Merge pull request #1 from jagerman/elsa

Elsa

Author: jagerman

CMakeLists.txt

@@ -15,7 +15,7 @@ endif()
 
 project(spns)
 
-set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 set(CMAKE_CXX_EXTENSIONS OFF)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)

README.md

@@ -87,7 +87,7 @@ to be installed:
 - python3-uwsgidecorators
 - python3-coloredlogs
 - python3-oxenmq (available in our repository)
-- python3-pyonionreq (available in our repository)
+- python3-session-util (available in our repository)
 
 ### Just give me some stuff to blindly copy and paste!
 
@@ -97,7 +97,7 @@ Okay here you go (for a recent Ubuntu or Debian installation):
     echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list
     sudo apt update
     sudo apt install cmake g++ lib{sodium,oxenmq,oxenc,systemd,pq}-dev nlohmann-json3-dev \
-        python3 python3-{systemd,flask,uwsgidecorators,coloredlogs,oxenmq,pyonionreq} \
+        python3 python3-{systemd,flask,uwsgidecorators,coloredlogs,oxenmq,session-util} \
         uwsgi-plugin-python3 uwsgi-emperor
 ```
 

libpqxx

@@ -47,6 +47,9 @@ struct is_bytes_impl {
 template <typename T>
 inline constexpr bool is_bytes = decltype(is_bytes_impl::check(static_cast<T*>(nullptr)))::value;
 
+template <typename T>
+concept bytes_subtype = is_bytes<T>;
+
 struct AccountID : bytes<33> {};
 struct Ed25519PK : bytes<32> {};
 struct X25519PK : bytes<32> {};

oxen-logging

@@ -912,8 +912,9 @@ void HiveMind::log_stats(std::string_view pre_cmd) {
             total_notifies,
             pushes_processed_.load());
 
-    auto sd_format = pre_cmd.empty() ? "STATUS={1}" : "{0}\nSTATUS={1}";
-    sd_notify(0, fmt::format(sd_format, pre_cmd, stat_line).c_str());
+    auto sd_out = pre_cmd.empty() ? "STATUS={}"_format(stat_line)
+                                  : "{}\nSTATUS={}"_format(pre_cmd, stat_line);
+    sd_notify(0, sd_out.c_str());
 
     if (auto now = std::chrono::steady_clock::now(); now - last_stats_logged >= 4min + 55s) {
         log::info(stats, "Status: {}", stat_line);
@@ -1049,12 +1050,7 @@ void HiveMind::on_notifier_validation(
         response["message"] = std::move(message);
 
     sub_json_set_one_response(
-        std::move(replier),
-        final_response,
-        i,
-        remaining,
-        multi,
-        std::move(response));
+            std::move(replier), final_response, i, remaining, multi, std::move(response));
 }
 
 std::tuple<SwarmPubkey, std::optional<Subaccount>, int64_t, Signature, std::string, nlohmann::json>
@@ -1667,8 +1663,8 @@ SELECT
     ARRAY(SELECT namespace FROM sub_namespaces WHERE subscription = id ORDER BY namespace)
 FROM subscriptions
 WHERE
-    account = {} AND service = {} AND svcid = {})"_format(
-                    tx.quote(pubkey.id), tx.quote(service), tx.quote(service_id)));
+    account = $1 AND service = $2 AND svcid = $3)",
+            {pubkey.id, service, service_id});
     int64_t id;
     if (result) {
         auto& [row_id, sig_ts, ns_arr] = *result;

spns/bytes.hpp

@@ -4,15 +4,12 @@
 
 from . import config
 from .web import app
-
 from .subrequest import make_subrequest
 
-import pyonionreq
-
-_junk_parser = pyonionreq.junk.Parser(
-    privkey=config.PRIVKEYS["onionreq"].encode(), pubkey=config.PUBKEYS["onionreq"].encode()
-)
+from session_util.onionreq import OnionReqParser
 
+onion_privkey_bytes = config.PRIVKEYS["onionreq"].encode()
+onion_pubkey_bytes = config.PUBKEYS["onionreq"].encode()
 
 def bencode_consume_string(body: memoryview) -> Tuple[memoryview, memoryview]:
     """
@@ -35,6 +32,64 @@ def bencode_consume_string(body: memoryview) -> Tuple[memoryview, memoryview]:
 
 
 def handle_v4_onionreq_plaintext(body):
+    try:
+        if not (body.startswith(b'l') and body.endswith(b'e')):
+            raise RuntimeError("Invalid onion request body: expected bencoded list")
+
+        belems = memoryview(body)[1:-1]
+
+        # Metadata json; this element is always required:
+        meta, belems = bencode_consume_string(belems)
+
+        meta = json.loads(meta.tobytes())
+
+        # Then we can have a second optional string containing the body:
+        if len(belems) > 1:
+            subreq_body, belems = bencode_consume_string(belems)
+            if len(belems):
+                raise RuntimeError("Invalid v4 onion request: found more than 2 parts")
+        else:
+            subreq_body = b''
+
+        method, endpoint = meta['method'], meta['endpoint']
+        if not endpoint.startswith('/'):
+            raise RuntimeError("Invalid v4 onion request: endpoint must start with /")
+
+        response, headers = make_subrequest(
+            method, endpoint, headers=meta.get('headers', {}), body=subreq_body
+        )
+
+        data = response.get_data()
+        app.logger.debug(
+            f"Onion sub-request for {endpoint} returned {response.status_code}, {len(data)} bytes"
+        )
+
+        meta = {'code': response.status_code, 'headers': headers}
+
+    except Exception as e:
+        app.logger.warning("Invalid v4 onion request: {}".format(e))
+        meta = {'code': http.BAD_REQUEST, 'headers': {'content-type': 'text/plain; charset=utf-8'}}
+        data = b'Invalid v4 onion request'
+
+    meta = json.dumps(meta).encode()
+    return b''.join(
+        (b'l', str(len(meta)).encode(), b':', meta, str(len(data)).encode(), b':', data, b'e')
+    )
+
+
+def decrypt_onionreq():
+    try:
+        return OnionReqParser(
+            onion_pubkey_bytes,
+            onion_privkey_bytes,
+            request.data)
+    except Exception as e:
+        app.logger.warning("Failed to decrypt onion request: {}".format(e))
+    abort(http.BAD_REQUEST)
+
+
+@app.post("/oxen/v4/lsrpc")
+def handle_v4_onion_request():
     """
     Handles a decrypted v4 onion request; this injects a subrequest to process it then returns the
     result of that subrequest.  In contrast to v3, it is more efficient (particularly for binary
@@ -54,11 +109,6 @@ def handle_v4_onionreq_plaintext(body):
     needs to be accessed through a v4 request for some reason then it can be accessed via the
     "/legacy/whatever" endpoint).
 
-    If an "endpoint" contains unicode characters then it is recommended to provide it as direct
-    UTF-8 values (rather than URL-encoded UTF-8).  Both approaches will work, but the X-SOGS-*
-    authentication headers will always apply on the final, URL-decoded value and so avoiding
-    URL-encoding in the first place will typically simplify client implementations.
-
     The "headers" field typically carries X-SOGS-* authentication headers as well as fields like
     Content-Type.  Note that, unlike v3 requests, the Content-Type does *not* have any default and
     should also be specified, often as `application/json`.  Unlike HTTP requests, Content-Length is
@@ -128,61 +178,6 @@ def handle_v4_onionreq_plaintext(body):
     bytes are returned directly to the client (i.e. no base64 encoding applied, unlike v3 requests).
     """  # noqa: E501
 
-    try:
-        if not (body.startswith(b"l") and body.endswith(b"e")):
-            raise RuntimeError("Invalid onion request body: expected bencoded list")
-
-        belems = memoryview(body)[1:-1]
-
-        # Metadata json; this element is always required:
-        meta, belems = bencode_consume_string(belems)
-
-        meta = json.loads(meta.tobytes())
-
-        # Then we can have a second optional string containing the body:
-        if len(belems) > 1:
-            subreq_body, belems = bencode_consume_string(belems)
-            if len(belems):
-                raise RuntimeError("Invalid v4 onion request: found more than 2 parts")
-        else:
-            subreq_body = b""
-
-        method, endpoint = meta["method"], meta["endpoint"]
-        if not endpoint.startswith("/"):
-            raise RuntimeError("Invalid v4 onion request: endpoint must start with /")
-
-        response, headers = make_subrequest(
-            method,
-            endpoint,
-            headers=meta.get("headers", {}),
-            body=subreq_body,
-            user_reauth=True,  # Because onion requests have auth headers on the *inside*
-        )
-
-        data = response.get_data()
-        app.logger.debug(
-            f"Onion sub-request for {endpoint} returned {response.status_code}, {len(data)} bytes"
-        )
-
-        meta = {"code": response.status_code, "headers": headers}
-
-    except Exception as e:
-        app.logger.warning("Invalid v4 onion request: {}".format(e))
-        meta = {"code": 400, "headers": {"content-type": "text/plain; charset=utf-8"}}
-        data = b"Invalid v4 onion request"
-
-    meta = json.dumps(meta).encode()
-    return b"".join(
-        (b"l", str(len(meta)).encode(), b":", meta, str(len(data)).encode(), b":", data, b"e")
-    )
-
-
-@app.post("/oxen/v4/lsrpc")
-def handle_v4_onion_request():
-    """
-    Parse a v4 onion request.  See handle_v4_onionreq_plaintext().
-    """
-
     # Some less-than-ideal decisions in the onion request protocol design means that we are stuck
     # dealing with parsing the request body here in the internal format that is meant for storage
     # server, but the *last* hop's decrypted, encoded data has to get shared by us (and is passed on
@@ -198,13 +193,13 @@ def handle_v4_onion_request():
     # The parse_junk here takes care of decoding and decrypting this according to the fields *meant
     # for us* in the json (which include things like the encryption type and ephemeral key):
     try:
-        junk = _junk_parser.parse_junk(request.data)
+        parser = decrypt_onionreq()
     except RuntimeError as e:
         app.logger.warning("Failed to decrypt onion request: {}".format(e))
         abort(400)
 
     # On the way back out we re-encrypt via the junk parser (which uses the ephemeral key and
     # enc_type that were specified in the outer request).  We then return that encrypted binary
     # payload as-is back to the client which bounces its way through the SN path back to the client.
-    response = handle_v4_onionreq_plaintext(junk.payload)
-    return junk.transformReply(response)
+    response = handle_v4_onionreq_plaintext(parser.payload)
+    return parser.encrypt_reply(response)

spns/hivemind.cpp

@@ -1,7 +1,9 @@
+#pragma once
+
 #include <chrono>
 #include <mutex>
 #include <pqxx/pqxx>
-#include <stack>
+#include <deque>
 
 #include "bytes.hpp"
 
@@ -117,7 +119,7 @@ inline const std::string type_name<spns::Signature>{"spns::Signature"};
 template <>
 inline const std::string type_name<spns::EncKey>{"spns::EncKey"};
 
-template <typename T, typename = std::enable_if_t<spns::is_bytes<T>>>
+template <spns::bytes_subtype T>
 struct spns_byte_helper {
     static constexpr size_t SIZE = T::SIZE;
     static T from_string(std::string_view text) {
@@ -148,9 +150,6 @@ struct spns_byte_helper {
     }
 };
 
-template <typename T>
-struct nullness<T, std::enable_if_t<spns::is_bytes<T>>> : pqxx::no_null<T> {};
-
 template <>
 struct string_traits<spns::AccountID> : spns_byte_helper<spns::AccountID> {};
 template <>

spns/onion_request.py

@@ -1,6 +1,7 @@
 #pragma once
 
 #include <fmt/format.h>
+#include <oxen/log/format.hpp>
 
 #include <charconv>
 #include <chrono>
@@ -40,37 +41,7 @@ inline ustring_view as_usv(bstring_view s) {
     return {reinterpret_cast<const unsigned char*>(s.data()), s.size()};
 }
 
-// Can replace this with a `using namespace oxen::log::literals` if we start using oxen-logging
-namespace detail {
-
-    // Internal implementation of _format that holds the format temporarily until the (...) operator
-    // is invoked on it.  This object cannot be moved, copied but only used ephemerally in-place.
-    struct fmt_wrapper {
-      private:
-        std::string_view format;
-
-        // Non-copyable and non-movable:
-        fmt_wrapper(const fmt_wrapper&) = delete;
-        fmt_wrapper& operator=(const fmt_wrapper&) = delete;
-        fmt_wrapper(fmt_wrapper&&) = delete;
-        fmt_wrapper& operator=(fmt_wrapper&&) = delete;
-
-      public:
-        constexpr explicit fmt_wrapper(const char* str, const std::size_t len) : format{str, len} {}
-
-        /// Calling on this object forwards all the values to fmt::format, using the format string
-        /// as provided during construction (via the "..."_format user-defined function).
-        template <typename... T>
-        auto operator()(T&&... args) && {
-            return fmt::format(format, std::forward<T>(args)...);
-        }
-    };
-
-}  // namespace detail
-
-inline detail::fmt_wrapper operator""_format(const char* str, size_t len) {
-    return detail::fmt_wrapper{str, len};
-}
+using namespace oxen::log::literals;
 
 /// Splits a string on some delimiter string and returns a vector of string_view's pointing into the
 /// pieces of the original string.  The pieces are valid only as long as the original string remains