111b23b94b
First runnable kez-chat-server binary plus its docker-compose deploy
recipe. Implements steps 2-3 of the document.md sequenced plan; the
rust-lib refactor (step 1) is deferred — chat-server path-deps on
rust/crates/kez-core for now, which works and matches what
rust-sig-server already does.
What's in this commit:
kez-core (1-line change)
- New public `verify_envelope<T>(payload, signature)` helper that
dispatches Schnorr / Ed25519 / future suites by signature.alg.
Used by chat-server's registration verifier; downstream value
beyond chat-server too.
kez-chat-server (new crate)
- src/main.rs: tokio + axum + tracing entry; clap config; graceful
Ctrl-C shutdown.
- src/lib.rs: re-exports so tests can drive the same router.
- src/config.rs: env/flag config (bind, db, server, sig_server_url,
web_dir) with defaults sane for both dev and prod.
- src/error.rs: typed ApiError → structured JSON responses with
stable error codes.
- src/store.rs: SQLite-backed handle registry, UNIQUE on both
(handle) and (primary_id); race-safe via SQL primary key.
- src/handles.rs: username validation (length, charset, reserved
list, must start with letter/digit).
- src/registration.rs: SignedRegistration envelope sharing KEZ's
JCS canonical-bytes pattern; signature verification via the new
kez-core helper; replay protection via ±5-minute clock skew check.
- src/api.rs: all six routes in one file —
GET /v1/healthz
GET /v1/u/:handle
POST /v1/register
GET /.well-known/webfinger
POST /internal/nats/auth (501 stub for v0.1; wired up in v0.2)
GET / (placeholder HTML; ServeDir when web/dist exists)
tests/http.rs — 13 integration tests
- Stands up the real router on a random port; uses reqwest.
- Coverage: healthz, lookup-404, full register→lookup round-trip,
duplicate-handle conflict, wrong-server rejection, reserved-name
rejection, tampered-signature rejection, stale-timestamp rejection,
WebFinger success + wrong-server-404, placeholder SPA renders,
NATS callout 501, JCS determinism sanity.
deploy/
- Dockerfile: multi-stage build (rust:1.86-slim → debian:bookworm-slim).
Build context is repo root so the path dep on kez-core resolves.
Runtime image ~50 MB; runs as non-root uid 10001.
- Dockerfile.sig-server: same pattern for the existing
rust-sig-server, so the stack builds from one git pull.
- docker-compose.yml: three services (chat-server + nats + sig-server)
with named volumes for persistence. Ports: 6969 (chat HTTP),
4222/8443/8222 (NATS native/ws/monitoring), 7878 (sig-server).
- nats.conf: WebSocket on 8443 for the browser SPA, JetStream
enabled, auth_callout pointing at chat-server's
/internal/nats/auth endpoint (issuer nkey is a placeholder — must
be replaced with a real one before going live).
README.md
- Documents all endpoints with example bodies.
- Quick-start for both local dev and full Docker compose.
- Honest list of what's in v0.1 vs what's still stubbed.
Smoke-tested running on 127.0.0.1:6969:
GET /v1/healthz → {"server":"kez.lat","status":"ok","version":"0.1.0"}
GET / → placeholder HTML rendering
GET /v1/u/ghost → 404
POST /internal/nats/auth → 501 with "wired up in v0.2"
cargo test → 13 passed.
cargo build --release → 19.6s, clean.
86 lines
2.6 KiB
Rust
86 lines
2.6 KiB
Rust
//! Handle validation. Handles look like email local-parts: short,
|
|
//! lowercase, restricted charset, must not collide with reserved names.
|
|
|
|
use crate::error::ApiError;
|
|
|
|
/// Names we never let users register (system / role / well-known).
|
|
/// Conservative starter list; operators can extend.
|
|
const RESERVED: &[&str] = &[
|
|
"admin", "administrator", "root", "system", "api", "internal",
|
|
"kez", "support", "help", "abuse", "postmaster", "noreply",
|
|
"no-reply", "mailer-daemon", "webmaster", "hostmaster",
|
|
"www", "ftp", "mail", "smtp", "imap", "pop3",
|
|
"everyone", "all", "anyone", "nobody",
|
|
];
|
|
|
|
pub fn validate_handle(handle: &str) -> Result<(), ApiError> {
|
|
if handle.len() < 3 {
|
|
return Err(ApiError::BadRequest("handle must be at least 3 chars".into()));
|
|
}
|
|
if handle.len() > 32 {
|
|
return Err(ApiError::BadRequest("handle must be at most 32 chars".into()));
|
|
}
|
|
let bytes = handle.as_bytes();
|
|
let first = bytes[0];
|
|
if !(first.is_ascii_lowercase() || first.is_ascii_digit()) {
|
|
return Err(ApiError::BadRequest(
|
|
"handle must start with a lowercase letter or digit".into(),
|
|
));
|
|
}
|
|
for &b in bytes {
|
|
let ok = b.is_ascii_lowercase()
|
|
|| b.is_ascii_digit()
|
|
|| b == b'-'
|
|
|| b == b'_';
|
|
if !ok {
|
|
return Err(ApiError::BadRequest(format!(
|
|
"handle contains invalid character: {:?}",
|
|
b as char
|
|
)));
|
|
}
|
|
}
|
|
if RESERVED.contains(&handle) {
|
|
return Err(ApiError::Forbidden(format!("handle is reserved: {handle}")));
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
|
|
#[test]
|
|
fn accepts_normal_handles() {
|
|
for h in &["tudisco", "chris", "alice", "user_123", "ab-cd", "a1b2c3"] {
|
|
assert!(validate_handle(h).is_ok(), "expected ok: {h}");
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn rejects_short_or_long() {
|
|
assert!(validate_handle("ab").is_err());
|
|
assert!(validate_handle(&"a".repeat(33)).is_err());
|
|
}
|
|
|
|
#[test]
|
|
fn rejects_invalid_chars() {
|
|
for h in &["Tudisco", "ali.ce", "user@name", "name space", "emo😀"] {
|
|
assert!(validate_handle(h).is_err(), "expected err: {h}");
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn rejects_bad_first_char() {
|
|
for h in &["-name", "_name"] {
|
|
assert!(validate_handle(h).is_err(), "expected err: {h}");
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn rejects_reserved() {
|
|
for h in &["admin", "root", "kez", "noreply"] {
|
|
assert!(matches!(validate_handle(h), Err(ApiError::Forbidden(_))));
|
|
}
|
|
}
|
|
}
|