From 111b23b94b944a23786961c5d8394528df9ec214 Mon Sep 17 00:00:00 2001 From: Tudisco Date: Sun, 24 May 2026 23:36:53 -0600 Subject: [PATCH] feat(kez-chat): scaffold the home server (v0.1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit First runnable kez-chat-server binary plus its docker-compose deploy recipe. Implements steps 2-3 of the document.md sequenced plan; the rust-lib refactor (step 1) is deferred — chat-server path-deps on rust/crates/kez-core for now, which works and matches what rust-sig-server already does. What's in this commit: kez-core (1-line change) - New public `verify_envelope(payload, signature)` helper that dispatches Schnorr / Ed25519 / future suites by signature.alg. Used by chat-server's registration verifier; downstream value beyond chat-server too. kez-chat-server (new crate) - src/main.rs: tokio + axum + tracing entry; clap config; graceful Ctrl-C shutdown. - src/lib.rs: re-exports so tests can drive the same router. - src/config.rs: env/flag config (bind, db, server, sig_server_url, web_dir) with defaults sane for both dev and prod. - src/error.rs: typed ApiError → structured JSON responses with stable error codes. - src/store.rs: SQLite-backed handle registry, UNIQUE on both (handle) and (primary_id); race-safe via SQL primary key. - src/handles.rs: username validation (length, charset, reserved list, must start with letter/digit). - src/registration.rs: SignedRegistration envelope sharing KEZ's JCS canonical-bytes pattern; signature verification via the new kez-core helper; replay protection via ±5-minute clock skew check. - src/api.rs: all six routes in one file — GET /v1/healthz GET /v1/u/:handle POST /v1/register GET /.well-known/webfinger POST /internal/nats/auth (501 stub for v0.1; wired up in v0.2) GET / (placeholder HTML; ServeDir when web/dist exists) tests/http.rs — 13 integration tests - Stands up the real router on a random port; uses reqwest. - Coverage: healthz, lookup-404, full register→lookup round-trip, duplicate-handle conflict, wrong-server rejection, reserved-name rejection, tampered-signature rejection, stale-timestamp rejection, WebFinger success + wrong-server-404, placeholder SPA renders, NATS callout 501, JCS determinism sanity. deploy/ - Dockerfile: multi-stage build (rust:1.86-slim → debian:bookworm-slim). Build context is repo root so the path dep on kez-core resolves. Runtime image ~50 MB; runs as non-root uid 10001. - Dockerfile.sig-server: same pattern for the existing rust-sig-server, so the stack builds from one git pull. - docker-compose.yml: three services (chat-server + nats + sig-server) with named volumes for persistence. Ports: 6969 (chat HTTP), 4222/8443/8222 (NATS native/ws/monitoring), 7878 (sig-server). - nats.conf: WebSocket on 8443 for the browser SPA, JetStream enabled, auth_callout pointing at chat-server's /internal/nats/auth endpoint (issuer nkey is a placeholder — must be replaced with a real one before going live). README.md - Documents all endpoints with example bodies. - Quick-start for both local dev and full Docker compose. - Honest list of what's in v0.1 vs what's still stubbed. Smoke-tested running on 127.0.0.1:6969: GET /v1/healthz → {"server":"kez.lat","status":"ok","version":"0.1.0"} GET / → placeholder HTML rendering GET /v1/u/ghost → 404 POST /internal/nats/auth → 501 with "wired up in v0.2" cargo test → 13 passed. cargo build --release → 19.6s, clean. --- kez-chat/Cargo.lock | 2582 +++++++++++++++++++++++++ kez-chat/Cargo.toml | 27 + kez-chat/README.md | 169 ++ kez-chat/deploy/Dockerfile | 42 + kez-chat/deploy/Dockerfile.sig-server | 33 + kez-chat/deploy/docker-compose.yml | 66 + kez-chat/deploy/nats.conf | 51 + kez-chat/src/api.rs | 269 +++ kez-chat/src/config.rs | 40 + kez-chat/src/error.rs | 75 + kez-chat/src/handles.rs | 85 + kez-chat/src/lib.rs | 14 + kez-chat/src/main.rs | 51 + kez-chat/src/registration.rs | 89 + kez-chat/src/store.rs | 157 ++ kez-chat/tests/http.rs | 315 +++ rust/crates/kez-core/src/lib.rs | 21 + 17 files changed, 4086 insertions(+) create mode 100644 kez-chat/Cargo.lock create mode 100644 kez-chat/Cargo.toml create mode 100644 kez-chat/README.md create mode 100644 kez-chat/deploy/Dockerfile create mode 100644 kez-chat/deploy/Dockerfile.sig-server create mode 100644 kez-chat/deploy/docker-compose.yml create mode 100644 kez-chat/deploy/nats.conf create mode 100644 kez-chat/src/api.rs create mode 100644 kez-chat/src/config.rs create mode 100644 kez-chat/src/error.rs create mode 100644 kez-chat/src/handles.rs create mode 100644 kez-chat/src/lib.rs create mode 100644 kez-chat/src/main.rs create mode 100644 kez-chat/src/registration.rs create mode 100644 kez-chat/src/store.rs create mode 100644 kez-chat/tests/http.rs diff --git a/kez-chat/Cargo.lock b/kez-chat/Cargo.lock new file mode 100644 index 0000000..9d33bf9 --- /dev/null +++ b/kez-chat/Cargo.lock @@ -0,0 +1,2582 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "ahash" +version = "0.8.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", + "zerocopy", +] + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys 0.61.2", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "async-trait" +version = "0.1.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "autocfg" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2032f911046de80f0a198e0901378627c33f59ea0ac00e363d481118bd70a53" + +[[package]] +name = "axum" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f" +dependencies = [ + "async-trait", + "axum-core", + "bytes", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "rustversion", + "serde", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + +[[package]] +name = "bech32" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d86b93f97252c47b41663388e6d155714a9d0c398b99f1005cbc5f978b29f445" + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.20.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72f5acc6cb2ba439de613abc23857ec3d78374d8ed5ac84e9d11336e87da8649" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cc" +version = "1.2.62" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1dce859f0832a7d088c4f1119888ab94ef4b5d6795d1ce05afb7fe159d79f98" +dependencies = [ + "find-msvc-tools", + "jobserver", + "libc", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + +[[package]] +name = "chrono" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" +dependencies = [ + "iana-time-zone", + "js-sys", + "num-traits", + "serde", + "wasm-bindgen", + "windows-link", +] + +[[package]] +name = "clap" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" +dependencies = [ + "curve25519-dalek", + "ed25519", + "rand_core 0.6.4", + "serde", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "fallible-iterator" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" + +[[package]] +name = "fallible-streaming-iterator" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a" + +[[package]] +name = "fastrand" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "slab", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "r-efi 5.3.0", + "wasip2", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi 6.0.0", + "wasip2", + "wasip3", +] + +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" +dependencies = [ + "ahash", +] + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "foldhash", +] + +[[package]] +name = "hashbrown" +version = "0.17.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a" + +[[package]] +name = "hashlink" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af" +dependencies = [ + "hashbrown 0.14.5", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "http" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "pin-project-lite", +] + +[[package]] +name = "http-range-header" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c" + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "smallvec", + "tokio", + "want", +] + +[[package]] +name = "hyper-rustls" +version = "0.27.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f" +dependencies = [ + "http", + "hyper", + "hyper-util", + "rustls", + "tokio", + "tokio-rustls", + "tower-service", + "webpki-roots", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "base64", + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "ipnet", + "libc", + "percent-encoding", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "icu_collections" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c" +dependencies = [ + "displaydoc", + "potential_utf", + "utf8_iter", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38" + +[[package]] +name = "icu_properties" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14" + +[[package]] +name = "icu_provider" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" +dependencies = [ + "equivalent", + "hashbrown 0.17.1", + "serde", + "serde_core", +] + +[[package]] +name = "ipnet" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "jobserver" +version = "0.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33" +dependencies = [ + "getrandom 0.3.4", + "libc", +] + +[[package]] +name = "js-sys" +version = "0.3.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "142bc4740e452c1e57ade0cbc129f139c9093e354346f0872ef985f4f5cf5f11" +dependencies = [ + "cfg-if", + "futures-util", + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "kez-chat-server" +version = "0.1.0" +dependencies = [ + "anyhow", + "axum", + "chrono", + "clap", + "hex", + "kez-core", + "reqwest", + "rusqlite", + "serde", + "serde_json", + "sha2", + "tempfile", + "thiserror", + "tokio", + "tower-http", + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "kez-core" +version = "0.1.0" +dependencies = [ + "base64", + "bech32", + "chrono", + "ed25519-dalek", + "hex", + "rand 0.8.6", + "secp256k1", + "serde", + "serde_jcs", + "serde_json", + "sha2", + "thiserror", + "zstd", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "libsqlite3-sys" +version = "0.30.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149" +dependencies = [ + "cc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litemap" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0" + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + +[[package]] +name = "matchit" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "mime_guess" +version = "2.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e" +dependencies = [ + "mime", + "unicase", +] + +[[package]] +name = "mio" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" + +[[package]] +name = "potential_utf" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564" +dependencies = [ + "zerovec", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +dependencies = [ + "bytes", + "getrandom 0.3.4", + "lru-slab", + "rand 0.9.4", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.60.2", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rand" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "reqwest" +version = "0.12.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +dependencies = [ + "base64", + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-rustls", + "hyper-util", + "js-sys", + "log", + "percent-encoding", + "pin-project-lite", + "quinn", + "rustls", + "rustls-pki-types", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tokio-rustls", + "tower", + "tower-http", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "webpki-roots", +] + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "rusqlite" +version = "0.32.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7753b721174eb8ff87a9a0e799e2d7bc3749323e773db92e0984debb00019d6e" +dependencies = [ + "bitflags", + "fallible-iterator", + "fallible-streaming-iterator", + "hashlink", + "libsqlite3-sys", + "smallvec", +] + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.61.2", +] + +[[package]] +name = "rustls" +version = "0.23.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b" +dependencies = [ + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30a7197ae7eb376e574fe940d068c30fe0462554a3ddbe4eca7838e049c937a9" +dependencies = [ + "web-time", + "zeroize", +] + +[[package]] +name = "rustls-webpki" +version = "0.103.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "ryu-js" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6518fc26bced4d53678a22d6e423e9d8716377def84545fe328236e3af070e7f" + +[[package]] +name = "secp256k1" +version = "0.29.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9465315bc9d4566e1724f0fffcbcc446268cb522e60f9a27bcded6b19c108113" +dependencies = [ + "rand 0.8.6", + "secp256k1-sys", +] + +[[package]] +name = "secp256k1-sys" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4387882333d3aa8cb20530a17c69a3752e97837832f34f6dccc760e715001d9" +dependencies = [ + "cc", +] + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_jcs" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cacecf649bc1a7c5f0e299cc813977c6a78116abda2b93b1ee01735b71ead9a8" +dependencies = [ + "ryu-js", + "serde", + "serde_json", +] + +[[package]] +name = "serde_json" +version = "1.0.150" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "rand_core 0.6.4", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" +dependencies = [ + "futures-core", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tempfile" +version = "3.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +dependencies = [ + "fastrand", + "getrandom 0.4.2", + "once_cell", + "rustix", + "windows-sys 0.61.2", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "tinystr" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.52.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" +dependencies = [ + "bytes", + "libc", + "mio", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-rustls" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61" +dependencies = [ + "rustls", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-http" +version = "0.6.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840" +dependencies = [ + "bitflags", + "bytes", + "futures-core", + "futures-util", + "http", + "http-body", + "http-body-util", + "http-range-header", + "httpdate", + "mime", + "mime_guess", + "percent-encoding", + "pin-project-lite", + "tokio", + "tokio-util", + "tower", + "tower-layer", + "tower-service", + "tracing", + "url", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex-automata", + "sharded-slab", + "smallvec", + "thread_local", + "tracing", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "typenum" +version = "1.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" + +[[package]] +name = "unicase" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen 0.57.1", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen 0.51.0", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.122" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ed04576f974d2b2fba0f38c51dbc5518011e38c36bf1143164be765528fd409" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9473dbd2991ae90b6291c3c32c30c6187ac49aa32f9905d1cce280ec1e110b0f" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.122" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "916151b09da36bd82f6615cbf3a419e2f0ba23a03c6160e8e92eb6bd4aa1dec6" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.122" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "299047362ccbfce148b67ab7e73349f77748e00c8296f9542adfad2ad82c5c5e" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.122" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a929b2c61f11ba3e9bc35b50c1f25cb38e0e892c0c231ae2b8cf78d5dad4437" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "web-sys" +version = "0.3.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d621441cfc37b84979402712047321980c178f299193a3589d05b99e8763436" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52f5ee44c96cf55f1b349600768e3ece3a8f26010c05265ab73f945bb1a2eb9d" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets 0.53.5", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm 0.53.1", + "windows_aarch64_msvc 0.53.1", + "windows_i686_gnu 0.53.1", + "windows_i686_gnullvm 0.53.1", + "windows_i686_msvc 0.53.1", + "windows_x86_64_gnu 0.53.1", + "windows_x86_64_gnullvm 0.53.1", + "windows_x86_64_msvc 0.53.1", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "writeable" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" + +[[package]] +name = "yoke" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" + +[[package]] +name = "zerotrie" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" + +[[package]] +name = "zstd" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a" +dependencies = [ + "zstd-safe", +] + +[[package]] +name = "zstd-safe" +version = "7.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d" +dependencies = [ + "zstd-sys", +] + +[[package]] +name = "zstd-sys" +version = "2.0.16+zstd.1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e19ebc2adc8f83e43039e79776e3fda8ca919132d68a1fed6a5faca2683748" +dependencies = [ + "cc", + "pkg-config", +] diff --git a/kez-chat/Cargo.toml b/kez-chat/Cargo.toml new file mode 100644 index 0000000..33e32a2 --- /dev/null +++ b/kez-chat/Cargo.toml @@ -0,0 +1,27 @@ +[package] +name = "kez-chat-server" +version = "0.1.0" +edition = "2024" +license = "MIT OR Apache-2.0" +description = "Home server for kez-chat: handle registry + NATS auth callout + WebFinger + static SPA host. Designed in kez-chat/document.md." + +[dependencies] +anyhow = "1" +axum = "0.7" +chrono = { version = "0.4", features = ["serde"] } +clap = { version = "4.5", features = ["derive", "env"] } +hex = "0.4" +kez-core = { path = "../rust/crates/kez-core" } +rusqlite = { version = "0.32", features = ["bundled"] } +serde = { version = "1", features = ["derive"] } +serde_json = "1" +thiserror = "2" +tokio = { version = "1.48", features = ["macros", "rt-multi-thread", "sync", "signal"] } +tower-http = { version = "0.6", features = ["trace", "cors", "fs"] } +tracing = "0.1" +tracing-subscriber = { version = "0.3", features = ["env-filter"] } + +[dev-dependencies] +reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "json"] } +sha2 = "0.10" +tempfile = "3" diff --git a/kez-chat/README.md b/kez-chat/README.md new file mode 100644 index 0000000..cdd2b66 --- /dev/null +++ b/kez-chat/README.md @@ -0,0 +1,169 @@ +# kez-chat-server + +Home server for the kez-chat application. One Rust binary that hosts: + +- Handle registry (`POST /v1/register`, `GET /v1/u/:handle`) +- WebFinger discovery (`GET /.well-known/webfinger`) +- NATS auth callout endpoint (`POST /internal/nats/auth`) — stub in v0.1 +- Static SPA serving (`GET /`) — placeholder until the Svelte build lands +- Healthz (`GET /v1/healthz`) + +Designed in [`document.md`](document.md). Spec for the underlying KEZ +identity layer in [`../SPEC.md`](../SPEC.md). + +## What's in v0.1 (this is the scaffold) + +✅ HTTP API end-to-end +✅ Ed25519-signed handle registration with replay protection +✅ SQLite-backed registry with uniqueness on both handle and primary key +✅ WebFinger endpoint +✅ Placeholder SPA at `/` +✅ docker-compose for full stack (chat + nats + sig-server) +✅ Multi-stage Dockerfiles +✅ 13 integration tests against a live router + +⚠️ NATS auth callout returns 501 — wired up in v0.2 +⚠️ Svelte SPA build pipeline not yet in place — placeholder HTML for now +⚠️ TLS terminated upstream (no cert handling in this binary) + +## Quick start (local development) + +```sh +# Run from source +cargo run -- --bind 127.0.0.1:6969 --db ./kez-chat.db --server kez.lat + +# Or install once +cargo install --path . +kez-chat-server --bind 127.0.0.1:6969 --server kez.lat +``` + +Configuration via flags or env vars: + +| Flag | Env | Default | +|---|---|---| +| `--bind` | `KEZ_CHAT_BIND` | `0.0.0.0:6969` | +| `--db` | `KEZ_CHAT_DB` | `kez-chat.db` | +| `--server` | `KEZ_CHAT_SERVER` | `kez.lat` | +| `--sig-server-url` | `KEZ_CHAT_SIG_SERVER_URL` | `http://localhost:7878` | +| `--web-dir` | `KEZ_CHAT_WEB_DIR` | _(unset → placeholder page)_ | + +Logging: `RUST_LOG=debug,hyper=info` etc. + +## Quick start (Docker compose, full stack) + +```sh +cd deploy +docker compose up -d --build +``` + +Brings up three services: + +| Service | Port(s) | What it does | +|---|---|---| +| `chat-server` | 6969 | HTTP API + SPA | +| `nats` | 4222 (native), 8443 (WebSocket), 8222 (monitoring) | Dumb broker, JetStream enabled | +| `sig-server` | 7878 | Sigchain storage (the existing `rust-sig-server`) | + +Then point a reverse proxy / Cloudflare tunnel at `localhost:6969`. + +## Testing + +```sh +cargo test # 13 integration tests (real server, real HTTP) +``` + +The tests stand up the router on a random local port and exercise it +via `reqwest`. No mocks. They cover: healthz, lookup, registration +(success + duplicate + wrong-server + reserved-name + tampered-sig + +stale-timestamp), WebFinger, the placeholder SPA, and the NATS auth +callout stub. + +## Endpoints in detail + +### `GET /v1/healthz` + +```json +{ "status": "ok", "server": "kez.lat", "version": "0.1.0" } +``` + +### `GET /v1/u/:handle` + +Returns: + +```json +{ + "handle": "tudisco", + "fqhn": "tudisco@kez.lat", + "primary": "ed25519:2152f8d19b...", + "sigchain_url": "https://sig.kez.lat/v1/sigchains/ed25519/2152f8d19b...", + "registered_at": "2026-05-25T03:00:00Z" +} +``` + +Returns 404 if the handle isn't registered. + +### `POST /v1/register` + +Request body — a signed registration envelope: + +```json +{ + "kez": "handle_registration", + "payload": { + "type": "kez.chat.handle_registration", + "version": 1, + "handle": "tudisco", + "primary": "ed25519:2152f8d19b...", + "server": "kez.lat", + "created_at": "2026-05-25T03:00:00Z" + }, + "signature": { + "alg": "ed25519-sha512-jcs", + "key": "ed25519:2152f8d19b...", + "sig": "<128-char-hex>" + } +} +``` + +Server validates: +1. Envelope tag is `"handle_registration"` +2. Payload type is `"kez.chat.handle_registration"`, version 1 +3. `signature.key` equals `payload.primary` +4. Signature verifies against the primary key (Ed25519 only for chat) +5. `payload.server` matches this server's configured domain +6. `payload.handle` passes validation (length 3-32, `a-z0-9_-`, + starts with letter/digit, not in reserved list) +7. `payload.created_at` is within 5 minutes of server time + +On success: `201 Created` with the same body as `GET /v1/u/:handle`. + +### `GET /.well-known/webfinger?resource=acct:user@server` + +Standard fediverse-style discovery. Returns the user's KEZ identity +info as a WebFinger JRD. Used by other servers (federated lookup, +future) and by tools like fediverse browsers. + +### `POST /internal/nats/auth` + +NATS auth callout endpoint. **Stub in v0.1** — returns 501. The real +implementation (v0.2) will: parse the NATS auth request JWT, extract +the connecting client's nkey, look up the corresponding handle, sign +a response permitting `kez.inbox..>` subjects. + +## Deployment notes + +- The `chat-server` Docker image is built from the **repo root** as + context (so it can copy `rust/crates/kez-core` for the path dep). + `docker-compose.yml` sets this correctly. +- The `sig-server` is the existing [`../rust-sig-server`](../rust-sig-server/) + binary, built into a separate image via `Dockerfile.sig-server`. +- NATS config (`nats.conf`) has WebSocket enabled on port 8443 so the + browser SPA can connect via `nats.ws`. The `issuer` field in + `auth_callout` is a placeholder — generate a real nkey and replace + before going to production. +- TLS is **not** handled by this binary. Put a reverse proxy (Caddy, + nginx, Cloudflare tunnel) in front for HTTPS. + +## License + +Dual-licensed under MIT or Apache-2.0. diff --git a/kez-chat/deploy/Dockerfile b/kez-chat/deploy/Dockerfile new file mode 100644 index 0000000..68f55d2 --- /dev/null +++ b/kez-chat/deploy/Dockerfile @@ -0,0 +1,42 @@ +# Multi-stage build for kez-chat-server. +# +# Stage 1: build the Rust binary against kez-core (path dep). The build +# context must be the *repository root* (the dir that contains both +# `kez-chat/` and `rust/`), not `kez-chat/` itself — see the +# `docker-compose.yml` which sets `context: ..`. + +FROM rust:1.86-slim AS build +RUN apt-get update && apt-get install -y --no-install-recommends \ + pkg-config libssl-dev ca-certificates \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /src + +# Copy what we need: +# - rust/crates/kez-core (path dep) +# - kez-chat (this project) +COPY rust/ /src/rust/ +COPY kez-chat/ /src/kez-chat/ + +WORKDIR /src/kez-chat +RUN cargo build --release --bin kez-chat-server + +# Stage 2: minimal runtime image +FROM debian:bookworm-slim +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* \ + && useradd -r -u 10001 -m kez + +COPY --from=build /src/kez-chat/target/release/kez-chat-server /usr/local/bin/kez-chat-server + +USER kez +WORKDIR /data + +ENV KEZ_CHAT_BIND=0.0.0.0:6969 \ + KEZ_CHAT_DB=/data/kez-chat.db \ + KEZ_CHAT_SERVER=kez.lat \ + KEZ_CHAT_SIG_SERVER_URL=http://sig-server:7878 \ + RUST_LOG=info + +EXPOSE 6969 +ENTRYPOINT ["/usr/local/bin/kez-chat-server"] diff --git a/kez-chat/deploy/Dockerfile.sig-server b/kez-chat/deploy/Dockerfile.sig-server new file mode 100644 index 0000000..477613b --- /dev/null +++ b/kez-chat/deploy/Dockerfile.sig-server @@ -0,0 +1,33 @@ +# Sibling Dockerfile that builds rust-sig-server out of the same repo +# checkout. Compose uses this for the `sig-server` service so the whole +# stack comes from one git pull. Context must be the repository root. + +FROM rust:1.86-slim AS build +RUN apt-get update && apt-get install -y --no-install-recommends \ + pkg-config libssl-dev ca-certificates \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /src + +COPY rust/ /src/rust/ +COPY rust-sig-server/ /src/rust-sig-server/ + +WORKDIR /src/rust-sig-server +RUN cargo build --release --bin kez-sig-server + +FROM debian:bookworm-slim +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* \ + && useradd -r -u 10002 -m kez + +COPY --from=build /src/rust-sig-server/target/release/kez-sig-server /usr/local/bin/kez-sig-server + +USER kez +WORKDIR /data + +ENV KEZ_BIND=0.0.0.0:7878 \ + KEZ_DB=/data/sigchains.db \ + RUST_LOG=info + +EXPOSE 7878 +ENTRYPOINT ["/usr/local/bin/kez-sig-server"] diff --git a/kez-chat/deploy/docker-compose.yml b/kez-chat/deploy/docker-compose.yml new file mode 100644 index 0000000..f1fb9db --- /dev/null +++ b/kez-chat/deploy/docker-compose.yml @@ -0,0 +1,66 @@ +# kez-chat home server stack. +# +# Three services: +# - nats dumb broker, JetStream enabled, WebSocket on 8443 +# - chat-server handle registry + NATS auth callout + serves the SPA +# - sig-server sigchain HTTP store (existing rust-sig-server) +# +# Run from this dir: docker compose up -d --build +# Build context for the Rust services is `..` (the repo root) so they +# can pull in `rust/crates/kez-core` as a path dep. +# +# In production you'll terminate TLS at a reverse proxy (Caddy, nginx, +# or a Cloudflare tunnel) in front of port 6969 (HTTP) and the NATS +# listeners. The compose file itself binds to plain HTTP for simplicity. + +services: + nats: + image: nats:latest + command: + - "-c" + - "/etc/nats/nats.conf" + - "--jetstream" + volumes: + - ./nats.conf:/etc/nats/nats.conf:ro + - nats-data:/data + ports: + - "4222:4222" # native NATS (CLI clients) + - "8443:8443" # WebSocket (browser SPA) + - "8222:8222" # monitoring + restart: unless-stopped + + chat-server: + build: + context: .. # repo root, so Dockerfile sees rust/ and kez-chat/ + dockerfile: kez-chat/deploy/Dockerfile + environment: + KEZ_CHAT_BIND: 0.0.0.0:6969 + KEZ_CHAT_DB: /data/kez-chat.db + KEZ_CHAT_SERVER: kez.lat + KEZ_CHAT_SIG_SERVER_URL: http://sig-server:7878 + RUST_LOG: info + volumes: + - chat-data:/data + ports: + - "6969:6969" # HTTP API + SPA (Cloudflare tunnel terminates here) + depends_on: [sig-server] + restart: unless-stopped + + sig-server: + build: + context: .. + dockerfile: kez-chat/deploy/Dockerfile.sig-server + environment: + KEZ_BIND: 0.0.0.0:7878 + KEZ_DB: /data/sigchains.db + RUST_LOG: info + volumes: + - sig-data:/data + ports: + - "7878:7878" # exposed for direct client fetches of sigchains + restart: unless-stopped + +volumes: + nats-data: + chat-data: + sig-data: diff --git a/kez-chat/deploy/nats.conf b/kez-chat/deploy/nats.conf new file mode 100644 index 0000000..3805c11 --- /dev/null +++ b/kez-chat/deploy/nats.conf @@ -0,0 +1,51 @@ +# NATS config for kez-chat home server. +# +# - Native NATS protocol on 4222 for CLI clients (TLS terminated by your +# reverse proxy in production). +# - WebSocket on 8443 for the browser SPA. Also TLS-terminated upstream. +# - JetStream on for offline message buffering (durable consumers). +# - auth_callout points at our chat-server's /internal/nats/auth endpoint. +# The chat-server is the source of truth for which nkeys are allowed +# to connect and what subjects they can publish/subscribe to. + +# Standard NATS listener (CLI clients use this). +listen: 0.0.0.0:4222 + +# WebSocket listener (browser SPA uses this via nats.ws). +websocket { + port: 8443 + no_tls: true # TLS terminated by Cloudflare tunnel / reverse proxy +} + +# Persistent storage for durable consumers (offline buffering). +jetstream { + store_dir: /data/jetstream + max_mem: 1G + max_file: 10G +} + +# Monitoring / healthcheck. +http_port: 8222 + +# Auth callout: every connection's auth request is forwarded to our +# chat-server, which checks the handle registry and signs a response. +# Until we ship the v0.2 auth callout, the chat-server returns 501 and +# all connections are rejected. That's intentional — fail closed. +authorization { + auth_callout { + # The chat-server signs its callout responses with this nkey; NATS + # accepts responses signed by this key only. Generated once via + # `nsc generate nkey -o` (operator-level) and embedded in the + # chat-server's deployment secrets. + # + # PLACEHOLDER — replace before going live. + issuer: "ABACVOI4POPS3SBFLDQYTQHHHACRVMCM2HK7PXX4UTI7XYWQHQGOA3PX" + + # NATS uses this user identity when invoking the callout endpoint. + # Distinct from real users; it's just an internal protocol marker. + auth_users: ["AUTHUSER"] + + # The account real users land in once the callout approves them. + account: "DEFAULT" + } +} diff --git a/kez-chat/src/api.rs b/kez-chat/src/api.rs new file mode 100644 index 0000000..efa2e37 --- /dev/null +++ b/kez-chat/src/api.rs @@ -0,0 +1,269 @@ +//! HTTP API routes — all in one file for v0.1 since each route is small. +//! +//! GET / placeholder SPA (or web_dir) +//! GET /v1/healthz liveness +//! GET /v1/u/:handle handle → primary + sigchain pointer + endpoints +//! POST /v1/register claim a handle (signed body) +//! GET /.well-known/webfinger?resource=... fediverse-style discovery +//! POST /internal/nats/auth NATS auth callout (stub in v0.1) + +use axum::Json; +use axum::extract::{Path, Query, State}; +use axum::http::{StatusCode, header}; +use axum::response::{Html, IntoResponse}; +use axum::routing::{get, post}; +use chrono::Utc; +use serde::{Deserialize, Serialize}; +use serde_json::{Value, json}; +use tower_http::services::ServeDir; + +use crate::config::Config; +use crate::error::ApiError; +use crate::handles::validate_handle; +use crate::registration::SignedRegistration; +use crate::store::{HandleRecord, Store}; + +#[derive(Clone)] +pub struct AppState { + pub store: Store, + pub config: Config, +} + +pub fn router(state: AppState) -> axum::Router { + let web_dir = state.config.web_dir.clone(); + + // Build the router with all API routes first, attach the SPA fallback, + // then apply state at the end (axum requires all routes to be added + // before `with_state` is called). + let mut router = axum::Router::new() + .route("/v1/healthz", get(healthz)) + .route("/v1/u/:handle", get(lookup)) + .route("/v1/register", post(register)) + .route("/.well-known/webfinger", get(webfinger)) + .route("/internal/nats/auth", post(nats_auth_callout)); + + router = if let Some(dir) = web_dir { + // Real SPA build dir provided; ServeDir handles index.html + assets. + router.fallback_service(ServeDir::new(dir)) + } else { + // No SPA dir; serve a built-in placeholder page at `/`. + router.route("/", get(placeholder_index)) + }; + + router.with_state(state) +} + +// ───────────────────────────────────────────────────────────────────────────── +// healthz +// ───────────────────────────────────────────────────────────────────────────── + +async fn healthz(State(state): State) -> Json { + Json(json!({ + "status": "ok", + "server": state.config.server, + "version": env!("CARGO_PKG_VERSION"), + })) +} + +// ───────────────────────────────────────────────────────────────────────────── +// GET /v1/u/:handle — handle lookup +// ───────────────────────────────────────────────────────────────────────────── + +#[derive(Debug, Serialize)] +pub struct HandleResponse { + pub handle: String, // bare local-part: "tudisco" + pub fqhn: String, // fully qualified: "tudisco@kez.lat" + pub primary: String, // e.g. "ed25519:abc..." + pub sigchain_url: String, // where the sigchain lives + pub registered_at: String, +} + +async fn lookup( + State(state): State, + Path(handle): Path, +) -> Result, ApiError> { + let record = state + .store + .lookup(&handle) + .await? + .ok_or(ApiError::NotFound)?; + Ok(Json(handle_response(&state.config, &record))) +} + +fn handle_response(config: &Config, record: &HandleRecord) -> HandleResponse { + let scheme = record.primary.scheme(); + let id = record.primary.value(); + HandleResponse { + handle: record.handle.clone(), + fqhn: format!("{}@{}", record.handle, config.server), + primary: record.primary.to_string(), + sigchain_url: format!( + "{}/v1/sigchains/{}/{}", + config.sig_server_url.trim_end_matches('/'), + scheme, + id + ), + registered_at: record.registered_at.to_rfc3339(), + } +} + +// ───────────────────────────────────────────────────────────────────────────── +// POST /v1/register — claim a handle +// ───────────────────────────────────────────────────────────────────────────── + +async fn register( + State(state): State, + Json(req): Json, +) -> Result { + // Format-level validation (envelope, signature) + req.verify_format()?; + + // Semantic checks + if req.payload.server != state.config.server { + return Err(ApiError::BadRequest(format!( + "registration server {:?} does not match this server {:?}", + req.payload.server, state.config.server + ))); + } + validate_handle(&req.payload.handle)?; + req.check_timestamp(Utc::now())?; + + let record = HandleRecord { + handle: req.payload.handle.clone(), + primary: req.payload.primary.clone(), + registered_at: Utc::now(), + }; + state.store.register(&record).await?; + + Ok(( + StatusCode::CREATED, + Json(handle_response(&state.config, &record)), + )) +} + +// ───────────────────────────────────────────────────────────────────────────── +// GET /.well-known/webfinger — fediverse-style discovery +// ───────────────────────────────────────────────────────────────────────────── + +#[derive(Debug, Deserialize)] +struct WebfingerQuery { + resource: String, +} + +async fn webfinger( + State(state): State, + Query(q): Query, +) -> Result { + // Accept `acct:user@server` per RFC 7565. + let resource = q + .resource + .strip_prefix("acct:") + .ok_or_else(|| ApiError::BadRequest("resource must start with `acct:`".into()))?; + let (handle, server) = resource + .split_once('@') + .ok_or_else(|| ApiError::BadRequest("resource must be `acct:user@server`".into()))?; + if server != state.config.server { + return Err(ApiError::NotFound); + } + let record = state.store.lookup(handle).await?.ok_or(ApiError::NotFound)?; + let resp = handle_response(&state.config, &record); + + let body = json!({ + "subject": format!("acct:{}", resp.fqhn), + "links": [ + { + "rel": "https://kez.example/spec/v1/handle", + "type": "application/json", + "href": format!("https://{}/v1/u/{}", state.config.server, handle), + }, + { + "rel": "https://kez.example/spec/v1/sigchain", + "type": "application/jsonl", + "href": resp.sigchain_url, + } + ] + }); + Ok(( + StatusCode::OK, + [(header::CONTENT_TYPE, "application/jrd+json")], + Json(body), + )) +} + +// ───────────────────────────────────────────────────────────────────────────── +// POST /internal/nats/auth — NATS auth callout (stub for v0.1) +// ───────────────────────────────────────────────────────────────────────────── +// +// In v0.2 this will: parse the NATS auth request JWT, extract the +// client's nkey, look it up in the handle registry, sign a response +// JWT granting permissions to `kez.inbox..>` and reject if +// not found. For now it returns 501 so misconfigured NATS deployments +// fail loudly instead of silently allowing everyone. + +async fn nats_auth_callout( + State(_state): State, + Json(_body): Json, +) -> impl IntoResponse { + ( + StatusCode::NOT_IMPLEMENTED, + Json(json!({ + "error": { + "code": "not_implemented", + "message": "NATS auth callout will be wired up in v0.2" + } + })), + ) +} + +// ───────────────────────────────────────────────────────────────────────────── +// Placeholder SPA — until we ship the real Svelte build +// ───────────────────────────────────────────────────────────────────────────── + +async fn placeholder_index(State(state): State) -> Html { + Html(format!( + r#" + + + +kez-chat — {server} + + + +

kez-chat

+

Home server for username@{server}.

+ +

The Svelte web app isn't built yet — this is the placeholder. The HTTP API +is up though:

+ +
    +
  • GET /v1/healthz
    • +
  • GET /v1/u/<handle>
    • +
  • POST /v1/register
    • +
  • GET /.well-known/webfinger?resource=acct:user@{server}
    • +
+ +

See the project repo +for the design doc and progress.

+ +
kez-chat-server v{version} — server: {server}
+ +"#, + server = state.config.server, + version = env!("CARGO_PKG_VERSION"), + )) +} + diff --git a/kez-chat/src/config.rs b/kez-chat/src/config.rs new file mode 100644 index 0000000..5a90b60 --- /dev/null +++ b/kez-chat/src/config.rs @@ -0,0 +1,40 @@ +//! Runtime configuration: HTTP bind, DB path, server domain, sig-server +//! URL. Read from CLI flags and/or environment variables. + +use std::net::SocketAddr; +use std::path::PathBuf; + +use clap::Parser; + +#[derive(Debug, Parser, Clone)] +#[command(name = "kez-chat-server")] +#[command(about = "KEZ chat home server — handle registry + NATS auth + static SPA")] +pub struct Config { + /// HTTP bind address. + #[arg(long, env = "KEZ_CHAT_BIND", default_value = "0.0.0.0:6969")] + pub bind: SocketAddr, + + /// SQLite database file for the handle registry. + #[arg(long, env = "KEZ_CHAT_DB", default_value = "kez-chat.db")] + pub db: PathBuf, + + /// This server's domain. Handles registered here belong to + /// `@`. Used to validate registrations and + /// answer WebFinger queries. + #[arg(long, env = "KEZ_CHAT_SERVER", default_value = "kez.lat")] + pub server: String, + + /// Base URL of the sig-server users should publish their sigchains to. + /// Returned in handle-lookup responses so clients know where to fetch. + #[arg( + long, + env = "KEZ_CHAT_SIG_SERVER_URL", + default_value = "http://localhost:7878" + )] + pub sig_server_url: String, + + /// Optional directory of static files to serve at `/` (the SPA build + /// output). If unset, `/` serves a built-in placeholder page. + #[arg(long, env = "KEZ_CHAT_WEB_DIR")] + pub web_dir: Option, +} diff --git a/kez-chat/src/error.rs b/kez-chat/src/error.rs new file mode 100644 index 0000000..28a8d1f --- /dev/null +++ b/kez-chat/src/error.rs @@ -0,0 +1,75 @@ +//! Structured API errors → JSON responses. + +use axum::Json; +use axum::http::StatusCode; +use axum::response::{IntoResponse, Response}; +use kez_core::KezError; +use serde_json::json; +use thiserror::Error; + +#[derive(Debug, Error)] +pub enum ApiError { + #[error("not found")] + NotFound, + #[error("bad request: {0}")] + BadRequest(String), + #[error("conflict: {0}")] + Conflict(String), + #[error("forbidden: {0}")] + Forbidden(String), + #[error("internal: {0}")] + Internal(String), +} + +impl ApiError { + fn status(&self) -> StatusCode { + match self { + ApiError::NotFound => StatusCode::NOT_FOUND, + ApiError::BadRequest(_) => StatusCode::BAD_REQUEST, + ApiError::Conflict(_) => StatusCode::CONFLICT, + ApiError::Forbidden(_) => StatusCode::FORBIDDEN, + ApiError::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR, + } + } + + fn code(&self) -> &'static str { + match self { + ApiError::NotFound => "not_found", + ApiError::BadRequest(_) => "bad_request", + ApiError::Conflict(_) => "conflict", + ApiError::Forbidden(_) => "forbidden", + ApiError::Internal(_) => "internal", + } + } +} + +impl IntoResponse for ApiError { + fn into_response(self) -> Response { + let status = self.status(); + let body = Json(json!({ + "error": { + "code": self.code(), + "message": self.to_string(), + } + })); + (status, body).into_response() + } +} + +impl From for ApiError { + fn from(e: KezError) -> Self { + ApiError::BadRequest(e.to_string()) + } +} + +impl From for ApiError { + fn from(e: rusqlite::Error) -> Self { + ApiError::Internal(format!("db: {e}")) + } +} + +impl From for ApiError { + fn from(e: serde_json::Error) -> Self { + ApiError::BadRequest(format!("json: {e}")) + } +} diff --git a/kez-chat/src/handles.rs b/kez-chat/src/handles.rs new file mode 100644 index 0000000..5c0a8c7 --- /dev/null +++ b/kez-chat/src/handles.rs @@ -0,0 +1,85 @@ +//! Handle validation. Handles look like email local-parts: short, +//! lowercase, restricted charset, must not collide with reserved names. + +use crate::error::ApiError; + +/// Names we never let users register (system / role / well-known). +/// Conservative starter list; operators can extend. +const RESERVED: &[&str] = &[ + "admin", "administrator", "root", "system", "api", "internal", + "kez", "support", "help", "abuse", "postmaster", "noreply", + "no-reply", "mailer-daemon", "webmaster", "hostmaster", + "www", "ftp", "mail", "smtp", "imap", "pop3", + "everyone", "all", "anyone", "nobody", +]; + +pub fn validate_handle(handle: &str) -> Result<(), ApiError> { + if handle.len() < 3 { + return Err(ApiError::BadRequest("handle must be at least 3 chars".into())); + } + if handle.len() > 32 { + return Err(ApiError::BadRequest("handle must be at most 32 chars".into())); + } + let bytes = handle.as_bytes(); + let first = bytes[0]; + if !(first.is_ascii_lowercase() || first.is_ascii_digit()) { + return Err(ApiError::BadRequest( + "handle must start with a lowercase letter or digit".into(), + )); + } + for &b in bytes { + let ok = b.is_ascii_lowercase() + || b.is_ascii_digit() + || b == b'-' + || b == b'_'; + if !ok { + return Err(ApiError::BadRequest(format!( + "handle contains invalid character: {:?}", + b as char + ))); + } + } + if RESERVED.contains(&handle) { + return Err(ApiError::Forbidden(format!("handle is reserved: {handle}"))); + } + Ok(()) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn accepts_normal_handles() { + for h in &["tudisco", "chris", "alice", "user_123", "ab-cd", "a1b2c3"] { + assert!(validate_handle(h).is_ok(), "expected ok: {h}"); + } + } + + #[test] + fn rejects_short_or_long() { + assert!(validate_handle("ab").is_err()); + assert!(validate_handle(&"a".repeat(33)).is_err()); + } + + #[test] + fn rejects_invalid_chars() { + for h in &["Tudisco", "ali.ce", "user@name", "name space", "emo😀"] { + assert!(validate_handle(h).is_err(), "expected err: {h}"); + } + } + + #[test] + fn rejects_bad_first_char() { + for h in &["-name", "_name"] { + assert!(validate_handle(h).is_err(), "expected err: {h}"); + } + } + + #[test] + fn rejects_reserved() { + for h in &["admin", "root", "kez", "noreply"] { + assert!(matches!(validate_handle(h), Err(ApiError::Forbidden(_)))); + } + } +} diff --git a/kez-chat/src/lib.rs b/kez-chat/src/lib.rs new file mode 100644 index 0000000..51c7099 --- /dev/null +++ b/kez-chat/src/lib.rs @@ -0,0 +1,14 @@ +//! Library crate so integration tests can drive the same router the +//! binary serves. + +pub mod api; +pub mod config; +pub mod error; +pub mod handles; +pub mod registration; +pub mod store; + +pub use api::{AppState, router}; +pub use config::Config; +pub use error::ApiError; +pub use store::Store; diff --git a/kez-chat/src/main.rs b/kez-chat/src/main.rs new file mode 100644 index 0000000..72df337 --- /dev/null +++ b/kez-chat/src/main.rs @@ -0,0 +1,51 @@ +//! Binary entry: parse config, open DB, build router, serve. + +use anyhow::Result; +use clap::Parser; +use kez_chat_server::{AppState, Config, Store, router}; +use tower_http::cors::{Any, CorsLayer}; +use tower_http::trace::TraceLayer; +use tracing_subscriber::EnvFilter; + +#[tokio::main] +async fn main() -> Result<()> { + tracing_subscriber::fmt() + .with_env_filter( + EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info")), + ) + .init(); + + let config = Config::parse(); + tracing::info!( + bind = %config.bind, + db = ?config.db, + server = %config.server, + sig_server_url = %config.sig_server_url, + web_dir = ?config.web_dir, + "starting kez-chat-server" + ); + + let store = Store::open(&config.db)?; + let state = AppState { store, config: config.clone() }; + + let app = router(state) + .layer(TraceLayer::new_for_http()) + .layer( + CorsLayer::new() + .allow_origin(Any) + .allow_methods(Any) + .allow_headers(Any), + ); + + let listener = tokio::net::TcpListener::bind(config.bind).await?; + tracing::info!(addr = %config.bind, "kez-chat-server listening"); + axum::serve(listener, app) + .with_graceful_shutdown(shutdown_signal()) + .await?; + Ok(()) +} + +async fn shutdown_signal() { + let _ = tokio::signal::ctrl_c().await; + tracing::info!("shutdown signal received"); +} diff --git a/kez-chat/src/registration.rs b/kez-chat/src/registration.rs new file mode 100644 index 0000000..e5ce305 --- /dev/null +++ b/kez-chat/src/registration.rs @@ -0,0 +1,89 @@ +//! Handle-registration request shape. +//! +//! A client requesting a handle constructs a [`RegistrationPayload`], +//! signs it with their KEZ primary key using the same JCS-canonical +//! envelope KEZ uses everywhere else, and POSTs the [`SignedRegistration`] +//! to `/v1/register`. The server validates the signature with +//! `kez_core::verify_envelope`, then checks the rest of the request +//! semantically (server matches, handle is allowed, timestamp window). + +use chrono::{DateTime, Duration, Utc}; +use kez_core::{Identity, SignatureBlock, verify_envelope}; +use serde::{Deserialize, Serialize}; + +use crate::error::ApiError; + +pub const REGISTRATION_TYPE: &str = "kez.chat.handle_registration"; +pub const ENVELOPE_TAG: &str = "handle_registration"; +pub const FORMAT_VERSION: u8 = 1; + +/// Max allowed clock skew between client and server for a registration +/// timestamp. Prevents replay of stale signed requests. +pub const MAX_CLOCK_SKEW: Duration = Duration::minutes(5); + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct RegistrationPayload { + #[serde(rename = "type")] + pub kind: String, + pub version: u8, + pub handle: String, + pub primary: Identity, + pub server: String, + pub created_at: DateTime, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct SignedRegistration { + pub kez: String, + pub payload: RegistrationPayload, + pub signature: SignatureBlock, +} + +impl SignedRegistration { + /// Run the format-level checks: envelope tag, payload type, version, + /// signature.key matches payload.primary, signature verifies. + /// Semantic checks (server match, handle allowed, clock skew) happen + /// in the route handler with access to `Config` and the registry. + pub fn verify_format(&self) -> Result<(), ApiError> { + if self.kez != ENVELOPE_TAG { + return Err(ApiError::BadRequest(format!( + "envelope tag must be \"{ENVELOPE_TAG}\", got: {:?}", + self.kez + ))); + } + if self.payload.kind != REGISTRATION_TYPE { + return Err(ApiError::BadRequest(format!( + "payload type must be \"{REGISTRATION_TYPE}\", got: {:?}", + self.payload.kind + ))); + } + if self.payload.version != FORMAT_VERSION { + return Err(ApiError::BadRequest(format!( + "unsupported payload version: {}", + self.payload.version + ))); + } + if self.signature.key != self.payload.primary { + return Err(ApiError::BadRequest(format!( + "signature.key ({}) does not match payload.primary ({})", + self.signature.key, self.payload.primary + ))); + } + verify_envelope(&self.payload, &self.signature) + .map_err(|e| ApiError::BadRequest(format!("signature: {e}")))?; + Ok(()) + } + + /// Confirm the timestamp is fresh enough — guards against replay of + /// old signed requests. + pub fn check_timestamp(&self, now: DateTime) -> Result<(), ApiError> { + let drift = (now - self.payload.created_at).num_seconds().abs(); + if drift > MAX_CLOCK_SKEW.num_seconds() { + return Err(ApiError::BadRequest(format!( + "created_at is {drift}s from server time; must be within {}s", + MAX_CLOCK_SKEW.num_seconds() + ))); + } + Ok(()) + } +} diff --git a/kez-chat/src/store.rs b/kez-chat/src/store.rs new file mode 100644 index 0000000..8ff715c --- /dev/null +++ b/kez-chat/src/store.rs @@ -0,0 +1,157 @@ +//! SQLite-backed handle registry. + +use std::path::Path; +use std::sync::Arc; + +use chrono::{DateTime, Utc}; +use kez_core::Identity; +use rusqlite::{Connection, OptionalExtension, params}; +use tokio::sync::Mutex; + +use crate::error::ApiError; + +#[derive(Debug, Clone)] +pub struct HandleRecord { + pub handle: String, + pub primary: Identity, + pub registered_at: DateTime, +} + +#[derive(Clone)] +pub struct Store { + inner: Arc>, +} + +impl Store { + pub fn open(path: &Path) -> Result { + let conn = Connection::open(path)?; + init_schema(&conn)?; + Ok(Self { + inner: Arc::new(Mutex::new(conn)), + }) + } + + pub fn open_in_memory() -> Result { + let conn = Connection::open_in_memory()?; + init_schema(&conn)?; + Ok(Self { + inner: Arc::new(Mutex::new(conn)), + }) + } + + /// Reserve a handle for a primary key. Fails with Conflict if the + /// handle is already taken, or if this primary key has already + /// registered a (different) handle. + pub async fn register(&self, record: &HandleRecord) -> Result<(), ApiError> { + let conn = self.inner.lock().await; + conn.execute( + "INSERT INTO handles (handle, primary_id, registered_at) + VALUES (?1, ?2, ?3)", + params![ + record.handle, + record.primary.to_string(), + record.registered_at.to_rfc3339(), + ], + ) + .map_err(|e| match e { + rusqlite::Error::SqliteFailure(err, _) + if err.code == rusqlite::ErrorCode::ConstraintViolation => + { + ApiError::Conflict("handle is already taken".into()) + } + other => ApiError::Internal(format!("db: {other}")), + })?; + Ok(()) + } + + /// Look up the record for `handle`. Returns None if not registered. + pub async fn lookup(&self, handle: &str) -> Result, ApiError> { + let conn = self.inner.lock().await; + let row = conn + .query_row( + "SELECT handle, primary_id, registered_at + FROM handles WHERE handle = ?1", + params![handle], + |row| { + let handle: String = row.get(0)?; + let primary_id: String = row.get(1)?; + let registered_at: String = row.get(2)?; + Ok((handle, primary_id, registered_at)) + }, + ) + .optional()?; + + match row { + None => Ok(None), + Some((handle, primary_id, registered_at)) => { + let primary = Identity::parse(primary_id).map_err(|e| { + ApiError::Internal(format!("stored primary not parseable: {e}")) + })?; + let registered_at = DateTime::parse_from_rfc3339(®istered_at) + .map_err(|e| { + ApiError::Internal(format!("stored timestamp not parseable: {e}")) + })? + .with_timezone(&Utc); + Ok(Some(HandleRecord { + handle, + primary, + registered_at, + })) + } + } + } + + /// Look up the record for a primary key — used by the NATS auth + /// callout: NATS sends us a connecting client's nkey, we figure out + /// which handle (if any) owns it. + pub async fn lookup_by_primary( + &self, + primary: &Identity, + ) -> Result, ApiError> { + let conn = self.inner.lock().await; + let row = conn + .query_row( + "SELECT handle, primary_id, registered_at + FROM handles WHERE primary_id = ?1", + params![primary.to_string()], + |row| { + let handle: String = row.get(0)?; + let primary_id: String = row.get(1)?; + let registered_at: String = row.get(2)?; + Ok((handle, primary_id, registered_at)) + }, + ) + .optional()?; + + match row { + None => Ok(None), + Some((handle, primary_id, registered_at)) => { + let primary = Identity::parse(primary_id).map_err(|e| { + ApiError::Internal(format!("stored primary not parseable: {e}")) + })?; + let registered_at = DateTime::parse_from_rfc3339(®istered_at) + .map_err(|e| { + ApiError::Internal(format!("stored timestamp not parseable: {e}")) + })? + .with_timezone(&Utc); + Ok(Some(HandleRecord { + handle, + primary, + registered_at, + })) + } + } + } +} + +fn init_schema(conn: &Connection) -> Result<(), rusqlite::Error> { + conn.execute_batch( + "CREATE TABLE IF NOT EXISTS handles ( + handle TEXT NOT NULL PRIMARY KEY, + primary_id TEXT NOT NULL UNIQUE, + registered_at TEXT NOT NULL + ); + CREATE INDEX IF NOT EXISTS idx_handles_primary + ON handles (primary_id);", + ) +} diff --git a/kez-chat/tests/http.rs b/kez-chat/tests/http.rs new file mode 100644 index 0000000..7187971 --- /dev/null +++ b/kez-chat/tests/http.rs @@ -0,0 +1,315 @@ +//! Integration tests: stand up the real router on a random local port, +//! drive it with `reqwest`. No mocks — exercises the full HTTP + SQLite + +//! kez-core signature path. + +use std::net::SocketAddr; +use std::path::PathBuf; + +use chrono::{DateTime, Utc}; +use kez_chat_server::{AppState, Config, Store, router}; +use kez_chat_server::registration::{ + ENVELOPE_TAG, FORMAT_VERSION, REGISTRATION_TYPE, RegistrationPayload, SignedRegistration, +}; +use kez_core::{ + Ed25519Secret, Identity, SignatureBlock, ED25519_SHA512_ALG, canonical_bytes, +}; +use reqwest::StatusCode; +use serde_json::Value; +use sha2::{Digest, Sha256}; + +struct TestServer { + base: String, + #[allow(dead_code)] + handle: tokio::task::JoinHandle<()>, +} + +async fn spawn_server() -> TestServer { + spawn_server_with_config(default_config()).await +} + +fn default_config() -> Config { + Config { + bind: SocketAddr::from(([127, 0, 0, 1], 0)), + db: PathBuf::from(":memory:"), // unused (we open in-memory below) + server: "kez.test".to_owned(), + sig_server_url: "http://sig.test".to_owned(), + web_dir: None, + } +} + +async fn spawn_server_with_config(config: Config) -> TestServer { + let store = Store::open_in_memory().unwrap(); + let state = AppState { store, config }; + let app = router(state); + let listener = tokio::net::TcpListener::bind(SocketAddr::from(([127, 0, 0, 1], 0))) + .await + .unwrap(); + let addr = listener.local_addr().unwrap(); + let handle = tokio::spawn(async move { + axum::serve(listener, app).await.unwrap(); + }); + TestServer { + base: format!("http://{addr}"), + handle, + } +} + +fn sign_registration( + secret: &Ed25519Secret, + handle: &str, + server: &str, + created_at: DateTime, +) -> SignedRegistration { + let primary = secret.identity().unwrap(); + let payload = RegistrationPayload { + kind: REGISTRATION_TYPE.to_owned(), + version: FORMAT_VERSION, + handle: handle.to_owned(), + primary: primary.clone(), + server: server.to_owned(), + created_at, + }; + let jcs = canonical_bytes(&payload).unwrap(); + let sig = secret.sign(&jcs); + SignedRegistration { + kez: ENVELOPE_TAG.to_owned(), + payload, + signature: SignatureBlock { + alg: ED25519_SHA512_ALG.to_owned(), + key: primary, + sig: hex::encode(sig), + }, + } +} + +#[tokio::test] +async fn healthz_returns_ok() { + let server = spawn_server().await; + let resp = reqwest::get(format!("{}/v1/healthz", server.base)) + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::OK); + let body: Value = resp.json().await.unwrap(); + assert_eq!(body["status"], "ok"); + assert_eq!(body["server"], "kez.test"); +} + +#[tokio::test] +async fn unknown_handle_returns_404() { + let server = spawn_server().await; + let resp = reqwest::get(format!("{}/v1/u/ghost", server.base)) + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::NOT_FOUND); +} + +#[tokio::test] +async fn register_then_lookup_round_trip() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let req = sign_registration(&secret, "tudisco", "kez.test", Utc::now()); + + let client = reqwest::Client::new(); + let post = client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + assert_eq!(post.status(), StatusCode::CREATED); + let posted: Value = post.json().await.unwrap(); + assert_eq!(posted["handle"], "tudisco"); + assert_eq!(posted["fqhn"], "tudisco@kez.test"); + + let get = reqwest::get(format!("{}/v1/u/tudisco", server.base)) + .await + .unwrap(); + assert_eq!(get.status(), StatusCode::OK); + let looked: Value = get.json().await.unwrap(); + assert_eq!(looked["handle"], "tudisco"); + assert_eq!(looked["primary"], secret.identity().unwrap().to_string()); +} + +#[tokio::test] +async fn rejects_duplicate_handle() { + let server = spawn_server().await; + let a = Ed25519Secret::generate(); + let b = Ed25519Secret::generate(); + + let req_a = sign_registration(&a, "tudisco", "kez.test", Utc::now()); + let req_b = sign_registration(&b, "tudisco", "kez.test", Utc::now()); + + let client = reqwest::Client::new(); + let r1 = client + .post(format!("{}/v1/register", server.base)) + .json(&req_a) + .send() + .await + .unwrap(); + assert_eq!(r1.status(), StatusCode::CREATED); + + let r2 = client + .post(format!("{}/v1/register", server.base)) + .json(&req_b) + .send() + .await + .unwrap(); + assert_eq!(r2.status(), StatusCode::CONFLICT); +} + +#[tokio::test] +async fn rejects_wrong_server() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let req = sign_registration(&secret, "tudisco", "other.example", Utc::now()); + let client = reqwest::Client::new(); + let resp = client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::BAD_REQUEST); +} + +#[tokio::test] +async fn rejects_reserved_handle() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let req = sign_registration(&secret, "admin", "kez.test", Utc::now()); + let client = reqwest::Client::new(); + let resp = client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::FORBIDDEN); +} + +#[tokio::test] +async fn rejects_tampered_signature() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let mut req = sign_registration(&secret, "tudisco", "kez.test", Utc::now()); + // Tamper: flip the handle after signing. Signature still references + // the original handle, but payload now claims a different one. + req.payload.handle = "imposter".to_owned(); + + let client = reqwest::Client::new(); + let resp = client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::BAD_REQUEST); +} + +#[tokio::test] +async fn rejects_stale_timestamp() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let stale = Utc::now() - chrono::Duration::hours(1); + let req = sign_registration(&secret, "tudisco", "kez.test", stale); + + let client = reqwest::Client::new(); + let resp = client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::BAD_REQUEST); + let body: Value = resp.json().await.unwrap(); + let msg = body["error"]["message"].as_str().unwrap(); + assert!(msg.contains("created_at"), "got: {msg}"); +} + +#[tokio::test] +async fn webfinger_finds_registered_user() { + let server = spawn_server().await; + let secret = Ed25519Secret::generate(); + let req = sign_registration(&secret, "tudisco", "kez.test", Utc::now()); + let client = reqwest::Client::new(); + client + .post(format!("{}/v1/register", server.base)) + .json(&req) + .send() + .await + .unwrap(); + + let url = format!( + "{}/.well-known/webfinger?resource=acct:tudisco@kez.test", + server.base + ); + let resp = reqwest::get(&url).await.unwrap(); + assert_eq!(resp.status(), StatusCode::OK); + let body: Value = resp.json().await.unwrap(); + assert_eq!(body["subject"], "acct:tudisco@kez.test"); + assert!(body["links"].is_array()); +} + +#[tokio::test] +async fn webfinger_rejects_wrong_server() { + let server = spawn_server().await; + let resp = reqwest::get(format!( + "{}/.well-known/webfinger?resource=acct:tudisco@other.example", + server.base + )) + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::NOT_FOUND); +} + +#[tokio::test] +async fn placeholder_index_renders() { + let server = spawn_server().await; + let resp = reqwest::get(format!("{}/", server.base)).await.unwrap(); + assert_eq!(resp.status(), StatusCode::OK); + let text = resp.text().await.unwrap(); + assert!(text.contains("kez-chat")); + assert!(text.contains("kez.test")); +} + +#[tokio::test] +async fn nats_auth_callout_stub_returns_not_implemented() { + let server = spawn_server().await; + let client = reqwest::Client::new(); + let resp = client + .post(format!("{}/internal/nats/auth", server.base)) + .json(&serde_json::json!({})) + .send() + .await + .unwrap(); + assert_eq!(resp.status(), StatusCode::NOT_IMPLEMENTED); +} + +// Sanity: signing the same payload twice with the same Ed25519 key +// gives the same signature. Catches any accidental non-determinism in +// the JCS pipeline. +#[tokio::test] +async fn registration_signing_is_deterministic() { + let seed = "4242424242424242424242424242424242424242424242424242424242424242"; + let secret = Ed25519Secret::from_seed_hex(seed).unwrap(); + let payload = RegistrationPayload { + kind: REGISTRATION_TYPE.to_owned(), + version: FORMAT_VERSION, + handle: "tudisco".to_owned(), + primary: secret.identity().unwrap(), + server: "kez.lat".to_owned(), + created_at: DateTime::parse_from_rfc3339("2026-01-01T00:00:00Z") + .unwrap() + .with_timezone(&Utc), + }; + let jcs1 = canonical_bytes(&payload).unwrap(); + let jcs2 = canonical_bytes(&payload).unwrap(); + assert_eq!(jcs1, jcs2); + + let sig1 = secret.sign(&jcs1); + let sig2 = secret.sign(&jcs2); + assert_eq!(sig1, sig2); + + // Hash for human eyeballing in CI logs. + let _ = Sha256::digest(&jcs1); +} diff --git a/rust/crates/kez-core/src/lib.rs b/rust/crates/kez-core/src/lib.rs index cb91a19..38070a2 100644 --- a/rust/crates/kez-core/src/lib.rs +++ b/rust/crates/kez-core/src/lib.rs @@ -853,6 +853,27 @@ fn sign_jcs_schnorr_hex(payload: &T, signer: &NostrSecret) -> Resu Ok(hex::encode(signature.as_ref())) } +/// Verify a `SignatureBlock` against an arbitrary payload. Dispatches on +/// `signature.alg`. Used by `SignedClaim::verify` and +/// `SignedSigchainEvent::verify` internally; downstream crates (e.g. the +/// chat-server's handle-registration verifier) call it for non-claim +/// payloads that share the envelope shape. +pub fn verify_envelope( + payload: &T, + signature: &SignatureBlock, +) -> Result<()> { + match signature.alg.as_str() { + NOSTR_SCHNORR_ALG => { + verify_jcs_schnorr_hex(payload, signature.key.value(), &signature.sig) + } + ED25519_SHA512_ALG => { + let jcs = canonical_bytes(payload)?; + verify_ed25519_hex(signature.key.value(), &jcs, &signature.sig) + } + other => Err(KezError::UnsupportedAlgorithm(other.to_owned())), + } +} + fn verify_jcs_schnorr_hex(payload: &T, npub: &str, sig: &str) -> Result<()> { let public_key = decode_npub(npub)?; let signature = Signature::from_slice(&hex::decode(sig)?)?;