···

       
1
       
1
       
+
       
name: Docker image

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
on:

     

       
4
       
4
       
+
       
  workflow_dispatch:

     

       
5
       
5
       
+
       
  push:

     

       
6
       
6
       
+
       


     

       
7
       
7
       
+
       
env:

     

       
8
       
8
       
+
       
  REGISTRY: ghcr.io

     

       
9
       
9
       
+
       
  IMAGE_NAME: ${{ github.repository }}

     

       
10
       
10
       
+
       


     

       
11
       
11
       
+
       
jobs:

     

       
12
       
12
       
+
       
  build-and-push-image:

     

       
13
       
13
       
+
       
    runs-on: ubuntu-latest

     

       
14
       
14
       
+
       
    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.

     

       
15
       
15
       
+
       
    permissions:

     

       
16
       
16
       
+
       
      contents: read

     

       
17
       
17
       
+
       
      packages: write

     

       
18
       
18
       
+
       
      attestations: write

     

       
19
       
19
       
+
       
      id-token: write

     

       
20
       
20
       
+
       
      #

     

       
21
       
21
       
+
       
    steps:

     

       
22
       
22
       
+
       
      - name: Checkout repository

     

       
23
       
23
       
+
       
        uses: actions/checkout@v4

     

       
24
       
24
       
+
       
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.

     

       
25
       
25
       
+
       
      - name: Log in to the Container registry

     

       
26
       
26
       
+
       
        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1

     

       
27
       
27
       
+
       
        with:

     

       
28
       
28
       
+
       
          registry: ${{ env.REGISTRY }}

     

       
29
       
29
       
+
       
          username: ${{ github.actor }}

     

       
30
       
30
       
+
       
          password: ${{ secrets.GITHUB_TOKEN }}

     

       
31
       
31
       
+
       
      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.

     

       
32
       
32
       
+
       
      - name: Extract metadata (tags, labels) for Docker

     

       
33
       
33
       
+
       
        id: meta

     

       
34
       
34
       
+
       
        uses: docker/metadata-action@v5

     

       
35
       
35
       
+
       
        with:

     

       
36
       
36
       
+
       
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

     

       
37
       
37
       
+
       
          tags: |

     

       
38
       
38
       
+
       
            type=sha

     

       
39
       
39
       
+
       
            type=sha,format=long

     

       
40
       
40
       
+
       
      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.

     

       
41
       
41
       
+
       
      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.

     

       
42
       
42
       
+
       
      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.

     

       
43
       
43
       
+
       
      - name: Build and push Docker image

     

       
44
       
44
       
+
       
        id: push

     

       
45
       
45
       
+
       
        uses: docker/build-push-action@v5

     

       
46
       
46
       
+
       
        with:

     

       
47
       
47
       
+
       
          context: .

     

       
48
       
48
       
+
       
          push: true

     

       
49
       
49
       
+
       
          tags: ${{ steps.meta.outputs.tags }}

     

       
50
       
50
       
+
       
          labels: ${{ steps.meta.outputs.labels }}

     

       
51
       
51
       
+
       


     

       
52
       
52
       
+
       
      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."

     

       
53
       
53
       
+
       
      - name: Generate artifact attestation

     

       
54
       
54
       
+
       
        uses: actions/attest-build-provenance@v1

     

       
55
       
55
       
+
       
        with:

     

       
56
       
56
       
+
       
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}

     

       
57
       
57
       
+
       
          subject-digest: ${{ steps.push.outputs.digest }}

     

       
58
       
58
       
+
       
          push-to-registry: true
     

···

       
1
       
1
       
+
       
### Compile stage

     

       
2
       
2
       
+
       
FROM golang:1.25.1-bookworm AS build-env

     

       
3
       
3
       
+
       


     

       
4
       
4
       
+
       
ADD . /dockerbuild

     

       
5
       
5
       
+
       
WORKDIR /dockerbuild

     

       
6
       
6
       
+
       


     

       
7
       
7
       
+
       
RUN GIT_VERSION=$(git describe --tags --long --always || echo "dev-local") && \

     

       
8
       
8
       
+
       
    go mod tidy && \

     

       
9
       
9
       
+
       
    go build -ldflags "-X main.Version=$GIT_VERSION" -o cocoon ./cmd/cocoon

     

       
10
       
10
       
+
       


     

       
11
       
11
       
+
       
### Run stage

     

       
12
       
12
       
+
       
FROM debian:bookworm-slim AS run

     

       
13
       
13
       
+
       


     

       
14
       
14
       
+
       
RUN apt-get update && apt-get install -y dumb-init runit ca-certificates && rm -rf /var/lib/apt/lists/*

     

       
15
       
15
       
+
       
ENTRYPOINT ["dumb-init", "--"]

     

       
16
       
16
       
+
       


     

       
17
       
17
       
+
       
WORKDIR /

     

       
18
       
18
       
+
       
RUN mkdir -p data/cocoon

     

       
19
       
19
       
+
       
COPY --from=build-env /dockerbuild/cocoon /

     

       
20
       
20
       
+
       


     

       
21
       
21
       
+
       
CMD ["/cocoon", "run"]

     

       
22
       
22
       
+
       


     

       
23
       
23
       
+
       
LABEL org.opencontainers.image.source=https://github.com/haileyok/cocoon

     

       
24
       
24
       
+
       
LABEL org.opencontainers.image.description="Cocoon ATProto PDS"

     

       
25
       
25
       
+
       
LABEL org.opencontainers.image.licenses=MIT
     

···

       
40
       
40
       
 
       


     

       
41
       
41
       
 
       
.env:

     

       
42
       
42
       
 
       
	if [ ! -f ".env" ]; then cp example.dev.env .env; fi

     

       
43
       
43
       
+
       


     

       
44
       
44
       
+
       
.PHONY: docker-build

     

       
45
       
45
       
+
       
docker-build:

     

       
46
       
46
       
+
       
	docker build -t cocoon .
     

···

       
5
       
5
       
 
       


     

       
6
       
6
       
 
       
Cocoon is a PDS implementation in Go. It is highly experimental, and is not ready for any production use.

     

       
7
       
7
       
 
       


     

       
8
       
8
       
-
       
### Impmlemented Endpoints

     

       
8
       
8
       
+
       
## Implemented Endpoints

     

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
> [!NOTE]

     

       
11
       
11
       
-
       
Just because something is implemented doesn't mean it is finisehd. Tons of these are returning bad errors, don't do validation properly, etc. I'll make a "second pass" checklist at some point to do all of that.

     

       
11
       
11
       
+
       
Just because something is implemented doesn't mean it is finished. Tons of these are returning bad errors, don't do validation properly, etc. I'll make a "second pass" checklist at some point to do all of that.

     

       
12
       
12
       
 
       


     

       
13
       
13
       
-
       
#### Identity

     

       
14
       
14
       
-
       
- [ ] com.atproto.identity.getRecommendedDidCredentials

     

       
15
       
15
       
-
       
- [ ] com.atproto.identity.requestPlcOperationSignature

     

       
16
       
16
       
-
       
- [x] com.atproto.identity.resolveHandle

     

       
17
       
17
       
-
       
- [ ] com.atproto.identity.signPlcOperation

     

       
18
       
18
       
-
       
- [ ] com.atproto.identity.submitPlcOperatioin

     

       
19
       
19
       
-
       
- [x] com.atproto.identity.updateHandle

     

       
13
       
13
       
+
       
### Identity

     

       
20
       
14
       
 
       


     

       
21
       
21
       
-
       
#### Repo

     

       
22
       
22
       
-
       
- [x] com.atproto.repo.applyWrites

     

       
23
       
23
       
-
       
- [x] com.atproto.repo.createRecord

     

       
24
       
24
       
-
       
- [x] com.atproto.repo.putRecord

     

       
25
       
25
       
-
       
- [x] com.atproto.repo.deleteRecord

     

       
26
       
26
       
-
       
- [x] com.atproto.repo.describeRepo

     

       
27
       
27
       
-
       
- [x] com.atproto.repo.getRecord

     

       
28
       
28
       
-
       
- [ ] com.atproto.repo.importRepo

     

       
29
       
29
       
-
       
- [x] com.atproto.repo.listRecords

     

       
30
       
30
       
-
       
- [ ] com.atproto.repo.listMissingBlobs

     

       
15
       
15
       
+
       
- [ ] `com.atproto.identity.getRecommendedDidCredentials`

     

       
16
       
16
       
+
       
- [ ] `com.atproto.identity.requestPlcOperationSignature`

     

       
17
       
17
       
+
       
- [x] `com.atproto.identity.resolveHandle`

     

       
18
       
18
       
+
       
- [ ] `com.atproto.identity.signPlcOperation`

     

       
19
       
19
       
+
       
- [ ] `com.atproto.identity.submitPlcOperation`

     

       
20
       
20
       
+
       
- [x] `com.atproto.identity.updateHandle`

     

       
31
       
21
       
 
       


     

       
32
       
32
       
-
       
#### Server

     

       
33
       
33
       
-
       
- [ ] com.atproto.server.activateAccount

     

       
34
       
34
       
-
       
- [x] com.atproto.server.checkAccountStatus

     

       
35
       
35
       
-
       
- [x] com.atproto.server.confirmEmail

     

       
36
       
36
       
-
       
- [x] com.atproto.server.createAccount

     

       
37
       
37
       
-
       
- [x] com.atproto.server.createInviteCode

     

       
38
       
38
       
-
       
- [x] com.atproto.server.createInviteCodes

     

       
39
       
39
       
-
       
- [ ] com.atproto.server.deactivateAccount

     

       
40
       
40
       
-
       
- [ ] com.atproto.server.deleteAccount

     

       
41
       
41
       
-
       
- [x] com.atproto.server.deleteSession

     

       
42
       
42
       
-
       
- [x] com.atproto.server.describeServer

     

       
43
       
43
       
-
       
- [ ] com.atproto.server.getAccountInviteCodes

     

       
44
       
44
       
-
       
- [ ] com.atproto.server.getServiceAuth

     

       
45
       
45
       
-
       
- ~[ ] com.atproto.server.listAppPasswords~ - not going to add app passwords

     

       
46
       
46
       
-
       
- [x] com.atproto.server.refreshSession

     

       
47
       
47
       
-
       
- [ ] com.atproto.server.requestAccountDelete

     

       
48
       
48
       
-
       
- [x] com.atproto.server.requestEmailConfirmation

     

       
49
       
49
       
-
       
- [x] com.atproto.server.requestEmailUpdate

     

       
50
       
50
       
-
       
- [x] com.atproto.server.requestPasswordReset

     

       
51
       
51
       
-
       
- [ ] com.atproto.server.reserveSigningKey

     

       
52
       
52
       
-
       
- [x] com.atproto.server.resetPassword

     

       
53
       
53
       
-
       
- ~[ ] com.atproto.server.revokeAppPassword~ - not going to add app passwords

     

       
54
       
54
       
-
       
- [x] com.atproto.server.updateEmail

     

       
22
       
22
       
+
       
### Repo

     

       
55
       
23
       
 
       


     

       
56
       
56
       
-
       
#### Sync

     

       
57
       
57
       
-
       
- [x] com.atproto.sync.getBlob

     

       
58
       
58
       
-
       
- [x] com.atproto.sync.getBlocks

     

       
59
       
59
       
-
       
- [x] com.atproto.sync.getLatestCommit

     

       
60
       
60
       
-
       
- [x] com.atproto.sync.getRecord

     

       
61
       
61
       
-
       
- [x] com.atproto.sync.getRepoStatus

     

       
62
       
62
       
-
       
- [x] com.atproto.sync.getRepo

     

       
63
       
63
       
-
       
- [x] com.atproto.sync.listBlobs

     

       
64
       
64
       
-
       
- [x] com.atproto.sync.listRepos

     

       
65
       
65
       
-
       
- ~[ ] com.atproto.sync.notifyOfUpdate~ - BGS doesn't even have this implemented lol

     

       
66
       
66
       
-
       
- [x] com.atproto.sync.requestCrawl

     

       
67
       
67
       
-
       
- [x] com.atproto.sync.subscribeRepos

     

       
24
       
24
       
+
       
- [x] `com.atproto.repo.applyWrites`

     

       
25
       
25
       
+
       
- [x] `com.atproto.repo.createRecord`

     

       
26
       
26
       
+
       
- [x] `com.atproto.repo.putRecord`

     

       
27
       
27
       
+
       
- [x] `com.atproto.repo.deleteRecord`

     

       
28
       
28
       
+
       
- [x] `com.atproto.repo.describeRepo`

     

       
29
       
29
       
+
       
- [x] `com.atproto.repo.getRecord`

     

       
30
       
30
       
+
       
- [x] `com.atproto.repo.importRepo` (Works "okay". You still have to handle PLC operations on your own when migrating. Use with extreme caution.)

     

       
31
       
31
       
+
       
- [x] `com.atproto.repo.listRecords`

     

       
32
       
32
       
+
       
- [ ] `com.atproto.repo.listMissingBlobs`

     

       
33
       
33
       
+
       


     

       
34
       
34
       
+
       
### Server

     

       
35
       
35
       
+
       


     

       
36
       
36
       
+
       
- [x] `com.atproto.server.activateAccount`

     

       
37
       
37
       
+
       
- [x] `com.atproto.server.checkAccountStatus`

     

       
38
       
38
       
+
       
- [x] `com.atproto.server.confirmEmail`

     

       
39
       
39
       
+
       
- [x] `com.atproto.server.createAccount`

     

       
40
       
40
       
+
       
- [x] `com.atproto.server.createInviteCode`

     

       
41
       
41
       
+
       
- [x] `com.atproto.server.createInviteCodes`

     

       
42
       
42
       
+
       
- [x] `com.atproto.server.deactivateAccount`

     

       
43
       
43
       
+
       
- [ ] `com.atproto.server.deleteAccount`

     

       
44
       
44
       
+
       
- [x] `com.atproto.server.deleteSession`

     

       
45
       
45
       
+
       
- [x] `com.atproto.server.describeServer`

     

       
46
       
46
       
+
       
- [ ] `com.atproto.server.getAccountInviteCodes`

     

       
47
       
47
       
+
       
- [ ] `com.atproto.server.getServiceAuth`

     

       
48
       
48
       
+
       
- ~~[ ] `com.atproto.server.listAppPasswords`~~ - not going to add app passwords

     

       
49
       
49
       
+
       
- [x] `com.atproto.server.refreshSession`

     

       
50
       
50
       
+
       
- [ ] `com.atproto.server.requestAccountDelete`

     

       
51
       
51
       
+
       
- [x] `com.atproto.server.requestEmailConfirmation`

     

       
52
       
52
       
+
       
- [x] `com.atproto.server.requestEmailUpdate`

     

       
53
       
53
       
+
       
- [x] `com.atproto.server.requestPasswordReset`

     

       
54
       
54
       
+
       
- [ ] `com.atproto.server.reserveSigningKey`

     

       
55
       
55
       
+
       
- [x] `com.atproto.server.resetPassword`

     

       
56
       
56
       
+
       
- ~~[] `com.atproto.server.revokeAppPassword`~~ - not going to add app passwords

     

       
57
       
57
       
+
       
- [x] `com.atproto.server.updateEmail`

     

       
68
       
58
       
 
       


     

       
69
       
69
       
-
       
#### Other

     

       
70
       
70
       
-
       
- [ ] com.atproto.label.queryLabels

     

       
71
       
71
       
-
       
- [ ] com.atproto.moderation.createReport

     

       
72
       
72
       
-
       
- [x] app.bsky.actor.getPreferences

     

       
73
       
73
       
-
       
- [x] app.bsky.actor.putPreferences

     

       
59
       
59
       
+
       
### Sync

     

       
74
       
60
       
 
       


     

       
61
       
61
       
+
       
- [x] `com.atproto.sync.getBlob`

     

       
62
       
62
       
+
       
- [x] `com.atproto.sync.getBlocks`

     

       
63
       
63
       
+
       
- [x] `com.atproto.sync.getLatestCommit`

     

       
64
       
64
       
+
       
- [x] `com.atproto.sync.getRecord`

     

       
65
       
65
       
+
       
- [x] `com.atproto.sync.getRepoStatus`

     

       
66
       
66
       
+
       
- [x] `com.atproto.sync.getRepo`

     

       
67
       
67
       
+
       
- [x] `com.atproto.sync.listBlobs`

     

       
68
       
68
       
+
       
- [x] `com.atproto.sync.listRepos`

     

       
69
       
69
       
+
       
- ~~[ ] `com.atproto.sync.notifyOfUpdate`~~ - BGS doesn't even have this implemented lol

     

       
70
       
70
       
+
       
- [x] `com.atproto.sync.requestCrawl`

     

       
71
       
71
       
+
       
- [x] `com.atproto.sync.subscribeRepos`

     

       
72
       
72
       
+
       


     

       
73
       
73
       
+
       
### Other

     

       
74
       
74
       
+
       


     

       
75
       
75
       
+
       
- [ ] `com.atproto.label.queryLabels`

     

       
76
       
76
       
+
       
- [x] `com.atproto.moderation.createReport` (Note: this should be handled by proxying, not actually implemented in the PDS)

     

       
77
       
77
       
+
       
- [x] `app.bsky.actor.getPreferences`

     

       
78
       
78
       
+
       
- [x] `app.bsky.actor.putPreferences`

     

       
75
       
79
       
 
       


     

       
76
       
80
       
 
       
## License

     

       
77
       
81
       
 
       


     

···

       
1
       
1
       
-
       
package blockstore

     

       
2
       
2
       
-
       


     

       
3
       
3
       
-
       
import (

     

       
4
       
4
       
-
       
	"context"

     

       
5
       
5
       
-
       
	"fmt"

     

       
6
       
6
       
-
       


     

       
7
       
7
       
-
       
	"github.com/bluesky-social/indigo/atproto/syntax"

     

       
8
       
8
       
-
       
	"github.com/haileyok/cocoon/internal/db"

     

       
9
       
9
       
-
       
	"github.com/haileyok/cocoon/models"

     

       
10
       
10
       
-
       
	blocks "github.com/ipfs/go-block-format"

     

       
11
       
11
       
-
       
	"github.com/ipfs/go-cid"

     

       
12
       
12
       
-
       
	"gorm.io/gorm/clause"

     

       
13
       
13
       
-
       
)

     

       
14
       
14
       
-
       


     

       
15
       
15
       
-
       
type SqliteBlockstore struct {

     

       
16
       
16
       
-
       
	db       *db.DB

     

       
17
       
17
       
-
       
	did      string

     

       
18
       
18
       
-
       
	readonly bool

     

       
19
       
19
       
-
       
	inserts  map[cid.Cid]blocks.Block

     

       
20
       
20
       
-
       
}

     

       
21
       
21
       
-
       


     

       
22
       
22
       
-
       
func New(did string, db *db.DB) *SqliteBlockstore {

     

       
23
       
23
       
-
       
	return &SqliteBlockstore{

     

       
24
       
24
       
-
       
		did:      did,

     

       
25
       
25
       
-
       
		db:       db,

     

       
26
       
26
       
-
       
		readonly: false,

     

       
27
       
27
       
-
       
		inserts:  map[cid.Cid]blocks.Block{},

     

       
28
       
28
       
-
       
	}

     

       
29
       
29
       
-
       
}

     

       
30
       
30
       
-
       


     

       
31
       
31
       
-
       
func NewReadOnly(did string, db *db.DB) *SqliteBlockstore {

     

       
32
       
32
       
-
       
	return &SqliteBlockstore{

     

       
33
       
33
       
-
       
		did:      did,

     

       
34
       
34
       
-
       
		db:       db,

     

       
35
       
35
       
-
       
		readonly: true,

     

       
36
       
36
       
-
       
		inserts:  map[cid.Cid]blocks.Block{},

     

       
37
       
37
       
-
       
	}

     

       
38
       
38
       
-
       
}

     

       
39
       
39
       
-
       


     

       
40
       
40
       
-
       
func (bs *SqliteBlockstore) Get(ctx context.Context, cid cid.Cid) (blocks.Block, error) {

     

       
41
       
41
       
-
       
	var block models.Block

     

       
42
       
42
       
-
       


     

       
43
       
43
       
-
       
	maybeBlock, ok := bs.inserts[cid]

     

       
44
       
44
       
-
       
	if ok {

     

       
45
       
45
       
-
       
		return maybeBlock, nil

     

       
46
       
46
       
-
       
	}

     

       
47
       
47
       
-
       


     

       
48
       
48
       
-
       
	if err := bs.db.Raw("SELECT * FROM blocks WHERE did = ? AND cid = ?", nil, bs.did, cid.Bytes()).Scan(&block).Error; err != nil {

     

       
49
       
49
       
-
       
		return nil, err

     

       
50
       
50
       
-
       
	}

     

       
51
       
51
       
-
       


     

       
52
       
52
       
-
       
	b, err := blocks.NewBlockWithCid(block.Value, cid)

     

       
53
       
53
       
-
       
	if err != nil {

     

       
54
       
54
       
-
       
		return nil, err

     

       
55
       
55
       
-
       
	}

     

       
56
       
56
       
-
       


     

       
57
       
57
       
-
       
	return b, nil

     

       
58
       
58
       
-
       
}

     

       
59
       
59
       
-
       


     

       
60
       
60
       
-
       
func (bs *SqliteBlockstore) Put(ctx context.Context, block blocks.Block) error {

     

       
61
       
61
       
-
       
	bs.inserts[block.Cid()] = block

     

       
62
       
62
       
-
       


     

       
63
       
63
       
-
       
	if bs.readonly {

     

       
64
       
64
       
-
       
		return nil

     

       
65
       
65
       
-
       
	}

     

       
66
       
66
       
-
       


     

       
67
       
67
       
-
       
	b := models.Block{

     

       
68
       
68
       
-
       
		Did:   bs.did,

     

       
69
       
69
       
-
       
		Cid:   block.Cid().Bytes(),

     

       
70
       
70
       
-
       
		Rev:   syntax.NewTIDNow(0).String(), // TODO: WARN, this is bad. don't do this

     

       
71
       
71
       
-
       
		Value: block.RawData(),

     

       
72
       
72
       
-
       
	}

     

       
73
       
73
       
-
       


     

       
74
       
74
       
-
       
	if err := bs.db.Create(&b, []clause.Expression{clause.OnConflict{

     

       
75
       
75
       
-
       
		Columns:   []clause.Column{{Name: "did"}, {Name: "cid"}},

     

       
76
       
76
       
-
       
		UpdateAll: true,

     

       
77
       
77
       
-
       
	}}).Error; err != nil {

     

       
78
       
78
       
-
       
		return err

     

       
79
       
79
       
-
       
	}

     

       
80
       
80
       
-
       


     

       
81
       
81
       
-
       
	return nil

     

       
82
       
82
       
-
       
}

     

       
83
       
83
       
-
       


     

       
84
       
84
       
-
       
func (bs *SqliteBlockstore) DeleteBlock(context.Context, cid.Cid) error {

     

       
85
       
85
       
-
       
	panic("not implemented")

     

       
86
       
86
       
-
       
}

     

       
87
       
87
       
-
       


     

       
88
       
88
       
-
       
func (bs *SqliteBlockstore) Has(context.Context, cid.Cid) (bool, error) {

     

       
89
       
89
       
-
       
	panic("not implemented")

     

       
90
       
90
       
-
       
}

     

       
91
       
91
       
-
       


     

       
92
       
92
       
-
       
func (bs *SqliteBlockstore) GetSize(context.Context, cid.Cid) (int, error) {

     

       
93
       
93
       
-
       
	panic("not implemented")

     

       
94
       
94
       
-
       
}

     

       
95
       
95
       
-
       


     

       
96
       
96
       
-
       
func (bs *SqliteBlockstore) PutMany(ctx context.Context, blocks []blocks.Block) error {

     

       
97
       
97
       
-
       
	tx := bs.db.BeginDangerously()

     

       
98
       
98
       
-
       


     

       
99
       
99
       
-
       
	for _, block := range blocks {

     

       
100
       
100
       
-
       
		bs.inserts[block.Cid()] = block

     

       
101
       
101
       
-
       


     

       
102
       
102
       
-
       
		if bs.readonly {

     

       
103
       
103
       
-
       
			continue

     

       
104
       
104
       
-
       
		}

     

       
105
       
105
       
-
       


     

       
106
       
106
       
-
       
		b := models.Block{

     

       
107
       
107
       
-
       
			Did:   bs.did,

     

       
108
       
108
       
-
       
			Cid:   block.Cid().Bytes(),

     

       
109
       
109
       
-
       
			Rev:   syntax.NewTIDNow(0).String(), // TODO: WARN, this is bad. don't do this

     

       
110
       
110
       
-
       
			Value: block.RawData(),

     

       
111
       
111
       
-
       
		}

     

       
112
       
112
       
-
       


     

       
113
       
113
       
-
       
		if err := tx.Clauses(clause.OnConflict{

     

       
114
       
114
       
-
       
			Columns:   []clause.Column{{Name: "did"}, {Name: "cid"}},

     

       
115
       
115
       
-
       
			UpdateAll: true,

     

       
116
       
116
       
-
       
		}).Create(&b).Error; err != nil {

     

       
117
       
117
       
-
       
			tx.Rollback()

     

       
118
       
118
       
-
       
			return err

     

       
119
       
119
       
-
       
		}

     

       
120
       
120
       
-
       
	}

     

       
121
       
121
       
-
       


     

       
122
       
122
       
-
       
	if bs.readonly {

     

       
123
       
123
       
-
       
		return nil

     

       
124
       
124
       
-
       
	}

     

       
125
       
125
       
-
       


     

       
126
       
126
       
-
       
	tx.Commit()

     

       
127
       
127
       
-
       


     

       
128
       
128
       
-
       
	return nil

     

       
129
       
129
       
-
       
}

     

       
130
       
130
       
-
       


     

       
131
       
131
       
-
       
func (bs *SqliteBlockstore) AllKeysChan(ctx context.Context) (<-chan cid.Cid, error) {

     

       
132
       
132
       
-
       
	panic("not implemented")

     

       
133
       
133
       
-
       
}

     

       
134
       
134
       
-
       


     

       
135
       
135
       
-
       
func (bs *SqliteBlockstore) HashOnRead(enabled bool) {

     

       
136
       
136
       
-
       
	panic("not implemented")

     

       
137
       
137
       
-
       
}

     

       
138
       
138
       
-
       


     

       
139
       
139
       
-
       
func (bs *SqliteBlockstore) UpdateRepo(ctx context.Context, root cid.Cid, rev string) error {

     

       
140
       
140
       
-
       
	if err := bs.db.Exec("UPDATE repos SET root = ?, rev = ? WHERE did = ?", nil, root.Bytes(), rev, bs.did).Error; err != nil {

     

       
141
       
141
       
-
       
		return err

     

       
142
       
142
       
-
       
	}

     

       
143
       
143
       
-
       


     

       
144
       
144
       
-
       
	return nil

     

       
145
       
145
       
-
       
}

     

       
146
       
146
       
-
       


     

       
147
       
147
       
-
       
func (bs *SqliteBlockstore) Execute(ctx context.Context) error {

     

       
148
       
148
       
-
       
	if !bs.readonly {

     

       
149
       
149
       
-
       
		return fmt.Errorf("blockstore was not readonly")

     

       
150
       
150
       
-
       
	}

     

       
151
       
151
       
-
       


     

       
152
       
152
       
-
       
	bs.readonly = false

     

       
153
       
153
       
-
       
	for _, b := range bs.inserts {

     

       
154
       
154
       
-
       
		bs.Put(ctx, b)

     

       
155
       
155
       
-
       
	}

     

       
156
       
156
       
-
       
	bs.readonly = true

     

       
157
       
157
       
-
       


     

       
158
       
158
       
-
       
	return nil

     

       
159
       
159
       
-
       
}

     

       
160
       
160
       
-
       


     

       
161
       
161
       
-
       
func (bs *SqliteBlockstore) GetLog() map[cid.Cid]blocks.Block {

     

       
162
       
162
       
-
       
	return bs.inserts

     

       
163
       
163
       
-
       
}

     

···

       
1
       
1
       
-
       
package main

     

       
2
       
2
       
-
       


     

       
3
       
3
       
-
       
import (

     

       
4
       
4
       
-
       
	"crypto/ecdsa"

     

       
5
       
5
       
-
       
	"crypto/elliptic"

     

       
6
       
6
       
-
       
	"crypto/rand"

     

       
7
       
7
       
-
       
	"encoding/json"

     

       
8
       
8
       
-
       
	"fmt"

     

       
9
       
9
       
-
       
	"os"

     

       
10
       
10
       
-
       
	"time"

     

       
11
       
11
       
-
       


     

       
12
       
12
       
-
       
	"github.com/bluesky-social/indigo/atproto/crypto"

     

       
13
       
13
       
-
       
	"github.com/bluesky-social/indigo/atproto/syntax"

     

       
14
       
14
       
-
       
	"github.com/haileyok/cocoon/internal/helpers"

     

       
15
       
15
       
-
       
	"github.com/lestrrat-go/jwx/v2/jwk"

     

       
16
       
16
       
-
       
	"github.com/urfave/cli/v2"

     

       
17
       
17
       
-
       
	"golang.org/x/crypto/bcrypt"

     

       
18
       
18
       
-
       
	"gorm.io/driver/sqlite"

     

       
19
       
19
       
-
       
	"gorm.io/gorm"

     

       
20
       
20
       
-
       
)

     

       
21
       
21
       
-
       


     

       
22
       
22
       
-
       
func main() {

     

       
23
       
23
       
-
       
	app := cli.App{

     

       
24
       
24
       
-
       
		Name: "admin",

     

       
25
       
25
       
-
       
		Commands: cli.Commands{

     

       
26
       
26
       
-
       
			runCreateRotationKey,

     

       
27
       
27
       
-
       
			runCreatePrivateJwk,

     

       
28
       
28
       
-
       
			runCreateInviteCode,

     

       
29
       
29
       
-
       
			runResetPassword,

     

       
30
       
30
       
-
       
		},

     

       
31
       
31
       
-
       
		ErrWriter: os.Stdout,

     

       
32
       
32
       
-
       
	}

     

       
33
       
33
       
-
       


     

       
34
       
34
       
-
       
	app.Run(os.Args)

     

       
35
       
35
       
-
       
}

     

       
36
       
36
       
-
       


     

       
37
       
37
       
-
       
var runCreateRotationKey = &cli.Command{

     

       
38
       
38
       
-
       
	Name:  "create-rotation-key",

     

       
39
       
39
       
-
       
	Usage: "creates a rotation key for your pds",

     

       
40
       
40
       
-
       
	Flags: []cli.Flag{

     

       
41
       
41
       
-
       
		&cli.StringFlag{

     

       
42
       
42
       
-
       
			Name:     "out",

     

       
43
       
43
       
-
       
			Required: true,

     

       
44
       
44
       
-
       
			Usage:    "output file for your rotation key",

     

       
45
       
45
       
-
       
		},

     

       
46
       
46
       
-
       
	},

     

       
47
       
47
       
-
       
	Action: func(cmd *cli.Context) error {

     

       
48
       
48
       
-
       
		key, err := crypto.GeneratePrivateKeyK256()

     

       
49
       
49
       
-
       
		if err != nil {

     

       
50
       
50
       
-
       
			return err

     

       
51
       
51
       
-
       
		}

     

       
52
       
52
       
-
       


     

       
53
       
53
       
-
       
		bytes := key.Bytes()

     

       
54
       
54
       
-
       


     

       
55
       
55
       
-
       
		if err := os.WriteFile(cmd.String("out"), bytes, 0644); err != nil {

     

       
56
       
56
       
-
       
			return err

     

       
57
       
57
       
-
       
		}

     

       
58
       
58
       
-
       


     

       
59
       
59
       
-
       
		return nil

     

       
60
       
60
       
-
       
	},

     

       
61
       
61
       
-
       
}

     

       
62
       
62
       
-
       


     

       
63
       
63
       
-
       
var runCreatePrivateJwk = &cli.Command{

     

       
64
       
64
       
-
       
	Name:  "create-private-jwk",

     

       
65
       
65
       
-
       
	Usage: "creates a private jwk for your pds",

     

       
66
       
66
       
-
       
	Flags: []cli.Flag{

     

       
67
       
67
       
-
       
		&cli.StringFlag{

     

       
68
       
68
       
-
       
			Name:     "out",

     

       
69
       
69
       
-
       
			Required: true,

     

       
70
       
70
       
-
       
			Usage:    "output file for your jwk",

     

       
71
       
71
       
-
       
		},

     

       
72
       
72
       
-
       
	},

     

       
73
       
73
       
-
       
	Action: func(cmd *cli.Context) error {

     

       
74
       
74
       
-
       
		privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

     

       
75
       
75
       
-
       
		if err != nil {

     

       
76
       
76
       
-
       
			return err

     

       
77
       
77
       
-
       
		}

     

       
78
       
78
       
-
       


     

       
79
       
79
       
-
       
		key, err := jwk.FromRaw(privKey)

     

       
80
       
80
       
-
       
		if err != nil {

     

       
81
       
81
       
-
       
			return err

     

       
82
       
82
       
-
       
		}

     

       
83
       
83
       
-
       


     

       
84
       
84
       
-
       
		kid := fmt.Sprintf("%d", time.Now().Unix())

     

       
85
       
85
       
-
       


     

       
86
       
86
       
-
       
		if err := key.Set(jwk.KeyIDKey, kid); err != nil {

     

       
87
       
87
       
-
       
			return err

     

       
88
       
88
       
-
       
		}

     

       
89
       
89
       
-
       


     

       
90
       
90
       
-
       
		b, err := json.Marshal(key)

     

       
91
       
91
       
-
       
		if err != nil {

     

       
92
       
92
       
-
       
			return err

     

       
93
       
93
       
-
       
		}

     

       
94
       
94
       
-
       


     

       
95
       
95
       
-
       
		if err := os.WriteFile(cmd.String("out"), b, 0644); err != nil {

     

       
96
       
96
       
-
       
			return err

     

       
97
       
97
       
-
       
		}

     

       
98
       
98
       
-
       


     

       
99
       
99
       
-
       
		return nil

     

       
100
       
100
       
-
       
	},

     

       
101
       
101
       
-
       
}

     

       
102
       
102
       
-
       


     

       
103
       
103
       
-
       
var runCreateInviteCode = &cli.Command{

     

       
104
       
104
       
-
       
	Name:  "create-invite-code",

     

       
105
       
105
       
-
       
	Usage: "creates an invite code",

     

       
106
       
106
       
-
       
	Flags: []cli.Flag{

     

       
107
       
107
       
-
       
		&cli.StringFlag{

     

       
108
       
108
       
-
       
			Name:  "for",

     

       
109
       
109
       
-
       
			Usage: "optional did to assign the invite code to",

     

       
110
       
110
       
-
       
		},

     

       
111
       
111
       
-
       
		&cli.IntFlag{

     

       
112
       
112
       
-
       
			Name:  "uses",

     

       
113
       
113
       
-
       
			Usage: "number of times the invite code can be used",

     

       
114
       
114
       
-
       
			Value: 1,

     

       
115
       
115
       
-
       
		},

     

       
116
       
116
       
-
       
	},

     

       
117
       
117
       
-
       
	Action: func(cmd *cli.Context) error {

     

       
118
       
118
       
-
       
		db, err := newDb()

     

       
119
       
119
       
-
       
		if err != nil {

     

       
120
       
120
       
-
       
			return err

     

       
121
       
121
       
-
       
		}

     

       
122
       
122
       
-
       


     

       
123
       
123
       
-
       
		forDid := "did:plc:123"

     

       
124
       
124
       
-
       
		if cmd.String("for") != "" {

     

       
125
       
125
       
-
       
			did, err := syntax.ParseDID(cmd.String("for"))

     

       
126
       
126
       
-
       
			if err != nil {

     

       
127
       
127
       
-
       
				return err

     

       
128
       
128
       
-
       
			}

     

       
129
       
129
       
-
       


     

       
130
       
130
       
-
       
			forDid = did.String()

     

       
131
       
131
       
-
       
		}

     

       
132
       
132
       
-
       


     

       
133
       
133
       
-
       
		uses := cmd.Int("uses")

     

       
134
       
134
       
-
       


     

       
135
       
135
       
-
       
		code := fmt.Sprintf("%s-%s", helpers.RandomVarchar(8), helpers.RandomVarchar(8))

     

       
136
       
136
       
-
       


     

       
137
       
137
       
-
       
		if err := db.Exec("INSERT INTO invite_codes (did, code, remaining_use_count) VALUES (?, ?, ?)", forDid, code, uses).Error; err != nil {

     

       
138
       
138
       
-
       
			return err

     

       
139
       
139
       
-
       
		}

     

       
140
       
140
       
-
       


     

       
141
       
141
       
-
       
		fmt.Printf("New invite code created with %d uses: %s\n", uses, code)

     

       
142
       
142
       
-
       


     

       
143
       
143
       
-
       
		return nil

     

       
144
       
144
       
-
       
	},

     

       
145
       
145
       
-
       
}

     

       
146
       
146
       
-
       


     

       
147
       
147
       
-
       
var runResetPassword = &cli.Command{

     

       
148
       
148
       
-
       
	Name:  "reset-password",

     

       
149
       
149
       
-
       
	Usage: "resets a password",

     

       
150
       
150
       
-
       
	Flags: []cli.Flag{

     

       
151
       
151
       
-
       
		&cli.StringFlag{

     

       
152
       
152
       
-
       
			Name:  "did",

     

       
153
       
153
       
-
       
			Usage: "did of the user who's password you want to reset",

     

       
154
       
154
       
-
       
		},

     

       
155
       
155
       
-
       
	},

     

       
156
       
156
       
-
       
	Action: func(cmd *cli.Context) error {

     

       
157
       
157
       
-
       
		db, err := newDb()

     

       
158
       
158
       
-
       
		if err != nil {

     

       
159
       
159
       
-
       
			return err

     

       
160
       
160
       
-
       
		}

     

       
161
       
161
       
-
       


     

       
162
       
162
       
-
       
		didStr := cmd.String("did")

     

       
163
       
163
       
-
       
		did, err := syntax.ParseDID(didStr)

     

       
164
       
164
       
-
       
		if err != nil {

     

       
165
       
165
       
-
       
			return err

     

       
166
       
166
       
-
       
		}

     

       
167
       
167
       
-
       


     

       
168
       
168
       
-
       
		newPass := fmt.Sprintf("%s-%s", helpers.RandomVarchar(12), helpers.RandomVarchar(12))

     

       
169
       
169
       
-
       
		hashed, err := bcrypt.GenerateFromPassword([]byte(newPass), 10)

     

       
170
       
170
       
-
       
		if err != nil {

     

       
171
       
171
       
-
       
			return err

     

       
172
       
172
       
-
       
		}

     

       
173
       
173
       
-
       


     

       
174
       
174
       
-
       
		if err := db.Exec("UPDATE repos SET password = ? WHERE did = ?", hashed, did.String()).Error; err != nil {

     

       
175
       
175
       
-
       
			return err

     

       
176
       
176
       
-
       
		}

     

       
177
       
177
       
-
       


     

       
178
       
178
       
-
       
		fmt.Printf("Password for %s has been reset to: %s", did.String(), newPass)

     

       
179
       
179
       
-
       


     

       
180
       
180
       
-
       
		return nil

     

       
181
       
181
       
-
       
	},

     

       
182
       
182
       
-
       
}

     

       
183
       
183
       
-
       


     

       
184
       
184
       
-
       
func newDb() (*gorm.DB, error) {

     

       
185
       
185
       
-
       
	return gorm.Open(sqlite.Open("cocoon.db"), &gorm.Config{})

     

       
186
       
186
       
-
       
}

     

···

       
1
       
1
       
 
       
package main

     

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
import (

     

       
4
       
4
       
+
       
	"crypto/ecdsa"

     

       
5
       
5
       
+
       
	"crypto/elliptic"

     

       
6
       
6
       
+
       
	"crypto/rand"

     

       
7
       
7
       
+
       
	"encoding/json"

     

       
4
       
8
       
 
       
	"fmt"

     

       
5
       
9
       
 
       
	"os"

     

       
10
       
10
       
+
       
	"time"

     

       
6
       
11
       
 
       


     

       
12
       
12
       
+
       
	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       
13
       
13
       
+
       
	"github.com/bluesky-social/indigo/atproto/syntax"

     

       
14
       
14
       
+
       
	"github.com/haileyok/cocoon/internal/helpers"

     

       
7
       
15
       
 
       
	"github.com/haileyok/cocoon/server"

     

       
8
       
16
       
 
       
	_ "github.com/joho/godotenv/autoload"

     

       
17
       
17
       
+
       
	"github.com/lestrrat-go/jwx/v2/jwk"

     

       
9
       
18
       
 
       
	"github.com/urfave/cli/v2"

     

       
19
       
19
       
+
       
	"golang.org/x/crypto/bcrypt"

     

       
20
       
20
       
+
       
	"gorm.io/driver/sqlite"

     

       
21
       
21
       
+
       
	"gorm.io/gorm"

     

       
10
       
22
       
 
       
)

     

       
11
       
23
       
 
       


     

       
12
       
24
       
 
       
var Version = "dev"

     
···

       
95
       
107
       
 
       
				Name:    "s3-backups-enabled",

     

       
96
       
108
       
 
       
				EnvVars: []string{"COCOON_S3_BACKUPS_ENABLED"},

     

       
97
       
109
       
 
       
			},

     

       
110
       
110
       
+
       
			&cli.BoolFlag{

     

       
111
       
111
       
+
       
				Name:    "s3-blobstore-enabled",

     

       
112
       
112
       
+
       
				EnvVars: []string{"COCOON_S3_BLOBSTORE_ENABLED"},

     

       
113
       
113
       
+
       
			},

     

       
98
       
114
       
 
       
			&cli.StringFlag{

     

       
99
       
115
       
 
       
				Name:    "s3-region",

     

       
100
       
116
       
 
       
				EnvVars: []string{"COCOON_S3_REGION"},

     
···

       
119
       
135
       
 
       
				Name:    "session-secret",

     

       
120
       
136
       
 
       
				EnvVars: []string{"COCOON_SESSION_SECRET"},

     

       
121
       
137
       
 
       
			},

     

       
138
       
138
       
+
       
			&cli.StringFlag{

     

       
139
       
139
       
+
       
				Name:    "blockstore-variant",

     

       
140
       
140
       
+
       
				EnvVars: []string{"COCOON_BLOCKSTORE_VARIANT"},

     

       
141
       
141
       
+
       
				Value:   "sqlite",

     

       
142
       
142
       
+
       
			},

     

       
143
       
143
       
+
       
			&cli.StringFlag{

     

       
144
       
144
       
+
       
				Name:    "fallback-proxy",

     

       
145
       
145
       
+
       
				EnvVars: []string{"COCOON_FALLBACK_PROXY"},

     

       
146
       
146
       
+
       
			},

     

       
122
       
147
       
 
       
		},

     

       
123
       
148
       
 
       
		Commands: []*cli.Command{

     

       
124
       
124
       
-
       
			run,

     

       
149
       
149
       
+
       
			runServe,

     

       
150
       
150
       
+
       
			runCreateRotationKey,

     

       
151
       
151
       
+
       
			runCreatePrivateJwk,

     

       
152
       
152
       
+
       
			runCreateInviteCode,

     

       
153
       
153
       
+
       
			runResetPassword,

     

       
125
       
154
       
 
       
		},

     

       
126
       
155
       
 
       
		ErrWriter: os.Stdout,

     

       
127
       
156
       
 
       
		Version:   Version,

     
···

       
132
       
161
       
 
       
	}

     

       
133
       
162
       
 
       
}

     

       
134
       
163
       
 
       


     

       
135
       
135
       
-
       
var run = &cli.Command{

     

       
164
       
164
       
+
       
var runServe = &cli.Command{

     

       
136
       
165
       
 
       
	Name:  "run",

     

       
137
       
166
       
 
       
	Usage: "Start the cocoon PDS",

     

       
138
       
167
       
 
       
	Flags: []cli.Flag{},

     

       
139
       
168
       
 
       
	Action: func(cmd *cli.Context) error {

     

       
169
       
169
       
+
       


     

       
140
       
170
       
 
       
		s, err := server.New(&server.Args{

     

       
141
       
171
       
 
       
			Addr:            cmd.String("addr"),

     

       
142
       
172
       
 
       
			DbName:          cmd.String("db-name"),

     
···

       
155
       
185
       
 
       
			SmtpEmail:       cmd.String("smtp-email"),

     

       
156
       
186
       
 
       
			SmtpName:        cmd.String("smtp-name"),

     

       
157
       
187
       
 
       
			S3Config: &server.S3Config{

     

       
158
       
158
       
-
       
				BackupsEnabled: cmd.Bool("s3-backups-enabled"),

     

       
159
       
159
       
-
       
				Region:         cmd.String("s3-region"),

     

       
160
       
160
       
-
       
				Bucket:         cmd.String("s3-bucket"),

     

       
161
       
161
       
-
       
				Endpoint:       cmd.String("s3-endpoint"),

     

       
162
       
162
       
-
       
				AccessKey:      cmd.String("s3-access-key"),

     

       
163
       
163
       
-
       
				SecretKey:      cmd.String("s3-secret-key"),

     

       
188
       
188
       
+
       
				BackupsEnabled:   cmd.Bool("s3-backups-enabled"),

     

       
189
       
189
       
+
       
				BlobstoreEnabled: cmd.Bool("s3-blobstore-enabled"),

     

       
190
       
190
       
+
       
				Region:           cmd.String("s3-region"),

     

       
191
       
191
       
+
       
				Bucket:           cmd.String("s3-bucket"),

     

       
192
       
192
       
+
       
				Endpoint:         cmd.String("s3-endpoint"),

     

       
193
       
193
       
+
       
				AccessKey:        cmd.String("s3-access-key"),

     

       
194
       
194
       
+
       
				SecretKey:        cmd.String("s3-secret-key"),

     

       
164
       
195
       
 
       
			},

     

       
165
       
165
       
-
       
			SessionSecret: cmd.String("session-secret"),

     

       
196
       
196
       
+
       
			SessionSecret:     cmd.String("session-secret"),

     

       
197
       
197
       
+
       
			BlockstoreVariant: server.MustReturnBlockstoreVariant(cmd.String("blockstore-variant")),

     

       
198
       
198
       
+
       
			FallbackProxy:     cmd.String("fallback-proxy"),

     

       
166
       
199
       
 
       
		})

     

       
167
       
200
       
 
       
		if err != nil {

     

       
168
       
201
       
 
       
			fmt.Printf("error creating cocoon: %v", err)

     
···

       
177
       
210
       
 
       
		return nil

     

       
178
       
211
       
 
       
	},

     

       
179
       
212
       
 
       
}

     

       
213
       
213
       
+
       


     

       
214
       
214
       
+
       
var runCreateRotationKey = &cli.Command{

     

       
215
       
215
       
+
       
	Name:  "create-rotation-key",

     

       
216
       
216
       
+
       
	Usage: "creates a rotation key for your pds",

     

       
217
       
217
       
+
       
	Flags: []cli.Flag{

     

       
218
       
218
       
+
       
		&cli.StringFlag{

     

       
219
       
219
       
+
       
			Name:     "out",

     

       
220
       
220
       
+
       
			Required: true,

     

       
221
       
221
       
+
       
			Usage:    "output file for your rotation key",

     

       
222
       
222
       
+
       
		},

     

       
223
       
223
       
+
       
	},

     

       
224
       
224
       
+
       
	Action: func(cmd *cli.Context) error {

     

       
225
       
225
       
+
       
		key, err := atcrypto.GeneratePrivateKeyK256()

     

       
226
       
226
       
+
       
		if err != nil {

     

       
227
       
227
       
+
       
			return err

     

       
228
       
228
       
+
       
		}

     

       
229
       
229
       
+
       


     

       
230
       
230
       
+
       
		bytes := key.Bytes()

     

       
231
       
231
       
+
       


     

       
232
       
232
       
+
       
		if err := os.WriteFile(cmd.String("out"), bytes, 0644); err != nil {

     

       
233
       
233
       
+
       
			return err

     

       
234
       
234
       
+
       
		}

     

       
235
       
235
       
+
       


     

       
236
       
236
       
+
       
		return nil

     

       
237
       
237
       
+
       
	},

     

       
238
       
238
       
+
       
}

     

       
239
       
239
       
+
       


     

       
240
       
240
       
+
       
var runCreatePrivateJwk = &cli.Command{

     

       
241
       
241
       
+
       
	Name:  "create-private-jwk",

     

       
242
       
242
       
+
       
	Usage: "creates a private jwk for your pds",

     

       
243
       
243
       
+
       
	Flags: []cli.Flag{

     

       
244
       
244
       
+
       
		&cli.StringFlag{

     

       
245
       
245
       
+
       
			Name:     "out",

     

       
246
       
246
       
+
       
			Required: true,

     

       
247
       
247
       
+
       
			Usage:    "output file for your jwk",

     

       
248
       
248
       
+
       
		},

     

       
249
       
249
       
+
       
	},

     

       
250
       
250
       
+
       
	Action: func(cmd *cli.Context) error {

     

       
251
       
251
       
+
       
		privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

     

       
252
       
252
       
+
       
		if err != nil {

     

       
253
       
253
       
+
       
			return err

     

       
254
       
254
       
+
       
		}

     

       
255
       
255
       
+
       


     

       
256
       
256
       
+
       
		key, err := jwk.FromRaw(privKey)

     

       
257
       
257
       
+
       
		if err != nil {

     

       
258
       
258
       
+
       
			return err

     

       
259
       
259
       
+
       
		}

     

       
260
       
260
       
+
       


     

       
261
       
261
       
+
       
		kid := fmt.Sprintf("%d", time.Now().Unix())

     

       
262
       
262
       
+
       


     

       
263
       
263
       
+
       
		if err := key.Set(jwk.KeyIDKey, kid); err != nil {

     

       
264
       
264
       
+
       
			return err

     

       
265
       
265
       
+
       
		}

     

       
266
       
266
       
+
       


     

       
267
       
267
       
+
       
		b, err := json.Marshal(key)

     

       
268
       
268
       
+
       
		if err != nil {

     

       
269
       
269
       
+
       
			return err

     

       
270
       
270
       
+
       
		}

     

       
271
       
271
       
+
       


     

       
272
       
272
       
+
       
		if err := os.WriteFile(cmd.String("out"), b, 0644); err != nil {

     

       
273
       
273
       
+
       
			return err

     

       
274
       
274
       
+
       
		}

     

       
275
       
275
       
+
       


     

       
276
       
276
       
+
       
		return nil

     

       
277
       
277
       
+
       
	},

     

       
278
       
278
       
+
       
}

     

       
279
       
279
       
+
       


     

       
280
       
280
       
+
       
var runCreateInviteCode = &cli.Command{

     

       
281
       
281
       
+
       
	Name:  "create-invite-code",

     

       
282
       
282
       
+
       
	Usage: "creates an invite code",

     

       
283
       
283
       
+
       
	Flags: []cli.Flag{

     

       
284
       
284
       
+
       
		&cli.StringFlag{

     

       
285
       
285
       
+
       
			Name:  "for",

     

       
286
       
286
       
+
       
			Usage: "optional did to assign the invite code to",

     

       
287
       
287
       
+
       
		},

     

       
288
       
288
       
+
       
		&cli.IntFlag{

     

       
289
       
289
       
+
       
			Name:  "uses",

     

       
290
       
290
       
+
       
			Usage: "number of times the invite code can be used",

     

       
291
       
291
       
+
       
			Value: 1,

     

       
292
       
292
       
+
       
		},

     

       
293
       
293
       
+
       
	},

     

       
294
       
294
       
+
       
	Action: func(cmd *cli.Context) error {

     

       
295
       
295
       
+
       
		db, err := newDb()

     

       
296
       
296
       
+
       
		if err != nil {

     

       
297
       
297
       
+
       
			return err

     

       
298
       
298
       
+
       
		}

     

       
299
       
299
       
+
       


     

       
300
       
300
       
+
       
		forDid := "did:plc:123"

     

       
301
       
301
       
+
       
		if cmd.String("for") != "" {

     

       
302
       
302
       
+
       
			did, err := syntax.ParseDID(cmd.String("for"))

     

       
303
       
303
       
+
       
			if err != nil {

     

       
304
       
304
       
+
       
				return err

     

       
305
       
305
       
+
       
			}

     

       
306
       
306
       
+
       


     

       
307
       
307
       
+
       
			forDid = did.String()

     

       
308
       
308
       
+
       
		}

     

       
309
       
309
       
+
       


     

       
310
       
310
       
+
       
		uses := cmd.Int("uses")

     

       
311
       
311
       
+
       


     

       
312
       
312
       
+
       
		code := fmt.Sprintf("%s-%s", helpers.RandomVarchar(8), helpers.RandomVarchar(8))

     

       
313
       
313
       
+
       


     

       
314
       
314
       
+
       
		if err := db.Exec("INSERT INTO invite_codes (did, code, remaining_use_count) VALUES (?, ?, ?)", forDid, code, uses).Error; err != nil {

     

       
315
       
315
       
+
       
			return err

     

       
316
       
316
       
+
       
		}

     

       
317
       
317
       
+
       


     

       
318
       
318
       
+
       
		fmt.Printf("New invite code created with %d uses: %s\n", uses, code)

     

       
319
       
319
       
+
       


     

       
320
       
320
       
+
       
		return nil

     

       
321
       
321
       
+
       
	},

     

       
322
       
322
       
+
       
}

     

       
323
       
323
       
+
       


     

       
324
       
324
       
+
       
var runResetPassword = &cli.Command{

     

       
325
       
325
       
+
       
	Name:  "reset-password",

     

       
326
       
326
       
+
       
	Usage: "resets a password",

     

       
327
       
327
       
+
       
	Flags: []cli.Flag{

     

       
328
       
328
       
+
       
		&cli.StringFlag{

     

       
329
       
329
       
+
       
			Name:  "did",

     

       
330
       
330
       
+
       
			Usage: "did of the user who's password you want to reset",

     

       
331
       
331
       
+
       
		},

     

       
332
       
332
       
+
       
	},

     

       
333
       
333
       
+
       
	Action: func(cmd *cli.Context) error {

     

       
334
       
334
       
+
       
		db, err := newDb()

     

       
335
       
335
       
+
       
		if err != nil {

     

       
336
       
336
       
+
       
			return err

     

       
337
       
337
       
+
       
		}

     

       
338
       
338
       
+
       


     

       
339
       
339
       
+
       
		didStr := cmd.String("did")

     

       
340
       
340
       
+
       
		did, err := syntax.ParseDID(didStr)

     

       
341
       
341
       
+
       
		if err != nil {

     

       
342
       
342
       
+
       
			return err

     

       
343
       
343
       
+
       
		}

     

       
344
       
344
       
+
       


     

       
345
       
345
       
+
       
		newPass := fmt.Sprintf("%s-%s", helpers.RandomVarchar(12), helpers.RandomVarchar(12))

     

       
346
       
346
       
+
       
		hashed, err := bcrypt.GenerateFromPassword([]byte(newPass), 10)

     

       
347
       
347
       
+
       
		if err != nil {

     

       
348
       
348
       
+
       
			return err

     

       
349
       
349
       
+
       
		}

     

       
350
       
350
       
+
       


     

       
351
       
351
       
+
       
		if err := db.Exec("UPDATE repos SET password = ? WHERE did = ?", hashed, did.String()).Error; err != nil {

     

       
352
       
352
       
+
       
			return err

     

       
353
       
353
       
+
       
		}

     

       
354
       
354
       
+
       


     

       
355
       
355
       
+
       
		fmt.Printf("Password for %s has been reset to: %s", did.String(), newPass)

     

       
356
       
356
       
+
       


     

       
357
       
357
       
+
       
		return nil

     

       
358
       
358
       
+
       
	},

     

       
359
       
359
       
+
       
}

     

       
360
       
360
       
+
       


     

       
361
       
361
       
+
       
func newDb() (*gorm.DB, error) {

     

       
362
       
362
       
+
       
	return gorm.Open(sqlite.Open("cocoon.db"), &gorm.Config{})

     

       
363
       
363
       
+
       
}

     

···

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  "version": "0.2",

     

       
3
       
3
       
+
       
  "language": "en",

     

       
4
       
4
       
+
       
  "words": [

     

       
5
       
5
       
+
       
    "atproto",

     

       
6
       
6
       
+
       
    "bsky",

     

       
7
       
7
       
+
       
    "Cocoon",

     

       
8
       
8
       
+
       
    "PDS",

     

       
9
       
9
       
+
       
    "Plc",

     

       
10
       
10
       
+
       
    "plc",

     

       
11
       
11
       
+
       
    "repo",

     

       
12
       
12
       
+
       
    "InviteCodes",

     

       
13
       
13
       
+
       
    "InviteCode",

     

       
14
       
14
       
+
       
    "Invite",

     

       
15
       
15
       
+
       
    "Signin",

     

       
16
       
16
       
+
       
    "Signout",

     

       
17
       
17
       
+
       
    "JWKS",

     

       
18
       
18
       
+
       
    "dpop",

     

       
19
       
19
       
+
       
    "BGS",

     

       
20
       
20
       
+
       
    "pico",

     

       
21
       
21
       
+
       
    "picocss",

     

       
22
       
22
       
+
       
    "par",

     

       
23
       
23
       
+
       
    "blobs",

     

       
24
       
24
       
+
       
    "blob",

     

       
25
       
25
       
+
       
    "did",

     

       
26
       
26
       
+
       
    "DID",

     

       
27
       
27
       
+
       
    "OAuth",

     

       
28
       
28
       
+
       
    "oauth",

     

       
29
       
29
       
+
       
    "par",

     

       
30
       
30
       
+
       
    "Cocoon",

     

       
31
       
31
       
+
       
    "memcache",

     

       
32
       
32
       
+
       
    "db",

     

       
33
       
33
       
+
       
    "helpers",

     

       
34
       
34
       
+
       
    "middleware",

     

       
35
       
35
       
+
       
    "repo",

     

       
36
       
36
       
+
       
    "static",

     

       
37
       
37
       
+
       
    "pico",

     

       
38
       
38
       
+
       
    "picocss",

     

       
39
       
39
       
+
       
    "MIT",

     

       
40
       
40
       
+
       
    "Go"

     

       
41
       
41
       
+
       
  ],

     

       
42
       
42
       
+
       
  "ignorePaths": [

     

       
43
       
43
       
+
       
    "server/static/pico.css"

     

       
44
       
44
       
+
       
  ]

     

       
45
       
45
       
+
       
}

     

···

       
5
       
5
       
 
       
require (

     

       
6
       
6
       
 
       
	github.com/Azure/go-autorest/autorest/to v0.4.1

     

       
7
       
7
       
 
       
	github.com/aws/aws-sdk-go v1.55.7

     

       
8
       
8
       
-
       
	github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b

     

       
8
       
8
       
+
       
	github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe

     

       
9
       
9
       
 
       
	github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792

     

       
10
       
10
       
 
       
	github.com/domodwyer/mailyak/v3 v3.6.2

     

       
11
       
11
       
 
       
	github.com/go-pkgz/expirable-cache/v3 v3.0.0

     
···

       
14
       
14
       
 
       
	github.com/google/uuid v1.4.0

     

       
15
       
15
       
 
       
	github.com/gorilla/sessions v1.4.0

     

       
16
       
16
       
 
       
	github.com/gorilla/websocket v1.5.1

     

       
17
       
17
       
+
       
	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b

     

       
17
       
18
       
 
       
	github.com/hashicorp/golang-lru/v2 v2.0.7

     

       
18
       
19
       
 
       
	github.com/ipfs/go-block-format v0.2.0

     

       
19
       
20
       
 
       
	github.com/ipfs/go-cid v0.4.1

     

       
21
       
21
       
+
       
	github.com/ipfs/go-ipfs-blockstore v1.3.1

     

       
20
       
22
       
 
       
	github.com/ipfs/go-ipld-cbor v0.1.0

     

       
21
       
23
       
 
       
	github.com/ipld/go-car v0.6.1-0.20230509095817-92d28eb23ba4

     

       
22
       
24
       
 
       
	github.com/joho/godotenv v1.5.1

     
···

       
59
       
61
       
 
       
	github.com/ipfs/bbloom v0.0.4 // indirect

     

       
60
       
62
       
 
       
	github.com/ipfs/go-blockservice v0.5.2 // indirect

     

       
61
       
63
       
 
       
	github.com/ipfs/go-datastore v0.6.0 // indirect

     

       
62
       
62
       
-
       
	github.com/ipfs/go-ipfs-blockstore v1.3.1 // indirect

     

       
63
       
64
       
 
       
	github.com/ipfs/go-ipfs-ds-help v1.1.1 // indirect

     

       
64
       
65
       
 
       
	github.com/ipfs/go-ipfs-exchange-interface v0.2.1 // indirect

     

       
65
       
66
       
 
       
	github.com/ipfs/go-ipfs-util v0.0.3 // indirect

     

···

       
16
       
16
       
 
       
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=

     

       
17
       
17
       
 
       
github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYEDvkta6I8/rnYM5gSdSV2tJ6XbZuEtY=

     

       
18
       
18
       
 
       
github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k=

     

       
19
       
19
       
-
       
github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b h1:elwfbe+W7GkUmPKFX1h7HaeHvC/kC0XJWfiEHC62xPg=

     

       
20
       
20
       
-
       
github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b/go.mod h1:yjdhLA1LkK8VDS/WPUoYPo25/Hq/8rX38Ftr67EsqKY=

     

       
19
       
19
       
+
       
github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe h1:VBhaqE5ewQgXbY5SfSWFZC/AwHFo7cHxZKFYi2ce9Yo=

     

       
20
       
20
       
+
       
github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe/go.mod h1:RuQVrCGm42QNsgumKaR6se+XkFKfCPNwdCiTvqKRUck=

     

       
21
       
21
       
 
       
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=

     

       
22
       
22
       
 
       
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=

     

       
23
       
23
       
 
       
github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792 h1:R8vQdOQdZ9Y3SkEwmHoWBmX1DNXhXZqlTpq6s4tyJGc=

     
···

       
91
       
91
       
 
       
github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=

     

       
92
       
92
       
 
       
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=

     

       
93
       
93
       
 
       
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=

     

       
94
       
94
       
+
       
github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b h1:wDUNC2eKiL35DbLvsDhiblTUXHxcOPwQSCzi7xpQUN4=

     

       
95
       
95
       
+
       
github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b/go.mod h1:VzxiSdG6j1pi7rwGm/xYI5RbtpBgM8sARDXlvEvxlu0=

     

       
94
       
96
       
 
       
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=

     

       
95
       
97
       
 
       
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=

     

       
96
       
98
       
 
       
github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=

     
···

       
111
       
113
       
 
       
github.com/ipfs/go-block-format v0.2.0/go.mod h1:+jpL11nFx5A/SPpsoBn6Bzkra/zaArfSmsknbPMYgzM=

     

       
112
       
114
       
 
       
github.com/ipfs/go-blockservice v0.5.2 h1:in9Bc+QcXwd1apOVM7Un9t8tixPKdaHQFdLSUM1Xgk8=

     

       
113
       
115
       
 
       
github.com/ipfs/go-blockservice v0.5.2/go.mod h1:VpMblFEqG67A/H2sHKAemeH9vlURVavlysbdUI632yk=

     

       
114
       
114
       
-
       
github.com/ipfs/go-bs-sqlite3 v0.0.0-20221122195556-bfcee1be620d h1:9V+GGXCuOfDiFpdAHz58q9mKLg447xp0cQKvqQrAwYE=

     

       
115
       
115
       
-
       
github.com/ipfs/go-bs-sqlite3 v0.0.0-20221122195556-bfcee1be620d/go.mod h1:pMbnFyNAGjryYCLCe59YDLRv/ujdN+zGJBT1umlvYRM=

     

       
116
       
116
       
 
       
github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=

     

       
117
       
117
       
 
       
github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=

     

       
118
       
118
       
 
       
github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=

     

···

       
13
       
13
       
 
       
	"github.com/bluesky-social/indigo/util"

     

       
14
       
14
       
 
       
)

     

       
15
       
15
       
 
       


     

       
16
       
16
       
-
       
func ResolveHandle(ctx context.Context, cli *http.Client, handle string) (string, error) {

     

       
17
       
17
       
-
       
	if cli == nil {

     

       
18
       
18
       
-
       
		cli = util.RobustHTTPClient()

     

       
16
       
16
       
+
       
func ResolveHandleFromTXT(ctx context.Context, handle string) (string, error) {

     

       
17
       
17
       
+
       
	name := fmt.Sprintf("_atproto.%s", handle)

     

       
18
       
18
       
+
       
	recs, err := net.LookupTXT(name)

     

       
19
       
19
       
+
       
	if err != nil {

     

       
20
       
20
       
+
       
		return "", fmt.Errorf("handle could not be resolved via txt: %w", err)

     

       
21
       
21
       
+
       
	}

     

       
22
       
22
       
+
       


     

       
23
       
23
       
+
       
	for _, rec := range recs {

     

       
24
       
24
       
+
       
		if strings.HasPrefix(rec, "did=") {

     

       
25
       
25
       
+
       
			maybeDid := strings.Split(rec, "did=")[1]

     

       
26
       
26
       
+
       
			if _, err := syntax.ParseDID(maybeDid); err == nil {

     

       
27
       
27
       
+
       
				return maybeDid, nil

     

       
28
       
28
       
+
       
			}

     

       
29
       
29
       
+
       
		}

     

       
30
       
30
       
+
       
	}

     

       
31
       
31
       
+
       


     

       
32
       
32
       
+
       
	return "", fmt.Errorf("handle could not be resolved via txt: no record found")

     

       
33
       
33
       
+
       
}

     

       
34
       
34
       
+
       


     

       
35
       
35
       
+
       
func ResolveHandleFromWellKnown(ctx context.Context, cli *http.Client, handle string) (string, error) {

     

       
36
       
36
       
+
       
	ustr := fmt.Sprintf("https://%s/.well-known/atproto-did", handle)

     

       
37
       
37
       
+
       
	req, err := http.NewRequestWithContext(

     

       
38
       
38
       
+
       
		ctx,

     

       
39
       
39
       
+
       
		"GET",

     

       
40
       
40
       
+
       
		ustr,

     

       
41
       
41
       
+
       
		nil,

     

       
42
       
42
       
+
       
	)

     

       
43
       
43
       
+
       
	if err != nil {

     

       
44
       
44
       
+
       
		return "", fmt.Errorf("handle could not be resolved via web: %w", err)

     

       
19
       
45
       
 
       
	}

     

       
20
       
46
       
 
       


     

       
21
       
21
       
-
       
	var did string

     

       
47
       
47
       
+
       
	resp, err := cli.Do(req)

     

       
48
       
48
       
+
       
	if err != nil {

     

       
49
       
49
       
+
       
		return "", fmt.Errorf("handle could not be resolved via web: %w", err)

     

       
50
       
50
       
+
       
	}

     

       
51
       
51
       
+
       
	defer resp.Body.Close()

     

       
22
       
52
       
 
       


     

       
23
       
23
       
-
       
	_, err := syntax.ParseHandle(handle)

     

       
53
       
53
       
+
       
	b, err := io.ReadAll(resp.Body)

     

       
24
       
54
       
 
       
	if err != nil {

     

       
25
       
25
       
-
       
		return "", err

     

       
55
       
55
       
+
       
		return "", fmt.Errorf("handle could not be resolved via web: %w", err)

     

       
26
       
56
       
 
       
	}

     

       
27
       
57
       
 
       


     

       
28
       
28
       
-
       
	recs, err := net.LookupTXT(fmt.Sprintf("_atproto.%s", handle))

     

       
29
       
29
       
-
       
	if err == nil {

     

       
30
       
30
       
-
       
		for _, rec := range recs {

     

       
31
       
31
       
-
       
			if strings.HasPrefix(rec, "did=") {

     

       
32
       
32
       
-
       
				did = strings.Split(rec, "did=")[1]

     

       
33
       
33
       
-
       
				break

     

       
34
       
34
       
-
       
			}

     

       
35
       
35
       
-
       
		}

     

       
36
       
36
       
-
       
	} else {

     

       
37
       
37
       
-
       
		fmt.Printf("erorr getting txt records: %v\n", err)

     

       
58
       
58
       
+
       
	if resp.StatusCode != http.StatusOK {

     

       
59
       
59
       
+
       
		return "", fmt.Errorf("handle could not be resolved via web: invalid status code %d", resp.StatusCode)

     

       
38
       
60
       
 
       
	}

     

       
39
       
61
       
 
       


     

       
40
       
40
       
-
       
	if did == "" {

     

       
41
       
41
       
-
       
		req, err := http.NewRequestWithContext(

     

       
42
       
42
       
-
       
			ctx,

     

       
43
       
43
       
-
       
			"GET",

     

       
44
       
44
       
-
       
			fmt.Sprintf("https://%s/.well-known/atproto-did", handle),

     

       
45
       
45
       
-
       
			nil,

     

       
46
       
46
       
-
       
		)

     

       
47
       
47
       
-
       
		if err != nil {

     

       
48
       
48
       
-
       
			return "", nil

     

       
49
       
49
       
-
       
		}

     

       
62
       
62
       
+
       
	maybeDid := string(b)

     

       
50
       
63
       
 
       


     

       
51
       
51
       
-
       
		resp, err := http.DefaultClient.Do(req)

     

       
52
       
52
       
-
       
		if err != nil {

     

       
53
       
53
       
-
       
			return "", nil

     

       
54
       
54
       
-
       
		}

     

       
55
       
55
       
-
       
		defer resp.Body.Close()

     

       
64
       
64
       
+
       
	if _, err := syntax.ParseDID(maybeDid); err != nil {

     

       
65
       
65
       
+
       
		return "", fmt.Errorf("handle could not be resolved via web: invalid did in document")

     

       
66
       
66
       
+
       
	}

     

       
56
       
67
       
 
       


     

       
57
       
57
       
-
       
		if resp.StatusCode != http.StatusOK {

     

       
58
       
58
       
-
       
			io.Copy(io.Discard, resp.Body)

     

       
59
       
59
       
-
       
			return "", fmt.Errorf("unable to resolve handle")

     

       
60
       
60
       
-
       
		}

     

       
68
       
68
       
+
       
	return maybeDid, nil

     

       
69
       
69
       
+
       
}

     

       
61
       
70
       
 
       


     

       
62
       
62
       
-
       
		b, err := io.ReadAll(resp.Body)

     

       
63
       
63
       
-
       
		if err != nil {

     

       
64
       
64
       
-
       
			return "", err

     

       
65
       
65
       
-
       
		}

     

       
71
       
71
       
+
       
func ResolveHandle(ctx context.Context, cli *http.Client, handle string) (string, error) {

     

       
72
       
72
       
+
       
	if cli == nil {

     

       
73
       
73
       
+
       
		cli = util.RobustHTTPClient()

     

       
74
       
74
       
+
       
	}

     

       
66
       
75
       
 
       


     

       
67
       
67
       
-
       
		maybeDid := string(b)

     

       
76
       
76
       
+
       
	_, err := syntax.ParseHandle(handle)

     

       
77
       
77
       
+
       
	if err != nil {

     

       
78
       
78
       
+
       
		return "", err

     

       
79
       
79
       
+
       
	}

     

       
68
       
80
       
 
       


     

       
69
       
69
       
-
       
		if _, err := syntax.ParseDID(maybeDid); err != nil {

     

       
70
       
70
       
-
       
			return "", fmt.Errorf("unable to resolve handle")

     

       
71
       
71
       
-
       
		}

     

       
81
       
81
       
+
       
	if maybeDidFromTxt, err := ResolveHandleFromTXT(ctx, handle); err == nil {

     

       
82
       
82
       
+
       
		return maybeDidFromTxt, nil

     

       
83
       
83
       
+
       
	}

     

       
72
       
84
       
 
       


     

       
73
       
73
       
-
       
		did = maybeDid

     

       
85
       
85
       
+
       
	if maybeDidFromWeb, err := ResolveHandleFromWellKnown(ctx, cli, handle); err == nil {

     

       
86
       
86
       
+
       
		return maybeDidFromWeb, nil

     

       
74
       
87
       
 
       
	}

     

       
75
       
88
       
 
       


     

       
76
       
76
       
-
       
	return did, nil

     

       
89
       
89
       
+
       
	return "", fmt.Errorf("handle could not be resolved")

     

       
90
       
90
       
+
       
}

     

       
91
       
91
       
+
       


     

       
92
       
92
       
+
       
func DidToDocUrl(did string) (string, error) {

     

       
93
       
93
       
+
       
	if strings.HasPrefix(did, "did:plc:") {

     

       
94
       
94
       
+
       
		return fmt.Sprintf("https://plc.directory/%s", did), nil

     

       
95
       
95
       
+
       
	} else if after, ok := strings.CutPrefix(did, "did:web:"); ok {

     

       
96
       
96
       
+
       
		return fmt.Sprintf("https://%s/.well-known/did.json", after), nil

     

       
97
       
97
       
+
       
	} else {

     

       
98
       
98
       
+
       
		return "", fmt.Errorf("did was not a supported did type")

     

       
99
       
99
       
+
       
	}

     

       
77
       
100
       
 
       
}

     

       
78
       
101
       
 
       


     

       
79
       
102
       
 
       
func FetchDidDoc(ctx context.Context, cli *http.Client, did string) (*DidDoc, error) {

     
···

       
81
       
104
       
 
       
		cli = util.RobustHTTPClient()

     

       
82
       
105
       
 
       
	}

     

       
83
       
106
       
 
       


     

       
84
       
84
       
-
       
	var ustr string

     

       
85
       
85
       
-
       
	if strings.HasPrefix(did, "did:plc:") {

     

       
86
       
86
       
-
       
		ustr = fmt.Sprintf("https://plc.directory/%s", did)

     

       
87
       
87
       
-
       
	} else if strings.HasPrefix(did, "did:web:") {

     

       
88
       
88
       
-
       
		ustr = fmt.Sprintf("https://%s/.well-known/did.json", strings.TrimPrefix(did, "did:web:"))

     

       
89
       
89
       
-
       
	} else {

     

       
90
       
90
       
-
       
		return nil, fmt.Errorf("did was not a supported did type")

     

       
107
       
107
       
+
       
	ustr, err := DidToDocUrl(did)

     

       
108
       
108
       
+
       
	if err != nil {

     

       
109
       
109
       
+
       
		return nil, err

     

       
91
       
110
       
 
       
	}

     

       
92
       
111
       
 
       


     

       
93
       
112
       
 
       
	req, err := http.NewRequestWithContext(ctx, "GET", ustr, nil)

     
···

       
95
       
114
       
 
       
		return nil, err

     

       
96
       
115
       
 
       
	}

     

       
97
       
116
       
 
       


     

       
98
       
98
       
-
       
	resp, err := http.DefaultClient.Do(req)

     

       
117
       
117
       
+
       
	resp, err := cli.Do(req)

     

       
99
       
118
       
 
       
	if err != nil {

     

       
100
       
119
       
 
       
		return nil, err

     

       
101
       
120
       
 
       
	}

     
···

       
103
       
122
       
 
       


     

       
104
       
123
       
 
       
	if resp.StatusCode != 200 {

     

       
105
       
124
       
 
       
		io.Copy(io.Discard, resp.Body)

     

       
106
       
106
       
-
       
		return nil, fmt.Errorf("could not find identity in plc registry")

     

       
125
       
125
       
+
       
		return nil, fmt.Errorf("unable to find did doc at url. did: %s. url: %s", did, ustr)

     

       
107
       
126
       
 
       
	}

     

       
108
       
127
       
 
       


     

       
109
       
128
       
 
       
	var diddoc DidDoc

     
···

       
127
       
146
       
 
       
		return nil, err

     

       
128
       
147
       
 
       
	}

     

       
129
       
148
       
 
       


     

       
130
       
130
       
-
       
	resp, err := http.DefaultClient.Do(req)

     

       
149
       
149
       
+
       
	resp, err := cli.Do(req)

     

       
131
       
150
       
 
       
	if err != nil {

     

       
132
       
151
       
 
       
		return nil, err

     

       
133
       
152
       
 
       
	}

     

···

       
19
       
19
       
 
       
type Passport struct {

     

       
20
       
20
       
 
       
	h  *http.Client

     

       
21
       
21
       
 
       
	bc BackingCache

     

       
22
       
22
       
-
       
	lk sync.Mutex

     

       
22
       
22
       
+
       
	mu sync.RWMutex

     

       
23
       
23
       
 
       
}

     

       
24
       
24
       
 
       


     

       
25
       
25
       
 
       
func NewPassport(h *http.Client, bc BackingCache) *Passport {

     
···

       
30
       
30
       
 
       
	return &Passport{

     

       
31
       
31
       
 
       
		h:  h,

     

       
32
       
32
       
 
       
		bc: bc,

     

       
33
       
33
       
-
       
		lk: sync.Mutex{},

     

       
34
       
33
       
 
       
	}

     

       
35
       
34
       
 
       
}

     

       
36
       
35
       
 
       


     
···

       
38
       
37
       
 
       
	skipCache, _ := ctx.Value("skip-cache").(bool)

     

       
39
       
38
       
 
       


     

       
40
       
39
       
 
       
	if !skipCache {

     

       
40
       
40
       
+
       
		p.mu.RLock()

     

       
41
       
41
       
 
       
		cached, ok := p.bc.GetDoc(did)

     

       
42
       
42
       
+
       
		p.mu.RUnlock()

     

       
43
       
43
       
+
       


     

       
42
       
44
       
 
       
		if ok {

     

       
43
       
45
       
 
       
			return cached, nil

     

       
44
       
46
       
 
       
		}

     

       
45
       
47
       
 
       
	}

     

       
46
       
48
       
 
       


     

       
47
       
47
       
-
       
	p.lk.Lock() // this is pretty pathetic, and i should rethink this. but for now, fuck it

     

       
48
       
48
       
-
       
	defer p.lk.Unlock()

     

       
49
       
49
       
-
       


     

       
50
       
49
       
 
       
	doc, err := FetchDidDoc(ctx, p.h, did)

     

       
51
       
50
       
 
       
	if err != nil {

     

       
52
       
51
       
 
       
		return nil, err

     

       
53
       
52
       
 
       
	}

     

       
54
       
53
       
 
       


     

       
54
       
54
       
+
       
	p.mu.Lock()

     

       
55
       
55
       
 
       
	p.bc.PutDoc(did, doc)

     

       
56
       
56
       
+
       
	p.mu.Unlock()

     

       
56
       
57
       
 
       


     

       
57
       
58
       
 
       
	return doc, nil

     

       
58
       
59
       
 
       
}

     
···

       
61
       
62
       
 
       
	skipCache, _ := ctx.Value("skip-cache").(bool)

     

       
62
       
63
       
 
       


     

       
63
       
64
       
 
       
	if !skipCache {

     

       
65
       
65
       
+
       
		p.mu.RLock()

     

       
64
       
66
       
 
       
		cached, ok := p.bc.GetDid(handle)

     

       
67
       
67
       
+
       
		p.mu.RUnlock()

     

       
68
       
68
       
+
       


     

       
65
       
69
       
 
       
		if ok {

     

       
66
       
70
       
 
       
			return cached, nil

     

       
67
       
71
       
 
       
		}

     
···

       
72
       
76
       
 
       
		return "", err

     

       
73
       
77
       
 
       
	}

     

       
74
       
78
       
 
       


     

       
79
       
79
       
+
       
	p.mu.Lock()

     

       
75
       
80
       
 
       
	p.bc.PutDid(handle, did)

     

       
81
       
81
       
+
       
	p.mu.Unlock()

     

       
76
       
82
       
 
       


     

       
77
       
83
       
 
       
	return did, nil

     

       
78
       
84
       
 
       
}

     

       
79
       
85
       
 
       


     

       
80
       
86
       
 
       
func (p *Passport) BustDoc(ctx context.Context, did string) error {

     

       
87
       
87
       
+
       
	p.mu.Lock()

     

       
88
       
88
       
+
       
	defer p.mu.Unlock()

     

       
81
       
89
       
 
       
	return p.bc.BustDoc(did)

     

       
82
       
90
       
 
       
}

     

       
83
       
91
       
 
       


     

       
84
       
92
       
 
       
func (p *Passport) BustDid(ctx context.Context, handle string) error {

     

       
93
       
93
       
+
       
	p.mu.Lock()

     

       
94
       
94
       
+
       
	defer p.mu.Unlock()

     

       
85
       
95
       
 
       
	return p.bc.BustDid(handle)

     

       
86
       
96
       
 
       
}