feat(pubky): add PubkyClient::auth_request and send_auth_token

Author: Nuhvi

examples/authz/authenticator/src/main.rs

@@ -61,7 +61,7 @@ async fn main() -> Result<()> {
     }
 
     for cap in &required_capabilities {
-        println!("    {} : {:?}", cap.resource, cap.abilities);
+        println!("    {} : {:?}", cap.scope, cap.abilities);
     }
 
     // === Consent form ===

pubky-common/src/auth.rs

@@ -64,7 +64,7 @@ impl AuthToken {
         &self.capabilities.0
     }
 
-    fn verify(bytes: &[u8]) -> Result<Self, Error> {
+    pub fn verify(bytes: &[u8]) -> Result<Self, Error> {
         if bytes[75] > CURRENT_VERSION {
             return Err(Error::UnknownVersion);
         }

pubky-common/src/capabilities.rs

@@ -4,25 +4,25 @@ use serde::{Deserialize, Serialize};
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct Capability {
-    pub resource: String,
+    pub scope: String,
     pub abilities: Vec<Ability>,
 }
 
 impl Capability {
     /// Create a root [Capability] at the `/` path with all the available [PubkyAbility]
     pub fn root() -> Self {
         Capability {
-            resource: "/".to_string(),
+            scope: "/".to_string(),
             abilities: vec![Ability::Read, Ability::Write],
         }
     }
 }
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum Ability {
-    /// Can read the resource at the specified path (GET requests).
+    /// Can read the scope at the specified path (GET requests).
     Read,
-    /// Can write to the resource at the specified path (PUT/POST/DELETE requests).
+    /// Can write to the scope at the specified path (PUT/POST/DELETE requests).
     Write,
     /// Unknown ability
     Unknown(char),
@@ -55,7 +55,7 @@ impl Display for Capability {
         write!(
             f,
             "{}:{}",
-            self.resource,
+            self.scope,
             self.abilities.iter().map(char::from).collect::<String>()
         )
     }
@@ -78,7 +78,7 @@ impl TryFrom<&str> for Capability {
         }
 
         if !value.starts_with('/') {
-            return Err(Error::InvalidResource);
+            return Err(Error::InvalidScope);
         }
 
         let abilities_str = value.rsplit(':').next().unwrap_or("");
@@ -96,12 +96,9 @@ impl TryFrom<&str> for Capability {
             }
         }
 
-        let resource = value[0..value.len() - abilities_str.len() - 1].to_string();
+        let scope = value[0..value.len() - abilities_str.len() - 1].to_string();
 
-        Ok(Capability {
-            resource,
-            abilities,
-        })
+        Ok(Capability { scope, abilities })
     }
 }
 
@@ -129,12 +126,14 @@ impl<'de> Deserialize<'de> for Capability {
 
 #[derive(thiserror::Error, Debug, PartialEq, Eq)]
 pub enum Error {
-    #[error("Capability: Invalid resource path: does not start with `/`")]
-    InvalidResource,
-    #[error("Capability: Invalid format should be <resource>:<abilities>")]
+    #[error("Capability: Invalid scope: does not start with `/`")]
+    InvalidScope,
+    #[error("Capability: Invalid format should be <scope>:<abilities>")]
     InvalidFormat,
     #[error("Capability: Invalid Ability")]
     InvalidAbility,
+    #[error("Capabilities: Invalid capabilities format")]
+    InvalidCapabilities,
 }
 
 #[derive(Clone, Default, Debug, PartialEq, Eq)]
@@ -160,19 +159,41 @@ impl From<Capabilities> for Vec<Capability> {
     }
 }
 
-impl Serialize for Capabilities {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
+impl TryFrom<&str> for Capabilities {
+    type Error = Error;
+
+    fn try_from(value: &str) -> Result<Self, Self::Error> {
+        let mut caps = vec![];
+
+        for s in value.split(',') {
+            if let Ok(cap) = Capability::try_from(s) {
+                caps.push(cap);
+            };
+        }
+
+        Ok(Capabilities(caps))
+    }
+}
+
+impl Display for Capabilities {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let string = self
             .0
             .iter()
             .map(|c| c.to_string())
             .collect::<Vec<_>>()
             .join(",");
 
-        string.serialize(serializer)
+        write!(f, "{}", string)
+    }
+}
+
+impl Serialize for Capabilities {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        self.to_string().serialize(serializer)
     }
 }
 
@@ -202,7 +223,7 @@ mod tests {
     #[test]
     fn pubky_caps() {
         let cap = Capability {
-            resource: "/pub/pubky.app/".to_string(),
+            scope: "/pub/pubky.app/".to_string(),
             abilities: vec![Ability::Read, Ability::Write],
         };
 

pubky-common/src/session.rs

@@ -1,3 +1,4 @@
+use pkarr::PublicKey;
 use postcard::{from_bytes, to_allocvec};
 use serde::{Deserialize, Serialize};
 
@@ -9,9 +10,10 @@ use crate::{auth::AuthToken, capabilities::Capability, timestamp::Timestamp};
 // TODO: add IP address?
 // TODO: use https://crates.io/crates/user-agent-parser to parse the session
 // and get more informations from the user-agent.
-#[derive(Clone, Default, Serialize, Deserialize, Debug, Eq, PartialEq)]
+#[derive(Clone, Serialize, Deserialize, Debug, Eq, PartialEq)]
 pub struct Session {
     pub version: usize,
+    pub pubky: PublicKey,
     pub created_at: u64,
     /// User specified name, defaults to the user-agent.
     pub name: String,
@@ -21,18 +23,14 @@ pub struct Session {
 
 impl Session {
     pub fn new(token: &AuthToken, user_agent: Option<String>) -> Self {
-        let mut session = Self {
+        Self {
+            version: 0,
+            pubky: token.pubky().to_owned(),
             created_at: Timestamp::now().into_inner(),
-            ..Default::default()
-        };
-
-        session.set_capabilities(token.capabilities().to_vec());
-
-        if let Some(user_agent) = user_agent {
-            session.set_user_agent(user_agent);
+            capabilities: token.capabilities().to_vec(),
+            user_agent: user_agent.as_deref().unwrap_or("").to_string(),
+            name: user_agent.as_deref().unwrap_or("").to_string(),
         }
-
-        session
     }
 
     // === Setters ===
@@ -82,21 +80,33 @@ pub enum Error {
 
 #[cfg(test)]
 mod tests {
+    use crate::crypto::Keypair;
+
     use super::*;
 
     #[test]
     fn serialize() {
+        let keypair = Keypair::from_secret_key(&[0; 32]);
+        let pubky = keypair.public_key();
+
         let session = Session {
             user_agent: "foo".to_string(),
             capabilities: vec![Capability::root()],
-            ..Default::default()
+            created_at: 0,
+            pubky,
+            version: 0,
+            name: "".to_string(),
         };
 
         let serialized = session.serialize();
 
         assert_eq!(
             serialized,
-            [0, 0, 0, 3, 102, 111, 111, 1, 4, 47, 58, 114, 119]
+            [
+                0, 59, 106, 39, 188, 206, 182, 164, 45, 98, 163, 168, 208, 42, 111, 13, 115, 101,
+                50, 21, 119, 29, 226, 67, 166, 58, 192, 72, 161, 139, 89, 218, 41, 0, 0, 3, 102,
+                111, 111, 1, 4, 47, 58, 114, 119
+            ]
         );
 
         let deseiralized = Session::deserialize(&serialized).unwrap();

pubky-homeserver/src/routes/auth.rs

@@ -113,11 +113,13 @@ pub async fn signin(
 
     let session_secret = base32::encode(base32::Alphabet::Crockford, &random_bytes(16));
 
-    state.db.tables.sessions.put(
-        &mut wtxn,
-        &session_secret,
-        &Session::new(&token, user_agent.map(|ua| ua.to_string())).serialize(),
-    )?;
+    let session = Session::new(&token, user_agent.map(|ua| ua.to_string())).serialize();
+
+    state
+        .db
+        .tables
+        .sessions
+        .put(&mut wtxn, &session_secret, &session)?;
 
     let mut cookie = Cookie::new(public_key.to_string(), session_secret);
 
@@ -132,7 +134,5 @@ pub async fn signin(
 
     wtxn.commit()?;
 
-    // TODO: return session to save extra call?
-
-    Ok(())
+    Ok(session)
 }

pubky/Cargo.toml

@@ -15,10 +15,11 @@ thiserror = "1.0.62"
 wasm-bindgen = "0.2.92"
 url = "2.5.2"
 bytes = "^1.7.1"
+base64 = "0.22.1"
 
 pubky-common = { version = "0.1.0", path = "../pubky-common" }
 pkarr = { workspace = true, features = ["async"] }
-base64 = "0.22.1"
+tokio = { version = "1.37.0", features = ["full"] }
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 reqwest = { version = "0.12.5", features = ["cookies", "rustls-tls"], default-features = false }

pubky/src/native.rs

@@ -128,7 +128,7 @@ impl PubkyClient {
     }
 
     /// Signin to a homeserver.
-    pub async fn signin(&self, keypair: &Keypair) -> Result<()> {
+    pub async fn signin(&self, keypair: &Keypair) -> Result<Session> {
         self.inner_signin(keypair).await
     }
 
@@ -192,6 +192,6 @@ impl PubkyClient {
         self.http.request(method, url)
     }
 
-    pub(crate) fn store_session(&self, _: Response) {}
+    pub(crate) fn store_session(&self, _: &Response) {}
     pub(crate) fn remove_session(&self, _: &PublicKey) {}
 }