Rust implementation of NextGraph, a Decentralized and local-first web 3.0 ecosystem https://nextgraph.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
nextgraph-rs/ngaccount/src/main.rs

315 lines
11 KiB

// Copyright (c) 2022-2024 Niko Bonnieure, Par le Peuple, NextGraph.org developers
// All rights reserved.
// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE2 or http://www.apache.org/licenses/LICENSE-2.0>
// or the MIT license <LICENSE-MIT or http://opensource.org/licenses/MIT>,
// at your option. All files in the project carrying such
// notice may not be copied, modified, or distributed except
// according to those terms.
#[macro_use]
extern crate anyhow;
mod types;
use duration_str::parse;
use p2p_client_ws::remote_ws::ConnectionWebSocket;
use p2p_net::actors::add_invitation::*;
use p2p_net::broker::BROKER;
use serde::{Deserialize, Serialize};
use warp::http::header::{HeaderMap, HeaderValue};
use warp::reply::Response;
use warp::{Filter, Reply};
use rust_embed::RustEmbed;
use serde_bare::{from_slice, to_vec};
use serde_json::json;
use std::convert::Infallible;
use std::net::IpAddr;
use std::str::FromStr;
use std::sync::Arc;
use std::{env, fs};
use crate::types::*;
use ng_wallet::types::*;
use p2p_net::types::{
AdminResponseContentV0, BindAddress, CreateAccountBSP, Invitation, InvitationCode,
InvitationV0, APP_ACCOUNT_REGISTERED_SUFFIX, APP_NG_ONE_URL, NG_ONE_URL,
};
use p2p_repo::log::*;
use p2p_repo::types::*;
use p2p_repo::utils::{generate_keypair, sign, timestamp_after, verify};
#[derive(RustEmbed)]
#[folder = "web/dist"]
struct Static;
struct Server {
admin_key: PrivKey,
local_peer_key: PrivKey,
ip: IpAddr,
port: u16,
peer_id: PubKey,
domain: String,
}
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
struct RegisterResponse {
url: Option<String>,
invite: Option<String>,
error: Option<String>,
}
impl Server {
async fn register_(&self, ca: String) -> RegisterResponse {
log_debug!("registering {}", ca);
let cabsp = TryInto::<CreateAccountBSP>::try_into(ca);
if cabsp.is_err() {
return RegisterResponse {
error: Some("invalid request".into()),
invite: None,
url: None,
};
}
let mut cabsp = cabsp.unwrap();
log_debug!("{:?}", cabsp);
// if needed, proceed with payment and verify it here. once validated, add the user
let duration = parse("1d").unwrap();
let expiry = timestamp_after(duration);
let symkey = SymKey::random();
let invite_code = InvitationCode::Unique(symkey.clone());
let local_peer_pubk = self.local_peer_key.to_pub();
let res = BROKER
.write()
.await
.admin(
Box::new(ConnectionWebSocket {}),
self.local_peer_key.clone(),
local_peer_pubk,
self.peer_id,
self.admin_key.to_pub(),
self.admin_key.clone(),
BindAddress {
port: self.port,
ip: (&self.ip).into(),
},
AddInvitation::V0(AddInvitationV0 {
invite_code,
expiry,
memo: None,
tos_url: false,
}),
)
.await;
let redirect_url = cabsp.redirect_url().clone().unwrap_or(format!(
"https://{}{}",
self.domain, APP_ACCOUNT_REGISTERED_SUFFIX
));
match res {
Err(e) => {
log_err!("error while registering: {e} {:?}", cabsp);
RegisterResponse {
url: Some(format!("{}?re={}", redirect_url, e)),
invite: None,
error: Some(e.to_string()),
}
}
Ok(AdminResponseContentV0::Invitation(Invitation::V0(mut invitation))) => {
log_info!("invitation created successfully {:?}", invitation);
invitation.name = Some(self.domain.clone());
let inv = Invitation::V0(invitation);
RegisterResponse {
url: Some(format!("{}?i={}&rs={}", redirect_url, inv, self.domain)),
invite: Some(format!("{inv}")),
error: None,
}
}
_ => {
log_err!(
"error while registering: invalid response from add_invitation {:?}",
cabsp
);
let e = "add_invitation_failed";
RegisterResponse {
url: Some(format!("{}?re={}", redirect_url, e)),
invite: None,
error: Some(e.to_string()),
}
}
}
}
pub async fn register(self: Arc<Self>, ca: String) -> Result<Response, Infallible> {
let res = self.register_(ca).await;
match &res {
RegisterResponse { error: None, .. } => {
let response = warp::reply::json(&res).into_response(); //Response::new(redirect_url.into());
let (mut parts, body) = response.into_parts();
parts.status = warp::http::StatusCode::OK;
let response = Response::from_parts(parts, body);
Ok(response)
}
RegisterResponse {
error: Some(e),
url: redirect_url,
..
} => {
if redirect_url.is_some() {
let response = warp::reply::json(&res).into_response();
let (mut parts, body) = response.into_parts();
parts.status = warp::http::StatusCode::BAD_REQUEST;
let response = Response::from_parts(parts, body);
Ok(response)
} else {
Ok(warp::http::StatusCode::NOT_ACCEPTABLE.into_response())
}
}
}
}
}
fn with_server(
server: Arc<Server>,
) -> impl Filter<Extract = (Arc<Server>,), Error = std::convert::Infallible> + Clone {
warp::any().map(move || Arc::clone(&server))
}
#[tokio::main]
async fn main() -> anyhow::Result<()> {
if std::env::var("RUST_LOG").is_err() {
std::env::set_var("RUST_LOG", "info"); //trace
}
env_logger::init();
let domain =
env::var("NG_ACCOUNT_DOMAIN").map_err(|_| anyhow!("NG_ACCOUNT_DOMAIN must be set"))?;
let admin_user = env::var("NG_ACCOUNT_ADMIN")
.map_err(|_| anyhow!("NG_ACCOUNT_ADMIN must be set (with private key)"))?;
let admin_key: PrivKey = admin_user.as_str().try_into().map_err(|_| {
anyhow!(
"NG_ACCOUNT_ADMIN is invalid. It should be a base64-url encoded serde serialization of a [u8; 32] of the private key for an admin user. cannot start"
)
})?;
let local_peer_privkey = env::var("NG_ACCOUNT_LOCAL_PEER_KEY")
.map_err(|_| anyhow!("NG_ACCOUNT_LOCAL_PEER_KEY must be set"))?;
let local_peer_key: PrivKey = local_peer_privkey.as_str().try_into().map_err(|_| {
anyhow!(
"NG_ACCOUNT_LOCAL_PEER_KEY is invalid. It should be a base64-url encoded serde serialization of a [u8; 32] of the private key for the peerId. cannot start"
)
})?;
// format is IP,PORT,PEERID
let server_address =
env::var("NG_ACCOUNT_SERVER").map_err(|_| anyhow!("NG_ACCOUNT_SERVER must be set"))?;
let addr: Vec<&str> = server_address.split(',').collect();
if addr.len() != 3 {
return Err(anyhow!(
"NG_ACCOUNT_SERVER is invalid. format is IP,PORT,PEER_ID"
));
}
let ip = IpAddr::from_str(addr[0]).map_err(|_| {
anyhow!("NG_ACCOUNT_SERVER is invalid. format is IP,PORT,PEER_ID. The first part is not an IP address. cannot start")
})?;
let port = match addr[1].parse::<u16>() {
Err(_) => {
return Err(anyhow!("NG_ACCOUNT_SERVER is invalid. format is IP,PORT,PEER_ID. The port is invalid. It should be a number. cannot start"));
}
Ok(val) => val,
};
let peer_id: PubKey = addr[2].try_into().map_err(|_| {
anyhow!(
"NG_ACCOUNT_SERVER is invalid. format is IP,PORT,PEER_ID.
The PEER_ID is invalid. It should be a base64-url encoded serde serialization of a [u8; 32]. cannot start"
)
})?;
log::info!("domain {}", domain);
let server = Arc::new(Server {
admin_key,
local_peer_key,
ip,
port,
peer_id,
domain: domain.clone(),
});
// GET /api/v1/register/ca with the same ?ca= query param => 201 CREATED
let register_api = warp::get()
.and(with_server(server))
.and(warp::path!("register" / String))
.and_then(Server::register);
let api_v1 = warp::path!("api" / "v1" / ..).and(register_api);
let mut headers = HeaderMap::new();
headers.insert(
"Content-Security-Policy",
HeaderValue::from_static(
#[cfg(debug_assertions)]
"default-src 'self' data:; connect-src ipc: https://ipc.localhost 'self' http://192.168.192.2:3031",
#[cfg(not(debug_assertions))]
"default-src 'self' data:; connect-src ipc: https://ipc.localhost 'self'",
),
);
let static_files = warp::get()
.and(warp_embed::embed(&Static))
//.with(warp::reply::with::headers(headers))
.boxed();
let mut cors = warp::cors()
.allow_methods(vec!["GET"])
.allow_headers(vec!["Content-Type"]);
let incoming_log = warp::log::custom(|info| {
if info.remote_addr().is_some() {
log_info!(
"{:?} {} {}",
info.request_headers()
.get("X-Forwarded-For")
.map(|x| x.to_str().unwrap())
.unwrap_or(info.remote_addr().unwrap().to_string().as_str()),
//info.remote_addr().unwrap(),
info.method(),
info.path()
);
}
});
#[cfg(not(debug_assertions))]
{
let origin = format!("https://{}", domain);
let origin2 = format!("https://account.{}", domain);
cors = cors.allow_origin(origin.as_str());
cors = cors.allow_origin(origin2.as_str());
log::info!("Starting server on http://localhost:3031");
warp::serve(api_v1.or(static_files).with(cors).with(incoming_log))
.run(([127, 0, 0, 1], 3031))
.await;
}
#[cfg(debug_assertions)]
{
log_debug!("CORS: any origin");
cors = cors.allow_any_origin();
log::info!("Starting server on http://192.168.192.2:3031");
warp::serve(api_v1.or(static_files).with(cors).with(incoming_log))
.run(([192, 168, 192, 2], 3031))
.await;
}
Ok(())
}