From 11a6649847c995f825cacab27ba113423c13ea15 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 08:48:50 -0400 Subject: [PATCH 01/22] Add back a verify command. Remove unused and not very useful ssb.getMessage(). Make field ordering shenanigans more explicit. --- src/main.c | 55 ++++++++++++++++++++++++++ src/ssb.c | 47 +++++++++++++--------- src/ssb.db.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++--- src/ssb.db.h | 7 +++- src/ssb.js.c | 24 ------------ 5 files changed, 189 insertions(+), 51 deletions(-) diff --git a/src/main.c b/src/main.c index 71825afa..9176ac7b 100644 --- a/src/main.c +++ b/src/main.c @@ -48,6 +48,7 @@ static int _tf_command_import(const char* file, int argc, char* argv[]); static int _tf_command_export(const char* file, int argc, char* argv[]); static int _tf_command_run(const char* file, int argc, char* argv[]); static int _tf_command_sandbox(const char* file, int argc, char* argv[]); +static int _tf_command_verify(const char* file, int argc, char* argv[]); static int _tf_command_usage(const char* file); typedef struct _command_t @@ -62,6 +63,7 @@ const command_t k_commands[] = { { "sandbox", _tf_command_sandbox, "Run a sandboxed tildefriends sandbox process (used internally)." }, { "import", _tf_command_import, "Import apps to SSB." }, { "export", _tf_command_export, "Export apps from SSB." }, + { "verify", _tf_command_verify, "Verify a feed." }, { "test", _tf_command_test, "Test SSB." }, }; @@ -589,6 +591,59 @@ static int _tf_command_sandbox(const char* file, int argc, char* argv[]) return EXIT_SUCCESS; } +static int _tf_command_verify(const char* file, int argc, char* argv[]) +{ + const char* identity = NULL; + const char* db_path = k_db_path_default; + bool show_usage = false; + + while (!show_usage) + { + static const struct option k_options[] = { + { "id", required_argument, NULL, 'u' }, + { "db-path", required_argument, NULL, 'd' }, + { "help", no_argument, NULL, 'h' }, + { 0 }, + }; + int c = getopt_long(argc, argv, "i:d:h", k_options, NULL); + if (c == -1) + { + break; + } + + switch (c) + { + case '?': + case 'h': + default: + show_usage = true; + break; + case 'i': + identity = optarg; + break; + case 'd': + db_path = optarg; + break; + } + } + + if (show_usage) + { + tf_printf("\n%s import [options] [paths...]\n\n", file); + tf_printf("options:\n"); + tf_printf(" -i, --identity identity Identity to verify.\n"); + tf_printf(" -d, --db-path db_path SQLite database path (default: %s).\n", k_db_path_default); + tf_printf(" -h, --help Show this usage information.\n"); + return EXIT_FAILURE; + } + + tf_printf("Verifying %s...\n", identity); + tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL); + bool verified = tf_ssb_db_verify(ssb, identity); + tf_ssb_destroy(ssb); + return verified ? EXIT_SUCCESS : EXIT_FAILURE; +} + #if !defined(__ANDROID__) static int _tf_command_usage(const char* file) { diff --git a/src/ssb.c b/src/ssb.c index 0e52b5d3..0ba05cb7 100644 --- a/src/ssb.c +++ b/src/ssb.c @@ -1019,7 +1019,18 @@ static bool _tf_ssb_verify_and_strip_signature_internal(JSContext* context, JSVa bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* out_id, size_t out_id_size, char* out_signature, size_t out_signature_size, int* out_flags) { - if (_tf_ssb_verify_and_strip_signature_internal(context, val, out_id, out_id_size, out_signature, out_signature_size)) + JSValue reordered = JS_NewObject(context); + JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous")); + JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author")); + JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence")); + JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp")); + JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash")); + JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content")); + JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature")); + bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size); + JS_FreeValue(context, reordered); + + if (result) { if (out_flags) { @@ -1027,27 +1038,26 @@ bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* ou } return true; } - else + + reordered = JS_NewObject(context); + JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous")); + JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence")); + JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author")); + JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp")); + JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash")); + JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content")); + JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature")); + result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size); + JS_FreeValue(context, reordered); + if (result) { - JSValue reordered = JS_NewObject(context); - JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous")); - JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence")); - JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author")); - JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp")); - JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash")); - JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content")); - JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature")); - bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size); - JS_FreeValue(context, reordered); - if (result) + if (out_flags) { - if (out_flags) - { - *out_flags = k_tf_ssb_message_flag_sequence_before_author; - } - return true; + *out_flags = k_tf_ssb_message_flag_sequence_before_author; } + return true; } + return false; } @@ -3608,7 +3618,6 @@ void tf_ssb_verify_strip_and_store_message(tf_ssb_t* ssb, JSValue value, tf_ssb_ } else { - printf("nope\n"); _tf_ssb_verify_strip_and_store_finish(async); } } diff --git a/src/ssb.db.c b/src/ssb.db.c index de8b6eab..4ab57dcf 100644 --- a/src/ssb.db.c +++ b/src/ssb.db.c @@ -735,12 +735,13 @@ bool tf_ssb_db_blob_store(tf_ssb_t* ssb, const uint8_t* blob, size_t size, char* return result; } -bool tf_ssb_db_get_message_by_author_and_sequence( - tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content) +bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous, + size_t out_previous_size, char* out_author, size_t out_author_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, + size_t out_signature_size, int* out_flags) { bool found = false; sqlite3_stmt* statement; - const char* query = "SELECT id, timestamp, json(content) FROM messages WHERE author = ?1 AND sequence = ?2"; + const char* query = "SELECT id, previous, author, timestamp, json(content), hash, signature, flags FROM messages WHERE author = ?1 AND sequence = ?2"; sqlite3* db = tf_ssb_acquire_db_reader(ssb); if (sqlite3_prepare(db, query, -1, &statement, NULL) == SQLITE_OK) { @@ -748,15 +749,45 @@ bool tf_ssb_db_get_message_by_author_and_sequence( { if (out_message_id) { - strncpy(out_message_id, (const char*)sqlite3_column_text(statement, 0), out_message_id_size - 1); + snprintf(out_message_id, out_message_id_size, "%s", (const char*)sqlite3_column_text(statement, 0)); + } + if (out_previous) + { + if (sqlite3_column_type(statement, 1) == SQLITE_NULL) + { + if (out_previous_size) + { + *out_previous = '\0'; + } + } + else + { + snprintf(out_previous, out_previous_size, "%s", (const char*)sqlite3_column_text(statement, 1)); + } + } + if (out_author) + { + snprintf(out_author, out_author_size, "%s", (const char*)sqlite3_column_text(statement, 2)); } if (out_timestamp) { - *out_timestamp = sqlite3_column_double(statement, 1); + *out_timestamp = sqlite3_column_double(statement, 3); } if (out_content) { - *out_content = tf_strdup((const char*)sqlite3_column_text(statement, 2)); + *out_content = tf_strdup((const char*)sqlite3_column_text(statement, 4)); + } + if (out_hash) + { + snprintf(out_hash, out_hash_size, "%s", (const char*)sqlite3_column_text(statement, 5)); + } + if (out_signature) + { + snprintf(out_signature, out_signature_size, "%s", (const char*)sqlite3_column_text(statement, 6)); + } + if (out_flags) + { + *out_flags = sqlite3_column_int(statement, 7); } found = true; } @@ -1592,6 +1623,7 @@ bool tf_ssb_db_set_account_password(tf_ssb_t* ssb, const char* name, const char* if (sqlite3_bind_text(statement, 1, name, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, user_string, user_length, NULL) == SQLITE_OK) { result = sqlite3_step(statement) == SQLITE_DONE; + tf_printf("set account password = %d\n", result); } sqlite3_finalize(statement); } @@ -1634,6 +1666,7 @@ bool tf_ssb_db_register_account(tf_ssb_t* ssb, const char* name, const char* pas { if (sqlite3_bind_text(statement, 1, value, value_length, NULL) == SQLITE_OK) { + tf_printf("added user to properties\n"); result = sqlite3_step(statement) == SQLITE_DONE; } sqlite3_finalize(statement); @@ -1784,3 +1817,65 @@ void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callb }; tf_ssb_run_work(ssb, _tf_ssb_db_resolve_index_work, _tf_ssb_db_resolve_index_after_work, request); } + +bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id) +{ + JSContext* context = tf_ssb_get_context(ssb); + bool verified = true; + int64_t sequence = -1; + if (tf_ssb_db_get_latest_message_by_author(ssb, id, &sequence, NULL, 0)) + { + for (int64_t i = 1; i <= sequence; i++) + { + char message_id[k_id_base64_len]; + char previous[256]; + double timestamp; + char* content = NULL; + char hash[32]; + char signature[256]; + int flags = 0; + if (tf_ssb_db_get_message_by_author_and_sequence(ssb, id, i, message_id, sizeof(message_id), previous, sizeof(previous), NULL, 0, ×tamp, &content, hash, + sizeof(hash), signature, sizeof(signature), &flags)) + { + JSValue message = tf_ssb_format_message(context, previous, id, i, timestamp, hash, content, signature, flags); + char calculated_id[k_id_base64_len]; + char extracted_signature[256]; + int calculated_flags = 0; + if (!tf_ssb_verify_and_strip_signature(context, message, calculated_id, sizeof(calculated_id), extracted_signature, sizeof(extracted_signature), &calculated_flags)) + { + tf_printf("author=%s sequence=%" PRId64 " verify failed.\n", id, i); + verified = false; + } + if (calculated_flags != flags) + { + tf_printf("author=%s sequence=%" PRId64 " flag mismatch %d => %d.\n", id, i, flags, calculated_flags); + verified = false; + } + if (strcmp(message_id, calculated_id)) + { + tf_printf("author=%s sequence=%" PRId64 " id mismatch %s => %s.\n", id, i, message_id, calculated_id); + verified = false; + } + JS_FreeValue(context, message); + tf_free(content); + + if (!verified) + { + break; + } + } + else + { + tf_printf("Unable to find message with sequence=%" PRId64 " for author=%s.", i, id); + verified = false; + break; + } + } + } + else + { + tf_printf("Unable to get latest message for author '%s'.\n", id); + verified = false; + } + return verified; +} diff --git a/src/ssb.db.h b/src/ssb.db.h index 7bacc344..6bfa0b49 100644 --- a/src/ssb.db.h +++ b/src/ssb.db.h @@ -126,8 +126,9 @@ JSValue tf_ssb_db_get_message_by_id(tf_ssb_t* ssb, const char* id, bool is_keys) ** @param[out] out_content Populated with the message content. Free with tf_free(). ** @return True if the message was found and retrieved. */ -bool tf_ssb_db_get_message_by_author_and_sequence( - tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content); +bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous, + size_t out_previous_size, char* out_author, size_t out_author_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, + size_t out_signature_size, int* out_flags); /** ** Get information about the last message from an author. @@ -379,6 +380,8 @@ bool tf_ssb_db_set_property(tf_ssb_t* ssb, const char* id, const char* key, cons */ void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callback)(const char* path, void* user_data), void* user_data); +bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id); + /** ** An SQLite authorizer callback. See https://www.sqlite.org/c3ref/set_authorizer.html for use. ** @param user_data User data registered with the authorizer. diff --git a/src/ssb.js.c b/src/ssb.js.c index 32d15373..47e36025 100644 --- a/src/ssb.js.c +++ b/src/ssb.js.c @@ -576,29 +576,6 @@ static JSValue _tf_ssb_appendMessageWithIdentity(JSContext* context, JSValueCons return result; } -static JSValue _tf_ssb_getMessage(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv) -{ - JSValue result = JS_NULL; - tf_ssb_t* ssb = JS_GetOpaque(this_val, _tf_ssb_classId); - if (ssb) - { - const char* id = JS_ToCString(context, argv[0]); - int64_t sequence = 0; - JS_ToInt64(context, &sequence, argv[1]); - double timestamp = -1.0; - char* contents = NULL; - if (tf_ssb_db_get_message_by_author_and_sequence(ssb, id, sequence, NULL, 0, ×tamp, &contents)) - { - result = JS_NewObject(context); - JS_SetPropertyStr(context, result, "timestamp", JS_NewFloat64(context, timestamp)); - JS_SetPropertyStr(context, result, "content", JS_NewString(context, contents)); - tf_free(contents); - } - JS_FreeCString(context, id); - } - return result; -} - static JSValue _tf_ssb_blobGet(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv) { JSValue result = JS_NULL; @@ -1891,7 +1868,6 @@ void tf_ssb_register(JSContext* context, tf_ssb_t* ssb) JS_SetPropertyStr(context, object, "getAllIdentities", JS_NewCFunction(context, _tf_ssb_getAllIdentities, "getAllIdentities", 0)); JS_SetPropertyStr(context, object, "getActiveIdentity", JS_NewCFunction(context, _tf_ssb_getActiveIdentity, "getActiveIdentity", 3)); JS_SetPropertyStr(context, object, "getIdentityInfo", JS_NewCFunction(context, _tf_ssb_getIdentityInfo, "getIdentityInfo", 3)); - JS_SetPropertyStr(context, object, "getMessage", JS_NewCFunction(context, _tf_ssb_getMessage, "getMessage", 2)); JS_SetPropertyStr(context, object, "blobGet", JS_NewCFunction(context, _tf_ssb_blobGet, "blobGet", 1)); JS_SetPropertyStr(context, object, "messageContentGet", JS_NewCFunction(context, _tf_ssb_messageContentGet, "messageContentGet", 1)); JS_SetPropertyStr(context, object, "connections", JS_NewCFunction(context, _tf_ssb_connections, "connections", 0)); From 3a43d6f8ac604c396785118d7700ec430e0b991e Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:03:37 -0400 Subject: [PATCH 02/22] Build fix. --- src/main.c | 106 ++++++++++++++++++++++++++--------------------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/src/main.c b/src/main.c index 9176ac7b..c3812895 100644 --- a/src/main.c +++ b/src/main.c @@ -268,6 +268,59 @@ static int _tf_command_export(const char* file, int argc, char* argv[]) tf_ssb_destroy(ssb); return EXIT_SUCCESS; } + +static int _tf_command_verify(const char* file, int argc, char* argv[]) +{ + const char* identity = NULL; + const char* db_path = k_db_path_default; + bool show_usage = false; + + while (!show_usage) + { + static const struct option k_options[] = { + { "id", required_argument, NULL, 'u' }, + { "db-path", required_argument, NULL, 'd' }, + { "help", no_argument, NULL, 'h' }, + { 0 }, + }; + int c = getopt_long(argc, argv, "i:d:h", k_options, NULL); + if (c == -1) + { + break; + } + + switch (c) + { + case '?': + case 'h': + default: + show_usage = true; + break; + case 'i': + identity = optarg; + break; + case 'd': + db_path = optarg; + break; + } + } + + if (show_usage) + { + tf_printf("\n%s import [options] [paths...]\n\n", file); + tf_printf("options:\n"); + tf_printf(" -i, --identity identity Identity to verify.\n"); + tf_printf(" -d, --db-path db_path SQLite database path (default: %s).\n", k_db_path_default); + tf_printf(" -h, --help Show this usage information.\n"); + return EXIT_FAILURE; + } + + tf_printf("Verifying %s...\n", identity); + tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL); + bool verified = tf_ssb_db_verify(ssb, identity); + tf_ssb_destroy(ssb); + return verified ? EXIT_SUCCESS : EXIT_FAILURE; +} #endif typedef struct tf_run_args_t @@ -591,59 +644,6 @@ static int _tf_command_sandbox(const char* file, int argc, char* argv[]) return EXIT_SUCCESS; } -static int _tf_command_verify(const char* file, int argc, char* argv[]) -{ - const char* identity = NULL; - const char* db_path = k_db_path_default; - bool show_usage = false; - - while (!show_usage) - { - static const struct option k_options[] = { - { "id", required_argument, NULL, 'u' }, - { "db-path", required_argument, NULL, 'd' }, - { "help", no_argument, NULL, 'h' }, - { 0 }, - }; - int c = getopt_long(argc, argv, "i:d:h", k_options, NULL); - if (c == -1) - { - break; - } - - switch (c) - { - case '?': - case 'h': - default: - show_usage = true; - break; - case 'i': - identity = optarg; - break; - case 'd': - db_path = optarg; - break; - } - } - - if (show_usage) - { - tf_printf("\n%s import [options] [paths...]\n\n", file); - tf_printf("options:\n"); - tf_printf(" -i, --identity identity Identity to verify.\n"); - tf_printf(" -d, --db-path db_path SQLite database path (default: %s).\n", k_db_path_default); - tf_printf(" -h, --help Show this usage information.\n"); - return EXIT_FAILURE; - } - - tf_printf("Verifying %s...\n", identity); - tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL); - bool verified = tf_ssb_db_verify(ssb, identity); - tf_ssb_destroy(ssb); - return verified ? EXIT_SUCCESS : EXIT_FAILURE; -} - #if !defined(__ANDROID__) static int _tf_command_usage(const char* file) { From 5e265dfc83ee336ffb4d2a8716e8a344244645df Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:03:56 -0400 Subject: [PATCH 03/22] Make sure the first user can admin. --- tools/autotest.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/autotest.py b/tools/autotest.py index 86320ebb..bcd28680 100755 --- a/tools/autotest.py +++ b/tools/autotest.py @@ -83,6 +83,13 @@ try: driver.switch_to.frame(wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))) id1 = wait.until(expected_conditions.presence_of_element_located((By.TAG_NAME, 'li'))).text.split(' ')[-1] + driver.get('http://localhost:8888/~core/admin/') + wait.until(expected_conditions.presence_of_element_located((By.ID, 'document'))) + driver.switch_to.frame(driver.find_element(By.ID, 'document')) + wait.until(expected_conditions.presence_of_element_located((By.ID, 'gs_room_name'))).send_keys('test room') + wait.until(expected_conditions.presence_of_element_located((By.XPATH, '//*[@id="gs_room_name"]/following-sibling::button'))).click() + driver.switch_to.alert.accept() + driver.get('http://localhost:8888') wait.until(expected_conditions.presence_of_element_located((By.ID, 'document'))) driver.switch_to.frame(driver.find_element(By.ID, 'document')) @@ -106,9 +113,15 @@ try: except: pass - tf_tab_news = wait.until(exists_in_shadow_root(tf_app, By.ID, 'tf-tab-news')).shadow_root - tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'edit').send_keys('Hello, world!') - tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'submit').click() + # WebDriverException (shadow root is detached) + while True: + try: + tf_tab_news = wait.until(exists_in_shadow_root(tf_app, By.ID, 'tf-tab-news')).shadow_root + tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'edit').send_keys('Hello, world!') + tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'submit').click() + break + except: + pass driver.switch_to.default_content() driver.find_element(By.ID, 'allow').click() From 7d9b1b508be92b763b3130af9f3b9bc35106bcf8 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:18:30 -0400 Subject: [PATCH 04/22] Print a little colorful message when we've started about where to connect. Multiple people have pointed out that it's not obvious that it's working. --- src/httpd.js.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/httpd.js.c b/src/httpd.js.c index 1e61606c..961df4a8 100644 --- a/src/httpd.js.c +++ b/src/httpd.js.c @@ -31,6 +31,10 @@ #define tf_countof(a) ((int)(sizeof((a)) / sizeof(*(a)))) +#define CYAN "\e[1;36m" +#define MAGENTA "\e[1;35m" +#define RESET "\e[0m" + const int64_t k_refresh_interval = 1ULL * 7 * 24 * 60 * 60 * 1000; static JSValue _authenticate_jwt(JSContext* context, const char* jwt); @@ -416,6 +420,7 @@ static JSValue _httpd_endpoint_start(JSContext* context, JSValueConst this_val, *listener = (httpd_listener_t) { .context = context, .tls = JS_DupValue(context, argv[1]) }; tf_tls_context_t* tls = tf_tls_context_get(listener->tls); int assigned_port = tf_http_listen(http, port, tls, _httpd_listener_cleanup, listener); + tf_printf(CYAN "~😎 Tilde Friends" RESET " is now up at " MAGENTA "http%s://127.0.0.1:%d/" RESET ".\n", tls ? "s" : "", assigned_port); return JS_NewInt32(context, assigned_port); } From a5004c8ba9d6488457ef1eee2cca687c6d35c88e Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:33:38 -0400 Subject: [PATCH 05/22] Indicate the local server identity. --- apps/ssb.json | 2 +- apps/ssb/tf-tab-connections.js | 5 +++++ deps/libbacktrace | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/ssb.json b/apps/ssb.json index 5df0743d..6148c1ef 100644 --- a/apps/ssb.json +++ b/apps/ssb.json @@ -1,5 +1,5 @@ { "type": "tildefriends-app", "emoji": "🐌", - "previous": "&vEaOZjrNb0u9rhNqrQ8eU9TlOFlo4HsgW6hbI7VdIT0=.sha256" + "previous": "&sqnidhPsKb45FDw4m0/ZeDQgX3qxqw9MReaVP11Xk2M=.sha256" } diff --git a/apps/ssb/tf-tab-connections.js b/apps/ssb/tf-tab-connections.js index 4fad1ff9..468f687c 100644 --- a/apps/ssb/tf-tab-connections.js +++ b/apps/ssb/tf-tab-connections.js @@ -10,6 +10,7 @@ class TfTabConnectionsElement extends LitElement { connections: {type: Array}, stored_connections: {type: Array}, users: {type: Object}, + server_identity: {type: String}, }; } @@ -29,6 +30,9 @@ class TfTabConnectionsElement extends LitElement { tfrpc.rpc.getStoredConnections().then(function (connections) { self.stored_connections = connections || []; }); + tfrpc.rpc.getServerIdentity().then(function (identity) { + self.server_identity = identity; + }); } render_connection_summary(connection) { @@ -179,6 +183,7 @@ class TfTabConnectionsElement extends LitElement { (x) => html`
  • + ${x == this.server_identity ? html`- πŸ–₯local server` : undefined}
  • ` )} diff --git a/deps/libbacktrace b/deps/libbacktrace index 11427f31..7ead8c1e 160000 --- a/deps/libbacktrace +++ b/deps/libbacktrace @@ -1 +1 @@ -Subproject commit 11427f31a64b11583fec94b4c2a265c7dafb1ab3 +Subproject commit 7ead8c1ea2f4aeafe9c5b9ef8a9461a9ba781aa8 From 52962f3a5e5265a06e11478888d24230bd720a1d Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:50:00 -0400 Subject: [PATCH 06/22] Remove the :auth key. We can sign JWTs with :admin, and it's one less magic key. --- src/httpd.js.c | 34 +++++++++++++++------------------- src/ssb.db.c | 2 +- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/httpd.js.c b/src/httpd.js.c index 961df4a8..38798e9b 100644 --- a/src/httpd.js.c +++ b/src/httpd.js.c @@ -1080,7 +1080,7 @@ static JSValue _authenticate_jwt(JSContext* context, const char* jwt) tf_task_t* task = tf_task_get(context); tf_ssb_t* ssb = tf_task_get_ssb(task); char public_key_b64[k_id_base64_len] = { 0 }; - tf_ssb_db_identity_visit(ssb, ":auth", _public_key_visit, public_key_b64); + tf_ssb_db_identity_visit(ssb, ":admin", _public_key_visit, public_key_b64); const char* payload = jwt + dot[0] + 1; size_t payload_length = dot[1] - dot[0] - 1; @@ -1150,15 +1150,12 @@ static void _visit_auth_identity(const char* identity, void* user_data) static bool _get_auth_private_key(tf_ssb_t* ssb, uint8_t* out_private_key) { char id[k_id_base64_len] = { 0 }; - tf_ssb_db_identity_visit(ssb, ":auth", _visit_auth_identity, id); + tf_ssb_db_identity_visit(ssb, ":admin", _visit_auth_identity, id); if (*id) { - return tf_ssb_db_identity_get_private_key(ssb, ":auth", id, out_private_key, crypto_sign_SECRETKEYBYTES); - } - else - { - return tf_ssb_db_identity_create(ssb, ":auth", out_private_key + crypto_sign_PUBLICKEYBYTES, out_private_key); + return tf_ssb_db_identity_get_private_key(ssb, ":admin", id, out_private_key, crypto_sign_SECRETKEYBYTES); } + return false; } static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name) @@ -1167,21 +1164,15 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name) { return NULL; } - uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 }; - if (!_get_auth_private_key(ssb, private_key)) - { - return NULL; - } uv_timespec64_t now = { 0 }; uv_clock_gettime(UV_CLOCK_REALTIME, &now); - JSContext* context = tf_ssb_get_context(ssb); - const char* header_json = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}"; char header_base64[256]; sodium_bin2base64(header_base64, sizeof(header_base64), (uint8_t*)header_json, strlen(header_json), sodium_base64_VARIANT_URLSAFE_NO_PADDING); + JSContext* context = tf_ssb_get_context(ssb); JSValue payload = JS_NewObject(context); JS_SetPropertyStr(context, payload, "name", JS_NewString(context, name)); JS_SetPropertyStr(context, payload, "exp", JS_NewInt64(context, now.tv_sec * 1000 + now.tv_nsec / 1000000LL + k_refresh_interval)); @@ -1196,12 +1187,17 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name) unsigned long long signature_length = 0; char signature_base64[256] = { 0 }; - if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0) + uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 }; + if (_get_auth_private_key(ssb, private_key)) { - sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING); - size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1; - result = tf_malloc(size); - snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64); + if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0) + { + sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING); + size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1; + result = tf_malloc(size); + snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64); + } + sodium_memzero(private_key, sizeof(private_key)); } JS_FreeCString(context, payload_string); diff --git a/src/ssb.db.c b/src/ssb.db.c index 4ab57dcf..eb40e0bb 100644 --- a/src/ssb.db.c +++ b/src/ssb.db.c @@ -163,6 +163,7 @@ void tf_ssb_db_init(tf_ssb_t* ssb) " private_key TEXT UNIQUE" ")"); _tf_ssb_db_exec(db, "CREATE INDEX IF NOT EXISTS identities_user ON identities (user, public_key)"); + _tf_ssb_db_exec(db, "DELETE FROM identities WHERE user = ':auth'"); bool populate_fts = false; if (!_tf_ssb_db_has_rows(db, "PRAGMA table_list('messages_fts')")) @@ -1623,7 +1624,6 @@ bool tf_ssb_db_set_account_password(tf_ssb_t* ssb, const char* name, const char* if (sqlite3_bind_text(statement, 1, name, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, user_string, user_length, NULL) == SQLITE_OK) { result = sqlite3_step(statement) == SQLITE_DONE; - tf_printf("set account password = %d\n", result); } sqlite3_finalize(statement); } From 427ca3f26531e2139a2ba9ff815612e169f78fa5 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 09:58:24 -0400 Subject: [PATCH 07/22] Indicate both the server account and your own accounts in the ssb connections tab. --- apps/ssb.json | 2 +- apps/ssb/tf-tab-connections.js | 12 +++++++++++- deps/libbacktrace | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/apps/ssb.json b/apps/ssb.json index 6148c1ef..cd6d2c70 100644 --- a/apps/ssb.json +++ b/apps/ssb.json @@ -1,5 +1,5 @@ { "type": "tildefriends-app", "emoji": "🐌", - "previous": "&sqnidhPsKb45FDw4m0/ZeDQgX3qxqw9MReaVP11Xk2M=.sha256" + "previous": "&RUQvOmseWyN6C+Ei+rhhWzgQSukoM18VcMeKeo5AxXw=.sha256" } diff --git a/apps/ssb/tf-tab-connections.js b/apps/ssb/tf-tab-connections.js index 468f687c..4b23dad6 100644 --- a/apps/ssb/tf-tab-connections.js +++ b/apps/ssb/tf-tab-connections.js @@ -7,6 +7,7 @@ class TfTabConnectionsElement extends LitElement { return { broadcasts: {type: Array}, identities: {type: Array}, + my_identities: {type: Array}, connections: {type: Array}, stored_connections: {type: Array}, users: {type: Object}, @@ -21,9 +22,13 @@ class TfTabConnectionsElement extends LitElement { let self = this; this.broadcasts = []; this.identities = []; + this.my_identities = []; this.connections = []; this.stored_connections = []; this.users = {}; + tfrpc.rpc.getIdentities().then(function (identities) { + self.my_identities = identities || []; + }); tfrpc.rpc.getAllIdentities().then(function (identities) { self.identities = identities || []; }); @@ -182,8 +187,13 @@ class TfTabConnectionsElement extends LitElement { ${this.identities.map( (x) => html`
  • + ${x == this.server_identity ? + html`πŸ–₯ local server` : + undefined} + ${this.my_identities.indexOf(x) != -1 ? + html`😎 you` : + undefined} - ${x == this.server_identity ? html`- πŸ–₯local server` : undefined}
  • ` )} diff --git a/deps/libbacktrace b/deps/libbacktrace index 7ead8c1e..11427f31 160000 --- a/deps/libbacktrace +++ b/deps/libbacktrace @@ -1 +1 @@ -Subproject commit 7ead8c1ea2f4aeafe9c5b9ef8a9461a9ba781aa8 +Subproject commit 11427f31a64b11583fec94b4c2a265c7dafb1ab3 From ca00c4fb5d1ce57c9b221bcab3058387567e3c21 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 10:23:07 -0400 Subject: [PATCH 08/22] Fix multiple issues getting identity info. --- src/ssb.js.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/ssb.js.c b/src/ssb.js.c index 47e36025..c4c10432 100644 --- a/src/ssb.js.c +++ b/src/ssb.js.c @@ -399,10 +399,11 @@ static void _tf_ssb_getIdentityInfo_visit(const char* identity, void* data) identity_info_work_t* request = data; request->identities = tf_resize_vec(request->identities, (request->count + 1) * sizeof(char*)); request->names = tf_resize_vec(request->names, (request->count + 1) * sizeof(char*)); - request->identities[request->count] = tf_strdup(identity); + char buffer[k_id_base64_len]; + snprintf(buffer, sizeof(buffer), "@%s", identity); + request->identities[request->count] = tf_strdup(buffer); request->names[request->count] = NULL; request->count++; - ; } static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data) @@ -419,8 +420,8 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data) " RANK() OVER (PARTITION BY messages.author ORDER BY messages.sequence DESC) AS author_rank, " " messages.content ->> 'name' AS name " " FROM messages " - " JOIN identities ON messages.author = ids.value " - " WHERE WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) " + " JOIN identities ON messages.author = ('@' || identities.public_key) " + " WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) " "WHERE author_rank = 1 ", -1, &statement, NULL); if (request->result == SQLITE_OK) @@ -428,7 +429,7 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data) if (sqlite3_bind_text(statement, 1, request->name, -1, NULL) == SQLITE_OK) { int r = SQLITE_OK; - while ((r = sqlite3_step(statement)) == SQLITE_OK) + while ((r = sqlite3_step(statement)) == SQLITE_ROW) { for (int i = 0; i < request->count; i++) { @@ -444,6 +445,10 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data) } sqlite3_finalize(statement); } + else + { + tf_printf("prepare failed: %s.\n", sqlite3_errmsg(db)); + } tf_ssb_db_identity_get_active(db, request->name, request->package_owner, request->package_name, request->active_identity, sizeof(request->active_identity)); if (!*request->active_identity && request->count) From 69fccd56d3fcefe80bab04b8e3b881b17fea7b46 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Sat, 11 May 2024 10:40:34 -0400 Subject: [PATCH 09/22] Add a little guidance about how to set your name. It's a common confusion. --- apps/ssb.json | 2 +- apps/ssb/tf-app.js | 1 + apps/ssb/tf-tab-news.js | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/apps/ssb.json b/apps/ssb.json index cd6d2c70..fb77ab2e 100644 --- a/apps/ssb.json +++ b/apps/ssb.json @@ -1,5 +1,5 @@ { "type": "tildefriends-app", "emoji": "🐌", - "previous": "&RUQvOmseWyN6C+Ei+rhhWzgQSukoM18VcMeKeo5AxXw=.sha256" + "previous": "&raSj7ozmSDNGmB6TtjDk7oOiTc33ZN+RrBMASJ2F4cA=.sha256" } diff --git a/apps/ssb/tf-app.js b/apps/ssb/tf-app.js index 7c10b8d8..6a121f45 100644 --- a/apps/ssb/tf-app.js +++ b/apps/ssb/tf-app.js @@ -264,6 +264,7 @@ class TfElement extends LitElement { hash=${this.hash} .unread=${this.unread} @refresh=${() => (this.unread = [])} + ?loading=${this.loading} > `; } else if (this.tab === 'connections') { diff --git a/apps/ssb/tf-tab-news.js b/apps/ssb/tf-tab-news.js index 0a6608bd..bab29339 100644 --- a/apps/ssb/tf-tab-news.js +++ b/apps/ssb/tf-tab-news.js @@ -12,6 +12,7 @@ class TfTabNewsElement extends LitElement { following: {type: Array}, drafts: {type: Object}, expanded: {type: Object}, + loading: {type: Boolean}, }; } @@ -113,6 +114,15 @@ class TfTabNewsElement extends LitElement { .users=${this.users} >` : undefined; + let edit_profile; + if (!this.loading && + this.users[this.whoami]?.name === undefined && + this.hash.substring(1) != this.whoami) { + edit_profile = html` +
    + ℹ️ Follow your identity link ☝️ above to edit your profile and set your name. +
    `; + } return html`