cory/tildefriends
5
6
Fork 2
Code Issues 28 Pull Requests Actions Releases 39 Wiki Activity

Compare commits

base: cory:b3f095b61fa1fba723c3f80022def1667b64e97e
Branches Tags
cory:main
cory:v0.2025.10 cory:latest_release cory:v0.2025.9 cory:v0.2025.8 cory:v0.0.33 cory:v0.0.32.1 cory:v0.0.32 cory:v0.0.31 cory:v0.0.30 cory:v0.0.29 cory:v0.0.28 cory:v0.0.27.1 cory:v0.0.27 cory:v0.0.26 cory:v0.0.25 cory:v0.0.24 cory:v0.0.23 cory:v0.0.22 cory:v0.0.21.1 cory:v0.0.21 cory:v0.0.20.1 cory:v0.0.20 cory:v0.0.19 cory:v0.0.18 cory:v0.0.17 cory:v0.0.16 cory:v0.0.15 cory:v0.0.14 cory:v0.0.13 cory:v0.0.12 cory:v0.0.11 cory:v0.0.10 cory:v0.0.9 cory:v0.0.8 cory:v0.0.7 cory:v0.0.6 cory:v0.0.5 cory:v0.0.4 cory:v0.0.3 cory:v0.0.2 cory:v0.0.1
...
compare: cory:c1a80e50e7842b8431e88436fdd9a464d3199d54
Branches Tags
cory:main
cory:v0.2025.10 cory:latest_release cory:v0.2025.9 cory:v0.2025.8 cory:v0.0.33 cory:v0.0.32.1 cory:v0.0.32 cory:v0.0.31 cory:v0.0.30 cory:v0.0.29 cory:v0.0.28 cory:v0.0.27.1 cory:v0.0.27 cory:v0.0.26 cory:v0.0.25 cory:v0.0.24 cory:v0.0.23 cory:v0.0.22 cory:v0.0.21.1 cory:v0.0.21 cory:v0.0.20.1 cory:v0.0.20 cory:v0.0.19 cory:v0.0.18 cory:v0.0.17 cory:v0.0.16 cory:v0.0.15 cory:v0.0.14 cory:v0.0.13 cory:v0.0.12 cory:v0.0.11 cory:v0.0.10 cory:v0.0.9 cory:v0.0.8 cory:v0.0.7 cory:v0.0.6 cory:v0.0.5 cory:v0.0.4 cory:v0.0.3 cory:v0.0.2 cory:v0.0.1

2 Commits
b3f095b61f ... c1a80e50e7

Author SHA1 Message Date
Cory McWilliams
c1a80e50e7 Merge branch 'main' of https://dev.tildefriends.net/cory/tildefriends 2024-05-11 09:50:06 -04:00
Cory McWilliams
52962f3a5e Remove the :auth key. We can sign JWTs with :admin, and it's one less magic key. 2024-05-11 09:50:00 -04:00
2 changed files with 16 additions and 20 deletions
Expand all files Collapse all files

34
src/httpd.js.c
View File

@@ -1080,7 +1080,7 @@ static JSValue _authenticate_jwt(JSContext* context, const char* jwt)
tf_task_t* task = tf_task_get(context);
tf_ssb_t* ssb = tf_task_get_ssb(task);
char public_key_b64[k_id_base64_len] = { 0 };
tf_ssb_db_identity_visit(ssb, ":auth", _public_key_visit, public_key_b64);
tf_ssb_db_identity_visit(ssb, ":admin", _public_key_visit, public_key_b64);
const char* payload = jwt + dot[0] + 1;
size_t payload_length = dot[1] - dot[0] - 1;
@@ -1150,15 +1150,12 @@ static void _visit_auth_identity(const char* identity, void* user_data)
static bool _get_auth_private_key(tf_ssb_t* ssb, uint8_t* out_private_key)
{
char id[k_id_base64_len] = { 0 };
tf_ssb_db_identity_visit(ssb, ":auth", _visit_auth_identity, id);
tf_ssb_db_identity_visit(ssb, ":admin", _visit_auth_identity, id);
if (*id)
{
return tf_ssb_db_identity_get_private_key(ssb, ":auth", id, out_private_key, crypto_sign_SECRETKEYBYTES);
}
else
{
return tf_ssb_db_identity_create(ssb, ":auth", out_private_key + crypto_sign_PUBLICKEYBYTES, out_private_key);
return tf_ssb_db_identity_get_private_key(ssb, ":admin", id, out_private_key, crypto_sign_SECRETKEYBYTES);
}
return false;
}
static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
@@ -1167,21 +1164,15 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
{
return NULL;
}
uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
if (!_get_auth_private_key(ssb, private_key))
{
return NULL;
}
uv_timespec64_t now = { 0 };
uv_clock_gettime(UV_CLOCK_REALTIME, &now);
JSContext* context = tf_ssb_get_context(ssb);
const char* header_json = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
char header_base64[256];
sodium_bin2base64(header_base64, sizeof(header_base64), (uint8_t*)header_json, strlen(header_json), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
JSContext* context = tf_ssb_get_context(ssb);
JSValue payload = JS_NewObject(context);
JS_SetPropertyStr(context, payload, "name", JS_NewString(context, name));
JS_SetPropertyStr(context, payload, "exp", JS_NewInt64(context, now.tv_sec * 1000 + now.tv_nsec / 1000000LL + k_refresh_interval));
@@ -1196,12 +1187,17 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
unsigned long long signature_length = 0;
char signature_base64[256] = { 0 };
if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
if (_get_auth_private_key(ssb, private_key))
{
sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1;
result = tf_malloc(size);
snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
{
sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1;
result = tf_malloc(size);
snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
}
sodium_memzero(private_key, sizeof(private_key));
}
JS_FreeCString(context, payload_string);

2
src/ssb.db.c
View File

@@ -163,6 +163,7 @@ void tf_ssb_db_init(tf_ssb_t* ssb)
" private_key TEXT UNIQUE"
")");
_tf_ssb_db_exec(db, "CREATE INDEX IF NOT EXISTS identities_user ON identities (user, public_key)");
_tf_ssb_db_exec(db, "DELETE FROM identities WHERE user = ':auth'");
bool populate_fts = false;
if (!_tf_ssb_db_has_rows(db, "PRAGMA table_list('messages_fts')"))
@@ -1623,7 +1624,6 @@ bool tf_ssb_db_set_account_password(tf_ssb_t* ssb, const char* name, const char*
if (sqlite3_bind_text(statement, 1, name, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, user_string, user_length, NULL) == SQLITE_OK)
{
result = sqlite3_step(statement) == SQLITE_DONE;
tf_printf("set account password = %d\n", result);
}
sqlite3_finalize(statement);
}