Merge branch 'main' into tasiaiso-nix

Reviewed-on: cory/tildefriends#58

.gitignore

@@ -8,3 +8,4 @@ out
 *.swo
 *.swp
 .zsign_cache/
+result

apps/admin/index.html

@@ -4,7 +4,8 @@
 		<script>
 			const g_data = $data;
 		</script>
-		<link rel="stylesheet" href="w3.css"></link>
+		<link rel="stylesheet" href="w3.css" />
+		<!-- prettier-ignore -->
 		<style>
 			/* 2018 Valiant Poppy */
 			.w3-theme-l5 {color:#000 !important; background-color:#fbf3f3 !important}

apps/admin/script.js

@@ -42,10 +42,27 @@ window.addEventListener('load', function () {
 		} else if (description.type === 'textarea') {
 			return html`
 				<li class="w3-row">
-					<label class="w3-quarter" for=${'gs_' + key} style="font-weight: bold">${key}</label>
+					<label class="w3-quarter" for=${'gs_' + key} style="font-weight: bold"
+						>${key}</label
+					>
 					<div class="w3-rest w3-padding">${description.description}</div>
-					<textarea class="w3-input" style="vertical-align: top; resize: vertical" id=${'gs_' + key}>${description.value}</textarea>
+					<textarea
-					<button class="w3-button w3-right w3-quarter w3-theme-action" @click=${(e) => global_settings_set(key, e.srcElement.previousElementSibling.value)}>Set</button>
+						class="w3-input"
+						style="vertical-align: top; resize: vertical"
+						id=${'gs_' + key}
+					>
+${description.value}</textarea
+					>
+					<button
+						class="w3-button w3-right w3-quarter w3-theme-action"
+						@click=${(e) =>
+							global_settings_set(
+								key,
+								e.srcElement.previousElementSibling.value
+							)}
+					>
+						Set
+					</button>
 				</li>
 			`;
 		} else {
@@ -61,13 +78,17 @@ window.addEventListener('load', function () {
 	}
 	const user_template = (user, permissions) => html`
 		<li class="w3-card w3-margin">
-			<button class="w3-button w3-theme-action" @click=${(e) => delete_user(user)}>Delete</button>
+			<button
+				class="w3-button w3-theme-action"
+				@click=${(e) => delete_user(user)}
+			>
+				Delete
+			</button>
 			${user}: ${permissions.map((x) => permission_template(x))}
 		</li>
 	`;
 	const users_template = (users) =>
-		html`
+		html` <header class="w3-container w3-theme-l2"><h2>Users</h2></header>
-			<header class="w3-container w3-theme-l2"><h2>Users</h2></header>
 			<ul class="w3-ul">
 				${Object.entries(users).map((u) => user_template(u[0], u[1]))}
 			</ul>`;

apps/identity/app.js

@@ -118,7 +118,9 @@ async function main() {
 			<ul class="w3-ul">` +
 			ids
 				.map(
-						(id) => `<li style="overflow: hidden; text-wrap: nowrap; text-overflow: ellipsis">
+					(
+						id
+					) => `<li style="overflow: hidden; text-wrap: nowrap; text-overflow: ellipsis">
 				<button onclick="handler.export_id(event)" data-id="${id}" class="w3-button w3-theme">Export Identity</button>
 				<button onclick="handler.delete_id(event)" data-id="${id}" class="w3-button w3-theme">Delete Identity</button>
 				${id}

apps/ssb.json

@@ -1,5 +1,5 @@
 {
 	"type": "tildefriends-app",
 	"emoji": "🐌",
-	"previous": "&vEaOZjrNb0u9rhNqrQ8eU9TlOFlo4HsgW6hbI7VdIT0=.sha256"
+	"previous": "&wA6sLaDxtYeFdVCCu8jyhPsGYtGZEjbWQHeGOn0Yifg=.sha256"
 }

apps/ssb/tf-app.js

@@ -264,6 +264,7 @@ class TfElement extends LitElement {
 					hash=${this.hash}
 					.unread=${this.unread}
 					@refresh=${() => (this.unread = [])}
+					?loading=${this.loading}
 				></tf-tab-news>
 			`;
 		} else if (this.tab === 'connections') {
@@ -344,13 +345,15 @@ class TfElement extends LitElement {
 					([k, v]) => html`
 						<button
 							title=${v}
-							class="w3-bar-item w3-padding-large w3-hover-theme tab ${self.tab ==
+							class="w3-bar-item w3-padding w3-hover-theme tab ${self.tab == v
-							v
 								? 'w3-theme-l2'
 								: 'w3-theme-l1'}"
 							@click=${() => self.set_tab(v)}
 						>
 							${k}
+							<span class=${self.tab == v ? '' : 'w3-hide-small'}
+								>${v.charAt(0).toUpperCase() + v.substring(1)}</span
+							>
 						</button>
 					`
 				)}
@@ -358,7 +361,9 @@ class TfElement extends LitElement {
 		`;
 		let contents = !this.loaded
 			? this.loading
-				? html`<div class="w3-panel w3-theme-l5 w3-card-4 w3-padding-large w3-round-xlarge">
+				? html`<div
+							class="w3-panel w3-theme-l5 w3-card-4 w3-padding-large w3-round-xlarge"
+						>
 							Loading...
 						</div>
 						${this.render_tab()}`

apps/ssb/tf-compose.js

@@ -295,14 +295,18 @@ class TfComposeElement extends LitElement {
 				{
 					values: values,
 					selectTemplate: function (item) {
-						return item ? `[@${item.original.key}](${item.original.value})` : undefined;
+						return item
+							? `[@${item.original.key}](${item.original.value})`
+							: undefined;
 					},
 				},
 				{
 					trigger: '&',
 					values: this.autocomplete,
 					selectTemplate: function (item) {
-						return item ? `![${item.original.key}](${item.original.value})` : undefined;
+						return item
+							? `![${item.original.key}](${item.original.value})`
+							: undefined;
 					},
 				},
 			],

apps/ssb/tf-message.js

@@ -247,9 +247,7 @@ ${JSON.stringify(mention, null, 2)}</pre
 		if (mentions.length) {
 			let self = this;
 			return html`
-				<fieldset
+				<fieldset style="padding: 0.5em; border: 1px solid black">
-					style="padding: 0.5em; border: 1px solid black"
-				>
 					<legend>Mentions</legend>
 					${mentions.map((x) => self.render_mention(x))}
 				</fieldset>

apps/ssb/tf-tab-connections.js

@@ -7,9 +7,11 @@ class TfTabConnectionsElement extends LitElement {
 		return {
 			broadcasts: {type: Array},
 			identities: {type: Array},
+			my_identities: {type: Array},
 			connections: {type: Array},
 			stored_connections: {type: Array},
 			users: {type: Object},
+			server_identity: {type: String},
 		};
 	}
 
@@ -20,15 +22,22 @@ class TfTabConnectionsElement extends LitElement {
 		let self = this;
 		this.broadcasts = [];
 		this.identities = [];
+		this.my_identities = [];
 		this.connections = [];
 		this.stored_connections = [];
 		this.users = {};
+		tfrpc.rpc.getIdentities().then(function (identities) {
+			self.my_identities = identities || [];
+		});
 		tfrpc.rpc.getAllIdentities().then(function (identities) {
 			self.identities = identities || [];
 		});
 		tfrpc.rpc.getStoredConnections().then(function (connections) {
 			self.stored_connections = connections || [];
 		});
+		tfrpc.rpc.getServerIdentity().then(function (identity) {
+			self.server_identity = identity;
+		});
 	}
 
 	render_connection_summary(connection) {
@@ -96,6 +105,16 @@ class TfTabConnectionsElement extends LitElement {
 	}
 
 	render_connection(connection) {
+		let requests = Object.values(
+			connection.requests.reduce(function (accumulator, value) {
+				let key = `${value.name}:${Math.sign(value.request_number)}`;
+				if (!accumulator[key]) {
+					accumulator[key] = Object.assign({count: 0}, value);
+				}
+				accumulator[key].count++;
+				return accumulator;
+			}, {})
+		);
 		return html`
 			<button
 				class="w3-button w3-theme-d1"
@@ -107,9 +126,20 @@ class TfTabConnectionsElement extends LitElement {
 			${connection.tunnel !== undefined
 				? '🚇'
 				: html`(${connection.host}:${connection.port})`}
-			<div>${connection.requests.map(x => html`
+			<div>
-				<span class="w3-tag w3-small">${x.request_number > 0 ? '🟩' : '🟥'} ${x.name}</span>
+				${requests.map(
-			`)}</div>
+					(x) => html`
+						<span class="w3-tag w3-small"
+							>${x.request_number > 0 ? '🟩' : '🟥'} ${x.name}
+							<span
+								class="w3-badge w3-white"
+								style=${x.count > 1 ? undefined : 'display: none'}
+								>${x.count}</span
+							></span
+						>
+					`
+				)}
+			</div>
 			<ul>
 				${this.connections
 					.filter((x) => x.tunnel === this.connections.indexOf(connection))
@@ -178,6 +208,16 @@ class TfTabConnectionsElement extends LitElement {
 					${this.identities.map(
 						(x) =>
 							html`<li class="w3-bar">
+								${x == this.server_identity
+									? html`<span class="w3-tag w3-medium w3-round w3-theme-l1"
+											>🖥 local server</span
+										>`
+									: undefined}
+								${this.my_identities.indexOf(x) != -1
+									? html`<span class="w3-tag w3-medium w3-round w3-theme-d1"
+											>😎 you</span
+										>`
+									: undefined}
 								<tf-user id=${x} .users=${this.users}></tf-user>
 							</li>`
 					)}

apps/ssb/tf-tab-news.js

@@ -12,6 +12,7 @@ class TfTabNewsElement extends LitElement {
 			following: {type: Array},
 			drafts: {type: Object},
 			expanded: {type: Object},
+			loading: {type: Boolean},
 		};
 	}
 
@@ -113,6 +114,19 @@ class TfTabNewsElement extends LitElement {
 					.users=${this.users}
 				></tf-profile>`
 			: undefined;
+		let edit_profile;
+		if (
+			!this.loading &&
+			this.users[this.whoami]?.name === undefined &&
+			this.hash.substring(1) != this.whoami
+		) {
+			edit_profile = html` <div
+				class="w3-panel w3-padding w3-round w3-card-4 w3-theme-l3"
+			>
+				ℹ️ Follow your identity link ☝️ above to edit your profile and set your
+				name.
+			</div>`;
+		}
 		return html`
 			<p class="w3-bar">
 				<button
@@ -124,6 +138,7 @@ class TfTabNewsElement extends LitElement {
 			</p>
 			<div>
 				Welcome, <tf-user id=${this.whoami} .users=${this.users}></tf-user>!
+				${edit_profile}
 			</div>
 			<div>
 				<tf-compose

apps/ssb/tf-user.js

@@ -19,6 +19,10 @@ class TfUserElement extends LitElement {
 	}
 
 	render() {
+		let image = html`<span
+			class="w3-theme-light w3-circle"
+			style="display: inline-block; width: 2em; height: 2em; text-align: center; line-height: 2em"
+		>?</span>`;
 		let name = this.users?.[this.id]?.name;
 		name =
 			name !== undefined
@@ -26,22 +30,21 @@ class TfUserElement extends LitElement {
 				: html`<a target="_top" href=${'#' + this.id}>${this.id}</a>`;
 
 		if (this.users[this.id]) {
-			let image = this.users[this.id].image;
+			let image_link = this.users[this.id].image;
-			image = typeof image == 'string' ? image : image?.link;
+			image_link = typeof image_link == 'string' ? image_link : image_link?.link;
-			return html` <div style="display: inline-block; font-weight: bold">
+			if (image_link !== undefined) {
-				<img
+				image = html`<img
-					style="width: 2em; height: 2em; vertical-align: middle; border-radius: 50%"
+					class="w3-circle"
-					?hidden=${image === undefined}
+					style="width: 2em; height: 2em; vertical-align: middle"
-					src="${image ? '/' + image + '/view' : undefined}"
+					src="/${image_link}/view"
-				/>
+				/>`;
-				${name}
-			</div>`;
-		} else {
-			return html` <div style="display: inline-block; font-weight: bold">
-				${name}
-			</div>`;
 			}
 		}
+		return html` <div style="display: inline-block; font-weight: bold">
+			${image}
+			${name}
+		</div>`;
+	}
 }
 
 customElements.define('tf-user', TfUserElement);

default.nix

@@ -0,0 +1,48 @@
+{
+  pkgs ? import <nixpkgs> {},
+  lib ? import <nixpkgs/lib>,
+}:
+pkgs.stdenv.mkDerivation rec {
+  pname = "tildefriends";
+  version = "0.0.19";
+
+  src = pkgs.fetchFromGitea {
+    domain = "dev.tildefriends.net";
+    owner = "cory";
+    repo = "tildefriends";
+    # rev = "v${version}";
+    rev = "47838d5e482cb4aac40190fa0414f08b8cf94d40";
+    hash = "sha256-mb5KYvWPIqgV64FOaXKHm2ownBJiiSRtdH8+YWiXwvE="; # 47838d5e482cb4aac40190fa0414f08b8cf94d40
+    fetchSubmodules = true;
+  };
+
+  nativeBuildInputs = with pkgs; [
+    gnumake
+    openssl
+    which
+  ];
+
+  buildInputs = with pkgs; [
+    openssl
+    which
+  ];
+
+  buildPhase = ''
+    make -j $NIX_BUILD_CORES release
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -r out/release/tildefriends $out/bin
+  '';
+
+  doCheck = false;
+
+  meta = with pkgs; {
+    homepage = "https://tildefriends.net";
+    description = "Make apps and friends from the comfort of your web browser.";
+    mainProgram = "tildefriends";
+    license = with lib.licenses; [mit];
+    platforms = lib.platforms.all;
+  };
+}

flake.lock

@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1715395895,
+        "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,36 @@
+{
+  description = "Tilde Friends is a platform for making, running, and sharing web applications";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
+        pkgs = import nixpkgs {
+          inherit system;
+        };
+      in rec
+      {
+        # Nix formatter, run using `$ nix fmt`
+        formatter = pkgs.alejandra;
+
+        # Exports the tildefriends package
+        packages.default = pkgs.callPackage ./default.nix {};
+
+        # Creates a shell with the necessary dependencies
+        # Enter using `$ nix develop`
+        devShell = pkgs.mkShell {
+          buildInputs = with pkgs; [
+            openssl
+            llvmPackages_17.clang-unwrapped
+            unzip
+          ];
+        };
+      });
+}

src/httpd.js.c

@@ -31,6 +31,10 @@
 
 #define tf_countof(a) ((int)(sizeof((a)) / sizeof(*(a))))
 
+#define CYAN "\e[1;36m"
+#define MAGENTA "\e[1;35m"
+#define RESET "\e[0m"
+
 const int64_t k_refresh_interval = 1ULL * 7 * 24 * 60 * 60 * 1000;
 
 static JSValue _authenticate_jwt(JSContext* context, const char* jwt);
@@ -416,6 +420,7 @@ static JSValue _httpd_endpoint_start(JSContext* context, JSValueConst this_val,
 	*listener = (httpd_listener_t) { .context = context, .tls = JS_DupValue(context, argv[1]) };
 	tf_tls_context_t* tls = tf_tls_context_get(listener->tls);
 	int assigned_port = tf_http_listen(http, port, tls, _httpd_listener_cleanup, listener);
+	tf_printf(CYAN "~😎 Tilde Friends" RESET " is now up at " MAGENTA "http%s://127.0.0.1:%d/" RESET ".\n", tls ? "s" : "", assigned_port);
 	return JS_NewInt32(context, assigned_port);
 }
 
@@ -1075,7 +1080,7 @@ static JSValue _authenticate_jwt(JSContext* context, const char* jwt)
 	tf_task_t* task = tf_task_get(context);
 	tf_ssb_t* ssb = tf_task_get_ssb(task);
 	char public_key_b64[k_id_base64_len] = { 0 };
-	tf_ssb_db_identity_visit(ssb, ":auth", _public_key_visit, public_key_b64);
+	tf_ssb_db_identity_visit(ssb, ":admin", _public_key_visit, public_key_b64);
 
 	const char* payload = jwt + dot[0] + 1;
 	size_t payload_length = dot[1] - dot[0] - 1;
@@ -1145,15 +1150,12 @@ static void _visit_auth_identity(const char* identity, void* user_data)
 static bool _get_auth_private_key(tf_ssb_t* ssb, uint8_t* out_private_key)
 {
 	char id[k_id_base64_len] = { 0 };
-	tf_ssb_db_identity_visit(ssb, ":auth", _visit_auth_identity, id);
+	tf_ssb_db_identity_visit(ssb, ":admin", _visit_auth_identity, id);
 	if (*id)
 	{
-		return tf_ssb_db_identity_get_private_key(ssb, ":auth", id, out_private_key, crypto_sign_SECRETKEYBYTES);
+		return tf_ssb_db_identity_get_private_key(ssb, ":admin", id, out_private_key, crypto_sign_SECRETKEYBYTES);
-	}
-	else
-	{
-		return tf_ssb_db_identity_create(ssb, ":auth", out_private_key + crypto_sign_PUBLICKEYBYTES, out_private_key);
 	}
+	return false;
 }
 
 static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
@@ -1162,21 +1164,15 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
 	{
 		return NULL;
 	}
-	uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
-	if (!_get_auth_private_key(ssb, private_key))
-	{
-		return NULL;
-	}
 
 	uv_timespec64_t now = { 0 };
 	uv_clock_gettime(UV_CLOCK_REALTIME, &now);
 
-	JSContext* context = tf_ssb_get_context(ssb);
-
 	const char* header_json = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
 	char header_base64[256];
 	sodium_bin2base64(header_base64, sizeof(header_base64), (uint8_t*)header_json, strlen(header_json), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
 
+	JSContext* context = tf_ssb_get_context(ssb);
 	JSValue payload = JS_NewObject(context);
 	JS_SetPropertyStr(context, payload, "name", JS_NewString(context, name));
 	JS_SetPropertyStr(context, payload, "exp", JS_NewInt64(context, now.tv_sec * 1000 + now.tv_nsec / 1000000LL + k_refresh_interval));
@@ -1191,6 +1187,9 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
 	unsigned long long signature_length = 0;
 	char signature_base64[256] = { 0 };
 
+	uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
+	if (_get_auth_private_key(ssb, private_key))
+	{
 		if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
 		{
 			sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
@@ -1198,6 +1197,8 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
 			result = tf_malloc(size);
 			snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
 		}
+		sodium_memzero(private_key, sizeof(private_key));
+	}
 
 	JS_FreeCString(context, payload_string);
 	JS_FreeValue(context, payload_json);

src/main.c

@@ -48,6 +48,7 @@ static int _tf_command_import(const char* file, int argc, char* argv[]);
 static int _tf_command_export(const char* file, int argc, char* argv[]);
 static int _tf_command_run(const char* file, int argc, char* argv[]);
 static int _tf_command_sandbox(const char* file, int argc, char* argv[]);
+static int _tf_command_verify(const char* file, int argc, char* argv[]);
 static int _tf_command_usage(const char* file);
 
 typedef struct _command_t
@@ -62,6 +63,7 @@ const command_t k_commands[] = {
 	{ "sandbox", _tf_command_sandbox, "Run a sandboxed tildefriends sandbox process (used internally)." },
 	{ "import", _tf_command_import, "Import apps to SSB." },
 	{ "export", _tf_command_export, "Export apps from SSB." },
+	{ "verify", _tf_command_verify, "Verify a feed." },
 	{ "test", _tf_command_test, "Test SSB." },
 };
 
@@ -266,6 +268,59 @@ static int _tf_command_export(const char* file, int argc, char* argv[])
 	tf_ssb_destroy(ssb);
 	return EXIT_SUCCESS;
 }
+
+static int _tf_command_verify(const char* file, int argc, char* argv[])
+{
+	const char* identity = NULL;
+	const char* db_path = k_db_path_default;
+	bool show_usage = false;
+
+	while (!show_usage)
+	{
+		static const struct option k_options[] = {
+			{ "id", required_argument, NULL, 'u' },
+			{ "db-path", required_argument, NULL, 'd' },
+			{ "help", no_argument, NULL, 'h' },
+			{ 0 },
+		};
+		int c = getopt_long(argc, argv, "i:d:h", k_options, NULL);
+		if (c == -1)
+		{
+			break;
+		}
+
+		switch (c)
+		{
+		case '?':
+		case 'h':
+		default:
+			show_usage = true;
+			break;
+		case 'i':
+			identity = optarg;
+			break;
+		case 'd':
+			db_path = optarg;
+			break;
+		}
+	}
+
+	if (show_usage)
+	{
+		tf_printf("\n%s import [options] [paths...]\n\n", file);
+		tf_printf("options:\n");
+		tf_printf("  -i, --identity identity  Identity to verify.\n");
+		tf_printf("  -d, --db-path db_path    SQLite database path (default: %s).\n", k_db_path_default);
+		tf_printf("  -h, --help               Show this usage information.\n");
+		return EXIT_FAILURE;
+	}
+
+	tf_printf("Verifying %s...\n", identity);
+	tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL);
+	bool verified = tf_ssb_db_verify(ssb, identity);
+	tf_ssb_destroy(ssb);
+	return verified ? EXIT_SUCCESS : EXIT_FAILURE;
+}
 #endif
 
 typedef struct tf_run_args_t

src/ssb.c

@@ -1019,7 +1019,18 @@ static bool _tf_ssb_verify_and_strip_signature_internal(JSContext* context, JSVa
 
 bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* out_id, size_t out_id_size, char* out_signature, size_t out_signature_size, int* out_flags)
 {
-	if (_tf_ssb_verify_and_strip_signature_internal(context, val, out_id, out_id_size, out_signature, out_signature_size))
+	JSValue reordered = JS_NewObject(context);
+	JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous"));
+	JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author"));
+	JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence"));
+	JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp"));
+	JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash"));
+	JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content"));
+	JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature"));
+	bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
+	JS_FreeValue(context, reordered);
+
+	if (result)
 	{
 		if (out_flags)
 		{
@@ -1027,9 +1038,8 @@ bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* ou
 		}
 		return true;
 	}
-	else
+
-	{
+	reordered = JS_NewObject(context);
-		JSValue reordered = JS_NewObject(context);
 	JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous"));
 	JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence"));
 	JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author"));
@@ -1037,7 +1047,7 @@ bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* ou
 	JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash"));
 	JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content"));
 	JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature"));
-		bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
+	result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
 	JS_FreeValue(context, reordered);
 	if (result)
 	{
@@ -1047,7 +1057,7 @@ bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* ou
 		}
 		return true;
 	}
-	}
+
 	return false;
 }
 
@@ -3608,7 +3618,6 @@ void tf_ssb_verify_strip_and_store_message(tf_ssb_t* ssb, JSValue value, tf_ssb_
 	}
 	else
 	{
-		printf("nope\n");
 		_tf_ssb_verify_strip_and_store_finish(async);
 	}
 }

src/ssb.db.c

@@ -163,6 +163,7 @@ void tf_ssb_db_init(tf_ssb_t* ssb)
 		"  private_key TEXT UNIQUE"
 		")");
 	_tf_ssb_db_exec(db, "CREATE INDEX IF NOT EXISTS identities_user ON identities (user, public_key)");
+	_tf_ssb_db_exec(db, "DELETE FROM identities WHERE user = ':auth'");
 
 	bool populate_fts = false;
 	if (!_tf_ssb_db_has_rows(db, "PRAGMA table_list('messages_fts')"))
@@ -735,12 +736,12 @@ bool tf_ssb_db_blob_store(tf_ssb_t* ssb, const uint8_t* blob, size_t size, char*
 	return result;
 }
 
-bool tf_ssb_db_get_message_by_author_and_sequence(
+bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous,
-	tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content)
+	size_t out_previous_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, size_t out_signature_size, int* out_flags)
 {
 	bool found = false;
 	sqlite3_stmt* statement;
-	const char* query = "SELECT id, timestamp, json(content) FROM messages WHERE author = ?1 AND sequence = ?2";
+	const char* query = "SELECT id, previous, timestamp, json(content), hash, signature, flags FROM messages WHERE author = ?1 AND sequence = ?2";
 	sqlite3* db = tf_ssb_acquire_db_reader(ssb);
 	if (sqlite3_prepare(db, query, -1, &statement, NULL) == SQLITE_OK)
 	{
@@ -748,15 +749,41 @@ bool tf_ssb_db_get_message_by_author_and_sequence(
 		{
 			if (out_message_id)
 			{
-				strncpy(out_message_id, (const char*)sqlite3_column_text(statement, 0), out_message_id_size - 1);
+				snprintf(out_message_id, out_message_id_size, "%s", (const char*)sqlite3_column_text(statement, 0));
+			}
+			if (out_previous)
+			{
+				if (sqlite3_column_type(statement, 1) == SQLITE_NULL)
+				{
+					if (out_previous_size)
+					{
+						*out_previous = '\0';
+					}
+				}
+				else
+				{
+					snprintf(out_previous, out_previous_size, "%s", (const char*)sqlite3_column_text(statement, 1));
+				}
 			}
 			if (out_timestamp)
 			{
-				*out_timestamp = sqlite3_column_double(statement, 1);
+				*out_timestamp = sqlite3_column_double(statement, 2);
 			}
 			if (out_content)
 			{
-				*out_content = tf_strdup((const char*)sqlite3_column_text(statement, 2));
+				*out_content = tf_strdup((const char*)sqlite3_column_text(statement, 3));
+			}
+			if (out_hash)
+			{
+				snprintf(out_hash, out_hash_size, "%s", (const char*)sqlite3_column_text(statement, 4));
+			}
+			if (out_signature)
+			{
+				snprintf(out_signature, out_signature_size, "%s", (const char*)sqlite3_column_text(statement, 5));
+			}
+			if (out_flags)
+			{
+				*out_flags = sqlite3_column_int(statement, 6);
 			}
 			found = true;
 		}
@@ -1634,6 +1661,7 @@ bool tf_ssb_db_register_account(tf_ssb_t* ssb, const char* name, const char* pas
 	{
 		if (sqlite3_bind_text(statement, 1, value, value_length, NULL) == SQLITE_OK)
 		{
+			tf_printf("added user to properties\n");
 			result = sqlite3_step(statement) == SQLITE_DONE;
 		}
 		sqlite3_finalize(statement);
@@ -1784,3 +1812,65 @@ void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callb
 	};
 	tf_ssb_run_work(ssb, _tf_ssb_db_resolve_index_work, _tf_ssb_db_resolve_index_after_work, request);
 }
+
+bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id)
+{
+	JSContext* context = tf_ssb_get_context(ssb);
+	bool verified = true;
+	int64_t sequence = -1;
+	if (tf_ssb_db_get_latest_message_by_author(ssb, id, &sequence, NULL, 0))
+	{
+		for (int64_t i = 1; i <= sequence; i++)
+		{
+			char message_id[k_id_base64_len];
+			char previous[256];
+			double timestamp;
+			char* content = NULL;
+			char hash[32];
+			char signature[256];
+			int flags = 0;
+			if (tf_ssb_db_get_message_by_author_and_sequence(
+					ssb, id, i, message_id, sizeof(message_id), previous, sizeof(previous), &timestamp, &content, hash, sizeof(hash), signature, sizeof(signature), &flags))
+			{
+				JSValue message = tf_ssb_format_message(context, previous, id, i, timestamp, hash, content, signature, flags);
+				char calculated_id[k_id_base64_len];
+				char extracted_signature[256];
+				int calculated_flags = 0;
+				if (!tf_ssb_verify_and_strip_signature(context, message, calculated_id, sizeof(calculated_id), extracted_signature, sizeof(extracted_signature), &calculated_flags))
+				{
+					tf_printf("author=%s sequence=%" PRId64 " verify failed.\n", id, i);
+					verified = false;
+				}
+				if (calculated_flags != flags)
+				{
+					tf_printf("author=%s sequence=%" PRId64 " flag mismatch %d => %d.\n", id, i, flags, calculated_flags);
+					verified = false;
+				}
+				if (strcmp(message_id, calculated_id))
+				{
+					tf_printf("author=%s sequence=%" PRId64 " id mismatch %s => %s.\n", id, i, message_id, calculated_id);
+					verified = false;
+				}
+				JS_FreeValue(context, message);
+				tf_free(content);
+
+				if (!verified)
+				{
+					break;
+				}
+			}
+			else
+			{
+				tf_printf("Unable to find message with sequence=%" PRId64 " for author=%s.", i, id);
+				verified = false;
+				break;
+			}
+		}
+	}
+	else
+	{
+		tf_printf("Unable to get latest message for author '%s'.\n", id);
+		verified = false;
+	}
+	return verified;
+}

src/ssb.db.h

@@ -122,12 +122,19 @@ JSValue tf_ssb_db_get_message_by_id(tf_ssb_t* ssb, const char* id, bool is_keys)
 ** @param sequence The message sequence number.
 ** @param[out] out_message_id Populated with the message identifier.
 ** @param out_message_id_size The size of the out_message_id buffer.
+** @param[out] out_previous Populated with the previous message identifier.
+** @param out_previous_size The size of the out_previous buffer.
 ** @param[out] out_timestamp Populated with the timestamp.
 ** @param[out] out_content Populated with the message content.  Free with tf_free().
+** @param[out] out_hash Populated with the message hash format.
+** @param out_hash_size The size of the out_hash buffer.
+** @param[out] out_signature Populated with the message signature.
+** @param out_signature_size The size of the out_signature buffer.
+** @param[out] out_flags Populated with flags describing the format of the message.
 ** @return True if the message was found and retrieved.
 */
-bool tf_ssb_db_get_message_by_author_and_sequence(
+bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous,
-	tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content);
+	size_t out_previous_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, size_t out_signature_size, int* out_flags);
 
 /**
 ** Get information about the last message from an author.
@@ -379,6 +386,14 @@ bool tf_ssb_db_set_property(tf_ssb_t* ssb, const char* id, const char* key, cons
 */
 void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callback)(const char* path, void* user_data), void* user_data);
 
+/**
+** Verify an author's feed.
+** @param ssb The SSB instance.
+** @param id The author'd identity.
+** @return true If the feed verified successfully.
+*/
+bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id);
+
 /**
 ** An SQLite authorizer callback.  See https://www.sqlite.org/c3ref/set_authorizer.html for use.
 ** @param user_data User data registered with the authorizer.

src/ssb.js.c

@@ -399,10 +399,11 @@ static void _tf_ssb_getIdentityInfo_visit(const char* identity, void* data)
 	identity_info_work_t* request = data;
 	request->identities = tf_resize_vec(request->identities, (request->count + 1) * sizeof(char*));
 	request->names = tf_resize_vec(request->names, (request->count + 1) * sizeof(char*));
-	request->identities[request->count] = tf_strdup(identity);
+	char buffer[k_id_base64_len];
+	snprintf(buffer, sizeof(buffer), "@%s", identity);
+	request->identities[request->count] = tf_strdup(buffer);
 	request->names[request->count] = NULL;
 	request->count++;
-	;
 }
 
 static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
@@ -419,8 +420,8 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
 		"		RANK() OVER (PARTITION BY messages.author ORDER BY messages.sequence DESC) AS author_rank, "
 		"		messages.content ->> 'name' AS name "
 		"	FROM messages "
-		"	JOIN identities ON  messages.author = ids.value "
+		"	JOIN identities ON messages.author = ('@' || identities.public_key) "
-		"	WHERE WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) "
+		"	WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) "
 		"WHERE author_rank = 1 ",
 		-1, &statement, NULL);
 	if (request->result == SQLITE_OK)
@@ -428,22 +429,26 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
 		if (sqlite3_bind_text(statement, 1, request->name, -1, NULL) == SQLITE_OK)
 		{
 			int r = SQLITE_OK;
-			while ((r = sqlite3_step(statement)) == SQLITE_OK)
+			while ((r = sqlite3_step(statement)) == SQLITE_ROW)
-			{
-				for (int i = 0; i < request->count; i++)
 			{
 				const char* identity = (const char*)sqlite3_column_text(statement, 0);
 				const char* name = (const char*)sqlite3_column_text(statement, 1);
-					if (strcmp(request->identities[i], identity) == 0 && !request->names[i])
+				for (int i = 0; i < request->count; i++)
+				{
+					if (!request->names[i] && strcmp(request->identities[i], identity) == 0)
 					{
 						request->names[i] = tf_strdup(name);
-					}
 						break;
 					}
 				}
 			}
+		}
 		sqlite3_finalize(statement);
 	}
+	else
+	{
+		tf_printf("prepare failed: %s.\n", sqlite3_errmsg(db));
+	}
 
 	tf_ssb_db_identity_get_active(db, request->name, request->package_owner, request->package_name, request->active_identity, sizeof(request->active_identity));
 	if (!*request->active_identity && request->count)
@@ -576,29 +581,6 @@ static JSValue _tf_ssb_appendMessageWithIdentity(JSContext* context, JSValueCons
 	return result;
 }
 
-static JSValue _tf_ssb_getMessage(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
-{
-	JSValue result = JS_NULL;
-	tf_ssb_t* ssb = JS_GetOpaque(this_val, _tf_ssb_classId);
-	if (ssb)
-	{
-		const char* id = JS_ToCString(context, argv[0]);
-		int64_t sequence = 0;
-		JS_ToInt64(context, &sequence, argv[1]);
-		double timestamp = -1.0;
-		char* contents = NULL;
-		if (tf_ssb_db_get_message_by_author_and_sequence(ssb, id, sequence, NULL, 0, &timestamp, &contents))
-		{
-			result = JS_NewObject(context);
-			JS_SetPropertyStr(context, result, "timestamp", JS_NewFloat64(context, timestamp));
-			JS_SetPropertyStr(context, result, "content", JS_NewString(context, contents));
-			tf_free(contents);
-		}
-		JS_FreeCString(context, id);
-	}
-	return result;
-}
-
 static JSValue _tf_ssb_blobGet(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
 {
 	JSValue result = JS_NULL;
@@ -1891,7 +1873,6 @@ void tf_ssb_register(JSContext* context, tf_ssb_t* ssb)
 	JS_SetPropertyStr(context, object, "getAllIdentities", JS_NewCFunction(context, _tf_ssb_getAllIdentities, "getAllIdentities", 0));
 	JS_SetPropertyStr(context, object, "getActiveIdentity", JS_NewCFunction(context, _tf_ssb_getActiveIdentity, "getActiveIdentity", 3));
 	JS_SetPropertyStr(context, object, "getIdentityInfo", JS_NewCFunction(context, _tf_ssb_getIdentityInfo, "getIdentityInfo", 3));
-	JS_SetPropertyStr(context, object, "getMessage", JS_NewCFunction(context, _tf_ssb_getMessage, "getMessage", 2));
 	JS_SetPropertyStr(context, object, "blobGet", JS_NewCFunction(context, _tf_ssb_blobGet, "blobGet", 1));
 	JS_SetPropertyStr(context, object, "messageContentGet", JS_NewCFunction(context, _tf_ssb_messageContentGet, "messageContentGet", 1));
 	JS_SetPropertyStr(context, object, "connections", JS_NewCFunction(context, _tf_ssb_connections, "connections", 0));

tools/autotest.py

@@ -83,6 +83,13 @@ try:
 	driver.switch_to.frame(wait.until(expected_conditions.presence_of_element_located((By.ID, 'document'))))
 	id1 = wait.until(expected_conditions.presence_of_element_located((By.TAG_NAME, 'li'))).text.split(' ')[-1]
 
+	driver.get('http://localhost:8888/~core/admin/')
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
+	driver.switch_to.frame(driver.find_element(By.ID, 'document'))
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'gs_room_name'))).send_keys('test room')
+	wait.until(expected_conditions.presence_of_element_located((By.XPATH, '//*[@id="gs_room_name"]/following-sibling::button'))).click()
+	driver.switch_to.alert.accept()
+
 	driver.get('http://localhost:8888')
 	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
 	driver.switch_to.frame(driver.find_element(By.ID, 'document'))
@@ -106,9 +113,15 @@ try:
 		except:
 			pass
 
+	# WebDriverException (shadow root is detached)
+	while True:
+		try:
 			tf_tab_news = wait.until(exists_in_shadow_root(tf_app, By.ID, 'tf-tab-news')).shadow_root
 			tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'edit').send_keys('Hello, world!')
 			tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'submit').click()
+			break
+		except:
+			pass
 
 	driver.switch_to.default_content()
 	driver.find_element(By.ID, 'allow').click()