lchat/server/main.go

601 lines
17 KiB
Go

package main
import (
"context"
"crypto/ed25519"
"crypto/rand"
"encoding/base64"
"encoding/hex"
"errors"
"fmt"
"os"
"time"
"database/sql"
"encoding/json"
"log/slog"
"net/http"
"github.com/coder/websocket"
"github.com/go-chi/chi/v5"
"github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
_ "github.com/mattn/go-sqlite3"
)
func verifyJwt(token string, publicKey ed25519.PublicKey) (jwt.MapClaims, bool) {
parsedToken, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
return publicKey, nil
}, jwt.WithValidMethods([]string{"EdDSA"}))
if err != nil {
return nil, false
}
if !parsedToken.Valid {
return nil, false
}
claims, ok := parsedToken.Claims.(jwt.MapClaims)
if !ok {
return nil, false
}
return claims, true
}
func renderJSON(data interface{}, w http.ResponseWriter) {
w.Header().Set("Content-Type", "application/json")
err := json.NewEncoder(w).Encode(data)
if err != nil {
http.Error(w, "Internal server error", 500)
slog.Error("Failed to encode JSON: " + err.Error())
return
}
}
//goland:noinspection SqlNoDataSourceInspection,GoDfaErrorMayBeNotNil,GoDfaNilDereference
func main() {
var publicKey ed25519.PublicKey
var privateKey ed25519.PrivateKey
privateKey, err := os.ReadFile("key.pem")
if err != nil {
if errors.Is(err, os.ErrNotExist) {
publicKey, privateKey, err = ed25519.GenerateKey(nil)
if err != nil {
slog.Error("Failed to generate private key: " + err.Error())
os.Exit(1)
}
err = os.WriteFile("key.pem", privateKey, 0600)
if err != nil {
slog.Error("Failed to write private key: " + err.Error())
os.Exit(1)
}
} else {
slog.Error("Failed to read private key: " + err.Error())
os.Exit(1)
}
} else {
publicKey = privateKey.Public().(ed25519.PublicKey)
}
conn, err := sql.Open("sqlite3", "database.db")
if err != nil || conn == nil {
slog.Error("Failed to open database: " + err.Error())
os.Exit(1)
}
_, err = conn.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB NOT NULL PRIMARY KEY, username TEXT NOT NULL UNIQUE, publicKey BLOB NOT NULL, administrator INTEGER NOT NULL DEFAULT 0 CHECK(administrator IN (0, 1)))")
if err != nil {
slog.Error("Failed to create users table: " + err.Error())
os.Exit(1)
}
_, err = conn.Exec("CREATE TABLE IF NOT EXISTS invites (code BLOB NOT NULL UNIQUE, uses INTEGER NOT NULL)")
if err != nil {
slog.Error("Failed to create invites table: " + err.Error())
os.Exit(1)
}
_, err = conn.Exec("CREATE TABLE IF NOT EXISTS messages (sender BLOB NOT NULL, senderName TEXT NOT NULL, message TEXT NOT NULL, sent INTEGER NOT NULL, id BLOB NOT NULL PRIMARY KEY)")
if err != nil {
slog.Error("Failed to create messages table: " + err.Error())
os.Exit(1)
}
router := chi.NewRouter()
subscriptions := make(map[time.Time]chan bool)
router.Post("/api/signup", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Username string `json:"username"`
PublicKey string `json:"publicKey"`
Invite string `json:"invite"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
if data.Username == "" || data.PublicKey == "" || data.Invite == "" {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
inviteBytes, err := hex.DecodeString(data.Invite)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid invite"}, w)
return
}
var uses int
err = conn.QueryRow("SELECT uses FROM invites WHERE code = ?", inviteBytes).Scan(&uses)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid invite"}, w)
return
}
_, err = conn.Exec("UPDATE invites SET uses = uses - 1 WHERE code = ?", inviteBytes)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to update invite: " + err.Error())
return
}
if uses-1 <= 0 {
_, err := conn.Exec("DELETE FROM invites WHERE uses <= 0")
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to delete invite: " + err.Error())
return
}
if uses <= 0 {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid invite"}, w)
return
}
}
userId, err := uuid.NewRandom()
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate UUID: " + err.Error())
return
}
publicKeyBytes, err := base64.StdEncoding.DecodeString(data.PublicKey)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid public key"}, w)
return
}
_, err = conn.Exec("INSERT INTO users (id, username, publicKey) VALUES (?, ?, ?)", userId, data.Username, publicKeyBytes)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Username already taken"}, w)
return
}
var nonce [32]byte
read, err := rand.Read(nonce[:])
if err != nil || read != 32 {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate nonce: " + err.Error())
return
}
token, err := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
"sub": userId.String(),
"name": data.Username,
"exp": time.Now().Add(time.Hour * 24).Unix(),
"nonce": base64.StdEncoding.EncodeToString(nonce[:]),
}).SignedString(privateKey)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to sign token: " + err.Error())
return
}
w.WriteHeader(http.StatusOK)
renderJSON(map[string]interface{}{"token": token, "userId": userId.String()}, w)
})
router.Post("/api/loginChallenge", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Username string `json:"username"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
var nonce [32]byte
read, err := rand.Read(nonce[:])
if err != nil || read != 32 {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate nonce: " + err.Error())
return
}
token, err := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
"sub": data.Username,
"exp": time.Now().Add(time.Second * 20).Unix(),
"nonce": base64.StdEncoding.EncodeToString(nonce[:]),
}).SignedString(privateKey)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to sign token: " + err.Error())
return
}
w.WriteHeader(http.StatusOK)
renderJSON(map[string]interface{}{"token": token, "nonce": base64.StdEncoding.EncodeToString(nonce[:])}, w)
})
router.Post("/api/login", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Username string `json:"username"`
Signature string `json:"signature"`
Challenge string `json:"challenge"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
claims, ok := verifyJwt(data.Challenge, publicKey)
if !ok {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid challenge"}, w)
return
}
nonce, err := base64.StdEncoding.DecodeString(claims["nonce"].(string))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid challenge"}, w)
return
}
signature, err := base64.StdEncoding.DecodeString(data.Signature)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid signature"}, w)
return
}
var userKey []byte
err = conn.QueryRow("SELECT publicKey FROM users WHERE username = ?", data.Username).Scan(&userKey)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
fmt.Println(err.Error())
renderJSON(map[string]interface{}{"error": "Invalid username"}, w)
return
}
if !ed25519.Verify(userKey, nonce, signature) {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid signature"}, w)
return
}
var userId uuid.UUID
err = conn.QueryRow("SELECT id FROM users WHERE username = ?", data.Username).Scan(&userId)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid username"}, w)
return
}
var loginNonce [32]byte
read, err := rand.Read(loginNonce[:])
if err != nil || read != 32 {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate nonce: " + err.Error())
return
}
token, err := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
"sub": userId.String(),
"name": data.Username,
"exp": time.Now().Add(time.Hour * 24).Unix(),
"nonce": base64.StdEncoding.EncodeToString(loginNonce[:]),
}).SignedString(privateKey)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to sign token: " + err.Error())
return
}
w.WriteHeader(http.StatusOK)
renderJSON(map[string]interface{}{"token": token, "userId": userId.String()}, w)
})
router.Post("/api/invite", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Token string `json:"token"`
Uses float64 `json:"uses"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
claims, ok := verifyJwt(data.Token, publicKey)
if !ok {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
userId, err := uuid.Parse(claims["sub"].(string))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
var admin bool
err = conn.QueryRow("SELECT administrator FROM users WHERE id = ?", userId).Scan(&admin)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
if !admin {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
var code [8]byte
read, err := rand.Read(code[:])
if err != nil || read != 8 {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate code: " + err.Error())
return
}
_, err = conn.Exec("INSERT INTO invites (code, uses) VALUES (?, ?)", code[:], data.Uses)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to insert invite: " + err.Error())
return
}
w.WriteHeader(http.StatusOK)
renderJSON(map[string]interface{}{"code": hex.EncodeToString(code[:])}, w)
})
router.Post("/api/messages", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Token string `json:"token"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
_, ok := verifyJwt(data.Token, publicKey)
if !ok {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
var messages []map[string]interface{}
rows, err := conn.Query("SELECT sender, senderName, message, sent, id FROM messages ORDER BY sent ASC")
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to select messages: " + err.Error())
return
}
for rows.Next() {
var sender uuid.UUID
var senderName string
var message string
var sent float64
var id uuid.UUID
err = rows.Scan(&sender, &senderName, &message, &sent, &id)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to scan message: " + err.Error())
return
}
messages = append(messages, map[string]interface{}{
"sender": sender.String(),
"name": senderName,
"message": message,
"sent": sent,
"id": id.String(),
})
}
w.WriteHeader(http.StatusOK)
renderJSON(messages, w)
})
router.Post("/api/send", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Token string `json:"token"`
Message string `json:"message"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
claims, ok := verifyJwt(data.Token, publicKey)
if !ok {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
userId, err := uuid.Parse(claims["sub"].(string))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
messageId, err := uuid.NewRandom()
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to generate UUID: " + err.Error())
return
}
_, err = conn.Exec("INSERT INTO messages (sender, message, sent, id, senderName) VALUES (?, ?, ?, ?, ?)", userId, data.Message, time.Now().Unix(), messageId, claims["name"])
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to insert message: " + err.Error())
return
}
go func() {
for subscriptionId, subscription := range subscriptions {
select {
case subscription <- false:
default:
subscriptions[subscriptionId] = nil
}
}
}()
w.WriteHeader(http.StatusOK)
renderJSON(map[string]interface{}{"id": messageId.String()}, w)
})
router.Post("/api/delete", func(w http.ResponseWriter, r *http.Request) {
var data struct {
Token string `json:"token"`
Id string `json:"id"`
}
err := json.NewDecoder(r.Body).Decode(&data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid request"}, w)
return
}
claims, ok := verifyJwt(data.Token, publicKey)
if !ok {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
userId, err := uuid.Parse(claims["sub"].(string))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid token"}, w)
return
}
messageId, err := uuid.Parse(data.Id)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
renderJSON(map[string]interface{}{"error": "Invalid message ID"}, w)
return
}
_, err = conn.Exec("DELETE FROM messages WHERE sender = ? AND id = ?", userId, messageId)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
renderJSON(map[string]interface{}{"error": "Internal server error"}, w)
slog.Error("Failed to delete message: " + err.Error())
return
}
go func() {
for subscriptionId, subscription := range subscriptions {
select {
case subscription <- false:
default:
subscriptions[subscriptionId] = nil
}
}
}()
w.WriteHeader(http.StatusOK)
})
router.HandleFunc("/api/ping", func(w http.ResponseWriter, r *http.Request) {
slog.Info("New client online at " + r.RemoteAddr)
r.Host = "example.org"
r.Header.Set("Origin", "https://example.org")
connection, err := websocket.Accept(w, r, nil)
if err != nil {
slog.Error("Failed to accept WebSocket connection: " + err.Error())
return
}
subscriptionId := time.Now()
subscription := make(chan bool)
subscriptions[subscriptionId] = subscription
go func() {
for {
shouldClose := <-subscription
if shouldClose {
return
} else {
err := connection.Write(context.Background(), websocket.MessageBinary, []byte{0x00})
if err != nil {
println(err.Error())
slog.Info("Client disconnected: " + r.RemoteAddr)
subscriptions[subscriptionId] = nil
return
}
}
}
}()
})
err = http.ListenAndServe(":1974", router)
if err != nil {
slog.Error("Failed to start server: " + err.Error())
os.Exit(1)
}
}