const std = @import("std"); const util = @import("util"); const builtin = @import("builtin"); const db = @import("./db.zig"); const models = @import("./db/models.zig"); pub const DateTime = util.DateTime; pub const Uuid = util.Uuid; const Config = @import("./main.zig").Config; const PwHash = std.crypto.pwhash.scrypt; const pw_hash_params = PwHash.Params.interactive; const pw_hash_encoding = .phc; const pw_hash_buf_size = 128; const token_len = 20; const token_str_len = std.base64.standard.Encoder.calcSize(token_len); const invite_code_len = 16; const invite_code_str_len = std.base64.url_safe.Encoder.calcSize(invite_code_len); // Frees an api struct and its fields allocated from alloc pub fn free(alloc: std.mem.Allocator, val: anytype) void { switch (@typeInfo(@TypeOf(val))) { .Pointer => |ptr_info| switch (ptr_info.size) { .One => { free(alloc, val.*); alloc.destroy(val); }, .Slice => { for (val) |elem| free(alloc, elem); alloc.free(val); }, else => unreachable, }, .Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)), .Array => for (val) |elem| free(alloc, elem), .Optional => if (val) |opt| free(alloc, opt), .Bool, .Int, .Float, .Enum => {}, else => unreachable, } } pub fn firstIndexOf(str: []const u8, ch: u8) ?usize { for (str) |c, i| { if (c == ch) return i; } return null; } pub fn CreateInfo(comptime T: type) type { const t_fields = std.meta.fields(T); var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined; var count = 0; inline for (t_fields) |f| { if (std.mem.eql(u8, f.name, "id")) continue; fields[count] = f; count += 1; } return @Type(.{ .Struct = .{ .layout = .Auto, .fields = &fields, .decls = &[0]std.builtin.Type.Declaration{}, .is_tuple = false, } }); } fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T { var result: T = undefined; result.id = id; inline for (std.meta.fields(CreateInfo(T))) |f| { @field(result, f.name) = @field(val, f.name); } return result; } pub const NoteCreateInfo = struct { content: []const u8, }; pub const Scheme = models.Community.Scheme; pub const CommunityCreateOptions = struct { name: []const u8, host: []const u8, }; pub const RegistrationInfo = struct { username: []const u8, password: []const u8, email: ?[]const u8, invite_code: ?[]const u8, community_host: ?[]const u8, }; pub const LoginResult = struct { user_id: Uuid, token: [token_str_len]u8, issued_at: DateTime, }; pub const InviteOptions = struct { name: []const u8 = "", max_uses: ?i64 = null, lifetime: ?i64 = null, // unix seconds, TODO make a TimeSpan type to_community: ?[]const u8, }; threadlocal var prng: std.rand.DefaultPrng = undefined; pub fn initThreadPrng(seed: u64) void { prng = std.rand.DefaultPrng.init(seed +% std.Thread.getCurrentId()); } pub const ApiSource = struct { db: db.Database, internal_alloc: std.mem.Allocator, config: Config, pub const Conn = ApiConn(db.Database); pub fn init(alloc: std.mem.Allocator, cfg: Config) !ApiSource { var my_db = try db.Database.init(); { const row = try my_db.execRow2( &.{Uuid}, "SELECT id FROM user WHERE username = ?", .{"heartles"}, null, ); std.log.debug("{s}", .{row.?[0]}); } return ApiSource{ //.db = try db.Database.init(), .db = my_db, .internal_alloc = alloc, .config = cfg, }; } pub fn connectUnauthorized(self: *ApiSource, host: ?[]const u8, alloc: std.mem.Allocator) !Conn { const community_id = blk: { if (host) |h| { const result = try self.db.execRow2(&.{Uuid}, "SELECT id FROM community WHERE host = ?", .{h}, null); if (result) |r| break :blk r[0]; } break :blk null; }; return Conn{ .db = self.db, .internal_alloc = self.internal_alloc, .as_user = null, .on_community = community_id, .arena = std.heap.ArenaAllocator.init(alloc), }; } pub fn connectToken(self: *ApiSource, host: ?[]const u8, token: []const u8, alloc: std.mem.Allocator) !Conn { var conn = try self.connectUnauthorized(host, alloc); errdefer conn.close(); const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(token) catch return error.InvalidToken; if (decoded_len != token_len) return error.InvalidToken; var decoded: [token_len]u8 = undefined; std.base64.standard.Decoder.decode(&decoded, token) catch return error.InvalidToken; var hash: models.ByteArray(models.Token.hash_len) = undefined; models.Token.HashFn.hash(&decoded, &hash.data, .{}); const db_token = (try self.db.getBy(models.Token, .hash, hash, conn.arena.allocator())) orelse return error.InvalidToken; //const token_result = (try self.db.execRow2( //&.{Uuid}, //"SELECT id FROM token WHERE hash = ?", //.{hash}, //null, //)) orelse return error.InvalidToken; //conn.as_user = token_result[0]; conn.as_user = db_token.user_id; return conn; } }; fn ApiConn(comptime DbConn: type) type { return struct { const Self = @This(); db: DbConn, internal_alloc: std.mem.Allocator, // used *only* for large, internal buffers as_user: ?Uuid, on_community: ?Uuid, arena: std.heap.ArenaAllocator, pub fn close(self: *Self) void { self.arena.deinit(); } fn getAuthenticatedUser(self: *Self) !models.User { if (self.as_user) |id| { const user = try self.db.getBy(models.User, .id, id, self.arena.allocator()); if (user == null) return error.NotAuthorized; return user.?; } else { return error.NotAuthorized; } } fn getAuthenticatedLocalUser(self: *Self) !models.LocalUser { if (self.as_user) |user_id| { const local_user = try self.db.getBy(models.LocalUser, .user_id, user_id, self.arena.allocator()); if (local_user == null) return error.NotAuthorized; return local_user.?; } else { return error.NotAuthorized; } } fn getAuthenticatedActor(self: *Self) !models.Actor { return if (self.as_user) |user_id| (try self.db.getBy(models.Actor, .user_id, user_id, self.arena.allocator())) orelse error.NotAuthorized else error.NotAuthorized; } pub fn createNote(self: *Self, info: NoteCreateInfo) !models.Note { const id = Uuid.randV4(prng.random()); const actor = try self.getAuthenticatedActor(); const note = models.Note{ .id = id, .author_id = actor.user_id, .content = info.content, .created_at = DateTime.now(), }; try self.db.insert(models.Note, note); return note; } //pub fn getNote(self: *Self, id: Uuid) !?models.Note { pub fn getNote(self: *Self, id: Uuid) !?[]const u8 { const row = try self.db.execRow("select content from note where id = ?", .{id}, &.{[]const u8}, self.arena.allocator()); if (row) |results| { return results[0]; } else return null; //return self.db.getBy(models.Note, .id, id, self.arena.allocator()); } pub fn getActor(self: *Self, user_id: Uuid) !?models.Actor { return self.db.getBy(models.Actor, .user_id, user_id, self.arena.allocator()); } pub fn getActorByHandle(self: *Self, handle: []const u8) !?models.Actor { const user = (try self.db.getBy(models.User, .username, handle, self.arena.allocator())) orelse return null; return self.db.getBy(models.Actor, .user_id, user.id, self.arena.allocator()); } pub fn react(self: *Self, note_id: Uuid) !void { const id = Uuid.randV4(prng.random()); const actor = try self.getAuthenticatedActor(); try self.db.insert(models.Reaction, .{ .id = id, .note_id = note_id, .reactor_id = actor.user_id, .created_at = DateTime.now() }); } pub fn listReacts(self: *Self, note_id: Uuid) ![]models.Reaction { return try self.db.getWhereEq(models.Reaction, .note_id, note_id, self.arena.allocator()); } pub fn createCommunity(self: *Self, info: CommunityCreateOptions) !models.Community { const scheme_len = firstIndexOf(info.host, ':') orelse return error.InvalidHost; const scheme_str = info.host[0..scheme_len]; const scheme = std.meta.stringToEnum(models.Community.Scheme, scheme_str) orelse return error.UnsupportedScheme; const host = blk: { // host must be in the format "{scheme}://{host}" if (info.host.len <= scheme_len + ("://").len or info.host[scheme_len] != ':' or info.host[scheme_len + 1] != '/' or info.host[scheme_len + 2] != '/') return error.InvalidHost; const host = info.host[scheme_len + 3 ..]; // community cannot use non-default ports (except for testing) // NOTE: Do not add, say localhost and localhost:80 or bugs may happen. // Avoid using non-default ports unless a test can't be conducted without it. if (firstIndexOf(host, ':') != null and builtin.mode != .Debug) return error.InvalidHost; // community cannot be hosted on a path if (firstIndexOf(host, '/') != null) return error.InvalidHost; break :blk host; }; const id = Uuid.randV4(prng.random()); const now = DateTime.now(); // Require TLS on production builds if (scheme != .https and builtin.mode != .Debug) return error.UnsupportedScheme; const community = models.Community{ .id = id, .created_at = now, .name = info.name, .host = host, .scheme = scheme, }; try self.db.insert(models.Community, community); return community; } pub fn getCommunity(self: *Self, host: []const u8) !?models.Community { return try self.db.getBy(models.Community, .host, host, self.arena.allocator()); } pub fn register(self: *Self, info: RegistrationInfo) !models.Actor { const user_id = Uuid.randV4(prng.random()); // TODO: lock for transaction // TODO: not community aware :( if (try self.db.execRow2(&.{}, "SELECT 1 FROM user WHERE username = ?", .{info.username}, null) != null) { //if (try self.db.existsWhereEq(models.User, .username, info.username)) { return error.UsernameUnavailable; } const now = DateTime.now(); const invite_id = if (info.invite_code) |invite_code| blk: { // TODO have this query also check for time-based expiration const result = (try self.db.execRow2( &.{ Uuid, ?DateTime }, \\SELECT invite.id, invite.expires_at \\FROM invite \\ LEFT OUTER JOIN local_user ON invite.id = local_user.invite_id \\WHERE invite.invite_code = ? \\GROUP BY invite.id \\HAVING \\ (invite.max_uses IS NULL OR invite.max_uses > COUNT(local_user.user_id)) \\ , .{invite_code}, null, )) orelse return error.InvalidInvite; const expired = if (result[1]) |expires_at| now.seconds_since_epoch > expires_at.seconds_since_epoch else false; if (expired) return error.InvalidInvite; //const invite = (try self.db.getBy(models.Invite, .invite_code, invite_code, self.arena.allocator())) orelse return error.InvalidInvite; //const invite = (try self.db.getBy(models.Invite, .invite_code, invite_code, self.arena.allocator())) orelse return error.InvalidInvite; //const uses = try self.db.countWhereEq(models.LocalUser, .invite_id, invite.id); //const uses_left = if (invite.max_uses) |max_uses| uses < max_uses else true; //const expired = if (invite.expires_at) |expires_at| now.seconds_since_epoch > expires_at.seconds_since_epoch else false; //if (!uses_left or expired) return error.InvalidInvite; // TODO: increment uses break :blk result[0]; } else null; // use internal alloc because necessary buffer is *big* var buf: [pw_hash_buf_size]u8 = undefined; const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf); const community_id = if (info.community_host) |host| blk: { //const id_tuple = (try self.db.execRow("select id from community where host = '?'", host, &.{Uuid}, self.arena.allocator())) orelse return error.CommunityNotFound; const community_result = (try self.db.execRow2( &.{Uuid}, "SELECT id FROM community WHERE host = ?", .{host}, null, )) orelse return error.CommunityNotFound; //const community = (try self.db.getBy(models.Community, .host, host, self.arena.allocator())) orelse return error.CommunityNotFound; break :blk community_result[0]; //break :blk id_tuple[0]; } else null; const user = models.User{ .id = user_id, .username = info.username, .created_at = now, .community_id = community_id, }; const actor = models.Actor{ .user_id = user_id, .public_id = "abc", // TODO }; const local_user = models.LocalUser{ .user_id = user_id, .email = info.email, .invite_id = invite_id, .hashed_password = hash, .password_changed_at = now, }; try self.db.insert(models.User, user); try self.db.insert(models.Actor, actor); try self.db.insert(models.LocalUser, local_user); return actor; } pub fn login(self: *Self, username: []const u8, password: []const u8) !LoginResult { // TODO: This gives away the existence of a user through a timing side channel. is that acceptable? //const user_info = (try self.db.getBy(models.User, .username, username, self.arena.allocator())) orelse return error.InvalidLogin; //const local_user_info = (try self.db.getBy(models.LocalUser, .user_id, user_info.id, self.arena.allocator())) orelse return error.InvalidLogin; const user_info = (try self.db.execRow2( &.{ Uuid, []const u8 }, \\SELECT user.id, local_user.hashed_password \\FROM user JOIN local_user ON local_user.user_id = user.id \\WHERE user.username = ? , .{username}, self.arena.allocator(), )) orelse return error.InvalidLogin; const user_id = user_info[0]; const hashed_password = user_info[1]; //defer free(self.arena.allocator(), user_info); const Hash = std.crypto.pwhash.scrypt; Hash.strVerify(hashed_password, password, .{ .allocator = self.internal_alloc }) catch |err| switch (err) { error.PasswordVerificationFailed => return error.InvalidLogin, else => return err, }; const token = try self.createToken(user_id); var token_enc: [token_str_len]u8 = undefined; _ = std.base64.standard.Encoder.encode(&token_enc, &token.value); return LoginResult{ .user_id = user_id, .token = token_enc, .issued_at = token.info.issued_at, }; } const TokenResult = struct { info: models.Token, value: [token_len]u8, }; fn createToken(self: *Self, user_id: Uuid) !TokenResult { var token: [token_len]u8 = undefined; std.crypto.random.bytes(&token); var hash: [models.Token.hash_len]u8 = undefined; models.Token.HashFn.hash(&token, &hash, .{}); const db_token = models.Token{ .id = Uuid.randV4(prng.random()), .hash = .{ .data = hash }, .user_id = user_id, .issued_at = DateTime.now(), }; try self.db.insert2("token", db_token); return TokenResult{ .info = db_token, .value = token, }; } pub fn createInvite(self: *Self, options: InviteOptions) !models.Invite { const id = Uuid.randV4(prng.random()); const user = try self.getAuthenticatedUser(); // Users can only make invites to their own community, unless they // are system users const community_id = if (options.to_community) |host| blk: { const desired_community = (try self.db.execRow2( &.{Uuid}, "SELECT id FROM community WHERE host = ?", .{host}, null, )) orelse return error.CommunityNotFound; if (user.community_id != null and !Uuid.eql(desired_community[0], user.community_id.?)) { return error.WrongCommunity; } break :blk desired_community[0]; } else null; if (user.community_id != null and community_id == null) { return error.WrongCommunity; } var code: [invite_code_len]u8 = undefined; std.crypto.random.bytes(&code); var code_str = try self.arena.allocator().alloc(u8, invite_code_str_len); _ = std.base64.url_safe.Encoder.encode(code_str, &code); const now = DateTime.now(); const expires_at = if (options.lifetime) |lifetime| DateTime{ .seconds_since_epoch = lifetime + now.seconds_since_epoch, } else null; const invite = models.Invite{ .id = id, .name = try self.arena.allocator().dupe(u8, options.name), .created_by = user.id, .invite_code = code_str, .to_community = community_id, .max_uses = options.max_uses, .created_at = now, .expires_at = expires_at, }; try self.db.insert(models.Invite, invite); return invite; } pub fn getInvite(self: *Self, id: Uuid) !?models.Invite { return self.db.getBy(models.Invite, .id, id, self.arena.allocator()); } }; }