fediglam/src/main/api.zig

const std = @import("std");
const util = @import("util");

const db = @import("./db.zig");

pub const models = @import("./models.zig");
pub const DateTime = util.DateTime;
pub const Uuid = util.Uuid;

const PwHash = std.crypto.pwhash.scrypt;
const pw_hash_params = PwHash.Params.interactive;
const pw_hash_encoding = .phc;
const pw_hash_buf_size = 128;

// Frees an api struct and its fields allocated from alloc
pub fn free(alloc: std.mem.Allocator, val: anytype) void {
    switch (@typeInfo(@TypeOf(val))) {
        .Pointer => |ptr_info| switch (ptr_info.size) {
            .One => {
                free(alloc, val.*);
                alloc.destroy(val);
            },
            .Slice => {
                for (val) |elem| free(alloc, elem);
                alloc.free(val);
            },
            else => unreachable,
        },
        .Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)),
        .Array => for (val) |elem| free(alloc, elem),
        .Optional => if (val) |opt| free(alloc, opt),
        .Bool, .Int, .Float, .Enum => {},
        else => unreachable,
    }
}

pub fn CreateInfo(comptime T: type) type {
    const t_fields = std.meta.fields(T);
    var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;
    var count = 0;

    inline for (t_fields) |f| {
        if (std.mem.eql(u8, f.name, "id")) continue;

        fields[count] = f;
        count += 1;
    }

    return @Type(.{ .Struct = .{
        .layout = .Auto,
        .fields = &fields,
        .decls = &[0]std.builtin.Type.Declaration{},
        .is_tuple = false,
    } });
}

fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {
    var result: T = undefined;
    result.id = id;
    inline for (std.meta.fields(CreateInfo(T))) |f| {
        @field(result, f.name) = @field(val, f.name);
    }
    return result;
}

pub const ApiContext = struct {
    user_context: struct {
        user: models.LocalUser,
    },

    alloc: std.mem.Allocator,
};

pub const NoteCreate = struct {
    content: []const u8,
};

pub const RegistrationInfo = struct {
    username: []const u8,
    password: []const u8,
    email: ?[]const u8,
};

pub const ApiServer = struct {
    prng: std.rand.DefaultPrng,
    db: db.Database,
    internal_alloc: std.mem.Allocator,

    pub fn init(alloc: std.mem.Allocator) !ApiServer {
        return ApiServer{
            .prng = std.rand.DefaultPrng.init(@bitCast(u64, std.time.milliTimestamp())),
            .db = try db.Database.init(),
            .internal_alloc = alloc,
        };
    }

    pub fn makeApiContext(self: *ApiServer, token: []const u8, alloc: std.mem.Allocator) !ApiContext {
        if (token.len == 0) return error.InvalidToken;

        const username = token;

        const user = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidToken;

        return ApiContext{
            .user_context = .{
                .user = user,
            },

            .alloc = alloc,
        };
    }

    pub fn createNoteUser(self: *ApiServer, info: NoteCreate, ctx: ApiContext) !models.Note {
        const id = Uuid.randV4(self.prng.random());
        // TODO: check for dupes

        const note = models.Note{
            .id = id,
            .author_id = ctx.user_context.user.actor_id.?,
            .content = info.content,

            .created_at = DateTime.now(),
        };
        try self.db.insert(models.Note, note);

        return note;
    }

    pub fn register(self: *ApiServer, info: RegistrationInfo) !models.Actor {
        const id = Uuid.randV4(self.prng.random());
        // TODO: transaction?

        if (try self.db.existsWhereEq(models.LocalUser, .username, info.username)) {
            return error.UsernameUnavailable;
        }

        if (try self.db.existsWhereEq(models.Actor, .handle, info.username)) {
            return error.InconsistentDb;
        }

        // use internal alloc because necessary buffer is *big*
        var buf: [pw_hash_buf_size]u8 = undefined;
        const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf);
        const now = DateTime.now();

        const actor = models.Actor{
            .id = id,
            .handle = info.username,
            .created_at = now,
        };
        const user = models.LocalUser{
            .actor_id = id,
            .username = info.username,
            .email = info.email,
            .hashed_password = hash,
            .password_changed_at = now,
            .created_at = now,
        };
        try self.db.insert(models.Actor, actor);
        try self.db.insert(models.LocalUser, user);

        // TODO: return token instead
        return actor;
    }

    pub fn login(self: *ApiServer, username: []const u8, password: []const u8, alloc: std.mem.Allocator) !?models.Actor {
        // TODO: This gives away the existence of a user through a timing side channel. is that acceptable?
        const user_info = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidLogin;
        defer free(alloc, user_info);

        const Hash = std.crypto.pwhash.scrypt;
        Hash.strVerify(user_info.hashed_password, password, .{ .allocator = alloc }) catch |err| switch (err) {
            error.PasswordVerificationFailed => return error.InvalidLogin,
            else => return err,
        };

        // TODO: return token instead
        return (try self.db.getBy(models.Actor, .id, user_info.actor_id.?, alloc)) orelse unreachable;
    }

    pub fn getNote(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Note {
        return self.db.getBy(models.Note, .id, id, alloc);
    }

    pub fn getActor(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Actor {
        return self.db.getBy(models.Actor, .id, id, alloc);
    }

    pub fn getActorByHandle(self: *ApiServer, handle: []const u8, alloc: std.mem.Allocator) !?models.Actor {
        return self.db.getBy(models.Actor, .handle, handle, alloc);
    }

    pub fn react(self: *ApiServer, note_id: Uuid, ctx: ApiContext) !void {
        try self.db.insert(models.Reaction, .{ .note_id = note_id, .reactor_id = ctx.user_context.user.actor_id.? });
    }

    pub fn listReacts(self: *ApiServer, note_id: Uuid, ctx: ApiContext) ![]models.Reaction {
        return try self.db.getWhereEq(models.Reaction, .note_id, note_id, ctx.alloc);
    }
};
Basic api server 2022-07-13 03:40:48 +00:00			`const std = @import("std");`
Use Uuids for id 2022-07-13 04:16:33 +00:00			`const util = @import("util");`
Basic api server 2022-07-13 03:40:48 +00:00
			`const db = @import("./db.zig");`

			`pub const models = @import("./models.zig");`
Track creation time for notes 2022-07-18 07:37:10 +00:00			`pub const DateTime = util.DateTime;`
Use Uuids for id 2022-07-13 04:16:33 +00:00			`pub const Uuid = util.Uuid;`
Basic api server 2022-07-13 03:40:48 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`const PwHash = std.crypto.pwhash.scrypt;`
			`const pw_hash_params = PwHash.Params.interactive;`
			`const pw_hash_encoding = .phc;`
			`const pw_hash_buf_size = 128;`

Remove references to memdb 2022-07-16 18:44:46 +00:00			`// Frees an api struct and its fields allocated from alloc`
			`pub fn free(alloc: std.mem.Allocator, val: anytype) void {`
Fully implement api free() 2022-07-19 09:22:19 +00:00			`switch (@typeInfo(@TypeOf(val))) {`
			`.Pointer => \|ptr_info\| switch (ptr_info.size) {`
			`.One => {`
			`free(alloc, val.*);`
			`alloc.destroy(val);`
			`},`
			`.Slice => {`
			`for (val) \|elem\| free(alloc, elem);`
			`alloc.free(val);`
			`},`
			`else => unreachable,`
			`},`
			`.Struct => inline for (std.meta.fields(@TypeOf(val))) \|f\| free(alloc, @field(val, f.name)),`
			`.Array => for (val) \|elem\| free(alloc, elem),`
			`.Optional => if (val) \|opt\| free(alloc, opt),`
			`.Bool, .Int, .Float, .Enum => {},`
			`else => unreachable,`
Remove references to memdb 2022-07-16 18:44:46 +00:00			`}`
			`}`

Basic api server 2022-07-13 03:40:48 +00:00			`pub fn CreateInfo(comptime T: type) type {`
			`const t_fields = std.meta.fields(T);`
			`var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;`
			`var count = 0;`

			`inline for (t_fields) \|f\| {`
			`if (std.mem.eql(u8, f.name, "id")) continue;`

			`fields[count] = f;`
			`count += 1;`
			`}`

			`return @Type(.{ .Struct = .{`
			`.layout = .Auto,`
			`.fields = &fields,`
			`.decls = &[0]std.builtin.Type.Declaration{},`
			`.is_tuple = false,`
			`} });`
			`}`

Use Uuids for id 2022-07-13 04:16:33 +00:00			`fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {`
Basic api server 2022-07-13 03:40:48 +00:00			`var result: T = undefined;`
			`result.id = id;`
			`inline for (std.meta.fields(CreateInfo(T))) \|f\| {`
			`@field(result, f.name) = @field(val, f.name);`
			`}`
			`return result;`
			`}`

Basic reacts 2022-07-19 07:07:01 +00:00			`pub const ApiContext = struct {`
			`user_context: struct {`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`user: models.LocalUser,`
Basic reacts 2022-07-19 07:07:01 +00:00			`},`

			`alloc: std.mem.Allocator,`
Create user contexts 2022-07-17 23:21:03 +00:00			`};`

Collect author id from user context 2022-07-18 06:11:42 +00:00			`pub const NoteCreate = struct {`
			`content: []const u8,`
			`};`

Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub const RegistrationInfo = struct {`
			`username: []const u8,`
			`password: []const u8,`
			`email: ?[]const u8,`
			`};`

Use Uuids for id 2022-07-13 04:16:33 +00:00			`pub const ApiServer = struct {`
			`prng: std.rand.DefaultPrng,`
Store notes in SQLite 2022-07-15 07:27:27 +00:00			`db: db.Database,`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`internal_alloc: std.mem.Allocator,`
Basic sqlite adapter 2022-07-15 00:58:08 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub fn init(alloc: std.mem.Allocator) !ApiServer {`
Basic api server 2022-07-13 03:40:48 +00:00			`return ApiServer{`
Use sql api for users 2022-07-16 18:41:09 +00:00			`.prng = std.rand.DefaultPrng.init(@bitCast(u64, std.time.milliTimestamp())),`
Store notes in SQLite 2022-07-15 07:27:27 +00:00			`.db = try db.Database.init(),`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`.internal_alloc = alloc,`
Basic api server 2022-07-13 03:40:48 +00:00			`};`
Create user contexts 2022-07-17 23:21:03 +00:00			`}`

Basic reacts 2022-07-19 07:07:01 +00:00			`pub fn makeApiContext(self: *ApiServer, token: []const u8, alloc: std.mem.Allocator) !ApiContext {`
Create user contexts 2022-07-17 23:21:03 +00:00			`if (token.len == 0) return error.InvalidToken;`

Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`const username = token;`
Create user contexts 2022-07-17 23:21:03 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`const user = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidToken;`
Create user contexts 2022-07-17 23:21:03 +00:00
Basic reacts 2022-07-19 07:07:01 +00:00			`return ApiContext{`
			`.user_context = .{`
			`.user = user,`
			`},`

			`.alloc = alloc,`
Create user contexts 2022-07-17 23:21:03 +00:00			`};`
Basic api server 2022-07-13 03:40:48 +00:00			`}`

Basic reacts 2022-07-19 07:07:01 +00:00			`pub fn createNoteUser(self: *ApiServer, info: NoteCreate, ctx: ApiContext) !models.Note {`
Collect author id from user context 2022-07-18 06:11:42 +00:00			`const id = Uuid.randV4(self.prng.random());`
			`// TODO: check for dupes`

			`const note = models.Note{`
			`.id = id,`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`.author_id = ctx.user_context.user.actor_id.?,`
Collect author id from user context 2022-07-18 06:11:42 +00:00			`.content = info.content,`
Track creation time for notes 2022-07-18 07:37:10 +00:00
			`.created_at = DateTime.now(),`
Collect author id from user context 2022-07-18 06:11:42 +00:00			`};`
			`try self.db.insert(models.Note, note);`

			`return note;`
			`}`

Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub fn register(self: *ApiServer, info: RegistrationInfo) !models.Actor {`
Add users 2022-07-13 04:56:47 +00:00			`const id = Uuid.randV4(self.prng.random());`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`// TODO: transaction?`
Check users for duplicates 2022-07-13 05:35:39 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`if (try self.db.existsWhereEq(models.LocalUser, .username, info.username)) {`
			`return error.UsernameUnavailable;`
Check user handle is available 2022-07-16 19:30:47 +00:00			`}`
Add users 2022-07-13 04:56:47 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`if (try self.db.existsWhereEq(models.Actor, .handle, info.username)) {`
			`return error.InconsistentDb;`
			`}`

			`// use internal alloc because necessary buffer is big`
			`var buf: [pw_hash_buf_size]u8 = undefined;`
			`const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf);`
			`const now = DateTime.now();`

			`const actor = models.Actor{`
			`.id = id,`
			`.handle = info.username,`
			`.created_at = now,`
			`};`
			`const user = models.LocalUser{`
			`.actor_id = id,`
			`.username = info.username,`
			`.email = info.email,`
			`.hashed_password = hash,`
			`.password_changed_at = now,`
			`.created_at = now,`
			`};`
			`try self.db.insert(models.Actor, actor);`
			`try self.db.insert(models.LocalUser, user);`

			`// TODO: return token instead`
			`return actor;`
			`}`

			`pub fn login(self: *ApiServer, username: []const u8, password: []const u8, alloc: std.mem.Allocator) !?models.Actor {`
			`// TODO: This gives away the existence of a user through a timing side channel. is that acceptable?`
			`const user_info = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidLogin;`
			`defer free(alloc, user_info);`

			`const Hash = std.crypto.pwhash.scrypt;`
			`Hash.strVerify(user_info.hashed_password, password, .{ .allocator = alloc }) catch \|err\| switch (err) {`
			`error.PasswordVerificationFailed => return error.InvalidLogin,`
			`else => return err,`
			`};`
Add users 2022-07-13 04:56:47 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`// TODO: return token instead`
			`return (try self.db.getBy(models.Actor, .id, user_info.actor_id.?, alloc)) orelse unreachable;`
Add users 2022-07-13 04:56:47 +00:00			`}`

Use Uuids for id 2022-07-13 04:16:33 +00:00			`pub fn getNote(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Note {`
Check user handle is available 2022-07-16 19:30:47 +00:00			`return self.db.getBy(models.Note, .id, id, alloc);`
Use sql api for users 2022-07-16 18:41:09 +00:00			`}`

Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub fn getActor(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Actor {`
			`return self.db.getBy(models.Actor, .id, id, alloc);`
Basic api server 2022-07-13 03:40:48 +00:00			`}`
Basic reacts 2022-07-19 07:07:01 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub fn getActorByHandle(self: *ApiServer, handle: []const u8, alloc: std.mem.Allocator) !?models.Actor {`
			`return self.db.getBy(models.Actor, .handle, handle, alloc);`
Basic password auth 2022-07-21 05:26:13 +00:00			`}`

Basic reacts 2022-07-19 07:07:01 +00:00			`pub fn react(self: *ApiServer, note_id: Uuid, ctx: ApiContext) !void {`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`try self.db.insert(models.Reaction, .{ .note_id = note_id, .reactor_id = ctx.user_context.user.actor_id.? });`
Basic reacts 2022-07-19 07:07:01 +00:00			`}`

			`pub fn listReacts(self: *ApiServer, note_id: Uuid, ctx: ApiContext) ![]models.Reaction {`
			`return try self.db.getWhereEq(models.Reaction, .note_id, note_id, ctx.alloc);`
			`}`
Basic api server 2022-07-13 03:40:48 +00:00			`};`