server/handle_server_create_account.go at 66a2e250fdcb2b7774007e406dd79e2ef16b1e5a · hailey.at/cocoon

hailey.at / cocoon
An atproto PDS written in Go
cocoon / server / handle_server_create_account.go
at 66a2e250fdcb2b7774007e406dd79e2ef16b1e5a 8.6 kB view raw
  1package server
  2
  3import (
  4	"context"
  5	"errors"
  6	"fmt"
  7	"strings"
  8	"time"
  9
 10	"github.com/Azure/go-autorest/autorest/to"
 11	"github.com/bluesky-social/indigo/api/atproto"
 12	"github.com/bluesky-social/indigo/atproto/atcrypto"
 13	"github.com/bluesky-social/indigo/events"
 14	"github.com/bluesky-social/indigo/repo"
 15	"github.com/bluesky-social/indigo/util"
 16	"github.com/haileyok/cocoon/internal/helpers"
 17	"github.com/haileyok/cocoon/models"
 18	"github.com/labstack/echo/v4"
 19	"golang.org/x/crypto/bcrypt"
 20	"gorm.io/gorm"
 21)
 22
 23type ComAtprotoServerCreateAccountRequest struct {
 24	Email      string  `json:"email" validate:"required,email"`
 25	Handle     string  `json:"handle" validate:"required,atproto-handle"`
 26	Did        *string `json:"did" validate:"atproto-did"`
 27	Password   string  `json:"password" validate:"required"`
 28	InviteCode string  `json:"inviteCode" validate:"required"`
 29}
 30
 31type ComAtprotoServerCreateAccountResponse struct {
 32	AccessJwt  string `json:"accessJwt"`
 33	RefreshJwt string `json:"refreshJwt"`
 34	Handle     string `json:"handle"`
 35	Did        string `json:"did"`
 36}
 37
 38func (s *Server) handleCreateAccount(e echo.Context) error {
 39	var request ComAtprotoServerCreateAccountRequest
 40
 41	if err := e.Bind(&request); err != nil {
 42		s.logger.Error("error receiving request", "endpoint", "com.atproto.server.createAccount", "error", err)
 43		return helpers.ServerError(e, nil)
 44	}
 45
 46	request.Handle = strings.ToLower(request.Handle)
 47
 48	if err := e.Validate(request); err != nil {
 49		s.logger.Error("error validating request", "endpoint", "com.atproto.server.createAccount", "error", err)
 50
 51		var verr ValidationError
 52		if errors.As(err, &verr) {
 53			if verr.Field == "Email" {
 54				// TODO: what is this supposed to be? `InvalidEmail` isn't listed in doc
 55				return helpers.InputError(e, to.StringPtr("InvalidEmail"))
 56			}
 57
 58			if verr.Field == "Handle" {
 59				return helpers.InputError(e, to.StringPtr("InvalidHandle"))
 60			}
 61
 62			if verr.Field == "Password" {
 63				return helpers.InputError(e, to.StringPtr("InvalidPassword"))
 64			}
 65
 66			if verr.Field == "InviteCode" {
 67				return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
 68			}
 69		}
 70	}
 71	
 72	var signupDid string
 73	if request.Did != nil {
 74		signupDid = *request.Did;
 75		
 76		token := strings.TrimSpace(strings.Replace(e.Request().Header.Get("authorization"), "Bearer ", "", 1))
 77		if token == "" {
 78			return helpers.UnauthorizedError(e, to.StringPtr("must authenticate to use an existing did"))
 79		}
 80		authDid, err := s.validateServiceAuth(e.Request().Context(), token, "com.atproto.server.createAccount")
 81
 82		if err != nil {
 83			s.logger.Warn("error validating authorization token", "endpoint", "com.atproto.server.createAccount", "error", err)
 84			return helpers.UnauthorizedError(e, to.StringPtr("invalid authorization token"))
 85		}
 86
 87		if authDid != signupDid {
 88			return helpers.ForbiddenError(e, to.StringPtr("auth did did not match signup did"))
 89		}
 90	}
 91
 92	// see if the handle is already taken
 93	actor, err := s.getActorByHandle(request.Handle)
 94	if err != nil && err != gorm.ErrRecordNotFound {
 95		s.logger.Error("error looking up handle in db", "endpoint", "com.atproto.server.createAccount", "error", err)
 96		return helpers.ServerError(e, nil)
 97	}
 98	if err == nil && actor.Did != signupDid {
 99		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))
100	}
101
102	if did, err := s.passport.ResolveHandle(e.Request().Context(), request.Handle); err == nil && did != signupDid {
103		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))
104	}
105
106	var ic models.InviteCode
107	if err := s.db.Raw("SELECT * FROM invite_codes WHERE code = ?", nil, request.InviteCode).Scan(&ic).Error; err != nil {
108		if err == gorm.ErrRecordNotFound {
109			return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
110		}
111		s.logger.Error("error getting invite code from db", "error", err)
112		return helpers.ServerError(e, nil)
113	}
114
115	if ic.RemainingUseCount < 1 {
116		return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
117	}
118
119	// see if the email is already taken
120	existingRepo, err := s.getRepoByEmail(request.Email)
121	if err != nil && err != gorm.ErrRecordNotFound {
122		s.logger.Error("error looking up email in db", "endpoint", "com.atproto.server.createAccount", "error", err)
123		return helpers.ServerError(e, nil)
124	}
125	if err == nil && existingRepo.Did != signupDid {
126		return helpers.InputError(e, to.StringPtr("EmailNotAvailable"))
127	}
128
129	// TODO: unsupported domains
130
131	var k *atcrypto.PrivateKeyK256
132
133	if signupDid != "" {
134		reservedKey, err := s.getReservedKey(signupDid)
135		if err != nil {
136			s.logger.Error("error looking up reserved key", "error", err)
137		}
138		if reservedKey != nil {
139			k, err = atcrypto.ParsePrivateBytesK256(reservedKey.PrivateKey)
140			if err != nil {
141				s.logger.Error("error parsing reserved key", "error", err)
142				k = nil
143			} else {
144				defer func() {
145					if delErr := s.deleteReservedKey(reservedKey.KeyDid, reservedKey.Did); delErr != nil {
146						s.logger.Error("error deleting reserved key", "error", delErr)
147					}
148				}()
149			}
150		}
151	}
152
153	if k == nil {
154		k, err = atcrypto.GeneratePrivateKeyK256()
155		if err != nil {
156			s.logger.Error("error creating signing key", "endpoint", "com.atproto.server.createAccount", "error", err)
157			return helpers.ServerError(e, nil)
158		}
159	}
160
161	if signupDid == "" {
162		did, op, err := s.plcClient.CreateDID(k, "", request.Handle)
163		if err != nil {
164			s.logger.Error("error creating operation", "endpoint", "com.atproto.server.createAccount", "error", err)
165			return helpers.ServerError(e, nil)
166		}
167
168		if err := s.plcClient.SendOperation(e.Request().Context(), did, op); err != nil {
169			s.logger.Error("error sending plc op", "endpoint", "com.atproto.server.createAccount", "error", err)
170			return helpers.ServerError(e, nil)
171		}
172		signupDid = did
173	}
174
175	hashed, err := bcrypt.GenerateFromPassword([]byte(request.Password), 10)
176	if err != nil {
177		s.logger.Error("error hashing password", "error", err)
178		return helpers.ServerError(e, nil)
179	}
180
181	urepo := models.Repo{
182		Did:                   signupDid,
183		CreatedAt:             time.Now(),
184		Email:                 request.Email,
185		EmailVerificationCode: to.StringPtr(fmt.Sprintf("%s-%s", helpers.RandomVarchar(6), helpers.RandomVarchar(6))),
186		Password:              string(hashed),
187		SigningKey:            k.Bytes(),
188	}
189
190	if actor == nil {
191		actor = &models.Actor{
192			Did:    signupDid,
193			Handle: request.Handle,
194		}
195
196		if err := s.db.Create(&urepo, nil).Error; err != nil {
197			s.logger.Error("error inserting new repo", "error", err)
198			return helpers.ServerError(e, nil)
199		}
200	
201		if err := s.db.Create(&actor, nil).Error; err != nil {
202			s.logger.Error("error inserting new actor", "error", err)
203			return helpers.ServerError(e, nil)
204		}
205	} else {
206		if err := s.db.Save(&actor, nil).Error; err != nil {
207			s.logger.Error("error inserting new actor", "error", err)
208			return helpers.ServerError(e, nil)
209		}
210	}
211
212	if request.Did == nil || *request.Did == "" {
213		bs := s.getBlockstore(signupDid)
214		r := repo.NewRepo(context.TODO(), signupDid, bs)
215
216		root, rev, err := r.Commit(context.TODO(), urepo.SignFor)
217		if err != nil {
218			s.logger.Error("error committing", "error", err)
219			return helpers.ServerError(e, nil)
220		}
221
222		if err := s.UpdateRepo(context.TODO(), urepo.Did, root, rev); err != nil {
223			s.logger.Error("error updating repo after commit", "error", err)
224			return helpers.ServerError(e, nil)
225		}
226
227		s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{
228			RepoIdentity: &atproto.SyncSubscribeRepos_Identity{
229				Did:    urepo.Did,
230				Handle: to.StringPtr(request.Handle),
231				Seq:    time.Now().UnixMicro(), // TODO: no
232				Time:   time.Now().Format(util.ISO8601),
233			},
234		})
235	}
236
237	if err := s.db.Raw("UPDATE invite_codes SET remaining_use_count = remaining_use_count - 1 WHERE code = ?", nil, request.InviteCode).Scan(&ic).Error; err != nil {
238		s.logger.Error("error decrementing use count", "error", err)
239		return helpers.ServerError(e, nil)
240	}
241
242	sess, err := s.createSession(&urepo)
243	if err != nil {
244		s.logger.Error("error creating new session", "error", err)
245		return helpers.ServerError(e, nil)
246	}
247
248	go func() {
249		if err := s.sendEmailVerification(urepo.Email, actor.Handle, *urepo.EmailVerificationCode); err != nil {
250			s.logger.Error("error sending email verification email", "error", err)
251		}
252		if err := s.sendWelcomeMail(urepo.Email, actor.Handle); err != nil {
253			s.logger.Error("error sending welcome email", "error", err)
254		}
255	}()
256
257	return e.JSON(200, ComAtprotoServerCreateAccountResponse{
258		AccessJwt:  sess.AccessToken,
259		RefreshJwt: sess.RefreshToken,
260		Handle:     request.Handle,
261		Did:        signupDid,
262	})
263}