server/handle_server_create_account.go at v0.5.1 · hailey.at/cocoon

hailey.at / cocoon
An atproto PDS written in Go
cocoon / server / handle_server_create_account.go
at v0.5.1 7.9 kB view raw
  1package server
  2
  3import (
  4	"context"
  5	"errors"
  6	"fmt"
  7	"strings"
  8	"time"
  9
 10	"github.com/Azure/go-autorest/autorest/to"
 11	"github.com/bluesky-social/indigo/api/atproto"
 12	"github.com/bluesky-social/indigo/atproto/atcrypto"
 13	"github.com/bluesky-social/indigo/events"
 14	"github.com/bluesky-social/indigo/repo"
 15	"github.com/bluesky-social/indigo/util"
 16	"github.com/haileyok/cocoon/internal/helpers"
 17	"github.com/haileyok/cocoon/models"
 18	"github.com/labstack/echo/v4"
 19	"golang.org/x/crypto/bcrypt"
 20	"gorm.io/gorm"
 21)
 22
 23type ComAtprotoServerCreateAccountRequest struct {
 24	Email      string  `json:"email" validate:"required,email"`
 25	Handle     string  `json:"handle" validate:"required,atproto-handle"`
 26	Did        *string `json:"did" validate:"atproto-did"`
 27	Password   string  `json:"password" validate:"required"`
 28	InviteCode string  `json:"inviteCode" validate:"required"`
 29}
 30
 31type ComAtprotoServerCreateAccountResponse struct {
 32	AccessJwt  string `json:"accessJwt"`
 33	RefreshJwt string `json:"refreshJwt"`
 34	Handle     string `json:"handle"`
 35	Did        string `json:"did"`
 36}
 37
 38func (s *Server) handleCreateAccount(e echo.Context) error {
 39	var request ComAtprotoServerCreateAccountRequest
 40
 41	if err := e.Bind(&request); err != nil {
 42		s.logger.Error("error receiving request", "endpoint", "com.atproto.server.createAccount", "error", err)
 43		return helpers.ServerError(e, nil)
 44	}
 45
 46	request.Handle = strings.ToLower(request.Handle)
 47
 48	if err := e.Validate(request); err != nil {
 49		s.logger.Error("error validating request", "endpoint", "com.atproto.server.createAccount", "error", err)
 50
 51		var verr ValidationError
 52		if errors.As(err, &verr) {
 53			if verr.Field == "Email" {
 54				// TODO: what is this supposed to be? `InvalidEmail` isn't listed in doc
 55				return helpers.InputError(e, to.StringPtr("InvalidEmail"))
 56			}
 57
 58			if verr.Field == "Handle" {
 59				return helpers.InputError(e, to.StringPtr("InvalidHandle"))
 60			}
 61
 62			if verr.Field == "Password" {
 63				return helpers.InputError(e, to.StringPtr("InvalidPassword"))
 64			}
 65
 66			if verr.Field == "InviteCode" {
 67				return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
 68			}
 69		}
 70	}
 71	
 72	var signupDid string
 73	if request.Did != nil {
 74		signupDid = *request.Did;
 75		
 76		token := strings.TrimSpace(strings.Replace(e.Request().Header.Get("authorization"), "Bearer ", "", 1))
 77		if token == "" {
 78			return helpers.UnauthorizedError(e, to.StringPtr("must authenticate to use an existing did"))
 79		}
 80		authDid, err := s.validateServiceAuth(e.Request().Context(), token, "com.atproto.server.createAccount")
 81
 82		if err != nil {
 83			s.logger.Warn("error validating authorization token", "endpoint", "com.atproto.server.createAccount", "error", err)
 84			return helpers.UnauthorizedError(e, to.StringPtr("invalid authorization token"))
 85		}
 86
 87		if authDid != signupDid {
 88			return helpers.ForbiddenError(e, to.StringPtr("auth did did not match signup did"))
 89		}
 90	}
 91
 92	// see if the handle is already taken
 93	actor, err := s.getActorByHandle(request.Handle)
 94	if err != nil && err != gorm.ErrRecordNotFound {
 95		s.logger.Error("error looking up handle in db", "endpoint", "com.atproto.server.createAccount", "error", err)
 96		return helpers.ServerError(e, nil)
 97	}
 98	if err == nil && actor.Did != signupDid {
 99		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))
100	}
101
102	if did, err := s.passport.ResolveHandle(e.Request().Context(), request.Handle); err == nil && did != signupDid {
103		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))
104	}
105
106	var ic models.InviteCode
107	if err := s.db.Raw("SELECT * FROM invite_codes WHERE code = ?", nil, request.InviteCode).Scan(&ic).Error; err != nil {
108		if err == gorm.ErrRecordNotFound {
109			return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
110		}
111		s.logger.Error("error getting invite code from db", "error", err)
112		return helpers.ServerError(e, nil)
113	}
114
115	if ic.RemainingUseCount < 1 {
116		return helpers.InputError(e, to.StringPtr("InvalidInviteCode"))
117	}
118
119	// see if the email is already taken
120	existingRepo, err := s.getRepoByEmail(request.Email)
121	if err != nil && err != gorm.ErrRecordNotFound {
122		s.logger.Error("error looking up email in db", "endpoint", "com.atproto.server.createAccount", "error", err)
123		return helpers.ServerError(e, nil)
124	}
125	if err == nil && existingRepo.Did != signupDid {
126		return helpers.InputError(e, to.StringPtr("EmailNotAvailable"))
127	}
128
129	// TODO: unsupported domains
130
131	k, err := atcrypto.GeneratePrivateKeyK256()
132	if err != nil {
133		s.logger.Error("error creating signing key", "endpoint", "com.atproto.server.createAccount", "error", err)
134		return helpers.ServerError(e, nil)
135	}
136
137	if signupDid == "" {
138		did, op, err := s.plcClient.CreateDID(k, "", request.Handle)
139		if err != nil {
140			s.logger.Error("error creating operation", "endpoint", "com.atproto.server.createAccount", "error", err)
141			return helpers.ServerError(e, nil)
142		}
143
144		if err := s.plcClient.SendOperation(e.Request().Context(), did, op); err != nil {
145			s.logger.Error("error sending plc op", "endpoint", "com.atproto.server.createAccount", "error", err)
146			return helpers.ServerError(e, nil)
147		}
148		signupDid = did
149	}
150
151	hashed, err := bcrypt.GenerateFromPassword([]byte(request.Password), 10)
152	if err != nil {
153		s.logger.Error("error hashing password", "error", err)
154		return helpers.ServerError(e, nil)
155	}
156
157	urepo := models.Repo{
158		Did:                   signupDid,
159		CreatedAt:             time.Now(),
160		Email:                 request.Email,
161		EmailVerificationCode: to.StringPtr(fmt.Sprintf("%s-%s", helpers.RandomVarchar(6), helpers.RandomVarchar(6))),
162		Password:              string(hashed),
163		SigningKey:            k.Bytes(),
164	}
165
166	if actor == nil {
167		actor = &models.Actor{
168			Did:    signupDid,
169			Handle: request.Handle,
170		}
171
172		if err := s.db.Create(&urepo, nil).Error; err != nil {
173			s.logger.Error("error inserting new repo", "error", err)
174			return helpers.ServerError(e, nil)
175		}
176	
177		if err := s.db.Create(&actor, nil).Error; err != nil {
178			s.logger.Error("error inserting new actor", "error", err)
179			return helpers.ServerError(e, nil)
180		}
181	} else {
182		if err := s.db.Save(&actor, nil).Error; err != nil {
183			s.logger.Error("error inserting new actor", "error", err)
184			return helpers.ServerError(e, nil)
185		}
186	}
187
188	if request.Did == nil || *request.Did == "" {
189		bs := s.getBlockstore(signupDid)
190		r := repo.NewRepo(context.TODO(), signupDid, bs)
191
192		root, rev, err := r.Commit(context.TODO(), urepo.SignFor)
193		if err != nil {
194			s.logger.Error("error committing", "error", err)
195			return helpers.ServerError(e, nil)
196		}
197
198		if err := s.UpdateRepo(context.TODO(), urepo.Did, root, rev); err != nil {
199			s.logger.Error("error updating repo after commit", "error", err)
200			return helpers.ServerError(e, nil)
201		}
202
203		s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{
204			RepoIdentity: &atproto.SyncSubscribeRepos_Identity{
205				Did:    urepo.Did,
206				Handle: to.StringPtr(request.Handle),
207				Seq:    time.Now().UnixMicro(), // TODO: no
208				Time:   time.Now().Format(util.ISO8601),
209			},
210		})
211	}
212
213	if err := s.db.Raw("UPDATE invite_codes SET remaining_use_count = remaining_use_count - 1 WHERE code = ?", nil, request.InviteCode).Scan(&ic).Error; err != nil {
214		s.logger.Error("error decrementing use count", "error", err)
215		return helpers.ServerError(e, nil)
216	}
217
218	sess, err := s.createSession(&urepo)
219	if err != nil {
220		s.logger.Error("error creating new session", "error", err)
221		return helpers.ServerError(e, nil)
222	}
223
224	go func() {
225		if err := s.sendEmailVerification(urepo.Email, actor.Handle, *urepo.EmailVerificationCode); err != nil {
226			s.logger.Error("error sending email verification email", "error", err)
227		}
228		if err := s.sendWelcomeMail(urepo.Email, actor.Handle); err != nil {
229			s.logger.Error("error sending welcome email", "error", err)
230		}
231	}()
232
233	return e.JSON(200, ComAtprotoServerCreateAccountResponse{
234		AccessJwt:  sess.AccessToken,
235		RefreshJwt: sess.RefreshToken,
236		Handle:     request.Handle,
237		Did:        signupDid,
238	})
239}