comparing cb89ee235ab5c640d508d435f61d11be8ea6f899 and hailey/tidy on hailey.at/cocoon

+1 -1

.env.example

···

       6
       6
        
       COCOON_RELAYS=https://bsky.network

     

       7
       7
        
       # Generate with `openssl rand -hex 16`

     

       8
       8
        
       COCOON_ADMIN_PASSWORD=

     

       9
       9
       -
       # openssl rand -hex 32

     

       9
       9
       +
       # Generate with `openssl rand -hex 32`

     

       10
       10
        
       COCOON_SESSION_SECRET=

+60

.github/workflows/docker-image.yml

···

       1
       1
       +
       name: Docker image

     

       2
       2
       +
       

     

       3
       3
       +
       on:

     

       4
       4
       +
         workflow_dispatch:

     

       5
       5
       +
         push:

     

       6
       6
       +
           branches:

     

       7
       7
       +
             - main

     

       8
       8
       +
       

     

       9
       9
       +
       env:

     

       10
       10
       +
         REGISTRY: ghcr.io

     

       11
       11
       +
         IMAGE_NAME: ${{ github.repository }}

     

       12
       12
       +
       

     

       13
       13
       +
       jobs:

     

       14
       14
       +
         build-and-push-image:

     

       15
       15
       +
           runs-on: ubuntu-latest

     

       16
       16
       +
           # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.

     

       17
       17
       +
           permissions:

     

       18
       18
       +
             contents: read

     

       19
       19
       +
             packages: write

     

       20
       20
       +
             attestations: write

     

       21
       21
       +
             id-token: write

     

       22
       22
       +
             #

     

       23
       23
       +
           steps:

     

       24
       24
       +
             - name: Checkout repository

     

       25
       25
       +
               uses: actions/checkout@v4

     

       26
       26
       +
             # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.

     

       27
       27
       +
             - name: Log in to the Container registry

     

       28
       28
       +
               uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1

     

       29
       29
       +
               with:

     

       30
       30
       +
                 registry: ${{ env.REGISTRY }}

     

       31
       31
       +
                 username: ${{ github.actor }}

     

       32
       32
       +
                 password: ${{ secrets.GITHUB_TOKEN }}

     

       33
       33
       +
             # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.

     

       34
       34
       +
             - name: Extract metadata (tags, labels) for Docker

     

       35
       35
       +
               id: meta

     

       36
       36
       +
               uses: docker/metadata-action@v5

     

       37
       37
       +
               with:

     

       38
       38
       +
                 images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

     

       39
       39
       +
                 tags: |

     

       40
       40
       +
                   type=sha

     

       41
       41
       +
                   type=sha,format=long

     

       42
       42
       +
             # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.

     

       43
       43
       +
             # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.

     

       44
       44
       +
             # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.

     

       45
       45
       +
             - name: Build and push Docker image

     

       46
       46
       +
               id: push

     

       47
       47
       +
               uses: docker/build-push-action@v5

     

       48
       48
       +
               with:

     

       49
       49
       +
                 context: .

     

       50
       50
       +
                 push: true

     

       51
       51
       +
                 tags: ${{ steps.meta.outputs.tags }}

     

       52
       52
       +
                 labels: ${{ steps.meta.outputs.labels }}

     

       53
       53
       +
       

     

       54
       54
       +
             # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."

     

       55
       55
       +
             - name: Generate artifact attestation

     

       56
       56
       +
               uses: actions/attest-build-provenance@v1

     

       57
       57
       +
               with:

     

       58
       58
       +
                 subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}

     

       59
       59
       +
                 subject-digest: ${{ steps.push.outputs.digest }}

     

       60
       60
       +
                 push-to-registry: true

.gitignore

+10

Caddyfile

···

       1
       1
       +
       {$COCOON_HOSTNAME} {

     

       2
       2
       +
       	reverse_proxy localhost:8080

     

       3
       3
       +
       

     

       4
       4
       +
       	encode gzip

     

       5
       5
       +
       

     

       6
       6
       +
       	log {

     

       7
       7
       +
       		output file /data/access.log

     

       8
       8
       +
       		format json

     

       9
       9
       +
       	}

     

       10
       10
       +
       }

+25

Dockerfile

···

       1
       1
       +
       ### Compile stage

     

       2
       2
       +
       FROM golang:1.25.1-bookworm AS build-env

     

       3
       3
       +
       

     

       4
       4
       +
       ADD . /dockerbuild

     

       5
       5
       +
       WORKDIR /dockerbuild

     

       6
       6
       +
       

     

       7
       7
       +
       RUN GIT_VERSION=$(git describe --tags --long --always || echo "dev-local") && \

     

       8
       8
       +
           go mod tidy && \

     

       9
       9
       +
           go build -ldflags "-X main.Version=$GIT_VERSION" -o cocoon ./cmd/cocoon

     

       10
       10
       +
       

     

       11
       11
       +
       ### Run stage

     

       12
       12
       +
       FROM debian:bookworm-slim AS run

     

       13
       13
       +
       

     

       14
       14
       +
       RUN apt-get update && apt-get install -y dumb-init runit ca-certificates && rm -rf /var/lib/apt/lists/*

     

       15
       15
       +
       ENTRYPOINT ["dumb-init", "--"]

     

       16
       16
       +
       

     

       17
       17
       +
       WORKDIR /

     

       18
       18
       +
       RUN mkdir -p data/cocoon

     

       19
       19
       +
       COPY --from=build-env /dockerbuild/cocoon /

     

       20
       20
       +
       

     

       21
       21
       +
       CMD ["/cocoon", "run"]

     

       22
       22
       +
       

     

       23
       23
       +
       LABEL org.opencontainers.image.source=https://github.com/haileyok/cocoon

     

       24
       24
       +
       LABEL org.opencontainers.image.description="Cocoon ATProto PDS"

     

       25
       25
       +
       LABEL org.opencontainers.image.licenses=MIT

Makefile

···

       40
       40
        
       

     

       41
       41
        
       .env:

     

       42
       42
        
       	if [ ! -f ".env" ]; then cp example.dev.env .env; fi

     

       43
       43
       +
       

     

       44
       44
       +
       .PHONY: docker-build

     

       45
       45
       +
       docker-build:

     

       46
       46
       +
       	docker build -t cocoon .

+139 -8

README.md

···

       1
       1
        
       # Cocoon

     

       2
       2
        
       

     

       3
       3
        
       > [!WARNING]

     

       4
       4
       -
       You should not use this PDS. You should not rely on this code as a reference for a PDS implementation. You should not trust this code. Using this PDS implementation may result in data loss, corruption, etc.

     

       4
       4
       +
       I migrated and have been running my main account on this PDS for months now without issue, however, I am still not responsible if things go awry, particularly during account migration. Please use caution.

     

       5
       5
        
       

     

       6
       6
        
       Cocoon is a PDS implementation in Go. It is highly experimental, and is not ready for any production use.

     

       7
       7
        
       

     

       8
       8
       +
       ## Quick Start with Docker Compose

     

       9
       9
       +
       

     

       10
       10
       +
       ### Prerequisites

     

       11
       11
       +
       

     

       12
       12
       +
       - Docker and Docker Compose installed

     

       13
       13
       +
       - A domain name pointing to your server (for automatic HTTPS)

     

       14
       14
       +
       - Ports 80 and 443 open in i.e. UFW

     

       15
       15
       +
       

     

       16
       16
       +
       ### Installation

     

       17
       17
       +
       

     

       18
       18
       +
       1. **Clone the repository**

     

       19
       19
       +
          ```bash

     

       20
       20
       +
          git clone https://github.com/haileyok/cocoon.git

     

       21
       21
       +
          cd cocoon

     

       22
       22
       +
          ```

     

       23
       23
       +
       

     

       24
       24
       +
       2. **Create your configuration file**

     

       25
       25
       +
          ```bash

     

       26
       26
       +
          cp .env.example .env

     

       27
       27
       +
          ```

     

       28
       28
       +
       

     

       29
       29
       +
       3. **Edit `.env` with your settings**

     

       30
       30
       +
       

     

       31
       31
       +
          Required settings:

     

       32
       32
       +
          ```bash

     

       33
       33
       +
          COCOON_DID="did:web:your-domain.com"

     

       34
       34
       +
          COCOON_HOSTNAME="your-domain.com"

     

       35
       35
       +
          COCOON_CONTACT_EMAIL="you@example.com"

     

       36
       36
       +
          COCOON_RELAYS="https://bsky.network"

     

       37
       37
       +
       

     

       38
       38
       +
          # Generate with: openssl rand -hex 16

     

       39
       39
       +
          COCOON_ADMIN_PASSWORD="your-secure-password"

     

       40
       40
       +
       

     

       41
       41
       +
          # Generate with: openssl rand -hex 32

     

       42
       42
       +
          COCOON_SESSION_SECRET="your-session-secret"

     

       43
       43
       +
          ```

     

       44
       44
       +
       

     

       45
       45
       +
       4. **Start the services**

     

       46
       46
       +
          ```bash

     

       47
       47
       +
          # Pull pre-built image from GitHub Container Registry

     

       48
       48
       +
          docker-compose pull

     

       49
       49
       +
          docker-compose up -d

     

       50
       50
       +
          ```

     

       51
       51
       +
       

     

       52
       52
       +
          Or build locally:

     

       53
       53
       +
          ```bash

     

       54
       54
       +
          docker-compose build

     

       55
       55
       +
          docker-compose up -d

     

       56
       56
       +
          ```

     

       57
       57
       +
       

     

       58
       58
       +
       5. **Get your invite code**

     

       59
       59
       +
       

     

       60
       60
       +
          On first run, an invite code is automatically created. View it with:

     

       61
       61
       +
          ```bash

     

       62
       62
       +
          docker-compose logs create-invite

     

       63
       63
       +
          ```

     

       64
       64
       +
       

     

       65
       65
       +
          Or check the saved file:

     

       66
       66
       +
          ```bash

     

       67
       67
       +
          cat keys/initial-invite-code.txt

     

       68
       68
       +
          ```

     

       69
       69
       +
       

     

       70
       70
       +
          **IMPORTANT**: Save this invite code! You'll need it to create your first account.

     

       71
       71
       +
       

     

       72
       72
       +
       6. **Monitor the services**

     

       73
       73
       +
          ```bash

     

       74
       74
       +
          docker-compose logs -f

     

       75
       75
       +
          ```

     

       76
       76
       +
       

     

       77
       77
       +
       ### What Gets Set Up

     

       78
       78
       +
       

     

       79
       79
       +
       The Docker Compose setup includes:

     

       80
       80
       +
       

     

       81
       81
       +
       - **init-keys**: Automatically generates cryptographic keys (rotation key and JWK) on first run

     

       82
       82
       +
       - **cocoon**: The main PDS service running on port 8080

     

       83
       83
       +
       - **create-invite**: Automatically creates an initial invite code after Cocoon starts (first run only)

     

       84
       84
       +
       - **caddy**: Reverse proxy with automatic HTTPS via Let's Encrypt

     

       85
       85
       +
       

     

       86
       86
       +
       ### Data Persistence

     

       87
       87
       +
       

     

       88
       88
       +
       The following directories will be created automatically:

     

       89
       89
       +
       

     

       90
       90
       +
       - `./keys/` - Cryptographic keys (generated automatically)

     

       91
       91
       +
         - `rotation.key` - PDS rotation key

     

       92
       92
       +
         - `jwk.key` - JWK private key

     

       93
       93
       +
         - `initial-invite-code.txt` - Your first invite code (first run only)

     

       94
       94
       +
       - `./data/` - SQLite database and blockstore

     

       95
       95
       +
       - Docker volumes for Caddy configuration and certificates

     

       96
       96
       +
       

     

       97
       97
       +
       ### Optional Configuration

     

       98
       98
       +
       

     

       99
       99
       +
       #### SMTP Email Settings

     

       100
       100
       +
       ```bash

     

       101
       101
       +
       COCOON_SMTP_USER="your-smtp-username"

     

       102
       102
       +
       COCOON_SMTP_PASS="your-smtp-password"

     

       103
       103
       +
       COCOON_SMTP_HOST="smtp.example.com"

     

       104
       104
       +
       COCOON_SMTP_PORT="587"

     

       105
       105
       +
       COCOON_SMTP_EMAIL="noreply@example.com"

     

       106
       106
       +
       COCOON_SMTP_NAME="Cocoon PDS"

     

       107
       107
       +
       ```

     

       108
       108
       +
       

     

       109
       109
       +
       #### S3 Storage

     

       110
       110
       +
       ```bash

     

       111
       111
       +
       COCOON_S3_BACKUPS_ENABLED=true

     

       112
       112
       +
       COCOON_S3_BLOBSTORE_ENABLED=true

     

       113
       113
       +
       COCOON_S3_REGION="us-east-1"

     

       114
       114
       +
       COCOON_S3_BUCKET="your-bucket"

     

       115
       115
       +
       COCOON_S3_ENDPOINT="https://s3.amazonaws.com"

     

       116
       116
       +
       COCOON_S3_ACCESS_KEY="your-access-key"

     

       117
       117
       +
       COCOON_S3_SECRET_KEY="your-secret-key"

     

       118
       118
       +
       ```

     

       119
       119
       +
       

     

       120
       120
       +
       ### Management Commands

     

       121
       121
       +
       

     

       122
       122
       +
       Create an invite code:

     

       123
       123
       +
       ```bash

     

       124
       124
       +
       docker exec cocoon-pds /cocoon create-invite-code --uses 1

     

       125
       125
       +
       ```

     

       126
       126
       +
       

     

       127
       127
       +
       Reset a user's password:

     

       128
       128
       +
       ```bash

     

       129
       129
       +
       docker exec cocoon-pds /cocoon reset-password --did "did:plc:xxx"

     

       130
       130
       +
       ```

     

       131
       131
       +
       

     

       132
       132
       +
       ### Updating

     

       133
       133
       +
       

     

       134
       134
       +
       ```bash

     

       135
       135
       +
       docker-compose pull

     

       136
       136
       +
       docker-compose up -d

     

       137
       137
       +
       ```

     

       138
       138
       +
       

     

       8
       139
        
       ## Implemented Endpoints

     

       9
       140
        
       

     

       10
       141
        
       > [!NOTE]

     
···

       12
       143
        
       

     

       13
       144
        
       ### Identity

     

       14
       145
        
       

     

       15
       15
       -
       - [ ] `com.atproto.identity.getRecommendedDidCredentials`

     

       16
       16
       -
       - [ ] `com.atproto.identity.requestPlcOperationSignature`

     

       146
       146
       +
       - [x] `com.atproto.identity.getRecommendedDidCredentials`

     

       147
       147
       +
       - [x] `com.atproto.identity.requestPlcOperationSignature`

     

       17
       148
        
       - [x] `com.atproto.identity.resolveHandle`

     

       18
       18
       -
       - [ ] `com.atproto.identity.signPlcOperation`

     

       19
       19
       -
       - [ ] `com.atproto.identity.submitPlcOperation`

     

       149
       149
       +
       - [x] `com.atproto.identity.signPlcOperation`

     

       150
       150
       +
       - [x] `com.atproto.identity.submitPlcOperation`

     

       20
       151
        
       - [x] `com.atproto.identity.updateHandle`

     

       21
       152
        
       

     

       22
       153
        
       ### Repo

     
···

       27
       158
        
       - [x] `com.atproto.repo.deleteRecord`

     

       28
       159
        
       - [x] `com.atproto.repo.describeRepo`

     

       29
       160
        
       - [x] `com.atproto.repo.getRecord`

     

       30
       30
       -
       - [x] `com.atproto.repo.importRepo` (Works "okay". You still have to handle PLC operations on your own when migrating. Use with extreme caution.)

     

       161
       161
       +
       - [x] `com.atproto.repo.importRepo` (Works "okay". Use with extreme caution.)

     

       31
       162
        
       - [x] `com.atproto.repo.listRecords`

     

       32
       163
        
       - [ ] `com.atproto.repo.listMissingBlobs`

     

       33
       164
        
       

     

       34
       165
        
       ### Server

     

       35
       166
        
       

     

       36
       36
       -
       - [ ] `com.atproto.server.activateAccount`

     

       167
       167
       +
       - [x] `com.atproto.server.activateAccount`

     

       37
       168
        
       - [x] `com.atproto.server.checkAccountStatus`

     

       38
       169
        
       - [x] `com.atproto.server.confirmEmail`

     

       39
       170
        
       - [x] `com.atproto.server.createAccount`

     

       40
       171
        
       - [x] `com.atproto.server.createInviteCode`

     

       41
       172
        
       - [x] `com.atproto.server.createInviteCodes`

     

       42
       42
       -
       - [ ] `com.atproto.server.deactivateAccount`

     

       173
       173
       +
       - [x] `com.atproto.server.deactivateAccount`

     

       43
       174
        
       - [ ] `com.atproto.server.deleteAccount`

     

       44
       175
        
       - [x] `com.atproto.server.deleteSession`

     

       45
       176
        
       - [x] `com.atproto.server.describeServer`

+46 -55

cmd/cocoon/main.go

···

       9
       9
        
       	"os"

     

       10
       10
        
       	"time"

     

       11
       11
        
       

     

       12
       12
       -
       	"github.com/bluesky-social/indigo/atproto/crypto"

     

       12
       12
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       13
       13
        
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       14
       14
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       15
       15
        
       	"github.com/haileyok/cocoon/server"

     
···

       39
       39
        
       				EnvVars: []string{"COCOON_DB_NAME"},

     

       40
       40
        
       			},

     

       41
       41
        
       			&cli.StringFlag{

     

       42
       42
       -
       				Name:     "did",

     

       43
       43
       -
       				Required: true,

     

       44
       44
       -
       				EnvVars:  []string{"COCOON_DID"},

     

       42
       42
       +
       				Name:    "did",

     

       43
       43
       +
       				EnvVars: []string{"COCOON_DID"},

     

       45
       44
        
       			},

     

       46
       45
        
       			&cli.StringFlag{

     

       47
       47
       -
       				Name:     "hostname",

     

       48
       48
       -
       				Required: true,

     

       49
       49
       -
       				EnvVars:  []string{"COCOON_HOSTNAME"},

     

       46
       46
       +
       				Name:    "hostname",

     

       47
       47
       +
       				EnvVars: []string{"COCOON_HOSTNAME"},

     

       50
       48
        
       			},

     

       51
       49
        
       			&cli.StringFlag{

     

       52
       52
       -
       				Name:     "rotation-key-path",

     

       53
       53
       -
       				Required: true,

     

       54
       54
       -
       				EnvVars:  []string{"COCOON_ROTATION_KEY_PATH"},

     

       50
       50
       +
       				Name:    "rotation-key-path",

     

       51
       51
       +
       				EnvVars: []string{"COCOON_ROTATION_KEY_PATH"},

     

       55
       52
        
       			},

     

       56
       53
        
       			&cli.StringFlag{

     

       57
       57
       -
       				Name:     "jwk-path",

     

       58
       58
       -
       				Required: true,

     

       59
       59
       -
       				EnvVars:  []string{"COCOON_JWK_PATH"},

     

       54
       54
       +
       				Name:    "jwk-path",

     

       55
       55
       +
       				EnvVars: []string{"COCOON_JWK_PATH"},

     

       60
       56
        
       			},

     

       61
       57
        
       			&cli.StringFlag{

     

       62
       62
       -
       				Name:     "contact-email",

     

       63
       63
       -
       				Required: true,

     

       64
       64
       -
       				EnvVars:  []string{"COCOON_CONTACT_EMAIL"},

     

       58
       58
       +
       				Name:    "contact-email",

     

       59
       59
       +
       				EnvVars: []string{"COCOON_CONTACT_EMAIL"},

     

       65
       60
        
       			},

     

       66
       61
        
       			&cli.StringSliceFlag{

     

       67
       67
       -
       				Name:     "relays",

     

       68
       68
       -
       				Required: true,

     

       69
       69
       -
       				EnvVars:  []string{"COCOON_RELAYS"},

     

       62
       62
       +
       				Name:    "relays",

     

       63
       63
       +
       				EnvVars: []string{"COCOON_RELAYS"},

     

       70
       64
        
       			},

     

       71
       65
        
       			&cli.StringFlag{

     

       72
       72
       -
       				Name:     "admin-password",

     

       73
       73
       -
       				Required: true,

     

       74
       74
       -
       				EnvVars:  []string{"COCOON_ADMIN_PASSWORD"},

     

       66
       66
       +
       				Name:    "admin-password",

     

       67
       67
       +
       				EnvVars: []string{"COCOON_ADMIN_PASSWORD"},

     

       75
       68
        
       			},

     

       76
       69
        
       			&cli.StringFlag{

     

       77
       77
       -
       				Name:     "smtp-user",

     

       78
       78
       -
       				Required: false,

     

       79
       79
       -
       				EnvVars:  []string{"COCOON_SMTP_USER"},

     

       70
       70
       +
       				Name:    "smtp-user",

     

       71
       71
       +
       				EnvVars: []string{"COCOON_SMTP_USER"},

     

       80
       72
        
       			},

     

       81
       73
        
       			&cli.StringFlag{

     

       82
       82
       -
       				Name:     "smtp-pass",

     

       83
       83
       -
       				Required: false,

     

       84
       84
       -
       				EnvVars:  []string{"COCOON_SMTP_PASS"},

     

       74
       74
       +
       				Name:    "smtp-pass",

     

       75
       75
       +
       				EnvVars: []string{"COCOON_SMTP_PASS"},

     

       85
       76
        
       			},

     

       86
       77
        
       			&cli.StringFlag{

     

       87
       87
       -
       				Name:     "smtp-host",

     

       88
       88
       -
       				Required: false,

     

       89
       89
       -
       				EnvVars:  []string{"COCOON_SMTP_HOST"},

     

       78
       78
       +
       				Name:    "smtp-host",

     

       79
       79
       +
       				EnvVars: []string{"COCOON_SMTP_HOST"},

     

       90
       80
        
       			},

     

       91
       81
        
       			&cli.StringFlag{

     

       92
       92
       -
       				Name:     "smtp-port",

     

       93
       93
       -
       				Required: false,

     

       94
       94
       -
       				EnvVars:  []string{"COCOON_SMTP_PORT"},

     

       82
       82
       +
       				Name:    "smtp-port",

     

       83
       83
       +
       				EnvVars: []string{"COCOON_SMTP_PORT"},

     

       95
       84
        
       			},

     

       96
       85
        
       			&cli.StringFlag{

     

       97
       97
       -
       				Name:     "smtp-email",

     

       98
       98
       -
       				Required: false,

     

       99
       99
       -
       				EnvVars:  []string{"COCOON_SMTP_EMAIL"},

     

       86
       86
       +
       				Name:    "smtp-email",

     

       87
       87
       +
       				EnvVars: []string{"COCOON_SMTP_EMAIL"},

     

       100
       88
        
       			},

     

       101
       89
        
       			&cli.StringFlag{

     

       102
       102
       -
       				Name:     "smtp-name",

     

       103
       103
       -
       				Required: false,

     

       104
       104
       -
       				EnvVars:  []string{"COCOON_SMTP_NAME"},

     

       90
       90
       +
       				Name:    "smtp-name",

     

       91
       91
       +
       				EnvVars: []string{"COCOON_SMTP_NAME"},

     

       105
       92
        
       			},

     

       106
       93
        
       			&cli.BoolFlag{

     

       107
       94
        
       				Name:    "s3-backups-enabled",

     

       108
       95
        
       				EnvVars: []string{"COCOON_S3_BACKUPS_ENABLED"},

     

       96
       96
       +
       			},

     

       97
       97
       +
       			&cli.BoolFlag{

     

       98
       98
       +
       				Name:    "s3-blobstore-enabled",

     

       99
       99
       +
       				EnvVars: []string{"COCOON_S3_BLOBSTORE_ENABLED"},

     

       109
       100
        
       			},

     

       110
       101
        
       			&cli.StringFlag{

     

       111
       102
        
       				Name:    "s3-region",

     
···

       130
       121
        
       			&cli.StringFlag{

     

       131
       122
        
       				Name:    "session-secret",

     

       132
       123
        
       				EnvVars: []string{"COCOON_SESSION_SECRET"},

     

       133
       133
       -
       			},

     

       134
       134
       -
       			&cli.StringFlag{

     

       135
       135
       -
       				Name:    "default-atproto-proxy",

     

       136
       136
       -
       				EnvVars: []string{"COCOON_DEFAULT_ATPROTO_PROXY"},

     

       137
       137
       -
       				Value:   "did:web:api.bsky.app#bsky_appview",

     

       138
       124
        
       			},

     

       139
       125
        
       			&cli.StringFlag{

     

       140
       126
        
       				Name:    "blockstore-variant",

     

       141
       127
        
       				EnvVars: []string{"COCOON_BLOCKSTORE_VARIANT"},

     

       142
       128
        
       				Value:   "sqlite",

     

       143
       129
        
       			},

     

       130
       130
       +
       			&cli.StringFlag{

     

       131
       131
       +
       				Name:    "fallback-proxy",

     

       132
       132
       +
       				EnvVars: []string{"COCOON_FALLBACK_PROXY"},

     

       133
       133
       +
       			},

     

       144
       134
        
       		},

     

       145
       135
        
       		Commands: []*cli.Command{

     

       146
       136
        
       			runServe,

     
···

       182
       172
        
       			SmtpEmail:       cmd.String("smtp-email"),

     

       183
       173
        
       			SmtpName:        cmd.String("smtp-name"),

     

       184
       174
        
       			S3Config: &server.S3Config{

     

       185
       185
       -
       				BackupsEnabled: cmd.Bool("s3-backups-enabled"),

     

       186
       186
       -
       				Region:         cmd.String("s3-region"),

     

       187
       187
       -
       				Bucket:         cmd.String("s3-bucket"),

     

       188
       188
       -
       				Endpoint:       cmd.String("s3-endpoint"),

     

       189
       189
       -
       				AccessKey:      cmd.String("s3-access-key"),

     

       190
       190
       -
       				SecretKey:      cmd.String("s3-secret-key"),

     

       175
       175
       +
       				BackupsEnabled:   cmd.Bool("s3-backups-enabled"),

     

       176
       176
       +
       				BlobstoreEnabled: cmd.Bool("s3-blobstore-enabled"),

     

       177
       177
       +
       				Region:           cmd.String("s3-region"),

     

       178
       178
       +
       				Bucket:           cmd.String("s3-bucket"),

     

       179
       179
       +
       				Endpoint:         cmd.String("s3-endpoint"),

     

       180
       180
       +
       				AccessKey:        cmd.String("s3-access-key"),

     

       181
       181
       +
       				SecretKey:        cmd.String("s3-secret-key"),

     

       191
       182
        
       			},

     

       192
       192
       -
       			SessionSecret:       cmd.String("session-secret"),

     

       193
       193
       -
       			DefaultAtprotoProxy: cmd.String("default-atproto-proxy"),

     

       194
       194
       -
       			BlockstoreVariant:   server.MustReturnBlockstoreVariant(cmd.String("blockstore-variant")),

     

       183
       183
       +
       			SessionSecret:     cmd.String("session-secret"),

     

       184
       184
       +
       			BlockstoreVariant: server.MustReturnBlockstoreVariant(cmd.String("blockstore-variant")),

     

       185
       185
       +
       			FallbackProxy:     cmd.String("fallback-proxy"),

     

       195
       186
        
       		})

     

       196
       187
        
       		if err != nil {

     

       197
       188
        
       			fmt.Printf("error creating cocoon: %v", err)

     
···

       218
       209
        
       		},

     

       219
       210
        
       	},

     

       220
       211
        
       	Action: func(cmd *cli.Context) error {

     

       221
       221
       -
       		key, err := crypto.GeneratePrivateKeyK256()

     

       212
       212
       +
       		key, err := atcrypto.GeneratePrivateKeyK256()

     

       222
       213
        
       		if err != nil {

     

       223
       214
        
       			return err

     

       224
       215
        
       		}

+56

create-initial-invite.sh

···

       1
       1
       +
       #!/bin/sh

     

       2
       2
       +
       

     

       3
       3
       +
       INVITE_FILE="/keys/initial-invite-code.txt"

     

       4
       4
       +
       MARKER="/keys/.invite_created"

     

       5
       5
       +
       

     

       6
       6
       +
       # Check if invite code was already created

     

       7
       7
       +
       if [ -f "$MARKER" ]; then

     

       8
       8
       +
           echo "✓ Initial invite code already created"

     

       9
       9
       +
           exit 0

     

       10
       10
       +
       fi

     

       11
       11
       +
       

     

       12
       12
       +
       echo "Waiting for database to be ready..."

     

       13
       13
       +
       sleep 10

     

       14
       14
       +
       

     

       15
       15
       +
       # Try to create invite code - retry until database is ready

     

       16
       16
       +
       MAX_ATTEMPTS=30

     

       17
       17
       +
       ATTEMPT=0

     

       18
       18
       +
       INVITE_CODE=""

     

       19
       19
       +
       

     

       20
       20
       +
       while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do

     

       21
       21
       +
           ATTEMPT=$((ATTEMPT + 1))

     

       22
       22
       +
           OUTPUT=$(/cocoon create-invite-code --uses 1 2>&1)

     

       23
       23
       +
           INVITE_CODE=$(echo "$OUTPUT" | grep -oE '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{8}' || echo "")

     

       24
       24
       +
       

     

       25
       25
       +
           if [ -n "$INVITE_CODE" ]; then

     

       26
       26
       +
               break

     

       27
       27
       +
           fi

     

       28
       28
       +
       

     

       29
       29
       +
           if [ $((ATTEMPT % 5)) -eq 0 ]; then

     

       30
       30
       +
               echo "  Waiting for database... ($ATTEMPT/$MAX_ATTEMPTS)"

     

       31
       31
       +
           fi

     

       32
       32
       +
           sleep 2

     

       33
       33
       +
       done

     

       34
       34
       +
       

     

       35
       35
       +
       if [ -n "$INVITE_CODE" ]; then

     

       36
       36
       +
           echo ""

     

       37
       37
       +
           echo "╔════════════════════════════════════════╗"

     

       38
       38
       +
           echo "║   SAVE THIS INVITE CODE!               ║"

     

       39
       39
       +
           echo "║                                        ║"

     

       40
       40
       +
           echo "║   $INVITE_CODE                         ║"

     

       41
       41
       +
           echo "║                                        ║"

     

       42
       42
       +
           echo "║   Use this to create your first        ║"

     

       43
       43
       +
           echo "║   account on your PDS.                 ║"

     

       44
       44
       +
           echo "╚════════════════════════════════════════╝"

     

       45
       45
       +
           echo ""

     

       46
       46
       +
       

     

       47
       47
       +
           echo "$INVITE_CODE" > "$INVITE_FILE"

     

       48
       48
       +
           echo "✓ Invite code saved to: $INVITE_FILE"

     

       49
       49
       +
       

     

       50
       50
       +
           touch "$MARKER"

     

       51
       51
       +
           echo "✓ Initial setup complete!"

     

       52
       52
       +
       else

     

       53
       53
       +
           echo "✗ Failed to create invite code"

     

       54
       54
       +
           echo "Output: $OUTPUT"

     

       55
       55
       +
           exit 1

     

       56
       56
       +
       fi

+125

docker-compose.yaml

···

       1
       1
       +
       version: '3.8'

     

       2
       2
       +
       

     

       3
       3
       +
       services:

     

       4
       4
       +
         init-keys:

     

       5
       5
       +
           build:

     

       6
       6
       +
             context: .

     

       7
       7
       +
             dockerfile: Dockerfile

     

       8
       8
       +
           image: ghcr.io/haileyok/cocoon:latest

     

       9
       9
       +
           container_name: cocoon-init-keys

     

       10
       10
       +
           volumes:

     

       11
       11
       +
             - ./keys:/keys

     

       12
       12
       +
             - ./data:/data/cocoon

     

       13
       13
       +
             - ./init-keys.sh:/init-keys.sh:ro

     

       14
       14
       +
           environment:

     

       15
       15
       +
             COCOON_DID: ${COCOON_DID}

     

       16
       16
       +
             COCOON_HOSTNAME: ${COCOON_HOSTNAME}

     

       17
       17
       +
             COCOON_ROTATION_KEY_PATH: /keys/rotation.key

     

       18
       18
       +
             COCOON_JWK_PATH: /keys/jwk.key

     

       19
       19
       +
             COCOON_CONTACT_EMAIL: ${COCOON_CONTACT_EMAIL}

     

       20
       20
       +
             COCOON_RELAYS: ${COCOON_RELAYS:-https://bsky.network}

     

       21
       21
       +
             COCOON_ADMIN_PASSWORD: ${COCOON_ADMIN_PASSWORD}

     

       22
       22
       +
           entrypoint: ["/bin/sh", "/init-keys.sh"]

     

       23
       23
       +
           restart: "no"

     

       24
       24
       +
       

     

       25
       25
       +
         cocoon:

     

       26
       26
       +
           build:

     

       27
       27
       +
             context: .

     

       28
       28
       +
             dockerfile: Dockerfile

     

       29
       29
       +
           image: ghcr.io/haileyok/cocoon:latest

     

       30
       30
       +
           container_name: cocoon-pds

     

       31
       31
       +
           network_mode: host

     

       32
       32
       +
           depends_on:

     

       33
       33
       +
             init-keys:

     

       34
       34
       +
               condition: service_completed_successfully

     

       35
       35
       +
           volumes:

     

       36
       36
       +
             - ./data:/data/cocoon

     

       37
       37
       +
             - ./keys/rotation.key:/keys/rotation.key:ro

     

       38
       38
       +
             - ./keys/jwk.key:/keys/jwk.key:ro

     

       39
       39
       +
           environment:

     

       40
       40
       +
             # Required settings

     

       41
       41
       +
             COCOON_DID: ${COCOON_DID}

     

       42
       42
       +
             COCOON_HOSTNAME: ${COCOON_HOSTNAME}

     

       43
       43
       +
             COCOON_ROTATION_KEY_PATH: /keys/rotation.key

     

       44
       44
       +
             COCOON_JWK_PATH: /keys/jwk.key

     

       45
       45
       +
             COCOON_CONTACT_EMAIL: ${COCOON_CONTACT_EMAIL}

     

       46
       46
       +
             COCOON_RELAYS: ${COCOON_RELAYS:-https://bsky.network}

     

       47
       47
       +
             COCOON_ADMIN_PASSWORD: ${COCOON_ADMIN_PASSWORD}

     

       48
       48
       +
             COCOON_SESSION_SECRET: ${COCOON_SESSION_SECRET}

     

       49
       49
       +
       

     

       50
       50
       +
             # Server configuration

     

       51
       51
       +
             COCOON_ADDR: ":8080"

     

       52
       52
       +
             COCOON_DB_NAME: /data/cocoon/cocoon.db

     

       53
       53
       +
             COCOON_BLOCKSTORE_VARIANT: ${COCOON_BLOCKSTORE_VARIANT:-sqlite}

     

       54
       54
       +
       

     

       55
       55
       +
             # Optional: SMTP settings for email

     

       56
       56
       +
             COCOON_SMTP_USER: ${COCOON_SMTP_USER:-}

     

       57
       57
       +
             COCOON_SMTP_PASS: ${COCOON_SMTP_PASS:-}

     

       58
       58
       +
             COCOON_SMTP_HOST: ${COCOON_SMTP_HOST:-}

     

       59
       59
       +
             COCOON_SMTP_PORT: ${COCOON_SMTP_PORT:-}

     

       60
       60
       +
             COCOON_SMTP_EMAIL: ${COCOON_SMTP_EMAIL:-}

     

       61
       61
       +
             COCOON_SMTP_NAME: ${COCOON_SMTP_NAME:-}

     

       62
       62
       +
       

     

       63
       63
       +
             # Optional: S3 configuration

     

       64
       64
       +
             COCOON_S3_BACKUPS_ENABLED: ${COCOON_S3_BACKUPS_ENABLED:-false}

     

       65
       65
       +
             COCOON_S3_BLOBSTORE_ENABLED: ${COCOON_S3_BLOBSTORE_ENABLED:-false}

     

       66
       66
       +
             COCOON_S3_REGION: ${COCOON_S3_REGION:-}

     

       67
       67
       +
             COCOON_S3_BUCKET: ${COCOON_S3_BUCKET:-}

     

       68
       68
       +
             COCOON_S3_ENDPOINT: ${COCOON_S3_ENDPOINT:-}

     

       69
       69
       +
             COCOON_S3_ACCESS_KEY: ${COCOON_S3_ACCESS_KEY:-}

     

       70
       70
       +
             COCOON_S3_SECRET_KEY: ${COCOON_S3_SECRET_KEY:-}

     

       71
       71
       +
       

     

       72
       72
       +
             # Optional: Fallback proxy

     

       73
       73
       +
             COCOON_FALLBACK_PROXY: ${COCOON_FALLBACK_PROXY:-}

     

       74
       74
       +
           restart: unless-stopped

     

       75
       75
       +
           healthcheck:

     

       76
       76
       +
             test: ["CMD", "curl", "-f", "http://localhost:8080/xrpc/_health"]

     

       77
       77
       +
             interval: 30s

     

       78
       78
       +
             timeout: 10s

     

       79
       79
       +
             retries: 3

     

       80
       80
       +
             start_period: 40s

     

       81
       81
       +
       

     

       82
       82
       +
         create-invite:

     

       83
       83
       +
           build:

     

       84
       84
       +
             context: .

     

       85
       85
       +
             dockerfile: Dockerfile

     

       86
       86
       +
           image: ghcr.io/haileyok/cocoon:latest

     

       87
       87
       +
           container_name: cocoon-create-invite

     

       88
       88
       +
           network_mode: host

     

       89
       89
       +
           volumes:

     

       90
       90
       +
             - ./keys:/keys

     

       91
       91
       +
             - ./create-initial-invite.sh:/create-initial-invite.sh:ro

     

       92
       92
       +
           environment:

     

       93
       93
       +
             COCOON_DID: ${COCOON_DID}

     

       94
       94
       +
             COCOON_HOSTNAME: ${COCOON_HOSTNAME}

     

       95
       95
       +
             COCOON_ROTATION_KEY_PATH: /keys/rotation.key

     

       96
       96
       +
             COCOON_JWK_PATH: /keys/jwk.key

     

       97
       97
       +
             COCOON_CONTACT_EMAIL: ${COCOON_CONTACT_EMAIL}

     

       98
       98
       +
             COCOON_RELAYS: ${COCOON_RELAYS:-https://bsky.network}

     

       99
       99
       +
             COCOON_ADMIN_PASSWORD: ${COCOON_ADMIN_PASSWORD}

     

       100
       100
       +
             COCOON_DB_NAME: /data/cocoon/cocoon.db

     

       101
       101
       +
           depends_on:

     

       102
       102
       +
             - init-keys

     

       103
       103
       +
           entrypoint: ["/bin/sh", "/create-initial-invite.sh"]

     

       104
       104
       +
           restart: "no"

     

       105
       105
       +
       

     

       106
       106
       +
         caddy:

     

       107
       107
       +
           image: caddy:2-alpine

     

       108
       108
       +
           container_name: cocoon-caddy

     

       109
       109
       +
           network_mode: host

     

       110
       110
       +
           volumes:

     

       111
       111
       +
             - ./Caddyfile:/etc/caddy/Caddyfile:ro

     

       112
       112
       +
             - caddy_data:/data

     

       113
       113
       +
             - caddy_config:/config

     

       114
       114
       +
           restart: unless-stopped

     

       115
       115
       +
           environment:

     

       116
       116
       +
             COCOON_HOSTNAME: ${COCOON_HOSTNAME}

     

       117
       117
       +
             CADDY_ACME_EMAIL: ${COCOON_CONTACT_EMAIL:-}

     

       118
       118
       +
       

     

       119
       119
       +
       volumes:

     

       120
       120
       +
         data:

     

       121
       121
       +
           driver: local

     

       122
       122
       +
         caddy_data:

     

       123
       123
       +
           driver: local

     

       124
       124
       +
         caddy_config:

     

       125
       125
       +
           driver: local

+2 -2

go.mod

···

       5
       5
        
       require (

     

       6
       6
        
       	github.com/Azure/go-autorest/autorest/to v0.4.1

     

       7
       7
        
       	github.com/aws/aws-sdk-go v1.55.7

     

       8
       8
       -
       	github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b

     

       8
       8
       +
       	github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe

     

       9
       9
        
       	github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792

     

       10
       10
        
       	github.com/domodwyer/mailyak/v3 v3.6.2

     

       11
       11
        
       	github.com/go-pkgz/expirable-cache/v3 v3.0.0

     
···

       18
       18
        
       	github.com/hashicorp/golang-lru/v2 v2.0.7

     

       19
       19
        
       	github.com/ipfs/go-block-format v0.2.0

     

       20
       20
        
       	github.com/ipfs/go-cid v0.4.1

     

       21
       21
       +
       	github.com/ipfs/go-ipfs-blockstore v1.3.1

     

       21
       22
        
       	github.com/ipfs/go-ipld-cbor v0.1.0

     

       22
       23
        
       	github.com/ipld/go-car v0.6.1-0.20230509095817-92d28eb23ba4

     

       23
       24
        
       	github.com/joho/godotenv v1.5.1

     
···

       60
       61
        
       	github.com/ipfs/bbloom v0.0.4 // indirect

     

       61
       62
        
       	github.com/ipfs/go-blockservice v0.5.2 // indirect

     

       62
       63
        
       	github.com/ipfs/go-datastore v0.6.0 // indirect

     

       63
       63
       -
       	github.com/ipfs/go-ipfs-blockstore v1.3.1 // indirect

     

       64
       64
        
       	github.com/ipfs/go-ipfs-ds-help v1.1.1 // indirect

     

       65
       65
        
       	github.com/ipfs/go-ipfs-exchange-interface v0.2.1 // indirect

     

       66
       66
        
       	github.com/ipfs/go-ipfs-util v0.0.3 // indirect

+2 -4

go.sum

···

       16
       16
        
       github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=

     

       17
       17
        
       github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYEDvkta6I8/rnYM5gSdSV2tJ6XbZuEtY=

     

       18
       18
        
       github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k=

     

       19
       19
       -
       github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b h1:elwfbe+W7GkUmPKFX1h7HaeHvC/kC0XJWfiEHC62xPg=

     

       20
       20
       -
       github.com/bluesky-social/indigo v0.0.0-20250414202759-826fcdeaa36b/go.mod h1:yjdhLA1LkK8VDS/WPUoYPo25/Hq/8rX38Ftr67EsqKY=

     

       19
       19
       +
       github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe h1:VBhaqE5ewQgXbY5SfSWFZC/AwHFo7cHxZKFYi2ce9Yo=

     

       20
       20
       +
       github.com/bluesky-social/indigo v0.0.0-20251009212240-20524de167fe/go.mod h1:RuQVrCGm42QNsgumKaR6se+XkFKfCPNwdCiTvqKRUck=

     

       21
       21
        
       github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=

     

       22
       22
        
       github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=

     

       23
       23
        
       github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792 h1:R8vQdOQdZ9Y3SkEwmHoWBmX1DNXhXZqlTpq6s4tyJGc=

     
···

       113
       113
        
       github.com/ipfs/go-block-format v0.2.0/go.mod h1:+jpL11nFx5A/SPpsoBn6Bzkra/zaArfSmsknbPMYgzM=

     

       114
       114
        
       github.com/ipfs/go-blockservice v0.5.2 h1:in9Bc+QcXwd1apOVM7Un9t8tixPKdaHQFdLSUM1Xgk8=

     

       115
       115
        
       github.com/ipfs/go-blockservice v0.5.2/go.mod h1:VpMblFEqG67A/H2sHKAemeH9vlURVavlysbdUI632yk=

     

       116
       116
       -
       github.com/ipfs/go-bs-sqlite3 v0.0.0-20221122195556-bfcee1be620d h1:9V+GGXCuOfDiFpdAHz58q9mKLg447xp0cQKvqQrAwYE=

     

       117
       117
       -
       github.com/ipfs/go-bs-sqlite3 v0.0.0-20221122195556-bfcee1be620d/go.mod h1:pMbnFyNAGjryYCLCe59YDLRv/ujdN+zGJBT1umlvYRM=

     

       118
       116
        
       github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=

     

       119
       117
        
       github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=

     

       120
       118
        
       github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=

+3 -3

identity/identity.go

···

       33
       33
        
       }

     

       34
       34
        
       

     

       35
       35
        
       func ResolveHandleFromWellKnown(ctx context.Context, cli *http.Client, handle string) (string, error) {

     

       36
       36
       -
       	ustr := fmt.Sprintf("https://%s/.well=known/atproto-did", handle)

     

       36
       36
       +
       	ustr := fmt.Sprintf("https://%s/.well-known/atproto-did", handle)

     

       37
       37
        
       	req, err := http.NewRequestWithContext(

     

       38
       38
        
       		ctx,

     

       39
       39
        
       		"GET",

     
···

       92
       92
        
       func DidToDocUrl(did string) (string, error) {

     

       93
       93
        
       	if strings.HasPrefix(did, "did:plc:") {

     

       94
       94
        
       		return fmt.Sprintf("https://plc.directory/%s", did), nil

     

       95
       95
       -
       	} else if strings.HasPrefix(did, "did:web:") {

     

       96
       96
       -
       		return fmt.Sprintf("https://%s/.well-known/did.json", strings.TrimPrefix(did, "did:web:")), nil

     

       95
       95
       +
       	} else if after, ok := strings.CutPrefix(did, "did:web:"); ok {

     

       96
       96
       +
       		return fmt.Sprintf("https://%s/.well-known/did.json", after), nil

     

       97
       97
        
       	} else {

     

       98
       98
        
       		return "", fmt.Errorf("did was not a supported did type")

     

       99
       99
        
       	}

-1

identity/passport.go

···

       46
       46
        
       		}

     

       47
       47
        
       	}

     

       48
       48
        
       

     

       49
       49
       -
       	// TODO: should coalesce requests here

     

       50
       49
        
       	doc, err := FetchDidDoc(ctx, p.h, did)

     

       51
       50
        
       	if err != nil {

     

       52
       51
        
       		return nil, err

+1 -1

identity/types.go

···

       4
       4
        
       	Context             []string                   `json:"@context"`

     

       5
       5
        
       	Id                  string                     `json:"id"`

     

       6
       6
        
       	AlsoKnownAs         []string                   `json:"alsoKnownAs"`

     

       7
       7
       -
       	VerificationMethods []DidDocVerificationMethod `json:"verificationMethods"`

     

       7
       7
       +
       	VerificationMethods []DidDocVerificationMethod `json:"verificationMethod"`

     

       8
       8
        
       	Service             []DidDocService            `json:"service"`

     

       9
       9
        
       }

     

       10
       10

+34

init-keys.sh

···

       1
       1
       +
       #!/bin/sh

     

       2
       2
       +
       set -e

     

       3
       3
       +
       

     

       4
       4
       +
       mkdir -p /keys

     

       5
       5
       +
       mkdir -p /data/cocoon

     

       6
       6
       +
       

     

       7
       7
       +
       if [ ! -f /keys/rotation.key ]; then

     

       8
       8
       +
           echo "Generating rotation key..."

     

       9
       9
       +
           /cocoon create-rotation-key --out /keys/rotation.key 2>/dev/null || true

     

       10
       10
       +
           if [ -f /keys/rotation.key ]; then

     

       11
       11
       +
               echo "✓ Rotation key generated at /keys/rotation.key"

     

       12
       12
       +
           else

     

       13
       13
       +
               echo "✗ Failed to generate rotation key"

     

       14
       14
       +
               exit 1

     

       15
       15
       +
           fi

     

       16
       16
       +
       else

     

       17
       17
       +
           echo "✓ Rotation key already exists"

     

       18
       18
       +
       fi

     

       19
       19
       +
       

     

       20
       20
       +
       if [ ! -f /keys/jwk.key ]; then

     

       21
       21
       +
           echo "Generating JWK..."

     

       22
       22
       +
           /cocoon create-private-jwk --out /keys/jwk.key 2>/dev/null || true

     

       23
       23
       +
           if [ -f /keys/jwk.key ]; then

     

       24
       24
       +
               echo "✓ JWK generated at /keys/jwk.key"

     

       25
       25
       +
           else

     

       26
       26
       +
               echo "✗ Failed to generate JWK"

     

       27
       27
       +
               exit 1

     

       28
       28
       +
           fi

     

       29
       29
       +
       else

     

       30
       30
       +
           echo "✓ JWK already exists"

     

       31
       31
       +
       fi

     

       32
       32
       +
       

     

       33
       33
       +
       echo ""

     

       34
       34
       +
       echo "✓ Key initialization complete!"

internal/db/db.go

···

       25
       25
        
       	return db.cli.Clauses(clauses...).Create(value)

     

       26
       26
        
       }

     

       27
       27
        
       

     

       28
       28
       +
       func (db *DB) Save(value any, clauses []clause.Expression) *gorm.DB {

     

       29
       29
       +
       	db.mu.Lock()

     

       30
       30
       +
       	defer db.mu.Unlock()

     

       31
       31
       +
       	return db.cli.Clauses(clauses...).Save(value)

     

       32
       32
       +
       }

     

       33
       33
       +
       

     

       28
       34
        
       func (db *DB) Exec(sql string, clauses []clause.Expression, values ...any) *gorm.DB {

     

       29
       35
        
       	db.mu.Lock()

     

       30
       36
        
       	defer db.mu.Unlock()

+16

internal/helpers/helpers.go

···

       32
       32
        
       	return genericError(e, 400, msg)

     

       33
       33
        
       }

     

       34
       34
        
       

     

       35
       35
       +
       func UnauthorizedError(e echo.Context, suffix *string) error {

     

       36
       36
       +
       	msg := "Unauthorized"

     

       37
       37
       +
       	if suffix != nil {

     

       38
       38
       +
       		msg += ". " + *suffix

     

       39
       39
       +
       	}

     

       40
       40
       +
       	return genericError(e, 401, msg)

     

       41
       41
       +
       }

     

       42
       42
       +
       

     

       43
       43
       +
       func ForbiddenError(e echo.Context, suffix *string) error {

     

       44
       44
       +
       	msg := "Forbidden"

     

       45
       45
       +
       	if suffix != nil {

     

       46
       46
       +
       		msg += ". " + *suffix

     

       47
       47
       +
       	}

     

       48
       48
       +
       	return genericError(e, 403, msg)

     

       49
       49
       +
       }

     

       50
       50
       +
       

     

       35
       51
        
       func InvalidTokenError(e echo.Context) error {

     

       36
       52
        
       	return InputError(e, to.StringPtr("InvalidToken"))

     

       37
       53
        
       }

+19 -2

models/models.go

···

       4
       4
        
       	"context"

     

       5
       5
        
       	"time"

     

       6
       6
        
       

     

       7
       7
       -
       	"github.com/bluesky-social/indigo/atproto/crypto"

     

       7
       7
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       8
       8
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       8
       9
        
       )

     

       9
       10
        
       

     

       10
       11
        
       type Repo struct {

     
···

       18
       19
        
       	EmailUpdateCodeExpiresAt       *time.Time

     

       19
       20
        
       	PasswordResetCode              *string

     

       20
       21
        
       	PasswordResetCodeExpiresAt     *time.Time

     

       22
       22
       +
       	PlcOperationCode               *string

     

       23
       23
       +
       	PlcOperationCodeExpiresAt      *time.Time

     

       21
       24
        
       	Password                       string

     

       22
       25
        
       	SigningKey                     []byte

     

       23
       26
        
       	Rev                            string

     

       24
       27
        
       	Root                           []byte

     

       25
       28
        
       	Preferences                    []byte

     

       29
       29
       +
       	Deactivated                    bool

     

       26
       30
        
       }

     

       27
       31
        
       

     

       28
       32
        
       func (r *Repo) SignFor(ctx context.Context, did string, msg []byte) ([]byte, error) {

     

       29
       29
       -
       	k, err := crypto.ParsePrivateBytesK256(r.SigningKey)

     

       33
       33
       +
       	k, err := atcrypto.ParsePrivateBytesK256(r.SigningKey)

     

       30
       34
        
       	if err != nil {

     

       31
       35
        
       		return nil, err

     

       32
       36
        
       	}

     
···

       37
       41
        
       	}

     

       38
       42
        
       

     

       39
       43
        
       	return sig, nil

     

       44
       44
       +
       }

     

       45
       45
       +
       

     

       46
       46
       +
       func (r *Repo) Status() *string {

     

       47
       47
       +
       	var status *string

     

       48
       48
       +
       	if r.Deactivated {

     

       49
       49
       +
       		status = to.StringPtr("deactivated")

     

       50
       50
       +
       	}

     

       51
       51
       +
       	return status

     

       52
       52
       +
       }

     

       53
       53
       +
       

     

       54
       54
       +
       func (r *Repo) Active() bool {

     

       55
       55
       +
       	return r.Status() == nil

     

       40
       56
        
       }

     

       41
       57
        
       

     

       42
       58
        
       type Actor struct {

     
···

       92
       108
        
       	Did       string `gorm:"index;index:idx_blob_did_cid"`

     

       93
       109
        
       	Cid       []byte `gorm:"index;index:idx_blob_did_cid"`

     

       94
       110
        
       	RefCount  int

     

       111
       111
       +
       	Storage   string `gorm:"default:sqlite"`

     

       95
       112
        
       }

     

       96
       113
        
       

     

       97
       114
        
       type BlobPart struct {

+47 -23

oauth/client/manager.go

···

       22
       22
        
       	cli           *http.Client

     

       23
       23
        
       	logger        *slog.Logger

     

       24
       24
        
       	jwksCache     cache.Cache[string, jwk.Key]

     

       25
       25
       -
       	metadataCache cache.Cache[string, Metadata]

     

       25
       25
       +
       	metadataCache cache.Cache[string, *Metadata]

     

       26
       26
        
       }

     

       27
       27
        
       

     

       28
       28
        
       type ManagerArgs struct {

     
···

       40
       40
        
       	}

     

       41
       41
        
       

     

       42
       42
        
       	jwksCache := cache.NewCache[string, jwk.Key]().WithLRU().WithMaxKeys(500).WithTTL(5 * time.Minute)

     

       43
       43
       -
       	metadataCache := cache.NewCache[string, Metadata]().WithLRU().WithMaxKeys(500).WithTTL(5 * time.Minute)

     

       43
       43
       +
       	metadataCache := cache.NewCache[string, *Metadata]().WithLRU().WithMaxKeys(500).WithTTL(5 * time.Minute)

     

       44
       44
        
       

     

       45
       45
        
       	return &Manager{

     

       46
       46
        
       		cli:           args.Cli,

     
···

       57
       57
        
       	}

     

       58
       58
        
       

     

       59
       59
        
       	var jwks jwk.Key

     

       60
       60
       -
       	if metadata.JWKS != nil {

     

       61
       61
       -
       		// TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to

     

       62
       62
       -
       		// make sure we use the right one

     

       63
       63
       -
       		k, err := helpers.ParseJWKFromBytes((*metadata.JWKS)[0])

     

       64
       64
       -
       		if err != nil {

     

       65
       65
       -
       			return nil, err

     

       66
       66
       -
       		}

     

       67
       67
       -
       		jwks = k

     

       68
       68
       -
       	} else if metadata.JWKSURI != nil {

     

       69
       69
       -
       		maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI)

     

       70
       70
       -
       		if err != nil {

     

       71
       71
       -
       			return nil, err

     

       72
       72
       -
       		}

     

       60
       60
       +
       	if metadata.TokenEndpointAuthMethod == "private_key_jwt" {

     

       61
       61
       +
       		if metadata.JWKS != nil && len(metadata.JWKS.Keys) > 0 {

     

       62
       62
       +
       			// TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to

     

       63
       63
       +
       			// make sure we use the right one

     

       64
       64
       +
       			b, err := json.Marshal(metadata.JWKS.Keys[0])

     

       65
       65
       +
       			if err != nil {

     

       66
       66
       +
       				return nil, err

     

       67
       67
       +
       			}

     

       68
       68
       +
       

     

       69
       69
       +
       			k, err := helpers.ParseJWKFromBytes(b)

     

       70
       70
       +
       			if err != nil {

     

       71
       71
       +
       				return nil, err

     

       72
       72
       +
       			}

     

       73
       73
        
       

     

       74
       74
       -
       		jwks = maybeJwks

     

       74
       74
       +
       			jwks = k

     

       75
       75
       +
       		} else if metadata.JWKS != nil {

     

       76
       76
       +
       		} else if metadata.JWKSURI != nil {

     

       77
       77
       +
       			maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI)

     

       78
       78
       +
       			if err != nil {

     

       79
       79
       +
       				return nil, err

     

       80
       80
       +
       			}

     

       81
       81
       +
       

     

       82
       82
       +
       			jwks = maybeJwks

     

       83
       83
       +
       		} else {

     

       84
       84
       +
       			return nil, fmt.Errorf("no valid jwks found in oauth client metadata")

     

       85
       85
       +
       		}

     

       75
       86
        
       	}

     

       76
       87
        
       

     

       77
       88
        
       	return &Client{

     
···

       81
       92
        
       }

     

       82
       93
        
       

     

       83
       94
        
       func (cm *Manager) getClientMetadata(ctx context.Context, clientId string) (*Metadata, error) {

     

       84
       84
       -
       	metadataCached, ok := cm.metadataCache.Get(clientId)

     

       95
       95
       +
       	cached, ok := cm.metadataCache.Get(clientId)

     

       85
       96
        
       	if !ok {

     

       86
       97
        
       		req, err := http.NewRequestWithContext(ctx, "GET", clientId, nil)

     

       87
       98
        
       		if err != nil {

     
···

       109
       120
        
       			return nil, err

     

       110
       121
        
       		}

     

       111
       122
        
       

     

       123
       123
       +
       		cm.metadataCache.Set(clientId, validated, 10*time.Minute)

     

       124
       124
       +
       

     

       112
       125
        
       		return validated, nil

     

       113
       126
        
       	} else {

     

       114
       114
       -
       		return &metadataCached, nil

     

       127
       127
       +
       		return cached, nil

     

       115
       128
        
       	}

     

       116
       129
        
       }

     

       117
       130
        
       

     
···

       196
       209
        
       		return nil, fmt.Errorf("error unmarshaling metadata: %w", err)

     

       197
       210
        
       	}

     

       198
       211
        
       

     

       212
       212
       +
       	if metadata.ClientURI == "" {

     

       213
       213
       +
       		u, err := url.Parse(metadata.ClientID)

     

       214
       214
       +
       		if err != nil {

     

       215
       215
       +
       			return nil, fmt.Errorf("unable to parse client id: %w", err)

     

       216
       216
       +
       		}

     

       217
       217
       +
       		u.RawPath = ""

     

       218
       218
       +
       		u.RawQuery = ""

     

       219
       219
       +
       		metadata.ClientURI = u.String()

     

       220
       220
       +
       	}

     

       221
       221
       +
       

     

       199
       222
        
       	u, err := url.Parse(metadata.ClientURI)

     

       200
       223
        
       	if err != nil {

     

       201
       224
        
       		return nil, fmt.Errorf("unable to parse client uri: %w", err)

     

       202
       225
        
       	}

     

       203
       226
        
       

     

       227
       227
       +
       	if metadata.ClientName == "" {

     

       228
       228
       +
       		metadata.ClientName = metadata.ClientURI

     

       229
       229
       +
       	}

     

       230
       230
       +
       

     

       204
       231
        
       	if isLocalHostname(u.Hostname()) {

     

       205
       205
       -
       		return nil, errors.New("`client_uri` hostname is invalid")

     

       232
       232
       +
       		return nil, fmt.Errorf("`client_uri` hostname is invalid: %s", u.Hostname())

     

       206
       233
        
       	}

     

       207
       234
        
       

     

       208
       235
        
       	if metadata.Scope == "" {

     
···

       262
       289
        
       			return nil, errors.New("private_key_jwt auth method requires jwks or jwks_uri")

     

       263
       290
        
       		}

     

       264
       291
        
       

     

       265
       265
       -
       		if metadata.JWKS != nil && len(*metadata.JWKS) == 0 {

     

       292
       292
       +
       		if metadata.JWKS != nil && len(metadata.JWKS.Keys) == 0 {

     

       266
       293
        
       			return nil, errors.New("private_key_jwt auth method requires atleast one key in jwks")

     

       267
       294
        
       		}

     

       268
       295
        
       

     
···

       341
       368
        
       			if u.Scheme != "http" {

     

       342
       369
        
       				return nil, fmt.Errorf("loopback redirect uri %s must use http", ruri)

     

       343
       370
        
       			}

     

       344
       344
       -
       

     

       345
       345
       -
       			break

     

       346
       371
        
       		case u.Scheme == "http":

     

       347
       372
        
       			return nil, errors.New("only loopbvack redirect uris are allowed to use the `http` scheme")

     

       348
       373
        
       		case u.Scheme == "https":

     

       349
       374
        
       			if isLocalHostname(u.Hostname()) {

     

       350
       375
        
       				return nil, fmt.Errorf("redirect uri %s's domain must not be a local hostname", ruri)

     

       351
       376
        
       			}

     

       352
       352
       -
       			break

     

       353
       377
        
       		case strings.Contains(u.Scheme, "."):

     

       354
       378
        
       			if metadata.ApplicationType != "native" {

     

       355
       379
        
       				return nil, errors.New("private-use uri scheme redirect uris are only allowed for native apps")

+20 -16

oauth/client/metadata.go

···

       1
       1
        
       package client

     

       2
       2
        
       

     

       3
       3
        
       type Metadata struct {

     

       4
       4
       -
       	ClientID                    string    `json:"client_id"`

     

       5
       5
       -
       	ClientName                  string    `json:"client_name"`

     

       6
       6
       -
       	ClientURI                   string    `json:"client_uri"`

     

       7
       7
       -
       	LogoURI                     string    `json:"logo_uri"`

     

       8
       8
       -
       	TOSURI                      string    `json:"tos_uri"`

     

       9
       9
       -
       	PolicyURI                   string    `json:"policy_uri"`

     

       10
       10
       -
       	RedirectURIs                []string  `json:"redirect_uris"`

     

       11
       11
       -
       	GrantTypes                  []string  `json:"grant_types"`

     

       12
       12
       -
       	ResponseTypes               []string  `json:"response_types"`

     

       13
       13
       -
       	ApplicationType             string    `json:"application_type"`

     

       14
       14
       -
       	DpopBoundAccessTokens       bool      `json:"dpop_bound_access_tokens"`

     

       15
       15
       -
       	JWKSURI                     *string   `json:"jwks_uri,omitempty"`

     

       16
       16
       -
       	JWKS                        *[][]byte `json:"jwks,omitempty"`

     

       17
       17
       -
       	Scope                       string    `json:"scope"`

     

       18
       18
       -
       	TokenEndpointAuthMethod     string    `json:"token_endpoint_auth_method"`

     

       19
       19
       -
       	TokenEndpointAuthSigningAlg string    `json:"token_endpoint_auth_signing_alg"`

     

       4
       4
       +
       	ClientID                    string        `json:"client_id"`

     

       5
       5
       +
       	ClientName                  string        `json:"client_name"`

     

       6
       6
       +
       	ClientURI                   string        `json:"client_uri"`

     

       7
       7
       +
       	LogoURI                     string        `json:"logo_uri"`

     

       8
       8
       +
       	TOSURI                      string        `json:"tos_uri"`

     

       9
       9
       +
       	PolicyURI                   string        `json:"policy_uri"`

     

       10
       10
       +
       	RedirectURIs                []string      `json:"redirect_uris"`

     

       11
       11
       +
       	GrantTypes                  []string      `json:"grant_types"`

     

       12
       12
       +
       	ResponseTypes               []string      `json:"response_types"`

     

       13
       13
       +
       	ApplicationType             string        `json:"application_type"`

     

       14
       14
       +
       	DpopBoundAccessTokens       bool          `json:"dpop_bound_access_tokens"`

     

       15
       15
       +
       	JWKSURI                     *string       `json:"jwks_uri,omitempty"`

     

       16
       16
       +
       	JWKS                        *MetadataJwks `json:"jwks,omitempty"`

     

       17
       17
       +
       	Scope                       string        `json:"scope"`

     

       18
       18
       +
       	TokenEndpointAuthMethod     string        `json:"token_endpoint_auth_method"`

     

       19
       19
       +
       	TokenEndpointAuthSigningAlg string        `json:"token_endpoint_auth_signing_alg"`

     

       20
       20
       +
       }

     

       21
       21
       +
       

     

       22
       22
       +
       type MetadataJwks struct {

     

       23
       23
       +
       	Keys []any `json:"keys"`

     

       20
       24
        
       }

+6 -2

oauth/dpop/manager.go

···

       36
       36
        
       	Hostname              string

     

       37
       37
        
       }

     

       38
       38
        
       

     

       39
       39
       +
       var (

     

       40
       40
       +
       	ErrUseDpopNonce = errors.New("use_dpop_nonce")

     

       41
       41
       +
       )

     

       42
       42
       +
       

     

       39
       43
        
       func NewManager(args ManagerArgs) *Manager {

     

       40
       44
        
       	if args.Logger == nil {

     

       41
       45
        
       		args.Logger = slog.Default()

     
···

       194
       198
        
       	nonce, _ := claims["nonce"].(string)

     

       195
       199
        
       	if nonce == "" {

     

       196
       200
        
       		// WARN: this _must_ be `use_dpop_nonce` for clients know they should make another request

     

       197
       197
       -
       		return nil, errors.New("use_dpop_nonce")

     

       201
       201
       +
       		return nil, ErrUseDpopNonce

     

       198
       202
        
       	}

     

       199
       203
        
       

     

       200
       204
        
       	if nonce != "" && !dm.nonce.Check(nonce) {

     

       201
       205
        
       		// WARN: this _must_ be `use_dpop_nonce` so that clients will fetch a new nonce

     

       202
       202
       -
       		return nil, errors.New("use_dpop_nonce")

     

       206
       206
       +
       		return nil, ErrUseDpopNonce

     

       203
       207
        
       	}

     

       204
       208
        
       

     

       205
       209
        
       	ath, _ := claims["ath"].(string)

+36 -20

plc/client.go

···

       13
       13
        
       	"net/url"

     

       14
       14
        
       	"strings"

     

       15
       15
        
       

     

       16
       16
       -
       	"github.com/bluesky-social/indigo/atproto/crypto"

     

       16
       16
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       17
       17
        
       	"github.com/bluesky-social/indigo/util"

     

       18
       18
        
       	"github.com/haileyok/cocoon/identity"

     

       19
       19
        
       )

     
···

       22
       22
        
       	h           *http.Client

     

       23
       23
        
       	service     string

     

       24
       24
        
       	pdsHostname string

     

       25
       25
       -
       	rotationKey *crypto.PrivateKeyK256

     

       25
       25
       +
       	rotationKey *atcrypto.PrivateKeyK256

     

       26
       26
        
       }

     

       27
       27
        
       

     

       28
       28
        
       type ClientArgs struct {

     
···

       41
       41
        
       		args.H = util.RobustHTTPClient()

     

       42
       42
        
       	}

     

       43
       43
        
       

     

       44
       44
       -
       	rk, err := crypto.ParsePrivateBytesK256([]byte(args.RotationKey))

     

       44
       44
       +
       	rk, err := atcrypto.ParsePrivateBytesK256([]byte(args.RotationKey))

     

       45
       45
        
       	if err != nil {

     

       46
       46
        
       		return nil, err

     

       47
       47
        
       	}

     
···

       54
       54
        
       	}, nil

     

       55
       55
        
       }

     

       56
       56
        
       

     

       57
       57
       -
       func (c *Client) CreateDID(sigkey *crypto.PrivateKeyK256, recovery string, handle string) (string, *Operation, error) {

     

       58
       58
       -
       	pubsigkey, err := sigkey.PublicKey()

     

       57
       57
       +
       func (c *Client) CreateDID(sigkey *atcrypto.PrivateKeyK256, recovery string, handle string) (string, *Operation, error) {

     

       58
       58
       +
       	creds, err := c.CreateDidCredentials(sigkey, recovery, handle)

     

       59
       59
        
       	if err != nil {

     

       60
       60
        
       		return "", nil, err

     

       61
       61
        
       	}

     

       62
       62
        
       

     

       63
       63
       -
       	pubrotkey, err := c.rotationKey.PublicKey()

     

       63
       63
       +
       	op := Operation{

     

       64
       64
       +
       		Type: "plc_operation",

     

       65
       65
       +
       		VerificationMethods: creds.VerificationMethods,

     

       66
       66
       +
       		RotationKeys: creds.RotationKeys,

     

       67
       67
       +
       		AlsoKnownAs: creds.AlsoKnownAs,

     

       68
       68
       +
       		Services: creds.Services,

     

       69
       69
       +
       		Prev: nil,

     

       70
       70
       +
       	}

     

       71
       71
       +
       

     

       72
       72
       +
       	if err := c.SignOp(sigkey, &op); err != nil {

     

       73
       73
       +
       		return "", nil, err

     

       74
       74
       +
       	}

     

       75
       75
       +
       

     

       76
       76
       +
       	did, err := DidFromOp(&op)

     

       64
       77
        
       	if err != nil {

     

       65
       78
        
       		return "", nil, err

     

       66
       79
        
       	}

     

       67
       80
        
       

     

       81
       81
       +
       	return did, &op, nil

     

       82
       82
       +
       }

     

       83
       83
       +
       

     

       84
       84
       +
       func (c *Client) CreateDidCredentials(sigkey *atcrypto.PrivateKeyK256, recovery string, handle string) (*DidCredentials, error) {

     

       85
       85
       +
       	pubsigkey, err := sigkey.PublicKey()

     

       86
       86
       +
       	if err != nil {

     

       87
       87
       +
       		return nil, err

     

       88
       88
       +
       	}

     

       89
       89
       +
       

     

       90
       90
       +
       	pubrotkey, err := c.rotationKey.PublicKey()

     

       91
       91
       +
       	if err != nil {

     

       92
       92
       +
       		return nil, err

     

       93
       93
       +
       	}

     

       94
       94
       +
       

     

       68
       95
        
       	// todo

     

       69
       96
        
       	rotationKeys := []string{pubrotkey.DIDKey()}

     

       70
       97
        
       	if recovery != "" {

     
···

       77
       104
        
       		}(recovery)

     

       78
       105
        
       	}

     

       79
       106
        
       

     

       80
       80
       -
       	op := Operation{

     

       81
       81
       -
       		Type: "plc_operation",

     

       107
       107
       +
       	creds := DidCredentials{

     

       82
       108
        
       		VerificationMethods: map[string]string{

     

       83
       109
        
       			"atproto": pubsigkey.DIDKey(),

     

       84
       110
        
       		},

     
···

       92
       118
        
       				Endpoint: "https://" + c.pdsHostname,

     

       93
       119
        
       			},

     

       94
       120
        
       		},

     

       95
       95
       -
       		Prev: nil,

     

       96
       121
        
       	}

     

       97
       122
        
       

     

       98
       98
       -
       	if err := c.SignOp(sigkey, &op); err != nil {

     

       99
       99
       -
       		return "", nil, err

     

       100
       100
       -
       	}

     

       101
       101
       -
       

     

       102
       102
       -
       	did, err := DidFromOp(&op)

     

       103
       103
       -
       	if err != nil {

     

       104
       104
       -
       		return "", nil, err

     

       105
       105
       -
       	}

     

       106
       106
       -
       

     

       107
       107
       -
       	return did, &op, nil

     

       123
       123
       +
       	return &creds, nil

     

       108
       124
        
       }

     

       109
       125
        
       

     

       110
       110
       -
       func (c *Client) SignOp(sigkey *crypto.PrivateKeyK256, op *Operation) error {

     

       126
       126
       +
       func (c *Client) SignOp(sigkey *atcrypto.PrivateKeyK256, op *Operation) error {

     

       111
       127
        
       	b, err := op.MarshalCBOR()

     

       112
       128
        
       	if err != nil {

     

       113
       129
        
       		return err

+10 -2

plc/types.go

···

       3
       3
        
       import (

     

       4
       4
        
       	"encoding/json"

     

       5
       5
        
       

     

       6
       6
       -
       	"github.com/bluesky-social/indigo/atproto/data"

     

       6
       6
       +
       	"github.com/bluesky-social/indigo/atproto/atdata"

     

       7
       7
        
       	"github.com/haileyok/cocoon/identity"

     

       8
       8
        
       	cbg "github.com/whyrusleeping/cbor-gen"

     

       9
       9
        
       )

     

       10
       10
       +
       

     

       11
       11
       +
       

     

       12
       12
       +
       type DidCredentials struct {

     

       13
       13
       +
       	VerificationMethods map[string]string                    `json:"verificationMethods"`

     

       14
       14
       +
       	RotationKeys        []string                             `json:"rotationKeys"`

     

       15
       15
       +
       	AlsoKnownAs         []string                             `json:"alsoKnownAs"`

     

       16
       16
       +
       	Services            map[string]identity.OperationService `json:"services"`

     

       17
       17
       +
       }

     

       10
       18
        
       

     

       11
       19
        
       type Operation struct {

     

       12
       20
        
       	Type                string                               `json:"type"`

     
···

       38
       46
        
       		return nil, err

     

       39
       47
        
       	}

     

       40
       48
        
       

     

       41
       41
       -
       	b, err = data.MarshalCBOR(m)

     

       49
       49
       +
       	b, err = atdata.MarshalCBOR(m)

     

       42
       50
        
       	if err != nil {

     

       43
       51
        
       		return nil, err

     

       44
       52
        
       	}

recording_blockstore/recording_blockstore.go

···

       20
       20
        
       	return &RecordingBlockstore{

     

       21
       21
        
       		base:    base,

     

       22
       22
        
       		inserts: make(map[cid.Cid]blockformat.Block),

     

       23
       23
       +
       		reads:   make(map[cid.Cid]blockformat.Block),

     

       23
       24
        
       	}

     

       24
       25
        
       }

     

       25
       26

server/handle_account.go

···

       12
       12
        
       

     

       13
       13
        
       func (s *Server) handleAccount(e echo.Context) error {

     

       14
       14
        
       	ctx := e.Request().Context()

     

       15
       15
       +
       

     

       15
       16
        
       	repo, sess, err := s.getSessionRepoOrErr(e)

     

       16
       17
        
       	if err != nil {

     

       17
       18
        
       		return e.Redirect(303, "/account/signin")

+1 -1

server/handle_actor_get_preferences.go

···

       16
       16
        
       	err := json.Unmarshal(repo.Preferences, &prefs)

     

       17
       17
        
       	if err != nil || prefs["preferences"] == nil {

     

       18
       18
        
       		prefs = map[string]any{

     

       19
       19
       -
       			"preferences": map[string]any{},

     

       19
       19
       +
       			"preferences": []any{},

     

       20
       20
        
       		}

     

       21
       21
        
       	}

     

       22
       22

+26

server/handle_identity_get_recommended_did_credentials.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       5
       5
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       6
       6
       +
       	"github.com/haileyok/cocoon/models"

     

       7
       7
       +
       	"github.com/labstack/echo/v4"

     

       8
       8
       +
       )

     

       9
       9
       +
       

     

       10
       10
       +
       func (s *Server) handleGetRecommendedDidCredentials(e echo.Context) error {

     

       11
       11
       +
       	repo := e.Get("repo").(*models.RepoActor)

     

       12
       12
       +
       

     

       13
       13
       +
       	k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       14
       14
       +
       	if err != nil {

     

       15
       15
       +
       		s.logger.Error("error parsing key", "error", err)

     

       16
       16
       +
       		return helpers.ServerError(e, nil)

     

       17
       17
       +
       	}

     

       18
       18
       +
       

     

       19
       19
       +
       	creds, err := s.plcClient.CreateDidCredentials(k, "", repo.Actor.Handle)

     

       20
       20
       +
       	if err != nil {

     

       21
       21
       +
       		s.logger.Error("error crating did credentials", "error", err)

     

       22
       22
       +
       		return helpers.ServerError(e, nil)

     

       23
       23
       +
       	}

     

       24
       24
       +
       

     

       25
       25
       +
       	return e.JSON(200, creds)

     

       26
       26
       +
       }

+29

server/handle_identity_request_plc_operation.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"fmt"

     

       5
       5
       +
       	"time"

     

       6
       6
       +
       

     

       7
       7
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       8
       8
       +
       	"github.com/haileyok/cocoon/models"

     

       9
       9
       +
       	"github.com/labstack/echo/v4"

     

       10
       10
       +
       )

     

       11
       11
       +
       

     

       12
       12
       +
       func (s *Server) handleIdentityRequestPlcOperationSignature(e echo.Context) error {

     

       13
       13
       +
       	urepo := e.Get("repo").(*models.RepoActor)

     

       14
       14
       +
       

     

       15
       15
       +
       	code := fmt.Sprintf("%s-%s", helpers.RandomVarchar(5), helpers.RandomVarchar(5))

     

       16
       16
       +
       	eat := time.Now().Add(10 * time.Minute).UTC()

     

       17
       17
       +
       

     

       18
       18
       +
       	if err := s.db.Exec("UPDATE repos SET plc_operation_code = ?, plc_operation_code_expires_at = ? WHERE did = ?", nil, code, eat, urepo.Repo.Did).Error; err != nil {

     

       19
       19
       +
       		s.logger.Error("error updating user", "error", err)

     

       20
       20
       +
       		return helpers.ServerError(e, nil)

     

       21
       21
       +
       	}

     

       22
       22
       +
       

     

       23
       23
       +
       	if err := s.sendPlcTokenReset(urepo.Email, urepo.Handle, code); err != nil {

     

       24
       24
       +
       		s.logger.Error("error sending mail", "error", err)

     

       25
       25
       +
       		return helpers.ServerError(e, nil)

     

       26
       26
       +
       	}

     

       27
       27
       +
       

     

       28
       28
       +
       	return e.NoContent(200)

     

       29
       29
       +
       }

+103

server/handle_identity_sign_plc_operation.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"strings"

     

       6
       6
       +
       	"time"

     

       7
       7
       +
       

     

       8
       8
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       9
       9
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       10
       10
       +
       	"github.com/haileyok/cocoon/identity"

     

       11
       11
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       12
       12
       +
       	"github.com/haileyok/cocoon/models"

     

       13
       13
       +
       	"github.com/haileyok/cocoon/plc"

     

       14
       14
       +
       	"github.com/labstack/echo/v4"

     

       15
       15
       +
       )

     

       16
       16
       +
       

     

       17
       17
       +
       type ComAtprotoSignPlcOperationRequest struct {

     

       18
       18
       +
       	Token               string                                `json:"token"`

     

       19
       19
       +
       	VerificationMethods *map[string]string                    `json:"verificationMethods"`

     

       20
       20
       +
       	RotationKeys        *[]string                             `json:"rotationKeys"`

     

       21
       21
       +
       	AlsoKnownAs         *[]string                             `json:"alsoKnownAs"`

     

       22
       22
       +
       	Services            *map[string]identity.OperationService `json:"services"`

     

       23
       23
       +
       }

     

       24
       24
       +
       

     

       25
       25
       +
       type ComAtprotoSignPlcOperationResponse struct {

     

       26
       26
       +
       	Operation plc.Operation `json:"operation"`

     

       27
       27
       +
       }

     

       28
       28
       +
       

     

       29
       29
       +
       func (s *Server) handleSignPlcOperation(e echo.Context) error {

     

       30
       30
       +
       	repo := e.Get("repo").(*models.RepoActor)

     

       31
       31
       +
       

     

       32
       32
       +
       	var req ComAtprotoSignPlcOperationRequest

     

       33
       33
       +
       	if err := e.Bind(&req); err != nil {

     

       34
       34
       +
       		s.logger.Error("error binding", "error", err)

     

       35
       35
       +
       		return helpers.ServerError(e, nil)

     

       36
       36
       +
       	}

     

       37
       37
       +
       

     

       38
       38
       +
       	if !strings.HasPrefix(repo.Repo.Did, "did:plc:") {

     

       39
       39
       +
       		return helpers.InputError(e, nil)

     

       40
       40
       +
       	}

     

       41
       41
       +
       

     

       42
       42
       +
       	if repo.PlcOperationCode == nil || repo.PlcOperationCodeExpiresAt == nil {

     

       43
       43
       +
       		return helpers.InputError(e, to.StringPtr("InvalidToken"))

     

       44
       44
       +
       	}

     

       45
       45
       +
       

     

       46
       46
       +
       	if *repo.PlcOperationCode != req.Token {

     

       47
       47
       +
       		return helpers.InvalidTokenError(e)

     

       48
       48
       +
       	}

     

       49
       49
       +
       

     

       50
       50
       +
       	if time.Now().UTC().After(*repo.PlcOperationCodeExpiresAt) {

     

       51
       51
       +
       		return helpers.ExpiredTokenError(e)

     

       52
       52
       +
       	}

     

       53
       53
       +
       

     

       54
       54
       +
       	ctx := context.WithValue(e.Request().Context(), "skip-cache", true)

     

       55
       55
       +
       	log, err := identity.FetchDidAuditLog(ctx, nil, repo.Repo.Did)

     

       56
       56
       +
       	if err != nil {

     

       57
       57
       +
       		s.logger.Error("error fetching doc", "error", err)

     

       58
       58
       +
       		return helpers.ServerError(e, nil)

     

       59
       59
       +
       	}

     

       60
       60
       +
       

     

       61
       61
       +
       	latest := log[len(log)-1]

     

       62
       62
       +
       

     

       63
       63
       +
       	op := plc.Operation{

     

       64
       64
       +
       		Type:                "plc_operation",

     

       65
       65
       +
       		VerificationMethods: latest.Operation.VerificationMethods,

     

       66
       66
       +
       		RotationKeys:        latest.Operation.RotationKeys,

     

       67
       67
       +
       		AlsoKnownAs:         latest.Operation.AlsoKnownAs,

     

       68
       68
       +
       		Services:            latest.Operation.Services,

     

       69
       69
       +
       		Prev:                &latest.Cid,

     

       70
       70
       +
       	}

     

       71
       71
       +
       	if req.VerificationMethods != nil {

     

       72
       72
       +
       		op.VerificationMethods = *req.VerificationMethods

     

       73
       73
       +
       	}

     

       74
       74
       +
       	if req.RotationKeys != nil {

     

       75
       75
       +
       		op.RotationKeys = *req.RotationKeys

     

       76
       76
       +
       	}

     

       77
       77
       +
       	if req.AlsoKnownAs != nil {

     

       78
       78
       +
       		op.AlsoKnownAs = *req.AlsoKnownAs

     

       79
       79
       +
       	}

     

       80
       80
       +
       	if req.Services != nil {

     

       81
       81
       +
       		op.Services = *req.Services

     

       82
       82
       +
       	}

     

       83
       83
       +
       

     

       84
       84
       +
       	k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       85
       85
       +
       	if err != nil {

     

       86
       86
       +
       		s.logger.Error("error parsing signing key", "error", err)

     

       87
       87
       +
       		return helpers.ServerError(e, nil)

     

       88
       88
       +
       	}

     

       89
       89
       +
       

     

       90
       90
       +
       	if err := s.plcClient.SignOp(k, &op); err != nil {

     

       91
       91
       +
       		s.logger.Error("error signing plc operation", "error", err)

     

       92
       92
       +
       		return helpers.ServerError(e, nil)

     

       93
       93
       +
       	}

     

       94
       94
       +
       

     

       95
       95
       +
       	if err := s.db.Exec("UPDATE repos SET plc_operation_code = NULL, plc_operation_code_expires_at = NULL WHERE did = ?", nil, repo.Repo.Did).Error; err != nil {

     

       96
       96
       +
       		s.logger.Error("error updating repo", "error", err)

     

       97
       97
       +
       		return helpers.ServerError(e, nil)

     

       98
       98
       +
       	}

     

       99
       99
       +
       

     

       100
       100
       +
       	return e.JSON(200, ComAtprotoSignPlcOperationResponse{

     

       101
       101
       +
       		Operation: op,

     

       102
       102
       +
       	})

     

       103
       103
       +
       }

+87

server/handle_identity_submit_plc_operation.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"slices"

     

       6
       6
       +
       	"strings"

     

       7
       7
       +
       	"time"

     

       8
       8
       +
       

     

       9
       9
       +
       	"github.com/bluesky-social/indigo/api/atproto"

     

       10
       10
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       11
       11
       +
       	"github.com/bluesky-social/indigo/events"

     

       12
       12
       +
       	"github.com/bluesky-social/indigo/util"

     

       13
       13
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       14
       14
       +
       	"github.com/haileyok/cocoon/models"

     

       15
       15
       +
       	"github.com/haileyok/cocoon/plc"

     

       16
       16
       +
       	"github.com/labstack/echo/v4"

     

       17
       17
       +
       )

     

       18
       18
       +
       

     

       19
       19
       +
       type ComAtprotoSubmitPlcOperationRequest struct {

     

       20
       20
       +
       	Operation plc.Operation `json:"operation"`

     

       21
       21
       +
       }

     

       22
       22
       +
       

     

       23
       23
       +
       func (s *Server) handleSubmitPlcOperation(e echo.Context) error {

     

       24
       24
       +
       	repo := e.Get("repo").(*models.RepoActor)

     

       25
       25
       +
       

     

       26
       26
       +
       	var req ComAtprotoSubmitPlcOperationRequest

     

       27
       27
       +
       	if err := e.Bind(&req); err != nil {

     

       28
       28
       +
       		s.logger.Error("error binding", "error", err)

     

       29
       29
       +
       		return helpers.ServerError(e, nil)

     

       30
       30
       +
       	}

     

       31
       31
       +
       

     

       32
       32
       +
       	if err := e.Validate(req); err != nil {

     

       33
       33
       +
       		return helpers.InputError(e, nil)

     

       34
       34
       +
       	}

     

       35
       35
       +
       	if !strings.HasPrefix(repo.Repo.Did, "did:plc:") {

     

       36
       36
       +
       		return helpers.InputError(e, nil)

     

       37
       37
       +
       	}

     

       38
       38
       +
       

     

       39
       39
       +
       	op := req.Operation

     

       40
       40
       +
       

     

       41
       41
       +
       	k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       42
       42
       +
       	if err != nil {

     

       43
       43
       +
       		s.logger.Error("error parsing key", "error", err)

     

       44
       44
       +
       		return helpers.ServerError(e, nil)

     

       45
       45
       +
       	}

     

       46
       46
       +
       	required, err := s.plcClient.CreateDidCredentials(k, "", repo.Actor.Handle)

     

       47
       47
       +
       	if err != nil {

     

       48
       48
       +
       		s.logger.Error("error crating did credentials", "error", err)

     

       49
       49
       +
       		return helpers.ServerError(e, nil)

     

       50
       50
       +
       	}

     

       51
       51
       +
       

     

       52
       52
       +
       	for _, expectedKey := range required.RotationKeys {

     

       53
       53
       +
       		if !slices.Contains(op.RotationKeys, expectedKey) {

     

       54
       54
       +
       			return helpers.InputError(e, nil)

     

       55
       55
       +
       		}

     

       56
       56
       +
       	}

     

       57
       57
       +
       	if op.Services["atproto_pds"].Type != "AtprotoPersonalDataServer" {

     

       58
       58
       +
       		return helpers.InputError(e, nil)

     

       59
       59
       +
       	}

     

       60
       60
       +
       	if op.Services["atproto_pds"].Endpoint != required.Services["atproto_pds"].Endpoint {

     

       61
       61
       +
       		return helpers.InputError(e, nil)

     

       62
       62
       +
       	}

     

       63
       63
       +
       	if op.VerificationMethods["atproto"] != required.VerificationMethods["atproto"] {

     

       64
       64
       +
       		return helpers.InputError(e, nil)

     

       65
       65
       +
       	}

     

       66
       66
       +
       	if op.AlsoKnownAs[0] != required.AlsoKnownAs[0] {

     

       67
       67
       +
       		return helpers.InputError(e, nil)

     

       68
       68
       +
       	}

     

       69
       69
       +
       

     

       70
       70
       +
       	if err := s.plcClient.SendOperation(e.Request().Context(), repo.Repo.Did, &op); err != nil {

     

       71
       71
       +
       		return err

     

       72
       72
       +
       	}

     

       73
       73
       +
       

     

       74
       74
       +
       	if err := s.passport.BustDoc(context.TODO(), repo.Repo.Did); err != nil {

     

       75
       75
       +
       		s.logger.Warn("error busting did doc", "error", err)

     

       76
       76
       +
       	}

     

       77
       77
       +
       

     

       78
       78
       +
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       79
       79
       +
       		RepoIdentity: &atproto.SyncSubscribeRepos_Identity{

     

       80
       80
       +
       			Did:  repo.Repo.Did,

     

       81
       81
       +
       			Seq:  time.Now().UnixMicro(), // TODO: no

     

       82
       82
       +
       			Time: time.Now().Format(util.ISO8601),

     

       83
       83
       +
       		},

     

       84
       84
       +
       	})

     

       85
       85
       +
       

     

       86
       86
       +
       	return nil

     

       87
       87
       +
       }

+2 -11

server/handle_identity_update_handle.go

···

       7
       7
        
       

     

       8
       8
        
       	"github.com/Azure/go-autorest/autorest/to"

     

       9
       9
        
       	"github.com/bluesky-social/indigo/api/atproto"

     

       10
       10
       -
       	"github.com/bluesky-social/indigo/atproto/crypto"

     

       10
       10
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       11
       11
        
       	"github.com/bluesky-social/indigo/events"

     

       12
       12
        
       	"github.com/bluesky-social/indigo/util"

     

       13
       13
        
       	"github.com/haileyok/cocoon/identity"

     
···

       66
       66
        
       			Prev:                &latest.Cid,

     

       67
       67
        
       		}

     

       68
       68
        
       

     

       69
       69
       -
       		k, err := crypto.ParsePrivateBytesK256(repo.SigningKey)

     

       69
       69
       +
       		k, err := atcrypto.ParsePrivateBytesK256(repo.SigningKey)

     

       70
       70
        
       		if err != nil {

     

       71
       71
        
       			s.logger.Error("error parsing signing key", "error", err)

     

       72
       72
        
       			return helpers.ServerError(e, nil)

     
···

       84
       84
        
       	if err := s.passport.BustDoc(context.TODO(), repo.Repo.Did); err != nil {

     

       85
       85
        
       		s.logger.Warn("error busting did doc", "error", err)

     

       86
       86
        
       	}

     

       87
       87
       -
       

     

       88
       88
       -
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       89
       89
       -
       		RepoHandle: &atproto.SyncSubscribeRepos_Handle{

     

       90
       90
       -
       			Did:    repo.Repo.Did,

     

       91
       91
       -
       			Handle: req.Handle,

     

       92
       92
       -
       			Seq:    time.Now().UnixMicro(), // TODO: no

     

       93
       93
       -
       			Time:   time.Now().Format(util.ISO8601),

     

       94
       94
       -
       		},

     

       95
       95
       -
       	})

     

       96
       87
        
       

     

       97
       88
        
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       98
       89
        
       		RepoIdentity: &atproto.SyncSubscribeRepos_Identity{

+9 -8

server/handle_import_repo.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"bytes"

     

       5
       5
       -
       	"context"

     

       6
       5
        
       	"io"

     

       7
       6
        
       	"slices"

     

       8
       7
        
       	"strings"

     
···

       18
       17
        
       )

     

       19
       18
        
       

     

       20
       19
        
       func (s *Server) handleRepoImportRepo(e echo.Context) error {

     

       20
       20
       +
       	ctx := e.Request().Context()

     

       21
       21
       +
       

     

       21
       22
        
       	urepo := e.Get("repo").(*models.RepoActor)

     

       22
       23
        
       

     

       23
       24
        
       	b, err := io.ReadAll(e.Request().Body)

     
···

       52
       53
        
       

     

       53
       54
        
       	slices.Reverse(orderedBlocks)

     

       54
       55
        
       

     

       55
       55
       -
       	if err := bs.PutMany(context.TODO(), orderedBlocks); err != nil {

     

       56
       56
       +
       	if err := bs.PutMany(ctx, orderedBlocks); err != nil {

     

       56
       57
        
       		s.logger.Error("could not insert blocks", "error", err)

     

       57
       58
        
       		return helpers.ServerError(e, nil)

     

       58
       59
        
       	}

     

       59
       60
        
       

     

       60
       60
       -
       	r, err := repo.OpenRepo(context.TODO(), bs, cs.Header.Roots[0])

     

       61
       61
       +
       	r, err := repo.OpenRepo(ctx, bs, cs.Header.Roots[0])

     

       61
       62
        
       	if err != nil {

     

       62
       63
        
       		s.logger.Error("could not open repo", "error", err)

     

       63
       64
        
       		return helpers.ServerError(e, nil)

     
···

       67
       68
        
       

     

       68
       69
        
       	clock := syntax.NewTIDClock(0)

     

       69
       70
        
       

     

       70
       70
       -
       	if err := r.ForEach(context.TODO(), "", func(key string, cid cid.Cid) error {

     

       71
       71
       +
       	if err := r.ForEach(ctx, "", func(key string, cid cid.Cid) error {

     

       71
       72
        
       		pts := strings.Split(key, "/")

     

       72
       73
        
       		nsid := pts[0]

     

       73
       74
        
       		rkey := pts[1]

     

       74
       75
        
       		cidStr := cid.String()

     

       75
       75
       -
       		b, err := bs.Get(context.TODO(), cid)

     

       76
       76
       +
       		b, err := bs.Get(ctx, cid)

     

       76
       77
        
       		if err != nil {

     

       77
       78
        
       			s.logger.Error("record bytes don't exist in blockstore", "error", err)

     

       78
       79
        
       			return helpers.ServerError(e, nil)

     
···

       87
       88
        
       			Value:     b.RawData(),

     

       88
       89
        
       		}

     

       89
       90
        
       

     

       90
       90
       -
       		if err := tx.Create(rec).Error; err != nil {

     

       91
       91
       +
       		if err := tx.Save(rec).Error; err != nil {

     

       91
       92
        
       			return err

     

       92
       93
        
       		}

     

       93
       94
        
       

     
···

       100
       101
        
       

     

       101
       102
        
       	tx.Commit()

     

       102
       103
        
       

     

       103
       103
       -
       	root, rev, err := r.Commit(context.TODO(), urepo.SignFor)

     

       104
       104
       +
       	root, rev, err := r.Commit(ctx, urepo.SignFor)

     

       104
       105
        
       	if err != nil {

     

       105
       106
        
       		s.logger.Error("error committing", "error", err)

     

       106
       107
        
       		return helpers.ServerError(e, nil)

     

       107
       108
        
       	}

     

       108
       109
        
       

     

       109
       109
       -
       	if err := s.UpdateRepo(context.TODO(), urepo.Repo.Did, root, rev); err != nil {

     

       110
       110
       +
       	if err := s.UpdateRepo(ctx, urepo.Repo.Did, root, rev); err != nil {

     

       110
       111
        
       		s.logger.Error("error updating repo after commit", "error", err)

     

       111
       112
        
       		return helpers.ServerError(e, nil)

     

       112
       113
        
       	}

+9 -2

server/handle_oauth_par.go

···

       1
       1
        
       package server

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"errors"

     

       4
       5
        
       	"time"

     

       5
       6
        
       

     

       6
       7
        
       	"github.com/Azure/go-autorest/autorest/to"

     

       7
       8
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       8
       9
        
       	"github.com/haileyok/cocoon/oauth"

     

       9
       10
        
       	"github.com/haileyok/cocoon/oauth/constants"

     

       11
       11
       +
       	"github.com/haileyok/cocoon/oauth/dpop"

     

       10
       12
        
       	"github.com/haileyok/cocoon/oauth/provider"

     

       11
       13
        
       	"github.com/labstack/echo/v4"

     

       12
       14
        
       )

     
···

       31
       33
        
       	// TODO: this seems wrong. should be a way to get the entire request url i believe, but this will work for now

     

       32
       34
        
       	dpopProof, err := s.oauthProvider.DpopManager.CheckProof(e.Request().Method, "https://"+s.config.Hostname+e.Request().URL.String(), e.Request().Header, nil)

     

       33
       35
        
       	if err != nil {

     

       36
       36
       +
       		if errors.Is(err, dpop.ErrUseDpopNonce) {

     

       37
       37
       +
       			return e.JSON(400, map[string]string{

     

       38
       38
       +
       				"error": "use_dpop_nonce",

     

       39
       39
       +
       			})

     

       40
       40
       +
       		}

     

       34
       41
        
       		s.logger.Error("error getting dpop proof", "error", err)

     

       35
       35
       -
       		return helpers.InputError(e, to.StringPtr(err.Error()))

     

       42
       42
       +
       		return helpers.InputError(e, nil)

     

       36
       43
        
       	}

     

       37
       44
        
       

     

       38
       45
        
       	client, clientAuth, err := s.oauthProvider.AuthenticateClient(e.Request().Context(), parRequest.AuthenticateClientRequestBase, dpopProof, &provider.AuthenticateClientOptions{

     
···

       41
       48
        
       		AllowMissingDpopProof: true,

     

       42
       49
        
       	})

     

       43
       50
        
       	if err != nil {

     

       44
       44
       -
       		s.logger.Error("error authenticating client", "error", err)

     

       51
       51
       +
       		s.logger.Error("error authenticating client", "client_id", parRequest.ClientID, "error", err)

     

       45
       52
        
       		return helpers.InputError(e, to.StringPtr(err.Error()))

     

       46
       53
        
       	}

     

       47
       54

+9 -2

server/handle_oauth_token.go

···

       4
       4
        
       	"bytes"

     

       5
       5
        
       	"crypto/sha256"

     

       6
       6
        
       	"encoding/base64"

     

       7
       7
       +
       	"errors"

     

       7
       8
        
       	"fmt"

     

       8
       9
        
       	"slices"

     

       9
       10
        
       	"time"

     
···

       13
       14
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       14
       15
        
       	"github.com/haileyok/cocoon/oauth"

     

       15
       16
        
       	"github.com/haileyok/cocoon/oauth/constants"

     

       17
       17
       +
       	"github.com/haileyok/cocoon/oauth/dpop"

     

       16
       18
        
       	"github.com/haileyok/cocoon/oauth/provider"

     

       17
       19
        
       	"github.com/labstack/echo/v4"

     

       18
       20
        
       )

     
···

       44
       46
        
       

     

       45
       47
        
       	proof, err := s.oauthProvider.DpopManager.CheckProof(e.Request().Method, e.Request().URL.String(), e.Request().Header, nil)

     

       46
       48
        
       	if err != nil {

     

       49
       49
       +
       		if errors.Is(err, dpop.ErrUseDpopNonce) {

     

       50
       50
       +
       			return e.JSON(400, map[string]string{

     

       51
       51
       +
       				"error": "use_dpop_nonce",

     

       52
       52
       +
       			})

     

       53
       53
       +
       		}

     

       47
       54
        
       		s.logger.Error("error getting dpop proof", "error", err)

     

       48
       48
       -
       		return helpers.InputError(e, to.StringPtr(err.Error()))

     

       55
       55
       +
       		return helpers.InputError(e, nil)

     

       49
       56
        
       	}

     

       50
       57
        
       

     

       51
       58
        
       	client, clientAuth, err := s.oauthProvider.AuthenticateClient(e.Request().Context(), req.AuthenticateClientRequestBase, proof, &provider.AuthenticateClientOptions{

     

       52
       59
        
       		AllowMissingDpopProof: true,

     

       53
       60
        
       	})

     

       54
       61
        
       	if err != nil {

     

       55
       55
       -
       		s.logger.Error("error authenticating client", "error", err)

     

       62
       62
       +
       		s.logger.Error("error authenticating client", "client_id", req.ClientID, "error", err)

     

       56
       63
        
       		return helpers.InputError(e, to.StringPtr(err.Error()))

     

       57
       64
        
       	}

     

       58
       65

+17 -4

server/handle_proxy.go

···

       19
       19
        
       

     

       20
       20
        
       func (s *Server) getAtprotoProxyEndpointFromRequest(e echo.Context) (string, string, error) {

     

       21
       21
        
       	svc := e.Request().Header.Get("atproto-proxy")

     

       22
       22
       -
       	if svc == "" {

     

       23
       23
       -
       		svc = s.config.DefaultAtprotoProxy

     

       22
       22
       +
       	if svc == "" && s.config.FallbackProxy != "" {

     

       23
       23
       +
       		svc = s.config.FallbackProxy

     

       24
       24
        
       	}

     

       25
       25
        
       

     

       26
       26
        
       	svcPts := strings.Split(svc, "#")

     
···

       96
       96
        
       

     

       97
       97
        
       		encheader := strings.TrimRight(base64.RawURLEncoding.EncodeToString(hj), "=")

     

       98
       98
        
       

     

       99
       99
       +
       		// When proxying app.bsky.feed.getFeed the token is actually issued for the

     

       100
       100
       +
       		// underlying feed generator and the app view passes it on. This allows the

     

       101
       101
       +
       		// getFeed implementation to pass in the desired lxm and aud for the token

     

       102
       102
       +
       		// and then just delegate to the general proxying logic

     

       103
       103
       +
       		lxm, proxyTokenLxmExists := e.Get("proxyTokenLxm").(string)

     

       104
       104
       +
       		if !proxyTokenLxmExists || lxm == "" {

     

       105
       105
       +
       			lxm = pts[2]

     

       106
       106
       +
       		}

     

       107
       107
       +
       		aud, proxyTokenAudExists := e.Get("proxyTokenAud").(string)

     

       108
       108
       +
       		if !proxyTokenAudExists || aud == "" {

     

       109
       109
       +
       			aud = svcDid

     

       110
       110
       +
       		}

     

       111
       111
       +
       

     

       99
       112
        
       		payload := map[string]any{

     

       100
       113
        
       			"iss": repo.Repo.Did,

     

       101
       101
       -
       			"aud": svcDid,

     

       102
       102
       -
       			"lxm": pts[2],

     

       114
       114
       +
       			"aud": aud,

     

       115
       115
       +
       			"lxm": lxm,

     

       103
       116
        
       			"jti": uuid.NewString(),

     

       104
       117
        
       			"exp": time.Now().Add(1 * time.Minute).UTC().Unix(),

     

       105
       118
        
       		}

+35

server/handle_proxy_get_feed.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       5
       5
       +
       	"github.com/bluesky-social/indigo/api/atproto"

     

       6
       6
       +
       	"github.com/bluesky-social/indigo/api/bsky"

     

       7
       7
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       8
       8
       +
       	"github.com/bluesky-social/indigo/xrpc"

     

       9
       9
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       10
       10
       +
       	"github.com/labstack/echo/v4"

     

       11
       11
       +
       )

     

       12
       12
       +
       

     

       13
       13
       +
       func (s *Server) handleProxyBskyFeedGetFeed(e echo.Context) error {

     

       14
       14
       +
       	feedUri, err := syntax.ParseATURI(e.QueryParam("feed"))

     

       15
       15
       +
       	if err != nil {

     

       16
       16
       +
       		return helpers.InputError(e, to.StringPtr("invalid feed uri"))

     

       17
       17
       +
       	}

     

       18
       18
       +
       

     

       19
       19
       +
       	appViewEndpoint, _, err := s.getAtprotoProxyEndpointFromRequest(e)

     

       20
       20
       +
       	if err != nil {

     

       21
       21
       +
       		e.Logger().Error("could not get atproto proxy", "error", err)

     

       22
       22
       +
       		return helpers.ServerError(e, nil)

     

       23
       23
       +
       	}

     

       24
       24
       +
       

     

       25
       25
       +
       	appViewClient := xrpc.Client{

     

       26
       26
       +
       		Host: appViewEndpoint,

     

       27
       27
       +
       	}

     

       28
       28
       +
       	feedRecord, err := atproto.RepoGetRecord(e.Request().Context(), &appViewClient, "", feedUri.Collection().String(), feedUri.Authority().String(), feedUri.RecordKey().String())

     

       29
       29
       +
       	feedGeneratorDid := feedRecord.Value.Val.(*bsky.FeedGenerator).Did

     

       30
       30
       +
       

     

       31
       31
       +
       	e.Set("proxyTokenLxm", "app.bsky.feed.getFeedSkeleton")

     

       32
       32
       +
       	e.Set("proxyTokenAud", feedGeneratorDid)

     

       33
       33
       +
       

     

       34
       34
       +
       	return s.handleProxy(e)

     

       35
       35
       +
       }

+3 -1

server/handle_repo_apply_writes.go

···

       26
       26
        
       }

     

       27
       27
        
       

     

       28
       28
        
       func (s *Server) handleApplyWrites(e echo.Context) error {

     

       29
       29
       +
       	ctx := e.Request().Context()

     

       30
       30
       +
       

     

       29
       31
        
       	repo := e.Get("repo").(*models.RepoActor)

     

       30
       32
        
       

     

       31
       33
        
       	var req ComAtprotoRepoApplyWritesRequest

     
···

       54
       56
        
       		})

     

       55
       57
        
       	}

     

       56
       58
        
       

     

       57
       57
       -
       	results, err := s.repoman.applyWrites(repo.Repo, ops, req.SwapCommit)

     

       59
       59
       +
       	results, err := s.repoman.applyWrites(ctx, repo.Repo, ops, req.SwapCommit)

     

       58
       60
        
       	if err != nil {

     

       59
       61
        
       		s.logger.Error("error applying writes", "error", err)

     

       60
       62
        
       		return helpers.ServerError(e, nil)

+3 -1

server/handle_repo_create_record.go

···

       17
       17
        
       }

     

       18
       18
        
       

     

       19
       19
        
       func (s *Server) handleCreateRecord(e echo.Context) error {

     

       20
       20
       +
       	ctx := e.Request().Context()

     

       21
       21
       +
       

     

       20
       22
        
       	repo := e.Get("repo").(*models.RepoActor)

     

       21
       23
        
       

     

       22
       24
        
       	var req ComAtprotoRepoCreateRecordRequest

     
···

       40
       42
        
       		optype = OpTypeUpdate

     

       41
       43
        
       	}

     

       42
       44
        
       

     

       43
       43
       -
       	results, err := s.repoman.applyWrites(repo.Repo, []Op{

     

       45
       45
       +
       	results, err := s.repoman.applyWrites(ctx, repo.Repo, []Op{

     

       44
       46
        
       		{

     

       45
       47
        
       			Type:       optype,

     

       46
       48
        
       			Collection: req.Collection,

+3 -1

server/handle_repo_delete_record.go

···

       15
       15
        
       }

     

       16
       16
        
       

     

       17
       17
        
       func (s *Server) handleDeleteRecord(e echo.Context) error {

     

       18
       18
       +
       	ctx := e.Request().Context()

     

       19
       19
       +
       

     

       18
       20
        
       	repo := e.Get("repo").(*models.RepoActor)

     

       19
       21
        
       

     

       20
       22
        
       	var req ComAtprotoRepoDeleteRecordRequest

     
···

       33
       35
        
       		return helpers.InputError(e, nil)

     

       34
       36
        
       	}

     

       35
       37
        
       

     

       36
       36
       -
       	results, err := s.repoman.applyWrites(repo.Repo, []Op{

     

       38
       38
       +
       	results, err := s.repoman.applyWrites(ctx, repo.Repo, []Op{

     

       37
       39
        
       		{

     

       38
       40
        
       			Type:       OpTypeDelete,

     

       39
       41
        
       			Collection: req.Collection,

+2 -2

server/handle_repo_get_record.go

···

       1
       1
        
       package server

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       -
       	"github.com/bluesky-social/indigo/atproto/data"

     

       4
       4
       +
       	"github.com/bluesky-social/indigo/atproto/atdata"

     

       5
       5
        
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       6
       6
        
       	"github.com/haileyok/cocoon/models"

     

       7
       7
        
       	"github.com/labstack/echo/v4"

     
···

       37
       37
        
       		return err

     

       38
       38
        
       	}

     

       39
       39
        
       

     

       40
       40
       -
       	val, err := data.UnmarshalCBOR(record.Value)

     

       40
       40
       +
       	val, err := atdata.UnmarshalCBOR(record.Value)

     

       41
       41
        
       	if err != nil {

     

       42
       42
        
       		return s.handleProxy(e) // TODO: this should be getting handled like...if we don't find it in the db. why doesn't it throw error up there?

     

       43
       43
        
       	}

+2 -2

server/handle_repo_list_records.go

···

       4
       4
        
       	"strconv"

     

       5
       5
        
       

     

       6
       6
        
       	"github.com/Azure/go-autorest/autorest/to"

     

       7
       7
       -
       	"github.com/bluesky-social/indigo/atproto/data"

     

       7
       7
       +
       	"github.com/bluesky-social/indigo/atproto/atdata"

     

       8
       8
        
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       9
       9
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       10
       10
        
       	"github.com/haileyok/cocoon/models"

     
···

       100
       100
        
       

     

       101
       101
        
       	items := []ComAtprotoRepoListRecordsRecordItem{}

     

       102
       102
        
       	for _, r := range records {

     

       103
       103
       -
       		val, err := data.UnmarshalCBOR(r.Value)

     

       103
       103
       +
       		val, err := atdata.UnmarshalCBOR(r.Value)

     

       104
       104
        
       		if err != nil {

     

       105
       105
        
       			return err

     

       106
       106
        
       		}

+2 -2

server/handle_repo_list_repos.go

···

       37
       37
        
       			Did:    r.Did,

     

       38
       38
        
       			Head:   c.String(),

     

       39
       39
        
       			Rev:    r.Rev,

     

       40
       40
       -
       			Active: true,

     

       41
       41
       -
       			Status: nil,

     

       40
       40
       +
       			Active: r.Active(),

     

       41
       41
       +
       			Status: r.Status(),

     

       42
       42
        
       		})

     

       43
       43
        
       	}

     

       44
       44

+3 -1

server/handle_repo_put_record.go

···

       17
       17
        
       }

     

       18
       18
        
       

     

       19
       19
        
       func (s *Server) handlePutRecord(e echo.Context) error {

     

       20
       20
       +
       	ctx := e.Request().Context()

     

       21
       21
       +
       

     

       20
       22
        
       	repo := e.Get("repo").(*models.RepoActor)

     

       21
       23
        
       

     

       22
       24
        
       	var req ComAtprotoRepoPutRecordRequest

     
···

       40
       42
        
       		optype = OpTypeUpdate

     

       41
       43
        
       	}

     

       42
       44
        
       

     

       43
       43
       -
       	results, err := s.repoman.applyWrites(repo.Repo, []Op{

     

       45
       45
       +
       	results, err := s.repoman.applyWrites(ctx, repo.Repo, []Op{

     

       44
       46
        
       		{

     

       45
       47
        
       			Type:       optype,

     

       46
       48
        
       			Collection: req.Collection,

+50 -8

server/handle_repo_upload_blob.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"bytes"

     

       5
       5
       +
       	"fmt"

     

       5
       6
        
       	"io"

     

       6
       7
        
       

     

       8
       8
       +
       	"github.com/aws/aws-sdk-go/aws"

     

       9
       9
       +
       	"github.com/aws/aws-sdk-go/aws/credentials"

     

       10
       10
       +
       	"github.com/aws/aws-sdk-go/aws/session"

     

       11
       11
       +
       	"github.com/aws/aws-sdk-go/service/s3"

     

       7
       12
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       8
       13
        
       	"github.com/haileyok/cocoon/models"

     

       9
       14
        
       	"github.com/ipfs/go-cid"

     
···

       34
       39
        
       		mime = "application/octet-stream"

     

       35
       40
        
       	}

     

       36
       41
        
       

     

       42
       42
       +
       	storage := "sqlite"

     

       43
       43
       +
       	s3Upload := s.s3Config != nil && s.s3Config.BlobstoreEnabled

     

       44
       44
       +
       	if s3Upload {

     

       45
       45
       +
       		storage = "s3"

     

       46
       46
       +
       	}

     

       37
       47
        
       	blob := models.Blob{

     

       38
       48
        
       		Did:       urepo.Repo.Did,

     

       39
       49
        
       		RefCount:  0,

     

       40
       50
        
       		CreatedAt: s.repoman.clock.Next().String(),

     

       51
       51
       +
       		Storage:   storage,

     

       41
       52
        
       	}

     

       42
       53
        
       

     

       43
       54
        
       	if err := s.db.Create(&blob, nil).Error; err != nil {

     
···

       66
       77
        
       		read += n

     

       67
       78
        
       		fulldata.Write(data)

     

       68
       79
        
       

     

       69
       69
       -
       		blobPart := models.BlobPart{

     

       70
       70
       -
       			BlobID: blob.ID,

     

       71
       71
       -
       			Idx:    part,

     

       72
       72
       -
       			Data:   data,

     

       73
       73
       -
       		}

     

       80
       80
       +
       		if !s3Upload {

     

       81
       81
       +
       			blobPart := models.BlobPart{

     

       82
       82
       +
       				BlobID: blob.ID,

     

       83
       83
       +
       				Idx:    part,

     

       84
       84
       +
       				Data:   data,

     

       85
       85
       +
       			}

     

       74
       86
        
       

     

       75
       75
       -
       		if err := s.db.Create(&blobPart, nil).Error; err != nil {

     

       76
       76
       -
       			s.logger.Error("error adding blob part to db", "error", err)

     

       77
       77
       -
       			return helpers.ServerError(e, nil)

     

       87
       87
       +
       			if err := s.db.Create(&blobPart, nil).Error; err != nil {

     

       88
       88
       +
       				s.logger.Error("error adding blob part to db", "error", err)

     

       89
       89
       +
       				return helpers.ServerError(e, nil)

     

       90
       90
       +
       			}

     

       78
       91
        
       		}

     

       79
       92
        
       		part++

     

       80
       93
        
       

     
···

       87
       100
        
       	if err != nil {

     

       88
       101
        
       		s.logger.Error("error creating cid prefix", "error", err)

     

       89
       102
        
       		return helpers.ServerError(e, nil)

     

       103
       103
       +
       	}

     

       104
       104
       +
       

     

       105
       105
       +
       	if s3Upload {

     

       106
       106
       +
       		config := &aws.Config{

     

       107
       107
       +
       			Region:      aws.String(s.s3Config.Region),

     

       108
       108
       +
       			Credentials: credentials.NewStaticCredentials(s.s3Config.AccessKey, s.s3Config.SecretKey, ""),

     

       109
       109
       +
       		}

     

       110
       110
       +
       

     

       111
       111
       +
       		if s.s3Config.Endpoint != "" {

     

       112
       112
       +
       			config.Endpoint = aws.String(s.s3Config.Endpoint)

     

       113
       113
       +
       			config.S3ForcePathStyle = aws.Bool(true)

     

       114
       114
       +
       		}

     

       115
       115
       +
       

     

       116
       116
       +
       		sess, err := session.NewSession(config)

     

       117
       117
       +
       		if err != nil {

     

       118
       118
       +
       			s.logger.Error("error creating aws session", "error", err)

     

       119
       119
       +
       			return helpers.ServerError(e, nil)

     

       120
       120
       +
       		}

     

       121
       121
       +
       

     

       122
       122
       +
       		svc := s3.New(sess)

     

       123
       123
       +
       

     

       124
       124
       +
       		if _, err := svc.PutObject(&s3.PutObjectInput{

     

       125
       125
       +
       			Bucket: aws.String(s.s3Config.Bucket),

     

       126
       126
       +
       			Key:    aws.String(fmt.Sprintf("blobs/%s/%s", urepo.Repo.Did, c.String())),

     

       127
       127
       +
       			Body:   bytes.NewReader(fulldata.Bytes()),

     

       128
       128
       +
       		}); err != nil {

     

       129
       129
       +
       			s.logger.Error("error uploading blob to s3", "error", err)

     

       130
       130
       +
       			return helpers.ServerError(e, nil)

     

       131
       131
       +
       		}

     

       90
       132
        
       	}

     

       91
       133
        
       

     

       92
       134
        
       	if err := s.db.Exec("UPDATE blobs SET cid = ? WHERE id = ?", nil, c.Bytes(), blob.ID).Error; err != nil {

+45

server/handle_server_activate_account.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"time"

     

       6
       6
       +
       

     

       7
       7
       +
       	"github.com/bluesky-social/indigo/api/atproto"

     

       8
       8
       +
       	"github.com/bluesky-social/indigo/events"

     

       9
       9
       +
       	"github.com/bluesky-social/indigo/util"

     

       10
       10
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       11
       11
       +
       	"github.com/haileyok/cocoon/models"

     

       12
       12
       +
       	"github.com/labstack/echo/v4"

     

       13
       13
       +
       )

     

       14
       14
       +
       

     

       15
       15
       +
       type ComAtprotoServerActivateAccountRequest struct {

     

       16
       16
       +
       	// NOTE: this implementation will not pay attention to this value

     

       17
       17
       +
       	DeleteAfter time.Time `json:"deleteAfter"`

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       func (s *Server) handleServerActivateAccount(e echo.Context) error {

     

       21
       21
       +
       	var req ComAtprotoServerDeactivateAccountRequest

     

       22
       22
       +
       	if err := e.Bind(&req); err != nil {

     

       23
       23
       +
       		s.logger.Error("error binding", "error", err)

     

       24
       24
       +
       		return helpers.ServerError(e, nil)

     

       25
       25
       +
       	}

     

       26
       26
       +
       

     

       27
       27
       +
       	urepo := e.Get("repo").(*models.RepoActor)

     

       28
       28
       +
       

     

       29
       29
       +
       	if err := s.db.Exec("UPDATE repos SET deactivated = ? WHERE did = ?", nil, false, urepo.Repo.Did).Error; err != nil {

     

       30
       30
       +
       		s.logger.Error("error updating account status to deactivated", "error", err)

     

       31
       31
       +
       		return helpers.ServerError(e, nil)

     

       32
       32
       +
       	}

     

       33
       33
       +
       

     

       34
       34
       +
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       35
       35
       +
       		RepoAccount: &atproto.SyncSubscribeRepos_Account{

     

       36
       36
       +
       			Active: true,

     

       37
       37
       +
       			Did:    urepo.Repo.Did,

     

       38
       38
       +
       			Status: nil,

     

       39
       39
       +
       			Seq:    time.Now().UnixMicro(), // TODO: bad puppy

     

       40
       40
       +
       			Time:   time.Now().Format(util.ISO8601),

     

       41
       41
       +
       		},

     

       42
       42
       +
       	})

     

       43
       43
       +
       

     

       44
       44
       +
       	return e.NoContent(200)

     

       45
       45
       +
       }

+46 -15

server/handle_server_check_account_status.go

···

       1
       1
        
       package server

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"errors"

     

       5
       5
       +
       	"sync"

     

       6
       6
       +
       

     

       7
       7
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       4
       8
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       5
       9
        
       	"github.com/haileyok/cocoon/models"

     

       6
       10
        
       	"github.com/ipfs/go-cid"

     
···

       22
       26
        
       func (s *Server) handleServerCheckAccountStatus(e echo.Context) error {

     

       23
       27
        
       	urepo := e.Get("repo").(*models.RepoActor)

     

       24
       28
        
       

     

       29
       29
       +
       	_, didErr := syntax.ParseDID(urepo.Repo.Did)

     

       30
       30
       +
       	if didErr != nil {

     

       31
       31
       +
       		s.logger.Error("error validating did", "err", didErr)

     

       32
       32
       +
       	}

     

       33
       33
       +
       

     

       25
       34
        
       	resp := ComAtprotoServerCheckAccountStatusResponse{

     

       26
       35
        
       		Activated:     true, // TODO: should allow for deactivation etc.

     

       27
       27
       -
       		ValidDid:      true, // TODO: should probably verify?

     

       36
       36
       +
       		ValidDid:      didErr == nil,

     

       28
       37
        
       		RepoRev:       urepo.Rev,

     

       29
       38
        
       		ImportedBlobs: 0, // TODO: ???

     

       30
       39
        
       	}

     
···

       34
       43
        
       		s.logger.Error("error casting cid", "error", err)

     

       35
       44
        
       		return helpers.ServerError(e, nil)

     

       36
       45
        
       	}

     

       46
       46
       +
       

     

       37
       47
        
       	resp.RepoCommit = rootcid.String()

     

       38
       48
        
       

     

       39
       49
        
       	type CountResp struct {

     
···

       41
       51
        
       	}

     

       42
       52
        
       

     

       43
       53
        
       	var blockCtResp CountResp

     

       44
       44
       -
       	if err := s.db.Raw("SELECT COUNT(*) AS ct FROM blocks WHERE did = ?", nil, urepo.Repo.Did).Scan(&blockCtResp).Error; err != nil {

     

       45
       45
       -
       		s.logger.Error("error getting block count", "error", err)

     

       46
       46
       -
       		return helpers.ServerError(e, nil)

     

       47
       47
       -
       	}

     

       48
       48
       -
       	resp.RepoBlocks = blockCtResp.Ct

     

       54
       54
       +
       	var recCtResp CountResp

     

       55
       55
       +
       	var blobCtResp CountResp

     

       56
       56
       +
       

     

       57
       57
       +
       	var wg sync.WaitGroup

     

       58
       58
       +
       	var procErr error

     

       59
       59
       +
       

     

       60
       60
       +
       	wg.Add(1)

     

       61
       61
       +
       	go func() {

     

       62
       62
       +
       		defer wg.Done()

     

       63
       63
       +
       		if err := s.db.Raw("SELECT COUNT(*) AS ct FROM blocks WHERE did = ?", nil, urepo.Repo.Did).Scan(&blockCtResp).Error; err != nil {

     

       64
       64
       +
       			s.logger.Error("error getting block count", "error", err)

     

       65
       65
       +
       			procErr = errors.Join(procErr, err)

     

       66
       66
       +
       		}

     

       67
       67
       +
       	}()

     

       68
       68
       +
       

     

       69
       69
       +
       	wg.Add(1)

     

       70
       70
       +
       	go func() {

     

       71
       71
       +
       		defer wg.Done()

     

       72
       72
       +
       		if err := s.db.Raw("SELECT COUNT(*) AS ct FROM records WHERE did = ?", nil, urepo.Repo.Did).Scan(&recCtResp).Error; err != nil {

     

       73
       73
       +
       			s.logger.Error("error getting record count", "error", err)

     

       74
       74
       +
       			procErr = errors.Join(procErr, err)

     

       75
       75
       +
       		}

     

       76
       76
       +
       	}()

     

       49
       77
        
       

     

       50
       50
       -
       	var recCtResp CountResp

     

       51
       51
       -
       	if err := s.db.Raw("SELECT COUNT(*) AS ct FROM records WHERE did = ?", nil, urepo.Repo.Did).Scan(&recCtResp).Error; err != nil {

     

       52
       52
       -
       		s.logger.Error("error getting record count", "error", err)

     

       53
       53
       -
       		return helpers.ServerError(e, nil)

     

       54
       54
       -
       	}

     

       55
       55
       -
       	resp.IndexedRecords = recCtResp.Ct

     

       78
       78
       +
       	wg.Add(1)

     

       79
       79
       +
       	go func() {

     

       80
       80
       +
       		if err := s.db.Raw("SELECT COUNT(*) AS ct FROM blobs WHERE did = ?", nil, urepo.Repo.Did).Scan(&blobCtResp).Error; err != nil {

     

       81
       81
       +
       			s.logger.Error("error getting expected blobs count", "error", err)

     

       82
       82
       +
       			procErr = errors.Join(procErr, err)

     

       83
       83
       +
       		}

     

       84
       84
       +
       	}()

     

       56
       85
        
       

     

       57
       57
       -
       	var blobCtResp CountResp

     

       58
       58
       -
       	if err := s.db.Raw("SELECT COUNT(*) AS ct FROM blobs WHERE did = ?", nil, urepo.Repo.Did).Scan(&blobCtResp).Error; err != nil {

     

       59
       59
       -
       		s.logger.Error("error getting record count", "error", err)

     

       86
       86
       +
       	wg.Wait()

     

       87
       87
       +
       	if procErr != nil {

     

       60
       88
        
       		return helpers.ServerError(e, nil)

     

       61
       89
        
       	}

     

       90
       90
       +
       

     

       91
       91
       +
       	resp.RepoBlocks = blockCtResp.Ct

     

       92
       92
       +
       	resp.IndexedRecords = recCtResp.Ct

     

       62
       93
        
       	resp.ExpectedBlobs = blobCtResp.Ct

     

       63
       94
        
       

     

       64
       95
        
       	return e.JSON(200, resp)

+47 -46

server/handle_server_create_account.go

···

       9
       9
        
       

     

       10
       10
        
       	"github.com/Azure/go-autorest/autorest/to"

     

       11
       11
        
       	"github.com/bluesky-social/indigo/api/atproto"

     

       12
       12
       -
       	"github.com/bluesky-social/indigo/atproto/crypto"

     

       13
       13
       -
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       12
       12
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       14
       13
        
       	"github.com/bluesky-social/indigo/events"

     

       15
       14
        
       	"github.com/bluesky-social/indigo/repo"

     

       16
       15
        
       	"github.com/bluesky-social/indigo/util"

     
···

       39
       38
        
       func (s *Server) handleCreateAccount(e echo.Context) error {

     

       40
       39
        
       	var request ComAtprotoServerCreateAccountRequest

     

       41
       40
        
       

     

       42
       42
       -
       	var signupDid string

     

       43
       43
       -
       	customDidHeader := e.Request().Header.Get("authorization")

     

       44
       44
       -
       	if customDidHeader != "" {

     

       45
       45
       -
       		pts := strings.Split(customDidHeader, " ")

     

       46
       46
       -
       		if len(pts) != 2 {

     

       47
       47
       -
       			return helpers.InputError(e, to.StringPtr("InvalidDid"))

     

       48
       48
       -
       		}

     

       49
       49
       -
       

     

       50
       50
       -
       		_, err := syntax.ParseDID(pts[1])

     

       51
       51
       -
       		if err != nil {

     

       52
       52
       -
       			return helpers.InputError(e, to.StringPtr("InvalidDid"))

     

       53
       53
       -
       		}

     

       54
       54
       -
       

     

       55
       55
       -
       		signupDid = pts[1]

     

       56
       56
       -
       	}

     

       57
       57
       -
       

     

       58
       41
        
       	if err := e.Bind(&request); err != nil {

     

       59
       42
        
       		s.logger.Error("error receiving request", "endpoint", "com.atproto.server.createAccount", "error", err)

     

       60
       43
        
       		return helpers.ServerError(e, nil)

     
···

       85
       68
        
       			}

     

       86
       69
        
       		}

     

       87
       70
        
       	}

     

       71
       71
       +
       	

     

       72
       72
       +
       	var signupDid string

     

       73
       73
       +
       	if request.Did != nil {

     

       74
       74
       +
       		signupDid = *request.Did;

     

       75
       75
       +
       		

     

       76
       76
       +
       		token := strings.TrimSpace(strings.Replace(e.Request().Header.Get("authorization"), "Bearer ", "", 1))

     

       77
       77
       +
       		if token == "" {

     

       78
       78
       +
       			return helpers.UnauthorizedError(e, to.StringPtr("must authenticate to use an existing did"))

     

       79
       79
       +
       		}

     

       80
       80
       +
       		authDid, err := s.validateServiceAuth(e.Request().Context(), token, "com.atproto.server.createAccount")

     

       81
       81
       +
       

     

       82
       82
       +
       		if err != nil {

     

       83
       83
       +
       			s.logger.Warn("error validating authorization token", "endpoint", "com.atproto.server.createAccount", "error", err)

     

       84
       84
       +
       			return helpers.UnauthorizedError(e, to.StringPtr("invalid authorization token"))

     

       85
       85
       +
       		}

     

       86
       86
       +
       

     

       87
       87
       +
       		if authDid != signupDid {

     

       88
       88
       +
       			return helpers.ForbiddenError(e, to.StringPtr("auth did did not match signup did"))

     

       89
       89
       +
       		}

     

       90
       90
       +
       	}

     

       88
       91
        
       

     

       89
       92
        
       	// see if the handle is already taken

     

       90
       90
       -
       	_, err := s.getActorByHandle(request.Handle)

     

       93
       93
       +
       	actor, err := s.getActorByHandle(request.Handle)

     

       91
       94
        
       	if err != nil && err != gorm.ErrRecordNotFound {

     

       92
       95
        
       		s.logger.Error("error looking up handle in db", "endpoint", "com.atproto.server.createAccount", "error", err)

     

       93
       96
        
       		return helpers.ServerError(e, nil)

     

       94
       97
        
       	}

     

       95
       95
       -
       	if err == nil {

     

       98
       98
       +
       	if err == nil && actor.Did != signupDid {

     

       96
       99
        
       		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))

     

       97
       100
        
       	}

     

       98
       101
        
       

     

       99
       99
       -
       	if did, err := s.passport.ResolveHandle(e.Request().Context(), request.Handle); err == nil && did != "" {

     

       102
       102
       +
       	if did, err := s.passport.ResolveHandle(e.Request().Context(), request.Handle); err == nil && did != signupDid {

     

       100
       103
        
       		return helpers.InputError(e, to.StringPtr("HandleNotAvailable"))

     

       101
       104
        
       	}

     

       102
       105
        
       

     
···

       114
       117
        
       	}

     

       115
       118
        
       

     

       116
       119
        
       	// see if the email is already taken

     

       117
       117
       -
       	_, err = s.getRepoByEmail(request.Email)

     

       120
       120
       +
       	existingRepo, err := s.getRepoByEmail(request.Email)

     

       118
       121
        
       	if err != nil && err != gorm.ErrRecordNotFound {

     

       119
       122
        
       		s.logger.Error("error looking up email in db", "endpoint", "com.atproto.server.createAccount", "error", err)

     

       120
       123
        
       		return helpers.ServerError(e, nil)

     

       121
       124
        
       	}

     

       122
       122
       -
       	if err == nil {

     

       125
       125
       +
       	if err == nil && existingRepo.Did != signupDid {

     

       123
       126
        
       		return helpers.InputError(e, to.StringPtr("EmailNotAvailable"))

     

       124
       127
        
       	}

     

       125
       128
        
       

     

       126
       129
        
       	// TODO: unsupported domains

     

       127
       130
        
       

     

       128
       128
       -
       	k, err := crypto.GeneratePrivateKeyK256()

     

       131
       131
       +
       	k, err := atcrypto.GeneratePrivateKeyK256()

     

       129
       132
        
       	if err != nil {

     

       130
       133
        
       		s.logger.Error("error creating signing key", "endpoint", "com.atproto.server.createAccount", "error", err)

     

       131
       134
        
       		return helpers.ServerError(e, nil)

     
···

       160
       163
        
       		SigningKey:            k.Bytes(),

     

       161
       164
        
       	}

     

       162
       165
        
       

     

       163
       163
       -
       	actor := models.Actor{

     

       164
       164
       -
       		Did:    signupDid,

     

       165
       165
       -
       		Handle: request.Handle,

     

       166
       166
       -
       	}

     

       166
       166
       +
       	if actor == nil {

     

       167
       167
       +
       		actor = &models.Actor{

     

       168
       168
       +
       			Did:    signupDid,

     

       169
       169
       +
       			Handle: request.Handle,

     

       170
       170
       +
       		}

     

       167
       171
        
       

     

       168
       168
       -
       	if err := s.db.Create(&urepo, nil).Error; err != nil {

     

       169
       169
       -
       		s.logger.Error("error inserting new repo", "error", err)

     

       170
       170
       -
       		return helpers.ServerError(e, nil)

     

       171
       171
       -
       	}

     

       172
       172
       -
       

     

       173
       173
       -
       	if err := s.db.Create(&actor, nil).Error; err != nil {

     

       174
       174
       -
       		s.logger.Error("error inserting new actor", "error", err)

     

       175
       175
       -
       		return helpers.ServerError(e, nil)

     

       172
       172
       +
       		if err := s.db.Create(&urepo, nil).Error; err != nil {

     

       173
       173
       +
       			s.logger.Error("error inserting new repo", "error", err)

     

       174
       174
       +
       			return helpers.ServerError(e, nil)

     

       175
       175
       +
       		}

     

       176
       176
       +
       	

     

       177
       177
       +
       		if err := s.db.Create(&actor, nil).Error; err != nil {

     

       178
       178
       +
       			s.logger.Error("error inserting new actor", "error", err)

     

       179
       179
       +
       			return helpers.ServerError(e, nil)

     

       180
       180
       +
       		}

     

       181
       181
       +
       	} else {

     

       182
       182
       +
       		if err := s.db.Save(&actor, nil).Error; err != nil {

     

       183
       183
       +
       			s.logger.Error("error inserting new actor", "error", err)

     

       184
       184
       +
       			return helpers.ServerError(e, nil)

     

       185
       185
       +
       		}

     

       176
       186
        
       	}

     

       177
       187
        
       

     

       178
       178
       -
       	if customDidHeader == "" {

     

       188
       188
       +
       	if request.Did == nil || *request.Did == "" {

     

       179
       189
        
       		bs := s.getBlockstore(signupDid)

     

       180
       190
        
       		r := repo.NewRepo(context.TODO(), signupDid, bs)

     

       181
       191
        
       

     
···

       189
       199
        
       			s.logger.Error("error updating repo after commit", "error", err)

     

       190
       200
        
       			return helpers.ServerError(e, nil)

     

       191
       201
        
       		}

     

       192
       192
       -
       

     

       193
       193
       -
       		s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       194
       194
       -
       			RepoHandle: &atproto.SyncSubscribeRepos_Handle{

     

       195
       195
       -
       				Did:    urepo.Did,

     

       196
       196
       -
       				Handle: request.Handle,

     

       197
       197
       -
       				Seq:    time.Now().UnixMicro(), // TODO: no

     

       198
       198
       -
       				Time:   time.Now().Format(util.ISO8601),

     

       199
       199
       -
       			},

     

       200
       200
       -
       		})

     

       201
       202
        
       

     

       202
       203
        
       		s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       203
       204
        
       			RepoIdentity: &atproto.SyncSubscribeRepos_Identity{

+2 -2

server/handle_server_create_session.go

···

       102
       102
        
       		Email:           repo.Email,

     

       103
       103
        
       		EmailConfirmed:  repo.EmailConfirmedAt != nil,

     

       104
       104
        
       		EmailAuthFactor: false,

     

       105
       105
       -
       		Active:          true, // TODO: eventually do takedowns

     

       106
       106
       -
       		Status:          nil,  // TODO eventually do takedowns

     

       105
       105
       +
       		Active:          repo.Active(),

     

       106
       106
       +
       		Status:          repo.Status(),

     

       107
       107
        
       	})

     

       108
       108
        
       }

+46

server/handle_server_deactivate_account.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"time"

     

       6
       6
       +
       

     

       7
       7
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       8
       8
       +
       	"github.com/bluesky-social/indigo/api/atproto"

     

       9
       9
       +
       	"github.com/bluesky-social/indigo/events"

     

       10
       10
       +
       	"github.com/bluesky-social/indigo/util"

     

       11
       11
       +
       	"github.com/haileyok/cocoon/internal/helpers"

     

       12
       12
       +
       	"github.com/haileyok/cocoon/models"

     

       13
       13
       +
       	"github.com/labstack/echo/v4"

     

       14
       14
       +
       )

     

       15
       15
       +
       

     

       16
       16
       +
       type ComAtprotoServerDeactivateAccountRequest struct {

     

       17
       17
       +
       	// NOTE: this implementation will not pay attention to this value

     

       18
       18
       +
       	DeleteAfter time.Time `json:"deleteAfter"`

     

       19
       19
       +
       }

     

       20
       20
       +
       

     

       21
       21
       +
       func (s *Server) handleServerDeactivateAccount(e echo.Context) error {

     

       22
       22
       +
       	var req ComAtprotoServerDeactivateAccountRequest

     

       23
       23
       +
       	if err := e.Bind(&req); err != nil {

     

       24
       24
       +
       		s.logger.Error("error binding", "error", err)

     

       25
       25
       +
       		return helpers.ServerError(e, nil)

     

       26
       26
       +
       	}

     

       27
       27
       +
       

     

       28
       28
       +
       	urepo := e.Get("repo").(*models.RepoActor)

     

       29
       29
       +
       

     

       30
       30
       +
       	if err := s.db.Exec("UPDATE repos SET deactivated = ? WHERE did = ?", nil, true, urepo.Repo.Did).Error; err != nil {

     

       31
       31
       +
       		s.logger.Error("error updating account status to deactivated", "error", err)

     

       32
       32
       +
       		return helpers.ServerError(e, nil)

     

       33
       33
       +
       	}

     

       34
       34
       +
       

     

       35
       35
       +
       	s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       36
       36
       +
       		RepoAccount: &atproto.SyncSubscribeRepos_Account{

     

       37
       37
       +
       			Active: false,

     

       38
       38
       +
       			Did:    urepo.Repo.Did,

     

       39
       39
       +
       			Status: to.StringPtr("deactivated"),

     

       40
       40
       +
       			Seq:    time.Now().UnixMicro(), // TODO: bad puppy

     

       41
       41
       +
       			Time:   time.Now().Format(util.ISO8601),

     

       42
       42
       +
       		},

     

       43
       43
       +
       	})

     

       44
       44
       +
       

     

       45
       45
       +
       	return e.NoContent(200)

     

       46
       46
       +
       }

+2 -2

server/handle_server_get_session.go

···

       24
       24
        
       		Email:           repo.Email,

     

       25
       25
        
       		EmailConfirmed:  repo.EmailConfirmedAt != nil,

     

       26
       26
        
       		EmailAuthFactor: false, // TODO: todo todo

     

       27
       27
       -
       		Active:          true,

     

       28
       28
       -
       		Status:          nil,

     

       27
       27
       +
       		Active:          repo.Active(),

     

       28
       28
       +
       		Status:          repo.Status(),

     

       29
       29
        
       	})

     

       30
       30
        
       }

+2 -2

server/handle_server_refresh_session.go

···

       40
       40
        
       		RefreshJwt: sess.RefreshToken,

     

       41
       41
        
       		Handle:     repo.Handle,

     

       42
       42
        
       		Did:        repo.Repo.Did,

     

       43
       43
       -
       		Active:     true,

     

       44
       44
       -
       		Status:     nil,

     

       43
       43
       +
       		Active:     repo.Active(),

     

       44
       44
       +
       		Status:     repo.Status(),

     

       45
       45
        
       	})

     

       46
       46
        
       }

+84 -8

server/handle_sync_get_blob.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"bytes"

     

       5
       5
       +
       	"fmt"

     

       6
       6
       +
       	"io"

     

       5
       7
        
       

     

       8
       8
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       9
       9
       +
       	"github.com/aws/aws-sdk-go/aws"

     

       10
       10
       +
       	"github.com/aws/aws-sdk-go/aws/credentials"

     

       11
       11
       +
       	"github.com/aws/aws-sdk-go/aws/session"

     

       12
       12
       +
       	"github.com/aws/aws-sdk-go/service/s3"

     

       6
       13
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       7
       14
        
       	"github.com/haileyok/cocoon/models"

     

       8
       15
        
       	"github.com/ipfs/go-cid"

     
···

       25
       32
        
       		return helpers.InputError(e, nil)

     

       26
       33
        
       	}

     

       27
       34
        
       

     

       35
       35
       +
       	urepo, err := s.getRepoActorByDid(did)

     

       36
       36
       +
       	if err != nil {

     

       37
       37
       +
       		s.logger.Error("could not find user for requested blob", "error", err)

     

       38
       38
       +
       		return helpers.InputError(e, nil)

     

       39
       39
       +
       	}

     

       40
       40
       +
       

     

       41
       41
       +
       	status := urepo.Status()

     

       42
       42
       +
       	if status != nil {

     

       43
       43
       +
       		if *status == "deactivated" {

     

       44
       44
       +
       			return helpers.InputError(e, to.StringPtr("RepoDeactivated"))

     

       45
       45
       +
       		}

     

       46
       46
       +
       	}

     

       47
       47
       +
       

     

       28
       48
        
       	var blob models.Blob

     

       29
       49
        
       	if err := s.db.Raw("SELECT * FROM blobs WHERE did = ? AND cid = ?", nil, did, c.Bytes()).Scan(&blob).Error; err != nil {

     

       30
       50
        
       		s.logger.Error("error looking up blob", "error", err)

     
···

       33
       53
        
       

     

       34
       54
        
       	buf := new(bytes.Buffer)

     

       35
       55
        
       

     

       36
       36
       -
       	var parts []models.BlobPart

     

       37
       37
       -
       	if err := s.db.Raw("SELECT * FROM blob_parts WHERE blob_id = ? ORDER BY idx", nil, blob.ID).Scan(&parts).Error; err != nil {

     

       38
       38
       -
       		s.logger.Error("error getting blob parts", "error", err)

     

       39
       39
       -
       		return helpers.ServerError(e, nil)

     

       40
       40
       -
       	}

     

       56
       56
       +
       	if blob.Storage == "sqlite" {

     

       57
       57
       +
       		var parts []models.BlobPart

     

       58
       58
       +
       		if err := s.db.Raw("SELECT * FROM blob_parts WHERE blob_id = ? ORDER BY idx", nil, blob.ID).Scan(&parts).Error; err != nil {

     

       59
       59
       +
       			s.logger.Error("error getting blob parts", "error", err)

     

       60
       60
       +
       			return helpers.ServerError(e, nil)

     

       61
       61
       +
       		}

     

       62
       62
       +
       

     

       63
       63
       +
       		// TODO: we can just stream this, don't need to make a buffer

     

       64
       64
       +
       		for _, p := range parts {

     

       65
       65
       +
       			buf.Write(p.Data)

     

       66
       66
       +
       		}

     

       67
       67
       +
       	} else if blob.Storage == "s3" {

     

       68
       68
       +
       		if  !(s.s3Config != nil && s.s3Config.BlobstoreEnabled) {

     

       69
       69
       +
       			s.logger.Error("s3 storage disabled")

     

       70
       70
       +
       			return helpers.ServerError(e, nil)

     

       71
       71
       +
       		}

     

       41
       72
        
       

     

       42
       42
       -
       	// TODO: we can just stream this, don't need to make a buffer

     

       43
       43
       -
       	for _, p := range parts {

     

       44
       44
       -
       		buf.Write(p.Data)

     

       73
       73
       +
       		config := &aws.Config{

     

       74
       74
       +
       			Region:      aws.String(s.s3Config.Region),

     

       75
       75
       +
       			Credentials: credentials.NewStaticCredentials(s.s3Config.AccessKey, s.s3Config.SecretKey, ""),

     

       76
       76
       +
       		}

     

       77
       77
       +
       

     

       78
       78
       +
       		if s.s3Config.Endpoint != "" {

     

       79
       79
       +
       			config.Endpoint = aws.String(s.s3Config.Endpoint)

     

       80
       80
       +
       			config.S3ForcePathStyle = aws.Bool(true)

     

       81
       81
       +
       		}

     

       82
       82
       +
       

     

       83
       83
       +
       		sess, err := session.NewSession(config)

     

       84
       84
       +
       		if err != nil {

     

       85
       85
       +
       			s.logger.Error("error creating aws session", "error", err)

     

       86
       86
       +
       			return helpers.ServerError(e, nil)

     

       87
       87
       +
       		}

     

       88
       88
       +
       

     

       89
       89
       +
       		svc := s3.New(sess)

     

       90
       90
       +
       		if result, err := svc.GetObject(&s3.GetObjectInput{

     

       91
       91
       +
       			Bucket: aws.String(s.s3Config.Bucket),

     

       92
       92
       +
       			Key:    aws.String(fmt.Sprintf("blobs/%s/%s", urepo.Repo.Did, c.String())),

     

       93
       93
       +
       		}); err != nil {

     

       94
       94
       +
       			s.logger.Error("error getting blob from s3", "error", err)

     

       95
       95
       +
       			return helpers.ServerError(e, nil)

     

       96
       96
       +
       		} else {

     

       97
       97
       +
       			read := 0

     

       98
       98
       +
       			part := 0

     

       99
       99
       +
       			partBuf := make([]byte, 0x10000)

     

       100
       100
       +
       

     

       101
       101
       +
       			for {

     

       102
       102
       +
       				n, err := io.ReadFull(result.Body, partBuf)

     

       103
       103
       +
       				if err == io.ErrUnexpectedEOF || err == io.EOF {

     

       104
       104
       +
       					if n == 0 {

     

       105
       105
       +
       						break

     

       106
       106
       +
       					}

     

       107
       107
       +
       				} else if err != nil && err != io.ErrUnexpectedEOF {

     

       108
       108
       +
       					s.logger.Error("error reading blob", "error", err)

     

       109
       109
       +
       					return helpers.ServerError(e, nil)

     

       110
       110
       +
       				}

     

       111
       111
       +
       

     

       112
       112
       +
       				data := partBuf[:n]

     

       113
       113
       +
       				read += n

     

       114
       114
       +
       				buf.Write(data)

     

       115
       115
       +
       				part++

     

       116
       116
       +
       			}

     

       117
       117
       +
       		}

     

       118
       118
       +
       	} else {

     

       119
       119
       +
       		s.logger.Error("unknown storage", "storage", blob.Storage)

     

       120
       120
       +
       		return helpers.ServerError(e, nil)

     

       45
       121
        
       	}

     

       46
       122
        
       

     

       47
       123
        
       	e.Response().Header().Set(echo.HeaderContentDisposition, "attachment; filename="+c.String())

+13 -10

server/handle_sync_get_blocks.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"bytes"

     

       5
       5
       -
       	"context"

     

       6
       6
       -
       	"strings"

     

       7
       5
        
       

     

       8
       6
        
       	"github.com/bluesky-social/indigo/carstore"

     

       9
       7
        
       	"github.com/haileyok/cocoon/internal/helpers"

     
···

       13
       11
        
       	"github.com/labstack/echo/v4"

     

       14
       12
        
       )

     

       15
       13
        
       

     

       14
       14
       +
       type ComAtprotoSyncGetBlocksRequest struct {

     

       15
       15
       +
       	Did  string   `query:"did"`

     

       16
       16
       +
       	Cids []string `query:"cids"`

     

       17
       17
       +
       }

     

       18
       18
       +
       

     

       16
       19
        
       func (s *Server) handleGetBlocks(e echo.Context) error {

     

       17
       17
       -
       	did := e.QueryParam("did")

     

       18
       18
       -
       	cidsstr := e.QueryParam("cids")

     

       19
       19
       -
       	if did == "" {

     

       20
       20
       +
       	ctx := e.Request().Context()

     

       21
       21
       +
       

     

       22
       22
       +
       	var req ComAtprotoSyncGetBlocksRequest

     

       23
       23
       +
       	if err := e.Bind(&req); err != nil {

     

       20
       24
        
       		return helpers.InputError(e, nil)

     

       21
       25
        
       	}

     

       22
       26
        
       

     

       23
       23
       -
       	cidstrs := strings.Split(cidsstr, ",")

     

       24
       24
       -
       	cids := []cid.Cid{}

     

       27
       27
       +
       	var cids []cid.Cid

     

       25
       28
        
       

     

       26
       26
       -
       	for _, cs := range cidstrs {

     

       29
       29
       +
       	for _, cs := range req.Cids {

     

       27
       30
        
       		c, err := cid.Cast([]byte(cs))

     

       28
       31
        
       		if err != nil {

     

       29
       32
        
       			return err

     
···

       32
       35
        
       		cids = append(cids, c)

     

       33
       36
        
       	}

     

       34
       37
        
       

     

       35
       35
       -
       	urepo, err := s.getRepoActorByDid(did)

     

       38
       38
       +
       	urepo, err := s.getRepoActorByDid(req.Did)

     

       36
       39
        
       	if err != nil {

     

       37
       40
        
       		return helpers.ServerError(e, nil)

     

       38
       41
        
       	}

     
···

       56
       59
        
       	bs := s.getBlockstore(urepo.Repo.Did)

     

       57
       60
        
       

     

       58
       61
        
       	for _, c := range cids {

     

       59
       59
       -
       		b, err := bs.Get(context.TODO(), c)

     

       62
       62
       +
       		b, err := bs.Get(ctx, c)

     

       60
       63
        
       		if err != nil {

     

       61
       64
        
       			return err

     

       62
       65
        
       		}

+3 -1

server/handle_sync_get_record.go

···

       13
       13
        
       )

     

       14
       14
        
       

     

       15
       15
        
       func (s *Server) handleSyncGetRecord(e echo.Context) error {

     

       16
       16
       +
       	ctx := e.Request().Context()

     

       17
       17
       +
       

     

       16
       18
        
       	did := e.QueryParam("did")

     

       17
       19
        
       	collection := e.QueryParam("collection")

     

       18
       20
        
       	rkey := e.QueryParam("rkey")

     
···

       23
       25
        
       		return helpers.ServerError(e, nil)

     

       24
       26
        
       	}

     

       25
       27
        
       

     

       26
       26
       -
       	root, blocks, err := s.repoman.getRecordProof(urepo, collection, rkey)

     

       28
       28
       +
       	root, blocks, err := s.repoman.getRecordProof(ctx, urepo, collection, rkey)

     

       27
       29
        
       	if err != nil {

     

       28
       30
        
       		return err

     

       29
       31
        
       	}

+2 -2

server/handle_sync_get_repo_status.go

···

       26
       26
        
       

     

       27
       27
        
       	return e.JSON(200, ComAtprotoSyncGetRepoStatusResponse{

     

       28
       28
        
       		Did:    urepo.Repo.Did,

     

       29
       29
       -
       		Active: true,

     

       30
       30
       -
       		Status: nil,

     

       29
       29
       +
       		Active: urepo.Active(),

     

       30
       30
       +
       		Status: urepo.Status(),

     

       31
       31
        
       		Rev:    &urepo.Rev,

     

       32
       32
        
       	})

     

       33
       33
        
       }

+14

server/handle_sync_list_blobs.go

···

       1
       1
        
       package server

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"github.com/Azure/go-autorest/autorest/to"

     

       4
       5
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       5
       6
        
       	"github.com/haileyok/cocoon/models"

     

       6
       7
        
       	"github.com/ipfs/go-cid"

     
···

       33
       34
        
       		cursorquery = "AND created_at < ?"

     

       34
       35
        
       	}

     

       35
       36
        
       	params = append(params, limit)

     

       37
       37
       +
       

     

       38
       38
       +
       	urepo, err := s.getRepoActorByDid(did)

     

       39
       39
       +
       	if err != nil {

     

       40
       40
       +
       		s.logger.Error("could not find user for requested blobs", "error", err)

     

       41
       41
       +
       		return helpers.InputError(e, nil)

     

       42
       42
       +
       	}

     

       43
       43
       +
       

     

       44
       44
       +
       	status := urepo.Status()

     

       45
       45
       +
       	if status != nil {

     

       46
       46
       +
       		if *status == "deactivated" {

     

       47
       47
       +
       			return helpers.InputError(e, to.StringPtr("RepoDeactivated"))

     

       48
       48
       +
       		}

     

       49
       49
       +
       	}

     

       36
       50
        
       

     

       37
       51
        
       	var blobs []models.Blob

     

       38
       52
        
       	if err := s.db.Raw("SELECT * FROM blobs WHERE did = ? "+cursorquery+" ORDER BY created_at DESC LIMIT ?", nil, params...).Scan(&blobs).Error; err != nil {

+31 -29

server/handle_sync_subscribe_repos.go

···

       1
       1
        
       package server

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       -
       	"fmt"

     

       5
       5
       -
       	"net/http"

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"time"

     

       6
       6
        
       

     

       7
       7
        
       	"github.com/bluesky-social/indigo/events"

     

       8
       8
        
       	"github.com/bluesky-social/indigo/lex/util"

     
···

       10
       10
        
       	"github.com/labstack/echo/v4"

     

       11
       11
        
       )

     

       12
       12
        
       

     

       13
       13
       -
       var upgrader = websocket.Upgrader{

     

       14
       14
       -
       	ReadBufferSize:  1024,

     

       15
       15
       -
       	WriteBufferSize: 1024,

     

       16
       16
       -
       	CheckOrigin: func(r *http.Request) bool {

     

       17
       17
       -
       		return true

     

       18
       18
       -
       	},

     

       19
       19
       -
       }

     

       13
       13
       +
       func (s *Server) handleSyncSubscribeRepos(e echo.Context) error {

     

       14
       14
       +
       	ctx := e.Request().Context()

     

       15
       15
       +
       	logger := s.logger.With("component", "subscribe-repos-websocket")

     

       20
       16
        
       

     

       21
       21
       -
       func (s *Server) handleSyncSubscribeRepos(e echo.Context) error {

     

       22
       17
        
       	conn, err := websocket.Upgrade(e.Response().Writer, e.Request(), e.Response().Header(), 1<<10, 1<<10)

     

       23
       18
        
       	if err != nil {

     

       19
       19
       +
       		logger.Error("unable to establish websocket with relay", "err", err)

     

       24
       20
        
       		return err

     

       25
       21
        
       	}

     

       26
       22
        
       

     

       27
       27
       -
       	s.logger.Info("new connection", "ua", e.Request().UserAgent())

     

       28
       28
       -
       

     

       29
       29
       -
       	ctx := e.Request().Context()

     

       30
       30
       -
       

     

       31
       23
        
       	ident := e.RealIP() + "-" + e.Request().UserAgent()

     

       24
       24
       +
       	logger = logger.With("ident", ident)

     

       25
       25
       +
       	logger.Info("new connection established")

     

       32
       26
        
       

     

       33
       27
        
       	evts, cancel, err := s.evtman.Subscribe(ctx, ident, func(evt *events.XRPCStreamEvent) bool {

     

       34
       28
        
       		return true

     
···

       42
       36
        
       	for evt := range evts {

     

       43
       37
        
       		wc, err := conn.NextWriter(websocket.BinaryMessage)

     

       44
       38
        
       		if err != nil {

     

       45
       45
       -
       			return err

     

       39
       39
       +
       			logger.Error("error writing message to relay", "err", err)

     

       40
       40
       +
       			break

     

       46
       41
        
       		}

     

       47
       42
        
       

     

       48
       48
       -
       		var obj util.CBOR

     

       43
       43
       +
       		if ctx.Err() != nil {

     

       44
       44
       +
       			logger.Error("context error", "err", err)

     

       45
       45
       +
       			break

     

       46
       46
       +
       		}

     

       49
       47
        
       

     

       48
       48
       +
       		var obj util.CBOR

     

       50
       49
        
       		switch {

     

       51
       50
        
       		case evt.Error != nil:

     

       52
       51
        
       			header.Op = events.EvtKindErrorFrame

     
···

       54
       53
        
       		case evt.RepoCommit != nil:

     

       55
       54
        
       			header.MsgType = "#commit"

     

       56
       55
        
       			obj = evt.RepoCommit

     

       57
       57
       -
       		case evt.RepoHandle != nil:

     

       58
       58
       -
       			header.MsgType = "#handle"

     

       59
       59
       -
       			obj = evt.RepoHandle

     

       60
       56
        
       		case evt.RepoIdentity != nil:

     

       61
       57
        
       			header.MsgType = "#identity"

     

       62
       58
        
       			obj = evt.RepoIdentity

     
···

       66
       62
        
       		case evt.RepoInfo != nil:

     

       67
       63
        
       			header.MsgType = "#info"

     

       68
       64
        
       			obj = evt.RepoInfo

     

       69
       69
       -
       		case evt.RepoMigrate != nil:

     

       70
       70
       -
       			header.MsgType = "#migrate"

     

       71
       71
       -
       			obj = evt.RepoMigrate

     

       72
       72
       -
       		case evt.RepoTombstone != nil:

     

       73
       73
       -
       			header.MsgType = "#tombstone"

     

       74
       74
       -
       			obj = evt.RepoTombstone

     

       75
       65
        
       		default:

     

       76
       76
       -
       			return fmt.Errorf("unrecognized event kind")

     

       66
       66
       +
       			logger.Warn("unrecognized event kind")

     

       67
       67
       +
       			return nil

     

       77
       68
        
       		}

     

       78
       69
        
       

     

       79
       70
        
       		if err := header.MarshalCBOR(wc); err != nil {

     

       80
       80
       -
       			return fmt.Errorf("failed to write header: %w", err)

     

       71
       71
       +
       			logger.Error("failed to write header to relay", "err", err)

     

       72
       72
       +
       			break

     

       81
       73
        
       		}

     

       82
       74
        
       

     

       83
       75
        
       		if err := obj.MarshalCBOR(wc); err != nil {

     

       84
       84
       -
       			return fmt.Errorf("failed to write event: %w", err)

     

       76
       76
       +
       			logger.Error("failed to write event to relay", "err", err)

     

       77
       77
       +
       			break

     

       85
       78
        
       		}

     

       86
       79
        
       

     

       87
       80
        
       		if err := wc.Close(); err != nil {

     

       88
       88
       -
       			return fmt.Errorf("failed to flush-close our event write: %w", err)

     

       81
       81
       +
       			logger.Error("failed to flush-close our event write", "err", err)

     

       82
       82
       +
       			break

     

       89
       83
        
       		}

     

       84
       84
       +
       	}

     

       85
       85
       +
       

     

       86
       86
       +
       	// we should tell the relay to request a new crawl at this point if we got disconnected

     

       87
       87
       +
       	// use a new context since the old one might be cancelled at this point

     

       88
       88
       +
       	ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second)

     

       89
       89
       +
       	defer cancel()

     

       90
       90
       +
       	if err := s.requestCrawl(ctx); err != nil {

     

       91
       91
       +
       		logger.Error("error requesting crawls", "err", err)

     

       90
       92
        
       	}

     

       91
       93
        
       

     

       92
       94
        
       	return nil

+19

server/mail.go

···

       40
       40
        
       	return nil

     

       41
       41
        
       }

     

       42
       42
        
       

     

       43
       43
       +
       func (s *Server) sendPlcTokenReset(email, handle, code string) error {

     

       44
       44
       +
       	if s.mail == nil {

     

       45
       45
       +
       		return nil

     

       46
       46
       +
       	}

     

       47
       47
       +
       

     

       48
       48
       +
       	s.mailLk.Lock()

     

       49
       49
       +
       	defer s.mailLk.Unlock()

     

       50
       50
       +
       

     

       51
       51
       +
       	s.mail.To(email)

     

       52
       52
       +
       	s.mail.Subject("PLC token for " + s.config.Hostname)

     

       53
       53
       +
       	s.mail.Plain().Set(fmt.Sprintf("Hello %s. Your PLC operation code is %s. This code will expire in ten minutes.", handle, code))

     

       54
       54
       +
       

     

       55
       55
       +
       	if err := s.mail.Send(); err != nil {

     

       56
       56
       +
       		return err

     

       57
       57
       +
       	}

     

       58
       58
       +
       

     

       59
       59
       +
       	return nil

     

       60
       60
       +
       }

     

       61
       61
       +
       

     

       43
       62
        
       func (s *Server) sendEmailUpdate(email, handle, code string) error {

     

       44
       63
        
       	if s.mail == nil {

     

       45
       64
        
       		return nil

+8 -1

server/middleware.go

···

       3
       3
        
       import (

     

       4
       4
        
       	"crypto/sha256"

     

       5
       5
        
       	"encoding/base64"

     

       6
       6
       +
       	"errors"

     

       6
       7
        
       	"fmt"

     

       7
       8
        
       	"strings"

     

       8
       9
        
       	"time"

     
···

       11
       12
        
       	"github.com/golang-jwt/jwt/v4"

     

       12
       13
        
       	"github.com/haileyok/cocoon/internal/helpers"

     

       13
       14
        
       	"github.com/haileyok/cocoon/models"

     

       15
       15
       +
       	"github.com/haileyok/cocoon/oauth/dpop"

     

       14
       16
        
       	"github.com/haileyok/cocoon/oauth/provider"

     

       15
       17
        
       	"github.com/labstack/echo/v4"

     

       16
       18
        
       	"gitlab.com/yawning/secp256k1-voi"

     
···

       229
       231
        
       

     

       230
       232
        
       		proof, err := s.oauthProvider.DpopManager.CheckProof(e.Request().Method, "https://"+s.config.Hostname+e.Request().URL.String(), e.Request().Header, to.StringPtr(accessToken))

     

       231
       233
        
       		if err != nil {

     

       234
       234
       +
       			if errors.Is(err, dpop.ErrUseDpopNonce) {

     

       235
       235
       +
       				return e.JSON(400, map[string]string{

     

       236
       236
       +
       					"error": "use_dpop_nonce",

     

       237
       237
       +
       				})

     

       238
       238
       +
       			}

     

       232
       239
        
       			s.logger.Error("invalid dpop proof", "error", err)

     

       233
       233
       -
       			return helpers.InputError(e, to.StringPtr(err.Error()))

     

       240
       240
       +
       			return helpers.InputError(e, nil)

     

       234
       241
        
       		}

     

       235
       242
        
       

     

       236
       243
        
       		var oauthToken provider.OauthToken

+32 -23

server/repo.go

···

       10
       10
        
       

     

       11
       11
        
       	"github.com/Azure/go-autorest/autorest/to"

     

       12
       12
        
       	"github.com/bluesky-social/indigo/api/atproto"

     

       13
       13
       -
       	"github.com/bluesky-social/indigo/atproto/data"

     

       13
       13
       +
       	"github.com/bluesky-social/indigo/atproto/atdata"

     

       14
       14
        
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       15
       15
        
       	"github.com/bluesky-social/indigo/carstore"

     

       16
       16
        
       	"github.com/bluesky-social/indigo/events"

     
···

       72
       72
        
       }

     

       73
       73
        
       

     

       74
       74
        
       func (mm *MarshalableMap) MarshalCBOR(w io.Writer) error {

     

       75
       75
       -
       	data, err := data.MarshalCBOR(*mm)

     

       75
       75
       +
       	data, err := atdata.MarshalCBOR(*mm)

     

       76
       76
        
       	if err != nil {

     

       77
       77
        
       		return err

     

       78
       78
        
       	}

     
···

       96
       96
        
       }

     

       97
       97
        
       

     

       98
       98
        
       // TODO make use of swap commit

     

       99
       99
       -
       func (rm *RepoMan) applyWrites(urepo models.Repo, writes []Op, swapCommit *string) ([]ApplyWriteResult, error) {

     

       99
       99
       +
       func (rm *RepoMan) applyWrites(ctx context.Context, urepo models.Repo, writes []Op, swapCommit *string) ([]ApplyWriteResult, error) {

     

       100
       100
        
       	rootcid, err := cid.Cast(urepo.Root)

     

       101
       101
        
       	if err != nil {

     

       102
       102
        
       		return nil, err

     
···

       104
       104
        
       

     

       105
       105
        
       	dbs := rm.s.getBlockstore(urepo.Did)

     

       106
       106
        
       	bs := recording_blockstore.New(dbs)

     

       107
       107
       -
       	r, err := repo.OpenRepo(context.TODO(), dbs, rootcid)

     

       107
       107
       +
       	r, err := repo.OpenRepo(ctx, bs, rootcid)

     

       108
       108
        
       

     

       109
       109
       -
       	entries := []models.Record{}

     

       110
       110
       -
       	var results []ApplyWriteResult

     

       109
       109
       +
       	entries := make([]models.Record, 0, len(writes))

     

       110
       110
       +
       	results := make([]ApplyWriteResult, 0, len(writes))

     

       111
       111
        
       

     

       112
       112
        
       	for i, op := range writes {

     

       113
       113
        
       		if op.Type != OpTypeCreate && op.Rkey == nil {

     

       114
       114
        
       			return nil, fmt.Errorf("invalid rkey")

     

       115
       115
        
       		} else if op.Type == OpTypeCreate && op.Rkey != nil {

     

       116
       116
       -
       			_, _, err := r.GetRecord(context.TODO(), op.Collection+"/"+*op.Rkey)

     

       116
       116
       +
       			_, _, err := r.GetRecord(ctx, op.Collection+"/"+*op.Rkey)

     

       117
       117
        
       			if err == nil {

     

       118
       118
        
       				op.Type = OpTypeUpdate

     

       119
       119
        
       			}

     
···

       133
       133
        
       			if err != nil {

     

       134
       134
        
       				return nil, err

     

       135
       135
        
       			}

     

       136
       136
       -
       			out, err := data.UnmarshalJSON(j)

     

       136
       136
       +
       			out, err := atdata.UnmarshalJSON(j)

     

       137
       137
        
       			if err != nil {

     

       138
       138
        
       				return nil, err

     

       139
       139
        
       			}

     

       140
       140
        
       			mm := MarshalableMap(out)

     

       141
       141
       -
       			nc, err := r.PutRecord(context.TODO(), op.Collection+"/"+*op.Rkey, &mm)

     

       141
       141
       +
       

     

       142
       142
       +
       			// HACK: if a record doesn't contain a $type, we can manually set it here based on the op's collection

     

       143
       143
       +
       			if mm["$type"] == "" {

     

       144
       144
       +
       				mm["$type"] = op.Collection

     

       145
       145
       +
       			}

     

       146
       146
       +
       

     

       147
       147
       +
       			nc, err := r.PutRecord(ctx, op.Collection+"/"+*op.Rkey, &mm)

     

       142
       148
        
       			if err != nil {

     

       143
       149
        
       				return nil, err

     

       144
       150
        
       			}

     

       145
       145
       -
       			d, err := data.MarshalCBOR(mm)

     

       151
       151
       +
       			d, err := atdata.MarshalCBOR(mm)

     

       146
       152
        
       			if err != nil {

     

       147
       153
        
       				return nil, err

     

       148
       154
        
       			}

     
···

       171
       177
        
       				Rkey:  *op.Rkey,

     

       172
       178
        
       				Value: old.Value,

     

       173
       179
        
       			})

     

       174
       174
       -
       			err := r.DeleteRecord(context.TODO(), op.Collection+"/"+*op.Rkey)

     

       180
       180
       +
       			err := r.DeleteRecord(ctx, op.Collection+"/"+*op.Rkey)

     

       175
       181
        
       			if err != nil {

     

       176
       182
        
       				return nil, err

     

       177
       183
        
       			}

     
···

       183
       189
        
       			if err != nil {

     

       184
       190
        
       				return nil, err

     

       185
       191
        
       			}

     

       186
       186
       -
       			out, err := data.UnmarshalJSON(j)

     

       192
       192
       +
       			out, err := atdata.UnmarshalJSON(j)

     

       187
       193
        
       			if err != nil {

     

       188
       194
        
       				return nil, err

     

       189
       195
        
       			}

     

       190
       196
        
       			mm := MarshalableMap(out)

     

       191
       191
       -
       			nc, err := r.UpdateRecord(context.TODO(), op.Collection+"/"+*op.Rkey, &mm)

     

       197
       197
       +
       			nc, err := r.UpdateRecord(ctx, op.Collection+"/"+*op.Rkey, &mm)

     

       192
       198
        
       			if err != nil {

     

       193
       199
        
       				return nil, err

     

       194
       200
        
       			}

     

       195
       195
       -
       			d, err := data.MarshalCBOR(mm)

     

       201
       201
       +
       			d, err := atdata.MarshalCBOR(mm)

     

       196
       202
        
       			if err != nil {

     

       197
       203
        
       				return nil, err

     

       198
       204
        
       			}

     
···

       213
       219
        
       		}

     

       214
       220
        
       	}

     

       215
       221
        
       

     

       216
       216
       -
       	newroot, rev, err := r.Commit(context.TODO(), urepo.SignFor)

     

       222
       222
       +
       	newroot, rev, err := r.Commit(ctx, urepo.SignFor)

     

       217
       223
        
       	if err != nil {

     

       218
       224
        
       		return nil, err

     

       219
       225
        
       	}

     
···

       224
       230
        
       		Roots:   []cid.Cid{newroot},

     

       225
       231
        
       		Version: 1,

     

       226
       232
        
       	})

     

       233
       233
       +
       	if err != nil {

     

       234
       234
       +
       		return nil, err

     

       235
       235
       +
       	}

     

       227
       236
        
       

     

       228
       237
        
       	if _, err := carstore.LdWrite(buf, hb); err != nil {

     

       229
       238
        
       		return nil, err

     

       230
       239
        
       	}

     

       231
       240
        
       

     

       232
       232
       -
       	diffops, err := r.DiffSince(context.TODO(), rootcid)

     

       241
       241
       +
       	diffops, err := r.DiffSince(ctx, rootcid)

     

       233
       242
        
       	if err != nil {

     

       234
       243
        
       		return nil, err

     

       235
       244
        
       	}

     
···

       264
       273
        
       			})

     

       265
       274
        
       		}

     

       266
       275
        
       

     

       267
       267
       -
       		blk, err := dbs.Get(context.TODO(), c)

     

       276
       276
       +
       		blk, err := dbs.Get(ctx, c)

     

       268
       277
        
       		if err != nil {

     

       269
       278
        
       			return nil, err

     

       270
       279
        
       		}

     
···

       310
       319
        
       		}

     

       311
       320
        
       	}

     

       312
       321
        
       

     

       313
       313
       -
       	rm.s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{

     

       322
       322
       +
       	rm.s.evtman.AddEvent(ctx, &events.XRPCStreamEvent{

     

       314
       323
        
       		RepoCommit: &atproto.SyncSubscribeRepos_Commit{

     

       315
       324
        
       			Repo:   urepo.Did,

     

       316
       325
        
       			Blocks: buf.Bytes(),

     
···

       324
       333
        
       		},

     

       325
       334
        
       	})

     

       326
       335
        
       

     

       327
       327
       -
       	if err := rm.s.UpdateRepo(context.TODO(), urepo.Did, newroot, rev); err != nil {

     

       336
       336
       +
       	if err := rm.s.UpdateRepo(ctx, urepo.Did, newroot, rev); err != nil {

     

       328
       337
        
       		return nil, err

     

       329
       338
        
       	}

     

       330
       339
        
       

     
···

       339
       348
        
       	return results, nil

     

       340
       349
        
       }

     

       341
       350
        
       

     

       342
       342
       -
       func (rm *RepoMan) getRecordProof(urepo models.Repo, collection, rkey string) (cid.Cid, []blocks.Block, error) {

     

       351
       351
       +
       func (rm *RepoMan) getRecordProof(ctx context.Context, urepo models.Repo, collection, rkey string) (cid.Cid, []blocks.Block, error) {

     

       343
       352
        
       	c, err := cid.Cast(urepo.Root)

     

       344
       353
        
       	if err != nil {

     

       345
       354
        
       		return cid.Undef, nil, err

     
···

       348
       357
        
       	dbs := rm.s.getBlockstore(urepo.Did)

     

       349
       358
        
       	bs := recording_blockstore.New(dbs)

     

       350
       359
        
       

     

       351
       351
       -
       	r, err := repo.OpenRepo(context.TODO(), bs, c)

     

       360
       360
       +
       	r, err := repo.OpenRepo(ctx, bs, c)

     

       352
       361
        
       	if err != nil {

     

       353
       362
        
       		return cid.Undef, nil, err

     

       354
       363
        
       	}

     

       355
       364
        
       

     

       356
       356
       -
       	_, _, err = r.GetRecordBytes(context.TODO(), collection+"/"+rkey)

     

       365
       365
       +
       	_, _, err = r.GetRecordBytes(ctx, collection+"/"+rkey)

     

       357
       366
        
       	if err != nil {

     

       358
       367
        
       		return cid.Undef, nil, err

     

       359
       368
        
       	}

     
···

       409
       418
        
       func getBlobCidsFromCbor(cbor []byte) ([]cid.Cid, error) {

     

       410
       419
        
       	var cids []cid.Cid

     

       411
       420
        
       

     

       412
       412
       -
       	decoded, err := data.UnmarshalCBOR(cbor)

     

       421
       421
       +
       	decoded, err := atdata.UnmarshalCBOR(cbor)

     

       413
       422
        
       	if err != nil {

     

       414
       423
        
       		return nil, fmt.Errorf("error unmarshaling cbor: %w", err)

     

       415
       424
        
       	}

+76 -38

server/server.go

···

       52
       52
        
       )

     

       53
       53
        
       

     

       54
       54
        
       type S3Config struct {

     

       55
       55
       -
       	BackupsEnabled bool

     

       56
       56
       -
       	Endpoint       string

     

       57
       57
       -
       	Region         string

     

       58
       58
       -
       	Bucket         string

     

       59
       59
       -
       	AccessKey      string

     

       60
       60
       -
       	SecretKey      string

     

       55
       55
       +
       	BackupsEnabled   bool

     

       56
       56
       +
       	BlobstoreEnabled bool

     

       57
       57
       +
       	Endpoint         string

     

       58
       58
       +
       	Region           string

     

       59
       59
       +
       	Bucket           string

     

       60
       60
       +
       	AccessKey        string

     

       61
       61
       +
       	SecretKey        string

     

       61
       62
        
       }

     

       62
       63
        
       

     

       63
       64
        
       type Server struct {

     
···

       75
       76
        
       	oauthProvider *provider.Provider

     

       76
       77
        
       	evtman        *events.EventManager

     

       77
       78
        
       	passport      *identity.Passport

     

       79
       79
       +
       	fallbackProxy string

     

       80
       80
       +
       

     

       81
       81
       +
       	lastRequestCrawl time.Time

     

       82
       82
       +
       	requestCrawlMu   sync.Mutex

     

       78
       83
        
       

     

       79
       84
        
       	dbName   string

     

       80
       85
        
       	s3Config *S3Config

     
···

       104
       109
        
       

     

       105
       110
        
       	SessionSecret string

     

       106
       111
        
       

     

       107
       107
       -
       	DefaultAtprotoProxy string

     

       108
       108
       -
       

     

       109
       112
        
       	BlockstoreVariant BlockstoreVariant

     

       113
       113
       +
       	FallbackProxy     string

     

       110
       114
        
       }

     

       111
       115
        
       

     

       112
       116
        
       type config struct {

     

       113
       113
       -
       	Version             string

     

       114
       114
       -
       	Did                 string

     

       115
       115
       -
       	Hostname            string

     

       116
       116
       -
       	ContactEmail        string

     

       117
       117
       -
       	EnforcePeering      bool

     

       118
       118
       -
       	Relays              []string

     

       119
       119
       -
       	AdminPassword       string

     

       120
       120
       -
       	SmtpEmail           string

     

       121
       121
       -
       	SmtpName            string

     

       122
       122
       -
       	DefaultAtprotoProxy string

     

       123
       123
       -
       	BlockstoreVariant   BlockstoreVariant

     

       117
       117
       +
       	Version           string

     

       118
       118
       +
       	Did               string

     

       119
       119
       +
       	Hostname          string

     

       120
       120
       +
       	ContactEmail      string

     

       121
       121
       +
       	EnforcePeering    bool

     

       122
       122
       +
       	Relays            []string

     

       123
       123
       +
       	AdminPassword     string

     

       124
       124
       +
       	SmtpEmail         string

     

       125
       125
       +
       	SmtpName          string

     

       126
       126
       +
       	BlockstoreVariant BlockstoreVariant

     

       127
       127
       +
       	FallbackProxy     string

     

       124
       128
        
       }

     

       125
       129
        
       

     

       126
       130
        
       type CustomValidator struct {

     
···

       284
       288
        
       		IdleTimeout:  5 * time.Minute,

     

       285
       289
        
       	}

     

       286
       290
        
       

     

       287
       287
       -
       	gdb, err := gorm.Open(sqlite.Open("cocoon.db"), &gorm.Config{})

     

       291
       291
       +
       	gdb, err := gorm.Open(sqlite.Open(args.DbName), &gorm.Config{})

     

       288
       292
        
       	if err != nil {

     

       289
       293
        
       		return nil, err

     

       290
       294
        
       	}

     
···

       343
       347
        
       		plcClient:  plcClient,

     

       344
       348
        
       		privateKey: &pkey,

     

       345
       349
        
       		config: &config{

     

       346
       346
       -
       			Version:             args.Version,

     

       347
       347
       -
       			Did:                 args.Did,

     

       348
       348
       -
       			Hostname:            args.Hostname,

     

       349
       349
       -
       			ContactEmail:        args.ContactEmail,

     

       350
       350
       -
       			EnforcePeering:      false,

     

       351
       351
       -
       			Relays:              args.Relays,

     

       352
       352
       -
       			AdminPassword:       args.AdminPassword,

     

       353
       353
       -
       			SmtpName:            args.SmtpName,

     

       354
       354
       -
       			SmtpEmail:           args.SmtpEmail,

     

       355
       355
       -
       			DefaultAtprotoProxy: args.DefaultAtprotoProxy,

     

       356
       356
       -
       			BlockstoreVariant:   args.BlockstoreVariant,

     

       350
       350
       +
       			Version:           args.Version,

     

       351
       351
       +
       			Did:               args.Did,

     

       352
       352
       +
       			Hostname:          args.Hostname,

     

       353
       353
       +
       			ContactEmail:      args.ContactEmail,

     

       354
       354
       +
       			EnforcePeering:    false,

     

       355
       355
       +
       			Relays:            args.Relays,

     

       356
       356
       +
       			AdminPassword:     args.AdminPassword,

     

       357
       357
       +
       			SmtpName:          args.SmtpName,

     

       358
       358
       +
       			SmtpEmail:         args.SmtpEmail,

     

       359
       359
       +
       			BlockstoreVariant: args.BlockstoreVariant,

     

       360
       360
       +
       			FallbackProxy:     args.FallbackProxy,

     

       357
       361
        
       		},

     

       358
       362
        
       		evtman:   events.NewEventManager(events.NewMemPersister()),

     

       359
       363
        
       		passport: identity.NewPassport(h, identity.NewMemCache(10_000)),

     
···

       387
       391
        
       

     

       388
       392
        
       	// TODO: should validate these args

     

       389
       393
        
       	if args.SmtpUser == "" || args.SmtpPass == "" || args.SmtpHost == "" || args.SmtpPort == "" || args.SmtpEmail == "" || args.SmtpName == "" {

     

       390
       390
       -
       		args.Logger.Warn("not enough smpt args were provided. mailing will not work for your server.")

     

       394
       394
       +
       		args.Logger.Warn("not enough smtp args were provided. mailing will not work for your server.")

     

       391
       395
        
       	} else {

     

       392
       396
        
       		mail := mailyak.New(args.SmtpHost+":"+args.SmtpPort, smtp.PlainAuth("", args.SmtpUser, args.SmtpPass, args.SmtpHost))

     

       393
       397
        
       		mail.From(s.config.SmtpEmail)

     
···

       418
       422
        
       

     

       419
       423
        
       	// public

     

       420
       424
        
       	s.echo.GET("/xrpc/com.atproto.identity.resolveHandle", s.handleResolveHandle)

     

       421
       421
       -
       	s.echo.POST("/xrpc/com.atproto.server.createAccount", s.handleCreateAccount)

     

       422
       425
        
       	s.echo.POST("/xrpc/com.atproto.server.createAccount", s.handleCreateAccount)

     

       423
       426
        
       	s.echo.POST("/xrpc/com.atproto.server.createSession", s.handleCreateSession)

     

       424
       427
        
       	s.echo.GET("/xrpc/com.atproto.server.describeServer", s.handleDescribeServer)

     
···

       456
       459
        
       	s.echo.GET("/xrpc/com.atproto.server.getSession", s.handleGetSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       457
       460
        
       	s.echo.POST("/xrpc/com.atproto.server.refreshSession", s.handleRefreshSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       458
       461
        
       	s.echo.POST("/xrpc/com.atproto.server.deleteSession", s.handleDeleteSession, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       462
       462
       +
       	s.echo.GET("/xrpc/com.atproto.identity.getRecommendedDidCredentials", s.handleGetRecommendedDidCredentials, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       459
       463
        
       	s.echo.POST("/xrpc/com.atproto.identity.updateHandle", s.handleIdentityUpdateHandle, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       464
       464
       +
       	s.echo.POST("/xrpc/com.atproto.identity.requestPlcOperationSignature", s.handleIdentityRequestPlcOperationSignature, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       465
       465
       +
       	s.echo.POST("/xrpc/com.atproto.identity.signPlcOperation", s.handleSignPlcOperation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       466
       466
       +
       	s.echo.POST("/xrpc/com.atproto.identity.submitPlcOperation", s.handleSubmitPlcOperation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       460
       467
        
       	s.echo.POST("/xrpc/com.atproto.server.confirmEmail", s.handleServerConfirmEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       461
       468
        
       	s.echo.POST("/xrpc/com.atproto.server.requestEmailConfirmation", s.handleServerRequestEmailConfirmation, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       462
       469
        
       	s.echo.POST("/xrpc/com.atproto.server.requestPasswordReset", s.handleServerRequestPasswordReset) // AUTH NOT REQUIRED FOR THIS ONE

     
···

       465
       472
        
       	s.echo.POST("/xrpc/com.atproto.server.updateEmail", s.handleServerUpdateEmail, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       466
       473
        
       	s.echo.GET("/xrpc/com.atproto.server.getServiceAuth", s.handleServerGetServiceAuth, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       467
       474
        
       	s.echo.GET("/xrpc/com.atproto.server.checkAccountStatus", s.handleServerCheckAccountStatus, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       475
       475
       +
       	s.echo.POST("/xrpc/com.atproto.server.deactivateAccount", s.handleServerDeactivateAccount, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       476
       476
       +
       	s.echo.POST("/xrpc/com.atproto.server.activateAccount", s.handleServerActivateAccount, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       468
       477
        
       

     

       469
       478
        
       	// repo

     

       470
       479
        
       	s.echo.POST("/xrpc/com.atproto.repo.createRecord", s.handleCreateRecord, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     
···

       477
       486
        
       	// stupid silly endpoints

     

       478
       487
        
       	s.echo.GET("/xrpc/app.bsky.actor.getPreferences", s.handleActorGetPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       479
       488
        
       	s.echo.POST("/xrpc/app.bsky.actor.putPreferences", s.handleActorPutPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       489
       489
       +
       	s.echo.GET("/xrpc/app.bsky.feed.getFeed", s.handleProxyBskyFeedGetFeed, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)

     

       480
       490
        
       

     

       481
       491
        
       	// admin routes

     

       482
       492
        
       	s.echo.POST("/xrpc/com.atproto.server.createInviteCode", s.handleCreateInviteCode, s.handleAdminMiddleware)

     
···

       516
       526
        
       

     

       517
       527
        
       	go s.backupRoutine()

     

       518
       528
        
       

     

       529
       529
       +
       	go func() {

     

       530
       530
       +
       		if err := s.requestCrawl(ctx); err != nil {

     

       531
       531
       +
       			s.logger.Error("error requesting crawls", "err", err)

     

       532
       532
       +
       		}

     

       533
       533
       +
       	}()

     

       534
       534
       +
       

     

       535
       535
       +
       	<-ctx.Done()

     

       536
       536
       +
       

     

       537
       537
       +
       	fmt.Println("shut down")

     

       538
       538
       +
       

     

       539
       539
       +
       	return nil

     

       540
       540
       +
       }

     

       541
       541
       +
       

     

       542
       542
       +
       func (s *Server) requestCrawl(ctx context.Context) error {

     

       543
       543
       +
       	logger := s.logger.With("component", "request-crawl")

     

       544
       544
       +
       	s.requestCrawlMu.Lock()

     

       545
       545
       +
       	defer s.requestCrawlMu.Unlock()

     

       546
       546
       +
       

     

       547
       547
       +
       	logger.Info("requesting crawl with configured relays")

     

       548
       548
       +
       

     

       549
       549
       +
       	if time.Now().Sub(s.lastRequestCrawl) <= 1*time.Minute {

     

       550
       550
       +
       		return fmt.Errorf("a crawl request has already been made within the last minute")

     

       551
       551
       +
       	}

     

       552
       552
       +
       

     

       519
       553
        
       	for _, relay := range s.config.Relays {

     

       554
       554
       +
       		logger := logger.With("relay", relay)

     

       555
       555
       +
       		logger.Info("requesting crawl from relay")

     

       520
       556
        
       		cli := xrpc.Client{Host: relay}

     

       521
       521
       -
       		atproto.SyncRequestCrawl(ctx, &cli, &atproto.SyncRequestCrawl_Input{

     

       557
       557
       +
       		if err := atproto.SyncRequestCrawl(ctx, &cli, &atproto.SyncRequestCrawl_Input{

     

       522
       558
        
       			Hostname: s.config.Hostname,

     

       523
       523
       -
       		})

     

       559
       559
       +
       		}); err != nil {

     

       560
       560
       +
       			logger.Error("error requesting crawl", "err", err)

     

       561
       561
       +
       		} else {

     

       562
       562
       +
       			logger.Info("crawl requested successfully")

     

       563
       563
       +
       		}

     

       524
       564
        
       	}

     

       525
       565
        
       

     

       526
       526
       -
       	<-ctx.Done()

     

       527
       527
       -
       

     

       528
       528
       -
       	fmt.Println("shut down")

     

       566
       566
       +
       	s.lastRequestCrawl = time.Now()

     

       529
       567
        
       

     

       530
       568
        
       	return nil

     

       531
       569
        
       }

+91

server/service_auth.go

···

       1
       1
       +
       package server

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"context"

     

       5
       5
       +
       	"fmt"

     

       6
       6
       +
       	"strings"

     

       7
       7
       +
       

     

       8
       8
       +
       	"github.com/bluesky-social/indigo/atproto/atcrypto"

     

       9
       9
       +
       	"github.com/bluesky-social/indigo/atproto/identity"

     

       10
       10
       +
       	atproto_identity "github.com/bluesky-social/indigo/atproto/identity"

     

       11
       11
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       12
       12
       +
       	"github.com/golang-jwt/jwt/v4"

     

       13
       13
       +
       )

     

       14
       14
       +
       

     

       15
       15
       +
       type ES256KSigningMethod struct {

     

       16
       16
       +
       	alg string

     

       17
       17
       +
       }

     

       18
       18
       +
       

     

       19
       19
       +
       func (m *ES256KSigningMethod) Alg() string {

     

       20
       20
       +
       	return m.alg

     

       21
       21
       +
       }

     

       22
       22
       +
       

     

       23
       23
       +
       func (m *ES256KSigningMethod) Verify(signingString string, signature string, key interface{}) error {

     

       24
       24
       +
       	signatureBytes, err := jwt.DecodeSegment(signature)

     

       25
       25
       +
       	if err != nil {

     

       26
       26
       +
       		return err

     

       27
       27
       +
       	}

     

       28
       28
       +
       	return key.(atcrypto.PublicKey).HashAndVerifyLenient([]byte(signingString), signatureBytes)

     

       29
       29
       +
       }

     

       30
       30
       +
       

     

       31
       31
       +
       func (m *ES256KSigningMethod) Sign(signingString string, key interface{}) (string, error) {

     

       32
       32
       +
       	return "", fmt.Errorf("unimplemented")

     

       33
       33
       +
       }

     

       34
       34
       +
       

     

       35
       35
       +
       func init() {

     

       36
       36
       +
       	ES256K := ES256KSigningMethod{alg: "ES256K"}

     

       37
       37
       +
       	jwt.RegisterSigningMethod(ES256K.Alg(), func() jwt.SigningMethod {

     

       38
       38
       +
       		return &ES256K

     

       39
       39
       +
       	})

     

       40
       40
       +
       }

     

       41
       41
       +
       

     

       42
       42
       +
       func (s *Server) validateServiceAuth(ctx context.Context, rawToken string, nsid string) (string, error) {

     

       43
       43
       +
       	token := strings.TrimSpace(rawToken)

     

       44
       44
       +
       

     

       45
       45
       +
       	parsedToken, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) {

     

       46
       46
       +
       		did := syntax.DID(token.Claims.(jwt.MapClaims)["iss"].(string))

     

       47
       47
       +
       		didDoc, err := s.passport.FetchDoc(ctx, did.String());

     

       48
       48
       +
       		if err != nil {

     

       49
       49
       +
       			return nil, fmt.Errorf("unable to resolve did %s: %s", did, err)

     

       50
       50
       +
       		}

     

       51
       51
       +
       

     

       52
       52
       +
       		verificationMethods := make([]atproto_identity.DocVerificationMethod, len(didDoc.VerificationMethods))

     

       53
       53
       +
       		for i, verificationMethod := range didDoc.VerificationMethods {

     

       54
       54
       +
       			verificationMethods[i] = atproto_identity.DocVerificationMethod{

     

       55
       55
       +
       				ID: verificationMethod.Id,

     

       56
       56
       +
       				Type: verificationMethod.Type,

     

       57
       57
       +
       				PublicKeyMultibase: verificationMethod.PublicKeyMultibase,

     

       58
       58
       +
       				Controller: verificationMethod.Controller,

     

       59
       59
       +
       			}

     

       60
       60
       +
       		}

     

       61
       61
       +
       		services := make([]atproto_identity.DocService, len(didDoc.Service))

     

       62
       62
       +
       		for i, service := range didDoc.Service {

     

       63
       63
       +
       			services[i] = atproto_identity.DocService{

     

       64
       64
       +
       				ID: service.Id,

     

       65
       65
       +
       				Type: service.Type,

     

       66
       66
       +
       				ServiceEndpoint: service.ServiceEndpoint,

     

       67
       67
       +
       			}

     

       68
       68
       +
       		}

     

       69
       69
       +
       		parsedIdentity := atproto_identity.ParseIdentity(&identity.DIDDocument{

     

       70
       70
       +
       			DID: did,

     

       71
       71
       +
       			AlsoKnownAs: didDoc.AlsoKnownAs,

     

       72
       72
       +
       			VerificationMethod: verificationMethods,

     

       73
       73
       +
       			Service: services,

     

       74
       74
       +
       		})

     

       75
       75
       +
       

     

       76
       76
       +
       		key, err := parsedIdentity.PublicKey()

     

       77
       77
       +
       		if err != nil {

     

       78
       78
       +
       			return nil, fmt.Errorf("signing key not found for did %s: %s", did, err)

     

       79
       79
       +
       		}

     

       80
       80
       +
       		return key, nil

     

       81
       81
       +
       	})

     

       82
       82
       +
       	if err != nil {

     

       83
       83
       +
       		return "", fmt.Errorf("invalid token: %s", err)

     

       84
       84
       +
       	}

     

       85
       85
       +
       

     

       86
       86
       +
       	claims := parsedToken.Claims.(jwt.MapClaims)

     

       87
       87
       +
       	if claims["lxm"] != nsid {

     

       88
       88
       +
       		return "", fmt.Errorf("bad jwt lexicon method (\"lxm\"). must match: %s", nsid)

     

       89
       89
       +
       	}

     

       90
       90
       +
       	return claims["iss"].(string), nil

     

       91
       91
       +
       }

-18

sqlite_blockstore/sqlite_blockstore.go

···

       135
       135
        
       func (bs *SqliteBlockstore) HashOnRead(enabled bool) {

     

       136
       136
        
       	panic("not implemented")

     

       137
       137
        
       }

     

       138
       138
       -
       

     

       139
       139
       -
       func (bs *SqliteBlockstore) Execute(ctx context.Context) error {

     

       140
       140
       -
       	if !bs.readonly {

     

       141
       141
       -
       		return fmt.Errorf("blockstore was not readonly")

     

       142
       142
       -
       	}

     

       143
       143
       -
       

     

       144
       144
       -
       	bs.readonly = false

     

       145
       145
       -
       	for _, b := range bs.inserts {

     

       146
       146
       -
       		bs.Put(ctx, b)

     

       147
       147
       -
       	}

     

       148
       148
       -
       	bs.readonly = true

     

       149
       149
       -
       

     

       150
       150
       -
       	return nil

     

       151
       151
       -
       }

     

       152
       152
       -
       

     

       153
       153
       -
       func (bs *SqliteBlockstore) GetLog() map[cid.Cid]blocks.Block {

     

       154
       154
       -
       	return bs.inserts

     

       155
       155
       -
       }

Compare changes