes);
64
+
65
+
const importJwk = async (
66
+
json: string,
67
+
_curve: KeyCurve,
68
+
): Promise<PrivateKey> => {
69
+
const parsed: unknown = JSON.parse(json);
70
+
if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
71
+
throw new Error("Invalid JWK: expected a JSON object");
72
+
}
73
+
const jwk = parsed as Record<string, unknown>;
74
+
75
+
if (jwk.kty !== "EC") {
76
+
throw new Error(
77
+
`Unsupported JWK key type: ${
78
+
String(jwk.kty)
79
+
}. Only EC keys are supported`,
80
+
);
81
+
}
82
+
83
+
if (typeof jwk.d !== "string") {
84
+
throw new Error(
85
+
"This JWK is a public key (missing 'd' parameter). The private key JWK is required",
86
+
);
87
+
}
88
+
89
+
const detectedCurve: KeyCurve = (() => {
90
+
switch (jwk.crv) {
91
+
case "secp256k1":
92
+
return "secp256k1";
93
+
case "P-256":
94
+
return "p256";
95
+
default:
96
+
throw new Error(
97
+
`Unsupported JWK curve: ${
98
+
String(jwk.crv)
99
+
}. Expected secp256k1 or P-256`,
100
+
);
101
+
}
102
+
})();
103
+
104
+
const privateKeyBytes = fromBase64Url(jwk.d);
105
+
return importRawBytes(privateKeyBytes, detectedCurve);
106
+
};
107
+
108
+
const importMultikeyOrBase58 = (
109
+
input: string,
110
+
curve: KeyCurve,
111
+
): Promise<PrivateKey> => {
112
+
try {
113
+
const match = parsePrivateMultikey(input);
114
+
return importFromMultikeyMatch(match);
115
+
} catch {
116
+
try {
117
+
parsePublicMultikey(input);
118
+
throw new Error(
119
+
"This is a public multikey. The private key multikey is required",
120
+
);
121
+
} catch (publicErr) {
122
+
if (
123
+
publicErr instanceof Error &&
124
+
publicErr.message.includes("public multikey")
125
+
) {
126
+
throw publicErr;
127
+
}
128
+
}
129
+
130
+
try {
131
+
return importBase58Raw(input, curve);
132
+
} catch {
133
+
return importBase58Raw(input.slice(1), curve);
134
+
}
135
+
}
136
+
};
137
+
138
+
const importBase58Raw = (
139
+
input: string,
140
+
curve: KeyCurve,
141
+
): Promise<PrivateKey> => {
142
+
const bytes = fromBase58Btc(input);
143
+
if (bytes.length !== 32) {
144
+
throw new Error(
145
+
`Invalid base58 key: decoded to ${bytes.length} bytes, expected 32`,
146
+
);
147
+
}
148
+
return importRawBytes(bytes, curve);
149
+
};
150
+
151
+
const detectAndImportPrivateKey = (
152
+
input: string,
153
+
curve: KeyCurve,
154
+
): Promise<PrivateKey> => {
155
+
if (input.startsWith("{")) {
156
+
return importJwk(input, curve);
157
+
}
158
+
159
+
if (HEX_PRIVATE_KEY_REGEX.test(input)) {
160
+
return importRawBytes(fromBase16(input.toLowerCase()), curve);
161
+
}
162
+
163
+
if (input.startsWith("z")) {
164
+
return importMultikeyOrBase58(input, curve);
165
+
}
166
+
167
+
if (BASE58BTC_CHARSET_REGEX.test(input)) {
168
+
return importBase58Raw(input, curve);
169
+
}
170
+
171
+
throw new Error(
172
+
"Unrecognized key format. Expected hex, base58, multikey, or JWK",
173
+
);
174
+
};
175
+
176
const jsonToB64Url = (obj: unknown): string => {
177
const enc = new TextEncoder();
178
const json = JSON.stringify(obj);
···
225
226
async getKeyPair(
227
privateKeyString: string,
228
+
type: KeyCurve = "secp256k1",
229
): Promise<KeypairInfo> {
230
+
const trimmed = privateKeyString.trim();
231
232
+
if (trimmed.length === 0) {
233
+
throw new Error("Private key is required");
234
+
}
235
236
+
if (trimmed.startsWith("did:key:")) {
237
throw new Error(
238
+
"This is a did:key public key identifier. The private key is required",
239
);
240
}
241
242
+
const keypair = await detectAndImportPrivateKey(trimmed, type);
243
244
return {
245
type: "private_key",
+4
-11
frontend/src/locales/en.json
+4
-11
frontend/src/locales/en.json
···
323
"disabled": "Disabled",
324
"created": "Invite Code Created",
325
"copy": "Copy",
326
"createdOn": "Created {date}"
327
},
328
"security": {
···
504
"status": "Status",
505
"created": "Created",
506
"loadMore": "Load More",
507
-
"inviteCodes": "Invite Codes",
508
-
"loadInviteCodes": "Load Invite Codes",
509
-
"refresh": "Refresh",
510
-
"noInvites": "No invite codes found",
511
-
"available": "Available",
512
-
"uses": "Uses",
513
-
"disable": "Disable",
514
-
"disableInviteConfirm": "Disable invite code {code}?",
515
-
"active": "Active",
516
-
"exhausted": "Exhausted",
517
"disabled": "Disabled",
518
"userDetails": "User Details",
519
"did": "DID",
···
526
"verified": "Verified",
527
"unverified": "Unverified",
528
"deactivated": "Deactivated",
529
-
"inviteDisabled": "Invite code disabled",
530
"invitesEnabled": "User invites enabled",
531
"invitesDisabled": "User invites disabled",
532
"userDeleted": "User account deleted",
···
323
"disabled": "Disabled",
324
"created": "Invite Code Created",
325
"copy": "Copy",
326
+
"disable": "Disable",
327
+
"disableConfirm": "Disable invite code {code}?",
328
+
"disableSuccess": "Invite code disabled",
329
+
"disableFailed": "Failed to disable invite code",
330
"createdOn": "Created {date}"
331
},
332
"security": {
···
508
"status": "Status",
509
"created": "Created",
510
"loadMore": "Load More",
511
"disabled": "Disabled",
512
"userDetails": "User Details",
513
"did": "DID",
···
520
"verified": "Verified",
521
"unverified": "Unverified",
522
"deactivated": "Deactivated",
523
"invitesEnabled": "User invites enabled",
524
"invitesDisabled": "User invites disabled",
525
"userDeleted": "User account deleted",
+4
-11
frontend/src/locales/fi.json
+4
-11
frontend/src/locales/fi.json
···
321
"disabled": "Poistettu käytöstä",
322
"created": "Kutsukoodi luotu",
323
"copy": "Kopioi",
324
"createdOn": "Luotu {date}",
325
"loadFailed": "Kutsukoodien lataus epäonnistui",
326
"createFailed": "Kutsukoodin luonti epäonnistui"
···
498
"status": "Tila",
499
"created": "Luotu",
500
"loadMore": "Lataa lisää",
501
-
"inviteCodes": "Kutsukoodit",
502
-
"loadInviteCodes": "Lataa kutsukoodit",
503
-
"refresh": "Päivitä",
504
-
"noInvites": "Kutsukoodeja ei löytynyt",
505
-
"available": "Saatavilla",
506
-
"uses": "Käyttökerrat",
507
-
"disable": "Poista käytöstä",
508
-
"disableInviteConfirm": "Poista kutsukoodi {code} käytöstä?",
509
-
"active": "Aktiivinen",
510
-
"exhausted": "Käytetty loppuun",
511
"disabled": "Poistettu käytöstä",
512
"userDetails": "Käyttäjän tiedot",
513
"did": "DID",
···
526
"failedToLoadUsers": "Käyttäjien lataus epäonnistui",
527
"searchToSeeUsers": "Hae nähdäksesi käyttäjät",
528
"search": "Hae",
529
-
"inviteDisabled": "Kutsukoodi poistettu käytöstä",
530
"invitesEnabled": "Käyttäjäkutsut käytössä",
531
"invitesDisabled": "Käyttäjäkutsut pois käytöstä",
532
"userDeleted": "Käyttäjätili poistettu",
···
321
"disabled": "Poistettu käytöstä",
322
"created": "Kutsukoodi luotu",
323
"copy": "Kopioi",
324
+
"disable": "Poista käytöstä",
325
+
"disableConfirm": "Poista kutsukoodi {code} käytöstä?",
326
+
"disableSuccess": "Kutsukoodi poistettu käytöstä",
327
+
"disableFailed": "Kutsukoodin poistaminen käytöstä epäonnistui",
328
"createdOn": "Luotu {date}",
329
"loadFailed": "Kutsukoodien lataus epäonnistui",
330
"createFailed": "Kutsukoodin luonti epäonnistui"
···
502
"status": "Tila",
503
"created": "Luotu",
504
"loadMore": "Lataa lisää",
505
"disabled": "Poistettu käytöstä",
506
"userDetails": "Käyttäjän tiedot",
507
"did": "DID",
···
520
"failedToLoadUsers": "Käyttäjien lataus epäonnistui",
521
"searchToSeeUsers": "Hae nähdäksesi käyttäjät",
522
"search": "Hae",
523
"invitesEnabled": "Käyttäjäkutsut käytössä",
524
"invitesDisabled": "Käyttäjäkutsut pois käytöstä",
525
"userDeleted": "Käyttäjätili poistettu",
+4
-11
frontend/src/locales/ja.json
+4
-11
frontend/src/locales/ja.json
···
321
"disabled": "無効",
322
"created": "招待コードを作成しました",
323
"copy": "コピー",
324
"createdOn": "{date} に作成",
325
"loadFailed": "招待コードの読み込みに失敗しました",
326
"createFailed": "招待コードの作成に失敗しました"
···
498
"status": "ステータス",
499
"created": "作成日時",
500
"loadMore": "さらに読み込む",
501
-
"inviteCodes": "招待コード",
502
-
"loadInviteCodes": "招待コードを読み込む",
503
-
"refresh": "更新",
504
-
"noInvites": "招待コードが見つかりません",
505
-
"available": "利用可能",
506
-
"uses": "使用回数",
507
-
"disable": "無効化",
508
-
"disableInviteConfirm": "招待コード {code} を無効にしますか?",
509
-
"active": "アクティブ",
510
-
"exhausted": "使用済み",
511
"disabled": "無効",
512
"userDetails": "ユーザー詳細",
513
"did": "DID",
···
526
"failedToLoadUsers": "ユーザーの読み込みに失敗しました",
527
"searchToSeeUsers": "検索してユーザーを表示",
528
"search": "検索",
529
-
"inviteDisabled": "招待コードを無効にしました",
530
"invitesEnabled": "ユーザー招待を有効にしました",
531
"invitesDisabled": "ユーザー招待を無効にしました",
532
"userDeleted": "ユーザーアカウントを削除しました",
···
321
"disabled": "無効",
322
"created": "招待コードを作成しました",
323
"copy": "コピー",
324
+
"disable": "無効化",
325
+
"disableConfirm": "招待コード {code} を無効にしますか?",
326
+
"disableSuccess": "招待コードを無効にしました",
327
+
"disableFailed": "招待コードの無効化に失敗しました",
328
"createdOn": "{date} に作成",
329
"loadFailed": "招待コードの読み込みに失敗しました",
330
"createFailed": "招待コードの作成に失敗しました"
···
502
"status": "ステータス",
503
"created": "作成日時",
504
"loadMore": "さらに読み込む",
505
"disabled": "無効",
506
"userDetails": "ユーザー詳細",
507
"did": "DID",
···
520
"failedToLoadUsers": "ユーザーの読み込みに失敗しました",
521
"searchToSeeUsers": "検索してユーザーを表示",
522
"search": "検索",
523
"invitesEnabled": "ユーザー招待を有効にしました",
524
"invitesDisabled": "ユーザー招待を無効にしました",
525
"userDeleted": "ユーザーアカウントを削除しました",
+4
-11
frontend/src/locales/ko.json
+4
-11
frontend/src/locales/ko.json
···
321
"disabled": "비활성화됨",
322
"created": "초대 코드가 생성되었습니다",
323
"copy": "복사",
324
"createdOn": "{date}에 생성됨",
325
"loadFailed": "초대 코드 로딩 실패",
326
"createFailed": "초대 코드 생성 실패"
···
498
"status": "상태",
499
"created": "생성일",
500
"loadMore": "더 불러오기",
501
-
"inviteCodes": "초대 코드",
502
-
"loadInviteCodes": "초대 코드 불러오기",
503
-
"refresh": "새로고침",
504
-
"noInvites": "초대 코드가 없습니다",
505
-
"available": "사용 가능",
506
-
"uses": "사용 횟수",
507
-
"disable": "비활성화",
508
-
"disableInviteConfirm": "초대 코드 {code}을(를) 비활성화하시겠습니까?",
509
-
"active": "활성",
510
-
"exhausted": "소진됨",
511
"disabled": "비활성화됨",
512
"userDetails": "사용자 세부 정보",
513
"did": "DID",
···
526
"failedToLoadUsers": "사용자 로딩 실패",
527
"searchToSeeUsers": "검색하여 사용자 보기",
528
"search": "검색",
529
-
"inviteDisabled": "초대 코드가 비활성화되었습니다",
530
"invitesEnabled": "사용자 초대가 활성화되었습니다",
531
"invitesDisabled": "사용자 초대가 비활성화되었습니다",
532
"userDeleted": "사용자 계정이 삭제되었습니다",
···
321
"disabled": "비활성화됨",
322
"created": "초대 코드가 생성되었습니다",
323
"copy": "복사",
324
+
"disable": "비활성화",
325
+
"disableConfirm": "초대 코드 {code}을(를) 비활성화하시겠습니까?",
326
+
"disableSuccess": "초대 코드가 비활성화되었습니다",
327
+
"disableFailed": "초대 코드 비활성화 실패",
328
"createdOn": "{date}에 생성됨",
329
"loadFailed": "초대 코드 로딩 실패",
330
"createFailed": "초대 코드 생성 실패"
···
502
"status": "상태",
503
"created": "생성일",
504
"loadMore": "더 불러오기",
505
"disabled": "비활성화됨",
506
"userDetails": "사용자 세부 정보",
507
"did": "DID",
···
520
"failedToLoadUsers": "사용자 로딩 실패",
521
"searchToSeeUsers": "검색하여 사용자 보기",
522
"search": "검색",
523
"invitesEnabled": "사용자 초대가 활성화되었습니다",
524
"invitesDisabled": "사용자 초대가 비활성화되었습니다",
525
"userDeleted": "사용자 계정이 삭제되었습니다",
+4
-11
frontend/src/locales/sv.json
+4
-11
frontend/src/locales/sv.json
···
320
"disabled": "Inaktiverad",
321
"created": "Inbjudningskod skapad",
322
"copy": "Kopiera",
323
"createdOn": "Skapad {date}",
324
"spent": "Förbrukad",
325
"loadFailed": "Kunde inte ladda inbjudningskoder",
···
498
"status": "Status",
499
"created": "Skapad",
500
"loadMore": "Ladda fler",
501
-
"inviteCodes": "Inbjudningskoder",
502
-
"loadInviteCodes": "Ladda inbjudningskoder",
503
-
"refresh": "Uppdatera",
504
-
"noInvites": "Inga inbjudningskoder hittades",
505
-
"available": "Tillgänglig",
506
-
"uses": "Användningar",
507
-
"disable": "Inaktivera",
508
-
"disableInviteConfirm": "Inaktivera inbjudningskod {code}?",
509
-
"active": "Aktiv",
510
-
"exhausted": "Förbrukad",
511
"disabled": "Inaktiverad",
512
"userDetails": "Användardetaljer",
513
"did": "DID",
···
526
"failedToLoadUsers": "Kunde inte ladda användare",
527
"searchToSeeUsers": "Sök för att visa användare",
528
"search": "Sök",
529
-
"inviteDisabled": "Inbjudningskod inaktiverad",
530
"invitesEnabled": "Användarinbjudningar aktiverade",
531
"invitesDisabled": "Användarinbjudningar inaktiverade",
532
"userDeleted": "Användarkonto raderat",
···
320
"disabled": "Inaktiverad",
321
"created": "Inbjudningskod skapad",
322
"copy": "Kopiera",
323
+
"disable": "Inaktivera",
324
+
"disableConfirm": "Inaktivera inbjudningskod {code}?",
325
+
"disableSuccess": "Inbjudningskod inaktiverad",
326
+
"disableFailed": "Kunde inte inaktivera inbjudningskod",
327
"createdOn": "Skapad {date}",
328
"spent": "Förbrukad",
329
"loadFailed": "Kunde inte ladda inbjudningskoder",
···
502
"status": "Status",
503
"created": "Skapad",
504
"loadMore": "Ladda fler",
505
"disabled": "Inaktiverad",
506
"userDetails": "Användardetaljer",
507
"did": "DID",
···
520
"failedToLoadUsers": "Kunde inte ladda användare",
521
"searchToSeeUsers": "Sök för att visa användare",
522
"search": "Sök",
523
"invitesEnabled": "Användarinbjudningar aktiverade",
524
"invitesDisabled": "Användarinbjudningar inaktiverade",
525
"userDeleted": "Användarkonto raderat",
+4
-11
frontend/src/locales/zh.json
+4
-11
frontend/src/locales/zh.json
···
320
"disabled": "已禁用",
321
"created": "邀请码已创建",
322
"copy": "复制",
323
"createdOn": "创建于 {date}",
324
"spent": "已使用",
325
"loadFailed": "加载邀请码失败",
···
500
"status": "状态",
501
"created": "创建时间",
502
"loadMore": "加载更多",
503
-
"inviteCodes": "邀请码",
504
-
"loadInviteCodes": "加载邀请码",
505
-
"refresh": "刷新",
506
-
"noInvites": "暂无邀请码",
507
-
"available": "可用",
508
-
"uses": "使用次数",
509
-
"disable": "禁用",
510
-
"disableInviteConfirm": "禁用邀请码 {code}?",
511
-
"active": "活跃",
512
-
"exhausted": "已用完",
513
"disabled": "已禁用",
514
"userDetails": "用户详情",
515
"did": "DID",
···
526
"failedToLoadUsers": "加载用户失败",
527
"searchToSeeUsers": "搜索以查看用户",
528
"search": "搜索",
529
-
"inviteDisabled": "邀请码已禁用",
530
"invitesEnabled": "用户邀请已启用",
531
"invitesDisabled": "用户邀请已禁用",
532
"userDeleted": "用户账户已删除",
···
320
"disabled": "已禁用",
321
"created": "邀请码已创建",
322
"copy": "复制",
323
+
"disable": "禁用",
324
+
"disableConfirm": "禁用邀请码 {code}?",
325
+
"disableSuccess": "邀请码已禁用",
326
+
"disableFailed": "禁用邀请码失败",
327
"createdOn": "创建于 {date}",
328
"spent": "已使用",
329
"loadFailed": "加载邀请码失败",
···
504
"status": "状态",
505
"created": "创建时间",
506
"loadMore": "加载更多",
507
"disabled": "已禁用",
508
"userDetails": "用户详情",
509
"did": "DID",
···
520
"failedToLoadUsers": "加载用户失败",
521
"searchToSeeUsers": "搜索以查看用户",
522
"search": "搜索",
523
"invitesEnabled": "用户邀请已启用",
524
"invitesDisabled": "用户邀请已禁用",
525
"userDeleted": "用户账户已删除",
+215
-3
frontend/src/tests/migration/plc-ops.test.ts
+215
-3
frontend/src/tests/migration/plc-ops.test.ts
···
1
import { beforeEach, describe, expect, it, vi } from "vitest";
2
import { PlcOps, plcOps } from "../../lib/migration/plc-ops.ts";
3
4
describe("migration/plc-ops", () => {
5
beforeEach(() => {
···
89
90
it("throws for invalid key format", async () => {
91
await expect(plcOps.getKeyPair("not-a-valid-key")).rejects.toThrow(
92
-
"Invalid key format",
93
);
94
});
95
96
it("throws for hex key with wrong length", async () => {
97
-
await expect(plcOps.getKeyPair("abc123")).rejects.toThrow(
98
-
"Invalid key format",
99
);
100
});
101
});
102
···
1
import { beforeEach, describe, expect, it, vi } from "vitest";
2
import { PlcOps, plcOps } from "../../lib/migration/plc-ops.ts";
3
+
import {
4
+
P256PrivateKeyExportable,
5
+
Secp256k1PrivateKeyExportable,
6
+
} from "@atcute/crypto";
7
+
import { fromBase58Btc, toBase58Btc } from "@atcute/multibase";
8
9
describe("migration/plc-ops", () => {
10
beforeEach(() => {
···
94
95
it("throws for invalid key format", async () => {
96
await expect(plcOps.getKeyPair("not-a-valid-key")).rejects.toThrow(
97
+
"Unrecognized key format",
98
);
99
});
100
101
it("throws for hex key with wrong length", async () => {
102
+
await expect(plcOps.getKeyPair("abc123")).rejects.toThrow();
103
+
});
104
+
});
105
+
106
+
describe("getKeyPair - multikey round-trip", () => {
107
+
it("round-trips from createNewSecp256k1Keypair", async () => {
108
+
const { privateKey, publicKey } = await plcOps
109
+
.createNewSecp256k1Keypair();
110
+
111
+
const result = await plcOps.getKeyPair(privateKey);
112
+
113
+
expect(result.didPublicKey).toBe(publicKey);
114
+
});
115
+
116
+
it("produces correct multikey structure (z prefix, codec bytes)", async () => {
117
+
const { privateKey } = await plcOps.createNewSecp256k1Keypair();
118
+
119
+
expect(privateKey.startsWith("z")).toBe(true);
120
+
const decoded = fromBase58Btc(privateKey.slice(1));
121
+
expect(decoded[0]).toBe(0x81);
122
+
expect(decoded[1]).toBe(0x26);
123
+
expect(decoded.length).toBe(34);
124
+
});
125
+
126
+
it("multikey import matches hex import of same raw bytes", async () => {
127
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
128
+
const multikey = await keypair.exportPrivateKey("multikey");
129
+
const rawHex = await keypair.exportPrivateKey("rawHex");
130
+
131
+
const fromMultikey = await plcOps.getKeyPair(multikey);
132
+
const fromHex = await plcOps.getKeyPair(rawHex);
133
+
134
+
expect(fromMultikey.didPublicKey).toBe(fromHex.didPublicKey);
135
+
});
136
+
});
137
+
138
+
describe("getKeyPair - hex format", () => {
139
+
it("accepts uppercase hex", async () => {
140
+
const result = await plcOps.getKeyPair("A".repeat(64));
141
+
142
+
expect(result.type).toBe("private_key");
143
+
expect(result.didPublicKey.startsWith("did:key:")).toBe(true);
144
+
});
145
+
});
146
+
147
+
describe("getKeyPair - JWK format", () => {
148
+
it("imports secp256k1 JWK with d parameter", async () => {
149
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
150
+
const jwk = await keypair.exportPrivateKey("jwk");
151
+
const expectedDid = await keypair.exportPublicKey("did");
152
+
153
+
const result = await plcOps.getKeyPair(JSON.stringify(jwk));
154
+
155
+
expect(result.didPublicKey).toBe(expectedDid);
156
+
});
157
+
158
+
it("imports P-256 JWK with d parameter", async () => {
159
+
const keypair = await P256PrivateKeyExportable.createKeypair();
160
+
const jwk = await keypair.exportPrivateKey("jwk");
161
+
const expectedDid = await keypair.exportPublicKey("did");
162
+
163
+
const result = await plcOps.getKeyPair(JSON.stringify(jwk));
164
+
165
+
expect(result.didPublicKey).toBe(expectedDid);
166
+
});
167
+
168
+
it("rejects JWK without d (public key)", async () => {
169
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
170
+
const jwk = await keypair.exportPublicKey("jwk");
171
+
172
+
await expect(
173
+
plcOps.getKeyPair(JSON.stringify(jwk)),
174
+
).rejects.toThrow("public key");
175
+
});
176
+
177
+
it("rejects unsupported kty", async () => {
178
+
const jwk = { kty: "RSA", n: "abc", e: "AQAB" };
179
+
180
+
await expect(plcOps.getKeyPair(JSON.stringify(jwk))).rejects.toThrow(
181
+
"Unsupported JWK key type",
182
);
183
+
});
184
+
185
+
it("rejects unsupported crv", async () => {
186
+
const jwk = { kty: "EC", crv: "P-384", d: "AAAA", x: "BBBB", y: "CCCC" };
187
+
188
+
await expect(plcOps.getKeyPair(JSON.stringify(jwk))).rejects.toThrow(
189
+
"Unsupported JWK curve",
190
+
);
191
+
});
192
+
193
+
it("rejects malformed JSON", async () => {
194
+
await expect(plcOps.getKeyPair("{not valid json")).rejects.toThrow();
195
+
});
196
+
197
+
it("produces same public key as hex import of same raw bytes", async () => {
198
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
199
+
const jwk = await keypair.exportPrivateKey("jwk");
200
+
const rawHex = await keypair.exportPrivateKey("rawHex");
201
+
202
+
const fromJwk = await plcOps.getKeyPair(JSON.stringify(jwk));
203
+
const fromHex = await plcOps.getKeyPair(rawHex);
204
+
205
+
expect(fromJwk.didPublicKey).toBe(fromHex.didPublicKey);
206
+
});
207
+
});
208
+
209
+
describe("getKeyPair - plain base58 format", () => {
210
+
it("imports base58-encoded 32-byte raw key", async () => {
211
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
212
+
const rawBytes = await keypair.exportPrivateKey("raw");
213
+
const base58 = toBase58Btc(rawBytes);
214
+
const expectedDid = await keypair.exportPublicKey("did");
215
+
216
+
const result = await plcOps.getKeyPair(base58);
217
+
218
+
expect(result.didPublicKey).toBe(expectedDid);
219
+
});
220
+
221
+
it("produces same public key as hex import of same raw bytes", async () => {
222
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
223
+
const rawBytes = await keypair.exportPrivateKey("raw");
224
+
const rawHex = await keypair.exportPrivateKey("rawHex");
225
+
const base58 = toBase58Btc(rawBytes);
226
+
227
+
const fromBase58 = await plcOps.getKeyPair(base58);
228
+
const fromHex = await plcOps.getKeyPair(rawHex);
229
+
230
+
expect(fromBase58.didPublicKey).toBe(fromHex.didPublicKey);
231
+
});
232
+
233
+
it("rejects wrong decoded length", async () => {
234
+
const shortBytes = new Uint8Array(16);
235
+
crypto.getRandomValues(shortBytes);
236
+
const base58Short = toBase58Btc(shortBytes);
237
+
238
+
await expect(plcOps.getKeyPair(base58Short)).rejects.toThrow(
239
+
"expected 32",
240
+
);
241
+
});
242
+
});
243
+
244
+
describe("getKeyPair - cross-format consistency", () => {
245
+
it("hex, multikey, and JWK all produce identical did:key", async () => {
246
+
const keypair = await Secp256k1PrivateKeyExportable.createKeypair();
247
+
const rawHex = await keypair.exportPrivateKey("rawHex");
248
+
const multikey = await keypair.exportPrivateKey("multikey");
249
+
const jwk = await keypair.exportPrivateKey("jwk");
250
+
251
+
const [fromHex, fromMultikey, fromJwk] = await Promise.all([
252
+
plcOps.getKeyPair(rawHex),
253
+
plcOps.getKeyPair(multikey),
254
+
plcOps.getKeyPair(JSON.stringify(jwk)),
255
+
]);
256
+
257
+
expect(fromHex.didPublicKey).toBe(fromMultikey.didPublicKey);
258
+
expect(fromHex.didPublicKey).toBe(fromJwk.didPublicKey);
259
+
});
260
+
261
+
it("hex, multikey, JWK, and base58 all match for P-256", async () => {
262
+
const keypair = await P256PrivateKeyExportable.createKeypair();
263
+
const rawHex = await keypair.exportPrivateKey("rawHex");
264
+
const multikey = await keypair.exportPrivateKey("multikey");
265
+
const jwk = await keypair.exportPrivateKey("jwk");
266
+
const rawBytes = await keypair.exportPrivateKey("raw");
267
+
const base58 = toBase58Btc(rawBytes);
268
+
269
+
const [fromHex, fromMultikey, fromJwk, fromBase58] = await Promise.all([
270
+
plcOps.getKeyPair(rawHex, "p256"),
271
+
plcOps.getKeyPair(multikey),
272
+
plcOps.getKeyPair(JSON.stringify(jwk)),
273
+
plcOps.getKeyPair(base58, "p256"),
274
+
]);
275
+
276
+
expect(fromHex.didPublicKey).toBe(fromMultikey.didPublicKey);
277
+
expect(fromHex.didPublicKey).toBe(fromJwk.didPublicKey);
278
+
expect(fromHex.didPublicKey).toBe(fromBase58.didPublicKey);
279
+
});
280
+
});
281
+
282
+
describe("getKeyPair - error cases", () => {
283
+
it("rejects empty string", async () => {
284
+
await expect(plcOps.getKeyPair("")).rejects.toThrow(
285
+
"Private key is required",
286
+
);
287
+
});
288
+
289
+
it("rejects whitespace-only", async () => {
290
+
await expect(plcOps.getKeyPair(" ")).rejects.toThrow(
291
+
"Private key is required",
292
+
);
293
+
});
294
+
295
+
it("rejects did:key: prefix with helpful error", async () => {
296
+
await expect(
297
+
plcOps.getKeyPair(
298
+
"did:key:zQ3shunBKoL5VRgSEX7RQGQEG3TTo6MPVWvT7tcVjjwZCWMEE",
299
+
),
300
+
).rejects.toThrow("public key");
301
+
});
302
+
303
+
it("rejects unrecognized garbage", async () => {
304
+
await expect(plcOps.getKeyPair("!!!invalid!!!")).rejects.toThrow(
305
+
"Unrecognized key format",
306
+
);
307
+
});
308
+
309
+
it("rejects hex with non-hex chars in 64-char string", async () => {
310
+
const almostHex = "g".repeat(64);
311
+
await expect(plcOps.getKeyPair(almostHex)).rejects.toThrow();
312
});
313
});
314