uqbar-dao/nectar
1
1
Fork 0
mirror of https://github.com/uqbar-dao/nectar.git synced 2024-12-19 06:31:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

WIP not compiling

Browse Source
This commit is contained in:
dr-frmr 2023-12-09 14:01:42 -05:00
parent 5ed8b4f9d8
commit dc302abf64
No known key found for this signature in database
3 changed files with 101 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/keygen.rs
View File

@ -23,7 +23,7 @@ pub fn encode_keyfile(
password: String, password: String,
username: String, username: String,
routers: Vec<String>, routers: Vec<String>,
networking_key: Document, networking_key: &[u8],
jwt: Vec<u8>, jwt: Vec<u8>,
file_key: Vec<u8>, file_key: Vec<u8>,
) -> Vec<u8> { ) -> Vec<u8> {
@ -50,7 +50,7 @@ pub fn encode_keyfile(
let file_nonce = Aes256Gcm::generate_nonce(&mut OsRng); let file_nonce = Aes256Gcm::generate_nonce(&mut OsRng);
let keyciphertext: Vec<u8> = cipher let keyciphertext: Vec<u8> = cipher
.encrypt(&network_nonce, networking_key.as_ref()) .encrypt(&network_nonce, networking_key)
.unwrap(); .unwrap();
let jwtciphertext: Vec<u8> = cipher.encrypt(&jwt_nonce, jwt.as_ref()).unwrap(); let jwtciphertext: Vec<u8> = cipher.encrypt(&jwt_nonce, jwt.as_ref()).unwrap();
let fileciphertext: Vec<u8> = cipher.encrypt(&file_nonce, file_key.as_ref()).unwrap(); let fileciphertext: Vec<u8> = cipher.encrypt(&file_nonce, file_key.as_ref()).unwrap();

7
src/main.rs
View File

@ -66,10 +66,9 @@ async fn serve_register_fe(
// that updates their PKI info on-chain. // that updates their PKI info on-chain.
let (kill_tx, kill_rx) = oneshot::channel::<bool>(); let (kill_tx, kill_rx) = oneshot::channel::<bool>();
let disk_keyfile = match fs::read(format!("{}/.keys", home_directory_path)).await { let disk_keyfile: Option<Vec<u8>> = fs::read(format!("{}/.keys", home_directory_path))
Ok(keyfile) => keyfile, .await
Err(_) => Vec::new(), .ok();
};
let (tx, mut rx) = mpsc::channel::<(Identity, Keyfile, Vec<u8>)>(1); let (tx, mut rx) = mpsc::channel::<(Identity, Keyfile, Vec<u8>)>(1);
let (our, decoded_keyfile, encoded_keyfile) = tokio::select! { let (our, decoded_keyfile, encoded_keyfile) = tokio::select! {

244
src/register.rs
View File

@ -101,16 +101,33 @@ pub async fn register(
ip: String, ip: String,
port: u16, port: u16,
rpc_url: String, rpc_url: String,
keyfile: Vec<u8>, keyfile: Option<Vec<u8>>,
) { ) {
let our_temp_arc = Arc::new(Mutex::new(None)); // Networking info is generated and passed to the UI, but not used until confirmed // Networking info is generated and passed to the UI, but not used until confirmed
let our_ws_info = our_temp_arc.clone(); let (public_key, serialized_networking_keypair) = keygen::generate_networking_key();
let net_keypair = Arc::new(Mutex::new(serialized_networking_keypair.as_ref().to_vec()));
let net_keypair_arc = Arc::new(Mutex::new(None)); // TODO: if IP is localhost, don't allow registration as direct
let net_keypair_ws_info = net_keypair_arc.clone(); let ws_port = crate::http::utils::find_open_port(9000).await.unwrap();
let keyfile_arc = Arc::new(Mutex::new(Some(keyfile))); // This is a temporary identity, passed to the UI. If it is confirmed through a /boot or /confirm-change-network-keys, then it will be used to replace the current identity
let keyfile_vet = keyfile_arc.clone(); let our_temp_id = Arc::new(Mutex::new(Identity {
networking_key: format!("0x{}", public_key),
name: "".to_string(),
ws_routing: Some((ip, ws_port)),
allowed_routers: vec![
"uqbar-router-1.uq".into(), // "0x8d9e54427c50660c6d4802f63edca86a9ca5fd6a78070c4635950e9d149ed441".into(),
"uqbar-router-2.uq".into(), // "0x06d331ed65843ecf0860c73292005d8103af20820546b2f8f9007d01f60595b1".into(),
"uqbar-router-3.uq".into(), // "0xe6ab611eb62e8aee0460295667f8179cda4315982717db4b0b3da6022deecac1".into(),
],
}));
let keyfile = warp::any().map(move || keyfile);
let our_temp_id = warp::any().map(move || our_temp_id);
let net_keypair = warp::any().map(move || net_keypair);
let tx = warp::any().map(move || tx);
let ip = warp::any().map(move || ip);
let rpc_url = warp::any().map(move || rpc_url);
let static_files = warp::path("static").and(warp::fs::dir("./src/register-ui/build/static/")); let static_files = warp::path("static").and(warp::fs::dir("./src/register-ui/build/static/"));
@ -118,73 +135,60 @@ pub async fn register(
.and(warp::get()) .and(warp::get())
.and(warp::fs::file("./src/register-ui/build/index.html")); .and(warp::fs::file("./src/register-ui/build/index.html"));
let keyfile_info_copy = keyfile_arc.clone();
let boot_tx = tx.clone();
let boot_our_arc = our_temp_arc.clone();
let boot_net_keypair_arc = net_keypair_arc.clone();
let import_tx = tx.clone();
let import_ip = ip.clone();
let import_rpc_url = rpc_url.clone();
let login_tx = tx.clone();
let login_keyfile_arc = keyfile_arc.clone();
let generate_keys_ip = ip.clone();
let api = warp::path("info") let api = warp::path("info")
.and( .and(
warp::get() warp::get()
.and(warp::any().map(move || keyfile_info_copy.clone())) .and(keyfile.clone())
.and_then(get_unencrypted_info), .and_then(get_unencrypted_info),
) )
.or(warp::path("generate-networking-info").and( .or(warp::path("generate-networking-info").and(
warp::post() warp::post()
.and(warp::any().map(move || generate_keys_ip.clone())) .and(our_temp_id)
.and(warp::any().map(move || our_ws_info.clone()))
.and(warp::any().map(move || net_keypair_ws_info.clone()))
.and_then(generate_networking_info), .and_then(generate_networking_info),
)) ))
.or(warp::path("vet-keyfile").and( .or(warp::path("vet-keyfile").and(
warp::post() warp::post()
.and(warp::body::content_length_limit(1024 * 16)) .and(warp::body::content_length_limit(1024 * 16))
.and(warp::body::json()) .and(warp::body::json())
.and(warp::any().map(move || keyfile_vet.clone())) .and(keyfile.clone())
.and_then(handle_keyfile_vet), .and_then(handle_keyfile_vet),
)) ))
.or(warp::path("boot").and( .or(warp::path("boot").and(
warp::post() warp::post()
.and(warp::body::content_length_limit(1024 * 16)) .and(warp::body::content_length_limit(1024 * 16))
.and(warp::body::json()) .and(warp::body::json())
.and(warp::any().map(move || boot_tx.clone())) .and(tx.clone())
.and(warp::any().map(move || boot_our_arc.lock().unwrap().take().unwrap())) .and(our_temp_id.clone())
.and(warp::any().map(move || boot_net_keypair_arc.lock().unwrap().take().unwrap())) .and(net_keypair.clone())
.and_then(handle_boot), .and_then(handle_boot),
)) ))
.or(warp::path("import-keyfile").and( .or(warp::path("import-keyfile").and(
warp::post() warp::post()
.and(warp::body::content_length_limit(1024 * 16)) .and(warp::body::content_length_limit(1024 * 16))
.and(warp::body::json()) .and(warp::body::json())
.and(warp::any().map(move || import_ip.clone())) .and(ip.clone())
.and(warp::any().map(move || import_rpc_url.clone())) .and(rpc_url.clone())
.and(warp::any().map(move || import_tx.clone())) .and(tx.clone())
.and_then(handle_import_keyfile), .and_then(handle_import_keyfile),
)) ))
.or(warp::path("login").and( .or(warp::path("login").and(
warp::post() warp::post()
.and(warp::body::content_length_limit(1024 * 16)) .and(warp::body::content_length_limit(1024 * 16))
.and(warp::body::json()) .and(warp::body::json())
.and(warp::any().map(move || ip.clone())) .and(ip)
.and(warp::any().map(move || rpc_url.clone())) .and(rpc_url)
.and(warp::any().map(move || login_tx.clone())) .and(tx.clone())
.and(warp::any().map(move || login_keyfile_arc.lock().unwrap().take().unwrap())) .and(keyfile.clone())
.and_then(handle_login), .and_then(handle_login),
)) ))
.or(warp::path("confirm-change-network-keys").and( .or(warp::path("confirm-change-network-keys").and(
warp::post() warp::post()
.and(warp::body::content_length_limit(1024 * 16)) .and(warp::body::content_length_limit(1024 * 16))
.and(warp::body::json()) .and(warp::body::json())
.and(warp::any().map(move || tx.clone())) .and(tx)
.and(warp::any().map(move || our_temp_arc.lock().unwrap().take().unwrap())) .and(our_temp_id)
.and(warp::any().map(move || net_keypair_arc.lock().unwrap().take().unwrap())) .and(net_keypair)
.and(warp::any().map(move || keyfile_arc.lock().unwrap().take().unwrap())) .and(keyfile)
.and_then(confirm_change_network_keys), .and_then(confirm_change_network_keys),
)); ));
@ -208,11 +212,9 @@ pub async fn register(
.await; .await;
} }
async fn get_unencrypted_info( async fn get_unencrypted_info(keyfile: Option<Vec<u8>>) -> Result<impl Reply, Rejection> {
keyfile_arc: Arc<Mutex<Option<Vec<u8>>>>,
) -> Result<impl Reply, Rejection> {
let (name, allowed_routers) = { let (name, allowed_routers) = {
match keyfile_arc.lock().unwrap().clone() { match keyfile {
Some(encoded_keyfile) => match keygen::get_username_and_routers(&encoded_keyfile) { Some(encoded_keyfile) => match keygen::get_username_and_routers(&encoded_keyfile) {
Ok(k) => k, Ok(k) => k,
Err(_) => { Err(_) => {
@ -232,75 +234,53 @@ async fn get_unencrypted_info(
} }
} }
}; };
Ok(warp::reply::with_status(
let our = UnencryptedIdentity { Ok(warp::reply::json(&UnencryptedIdentity {
name, name,
allowed_routers, allowed_routers,
}; })),
StatusCode::OK,
Ok(warp::reply::with_status(Ok(warp::reply::json(&our)), StatusCode::OK).into_response()) )
.into_response())
} }
async fn generate_networking_info( async fn generate_networking_info(
ip: String, our_temp_id: Arc<Mutex<Identity>>,
our_temp_arc: Arc<Mutex<Option<Identity>>>,
networking_keypair_arc: Arc<Mutex<Option<Document>>>,
) -> Result<impl Reply, Rejection> { ) -> Result<impl Reply, Rejection> {
let (public_key, serialized_networking_keypair) = keygen::generate_networking_key(); Ok(warp::reply::json(&*our_temp_id.lock().unwrap()))
*networking_keypair_arc.lock().unwrap() = Some(serialized_networking_keypair);
// TODO: if IP is localhost, don't allow registration as direct
let ws_port = crate::http::utils::find_open_port(9000).await.unwrap();
// This is a temporary identity, passed to the UI. If it is confirmed through a /boot or /confirm-change-network-keys, then it will be used to replace the current identity
let our_temp = Identity {
networking_key: format!("0x{}", public_key),
name: "".to_string(),
ws_routing: Some((ip, ws_port)),
allowed_routers: vec![
"uqbar-router-1.uq".into(), // "0x8d9e54427c50660c6d4802f63edca86a9ca5fd6a78070c4635950e9d149ed441".into(),
"uqbar-router-2.uq".into(), // "0x06d331ed65843ecf0860c73292005d8103af20820546b2f8f9007d01f60595b1".into(),
"uqbar-router-3.uq".into(), // "0xe6ab611eb62e8aee0460295667f8179cda4315982717db4b0b3da6022deecac1".into(),
],
};
*our_temp_arc.lock().unwrap() = Some(our_temp.clone());
Ok(warp::reply::json(&our_temp))
} }
async fn handle_keyfile_vet( async fn handle_keyfile_vet(
payload: KeyfileVet, payload: KeyfileVet,
keyfile_arc: Arc<Mutex<Option<Vec<u8>>>>, keyfile: Option<Vec<u8>>,
) -> Result<impl Reply, Rejection> { ) -> Result<impl Reply, Rejection> {
let encoded_keyfile = match payload.keyfile.is_empty() { let encoded_keyfile = match payload.keyfile.is_empty() {
true => keyfile_arc.lock().unwrap().clone().unwrap(), true => keyfile.ok_or(warp::reject())?,
false => base64::decode(payload.keyfile).unwrap(), false => base64::decode(payload.keyfile).map_err(|_| warp::reject())?,
}; };
let decoded_keyfile = match keygen::decode_keyfile(&encoded_keyfile, &payload.password) { let decoded_keyfile =
Ok(k) => k, keygen::decode_keyfile(&encoded_keyfile, &payload.password).map_err(|_| warp::reject())?;
Err(_) => return Err(warp::reject()),
};
let keyfile_vetted = KeyfileVetted { Ok(warp::reply::json(&KeyfileVetted {
username: decoded_keyfile.username, username: decoded_keyfile.username,
networking_key: format!( networking_key: format!(
"0x{}", "0x{}",
hex::encode(decoded_keyfile.networking_keypair.public_key().as_ref()) hex::encode(decoded_keyfile.networking_keypair.public_key().as_ref())
), ),
routers: decoded_keyfile.routers, routers: decoded_keyfile.routers,
}; }))
Ok(warp::reply::json(&keyfile_vetted))
} }
async fn handle_boot( async fn handle_boot(
info: BootInfo, info: BootInfo,
sender: RegistrationSender, sender: RegistrationSender,
mut our: Identity, our: Arc<Mutex<Identity>>,
networking_keypair: Document, networking_keypair: Arc<Mutex<Vec<u8>>>,
) -> Result<impl Reply, Rejection> { ) -> Result<impl Reply, Rejection> {
let networking_keypair = networking_keypair.lock().unwrap();
let mut our = our.lock().unwrap();
our.name = info.username; our.name = info.username;
if info.direct { if info.direct {
@ -326,21 +306,12 @@ async fn handle_boot(
info.password, info.password,
decoded_keyfile.username.clone(), decoded_keyfile.username.clone(),
decoded_keyfile.routers.clone(), decoded_keyfile.routers.clone(),
networking_keypair, networking_keypair.as_ref(),
decoded_keyfile.jwt_secret_bytes.clone(), decoded_keyfile.jwt_secret_bytes.clone(),
decoded_keyfile.file_key.clone(), decoded_keyfile.file_key.clone(),
); );
let encoded_keyfile_str = base64::encode(encoded_keyfile.clone()); success_response(sender, our.clone(), decoded_keyfile, encoded_keyfile)
success_response(
sender,
our,
decoded_keyfile,
encoded_keyfile,
encoded_keyfile_str,
)
.await
} }
async fn handle_import_keyfile( async fn handle_import_keyfile(
@ -404,16 +375,7 @@ async fn handle_import_keyfile(
// .into_response()); // .into_response());
// } // }
let encoded_keyfile_str = info.keyfile.clone(); success_response(sender, our, decoded_keyfile, encoded_keyfile).await
success_response(
sender,
our,
decoded_keyfile,
encoded_keyfile,
encoded_keyfile_str,
)
.await
} }
async fn handle_login( async fn handle_login(
@ -421,15 +383,16 @@ async fn handle_login(
ip: String, ip: String,
_rpc_url: String, _rpc_url: String,
sender: RegistrationSender, sender: RegistrationSender,
encoded_keyfile: Vec<u8>, encoded_keyfile: Option<Vec<u8>>,
) -> Result<impl Reply, Rejection> { ) -> Result<impl Reply, Rejection> {
if encoded_keyfile.is_empty() { if encoded_keyfile.is_none() {
return Ok(warp::reply::with_status( return Ok(warp::reply::with_status(
warp::reply::json(&"Keyfile not present".to_string()), warp::reply::json(&"Keyfile not present".to_string()),
StatusCode::NOT_FOUND, StatusCode::NOT_FOUND,
) )
.into_response()); .into_response());
} }
let encoded_keyfile = encoded_keyfile.unwrap();
let Some(ws_port) = crate::http::utils::find_open_port(9000).await else { let Some(ws_port) = crate::http::utils::find_open_port(9000).await else {
return Ok(warp::reply::with_status( return Ok(warp::reply::with_status(
@ -474,32 +437,39 @@ async fn handle_login(
// .into_response()); // .into_response());
// } // }
let encoded_keyfile_str = base64::encode(encoded_keyfile.clone()); success_response(sender, our, decoded_keyfile, encoded_keyfile).await
success_response(
sender,
our,
decoded_keyfile,
encoded_keyfile,
encoded_keyfile_str,
)
.await
} }
async fn confirm_change_network_keys( async fn confirm_change_network_keys(
info: LoginAndResetInfo, info: LoginAndResetInfo,
sender: RegistrationSender, sender: RegistrationSender,
mut our: Identity, // the arc of our temporary identity our: Option<Identity>, // the arc of our temporary identity
networking_keypair: Document, networking_keypair: Option<&Document>,
encoded_keyfile: Vec<u8>, encoded_keyfile: Option<Vec<u8>>,
) -> Result<impl Reply, Rejection> { ) -> Result<impl Reply, Rejection> {
if encoded_keyfile.is_empty() { if encoded_keyfile.is_none() {
return Ok(warp::reply::with_status( return Ok(warp::reply::with_status(
warp::reply::json(&"Keyfile not present".to_string()), warp::reply::json(&"Keyfile not present".to_string()),
StatusCode::NOT_FOUND, StatusCode::NOT_FOUND,
) )
.into_response()); .into_response());
} }
let encoded_keyfile = encoded_keyfile.unwrap();
let Some(networking_keypair) = networking_keypair else {
return Ok(warp::reply::with_status(
warp::reply::json(&"Networking keypair not present".to_string()),
StatusCode::NOT_FOUND,
)
.into_response());
};
let Some(mut our) = our else {
return Ok(warp::reply::with_status(
warp::reply::json(&"Temporary identity not present".to_string()),
StatusCode::NOT_FOUND,
)
.into_response());
};
// Get our name from our current keyfile // Get our name from our current keyfile
let old_decoded_keyfile = match keygen::decode_keyfile(&encoded_keyfile, &info.password) { let old_decoded_keyfile = match keygen::decode_keyfile(&encoded_keyfile, &info.password) {
@ -536,30 +506,21 @@ async fn confirm_change_network_keys(
info.password, info.password,
decoded_keyfile.username.clone(), decoded_keyfile.username.clone(),
decoded_keyfile.routers.clone(), decoded_keyfile.routers.clone(),
networking_keypair, &networking_keypair,
decoded_keyfile.jwt_secret_bytes.clone(), decoded_keyfile.jwt_secret_bytes.clone(),
decoded_keyfile.file_key.clone(), decoded_keyfile.file_key.clone(),
); );
let encoded_keyfile_str = base64::encode(encoded_keyfile.clone()); success_response(sender, our, decoded_keyfile, encoded_keyfile).await
success_response(
sender,
our,
decoded_keyfile,
encoded_keyfile,
encoded_keyfile_str,
)
.await
} }
async fn success_response( fn success_response(
sender: RegistrationSender, sender: RegistrationSender,
our: Identity, our: Identity,
decoded_keyfile: Keyfile, decoded_keyfile: Keyfile,
encoded_keyfile: Vec<u8>, encoded_keyfile: Vec<u8>,
encoded_keyfile_str: String,
) -> Result<warp::reply::Response, Rejection> { ) -> Result<warp::reply::Response, Rejection> {
let encoded_keyfile_str = base64::encode(&encoded_keyfile);
let token = match generate_jwt(&decoded_keyfile.jwt_secret_bytes, &our.name) { let token = match generate_jwt(&decoded_keyfile.jwt_secret_bytes, &our.name) {
Some(token) => token, Some(token) => token,
None => { None => {
@ -595,19 +556,6 @@ async fn success_response(
} }
} }
// match HeaderValue::from_str(&format!("uqbar-ws-auth_{}={};", &our.name, &token)) {
// Ok(v) => {
// headers.append(SET_COOKIE, v);
// },
// Err(_) => {
// return Ok(warp::reply::with_status(
// warp::reply::json(&"Failed to generate WS JWT".to_string()),
// StatusCode::INTERNAL_SERVER_ERROR,
// )
// .into_response())
// }
// }
Ok(response) Ok(response)
} }