const std = @import("std"); const util = @import("util"); const db = @import("./db.zig"); pub const models = @import("./models.zig"); pub const DateTime = util.DateTime; pub const Uuid = util.Uuid; const PwHash = std.crypto.pwhash.scrypt; const pw_hash_params = PwHash.Params.interactive; const pw_hash_encoding = .phc; const pw_hash_buf_size = 128; // Frees an api struct and its fields allocated from alloc pub fn free(alloc: std.mem.Allocator, val: anytype) void { switch (@typeInfo(@TypeOf(val))) { .Pointer => |ptr_info| switch (ptr_info.size) { .One => { free(alloc, val.*); alloc.destroy(val); }, .Slice => { for (val) |elem| free(alloc, elem); alloc.free(val); }, else => unreachable, }, .Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)), .Array => for (val) |elem| free(alloc, elem), .Optional => if (val) |opt| free(alloc, opt), .Bool, .Int, .Float, .Enum => {}, else => unreachable, } } pub fn CreateInfo(comptime T: type) type { const t_fields = std.meta.fields(T); var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined; var count = 0; inline for (t_fields) |f| { if (std.mem.eql(u8, f.name, "id")) continue; fields[count] = f; count += 1; } return @Type(.{ .Struct = .{ .layout = .Auto, .fields = &fields, .decls = &[0]std.builtin.Type.Declaration{}, .is_tuple = false, } }); } fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T { var result: T = undefined; result.id = id; inline for (std.meta.fields(CreateInfo(T))) |f| { @field(result, f.name) = @field(val, f.name); } return result; } pub const ApiContext = struct { user_context: struct { user: models.LocalUser, }, alloc: std.mem.Allocator, }; pub const NoteCreate = struct { content: []const u8, }; pub const RegistrationInfo = struct { username: []const u8, password: []const u8, email: ?[]const u8, }; pub const ApiServer = struct { prng: std.rand.DefaultPrng, db: db.Database, internal_alloc: std.mem.Allocator, pub fn init(alloc: std.mem.Allocator) !ApiServer { return ApiServer{ .prng = std.rand.DefaultPrng.init(@bitCast(u64, std.time.milliTimestamp())), .db = try db.Database.init(), .internal_alloc = alloc, }; } pub fn makeApiContext(self: *ApiServer, token: []const u8, alloc: std.mem.Allocator) !ApiContext { if (token.len == 0) return error.InvalidToken; const username = token; const user = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidToken; return ApiContext{ .user_context = .{ .user = user, }, .alloc = alloc, }; } pub fn createNoteUser(self: *ApiServer, info: NoteCreate, ctx: ApiContext) !models.Note { const id = Uuid.randV4(self.prng.random()); // TODO: check for dupes const note = models.Note{ .id = id, .author_id = ctx.user_context.user.actor_id.?, .content = info.content, .created_at = DateTime.now(), }; try self.db.insert(models.Note, note); return note; } pub fn register(self: *ApiServer, info: RegistrationInfo) !models.Actor { const id = Uuid.randV4(self.prng.random()); // TODO: transaction? if (try self.db.existsWhereEq(models.LocalUser, .username, info.username)) { return error.UsernameUnavailable; } if (try self.db.existsWhereEq(models.Actor, .handle, info.username)) { return error.InconsistentDb; } // use internal alloc because necessary buffer is *big* var buf: [pw_hash_buf_size]u8 = undefined; const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf); const now = DateTime.now(); const actor = models.Actor{ .id = id, .handle = info.username, .created_at = now, }; const user = models.LocalUser{ .actor_id = id, .username = info.username, .email = info.email, .hashed_password = hash, .password_changed_at = now, .created_at = now, }; try self.db.insert(models.Actor, actor); try self.db.insert(models.LocalUser, user); // TODO: return token instead return actor; } pub fn login(self: *ApiServer, username: []const u8, password: []const u8, alloc: std.mem.Allocator) !?models.Actor { // TODO: This gives away the existence of a user through a timing side channel. is that acceptable? const user_info = (try self.db.getBy(models.LocalUser, .username, username, alloc)) orelse return error.InvalidLogin; defer free(alloc, user_info); const Hash = std.crypto.pwhash.scrypt; Hash.strVerify(user_info.hashed_password, password, .{ .allocator = alloc }) catch |err| switch (err) { error.PasswordVerificationFailed => return error.InvalidLogin, else => return err, }; // TODO: return token instead return (try self.db.getBy(models.Actor, .id, user_info.actor_id.?, alloc)) orelse unreachable; } pub fn getNote(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Note { return self.db.getBy(models.Note, .id, id, alloc); } pub fn getActor(self: *ApiServer, id: Uuid, alloc: std.mem.Allocator) !?models.Actor { return self.db.getBy(models.Actor, .id, id, alloc); } pub fn getActorByHandle(self: *ApiServer, handle: []const u8, alloc: std.mem.Allocator) !?models.Actor { return self.db.getBy(models.Actor, .handle, handle, alloc); } pub fn react(self: *ApiServer, note_id: Uuid, ctx: ApiContext) !void { try self.db.insert(models.Reaction, .{ .note_id = note_id, .reactor_id = ctx.user_context.user.actor_id.? }); } pub fn listReacts(self: *ApiServer, note_id: Uuid, ctx: ApiContext) ![]models.Reaction { return try self.db.getWhereEq(models.Reaction, .note_id, note_id, ctx.alloc); } };