commit 35ee3465c3e68e9bb09b40c0ee311ff7bbf83a35 · hailey.at/cocoon

+31 -15

plc/client.go

···

       55
        
       }

     

       56
        
       

     

       57
        
       func (c *Client) CreateDID(sigkey *atcrypto.PrivateKeyK256, recovery string, handle string) (string, *Operation, error) {

     

       58
       -
       	pubsigkey, err := sigkey.PublicKey()

     

       59
        
       	if err != nil {

     

       60
        
       		return "", nil, err

     

       61
        
       	}

     

       62
        
       

     

       63
       -
       	pubrotkey, err := c.rotationKey.PublicKey()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       64
        
       	if err != nil {

     

       65
        
       		return "", nil, err

     

       66
        
       	}

     

       67
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       68
        
       	// todo

     

       69
        
       	rotationKeys := []string{pubrotkey.DIDKey()}

     

       70
        
       	if recovery != "" {

     
···

       77
        
       		}(recovery)

     

       78
        
       	}

     

       79
        
       

     

       80
       -
       	op := Operation{

     

       81
       -
       		Type: "plc_operation",

     

       82
        
       		VerificationMethods: map[string]string{

     

       83
        
       			"atproto": pubsigkey.DIDKey(),

     

       84
        
       		},

     
···

       92
        
       				Endpoint: "https://" + c.pdsHostname,

     

       93
        
       			},

     

       94
        
       		},

     

       95
       -
       		Prev: nil,

     

       96
        
       	}

     

       97
        
       

     

       98
       -
       	if err := c.SignOp(sigkey, &op); err != nil {

     

       99
       -
       		return "", nil, err

     

       100
       -
       	}

     

       101
       -
       

     

       102
       -
       	did, err := DidFromOp(&op)

     

       103
       -
       	if err != nil {

     

       104
       -
       		return "", nil, err

     

       105
       -
       	}

     

       106
       -
       

     

       107
       -
       	return did, &op, nil

     

       108
        
       }

     

       109
        
       

     

       110
        
       func (c *Client) SignOp(sigkey *atcrypto.PrivateKeyK256, op *Operation) error {

···

       55
        
       }

     

       56
        
       

     

       57
        
       func (c *Client) CreateDID(sigkey *atcrypto.PrivateKeyK256, recovery string, handle string) (string, *Operation, error) {

     

       58
       +
       	creds, err := c.CreateDidCredentials(sigkey, recovery, handle)

     

       59
        
       	if err != nil {

     

       60
        
       		return "", nil, err

     

       61
        
       	}

     

       62
        
       

     

       63
       +
       	op := Operation{

     

       64
       +
       		Type: "plc_operation",

     

       65
       +
       		VerificationMethods: creds.VerificationMethods,

     

       66
       +
       		RotationKeys: creds.RotationKeys,

     

       67
       +
       		AlsoKnownAs: creds.AlsoKnownAs,

     

       68
       +
       		Services: creds.Services,

     

       69
       +
       		Prev: nil,

     

       70
       +
       	}

     

       71
       +
       

     

       72
       +
       	if err := c.SignOp(sigkey, &op); err != nil {

     

       73
       +
       		return "", nil, err

     

       74
       +
       	}

     

       75
       +
       

     

       76
       +
       	did, err := DidFromOp(&op)

     

       77
        
       	if err != nil {

     

       78
        
       		return "", nil, err

     

       79
        
       	}

     

       80
        
       

     

       81
       +
       	return did, &op, nil

     

       82
       +
       }

     

       83
       +
       

     

       84
       +
       func (c *Client) CreateDidCredentials(sigkey *atcrypto.PrivateKeyK256, recovery string, handle string) (*DidCredentials, error) {

     

       85
       +
       	pubsigkey, err := sigkey.PublicKey()

     

       86
       +
       	if err != nil {

     

       87
       +
       		return nil, err

     

       88
       +
       	}

     

       89
       +
       

     

       90
       +
       	pubrotkey, err := c.rotationKey.PublicKey()

     

       91
       +
       	if err != nil {

     

       92
       +
       		return nil, err

     

       93
       +
       	}

     

       94
       +
       

     

       95
        
       	// todo

     

       96
        
       	rotationKeys := []string{pubrotkey.DIDKey()}

     

       97
        
       	if recovery != "" {

     
···

       104
        
       		}(recovery)

     

       105
        
       	}

     

       106
        
       

     

       107
       +
       	creds := DidCredentials{

     

       0
        
       
     

       108
        
       		VerificationMethods: map[string]string{

     

       109
        
       			"atproto": pubsigkey.DIDKey(),

     

       110
        
       		},

     
···

       118
        
       				Endpoint: "https://" + c.pdsHostname,

     

       119
        
       			},

     

       120
        
       		},

     

       0
        
       
     

       121
        
       	}

     

       122
        
       

     

       123
       +
       	return &creds, nil

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       124
        
       }

     

       125
        
       

     

       126
        
       func (c *Client) SignOp(sigkey *atcrypto.PrivateKeyK256, op *Operation) error {

plc/types.go

···

       8
        
       	cbg "github.com/whyrusleeping/cbor-gen"

     

       9
        
       )

     

       10
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
       type Operation struct {

     

       12
        
       	Type                string                               `json:"type"`

     

       13
        
       	VerificationMethods map[string]string                    `json:"verificationMethods"`

···

       8
        
       	cbg "github.com/whyrusleeping/cbor-gen"

     

       9
        
       )

     

       10
        
       

     

       11
       +
       

     

       12
       +
       type DidCredentials struct {

     

       13
       +
       	VerificationMethods map[string]string                    `json:"verificationMethods"`

     

       14
       +
       	RotationKeys        []string                             `json:"rotationKeys"`

     

       15
       +
       	AlsoKnownAs         []string                             `json:"alsoKnownAs"`

     

       16
       +
       	Services            map[string]identity.OperationService `json:"services"`

     

       17
       +
       }

     

       18
       +
       

     

       19
        
       type Operation struct {

     

       20
        
       	Type                string                               `json:"type"`

     

       21
        
       	VerificationMethods map[string]string                    `json:"verificationMethods"`

+24

server/handle_identity_get_recommended_did_credentials.go

···

       1
       +
       package server

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       5
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       6
       +
       	"github.com/haileyok/cocoon/models"

     

       7
       +
       	"github.com/labstack/echo/v4"

     

       8
       +
       )

     

       9
       +
       

     

       10
       +
       func (s *Server) handleGetRecommendedDidCredentials(e echo.Context) error {

     

       11
       +
       	repo := e.Get("repo").(*models.RepoActor)

     

       12
       +
       	k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       13
       +
       	if err != nil {

     

       14
       +
       		s.logger.Error("error parsing key", "error", err)

     

       15
       +
       		return helpers.ServerError(e, nil)

     

       16
       +
       	}

     

       17
       +
       	creds, err := s.plcClient.CreateDidCredentials(k, "", repo.Actor.Handle)

     

       18
       +
       	if err != nil {

     

       19
       +
       		s.logger.Error("error crating did credentials", "error", err)

     

       20
       +
       		return helpers.ServerError(e, nil)

     

       21
       +
       	}

     

       22
       +
       

     

       23
       +
       	return e.JSON(200, creds)

     

       24
       +
       }

+87

server/handle_identity_submit_plc_operation.go

···

       1
       +
       package server

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"slices"

     

       6
       +
       	"strings"

     

       7
       +
       	"time"

     

       8
       +
       

     

       9
       +
       	"github.com/bluesky-social/indigo/api/atproto"

     

       10
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       11
       +
       	"github.com/bluesky-social/indigo/events"

     

       12
       +
       	"github.com/bluesky-social/indigo/util"

     

       13
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       14
       +
       	"github.com/haileyok/cocoon/models"

     

       15
       +
       	"github.com/haileyok/cocoon/plc"

     

       16
       +
       	"github.com/labstack/echo/v4"

     

       17
       +
       )

     

       18
       +
       

     

       19
       +
       type ComAtprotoSubmitPlcOperationRequest struct {

     

       20
       +
       	Operation plc.Operation `json:"operation"`

     

       21
       +
       }

     

       22
       +
       

     

       23
       +
       func (s *Server) handleSubmitPlcOperation(e echo.Context) error {

     

       24
       +
       	repo := e.Get("repo").(*models.RepoActor)

     

       25
       +
       

     

       26
       +
       	var req ComAtprotoSubmitPlcOperationRequest

     

       27
       +
       	if err := e.Bind(&req); err != nil {

     

       28
       +
       		s.logger.Error("error binding", "error", err)

     

       29
       +
       		return helpers.ServerError(e, nil)

     

       30
       +
       	}

     

       31
       +
       

     

       32
       +
       	if err := e.Validate(req); err != nil {

     

       33
       +
       		return helpers.InputError(e, nil)

     

       34
       +
       	}

     

       35
       +
       	if !strings.HasPrefix(repo.Repo.Did, "did:plc:") {

     

       36
       +
       		return helpers.InputError(e, nil)

     

       37
       +
       	}

     

       38
       +
       

     

       39
       +
       	op := req.Operation;

     

       40
       +
       

     

       41
       +
       	k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       42
       +
       	if err != nil {

     

       43
       +
       		s.logger.Error("error parsing key", "error", err)

     

       44
       +
       		return helpers.ServerError(e, nil)

     

       45
       +
       	}

     

       46
       +
       	required, err := s.plcClient.CreateDidCredentials(k, "", repo.Actor.Handle)

     

       47
       +
       	if err != nil {

     

       48
       +
       		s.logger.Error("error crating did credentials", "error", err)

     

       49
       +
       		return helpers.ServerError(e, nil)

     

       50
       +
       	}

     

       51
       +
       

     

       52
       +
       	for _, expectedKey := range required.RotationKeys {

     

       53
       +
       		if !slices.Contains(op.RotationKeys, expectedKey) {

     

       54
       +
       			return helpers.InputError(e, nil)

     

       55
       +
       		}

     

       56
       +
       	}

     

       57
       +
       	if op.Services["atproto_pds"].Type != "AtprotoPersonalDataServer" {

     

       58
       +
       		return helpers.InputError(e, nil)

     

       59
       +
       	}

     

       60
       +
       	if op.Services["atproto_pds"].Endpoint != required.Services["atproto_pds"].Endpoint {

     

       61
       +
       		return helpers.InputError(e, nil)

     

       62
       +
       	}

     

       63
       +
       	if op.VerificationMethods["atproto"] != required.VerificationMethods["atproto"] {

     

       64
       +
       		return helpers.InputError(e, nil)

     

       65
       +
       	}

     

       66
       +
       	if op.AlsoKnownAs[0] != required.AlsoKnownAs[0] {

     

       67
       +
       		return helpers.InputError(e, nil)

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	if err := s.plcClient.SendOperation(e.Request().Context(), repo.Repo.Did, &op); err != nil {

     

       71
       +
       		return err

     

       72
       +
       	}

     

       73
       +
       

     

       74
       +
       	if err := s.passport.BustDoc(context.TODO(), repo.Repo.Did); err != nil {

     

       75
       +
       		s.logger.Warn("error busting did doc", "error", err)

     

       76
       +
       	}

     

       77
       +
       

     

       78
       +
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       79
       +
       		RepoIdentity: &atproto.SyncSubscribeRepos_Identity{

     

       80
       +
       			Did:    repo.Repo.Did,

     

       81
       +
       			Seq:    time.Now().UnixMicro(), // TODO: no

     

       82
       +
       			Time:   time.Now().Format(util.ISO8601),

     

       83
       +
       		},

     

       84
       +
       	})

     

       85
       +
       

     

       86
       +
       	return nil

     

       87
       +
       }

+1 -1

server/handle_import_repo.go

···

       87
        
       			Value:     b.RawData(),

     

       88
        
       		}

     

       89
        
       

     

       90
       -
       		if err := tx.Create(rec).Error; err != nil {

     

       91
        
       			return err

     

       92
        
       		}

     

       93

···

       87
        
       			Value:     b.RawData(),

     

       88
        
       		}

     

       89
        
       

     

       90
       +
       		if err := tx.Save(rec).Error; err != nil {

     

       91
        
       			return err

     

       92
        
       		}

     

       93

server/server.go

···

       459
        
       	s.echo.GET("/xrpc/com.atproto.server.getSession", s.handleGetSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       460
        
       	s.echo.POST("/xrpc/com.atproto.server.refreshSession", s.handleRefreshSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       461
        
       	s.echo.POST("/xrpc/com.atproto.server.deleteSession", s.handleDeleteSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       0
        
       
     

       462
        
       	s.echo.POST("/xrpc/com.atproto.identity.updateHandle", s.handleIdentityUpdateHandle, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       0
        
       
     

       463
        
       	s.echo.POST("/xrpc/com.atproto.server.confirmEmail", s.handleServerConfirmEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       464
        
       	s.echo.POST("/xrpc/com.atproto.server.requestEmailConfirmation", s.handleServerRequestEmailConfirmation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       465
        
       	s.echo.POST("/xrpc/com.atproto.server.requestPasswordReset", s.handleServerRequestPasswordReset) // AUTH NOT REQUIRED FOR THIS ONE

···

       459
        
       	s.echo.GET("/xrpc/com.atproto.server.getSession", s.handleGetSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       460
        
       	s.echo.POST("/xrpc/com.atproto.server.refreshSession", s.handleRefreshSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       461
        
       	s.echo.POST("/xrpc/com.atproto.server.deleteSession", s.handleDeleteSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       462
       +
       	s.echo.GET("/xrpc/com.atproto.identity.getRecommendedDidCredentials", s.handleGetRecommendedDidCredentials, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       463
        
       	s.echo.POST("/xrpc/com.atproto.identity.updateHandle", s.handleIdentityUpdateHandle, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       464
       +
       	s.echo.POST("/xrpc/com.atproto.identity.submitPlcOperation", s.handleSubmitPlcOperation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       465
        
       	s.echo.POST("/xrpc/com.atproto.server.confirmEmail", s.handleServerConfirmEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       466
        
       	s.echo.POST("/xrpc/com.atproto.server.requestEmailConfirmation", s.handleServerRequestEmailConfirmation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       467
        
       	s.echo.POST("/xrpc/com.atproto.server.requestPasswordReset", s.handleServerRequestPasswordReset) // AUTH NOT REQUIRED FOR THIS ONE