fediglam/src/main/api.zig

const std = @import("std");
const util = @import("util");
const builtin = @import("builtin");

const db = @import("./db.zig");
const models = @import("./db/models.zig");
pub const DateTime = util.DateTime;
pub const Uuid = util.Uuid;
const Config = @import("./main.zig").Config;

const PwHash = std.crypto.pwhash.scrypt;
const pw_hash_params = PwHash.Params.interactive;
const pw_hash_encoding = .phc;
const pw_hash_buf_size = 128;

const token_len = 20;
const token_str_len = std.base64.standard.Encoder.calcSize(token_len);

const invite_code_len = 16;
const invite_code_str_len = std.base64.url_safe.Encoder.calcSize(invite_code_len);

// Frees an api struct and its fields allocated from alloc
pub fn free(alloc: std.mem.Allocator, val: anytype) void {
    switch (@typeInfo(@TypeOf(val))) {
        .Pointer => |ptr_info| switch (ptr_info.size) {
            .One => {
                free(alloc, val.*);
                alloc.destroy(val);
            },
            .Slice => {
                for (val) |elem| free(alloc, elem);
                alloc.free(val);
            },
            else => unreachable,
        },
        .Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)),
        .Array => for (val) |elem| free(alloc, elem),
        .Optional => if (val) |opt| free(alloc, opt),
        .Bool, .Int, .Float, .Enum => {},
        else => unreachable,
    }
}

pub fn firstIndexOf(str: []const u8, ch: u8) ?usize {
    for (str) |c, i| {
        if (c == ch) return i;
    }

    return null;
}

pub fn CreateInfo(comptime T: type) type {
    const t_fields = std.meta.fields(T);
    var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;
    var count = 0;

    inline for (t_fields) |f| {
        if (std.mem.eql(u8, f.name, "id")) continue;

        fields[count] = f;
        count += 1;
    }

    return @Type(.{ .Struct = .{
        .layout = .Auto,
        .fields = &fields,
        .decls = &[0]std.builtin.Type.Declaration{},
        .is_tuple = false,
    } });
}

fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {
    var result: T = undefined;
    result.id = id;
    inline for (std.meta.fields(CreateInfo(T))) |f| {
        @field(result, f.name) = @field(val, f.name);
    }
    return result;
}

pub const NoteCreateInfo = struct {
    content: []const u8,
};

pub const Scheme = models.Community.Scheme;

pub const CommunityCreateOptions = struct {
    name: []const u8,
    host: []const u8,
};

pub const RegistrationInfo = struct {
    username: []const u8,
    password: []const u8,
    email: ?[]const u8,
    invite_code: ?[]const u8,
    community_host: ?[]const u8,
};

pub const LoginResult = struct {
    user_id: Uuid,
    token: [token_str_len]u8,
    issued_at: DateTime,
};

pub const InviteOptions = struct {
    name: []const u8 = "",
    max_uses: ?i64 = null,
    lifetime: ?i64 = null, // unix seconds, TODO make a TimeSpan type
    to_community: ?[]const u8,
};

threadlocal var prng: std.rand.DefaultPrng = undefined;

pub fn initThreadPrng(seed: u64) void {
    prng = std.rand.DefaultPrng.init(seed +% std.Thread.getCurrentId());
}

pub const ApiSource = struct {
    db: db.Database,
    internal_alloc: std.mem.Allocator,
    config: Config,

    pub const Conn = ApiConn(db.Database);

    pub fn init(alloc: std.mem.Allocator, cfg: Config) !ApiSource {
        var my_db = try db.Database.init();

        {
            const row = try my_db.execRow2(
                &.{Uuid},
                "SELECT id FROM user WHERE username = ?",
                .{"heartles"},
                null,
            );

            std.log.debug("{s}", .{row.?[0]});
        }

        return ApiSource{
            //.db = try db.Database.init(),
            .db = my_db,
            .internal_alloc = alloc,
            .config = cfg,
        };
    }

    pub fn connectUnauthorized(self: *ApiSource, host: ?[]const u8, alloc: std.mem.Allocator) !Conn {
        const community_id = blk: {
            if (host) |h| {
                const result = try self.db.execRow2(&.{Uuid}, "SELECT id FROM community WHERE host = ?", .{h}, null);
                if (result) |r| break :blk r[0];
            }

            break :blk null;
        };

        return Conn{
            .db = self.db,
            .internal_alloc = self.internal_alloc,
            .as_user = null,
            .on_community = community_id,
            .arena = std.heap.ArenaAllocator.init(alloc),
        };
    }

    pub fn connectToken(self: *ApiSource, host: ?[]const u8, token: []const u8, alloc: std.mem.Allocator) !Conn {
        var conn = try self.connectUnauthorized(host, alloc);
        errdefer conn.close();

        const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(token) catch return error.InvalidToken;
        if (decoded_len != token_len) return error.InvalidToken;

        var decoded: [token_len]u8 = undefined;
        std.base64.standard.Decoder.decode(&decoded, token) catch return error.InvalidToken;

        var hash: models.ByteArray(models.Token.hash_len) = undefined;
        models.Token.HashFn.hash(&decoded, &hash.data, .{});

        const db_token = (try self.db.getBy(models.Token, .hash, hash, conn.arena.allocator())) orelse return error.InvalidToken;
        //const token_result = (try self.db.execRow2(
        //&.{Uuid},
        //"SELECT id FROM token WHERE hash = ?",
        //.{hash},
        //null,
        //)) orelse return error.InvalidToken;

        //conn.as_user = token_result[0];
        conn.as_user = db_token.user_id;

        return conn;
    }
};

fn ApiConn(comptime DbConn: type) type {
    return struct {
        const Self = @This();

        db: DbConn,
        internal_alloc: std.mem.Allocator, // used *only* for large, internal buffers
        as_user: ?Uuid,
        on_community: ?Uuid,
        arena: std.heap.ArenaAllocator,

        pub fn close(self: *Self) void {
            self.arena.deinit();
        }

        fn getAuthenticatedUser(self: *Self) !models.User {
            if (self.as_user) |id| {
                const user = try self.db.getBy(models.User, .id, id, self.arena.allocator());
                if (user == null) return error.NotAuthorized;

                return user.?;
            } else {
                return error.NotAuthorized;
            }
        }

        fn getAuthenticatedLocalUser(self: *Self) !models.LocalUser {
            if (self.as_user) |user_id| {
                const local_user = try self.db.getBy(models.LocalUser, .user_id, user_id, self.arena.allocator());
                if (local_user == null) return error.NotAuthorized;

                return local_user.?;
            } else {
                return error.NotAuthorized;
            }
        }

        fn getAuthenticatedActor(self: *Self) !models.Actor {
            return if (self.as_user) |user_id|
                (try self.db.getBy(models.Actor, .user_id, user_id, self.arena.allocator())) orelse error.NotAuthorized
            else
                error.NotAuthorized;
        }

        pub fn createNote(self: *Self, info: NoteCreateInfo) !models.Note {
            const id = Uuid.randV4(prng.random());
            const actor = try self.getAuthenticatedActor();

            const note = models.Note{
                .id = id,
                .author_id = actor.user_id,
                .content = info.content,

                .created_at = DateTime.now(),
            };
            try self.db.insert(models.Note, note);

            return note;
        }

        //pub fn getNote(self: *Self, id: Uuid) !?models.Note {
        pub fn getNote(self: *Self, id: Uuid) !?[]const u8 {
            const row = try self.db.execRow("select content from note where id = ?", .{id}, &.{[]const u8}, self.arena.allocator());
            if (row) |results| {
                return results[0];
            } else return null;
            //return self.db.getBy(models.Note, .id, id, self.arena.allocator());
        }

        pub fn getActor(self: *Self, user_id: Uuid) !?models.Actor {
            return self.db.getBy(models.Actor, .user_id, user_id, self.arena.allocator());
        }

        pub fn getActorByHandle(self: *Self, handle: []const u8) !?models.Actor {
            const user = (try self.db.getBy(models.User, .username, handle, self.arena.allocator())) orelse return null;
            return self.db.getBy(models.Actor, .user_id, user.id, self.arena.allocator());
        }

        pub fn react(self: *Self, note_id: Uuid) !void {
            const id = Uuid.randV4(prng.random());
            const actor = try self.getAuthenticatedActor();
            try self.db.insert(models.Reaction, .{ .id = id, .note_id = note_id, .reactor_id = actor.user_id, .created_at = DateTime.now() });
        }

        pub fn listReacts(self: *Self, note_id: Uuid) ![]models.Reaction {
            return try self.db.getWhereEq(models.Reaction, .note_id, note_id, self.arena.allocator());
        }

        pub fn createCommunity(self: *Self, info: CommunityCreateOptions) !models.Community {
            const scheme_len = firstIndexOf(info.host, ':') orelse return error.InvalidHost;
            const scheme_str = info.host[0..scheme_len];
            const scheme = std.meta.stringToEnum(models.Community.Scheme, scheme_str) orelse return error.UnsupportedScheme;

            const host = blk: {
                // host must be in the format "{scheme}://{host}"
                if (info.host.len <= scheme_len + ("://").len or
                    info.host[scheme_len] != ':' or
                    info.host[scheme_len + 1] != '/' or
                    info.host[scheme_len + 2] != '/') return error.InvalidHost;

                const host = info.host[scheme_len + 3 ..];

                // community cannot use non-default ports (except for testing)
                // NOTE: Do not add, say localhost and localhost:80 or bugs may happen.
                // Avoid using non-default ports unless a test can't be conducted without it.
                if (firstIndexOf(host, ':') != null and builtin.mode != .Debug) return error.InvalidHost;

                // community cannot be hosted on a path
                if (firstIndexOf(host, '/') != null) return error.InvalidHost;

                break :blk host;
            };

            const id = Uuid.randV4(prng.random());
            const now = DateTime.now();

            // Require TLS on production builds
            if (scheme != .https and builtin.mode != .Debug) return error.UnsupportedScheme;

            const community = models.Community{
                .id = id,
                .created_at = now,
                .name = info.name,
                .host = host,
                .scheme = scheme,
            };
            try self.db.insert(models.Community, community);

            return community;
        }

        pub fn getCommunity(self: *Self, host: []const u8) !?models.Community {
            return try self.db.getBy(models.Community, .host, host, self.arena.allocator());
        }

        pub fn register(self: *Self, info: RegistrationInfo) !models.Actor {
            const user_id = Uuid.randV4(prng.random());
            // TODO: lock for transaction

            // TODO: not community aware :(
            if (try self.db.execRow2(&.{}, "SELECT 1 FROM user WHERE username = ?", .{info.username}, null) != null) {
                //if (try self.db.existsWhereEq(models.User, .username, info.username)) {
                return error.UsernameUnavailable;
            }

            const now = DateTime.now();
            const invite_id = if (info.invite_code) |invite_code| blk: {
                // TODO have this query also check for time-based expiration
                const result = (try self.db.execRow2(
                    &.{ Uuid, ?DateTime },
                    \\SELECT invite.id, invite.expires_at
                    \\FROM invite 
                    \\  LEFT OUTER JOIN local_user ON invite.id = local_user.invite_id
                    \\WHERE invite.invite_code = ?
                    \\GROUP BY invite.id
                    \\HAVING 
                    \\  (invite.max_uses IS NULL OR invite.max_uses > COUNT(local_user.user_id))
                    \\
                ,
                    .{invite_code},
                    null,
                )) orelse return error.InvalidInvite;

                const expired = if (result[1]) |expires_at| now.seconds_since_epoch > expires_at.seconds_since_epoch else false;
                if (expired) return error.InvalidInvite;

                //const invite = (try self.db.getBy(models.Invite, .invite_code, invite_code, self.arena.allocator())) orelse return error.InvalidInvite;
                //const invite = (try self.db.getBy(models.Invite, .invite_code, invite_code, self.arena.allocator())) orelse return error.InvalidInvite;
                //const uses = try self.db.countWhereEq(models.LocalUser, .invite_id, invite.id);
                //const uses_left = if (invite.max_uses) |max_uses| uses < max_uses else true;
                //const expired = if (invite.expires_at) |expires_at| now.seconds_since_epoch > expires_at.seconds_since_epoch else false;

                //if (!uses_left or expired) return error.InvalidInvite;
                // TODO: increment uses
                break :blk result[0];
            } else null;

            // use internal alloc because necessary buffer is *big*
            var buf: [pw_hash_buf_size]u8 = undefined;
            const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf);

            const community_id = if (info.community_host) |host| blk: {
                //const id_tuple = (try self.db.execRow("select id from community where host = '?'", host, &.{Uuid}, self.arena.allocator())) orelse return error.CommunityNotFound;
                const community_result = (try self.db.execRow2(
                    &.{Uuid},
                    "SELECT id FROM community WHERE host = ?",
                    .{host},
                    null,
                )) orelse return error.CommunityNotFound;

                //const community = (try self.db.getBy(models.Community, .host, host, self.arena.allocator())) orelse return error.CommunityNotFound;
                break :blk community_result[0];
                //break :blk id_tuple[0];
            } else null;

            const user = models.User{
                .id = user_id,
                .username = info.username,
                .created_at = now,
                .community_id = community_id,
            };
            const actor = models.Actor{
                .user_id = user_id,
                .public_id = "abc", // TODO
            };
            const local_user = models.LocalUser{
                .user_id = user_id,
                .email = info.email,
                .invite_id = invite_id,
                .hashed_password = hash,
                .password_changed_at = now,
            };
            try self.db.insert(models.User, user);
            try self.db.insert(models.Actor, actor);
            try self.db.insert(models.LocalUser, local_user);

            return actor;
        }

        pub fn login(self: *Self, username: []const u8, password: []const u8) !LoginResult {
            // TODO: This gives away the existence of a user through a timing side channel. is that acceptable?
            //const user_info = (try self.db.getBy(models.User, .username, username, self.arena.allocator())) orelse return error.InvalidLogin;
            //const local_user_info = (try self.db.getBy(models.LocalUser, .user_id, user_info.id, self.arena.allocator())) orelse return error.InvalidLogin;

            const user_info = (try self.db.execRow2(
                &.{ Uuid, []const u8 },
                \\SELECT user.id, local_user.hashed_password
                \\FROM user JOIN local_user ON local_user.user_id = user.id
                \\WHERE user.username = ?
            ,
                .{username},
                self.arena.allocator(),
            )) orelse return error.InvalidLogin;

            const user_id = user_info[0];
            const hashed_password = user_info[1];

            //defer free(self.arena.allocator(), user_info);

            const Hash = std.crypto.pwhash.scrypt;
            Hash.strVerify(hashed_password, password, .{ .allocator = self.internal_alloc }) catch |err| switch (err) {
                error.PasswordVerificationFailed => return error.InvalidLogin,
                else => return err,
            };

            const token = try self.createToken(user_id);

            var token_enc: [token_str_len]u8 = undefined;
            _ = std.base64.standard.Encoder.encode(&token_enc, &token.value);

            return LoginResult{
                .user_id = user_id,
                .token = token_enc,
                .issued_at = token.info.issued_at,
            };
        }

        const TokenResult = struct {
            info: models.Token,
            value: [token_len]u8,
        };
        fn createToken(self: *Self, user_id: Uuid) !TokenResult {
            var token: [token_len]u8 = undefined;
            std.crypto.random.bytes(&token);

            var hash: [models.Token.hash_len]u8 = undefined;
            models.Token.HashFn.hash(&token, &hash, .{});

            const db_token = models.Token{
                .id = Uuid.randV4(prng.random()),
                .hash = .{ .data = hash },
                .user_id = user_id,
                .issued_at = DateTime.now(),
            };

            try self.db.insert2("token", db_token);
            return TokenResult{
                .info = db_token,
                .value = token,
            };
        }

        pub fn createInvite(self: *Self, options: InviteOptions) !models.Invite {
            const id = Uuid.randV4(prng.random());

            const user = try self.getAuthenticatedUser();

            // Users can only make invites to their own community, unless they
            // are system users
            const community_id = if (options.to_community) |host| blk: {
                const desired_community = (try self.db.execRow2(
                    &.{Uuid},
                    "SELECT id FROM community WHERE host = ?",
                    .{host},
                    null,
                )) orelse return error.CommunityNotFound;

                if (user.community_id != null and !Uuid.eql(desired_community[0], user.community_id.?)) {
                    return error.WrongCommunity;
                }

                break :blk desired_community[0];
            } else null;

            if (user.community_id != null and community_id == null) {
                return error.WrongCommunity;
            }

            var code: [invite_code_len]u8 = undefined;
            std.crypto.random.bytes(&code);

            var code_str = try self.arena.allocator().alloc(u8, invite_code_str_len);
            _ = std.base64.url_safe.Encoder.encode(code_str, &code);

            const now = DateTime.now();
            const expires_at = if (options.lifetime) |lifetime| DateTime{
                .seconds_since_epoch = lifetime + now.seconds_since_epoch,
            } else null;

            const invite = models.Invite{
                .id = id,

                .name = try self.arena.allocator().dupe(u8, options.name),
                .created_by = user.id,
                .invite_code = code_str,
                .to_community = community_id,

                .max_uses = options.max_uses,

                .created_at = now,
                .expires_at = expires_at,
            };

            try self.db.insert(models.Invite, invite);

            return invite;
        }

        pub fn getInvite(self: *Self, id: Uuid) !?models.Invite {
            return self.db.getBy(models.Invite, .id, id, self.arena.allocator());
        }
    };
}