hagrid-keyserver--hagrid/src/web/manage.rs

use rocket;
use rocket::State;
use rocket::request::Form;

use failure::Fallible as Result;

use web::{RequestOrigin, MyResponse, templates::General};
use web::vks_web;
use database::{Database, KeyDatabase, types::Email, types::Fingerprint};
use mail;
use counters;
use rate_limiter::RateLimiter;
use tokens::{self, StatelessSerializable};

#[derive(Debug,Serialize,Deserialize)]
struct StatelessVerifyToken {
   fpr: Fingerprint,
}
impl StatelessSerializable for StatelessVerifyToken {
}

mod templates {
    #[derive(Serialize)]
    pub struct ManageKey {
        pub key_fpr: String,
        pub key_link: String,
        pub base_uri: String,
        pub uid_status: Vec<ManageKeyUidStatus>,
        pub token: String,
        pub commit: String,
        pub version: String,
    }

    #[derive(Serialize)]
    pub struct ManageLinkSent {
        pub address: String,
    }

    #[derive(Serialize)]
    pub struct ManageKeyUidStatus {
       pub address: String,
       pub published: bool,
    }
}

pub mod forms {
    #[derive(FromForm)]
    pub struct ManageRequest {
        pub search_term: String,
    }

    #[derive(FromForm)]
    pub struct ManageDelete {
        pub token: String,
        pub address: String,
    }
}

#[get("/manage")]
pub fn vks_manage() -> Result<MyResponse> {
    Ok(MyResponse::ok("manage/manage", General::default()))
}

#[get("/manage/<token>")]
pub fn vks_manage_key(
   request_origin: RequestOrigin,
   db: State<KeyDatabase>,
   token: String,
   token_service: rocket::State<tokens::Service>,
) -> MyResponse {
    use database::types::Fingerprint;
    use std::convert::TryFrom;
    if let Ok(StatelessVerifyToken { fpr }) = token_service.check(&token) {
        match db.lookup(&database::Query::ByFingerprint(fpr)) {
            Ok(Some(tpk)) => {
                let fp = Fingerprint::try_from(tpk.fingerprint()).unwrap();
                let mut emails: Vec<Email> = tpk.userids()
                    .map(|u| u.userid().to_string().parse::<Email>())
                    .flatten()
                    .collect();
                emails.sort_unstable();
                emails.dedup();
                let uid_status = emails.into_iter().map(|email|
                    templates::ManageKeyUidStatus {
                        address: email.to_string(),
                        published: true,
                    }
                ).collect();
               let key_link = uri!(vks_web::search: fp.to_string()).to_string();
                let context = templates::ManageKey {
                    key_fpr: fp.to_string(),
                    key_link,
                    uid_status,
                    token,
                    base_uri: request_origin.get_base_uri().to_owned(),
                    version: env!("VERGEN_SEMVER").to_string(),
                    commit: env!("VERGEN_SHA_SHORT").to_string(),
                };
                MyResponse::ok("manage/manage_key", context)
            },
            Ok(None) => MyResponse::not_found(
                Some("manage/manage"),
                Some("This link is invalid or expired".to_owned())),
            Err(e) => MyResponse::ise(e),
        }
    } else {
        MyResponse::not_found(
            Some("manage/manage"),
            Some("This link is invalid or expired".to_owned()))
    }
}

#[post("/manage", data="<request>")]
pub fn vks_manage_post(
    db: State<KeyDatabase>,
    request_origin: RequestOrigin,
    mail_service: rocket::State<mail::Service>,
    rate_limiter: rocket::State<RateLimiter>,
    request: Form<forms::ManageRequest>,
    token_service: rocket::State<tokens::Service>,
) -> MyResponse {
    use std::convert::TryInto;

    let email = match request.search_term.parse::<Email>() {
        Ok(email) => email,
        Err(_) => return MyResponse::not_found(
            Some("manage/manage"),
            Some(format!("Malformed email address: {}", request.search_term)))
    };

    let tpk = match db.lookup(&database::Query::ByEmail(email.clone())) {
        Ok(Some(tpk)) => tpk,
        Ok(None) => return MyResponse::not_found(
            Some("manage/manage"),
            Some(format!("No key for address {}", request.search_term))),
        Err(e) => return MyResponse::ise(e),
    };

    let email_exists = tpk.userids()
        .flat_map(|binding| binding.userid().to_string().parse::<Email>())
        .any(|candidate| candidate == email);

    if !email_exists {
        return MyResponse::ise(failure::err_msg("Address check failed!"));
    }

    if !rate_limiter.action_perform(format!("manage-{}", &email)) {
        return MyResponse::not_found(
            Some("manage/manage"),
            Some("A request was already sent for this address recently.".to_owned()));
    }

    let fpr: Fingerprint = tpk.fingerprint().try_into().unwrap();
    let fpr_text = fpr.to_string();
    let token = token_service.create(&StatelessVerifyToken { fpr });
    let link_path = uri!(vks_manage_key: token).to_string();

    let base_uri = request_origin.get_base_uri();
    if let Err(e) = mail_service.send_manage_token(base_uri, fpr_text, &email, &link_path) {
        return MyResponse::ise(e);
    }

    let ctx = templates::ManageLinkSent {
        address: email.to_string(),
    };
    MyResponse::ok("manage/manage_link_sent", ctx)
}

#[post("/manage/unpublish", data="<request>")]
pub fn vks_manage_unpublish(
    request_origin: RequestOrigin,
    db: rocket::State<KeyDatabase>,
    token_service: rocket::State<tokens::Service>,
    request: Form<forms::ManageDelete>,
) -> MyResponse {
    match vks_manage_unpublish_or_fail(request_origin, db, token_service, request) {
        Ok(response) => response,
        Err(e) => MyResponse::ise(e),
    }
}

pub fn vks_manage_unpublish_or_fail(
    request_origin: RequestOrigin,
    db: rocket::State<KeyDatabase>,
    token_service: rocket::State<tokens::Service>,
    request: Form<forms::ManageDelete>,
) -> Result<MyResponse> {
    let verify_token = token_service.check::<StatelessVerifyToken>(&request.token)?;
    let email = request.address.parse::<Email>()?;

    db.set_email_unpublished(&verify_token.fpr, &email)?;
    counters::inc_address_unpublished(&email);

    Ok(vks_manage_key(request_origin, db, request.token.to_owned(), token_service))
}
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`use rocket;`
			`use rocket::State;`
			`use rocket::request::Form;`

			`use failure::Fallible as Result;`

web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`use web::{RequestOrigin, MyResponse, templates::General};`
slightly improve wording in publish dialog 2019-06-12 14:56:21 +00:00			`use web::vks_web;`
allow generic payloads in stateless tokens 2019-05-02 14:56:47 +00:00			`use database::{Database, KeyDatabase, types::Email, types::Fingerprint};`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`use mail;`
prometheus: introduce a couple simple prometheus stats 2019-07-19 18:46:16 +00:00			`use counters;`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`use rate_limiter::RateLimiter;`
use trait for better type safety in stateless tokens 2019-05-02 15:25:48 +00:00			`use tokens::{self, StatelessSerializable};`

			`#[derive(Debug,Serialize,Deserialize)]`
			`struct StatelessVerifyToken {`
			`fpr: Fingerprint,`
			`}`
			`impl StatelessSerializable for StatelessVerifyToken {`
			`}`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00
			`mod templates {`
			`#[derive(Serialize)]`
			`pub struct ManageKey {`
more copy 2019-04-26 21:13:56 +00:00			`pub key_fpr: String,`
			`pub key_link: String,`
template updates for /manage and others 2019-04-26 13:15:54 +00:00			`pub base_uri: String,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`pub uid_status: Vec<ManageKeyUidStatus>,`
			`pub token: String,`
			`pub commit: String,`
			`pub version: String,`
			`}`

			`#[derive(Serialize)]`
			`pub struct ManageLinkSent {`
			`pub address: String,`
			`}`

			`#[derive(Serialize)]`
			`pub struct ManageKeyUidStatus {`
			`pub address: String,`
			`pub published: bool,`
			`}`
			`}`

			`pub mod forms {`
			`#[derive(FromForm)]`
			`pub struct ManageRequest {`
			`pub search_term: String,`
			`}`

			`#[derive(FromForm)]`
			`pub struct ManageDelete {`
			`pub token: String,`
			`pub address: String,`
			`}`
			`}`

move /vks/manage to /manage 2019-04-25 18:04:20 +00:00			`#[get("/manage")]`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`pub fn vks_manage() -> Result<MyResponse> {`
			`Ok(MyResponse::ok("manage/manage", General::default()))`
			`}`

move /vks/manage to /manage 2019-04-25 18:04:20 +00:00			`#[get("/manage/<token>")]`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`pub fn vks_manage_key(`
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`request_origin: RequestOrigin,`
drop polymorphic database abstraction 2019-04-26 22:21:30 +00:00			`db: State<KeyDatabase>,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`token: String,`
			`token_service: rocket::State<tokens::Service>,`
			`) -> MyResponse {`
template updates for /manage and others 2019-04-26 13:15:54 +00:00			`use database::types::Fingerprint;`
			`use std::convert::TryFrom;`
use trait for better type safety in stateless tokens 2019-05-02 15:25:48 +00:00			`if let Ok(StatelessVerifyToken { fpr }) = token_service.check(&token) {`
			`match db.lookup(&database::Query::ByFingerprint(fpr)) {`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`Ok(Some(tpk)) => {`
template updates for /manage and others 2019-04-26 13:15:54 +00:00			`let fp = Fingerprint::try_from(tpk.fingerprint()).unwrap();`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`let mut emails: Vec<Email> = tpk.userids()`
			`.map(\|u\| u.userid().to_string().parse::<Email>())`
			`.flatten()`
			`.collect();`
			`emails.sort_unstable();`
			`emails.dedup();`
			`let uid_status = emails.into_iter().map(\|email\|`
			`templates::ManageKeyUidStatus {`
			`address: email.to_string(),`
			`published: true,`
			`}`
			`).collect();`
slightly improve wording in publish dialog 2019-06-12 14:56:21 +00:00			`let key_link = uri!(vks_web::search: fp.to_string()).to_string();`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`let context = templates::ManageKey {`
more copy 2019-04-26 21:13:56 +00:00			`key_fpr: fp.to_string(),`
slightly improve wording in publish dialog 2019-06-12 14:56:21 +00:00			`key_link,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`uid_status,`
			`token,`
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`base_uri: request_origin.get_base_uri().to_owned(),`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`version: env!("VERGEN_SEMVER").to_string(),`
			`commit: env!("VERGEN_SHA_SHORT").to_string(),`
			`};`
			`MyResponse::ok("manage/manage_key", context)`
			`},`
			`Ok(None) => MyResponse::not_found(`
			`Some("manage/manage"),`
			`Some("This link is invalid or expired".to_owned())),`
			`Err(e) => MyResponse::ise(e),`
			`}`
			`} else {`
use manage template for "expired" error 2019-05-25 12:15:51 +00:00			`MyResponse::not_found(`
			`Some("manage/manage"),`
			`Some("This link is invalid or expired".to_owned()))`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`}`
			`}`

move /vks/manage to /manage 2019-04-25 18:04:20 +00:00			`#[post("/manage", data="<request>")]`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`pub fn vks_manage_post(`
drop polymorphic database abstraction 2019-04-26 22:21:30 +00:00			`db: State<KeyDatabase>,`
mail: use base_uri from RequestOrigin This will cause outgoing emails to contain onion addresses for backlinks to the server, if the request comes via onion service. 2019-06-22 23:39:36 +00:00			`request_origin: RequestOrigin,`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`mail_service: rocket::State<mail::Service>,`
			`rate_limiter: rocket::State<RateLimiter>,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`request: Form<forms::ManageRequest>,`
			`token_service: rocket::State<tokens::Service>,`
			`) -> MyResponse {`
			`use std::convert::TryInto;`

			`let email = match request.search_term.parse::<Email>() {`
			`Ok(email) => email,`
			`Err(_) => return MyResponse::not_found(`
			`Some("manage/manage"),`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`Some(format!("Malformed email address: {}", request.search_term)))`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`};`

			`let tpk = match db.lookup(&database::Query::ByEmail(email.clone())) {`
			`Ok(Some(tpk)) => tpk,`
			`Ok(None) => return MyResponse::not_found(`
			`Some("manage/manage"),`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`Some(format!("No key for address {}", request.search_term))),`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`Err(e) => return MyResponse::ise(e),`
			`};`

rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`let email_exists = tpk.userids()`
			`.flat_map(\|binding\| binding.userid().to_string().parse::<Email>())`
			`.any(\|candidate\| candidate == email);`

			`if !email_exists {`
			`return MyResponse::ise(failure::err_msg("Address check failed!"));`
			`}`

			`if !rate_limiter.action_perform(format!("manage-{}", &email)) {`
			`return MyResponse::not_found(`
			`Some("manage/manage"),`
			`Some("A request was already sent for this address recently.".to_owned()));`
			`}`

allow generic payloads in stateless tokens 2019-05-02 14:56:47 +00:00			`let fpr: Fingerprint = tpk.fingerprint().try_into().unwrap();`
actually add fingerprint to manage mail template 2019-06-06 17:03:47 +00:00			`let fpr_text = fpr.to_string();`
Use JSON API for /vks/v1/upload 2019-05-20 21:17:50 +00:00			`let token = token_service.create(&StatelessVerifyToken { fpr });`
rewrite manage mail 2019-06-06 16:10:47 +00:00			`let link_path = uri!(vks_manage_key: token).to_string();`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00
mail: use base_uri from RequestOrigin This will cause outgoing emails to contain onion addresses for backlinks to the server, if the request comes via onion service. 2019-06-22 23:39:36 +00:00			`let base_uri = request_origin.get_base_uri();`
			`if let Err(e) = mail_service.send_manage_token(base_uri, fpr_text, &email, &link_path) {`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00			`return MyResponse::ise(e);`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`}`
rate limit mails for /manage 2019-05-05 12:58:05 +00:00
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`let ctx = templates::ManageLinkSent {`
			`address: email.to_string(),`
			`};`
			`MyResponse::ok("manage/manage_link_sent", ctx)`
			`}`

move /vks/manage to /manage 2019-04-25 18:04:20 +00:00			`#[post("/manage/unpublish", data="<request>")]`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`pub fn vks_manage_unpublish(`
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`request_origin: RequestOrigin,`
drop polymorphic database abstraction 2019-04-26 22:21:30 +00:00			`db: rocket::State<KeyDatabase>,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`token_service: rocket::State<tokens::Service>,`
			`request: Form<forms::ManageDelete>,`
			`) -> MyResponse {`
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`match vks_manage_unpublish_or_fail(request_origin, db, token_service, request) {`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`Ok(response) => response,`
			`Err(e) => MyResponse::ise(e),`
			`}`
			`}`

			`pub fn vks_manage_unpublish_or_fail(`
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`request_origin: RequestOrigin,`
drop polymorphic database abstraction 2019-04-26 22:21:30 +00:00			`db: rocket::State<KeyDatabase>,`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`token_service: rocket::State<tokens::Service>,`
			`request: Form<forms::ManageDelete>,`
			`) -> Result<MyResponse> {`
use trait for better type safety in stateless tokens 2019-05-02 15:25:48 +00:00			`let verify_token = token_service.check::<StatelessVerifyToken>(&request.token)?;`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`let email = request.address.parse::<Email>()?;`
prometheus: introduce a couple simple prometheus stats 2019-07-19 18:46:16 +00:00
use trait for better type safety in stateless tokens 2019-05-02 15:25:48 +00:00			`db.set_email_unpublished(&verify_token.fpr, &email)?;`
prometheus: aggregate similar stats using labels 2019-07-20 15:00:02 +00:00			`counters::inc_address_unpublished(&email);`
prometheus: introduce a couple simple prometheus stats 2019-07-19 18:46:16 +00:00
web: use base_uri from RequestOrigin everywhere 2019-06-22 21:25:49 +00:00			`Ok(vks_manage_key(request_origin, db, request.token.to_owned(), token_service))`
(barely) working /manage endpoint 2019-04-05 15:07:40 +00:00			`}`