refactor project structure

2026-04-01 21:13:09 +00:00 · 2025-12-20 02:55:49 -07:00
parent 7c12b58bb5
commit e859c1adb1
382 changed files with 671 additions and 3952 deletions
--- a/core/src/account.rs
+++ b/core/src/account.rs
@@ -0,0 +1,158 @@
+use std::collections::BTreeMap;
+use std::time::SystemTime;
+
+use imbl_value::InternedString;
+use openssl::pkey::{PKey, Private};
+use openssl::x509::X509;
+
+use crate::db::model::DatabaseModel;
+use crate::hostname::{Hostname, generate_hostname, generate_id};
+use crate::net::ssl::{gen_nistp256, make_root_cert};
+use crate::net::tor::TorSecretKey;
+use crate::prelude::*;
+use crate::util::serde::Pem;
+
+fn hash_password(password: &str) -> Result<String, Error> {
+    argon2::hash_encoded(
+        password.as_bytes(),
+        &rand::random::<[u8; 16]>()[..],
+        &argon2::Config::rfc9106_low_mem(),
+    )
+    .with_kind(crate::ErrorKind::PasswordHashGeneration)
+}
+
+#[derive(Clone)]
+pub struct AccountInfo {
+    pub server_id: String,
+    pub hostname: Hostname,
+    pub password: String,
+    pub tor_keys: Vec<TorSecretKey>,
+    pub root_ca_key: PKey<Private>,
+    pub root_ca_cert: X509,
+    pub ssh_key: ssh_key::PrivateKey,
+    pub developer_key: ed25519_dalek::SigningKey,
+}
+impl AccountInfo {
+    pub fn new(password: &str, start_time: SystemTime) -> Result<Self, Error> {
+        let server_id = generate_id();
+        let hostname = generate_hostname();
+        let tor_key = vec![TorSecretKey::generate()];
+        let root_ca_key = gen_nistp256()?;
+        let root_ca_cert = make_root_cert(&root_ca_key, &hostname, start_time)?;
+        let ssh_key = ssh_key::PrivateKey::from(ssh_key::private::Ed25519Keypair::random(
+            &mut ssh_key::rand_core::OsRng::default(),
+        ));
+        let developer_key =
+            ed25519_dalek::SigningKey::generate(&mut ssh_key::rand_core::OsRng::default());
+        Ok(Self {
+            server_id,
+            hostname,
+            password: hash_password(password)?,
+            tor_keys: tor_key,
+            root_ca_key,
+            root_ca_cert,
+            ssh_key,
+            developer_key,
+        })
+    }
+
+    pub fn load(db: &DatabaseModel) -> Result<Self, Error> {
+        let server_id = db.as_public().as_server_info().as_id().de()?;
+        let hostname = Hostname(db.as_public().as_server_info().as_hostname().de()?);
+        let password = db.as_private().as_password().de()?;
+        let key_store = db.as_private().as_key_store();
+        let tor_addrs = db
+            .as_public()
+            .as_server_info()
+            .as_network()
+            .as_host()
+            .as_onions()
+            .de()?;
+        let tor_keys = tor_addrs
+            .into_iter()
+            .map(|tor_addr| key_store.as_onion().get_key(&tor_addr))
+            .collect::<Result<_, _>>()?;
+        let cert_store = key_store.as_local_certs();
+        let root_ca_key = cert_store.as_root_key().de()?.0;
+        let root_ca_cert = cert_store.as_root_cert().de()?.0;
+        let ssh_key = db.as_private().as_ssh_privkey().de()?.0;
+        let compat_s9pk_key = db.as_private().as_developer_key().de()?.0;
+
+        Ok(Self {
+            server_id,
+            hostname,
+            password,
+            tor_keys,
+            root_ca_key,
+            root_ca_cert,
+            ssh_key,
+            developer_key: compat_s9pk_key,
+        })
+    }
+
+    pub fn save(&self, db: &mut DatabaseModel) -> Result<(), Error> {
+        let server_info = db.as_public_mut().as_server_info_mut();
+        server_info.as_id_mut().ser(&self.server_id)?;
+        server_info.as_hostname_mut().ser(&self.hostname.0)?;
+        server_info
+            .as_pubkey_mut()
+            .ser(&self.ssh_key.public_key().to_openssh()?)?;
+        server_info
+            .as_network_mut()
+            .as_host_mut()
+            .as_onions_mut()
+            .ser(
+                &self
+                    .tor_keys
+                    .iter()
+                    .map(|tor_key| tor_key.onion_address())
+                    .collect(),
+            )?;
+        server_info.as_password_hash_mut().ser(&self.password)?;
+        db.as_private_mut().as_password_mut().ser(&self.password)?;
+        db.as_private_mut()
+            .as_ssh_privkey_mut()
+            .ser(Pem::new_ref(&self.ssh_key))?;
+        db.as_private_mut()
+            .as_developer_key_mut()
+            .ser(Pem::new_ref(&self.developer_key))?;
+        let key_store = db.as_private_mut().as_key_store_mut();
+        for tor_key in &self.tor_keys {
+            key_store.as_onion_mut().insert_key(tor_key)?;
+        }
+        let cert_store = key_store.as_local_certs_mut();
+        if cert_store.as_root_cert().de()?.0 != self.root_ca_cert {
+            cert_store
+                .as_root_key_mut()
+                .ser(Pem::new_ref(&self.root_ca_key))?;
+            cert_store
+                .as_root_cert_mut()
+                .ser(Pem::new_ref(&self.root_ca_cert))?;
+            let int_key = crate::net::ssl::gen_nistp256()?;
+            let int_cert =
+                crate::net::ssl::make_int_cert((&self.root_ca_key, &self.root_ca_cert), &int_key)?;
+            cert_store.as_int_key_mut().ser(&Pem(int_key))?;
+            cert_store.as_int_cert_mut().ser(&Pem(int_cert))?;
+            cert_store.as_leaves_mut().ser(&BTreeMap::new())?;
+        }
+        Ok(())
+    }
+
+    pub fn set_password(&mut self, password: &str) -> Result<(), Error> {
+        self.password = hash_password(password)?;
+        Ok(())
+    }
+
+    pub fn hostnames(&self) -> impl IntoIterator<Item = InternedString> + Send + '_ {
+        [
+            self.hostname.no_dot_host_name(),
+            self.hostname.local_domain_name(),
+        ]
+        .into_iter()
+        .chain(
+            self.tor_keys
+                .iter()
+                .map(|k| InternedString::from_display(&k.onion_address())),
+        )
+    }
+}