2022-04-11 02:32:02 +00:00
|
|
|
package main
|
|
|
|
|
|
2022-04-11 03:45:33 +00:00
|
|
|
import (
|
2022-04-12 20:33:13 +00:00
|
|
|
"database/sql"
|
2022-04-21 02:19:01 +00:00
|
|
|
_ "embed"
|
2022-04-20 03:27:31 +00:00
|
|
|
"encoding/json"
|
2022-04-22 19:49:36 +00:00
|
|
|
"errors"
|
2022-04-11 03:45:33 +00:00
|
|
|
"flag"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
2022-04-12 00:16:06 +00:00
|
|
|
"net/http"
|
2022-04-11 03:45:33 +00:00
|
|
|
"os"
|
2022-04-22 19:49:36 +00:00
|
|
|
"strings"
|
2022-04-28 19:08:05 +00:00
|
|
|
"time"
|
2022-04-12 20:33:13 +00:00
|
|
|
|
2022-04-28 19:08:05 +00:00
|
|
|
"github.com/google/uuid"
|
2022-04-12 20:33:13 +00:00
|
|
|
_ "github.com/mattn/go-sqlite3"
|
2022-04-11 03:45:33 +00:00
|
|
|
)
|
|
|
|
|
|
2022-04-21 02:19:01 +00:00
|
|
|
//go:embed schema.sql
|
|
|
|
|
var schemaSQL string
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
type Config struct {
|
|
|
|
|
Admins []string
|
|
|
|
|
Port int
|
|
|
|
|
Host string
|
|
|
|
|
InstanceName string `yaml:"instance_name"`
|
|
|
|
|
AllowAnon bool `yaml:"allow_anon"`
|
|
|
|
|
Debug bool
|
|
|
|
|
DBPath string `yaml:"db_path"`
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-11 03:45:33 +00:00
|
|
|
type iostreams struct {
|
|
|
|
|
Err io.Writer
|
|
|
|
|
Out io.Writer
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Opts struct {
|
|
|
|
|
ConfigPath string
|
|
|
|
|
IO iostreams
|
2022-04-12 00:16:06 +00:00
|
|
|
Log func(string)
|
|
|
|
|
Logf func(string, ...interface{})
|
2022-04-12 20:33:13 +00:00
|
|
|
Config Config
|
|
|
|
|
DB *sql.DB
|
2022-04-22 19:49:36 +00:00
|
|
|
Reset bool
|
2022-04-11 03:45:33 +00:00
|
|
|
}
|
2022-04-11 02:32:02 +00:00
|
|
|
|
|
|
|
|
func main() {
|
2022-04-11 03:45:33 +00:00
|
|
|
var configFlag = flag.String("config", "config.yml", "A path to a config file.")
|
2022-04-22 19:49:36 +00:00
|
|
|
var resetFlag = flag.Bool("reset", false, "reset the database. WARNING this wipes everything.")
|
2022-04-11 03:45:33 +00:00
|
|
|
flag.Parse()
|
2022-04-12 00:16:06 +00:00
|
|
|
io := iostreams{
|
|
|
|
|
Err: os.Stderr,
|
|
|
|
|
Out: os.Stdout,
|
|
|
|
|
}
|
2022-04-12 20:33:13 +00:00
|
|
|
opts := &Opts{
|
2022-04-11 03:45:33 +00:00
|
|
|
ConfigPath: *configFlag,
|
2022-04-22 19:49:36 +00:00
|
|
|
Reset: *resetFlag,
|
2022-04-12 00:16:06 +00:00
|
|
|
IO: io,
|
|
|
|
|
// TODO use real logger
|
|
|
|
|
Log: func(s string) {
|
|
|
|
|
fmt.Fprintln(io.Out, s)
|
|
|
|
|
},
|
|
|
|
|
Logf: func(s string, args ...interface{}) {
|
|
|
|
|
fmt.Fprintf(io.Out, s, args...)
|
2022-04-20 03:27:31 +00:00
|
|
|
fmt.Fprintf(io.Out, "\n")
|
2022-04-11 03:45:33 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := _main(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "failed: %s", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
type Teardown func()
|
|
|
|
|
|
|
|
|
|
func setupDB(opts *Opts) (Teardown, error) {
|
|
|
|
|
db, err := sql.Open("sqlite3", opts.Config.DBPath)
|
|
|
|
|
fmt.Printf("DBG %#v\n", db)
|
|
|
|
|
|
|
|
|
|
opts.DB = db
|
|
|
|
|
|
|
|
|
|
return func() { db.Close() }, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func _main(opts *Opts) error {
|
2022-04-11 03:45:33 +00:00
|
|
|
cfg, err := parseConfig(opts.ConfigPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "could not read config file '%s'", opts.ConfigPath)
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
opts.Config = *cfg
|
|
|
|
|
|
|
|
|
|
teardown, err := setupDB(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("could not initialize DB: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer teardown()
|
|
|
|
|
|
2022-04-22 19:49:36 +00:00
|
|
|
err = ensureSchema(*opts)
|
2022-04-21 02:19:01 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
setupAPI(*opts)
|
2022-04-12 00:16:06 +00:00
|
|
|
|
|
|
|
|
// TODO TLS or SSL or something
|
2022-04-20 03:27:31 +00:00
|
|
|
opts.Logf("starting server at %s:%d", cfg.Host, cfg.Port)
|
2022-04-12 00:16:06 +00:00
|
|
|
if err := http.ListenAndServe(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port), nil); err != nil {
|
|
|
|
|
return fmt.Errorf("http server exited with error: %w", err)
|
|
|
|
|
}
|
2022-04-11 03:45:33 +00:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2022-04-12 00:16:06 +00:00
|
|
|
|
2022-04-22 19:49:36 +00:00
|
|
|
func ensureSchema(opts Opts) error {
|
|
|
|
|
db := opts.DB
|
|
|
|
|
|
|
|
|
|
if opts.Reset {
|
|
|
|
|
err := os.Remove(opts.Config.DBPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to delete database: %w", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
rows, err := db.Query("select version from meta")
|
|
|
|
|
if err == nil {
|
2022-04-22 20:23:12 +00:00
|
|
|
defer rows.Close()
|
2022-04-22 19:49:36 +00:00
|
|
|
rows.Next()
|
|
|
|
|
var version string
|
|
|
|
|
err = rows.Scan(&version)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to check database schema version: %w", err)
|
|
|
|
|
} else if version == "" {
|
|
|
|
|
return errors.New("database is in unknown state")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !strings.Contains(err.Error(), "no such table") {
|
|
|
|
|
return fmt.Errorf("got error checking database state: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = db.Exec(schemaSQL)
|
2022-04-21 02:19:01 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to initialize database schema: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
func handler(opts Opts, f http.HandlerFunc) http.HandlerFunc {
|
2022-04-12 00:16:06 +00:00
|
|
|
// TODO make this more real
|
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
|
|
|
opts.Log(req.URL.Path)
|
|
|
|
|
f(w, req)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-20 03:27:31 +00:00
|
|
|
// TODO I'm not entirely sold on this hash system; without transport
|
|
|
|
|
// encryption, it doesn't really help anything. I'd rather have plaintext +
|
|
|
|
|
// transport encryption and then, on the server side, proper salted hashing.
|
|
|
|
|
|
|
|
|
|
type User struct {
|
|
|
|
|
// TODO
|
|
|
|
|
ID string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type BBJResponse struct {
|
|
|
|
|
Error bool `json:"error"`
|
|
|
|
|
Data interface{} `json:"data"`
|
|
|
|
|
Usermap map[string]User `json:"usermap"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func writeResponse(w http.ResponseWriter, resp BBJResponse) {
|
2022-04-24 17:09:56 +00:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2022-04-20 03:27:31 +00:00
|
|
|
json.NewEncoder(w).Encode(resp)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-24 17:09:56 +00:00
|
|
|
func writeErrorResponse(w http.ResponseWriter, code int, resp BBJResponse) {
|
|
|
|
|
w.WriteHeader(code)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
json.NewEncoder(w).Encode(resp)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NB breaking: i'm not just returning 200 always but using http status codes
|
|
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
func setupAPI(opts Opts) {
|
2022-04-20 03:27:31 +00:00
|
|
|
|
2022-04-12 20:33:13 +00:00
|
|
|
http.HandleFunc("/instance", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
2022-04-20 03:27:31 +00:00
|
|
|
writeResponse(w, BBJResponse{
|
|
|
|
|
Data: opts.Config.InstanceName,
|
|
|
|
|
})
|
|
|
|
|
}))
|
|
|
|
|
|
2022-04-28 19:08:05 +00:00
|
|
|
serverErr := func(w http.ResponseWriter, err error) {
|
|
|
|
|
opts.Logf(err.Error())
|
2022-04-28 18:40:48 +00:00
|
|
|
writeErrorResponse(w, 500, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "server error",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
badMethod := func(w http.ResponseWriter) {
|
|
|
|
|
writeErrorResponse(w, 400, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "bad method",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
invalidArgs := func(w http.ResponseWriter) {
|
|
|
|
|
writeErrorResponse(w, 400, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "invalid args",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.HandleFunc("/user_register", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
2022-04-20 03:27:31 +00:00
|
|
|
if req.Method != "POST" {
|
2022-04-24 17:33:19 +00:00
|
|
|
badMethod(w)
|
2022-04-20 03:27:31 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-28 18:40:48 +00:00
|
|
|
type AuthArgs struct {
|
|
|
|
|
Username string `json:"user_name"`
|
|
|
|
|
AuthHash string `json:"auth_hash"`
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
var args AuthArgs
|
|
|
|
|
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
|
|
|
|
invalidArgs(w)
|
|
|
|
|
return
|
2022-04-20 03:27:31 +00:00
|
|
|
}
|
|
|
|
|
|
2022-04-28 19:08:05 +00:00
|
|
|
if args.AuthHash == "" || args.Username == "" {
|
|
|
|
|
invalidArgs(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-28 18:40:48 +00:00
|
|
|
db := opts.DB
|
|
|
|
|
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
|
|
|
|
|
if err != nil {
|
2022-04-28 19:08:05 +00:00
|
|
|
serverErr(w, err)
|
2022-04-28 18:40:48 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
defer stmt.Close()
|
|
|
|
|
|
|
|
|
|
opts.Logf("querying for %s", args.Username)
|
|
|
|
|
|
|
|
|
|
var authHash string
|
|
|
|
|
err = stmt.QueryRow(args.Username).Scan(&authHash)
|
|
|
|
|
if err == nil {
|
|
|
|
|
opts.Logf("found %s", args.Username)
|
|
|
|
|
// code 4 apparently
|
|
|
|
|
writeErrorResponse(w, 403, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "user already exists",
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
} else if err != nil && !strings.Contains(err.Error(), "no rows in result") {
|
2022-04-28 19:08:05 +00:00
|
|
|
serverErr(w, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stmt, err = db.Prepare(`INSERT INTO users VALUES (?, ?, ?, "", "", 0, 0, ?)`)
|
|
|
|
|
id, err := uuid.NewRandom()
|
|
|
|
|
if err != nil {
|
|
|
|
|
serverErr(w, err)
|
2022-04-28 18:40:48 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-28 19:08:05 +00:00
|
|
|
_, err = stmt.Exec(id, args.Username, args.AuthHash, time.Now())
|
|
|
|
|
if err != nil {
|
|
|
|
|
serverErr(w, err)
|
|
|
|
|
}
|
2022-04-28 18:40:48 +00:00
|
|
|
|
|
|
|
|
writeResponse(w, BBJResponse{
|
|
|
|
|
Data: true, // TODO probably something else
|
|
|
|
|
// TODO prob usermap
|
|
|
|
|
})
|
2022-04-24 17:33:19 +00:00
|
|
|
}))
|
2022-04-20 03:27:31 +00:00
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
http.HandleFunc("/check_auth", handler(opts, func(w http.ResponseWriter, req *http.Request) {
|
|
|
|
|
if req.Method != "POST" {
|
|
|
|
|
badMethod(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
2022-04-20 03:27:31 +00:00
|
|
|
|
2022-04-28 18:40:48 +00:00
|
|
|
type AuthArgs struct {
|
|
|
|
|
Username string `json:"target_user"`
|
|
|
|
|
AuthHash string `json:"target_hash"`
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
var args AuthArgs
|
|
|
|
|
if err := json.NewDecoder(req.Body).Decode(&args); err != nil {
|
|
|
|
|
invalidArgs(w)
|
2022-04-24 17:09:56 +00:00
|
|
|
return
|
2022-04-20 03:27:31 +00:00
|
|
|
}
|
|
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
opts.Logf("got %s %s", args.Username, args.AuthHash)
|
2022-04-20 03:27:31 +00:00
|
|
|
|
2022-04-22 20:23:12 +00:00
|
|
|
db := opts.DB
|
|
|
|
|
|
|
|
|
|
stmt, err := db.Prepare("select auth_hash from users where user_name = ?")
|
|
|
|
|
if err != nil {
|
2022-04-28 19:08:05 +00:00
|
|
|
serverErr(w, err)
|
2022-04-22 20:23:12 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
defer stmt.Close()
|
|
|
|
|
|
|
|
|
|
var authHash string
|
2022-04-24 17:33:19 +00:00
|
|
|
err = stmt.QueryRow(args.Username).Scan(&authHash)
|
2022-04-22 20:23:12 +00:00
|
|
|
if err != nil {
|
2022-04-24 17:09:56 +00:00
|
|
|
if strings.Contains(err.Error(), "no rows in result") {
|
|
|
|
|
opts.Logf("user not found")
|
|
|
|
|
writeErrorResponse(w, 404, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "user not found",
|
|
|
|
|
})
|
|
|
|
|
} else {
|
2022-04-28 19:08:05 +00:00
|
|
|
serverErr(w, err)
|
2022-04-24 17:09:56 +00:00
|
|
|
}
|
2022-04-22 20:23:12 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO unique constraint on user_name
|
|
|
|
|
|
2022-04-24 17:33:19 +00:00
|
|
|
if authHash != args.AuthHash {
|
2022-04-24 17:09:56 +00:00
|
|
|
http.Error(w, "incorrect password", 403)
|
|
|
|
|
writeErrorResponse(w, 403, BBJResponse{
|
|
|
|
|
Error: true,
|
|
|
|
|
Data: "incorrect password",
|
|
|
|
|
})
|
|
|
|
|
return
|
2022-04-22 20:23:12 +00:00
|
|
|
}
|
2022-04-20 03:27:31 +00:00
|
|
|
|
2022-04-28 18:40:48 +00:00
|
|
|
// TODO include usermap?
|
2022-04-20 03:27:31 +00:00
|
|
|
writeResponse(w, BBJResponse{
|
2022-04-24 17:09:56 +00:00
|
|
|
Data: true,
|
2022-04-20 03:27:31 +00:00
|
|
|
})
|
2022-04-12 00:16:06 +00:00
|
|
|
}))
|
|
|
|
|
}
|
