fediglam/src/main/api.zig

401 lines
13 KiB
Zig
Raw Normal View History

2022-07-13 03:40:48 +00:00
const std = @import("std");
2022-07-13 04:16:33 +00:00
const util = @import("util");
2022-08-02 04:33:23 +00:00
const builtin = @import("builtin");
2022-07-13 03:40:48 +00:00
const db = @import("./db.zig");
2022-07-24 09:01:17 +00:00
const models = @import("./db/models.zig");
2022-07-18 07:37:10 +00:00
pub const DateTime = util.DateTime;
2022-07-13 04:16:33 +00:00
pub const Uuid = util.Uuid;
2022-07-30 06:14:42 +00:00
const Config = @import("./main.zig").Config;
2022-07-13 03:40:48 +00:00
2022-07-22 04:19:08 +00:00
const PwHash = std.crypto.pwhash.scrypt;
const pw_hash_params = PwHash.Params.interactive;
const pw_hash_encoding = .phc;
const pw_hash_buf_size = 128;
2022-07-24 05:19:32 +00:00
const token_len = 20;
2022-07-25 00:04:44 +00:00
const token_str_len = std.base64.standard.Encoder.calcSize(token_len);
2022-07-24 05:19:32 +00:00
2022-07-27 05:02:09 +00:00
const invite_code_len = 16;
const invite_code_str_len = std.base64.url_safe.Encoder.calcSize(invite_code_len);
2022-07-16 18:44:46 +00:00
// Frees an api struct and its fields allocated from alloc
pub fn free(alloc: std.mem.Allocator, val: anytype) void {
2022-07-19 09:22:19 +00:00
switch (@typeInfo(@TypeOf(val))) {
.Pointer => |ptr_info| switch (ptr_info.size) {
.One => {
free(alloc, val.*);
alloc.destroy(val);
},
.Slice => {
for (val) |elem| free(alloc, elem);
alloc.free(val);
},
else => unreachable,
},
.Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)),
.Array => for (val) |elem| free(alloc, elem),
.Optional => if (val) |opt| free(alloc, opt),
.Bool, .Int, .Float, .Enum => {},
else => unreachable,
2022-07-16 18:44:46 +00:00
}
}
2022-08-02 05:18:54 +00:00
pub fn firstIndexOf(str: []const u8, ch: u8) ?usize {
for (str) |c, i| {
if (c == ch) return i;
}
return null;
}
2022-07-13 03:40:48 +00:00
pub fn CreateInfo(comptime T: type) type {
const t_fields = std.meta.fields(T);
var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;
var count = 0;
inline for (t_fields) |f| {
if (std.mem.eql(u8, f.name, "id")) continue;
fields[count] = f;
count += 1;
}
return @Type(.{ .Struct = .{
.layout = .Auto,
.fields = &fields,
.decls = &[0]std.builtin.Type.Declaration{},
.is_tuple = false,
} });
}
2022-07-13 04:16:33 +00:00
fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {
2022-07-13 03:40:48 +00:00
var result: T = undefined;
result.id = id;
inline for (std.meta.fields(CreateInfo(T))) |f| {
@field(result, f.name) = @field(val, f.name);
}
return result;
}
2022-07-26 02:07:05 +00:00
pub const NoteCreateInfo = struct {
2022-07-18 06:11:42 +00:00
content: []const u8,
};
2022-08-02 04:33:23 +00:00
pub const Scheme = models.Community.Scheme;
pub const CommunityCreateOptions = struct {
name: []const u8,
host: []const u8,
};
2022-07-22 04:19:08 +00:00
pub const RegistrationInfo = struct {
username: []const u8,
password: []const u8,
email: ?[]const u8,
2022-07-27 05:30:52 +00:00
invite_code: ?[]const u8,
2022-07-22 04:19:08 +00:00
};
2022-07-26 02:07:05 +00:00
pub const LoginResult = struct {
user_id: Uuid,
token: [token_str_len]u8,
issued_at: DateTime,
};
2022-07-27 06:03:27 +00:00
pub const InviteOptions = struct {
name: []const u8 = "",
max_uses: ?i64 = null,
lifetime: ?i64 = null, // unix seconds, TODO make a TimeSpan type
2022-08-02 04:33:23 +00:00
to_community: ?[]const u8,
2022-07-27 06:03:27 +00:00
};
2022-07-25 00:18:25 +00:00
threadlocal var prng: std.rand.DefaultPrng = undefined;
pub fn initThreadPrng(seed: u64) void {
prng = std.rand.DefaultPrng.init(seed +% std.Thread.getCurrentId());
}
2022-09-05 08:52:49 +00:00
// Returned slice points into buf
fn hashPassword(password: []const u8, alloc: std.mem.Allocator, buf: *[pw_hash_buf_size]u8) ![]const u8 {
return PwHash.strHash(password, .{ .allocator = alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, buf);
}
2022-07-26 02:07:05 +00:00
pub const ApiSource = struct {
2022-07-15 07:27:27 +00:00
db: db.Database,
2022-07-22 04:19:08 +00:00
internal_alloc: std.mem.Allocator,
2022-07-30 06:14:42 +00:00
config: Config,
2022-07-15 00:58:08 +00:00
2022-07-26 02:07:05 +00:00
pub const Conn = ApiConn(db.Database);
2022-09-05 08:52:49 +00:00
const root_username = "root";
const root_id = Uuid.nil;
const root_password_envvar = "CLUSTER_ROOT_PASSWORD";
2022-09-05 09:15:16 +00:00
const cluster_community_id = Uuid.nil;
2022-09-05 08:52:49 +00:00
2022-07-30 06:14:42 +00:00
pub fn init(alloc: std.mem.Allocator, cfg: Config) !ApiSource {
2022-09-05 08:52:49 +00:00
var self = ApiSource{
.db = try db.Database.init(),
.internal_alloc = alloc,
.config = cfg,
};
2022-07-13 14:42:30 +00:00
2022-09-05 08:52:49 +00:00
if ((try self.db.execRow2(&.{i64}, "SELECT 1 FROM user WHERE id = ? LIMIT 1;", .{root_id}, null)) == null) {
std.log.info("No cluster root user detected. Creating...", .{});
const root_password = std.os.getenv(root_password_envvar) orelse {
std.log.err(
"No root user created and no password specified. Please provide the password for the root user by the ${s} environment variable for initial startup.",
.{root_password_envvar},
);
@panic("No root password provided");
};
2022-09-05 07:03:31 +00:00
2022-09-05 08:52:49 +00:00
var buf: [pw_hash_buf_size]u8 = undefined;
const hash = try hashPassword(root_password, self.internal_alloc, &buf);
2022-09-05 09:15:16 +00:00
try self.db.insert2("community", .{
.id = cluster_community_id,
.name = "Cluster System Pseudocommunity",
.host = cfg.cluster_host,
.scheme = cfg.cluster_scheme,
});
2022-09-05 08:52:49 +00:00
try self.db.insert2("user", .{
.id = root_id,
.username = root_username,
2022-09-05 09:15:16 +00:00
.community_id = cluster_community_id,
2022-09-05 08:52:49 +00:00
});
try self.db.insert2("local_user", .{
.user_id = root_id,
.hashed_password = hash,
.invite_id = null,
.email = null,
});
2022-07-13 14:42:30 +00:00
}
2022-09-05 08:52:49 +00:00
return self;
2022-07-17 23:21:03 +00:00
}
2022-09-05 08:52:49 +00:00
pub fn connectUnauthorized(self: *ApiSource, host: []const u8, alloc: std.mem.Allocator) !Conn {
2022-08-02 06:35:56 +00:00
const community_id = blk: {
2022-09-05 08:52:49 +00:00
const result = try self.db.execRow2(&.{Uuid}, "SELECT id FROM community WHERE host = ?", .{host}, null);
if (result) |r| break :blk r[0];
2022-08-02 06:35:56 +00:00
break :blk null;
};
2022-09-05 08:52:49 +00:00
if (community_id == null and !util.ciutf8.eql(self.config.cluster_host, host)) {
return error.NoCommunity;
}
2022-07-26 02:07:05 +00:00
return Conn{
.db = self.db,
.internal_alloc = self.internal_alloc,
.as_user = null,
2022-08-02 06:35:56 +00:00
.on_community = community_id,
2022-07-26 02:07:05 +00:00
.arena = std.heap.ArenaAllocator.init(alloc),
};
}
2022-09-05 08:52:49 +00:00
pub fn connectToken(self: *ApiSource, host: []const u8, token: []const u8, alloc: std.mem.Allocator) !Conn {
2022-08-02 06:35:56 +00:00
var conn = try self.connectUnauthorized(host, alloc);
errdefer conn.close();
2022-07-25 00:04:44 +00:00
const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(token) catch return error.InvalidToken;
if (decoded_len != token_len) return error.InvalidToken;
2022-07-17 23:21:03 +00:00
2022-07-25 00:04:44 +00:00
var decoded: [token_len]u8 = undefined;
std.base64.standard.Decoder.decode(&decoded, token) catch return error.InvalidToken;
2022-07-17 23:21:03 +00:00
2022-07-25 00:04:44 +00:00
var hash: models.ByteArray(models.Token.hash_len) = undefined;
models.Token.HashFn.hash(&decoded, &hash.data, .{});
2022-08-02 06:35:56 +00:00
const db_token = (try self.db.getBy(models.Token, .hash, hash, conn.arena.allocator())) orelse return error.InvalidToken;
2022-09-05 09:15:16 +00:00
//const token_result = try self.db.execRow2(
//&.{Uuid},
//\\SELECT user.id
//\\FROM token
//\\ JOIN user ON token.user_id = user.id
//\\ JOIN community ON
//);
2022-09-05 07:03:31 +00:00
//const token_result = (try self.db.execRow2(
//&.{Uuid},
//"SELECT id FROM token WHERE hash = ?",
//.{hash},
//null,
//)) orelse return error.InvalidToken;
//conn.as_user = token_result[0];
2022-08-02 06:35:56 +00:00
conn.as_user = db_token.user_id;
2022-07-17 23:21:03 +00:00
2022-08-02 06:35:56 +00:00
return conn;
2022-07-13 03:40:48 +00:00
}
2022-07-26 02:07:05 +00:00
};
2022-07-13 03:40:48 +00:00
2022-07-26 02:07:05 +00:00
fn ApiConn(comptime DbConn: type) type {
return struct {
const Self = @This();
2022-07-18 07:37:10 +00:00
2022-07-26 02:07:05 +00:00
db: DbConn,
internal_alloc: std.mem.Allocator, // used *only* for large, internal buffers
as_user: ?Uuid,
2022-08-02 06:35:56 +00:00
on_community: ?Uuid,
2022-07-26 02:07:05 +00:00
arena: std.heap.ArenaAllocator,
2022-07-18 06:11:42 +00:00
2022-07-26 02:07:05 +00:00
pub fn close(self: *Self) void {
self.arena.deinit();
}
2022-07-18 06:11:42 +00:00
2022-08-02 04:33:23 +00:00
fn getAuthenticatedUser(self: *Self) !models.User {
if (self.as_user) |id| {
const user = try self.db.getBy(models.User, .id, id, self.arena.allocator());
if (user == null) return error.NotAuthorized;
return user.?;
} else {
return error.NotAuthorized;
}
}
2022-07-30 05:46:00 +00:00
fn getAuthenticatedLocalUser(self: *Self) !models.LocalUser {
2022-07-26 02:07:05 +00:00
if (self.as_user) |user_id| {
2022-07-30 05:46:00 +00:00
const local_user = try self.db.getBy(models.LocalUser, .user_id, user_id, self.arena.allocator());
if (local_user == null) return error.NotAuthorized;
2022-07-13 05:35:39 +00:00
2022-07-26 02:07:05 +00:00
return local_user.?;
} else {
2022-07-30 05:46:00 +00:00
return error.NotAuthorized;
2022-07-26 02:07:05 +00:00
}
2022-07-16 19:30:47 +00:00
}
2022-07-13 04:56:47 +00:00
2022-07-26 02:07:05 +00:00
fn getAuthenticatedActor(self: *Self) !models.Actor {
2022-07-30 05:46:00 +00:00
return if (self.as_user) |user_id|
(try self.db.getBy(models.Actor, .user_id, user_id, self.arena.allocator())) orelse error.NotAuthorized
else
error.NotAuthorized;
2022-07-22 04:19:08 +00:00
}
2022-07-26 02:07:05 +00:00
pub fn login(self: *Self, username: []const u8, password: []const u8) !LoginResult {
// TODO: This gives away the existence of a user through a timing side channel. is that acceptable?
2022-09-05 07:03:31 +00:00
//const user_info = (try self.db.getBy(models.User, .username, username, self.arena.allocator())) orelse return error.InvalidLogin;
//const local_user_info = (try self.db.getBy(models.LocalUser, .user_id, user_info.id, self.arena.allocator())) orelse return error.InvalidLogin;
const user_info = (try self.db.execRow2(
&.{ Uuid, []const u8 },
\\SELECT user.id, local_user.hashed_password
\\FROM user JOIN local_user ON local_user.user_id = user.id
\\WHERE user.username = ?
,
.{username},
self.arena.allocator(),
)) orelse return error.InvalidLogin;
const user_id = user_info[0];
const hashed_password = user_info[1];
2022-07-26 02:07:05 +00:00
//defer free(self.arena.allocator(), user_info);
2022-07-19 07:07:01 +00:00
2022-07-26 02:07:05 +00:00
const Hash = std.crypto.pwhash.scrypt;
2022-09-05 07:03:31 +00:00
Hash.strVerify(hashed_password, password, .{ .allocator = self.internal_alloc }) catch |err| switch (err) {
2022-07-26 02:07:05 +00:00
error.PasswordVerificationFailed => return error.InvalidLogin,
else => return err,
};
2022-07-21 05:26:13 +00:00
2022-09-05 07:03:31 +00:00
const token = try self.createToken(user_id);
2022-07-19 07:07:01 +00:00
2022-07-26 02:07:05 +00:00
var token_enc: [token_str_len]u8 = undefined;
_ = std.base64.standard.Encoder.encode(&token_enc, &token.value);
return LoginResult{
2022-09-05 07:03:31 +00:00
.user_id = user_id,
2022-07-26 02:07:05 +00:00
.token = token_enc,
.issued_at = token.info.issued_at,
};
}
const TokenResult = struct {
info: models.Token,
value: [token_len]u8,
};
2022-07-30 05:46:00 +00:00
fn createToken(self: *Self, user_id: Uuid) !TokenResult {
2022-07-26 02:07:05 +00:00
var token: [token_len]u8 = undefined;
std.crypto.random.bytes(&token);
var hash: [models.Token.hash_len]u8 = undefined;
models.Token.HashFn.hash(&token, &hash, .{});
const db_token = models.Token{
.id = Uuid.randV4(prng.random()),
.hash = .{ .data = hash },
2022-07-30 05:46:00 +00:00
.user_id = user_id,
2022-07-26 02:07:05 +00:00
.issued_at = DateTime.now(),
};
2022-09-05 07:03:31 +00:00
try self.db.insert2("token", db_token);
2022-07-26 02:07:05 +00:00
return TokenResult{
.info = db_token,
.value = token,
};
}
2022-07-27 05:02:09 +00:00
pub fn createInvite(self: *Self, options: InviteOptions) !models.Invite {
const id = Uuid.randV4(prng.random());
2022-08-02 04:33:23 +00:00
const user = try self.getAuthenticatedUser();
// Users can only make invites to their own community, unless they
// are system users
const community_id = if (options.to_community) |host| blk: {
2022-09-05 07:03:31 +00:00
const desired_community = (try self.db.execRow2(
&.{Uuid},
"SELECT id FROM community WHERE host = ?",
.{host},
null,
)) orelse return error.CommunityNotFound;
if (user.community_id != null and !Uuid.eql(desired_community[0], user.community_id.?)) {
2022-08-02 04:33:23 +00:00
return error.WrongCommunity;
}
2022-09-05 07:03:31 +00:00
break :blk desired_community[0];
2022-08-02 04:33:23 +00:00
} else null;
2022-09-05 07:03:31 +00:00
if (user.community_id != null and community_id == null) {
2022-08-02 04:33:23 +00:00
return error.WrongCommunity;
}
2022-07-27 05:02:09 +00:00
var code: [invite_code_len]u8 = undefined;
std.crypto.random.bytes(&code);
var code_str = try self.arena.allocator().alloc(u8, invite_code_str_len);
_ = std.base64.url_safe.Encoder.encode(code_str, &code);
const now = DateTime.now();
const expires_at = if (options.lifetime) |lifetime| DateTime{
.seconds_since_epoch = lifetime + now.seconds_since_epoch,
} else null;
const invite = models.Invite{
.id = id,
.name = try self.arena.allocator().dupe(u8, options.name),
2022-08-02 04:33:23 +00:00
.created_by = user.id,
2022-07-27 05:02:09 +00:00
.invite_code = code_str,
2022-08-02 04:33:23 +00:00
.to_community = community_id,
2022-07-27 05:02:09 +00:00
.max_uses = options.max_uses,
.created_at = now,
.expires_at = expires_at,
};
try self.db.insert(models.Invite, invite);
return invite;
}
pub fn getInvite(self: *Self, id: Uuid) !?models.Invite {
return self.db.getBy(models.Invite, .id, id, self.arena.allocator());
}
2022-07-26 02:07:05 +00:00
};
}