Spoor/appview
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

WIP implement core account creation logic

Browse source
This commit is contained in:
Julia Lange 2025-08-29 13:15:35 -07:00
parent b522c062c0
commit 55b583b6e6
Signed by: Julia
SSH key fingerprint: SHA256:5DJcfxa5/fKCYn57dcabJa2vN2e6eT0pBerYi5SUbto
7 changed files with 259 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

7
entryway/Cargo.toml
View file

@ -4,7 +4,7 @@ version = "0.1.0"
edition = "2024" edition = "2024"
[dependencies] [dependencies]
atproto.workspace = true atproto = { workspace = true, features = ["sqlx-support"] }
router.workspace = true router.workspace = true
http = "1.3.1" http = "1.3.1"
serde.workspace = true serde.workspace = true
@ -12,3 +12,8 @@ serde_json.workspace = true
tokio.workspace = true tokio.workspace = true
tracing-subscriber.workspace = true tracing-subscriber.workspace = true
tracing.workspace = true tracing.workspace = true
async-trait.workspace = true
sqlx.workspace = true
thiserror.workspace = true
argon2 = "0.5"
time = { version = "0.3", features = ["formatting", "macros"] }

23
entryway/migrations/20250828184830_initial_schema.sql Normal file
View file

@ -0,0 +1,23 @@
-- PDS Entryway Account Management Schema
-- Minimal schema for account creation and authentication
-- Actor table - stores public identity information
CREATE TABLE actor (
did VARCHAR PRIMARY KEY,
handle VARCHAR,
created_at VARCHAR NOT NULL
);
-- Case-insensitive unique index on handle
CREATE UNIQUE INDEX actor_handle_lower_idx ON actor (LOWER(handle));
-- Account table - stores private authentication data
CREATE TABLE account (
did VARCHAR PRIMARY KEY,
email VARCHAR NOT NULL,
password_scrypt VARCHAR NOT NULL,
email_confirmed_at VARCHAR
);
-- Case-insensitive unique index on email
CREATE UNIQUE INDEX account_email_lower_idx ON account (LOWER(email));

13
entryway/src/database/error.rs Normal file
View file

@ -0,0 +1,13 @@
use thiserror::Error;
#[derive(Error, Debug)]
pub enum DatabaseError {
#[error("Database connection error: {0}")]
Connection(#[from] sqlx::Error),
#[error("Handle already taken: {0}")]
HandleTaken(String),
#[error("Email already taken: {0}")]
EmailTaken(String),
}

5
entryway/src/database/mod.rs Normal file
View file

@ -0,0 +1,5 @@
pub mod error;
pub mod operations;
pub use error::DatabaseError;
pub use operations::Database;

82
entryway/src/database/operations.rs Normal file
View file

@ -0,0 +1,82 @@
use sqlx::{Pool, Postgres};
use atproto::types::{
Handle
Did
};
use crate::database::DatabaseError;
pub struct Database {
pool: Pool<Postgres>,
}
impl Database {
pub fn new(pool: Pool<Postgres>) -> Self {
Self { pool }
}
// Account availability checking
pub async fn check_handle_available(&self, handle: &Handle) -> Result<bool, DatabaseError> {
let count = sqlx::query_scalar!(
"SELECT COUNT(*) FROM actor WHERE LOWER(handle) = LOWER($1)",
handle
)
.fetch_one(&self.pool)
.await?;
Ok(count.unwrap_or(0) == 0)
}
pub async fn check_email_available(&self, email: &str) -> Result<bool, DatabaseError> {
let count = sqlx::query_scalar!(
"SELECT COUNT(*) FROM account WHERE LOWER(email) = LOWER($1)",
email
)
.fetch_one(&self.pool)
.await?;
Ok(count.unwrap_or(0) == 0)
}
// Account creation
pub async fn create_account(
&self,
did: &Did,
handle: &Handle,
email: &str,
password_hash: &str,
created_at: &str,
) -> Result<(), DatabaseError> {
// Use a transaction to ensure both actor and account records are created together
let mut tx = self.pool.begin().await?;
// Insert into actor table
sqlx::query!(
r#"
INSERT INTO actor (did, handle, created_at)
VALUES ($1, $2, $3)
"#,
did,
handle,
created_at
)
.execute(&mut *tx)
.await?;
// Insert into account table
sqlx::query!(
r#"
INSERT INTO account (did, email, password_scrypt)
VALUES ($1, $2, $3)
"#,
did,
email,
password_hash
)
.execute(&mut *tx)
.await?;
tx.commit().await?;
Ok(())
}
}

36
entryway/src/main.rs
View file

@ -3,9 +3,15 @@ use router::{
xrpc::XrpcEndpoint, xrpc::XrpcEndpoint,
}; };
use atproto::types::Nsid; use atproto::types::Nsid;
use sqlx::{Pool, Postgres};
use std::env;
use tracing::{event, Level};
mod xrpc; mod xrpc;
mod database;
use xrpc::create_account; use xrpc::create_account;
use database::Database;
struct Config { struct Config {
entryway_url: String, entryway_url: String,
@ -19,6 +25,36 @@ async fn main() {
let subscriber = tracing_subscriber::FmtSubscriber::new(); let subscriber = tracing_subscriber::FmtSubscriber::new();
let _ = tracing::subscriber::set_global_default(subscriber); let _ = tracing::subscriber::set_global_default(subscriber);
// Set up database connection
let database_url = env::var("DATABASE_URL")
.unwrap_or_else(|_| "postgres://localhost/entryway_dev".to_string());
event!(Level::INFO, "Connecting to database: {}", database_url);
let pool = match sqlx::postgres::PgPoolOptions::new()
.max_connections(5)
.connect(&database_url)
.await
{
Ok(pool) => pool,
Err(e) => {
event!(Level::ERROR, "Failed to connect to database: {}", e);
std::process::exit(1);
}
};
let database = Database::new(pool);
// Run migrations
if let Err(e) = database.run_migrations().await {
event!(Level::ERROR, "Failed to run migrations: {}", e);
std::process::exit(1);
}
event!(Level::INFO, "Database setup complete");
// TODO: Wire up database to XRPC handlers
// For now, keeping the existing router setup
let mut router = Router::new(); let mut router = Router::new();
let create_account_nsid: Nsid = "com.atproto.server.createAccount".parse::<Nsid>().expect("valid nsid"); let create_account_nsid: Nsid = "com.atproto.server.createAccount".parse::<Nsid>().expect("valid nsid");
router = router.add_endpoint(XrpcEndpoint::not_implemented()); router = router.add_endpoint(XrpcEndpoint::not_implemented());

188
entryway/src/xrpc/create_account.rs
View file

@ -4,6 +4,9 @@ use http::status::StatusCode;
use tracing::{event, instrument, Level}; use tracing::{event, instrument, Level};
use atproto::types::Handle; use atproto::types::Handle;
use std::str::FromStr; use std::str::FromStr;
use argon2::{Argon2, PasswordHasher, password_hash::{rand_core::OsRng, SaltString}};
use time::OffsetDateTime;
use crate::database::{Database, DatabaseError};
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
pub struct CreateAccountInput { pub struct CreateAccountInput {
@ -31,7 +34,8 @@ pub struct CreateAccountResponse {
pub async fn create_account(data: ProcedureInput<CreateAccountInput>) -> Response { pub async fn create_account(data: ProcedureInput<CreateAccountInput>) -> Response {
event!(Level::INFO, "Creating account for handle: {}", data.input.handle); event!(Level::INFO, "Creating account for handle: {}", data.input.handle);
// TODO: Implement the following steps based on the TypeScript reference: // TODO: Get database from context/config
// For now, this won't compile but shows the intended flow
// 1. Input validation // 1. Input validation
let validated_input = match validate_inputs(&data.input).await { let validated_input = match validate_inputs(&data.input).await {
@ -40,59 +44,52 @@ pub async fn create_account(data: ProcedureInput<CreateAccountInput>) -> Respons
}; };
// 2. Check handle and email availability // 2. Check handle and email availability
if let Err(err) = check_availability(&validated_input).await { // if let Err(err) = check_availability(&database, &validated_input).await {
return err; // return err;
} // }
// 3. Generate DID and signing key // 3. Generate DID (placeholder for now)
let (did, signing_key, plc_op) = match generate_identity(&validated_input).await { let did = generate_placeholder_did(&validated_input.handle).await;
Ok(identity) => identity,
Err(err) => return err,
};
// 4. Create actor store entry // 4. Hash password if provided
if let Err(err) = create_actor_store(&did, &signing_key).await { let password_hash = if let Some(password) = &validated_input.password {
return err; match hash_password(password) {
} Ok(hash) => Some(hash),
Err(_) => {
// 5. Create repository return error(
let repo_commit = match create_repository(&did).await { StatusCode::INTERNAL_SERVER_ERROR,
Ok(commit) => commit, "InternalServerError",
Err(err) => return err, "Failed to hash password"
}; );
}
// 6. Submit PLC operation (if needed)
if let Some(op) = plc_op {
if let Err(err) = submit_plc_operation(&did, &op).await {
return err;
} }
} } else {
None
// 7. Create account and session
let credentials = match create_account_and_session(&validated_input, &did, &repo_commit).await {
Ok(creds) => creds,
Err(err) => return err,
}; };
// 8. Sequence events (identity, account, commit, sync) // 5. Create account in database
if let Err(err) = sequence_events(&did, &validated_input.handle, &repo_commit).await { let created_at = OffsetDateTime::now_utc().format(&time::format_description::well_known::Iso8601::DEFAULT)
return err; .unwrap_or_else(|_| "unknown".to_string());
}
// 9. Update repo root // if let Err(err) = create_account_in_db(&database, &did, &validated_input, password_hash.as_deref(), &created_at).await {
if let Err(err) = update_repo_root(&did, &repo_commit).await { // return convert_db_error_to_response(err);
return err; // }
}
// 6. Generate session tokens (placeholder for now)
let credentials = Credentials {
access_jwt: "placeholder_access_token".to_string(),
refresh_jwt: "placeholder_refresh_token".to_string(),
};
// Return success response // Return success response
let response = CreateAccountResponse { let response = CreateAccountResponse {
handle: validated_input.handle, handle: validated_input.handle.clone(),
did: did.clone(), did: did.clone(),
access_jwt: credentials.access_jwt, access_jwt: credentials.access_jwt,
refresh_jwt: credentials.refresh_jwt, refresh_jwt: credentials.refresh_jwt,
}; };
event!(Level::INFO, "Account created successfully for DID: {}", did); event!(Level::INFO, "Account created successfully for DID: {} with handle: {}", did, validated_input.handle);
// TODO: Replace with proper JSON response encoding // TODO: Replace with proper JSON response encoding
error(StatusCode::OK, "success", "Account created successfully") error(StatusCode::OK, "success", "Account created successfully")
@ -179,54 +176,73 @@ fn is_valid_email(email: &str) -> bool {
} }
} }
async fn check_availability(input: &ValidatedInput) -> Result<(), Response> { async fn check_availability(database: &Database, input: &ValidatedInput) -> Result<(), Response> {
// Check that handle and email are not already taken // Check that handle and email are not already taken
todo!("Implement availability checking") match database.check_handle_available(&input.handle).await {
Ok(false) => {
return Err(error(
StatusCode::BAD_REQUEST,
"InvalidRequest",
&format!("Handle already taken: {}", input.handle)
));
}
Err(err) => {
event!(Level::ERROR, "Database error checking handle availability: {:?}", err);
return Err(error(
StatusCode::INTERNAL_SERVER_ERROR,
"InternalServerError",
"Database error"
));
}
_ => {}
}
match database.check_email_available(&input.email).await {
Ok(false) => {
return Err(error(
StatusCode::BAD_REQUEST,
"InvalidRequest",
&format!("Email already taken: {}", input.email)
));
}
Err(err) => {
event!(Level::ERROR, "Database error checking email availability: {:?}", err);
return Err(error(
StatusCode::INTERNAL_SERVER_ERROR,
"InternalServerError",
"Database error"
));
}
_ => {}
}
Ok(())
} }
async fn generate_identity(input: &ValidatedInput) -> Result<(String, SigningKey, Option<PlcOp>), Response> { async fn generate_placeholder_did(handle: &str) -> String {
// Generate signing key // TODO: Replace with actual DID generation (did:plc)
// Create DID and PLC operation if not provided // For now, generate a placeholder DID based on handle
todo!("Implement identity generation") format!("did:placeholder:{}", handle.replace(".", "-"))
} }
async fn create_actor_store(did: &str, signing_key: &SigningKey) -> Result<(), Response> { fn hash_password(password: &str) -> Result<String, argon2::password_hash::Error> {
// Create actor store entry for the new account let salt = SaltString::generate(&mut OsRng);
todo!("Implement actor store creation") let argon2 = Argon2::default();
let password_hash = argon2.hash_password(password.as_bytes(), &salt)?;
Ok(password_hash.to_string())
} }
async fn create_repository(did: &str) -> Result<RepoCommit, Response> { async fn create_account_in_db(
// Create empty repository for the account database: &Database,
todo!("Implement repository creation")
}
async fn submit_plc_operation(did: &str, plc_op: &PlcOp) -> Result<(), Response> {
// Submit PLC operation to register/update DID
todo!("Implement PLC operation submission")
}
async fn create_account_and_session(
input: &ValidatedInput,
did: &str, did: &str,
repo_commit: &RepoCommit, input: &ValidatedInput,
) -> Result<Credentials, Response> { password_hash: Option<&str>,
// Create account record and initial session created_at: &str,
// Generate JWT tokens ) -> Result<(), DatabaseError> {
todo!("Implement account and session creation") let hash = password_hash.unwrap_or(""); // Empty hash if no password
database.create_account(did, &input.handle, &input.email, hash, created_at).await
} }
async fn sequence_events(did: &str, handle: &str, repo_commit: &RepoCommit) -> Result<(), Response> {
// Sequence identity, account, commit, and sync events
todo!("Implement event sequencing")
}
async fn update_repo_root(did: &str, repo_commit: &RepoCommit) -> Result<(), Response> {
// Update repository root reference
todo!("Implement repo root update")
}
// TODO: Define these types based on our implementation needs
#[derive(Debug)] #[derive(Debug)]
struct ValidatedInput { struct ValidatedInput {
handle: String, handle: String,
@ -235,22 +251,6 @@ struct ValidatedInput {
invite_code: Option<String>, invite_code: Option<String>,
} }
#[derive(Debug)]
struct SigningKey {
// TODO: Define signing key structure
}
#[derive(Debug)]
struct PlcOp {
// TODO: Define PLC operation structure
}
#[derive(Debug)]
struct RepoCommit {
cid: String,
rev: String,
}
#[derive(Debug)] #[derive(Debug)]
struct Credentials { struct Credentials {
access_jwt: String, access_jwt: String,