libsodium 1.0.20.

Reviewed-on: cory/tildefriends#62

GNUmakefile

@@ -7,7 +7,7 @@ VERSION_CODE := 19
 VERSION_NUMBER := 0.0.19-wip
 VERSION_NAME := Don't let your loyalty become a burden.
 
-SQLITE_URL := https://www.sqlite.org/2024/sqlite-amalgamation-3450300.zip
+SQLITE_URL := https://www.sqlite.org/2024/sqlite-amalgamation-3460000.zip
 LIBUV_URL := https://dist.libuv.org/dist/v1.48.0/libuv-v1.48.0.tar.gz
 
 PROJECT = tildefriends
@@ -616,7 +616,7 @@ $(IOS_TARGETS) $(IOSSIM_TARGETS): LDFLAGS += \
 
 unix: debug release
 win: windebug winrelease
-all: $(BUILD_TYPES)
+all: $(BUILD_TYPES) default.nix
 .PHONY: all win unix
 
 ALL_APP_OBJS := \
@@ -673,6 +673,10 @@ src/android/AndroidManifest.xml : $(firstword $(MAKEFILE_LIST))
 		-e 's/android:targetSdkVersion="[[:digit:]]*"/android:targetSdkVersion="$(ANDROID_TARGET_SDK_VERSION)"/' \
 		$@
 
+default.nix : $(firstword $(MAKEFILE_LIST))
+	@echo "[version] $@"
+	@sed -i -e 's/version = ".*";/version = "$(VERSION_NUMBER)";/' $@
+
 # Android support.
 out/res/layout_activity_main.xml.flat: src/android/res/layout/activity_main.xml
 	@mkdir -p $(dir $@)
@@ -858,7 +862,7 @@ clean:
 	rm -rf $(BUILD_DIR)
 .PHONY: clean
 
-dist: release-apk iosrelease-ipa $(if $(HAVE_WIN), out/winrelease/tildefriends.standalone.exe)
+dist: release-apk iosrelease-ipa $(if $(HAVE_WIN), out/winrelease/tildefriends.standalone.exe) default.nix
 	@echo [archive] dist/tildefriends-$(VERSION_NUMBER).tar.xz
 	@rm -rf out/tildefriends-$(VERSION_NUMBER)
 	@mkdir -p dist/ out/tildefriends-$(VERSION_NUMBER)

apps/identity/app.js

@@ -78,7 +78,7 @@ async function main() {
 					alert('Successfully created: ' + id);
 					await tfrpc.rpc.reload();
 				} catch (e) {
-					alert('Error creating identity: ' + e);
+					alert('Error creating identity: ' + e.message);
 				}
 			}
 			handler.hide_id = function hide_id(event, element) {

apps/issues/app.js

@@ -67,9 +67,6 @@ tfrpc.register(function getHash(id, message) {
 tfrpc.register(function setHash(hash) {
 	return app.setHash(hash);
 });
-ssb.addEventListener('message', async function (id) {
-	await tfrpc.rpc.notifyNewMessage(id);
-});
 tfrpc.register(async function store_blob(blob) {
 	if (Array.isArray(blob)) {
 		blob = Uint8Array.from(blob);
@@ -91,10 +88,12 @@ tfrpc.register(function getActiveIdentity() {
 tfrpc.register(async function try_decrypt(id, content) {
 	return await ssb.privateMessageDecrypt(id, content);
 });
-ssb.addEventListener('broadcasts', async function () {
+core.register('onMessage', async function (id) {
+	await tfrpc.rpc.notifyNewMessage(id);
+});
+core.register('onBroadcastsChanged', async function () {
 	await tfrpc.rpc.set('broadcasts', await ssb.getBroadcasts());
 });
-
 core.register('onConnectionsChanged', async function () {
 	await tfrpc.rpc.set('connections', await ssb.connections());
 });

apps/journal/app.js

@@ -55,7 +55,7 @@ function new_message() {
 	return g_new_message_promise;
 }
 
-ssb.addEventListener('message', function (id) {
+core.register('onMessage', function (id) {
 	let resolve = g_new_message_resolve;
 	g_new_message_promise = new Promise(function (resolve, reject) {
 		g_new_message_resolve = resolve;

apps/ssb.json

@@ -1,5 +1,5 @@
 {
 	"type": "tildefriends-app",
 	"emoji": "🐌",
-	"previous": "&wA6sLaDxtYeFdVCCu8jyhPsGYtGZEjbWQHeGOn0Yifg=.sha256"
+	"previous": "&YhfwSB0+2jmPcHlxOXN73/81H5VEyQ1MaTJmWZbwqHU=.sha256"
 }

apps/ssb/app.js

@@ -76,7 +76,7 @@ tfrpc.register(function getHash(id, message) {
 tfrpc.register(function setHash(hash) {
 	return app.setHash(hash);
 });
-ssb.addEventListener('message', async function (id) {
+core.register('onMessage', async function (id) {
 	await tfrpc.rpc.notifyNewMessage(id);
 });
 tfrpc.register(async function store_blob(blob) {
@@ -103,7 +103,7 @@ tfrpc.register(async function encrypt(id, recipients, content) {
 tfrpc.register(async function getActiveIdentity() {
 	return await ssb.getActiveIdentity();
 });
-ssb.addEventListener('broadcasts', async function () {
+core.register('onBroadcastsChanged', async function () {
 	await tfrpc.rpc.set('broadcasts', await ssb.getBroadcasts());
 });
 

apps/ssb/tf-message.js

@@ -172,7 +172,7 @@ class TfMessageElement extends LitElement {
 			event.srcElement.classList.contains('img_caption')
 		) {
 			let next = event.srcElement.nextSibling;
-			if (next.style.display == 'block') {
+			if (next.style.display != 'none') {
 				next.style.display = 'none';
 			} else {
 				next.style.display = 'block';

apps/ssb/tf-tab-news.js

@@ -136,7 +136,7 @@ class TfTabNewsElement extends LitElement {
 					${this.new_messages_text()}
 				</button>
 			</p>
-			<div>
+			<div class="w3-bar">
 				Welcome, <tf-user id=${this.whoami} .users=${this.users}></tf-user>!
 				${edit_profile}
 			</div>

apps/ssb/tf-user.js

@@ -22,7 +22,8 @@ class TfUserElement extends LitElement {
 		let image = html`<span
 			class="w3-theme-light w3-circle"
 			style="display: inline-block; width: 2em; height: 2em; text-align: center; line-height: 2em"
-		>?</span>`;
+			>?</span
+		>`;
 		let name = this.users?.[this.id]?.name;
 		name =
 			name !== undefined
@@ -31,7 +32,8 @@ class TfUserElement extends LitElement {
 
 		if (this.users[this.id]) {
 			let image_link = this.users[this.id].image;
-			image_link = typeof image_link == 'string' ? image_link : image_link?.link;
+			image_link =
+				typeof image_link == 'string' ? image_link : image_link?.link;
 			if (image_link !== undefined) {
 				image = html`<img
 					class="w3-circle"
@@ -41,8 +43,7 @@ class TfUserElement extends LitElement {
 			}
 		}
 		return html` <div style="display: inline-block; font-weight: bold">
-			${image}
-			${name}
+			${image} ${name}
 		</div>`;
 	}
 }

apps/wiki/utils.js

@@ -50,7 +50,7 @@ function new_message() {
 	return g_new_message_promise;
 }
 
-ssb.addEventListener('message', function (id) {
+core.register('onMessage', function (id) {
 	let resolve = g_new_message_resolve;
 	g_new_message_promise = new Promise(function (resolve, reject) {
 		g_new_message_resolve = resolve;

core/client.js

@@ -208,7 +208,10 @@ class TfNavigationElement extends LitElement {
 					</div>
 				</div>
 			`;
-		} else {
+		} else if (
+			this.credentials?.session?.name &&
+			this.credentials.session.name !== 'guest'
+		) {
 			return html`
 				<link type="text/css" rel="stylesheet" href="/static/w3.css" />
 				<button

core/core.js

@@ -8,116 +8,6 @@ let gStatsTimer = false;
 const k_content_security_policy =
 	'sandbox allow-downloads allow-top-navigation-by-user-activation';
 
-const k_mime_types = {
-	css: 'text/css',
-	html: 'text/html',
-	js: 'text/javascript',
-	json: 'text/json',
-	map: 'application/json',
-	svg: 'image/svg+xml',
-};
-
-const k_magic_bytes = [
-	{bytes: [0xff, 0xd8, 0xff, 0xdb], type: 'image/jpeg'},
-	{
-		bytes: [
-			0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10, 0x4a, 0x46, 0x49, 0x46, 0x00, 0x01,
-		],
-		type: 'image/jpeg',
-	},
-	{bytes: [0xff, 0xd8, 0xff, 0xee], type: 'image/jpeg'},
-	{
-		bytes: [
-			0xff,
-			0xd8,
-			0xff,
-			0xe1,
-			null,
-			null,
-			0x45,
-			0x78,
-			0x69,
-			0x66,
-			0x00,
-			0x00,
-		],
-		type: 'image/jpeg',
-	},
-	{bytes: [0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a], type: 'image/png'},
-	{bytes: [0x47, 0x49, 0x46, 0x38, 0x37, 0x61], type: 'image/gif'},
-	{bytes: [0x47, 0x49, 0x46, 0x38, 0x39, 0x61], type: 'image/gif'},
-	{
-		bytes: [
-			0x52,
-			0x49,
-			0x46,
-			0x46,
-			null,
-			null,
-			null,
-			null,
-			0x57,
-			0x45,
-			0x42,
-			0x50,
-		],
-		type: 'image/webp',
-	},
-	{bytes: [0x3c, 0x73, 0x76, 0x67], type: 'image/svg+xml'},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x6d,
-			0x70,
-			0x34,
-			0x32,
-		],
-		type: 'audio/mpeg',
-	},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x69,
-			0x73,
-			0x6f,
-			0x6d,
-		],
-		type: 'video/mp4',
-	},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x6d,
-			0x70,
-			0x34,
-			0x32,
-		],
-		type: 'video/mp4',
-	},
-	{bytes: [0x4d, 0x54, 0x68, 0x64], type: 'audio/midi'},
-];
-
 let k_static_files = [
 	{uri: '/', path: 'index.html', type: 'text/html; charset=UTF-8'},
 ];
@@ -577,7 +467,8 @@ async function getProcessBlob(blobId, key, options) {
 				if (
 					process.credentials &&
 					process.credentials.session &&
-					process.credentials.session.name
+					process.credentials.session.name &&
+					process.credentials.session.name !== 'guest'
 				) {
 					let id = ssb.createIdentity(process.credentials.session.name);
 					await process.sendIdentities();
@@ -595,6 +486,8 @@ async function getProcessBlob(blobId, key, options) {
 						]
 					);
 					return id;
+				} else {
+					throw new Error('Must be signed-in to create an account.');
 				}
 			};
 			if (process.credentials?.permissions?.administration) {
@@ -785,6 +678,8 @@ async function getProcessBlob(blobId, key, options) {
 					);
 				}
 			};
+			imports.ssb.addEventListener = undefined;
+			imports.ssb.removeEventListener = undefined;
 			imports.ssb.getIdentityInfo = undefined;
 			imports.fetch = function (url, options) {
 				return http.fetch(url, options, gGlobalSettings.fetch_hosts);
@@ -938,29 +833,6 @@ function startsWithBytes(data, bytes) {
 	}
 }
 
-/**
- * TODOC
- * @param {*} path
- * @returns
- */
-function guessTypeFromName(path) {
-	let extension = path.split('.').pop();
-	return k_mime_types[extension];
-}
-
-/**
- * TODOC
- * @param {*} data
- * @returns
- */
-function guessTypeFromMagicBytes(data) {
-	for (let magic of k_magic_bytes) {
-		if (startsWithBytes(data, magic.bytes)) {
-			return magic.type;
-		}
-	}
-}
-
 /**
  * TODOC
  * @param {*} response
@@ -976,7 +848,9 @@ function sendData(response, data, type, headers, status_code) {
 			Object.assign(
 				{
 					'Content-Type':
-						type || guessTypeFromMagicBytes(data) || 'application/binary',
+						type ||
+						httpd.mime_type_from_magic_bytes(data) ||
+						'application/binary',
 					'Content-Length': data.byteLength,
 				},
 				headers || {}
@@ -1345,7 +1219,9 @@ async function blobHandler(request, response, blobId, uri) {
 					'Content-Security-Policy': k_content_security_policy,
 				};
 				data = await getBlobOrContent(id);
-				let type = guessTypeFromName(uri) || guessTypeFromMagicBytes(data);
+				let type =
+					httpd.mime_type_from_extension(uri) ||
+					httpd.mime_type_from_magic_bytes(data);
 				sendData(response, data, type, headers);
 			}
 		} else {
@@ -1354,6 +1230,10 @@ async function blobHandler(request, response, blobId, uri) {
 	}
 }
 
+ssb.addEventListener('message', function () {
+	broadcastEvent('onMessage', [...arguments]);
+});
+
 ssb.addEventListener('broadcasts', function () {
 	broadcastEvent('onBroadcastsChanged', []);
 });

default.nix

@@ -24,7 +24,7 @@
 }:
 pkgs.stdenv.mkDerivation rec {
   pname = "tildefriends";
-  version = "0.0.19";
+  version = "0.0.19-wip";
 
   src = pkgs.fetchFromGitea {
     domain = "dev.tildefriends.net";

deps/sqlite/sqlite3.h

@@ -146,9 +146,9 @@ extern "C" {
 ** [sqlite3_libversion_number()], [sqlite3_sourceid()],
 ** [sqlite_version()] and [sqlite_source_id()].
 */
-#define SQLITE_VERSION        "3.45.3"
-#define SQLITE_VERSION_NUMBER 3045003
-#define SQLITE_SOURCE_ID      "2024-04-15 13:34:05 8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355"
+#define SQLITE_VERSION        "3.46.0"
+#define SQLITE_VERSION_NUMBER 3046000
+#define SQLITE_SOURCE_ID      "2024-05-23 13:25:27 96c92aba00c8375bc32fafcdf12429c58bd8aabfcadab6683e35bbb9cdebf19e"
 
 /*
 ** CAPI3REF: Run-Time Library Version Numbers
@@ -764,11 +764,11 @@ struct sqlite3_file {
 ** </ul>
 ** xLock() upgrades the database file lock.  In other words, xLock() moves the
 ** database file lock in the direction NONE toward EXCLUSIVE. The argument to
-** xLock() is always on of SHARED, RESERVED, PENDING, or EXCLUSIVE, never
+** xLock() is always one of SHARED, RESERVED, PENDING, or EXCLUSIVE, never
 ** SQLITE_LOCK_NONE.  If the database file lock is already at or above the
 ** requested lock, then the call to xLock() is a no-op.
 ** xUnlock() downgrades the database file lock to either SHARED or NONE.
-*  If the lock is already at or below the requested lock state, then the call
+** If the lock is already at or below the requested lock state, then the call
 ** to xUnlock() is a no-op.
 ** The xCheckReservedLock() method checks whether any database connection,
 ** either in this process or in some other process, is holding a RESERVED,
@@ -3305,8 +3305,8 @@ SQLITE_API int sqlite3_set_authorizer(
 #define SQLITE_RECURSIVE            33   /* NULL            NULL            */
 
 /*
-** CAPI3REF: Tracing And Profiling Functions
-** METHOD: sqlite3
+** CAPI3REF: Deprecated Tracing And Profiling Functions
+** DEPRECATED
 **
 ** These routines are deprecated. Use the [sqlite3_trace_v2()] interface
 ** instead of the routines described here.
@@ -6887,6 +6887,12 @@ SQLITE_API int sqlite3_autovacuum_pages(
 ** The exceptions defined in this paragraph might change in a future
 ** release of SQLite.
 **
+** Whether the update hook is invoked before or after the
+** corresponding change is currently unspecified and may differ
+** depending on the type of change. Do not rely on the order of the
+** hook call with regards to the final result of the operation which
+** triggers the hook.
+**
 ** The update hook implementation must not do anything that will modify
 ** the database connection that invoked the update hook.  Any actions
 ** to modify the database connection must be deferred until after the
@@ -8357,7 +8363,7 @@ SQLITE_API int sqlite3_test_control(int op, ...);
 ** The sqlite3_keyword_count() interface returns the number of distinct
 ** keywords understood by SQLite.
 **
-** The sqlite3_keyword_name(N,Z,L) interface finds the N-th keyword and
+** The sqlite3_keyword_name(N,Z,L) interface finds the 0-based N-th keyword and
 ** makes *Z point to that keyword expressed as UTF8 and writes the number
 ** of bytes in the keyword into *L.  The string that *Z points to is not
 ** zero-terminated.  The sqlite3_keyword_name(N,Z,L) routine returns
@@ -9936,24 +9942,45 @@ SQLITE_API const char *sqlite3_vtab_collation(sqlite3_index_info*,int);
 ** <li value="2"><p>
 ** ^(If the sqlite3_vtab_distinct() interface returns 2, that means
 ** that the query planner does not need the rows returned in any particular
-** order, as long as rows with the same values in all "aOrderBy" columns
-** are adjacent.)^  ^(Furthermore, only a single row for each particular
-** combination of values in the columns identified by the "aOrderBy" field
-** needs to be returned.)^  ^It is always ok for two or more rows with the same
-** values in all "aOrderBy" columns to be returned, as long as all such rows
-** are adjacent.  ^The virtual table may, if it chooses, omit extra rows
-** that have the same value for all columns identified by "aOrderBy".
-** ^However omitting the extra rows is optional.
+** order, as long as rows with the same values in all columns identified
+** by "aOrderBy" are adjacent.)^  ^(Furthermore, when two or more rows
+** contain the same values for all columns identified by "colUsed", all but
+** one such row may optionally be omitted from the result.)^
+** The virtual table is not required to omit rows that are duplicates
+** over the "colUsed" columns, but if the virtual table can do that without
+** too much extra effort, it could potentially help the query to run faster.
 ** This mode is used for a DISTINCT query.
 ** <li value="3"><p>
-** ^(If the sqlite3_vtab_distinct() interface returns 3, that means
-** that the query planner needs only distinct rows but it does need the
-** rows to be sorted.)^ ^The virtual table implementation is free to omit
-** rows that are identical in all aOrderBy columns, if it wants to, but
-** it is not required to omit any rows.  This mode is used for queries
+** ^(If the sqlite3_vtab_distinct() interface returns 3, that means the
+** virtual table must return rows in the order defined by "aOrderBy" as
+** if the sqlite3_vtab_distinct() interface had returned 0.  However if
+** two or more rows in the result have the same values for all columns
+** identified by "colUsed", then all but one such row may optionally be
+** omitted.)^  Like when the return value is 2, the virtual table
+** is not required to omit rows that are duplicates over the "colUsed"
+** columns, but if the virtual table can do that without
+** too much extra effort, it could potentially help the query to run faster.
+** This mode is used for queries
 ** that have both DISTINCT and ORDER BY clauses.
 ** </ol>
 **
+** <p>The following table summarizes the conditions under which the
+** virtual table is allowed to set the "orderByConsumed" flag based on
+** the value returned by sqlite3_vtab_distinct().  This table is a
+** restatement of the previous four paragraphs:
+**
+** <table border=1 cellspacing=0 cellpadding=10 width="90%">
+** <tr>
+** <td valign="top">sqlite3_vtab_distinct() return value
+** <td valign="top">Rows are returned in aOrderBy order
+** <td valign="top">Rows with the same value in all aOrderBy columns are adjacent
+** <td valign="top">Duplicates over all colUsed columns may be omitted
+** <tr><td>0<td>yes<td>yes<td>no
+** <tr><td>1<td>no<td>yes<td>no
+** <tr><td>2<td>no<td>yes<td>yes
+** <tr><td>3<td>yes<td>yes<td>yes
+** </table>
+**
 ** ^For the purposes of comparing virtual table output values to see if the
 ** values are same value for sorting purposes, two NULL values are considered
 ** to be the same.  In other words, the comparison operator is "IS"
@@ -11998,6 +12025,30 @@ SQLITE_API int sqlite3changegroup_schema(sqlite3_changegroup*, sqlite3*, const c
 */
 SQLITE_API int sqlite3changegroup_add(sqlite3_changegroup*, int nData, void *pData);
 
+/*
+** CAPI3REF: Add A Single Change To A Changegroup
+** METHOD: sqlite3_changegroup
+**
+** This function adds the single change currently indicated by the iterator
+** passed as the second argument to the changegroup object. The rules for
+** adding the change are just as described for [sqlite3changegroup_add()].
+**
+** If the change is successfully added to the changegroup, SQLITE_OK is
+** returned. Otherwise, an SQLite error code is returned.
+**
+** The iterator must point to a valid entry when this function is called.
+** If it does not, SQLITE_ERROR is returned and no change is added to the
+** changegroup. Additionally, the iterator must not have been opened with
+** the SQLITE_CHANGESETAPPLY_INVERT flag. In this case SQLITE_ERROR is also
+** returned.
+*/
+SQLITE_API int sqlite3changegroup_add_change(
+  sqlite3_changegroup*,
+  sqlite3_changeset_iter*
+);
+
+
+
 /*
 ** CAPI3REF: Obtain A Composite Changeset From A Changegroup
 ** METHOD: sqlite3_changegroup
@@ -12802,8 +12853,8 @@ struct Fts5PhraseIter {
 ** EXTENSION API FUNCTIONS
 **
 ** xUserData(pFts):
-**   Return a copy of the context pointer the extension function was
-**   registered with.
+**   Return a copy of the pUserData pointer passed to the xCreateFunction()
+**   API when the extension function was registered.
 **
 ** xColumnTotalSize(pFts, iCol, pnToken):
 **   If parameter iCol is less than zero, set output variable *pnToken

flake.lock

@@ -1,61 +1,61 @@
 {
-  "nodes": {
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1715395895,
-        "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
+	"nodes": {
+		"flake-utils": {
+			"inputs": {
+				"systems": "systems"
+			},
+			"locked": {
+				"lastModified": 1710146030,
+				"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+				"owner": "numtide",
+				"repo": "flake-utils",
+				"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+				"type": "github"
+			},
+			"original": {
+				"owner": "numtide",
+				"repo": "flake-utils",
+				"type": "github"
+			}
+		},
+		"nixpkgs": {
+			"locked": {
+				"lastModified": 1715395895,
+				"narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=",
+				"owner": "NixOS",
+				"repo": "nixpkgs",
+				"rev": "71bae31b7dbc335528ca7e96f479ec93462323ff",
+				"type": "github"
+			},
+			"original": {
+				"owner": "NixOS",
+				"ref": "nixos-23.11",
+				"repo": "nixpkgs",
+				"type": "github"
+			}
+		},
+		"root": {
+			"inputs": {
+				"flake-utils": "flake-utils",
+				"nixpkgs": "nixpkgs"
+			}
+		},
+		"systems": {
+			"locked": {
+				"lastModified": 1681028828,
+				"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+				"owner": "nix-systems",
+				"repo": "default",
+				"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+				"type": "github"
+			},
+			"original": {
+				"owner": "nix-systems",
+				"repo": "default",
+				"type": "github"
+			}
+		}
+	},
+	"root": "root",
+	"version": 7
 }

src/httpd.js.c

@@ -498,6 +498,151 @@ static JSValue _httpd_auth_query(JSContext* context, JSValueConst this_val, int
 	return result;
 }
 
+typedef struct _magic_bytes_t
+{
+	const char* type;
+	uint8_t bytes[12];
+	uint8_t ignore[12];
+} magic_bytes_t;
+
+static bool _magic_bytes_match(const magic_bytes_t* magic, const uint8_t* actual, size_t size)
+{
+	if (size < sizeof(magic->bytes))
+	{
+		return false;
+	}
+
+	int length = (int)tf_min(sizeof(magic->bytes), size);
+	for (int i = 0; i < length; i++)
+	{
+		if ((magic->bytes[i] & ~magic->ignore[i]) != (actual[i] & ~magic->ignore[i]))
+		{
+			return false;
+		}
+	}
+	return true;
+}
+
+static JSValue _httpd_mime_type_from_magic_bytes(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
+{
+	JSValue result = JS_UNDEFINED;
+	size_t size = 0;
+	uint8_t* bytes = tf_util_try_get_array_buffer(context, &size, argv[0]);
+	if (bytes)
+	{
+
+		const magic_bytes_t k_magic_bytes[] = {
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xdb },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10, 0x4a, 0x46, 0x49, 0x46, 0x00, 0x01 },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xee },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xe1, 0x00, 0x00, 0x45, 0x78, 0x69, 0x66, 0x00, 0x00 },
+				.ignore = { 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "image/png",
+				.bytes = { 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a },
+			},
+			{
+				.type = "image/gif",
+				.bytes = { 0x47, 0x49, 0x46, 0x38, 0x37, 0x61 },
+			},
+			{
+				.type = "image/gif",
+				.bytes = { 0x47, 0x49, 0x46, 0x38, 0x39, 0x61 },
+			},
+			{
+				.type = "image/webp",
+				.bytes = { 0x52, 0x49, 0x46, 0x46, 0x00, 0x00, 0x00, 0x00, 0x57, 0x45, 0x42, 0x50 },
+				.ignore = { 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "image/svg+xml",
+				.bytes = { 0x3c, 0x73, 0x76, 0x67 },
+			},
+			{
+				.type = "audio/mpeg",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x6d, 0x70, 0x34, 0x32 },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "video/mp4",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x69, 0x73, 0x6f, 0x6d },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "video/mp4",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x6d, 0x70, 0x34, 0x32 },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "audio/midi",
+				.bytes = { 0x4d, 0x54, 0x68, 0x64 },
+			},
+		};
+
+		for (int i = 0; i < tf_countof(k_magic_bytes); i++)
+		{
+			if (_magic_bytes_match(&k_magic_bytes[i], bytes, size))
+			{
+				result = JS_NewString(context, k_magic_bytes[i].type);
+				break;
+			}
+		}
+	}
+	return result;
+}
+
+static const char* _ext_to_content_type(const char* ext, bool use_fallback)
+{
+	if (ext)
+	{
+		typedef struct _ext_type_t
+		{
+			const char* ext;
+			const char* type;
+		} ext_type_t;
+
+		const ext_type_t k_types[] = {
+			{ .ext = ".html", .type = "text/html; charset=UTF-8" },
+			{ .ext = ".js", .type = "text/javascript; charset=UTF-8" },
+			{ .ext = ".mjs", .type = "text/javascript; charset=UTF-8" },
+			{ .ext = ".css", .type = "text/css; charset=UTF-8" },
+			{ .ext = ".png", .type = "image/png" },
+			{ .ext = ".json", .type = "application/json" },
+			{ .ext = ".map", .type = "application/json" },
+			{ .ext = ".svg", .type = "image/svg+xml" },
+		};
+
+		for (int i = 0; i < tf_countof(k_types); i++)
+		{
+			if (strcmp(ext, k_types[i].ext) == 0)
+			{
+				return k_types[i].type;
+			}
+		}
+	}
+	return use_fallback ? "application/binary" : NULL;
+}
+
+static JSValue _httpd_mime_type_from_extension(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
+{
+	const char* name = JS_ToCString(context, argv[0]);
+	const char* type = _ext_to_content_type(strrchr(name, '.'), false);
+	JS_FreeCString(context, name);
+	return type ? JS_NewString(context, type) : JS_UNDEFINED;
+}
+
 static void _httpd_finalizer(JSRuntime* runtime, JSValue value)
 {
 	tf_http_t* http = JS_GetOpaque(value, _httpd_class_id);
@@ -627,30 +772,6 @@ typedef struct _http_file_t
 	char etag[512];
 } http_file_t;
 
-static const char* _ext_to_content_type(const char* ext)
-{
-	if (ext)
-	{
-		if (strcmp(ext, ".html") == 0)
-		{
-			return "text/html; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".js") == 0 || strcmp(ext, ".mjs") == 0)
-		{
-			return "text/javascript; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".css") == 0)
-		{
-			return "text/css; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".png") == 0)
-		{
-			return "image/png";
-		}
-	}
-	return "application/binary";
-}
-
 static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int result, const void* data, void* user_data)
 {
 	http_file_t* file = user_data;
@@ -659,7 +780,7 @@ static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int r
 	{
 		if (strcmp(path, "core/tfrpc.js") == 0)
 		{
-			const char* content_type = _ext_to_content_type(strrchr(path, '.'));
+			const char* content_type = _ext_to_content_type(strrchr(path, '.'), true);
 			const char* headers[] = {
 				"Content-Type",
 				content_type,
@@ -672,7 +793,7 @@ static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int r
 		}
 		else
 		{
-			const char* content_type = _ext_to_content_type(strrchr(path, '.'));
+			const char* content_type = _ext_to_content_type(strrchr(path, '.'), true);
 			const char* headers[] = {
 				"Content-Type",
 				content_type,
@@ -1519,6 +1640,8 @@ void tf_httpd_register(JSContext* context)
 	JS_SetPropertyStr(context, httpd, "start", JS_NewCFunction(context, _httpd_endpoint_start, "start", 2));
 	JS_SetPropertyStr(context, httpd, "set_http_redirect", JS_NewCFunction(context, _httpd_set_http_redirect, "set_http_redirect", 1));
 	JS_SetPropertyStr(context, httpd, "auth_query", JS_NewCFunction(context, _httpd_auth_query, "auth_query", 1));
+	JS_SetPropertyStr(context, httpd, "mime_type_from_magic_bytes", JS_NewCFunction(context, _httpd_mime_type_from_magic_bytes, "mime_type_from_magic_bytes", 1));
+	JS_SetPropertyStr(context, httpd, "mime_type_from_extension", JS_NewCFunction(context, _httpd_mime_type_from_extension, "mime_type_from_extension", 1));
 	JS_SetPropertyStr(context, global, "httpd", httpd);
 	JS_FreeValue(context, global);
 }

src/ssb.c

@@ -342,6 +342,8 @@ typedef struct _tf_ssb_connection_t
 
 	tf_ssb_debug_message_t* debug_messages[k_debug_close_message_count];
 	int ref_count;
+
+	int read_back_pressure;
 } tf_ssb_connection_t;
 
 static JSClassID _connection_class_id;
@@ -1618,6 +1620,7 @@ static void _tf_ssb_connection_rpc_recv(tf_ssb_connection_t* connection, uint8_t
 				}
 				if (!found && !_tf_ssb_name_equals(context, val, (const char*[]) { "Error", NULL }))
 				{
+					tf_ssb_connection_add_request(connection, -request_number, namebuf, NULL, NULL, NULL, NULL);
 					char buffer[256];
 					_tf_ssb_name_to_string(context, val, buffer, sizeof(buffer));
 					tf_ssb_connection_rpc_send_error_method_not_allowed(connection, flags, -request_number, buffer);
@@ -2061,6 +2064,30 @@ static void _tf_ssb_connection_client_send_hello(tf_ssb_connection_t* connection
 	connection->state = k_tf_ssb_state_sent_hello;
 }
 
+static bool _tf_ssb_connection_read_start(tf_ssb_connection_t* connection)
+{
+	int result = uv_read_start((uv_stream_t*)&connection->tcp, _tf_ssb_connection_on_tcp_alloc, _tf_ssb_connection_on_tcp_recv);
+	if (result && result != UV_EALREADY)
+	{
+		tf_printf("uv_read_start => %s\n", uv_strerror(result));
+		_tf_ssb_connection_close(connection, "uv_read_start failed");
+		return false;
+	}
+	return true;
+}
+
+static bool _tf_ssb_connection_read_stop(tf_ssb_connection_t* connection)
+{
+	int result = uv_read_stop((uv_stream_t*)&connection->tcp);
+	if (result && result != UV_EALREADY)
+	{
+		tf_printf("uv_read_stop => %s\n", uv_strerror(result));
+		_tf_ssb_connection_close(connection, "uv_read_stop failed");
+		return false;
+	}
+	return true;
+}
+
 static void _tf_ssb_connection_on_connect(uv_connect_t* connect, int status)
 {
 	tf_ssb_connection_t* connection = connect->data;
@@ -2068,13 +2095,7 @@ static void _tf_ssb_connection_on_connect(uv_connect_t* connect, int status)
 	if (status == 0)
 	{
 		connection->state = k_tf_ssb_state_connected;
-		int result = uv_read_start(connect->handle, _tf_ssb_connection_on_tcp_alloc, _tf_ssb_connection_on_tcp_recv);
-		if (result)
-		{
-			tf_printf("uv_read_start => %s\n", uv_strerror(status));
-			_tf_ssb_connection_close(connection, "uv_read_start failed");
-		}
-		else
+		if (_tf_ssb_connection_read_start(connection))
 		{
 			_tf_ssb_connection_client_send_hello(connection);
 		}
@@ -2565,6 +2586,11 @@ void tf_ssb_destroy(tf_ssb_t* ssb)
 	}
 }
 
+bool tf_ssb_is_shutting_down(tf_ssb_t* ssb)
+{
+	return ssb->shutting_down;
+}
+
 void tf_ssb_run(tf_ssb_t* ssb)
 {
 	uv_run(ssb->loop, UV_RUN_DEFAULT);
@@ -2722,22 +2748,30 @@ typedef struct _connect_t
 static void _tf_on_connect_getaddrinfo(uv_getaddrinfo_t* addrinfo, int result, struct addrinfo* info)
 {
 	connect_t* connect = addrinfo->data;
-	if (result == 0 && info)
+	if (!connect->ssb->shutting_down)
 	{
-		struct sockaddr_in addr = *(struct sockaddr_in*)info->ai_addr;
-		addr.sin_port = htons(connect->port);
-		tf_ssb_connection_create(connect->ssb, connect->host, &addr, connect->key);
+		if (result == 0 && info)
+		{
+			struct sockaddr_in addr = *(struct sockaddr_in*)info->ai_addr;
+			addr.sin_port = htons(connect->port);
+			tf_ssb_connection_create(connect->ssb, connect->host, &addr, connect->key);
+		}
+		else
+		{
+			tf_printf("getaddrinfo(%s) => %s\n", connect->host, uv_strerror(result));
+		}
 	}
-	else
-	{
-		tf_printf("getaddrinfo(%s) => %s\n", connect->host, uv_strerror(result));
-	}
-	tf_free(connect);
 	uv_freeaddrinfo(info);
+	tf_ssb_unref(connect->ssb);
+	tf_free(connect);
 }
 
 void tf_ssb_connect(tf_ssb_t* ssb, const char* host, int port, const uint8_t* key)
 {
+	if (ssb->shutting_down)
+	{
+		return;
+	}
 	connect_t* connect = tf_malloc(sizeof(connect_t));
 	*connect = (connect_t) {
 		.ssb = ssb,
@@ -2749,11 +2783,13 @@ void tf_ssb_connect(tf_ssb_t* ssb, const char* host, int port, const uint8_t* ke
 	tf_ssb_connections_store(ssb->connections_tracker, host, port, id);
 	snprintf(connect->host, sizeof(connect->host), "%s", host);
 	memcpy(connect->key, key, k_id_bin_len);
+	tf_ssb_ref(ssb);
 	int r = uv_getaddrinfo(ssb->loop, &connect->req, _tf_on_connect_getaddrinfo, host, NULL, &(struct addrinfo) { .ai_family = AF_INET });
 	if (r < 0)
 	{
 		tf_printf("uv_getaddrinfo: %s\n", uv_strerror(r));
 		tf_free(connect);
+		tf_ssb_unref(ssb);
 	}
 }
 
@@ -2810,7 +2846,7 @@ static void _tf_ssb_on_connection(uv_stream_t* stream, int status)
 	_tf_ssb_notify_connections_changed(ssb, k_tf_ssb_change_create, connection);
 
 	connection->state = k_tf_ssb_state_server_wait_hello;
-	uv_read_start((uv_stream_t*)&connection->tcp, _tf_ssb_connection_on_tcp_alloc, _tf_ssb_connection_on_tcp_recv);
+	_tf_ssb_connection_read_start(connection);
 }
 
 static void _tf_ssb_send_broadcast(tf_ssb_t* ssb, struct sockaddr_in* address, struct sockaddr_in* netmask)
@@ -4049,3 +4085,26 @@ JSValue tf_ssb_connection_requests_to_object(tf_ssb_connection_t* connection)
 	}
 	return object;
 }
+
+void tf_ssb_connection_adjust_read_backpressure(tf_ssb_connection_t* connection, int delta)
+{
+	const int k_threshold = 256;
+	int old_pressure = connection->read_back_pressure;
+	connection->read_back_pressure += delta;
+	if (!connection->closing)
+	{
+		if (old_pressure < k_threshold && connection->read_back_pressure >= k_threshold)
+		{
+			_tf_ssb_connection_read_stop(connection);
+		}
+		else if (old_pressure >= k_threshold && connection->read_back_pressure < k_threshold)
+		{
+			_tf_ssb_connection_read_start(connection);
+		}
+	}
+	connection->ref_count += delta;
+	if (connection->ref_count == 0 && connection->closing)
+	{
+		_tf_ssb_connection_destroy(connection, "backpressure released");
+	}
+}

src/ssb.connections.c

@@ -86,6 +86,10 @@ typedef struct _tf_ssb_connections_get_next_t
 static void _tf_ssb_connections_get_next_work(tf_ssb_t* ssb, void* user_data)
 {
 	tf_ssb_connections_get_next_t* next = user_data;
+	if (tf_ssb_is_shutting_down(ssb))
+	{
+		return;
+	}
 	next->ready = _tf_ssb_connections_get_next_connection(next->connections, next->host, sizeof(next->host), &next->port, next->key, sizeof(next->key));
 }
 
@@ -159,6 +163,10 @@ typedef struct _tf_ssb_connections_update_t
 static void _tf_ssb_connections_update_work(tf_ssb_t* ssb, void* user_data)
 {
 	tf_ssb_connections_update_t* update = user_data;
+	if (tf_ssb_is_shutting_down(ssb))
+	{
+		return;
+	}
 	sqlite3_stmt* statement;
 	sqlite3* db = tf_ssb_acquire_db_writer(ssb);
 	if (update->attempted)

src/ssb.h

@@ -144,6 +144,13 @@ tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path
 */
 void tf_ssb_destroy(tf_ssb_t* ssb);
 
+/**
+** Checking if the SSB instance is in the process of shutting down.
+** @param ssb The SSB instance.
+** @return true If the SSB instance is shutting down.
+*/
+bool tf_ssb_is_shutting_down(tf_ssb_t* ssb);
+
 /**
 ** Start optional periodic work.
 ** @param ssb The SSB instance.
@@ -989,4 +996,13 @@ void tf_ssb_schedule_work(tf_ssb_t* ssb, int delay_ms, void (*callback)(tf_ssb_t
 */
 bool tf_ssb_hmacsha256_verify(const char* public_key, const void* payload, size_t payload_length, const char* signature, bool signature_is_urlb64);
 
+/**
+** Adjust read backpressure.  If it gets too high, TCP receive will be paused
+** until it lowers.
+** @param connection The connection on which to affect backpressure.
+** @param delta The change in backpressure.  Higher will eventually pause
+** receive.  Lower will resume it.
+*/
+void tf_ssb_connection_adjust_read_backpressure(tf_ssb_connection_t* connection, int delta);
+
 /** @} */

src/ssb.js.c

@@ -1889,7 +1889,7 @@ void tf_ssb_register(JSContext* context, tf_ssb_t* ssb)
 	JS_SetPropertyStr(context, object, "storeMessage", JS_NewCFunction(context, _tf_ssb_storeMessage, "storeMessage", 1));
 	JS_SetPropertyStr(context, object, "blobStore", JS_NewCFunction(context, _tf_ssb_blobStore, "blobStore", 1));
 
-	/* Should be trusted only. */
+	/* Trusted only. */
 	JS_SetPropertyStr(context, object, "addEventListener", JS_NewCFunction(context, _tf_ssb_add_event_listener, "addEventListener", 2));
 	JS_SetPropertyStr(context, object, "removeEventListener", JS_NewCFunction(context, _tf_ssb_remove_event_listener, "removeEventListener", 2));
 

src/ssb.rpc.c

@@ -404,6 +404,7 @@ typedef struct _blobs_get_t
 	bool done;
 	bool storing;
 	tf_ssb_t* ssb;
+	tf_ssb_connection_t* connection;
 	uint8_t buffer[];
 } blobs_get_t;
 
@@ -411,6 +412,7 @@ static void _tf_ssb_rpc_blob_store_callback(const char* id, bool is_new, void* u
 {
 	blobs_get_t* get = user_data;
 	get->storing = false;
+	tf_ssb_connection_adjust_read_backpressure(get->connection, -1);
 	if (get->done)
 	{
 		tf_free(get);
@@ -433,6 +435,7 @@ static void _tf_ssb_rpc_connection_blobs_get_callback(
 		if (JS_ToBool(context, args))
 		{
 			get->storing = true;
+			tf_ssb_connection_adjust_read_backpressure(connection, 1);
 			tf_ssb_db_blob_store_async(ssb, get->buffer, get->received, _tf_ssb_rpc_blob_store_callback, get);
 		}
 		/* TODO: Should we send the response in the callback? */
@@ -455,7 +458,7 @@ static void _tf_ssb_rpc_connection_blobs_get_cleanup(tf_ssb_t* ssb, void* user_d
 static void _tf_ssb_rpc_connection_blobs_get(tf_ssb_connection_t* connection, const char* blob_id, size_t size)
 {
 	blobs_get_t* get = tf_malloc(sizeof(blobs_get_t) + size);
-	*get = (blobs_get_t) { .ssb = tf_ssb_connection_get_ssb(connection), .expected_size = size };
+	*get = (blobs_get_t) { .ssb = tf_ssb_connection_get_ssb(connection), .connection = connection, .expected_size = size };
 	snprintf(get->id, sizeof(get->id), "%s", blob_id);
 	memset(get->buffer, 0, size);
 
@@ -1000,6 +1003,12 @@ static void _tf_ssb_rpc_ebt_replicate_send_messages(tf_ssb_connection_t* connect
 	}
 }
 
+static void _tf_ssb_rpc_ebt_replicate_store_callback(const char* id, bool verified, bool is_new, void* user_data)
+{
+	tf_ssb_connection_t* connection = user_data;
+	tf_ssb_connection_adjust_read_backpressure(connection, -1);
+}
+
 static void _tf_ssb_rpc_ebt_replicate(tf_ssb_connection_t* connection, uint8_t flags, int32_t request_number, JSValue args, const uint8_t* message, size_t size, void* user_data)
 {
 	tf_ssb_t* ssb = tf_ssb_connection_get_ssb(connection);
@@ -1022,7 +1031,8 @@ static void _tf_ssb_rpc_ebt_replicate(tf_ssb_connection_t* connection, uint8_t f
 	if (!JS_IsUndefined(author))
 	{
 		/* Looks like a message. */
-		tf_ssb_verify_strip_and_store_message(ssb, args, NULL, NULL);
+		tf_ssb_connection_adjust_read_backpressure(connection, 1);
+		tf_ssb_verify_strip_and_store_message(ssb, args, _tf_ssb_rpc_ebt_replicate_store_callback, connection);
 	}
 	else
 	{