adding twtxt proofs

add image resize, default avatars, and other fixes
fixes and such
2020-12-01 12:24:35 -07:00 · 2020-11-30 11:54:52 -07:00 · 2020-11-30 11:53:49 -07:00 · 2020-11-28 15:17:44 -07:00 · 2020-11-28 15:14:02 -07:00 · 2020-11-28 15:11:49 -07:00
14 changed files with 737 additions and 39 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@

 sour.is-keyproofs
 .env
+/pub
--- a/3
+++ b/3
@@ -1,7 +1,7 @@
 NAME=sour.is-keyproofs
 BUMP?=current
 DATE:=$(shell date -u +%FT%TZ)
-HASH:=$(shell git rev-pars HEAD 2> /dev/null)
+HASH:=$(shell git rev-parse HEAD 2> /dev/null)
 VERSION:=$(shell BUMP=$(BUMP) ./version.sh)


@@ -14,6 +14,7 @@ version:
 	@echo $(VERSION)
 tag:
 	git tag -a v$(VERSION) -m "Version: $(VERSION)"
+	git push --tag
 release:
 	@make tag BUMP=patch
 run:
--- a/example.env
+++ b/example.env
@@ -1,5 +1,7 @@
 # Rename to '.env' or pass required items to environment when running.

+# Basic Configuration.
+
 # REDDIT_APIKEY [REQUIRED]
 # REDDIT_SECRET [REQUIRED]
 #   To prevent reddits low ratelimits for non-authenticated requests
@@ -26,6 +28,12 @@ HTTP_LISTEN=

 BASE_URL=

+# AVATAR_PATH [OPTIONAL]
+#   To set the path for avatar/bg/cover image directories to serve. (default: pub)
+#   Path should allow read/write to application. The folders will be generated automatically.
+
+# Advanced Options. These are used to customize the application in non-standard deployments
+
 # XMPP_URL [OPTIONAL]
 #   To set XMPP http url for VCard verification. (default: BASE_URL)

@@ -35,3 +43,20 @@ XMPP_URL=
 #   To set DNS http url for DNS verification. (default: BASE_URL)

 XMPP_URL=
+
+# Avatar app
+# DISABLE_AVATAR [OPTIONAL]
+#    Disable the Avatar application. Set to any value other than "false"
+
+# DNS app
+# DISABLE_DNS [OPTIONAL]
+#    Disable the DNS application. Set to any value other than "false"
+
+# Keyproofs app
+# DISABLE_KEYPROOFS [OPTIONAL]
+#    Disable the KeyProofs application. Set to any value other than "false"
+
+# XMPP VCard app
+# DISABLE_VCARD [OPTIONAL]
+#    Disable the VCard application. Set to any value other than "false"
+#    If disabled the username/password are no longer required.
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,14 @@ module github.com/sour-is/keyproofs
 go 1.15

 require (
+	github.com/disintegration/imaging v1.6.2
+	github.com/fsnotify/fsnotify v1.4.7
 	github.com/go-chi/chi v4.1.2+incompatible
 	github.com/google/go-cmp v0.5.4 // indirect
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/joho/godotenv v1.3.0
 	github.com/lucasb-eyer/go-colorful v1.0.3
+	github.com/nullrocks/identicon v0.0.0-20180626043057-7875f45b0022
 	github.com/rs/cors v1.7.0
 	github.com/rs/zerolog v1.20.0
 	github.com/russross/blackfriday v1.5.2
--- a/go.sum
+++ b/go.sum
@@ -9,6 +9,8 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
+github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -60,6 +62,8 @@ github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/nullrocks/identicon v0.0.0-20180626043057-7875f45b0022 h1:Ys0rDzh8s4UMlGaDa1UTA0sfKgvF0hQZzTYX8ktjiDc=
+github.com/nullrocks/identicon v0.0.0-20180626043057-7875f45b0022/go.mod h1:x4NsS+uc7ecH/Cbm9xKQ6XzmJM57rWTkjywjfB2yQ18=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -112,6 +116,8 @@ golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFh
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 h1:xYJJ3S178yv++9zXV/hnr29plCAGO9vAFG9dorqaFQc=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8 h1:hVwzHzIUGRjiF7EcUjqNxk3NCfkPxbDKRdnNE1Rpg0U=
+golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -138,6 +144,7 @@ golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190927073244-c990c680b611/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/main.go
+++ b/main.go
@@ -86,38 +86,54 @@ func run(ctx context.Context) error {
 		Credential: xmpp.Password(os.Getenv("XMPP_PASSWORD")),
 	})

-	// configure cors middleware
-	corsMiddleware := cors.New(cors.Options{
-		AllowCredentials: true,
-		AllowedMethods:   strings.Fields(env("CORS_METHODS", "GET")),
-		AllowedOrigins:   strings.Fields(env("CORS_ORIGIN", "*")),
-	}).Handler
-
 	mux := chi.NewRouter()
 	mux.Use(
 		cfg.ApplyHTTP,
+		func(next http.Handler) http.Handler {
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				r = r.WithContext(log.WithContext(r.Context()))
+				next.ServeHTTP(w, r)
+			})
+		},
 		secHeaders,
-		corsMiddleware,
+		cors.New(cors.Options{
+			AllowCredentials: true,
+			AllowedMethods:   strings.Fields(env("CORS_METHODS", "GET")),
+			AllowedOrigins:   strings.Fields(env("CORS_ORIGIN", "*")),
+		}).Handler,
 		middleware.RequestID,
 		middleware.RealIP,
 		middleware.RequestLogger(&middleware.DefaultLogFormatter{Logger: accessLog(log.Info)}),
 		middleware.Recoverer,
 	)

-	// Create cache for promise engine
-	arc, _ := lru.NewARC(4096)
-	c := cache.New(arc)
-
-	keyproofApp := keyproofs.NewKeyProofApp(ctx, c)
-	dnsApp := keyproofs.NewDNSApp(ctx)
-	vcardApp, err := keyproofs.NewVCardApp(ctx)
-	if err != nil {
-		return err
+	if env("DISABLE_KEYPROOF", "false") == "false" {
+		// Create cache for promise engine
+		arc, _ := lru.NewARC(4096)
+		c := cache.New(arc)
+		keyproofs.NewKeyProofApp(ctx, c).Routes(mux)
 	}

-	keyproofApp.Routes(mux)
-	dnsApp.Routes(mux)
-	vcardApp.Routes(mux)
+	if env("DISABLE_DNS", "false") == "false" {
+		keyproofs.NewDNSApp(ctx).Routes(mux)
+	}
+
+	if env("DISABLE_AVATAR", "false") == "false" {
+		avatarApp, err := keyproofs.NewAvatarApp(ctx, env("AVATAR_PATH", "pub"))
+		if err != nil {
+			return err
+		}
+
+		avatarApp.Routes(mux)
+	}
+
+	if env("DISABLE_VCARD", "false") == "false" {
+		vcardApp, err := keyproofs.NewVCardApp(ctx)
+		if err != nil {
+			return err
+		}
+		vcardApp.Routes(mux)
+	}

 	log.Info().
 		Str("app", cfg.GetString("app-name")).
@@ -125,9 +141,11 @@ func run(ctx context.Context) error {
 		Str("build-hash", cfg.GetString("build-hash")).
 		Str("build-date", cfg.GetString("build-date")).
 		Str("listen", listen).
+                Int("user", os.Geteuid()).
+                Int("group", os.Getgid()).
 		Msg("startup")

-	err = New(&http.Server{
+	err := New(&http.Server{
 		Addr:         listen,
 		WriteTimeout: 15 * time.Second,
 		ReadTimeout:  15 * time.Second,
--- a/pkg/keyproofs/opengpg.go
+++ b/pkg/keyproofs/opengpg.go
@@ -22,12 +22,17 @@ func getOpenPGPkey(ctx context.Context, id string) (entity *Entity, err error) {
 		addr := "https://keys.openpgp.org/vks/v1/by-fingerprint/" + strings.ToUpper(id)
 		return getEntityHTTP(ctx, addr, true)
 	} else if email, err := mail.ParseAddress(id); err == nil {
-		addr := getWKDPubKeyAddr(email)
+		addr, advAddr := getWKDPubKeyAddr(email)
 		req, err := getEntityHTTP(ctx, addr, false)
 		if err == nil {
 			return req, err
 		}

+		req, err = getEntityHTTP(ctx, advAddr, false)
+		if err == nil {
+			return req, err
+		}
+
 		addr = "https://keys.openpgp.org/vks/v1/by-email/" + url.QueryEscape(id)
 		return getEntityHTTP(ctx, addr, true)
 	} else {
@@ -44,16 +49,15 @@ func getEntityHTTP(ctx context.Context, url string, useArmored bool) (entity *En
 	}
 	cl := http.Client{}
 	resp, err := cl.Do(req)
+	if err != nil {
+		return entity, fmt.Errorf("Requesting key: %w\nRemote URL: %v", err, url)
+	}
 	log.Debug().
 		Bool("useArmored", useArmored).
 		Str("status", resp.Status).
 		Str("url", url).
 		Msg("getEntityHTTP")

-	if err != nil {
-		return entity, fmt.Errorf("Requesting key: %w\nRemote URL: %v", err, url)
-	}
-
 	if resp.StatusCode != 200 {
 		return entity, fmt.Errorf("bad response from remote: %s\nRemote URL: %v", resp.Status, url)
 	}
@@ -194,11 +198,11 @@ func isFingerprint(s string) bool {
 	return true
 }

-func getWKDPubKeyAddr(email *mail.Address) string {
+func getWKDPubKeyAddr(email *mail.Address) (string, string) {
 	parts := strings.SplitN(email.Address, "@", 2)
-
 	hash := sha1.Sum([]byte(parts[0]))
 	lp := zbase32.EncodeToString(hash[:])

-	return fmt.Sprintf("https://%s/.well-known/openpgpkey/hu/%s", parts[1], lp)
+	return fmt.Sprintf("https://%s/.well-known/openpgpkey/hu/%s", parts[1], lp),
+		fmt.Sprintf("https://openpgpkey.%s/.well-known/openpgpkey/hu/%s/%s", parts[1], parts[1], lp)
 }
--- a/pkg/keyproofs/proofs.go
+++ b/pkg/keyproofs/proofs.go
@@ -2,6 +2,7 @@ package keyproofs

 import (
 	"bufio"
+	"bytes"
 	"context"
 	"encoding/base64"
 	"encoding/json"
@@ -205,6 +206,17 @@ func NewProof(ctx context.Context, uri, fingerprint string) ProofResolver {
 				return &httpResolve{p, url, nil}
 			}

+		case strings.Contains(p.URI.Path, "/conv/"):
+			if sp := strings.SplitN(p.URI.Path, "/", 3); len(sp) == 3 {
+				p.Icon = "fas fa-comment-alt"
+				p.Service = "Twtxt"
+				p.Name = "loading..."
+				p.Link = fmt.Sprintf("https://%s", p.URI.Host)
+
+				url := fmt.Sprintf("https://%s/api/v1/conv", p.URI.Host)
+				return &twtxtResolve{p, url, sp[2], nil}
+			}
+
 		default:
 			if sp := strings.SplitN(p.URI.Path, "/", 3); len(sp) > 1 {
 				p.Icon = "fas fa-project-diagram"
@@ -294,8 +306,8 @@ func (r *gitlabResolve) Resolve(ctx context.Context) error {

 	return ErrNoFingerprint
 }
-func (p *gitlabResolve) Proof() *Proof {
-	return &p.proof
+func (r *gitlabResolve) Proof() *Proof {
+	return &r.proof
 }

 func (p *Proof) Resolve(ctx context.Context) error {
@@ -305,6 +317,43 @@ func (p *Proof) Proof() *Proof {
 	return p
 }

+type twtxtResolve struct {
+	proof   Proof             `json:"-"`
+	url     string            `json:"-"`
+	Hash    string            `json:"hash"`
+	headers map[string]string `json:"-"`
+}
+
+func (t *twtxtResolve) Resolve(ctx context.Context) error {
+	t.proof.Status = ProofInvalid
+
+	twt := struct {
+		Twts []struct {
+			Text  string `json:"text"`
+			Twter struct{ Nick string }
+		} `json:"twts"`
+	}{}
+
+	if err := postJSON(ctx, t.url, nil, t, &twt); err != nil {
+		return err
+	}
+	if len(twt.Twts) > 0 {
+		t.proof.Name = twt.Twts[0].Twter.Nick
+		t.proof.Link += "/user/" + twt.Twts[0].Twter.Nick
+
+		ck := fmt.Sprintf("[Verifying my OpenPGP key: openpgp4fpr:%s]", strings.ToLower(t.proof.Fingerprint))
+		if strings.Contains(twt.Twts[0].Text, ck) {
+			t.proof.Status = ProofVerified
+			return nil
+		}
+	}
+
+	return ErrNoFingerprint
+}
+func (t *twtxtResolve) Proof() *Proof {
+	return &t.proof
+}
+
 func checkHTTP(ctx context.Context, uri, fingerprint string, hdr map[string]string) error {
 	log := log.Ctx(ctx)

@@ -370,3 +419,36 @@ func httpJSON(ctx context.Context, uri string, hdr map[string]string, dst interf

 	return json.NewDecoder(res.Body).Decode(dst)
 }
+
+func postJSON(ctx context.Context, uri string, hdr map[string]string, payload, dst interface{}) error {
+	log := log.Ctx(ctx)
+
+	log.Info().Str("URI", uri).Msg("postJSON")
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		log.Err(err).Send()
+		return err
+	}
+	buf := bytes.NewBuffer(body)
+
+	req, err := http.NewRequestWithContext(ctx, "POST", uri, buf)
+	if err != nil {
+		log.Err(err).Send()
+		return err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	for k, v := range hdr {
+		req.Header.Set(k, v)
+	}
+
+	res, err := http.DefaultClient.Do(req)
+	if err != nil {
+		log.Err(err)
+		return err
+	}
+	defer res.Body.Close()
+
+	return json.NewDecoder(res.Body).Decode(dst)
+}
--- a/pkg/keyproofs/routes-avatar.go
+++ b/pkg/keyproofs/routes-avatar.go
@@ -0,0 +1,342 @@
+package keyproofs
+
+import (
+	"context"
+	"crypto/md5"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"hash"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/disintegration/imaging"
+	"github.com/fsnotify/fsnotify"
+	"github.com/go-chi/chi"
+	"github.com/nullrocks/identicon"
+	"github.com/rs/zerolog/log"
+
+	"github.com/sour-is/keyproofs/pkg/graceful"
+)
+
+type avatarApp struct {
+	path string
+}
+
+func NewAvatarApp(ctx context.Context, path string) (*avatarApp, error) {
+	log := log.Ctx(ctx)
+
+	path = filepath.Clean(path)
+	app := &avatarApp{path: path}
+	err := app.CheckFiles(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("check files: %w", err)
+	}
+
+	watch, err := fsnotify.NewWatcher()
+	if err != nil {
+		return nil, err
+	}
+	for _, typ := range []string{"avatar", "bg", "cover"} {
+		err = watch.Add(filepath.Join(path, typ))
+		if err != nil {
+			return nil, fmt.Errorf("adding watch: %w", err)
+		}
+	}
+
+	log.Debug().Msg("startup avatar watcher")
+	wg := graceful.WaitGroup(ctx)
+	wg.Go(func() error {
+		for {
+			select {
+			case <-ctx.Done():
+				log.Debug().Msg("shutdown avatar watcher")
+				return nil
+			case op := <-watch.Events:
+				log.Print(op)
+				switch op.Op {
+				case fsnotify.Create:
+					path = filepath.Dir(op.Name)
+					kind := filepath.Base(path)
+					name := filepath.Base(op.Name)
+					if err := app.createLinks(kind, name); err != nil {
+						fmt.Println(err)
+					}
+				case fsnotify.Remove, fsnotify.Rename:
+					path = filepath.Dir(op.Name)
+					kind := filepath.Base(path)
+					name := filepath.Base(op.Name)
+					if err := app.removeLinks(kind, name); err != nil {
+						log.Error().Err(err).Send()
+					}
+				default:
+				}
+			case err := <-watch.Errors:
+				fmt.Println(err)
+			}
+		}
+	})
+
+	return app, nil
+}
+
+func (app *avatarApp) CheckFiles(ctx context.Context) error {
+	log := log.Ctx(ctx)
+
+	for _, name := range []string{".links", "avatar", "bg", "cover"} {
+		log.Debug().Msgf("mkdir: %s", filepath.Join(app.path, name))
+		err := os.MkdirAll(filepath.Join(app.path, name), 0700)
+		if err != nil {
+			return err
+		}
+	}
+
+	return filepath.Walk(app.path, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return fmt.Errorf("walk failed: %w", err)
+		}
+		if info.IsDir() {
+			if info.Name() == ".links" {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
+		path = filepath.Dir(path)
+		kind := filepath.Base(path)
+		name := info.Name()
+
+		log.Debug().Msgf("link: %s %s %s", app.path, kind, name)
+
+		return app.createLinks(kind, name)
+	})
+}
+
+func (app *avatarApp) get(w http.ResponseWriter, r *http.Request) {
+	log := log.Ctx(r.Context())
+
+	log.Print(r.Host)
+
+	kind := chi.URLParam(r, "kind")
+	hash := chi.URLParam(r, "hash")
+
+	sizeW, sizeH, resize := 0, 0, false
+	if s, err := strconv.Atoi(r.URL.Query().Get("s")); err == nil && s > 0 {
+		sizeW, sizeH, resize = sizeByKind(kind, s)
+	}
+	log.Debug().Int("width", sizeW).Int("height", sizeH).Bool("resize", resize).Str("kind", kind).Msg("Get Image")
+
+	if strings.ContainsRune(hash, '@') {
+		avatarHost, _, err := styleSRV(r.Context(), hash)
+		if err != nil {
+			writeText(w, 500, err.Error())
+			return
+		}
+		hash = hashSHA256(strings.ToLower(hash))
+		http.Redirect(w, r, fmt.Sprintf("https://%s/%s/%s?%s", avatarHost, kind, hash, r.URL.RawQuery), 301)
+		return
+	}
+
+	fname := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	log.Debug().Msgf("path: %s", fname)
+
+	if !fileExists(fname) {
+		switch kind {
+		case "avatar":
+			ig, err := identicon.New("sour.is", 5, 3)
+			if err != nil {
+				writeText(w, 500, err.Error())
+				return
+			}
+
+			ii, err := ig.Draw(hash)
+			if err != nil {
+				writeText(w, 500, err.Error())
+				return
+			}
+
+			w.Header().Set("Content-Type", "image/png")
+			w.WriteHeader(200)
+			err = ii.Png(clamp(128, 512, sizeW), w)
+			log.Error().Err(err).Send()
+
+			return
+		default:
+			sp := strings.SplitN(pixl, ",", 2)
+			b, _ := base64.RawStdEncoding.DecodeString(sp[1])
+			w.Header().Set("Content-Type", "image/png")
+			w.WriteHeader(200)
+			if _, err := w.Write(b); err != nil {
+				log.Error().Err(err).Send()
+			}
+			return
+		}
+	}
+
+	if !resize {
+		f, err := os.Open(fname)
+		if err != nil {
+			writeText(w, 500, err.Error())
+			return
+		}
+
+		w.Header().Set("Content-Type", "image/png")
+		w.WriteHeader(200)
+
+		_, err = io.Copy(w, f)
+		if err != nil {
+			log.Error().Err(err).Send()
+		}
+		return
+	}
+
+	img, err := imaging.Open(fname, imaging.AutoOrientation(true))
+	if err != nil {
+		writeText(w, 500, err.Error())
+		return
+	}
+
+	img = imaging.Fill(img, sizeW, sizeH, imaging.Center, imaging.Lanczos)
+
+	w.Header().Set("Content-Type", "image/png")
+	w.WriteHeader(200)
+	log.Debug().Msg("writing image")
+	err = imaging.Encode(w, img, imaging.PNG)
+	if err != nil {
+		log.Error().Err(err).Send()
+	}
+}
+
+func (app *avatarApp) Routes(r *chi.Mux) {
+	r.MethodFunc("GET", "/{kind:avatar|bg|cover}/{hash}", app.get)
+}
+
+func hashString(value string, h hash.Hash) string {
+	_, _ = h.Write([]byte(value))
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+func hashMD5(name string) string {
+	return hashString(name, md5.New())
+}
+func hashSHA256(name string) string {
+	return hashString(name, sha256.New())
+}
+
+func (app *avatarApp) createLinks(kind, name string) error {
+	if !strings.ContainsRune(name, '@') {
+		return nil
+	}
+
+	src := filepath.Join("..", kind, name)
+	name = strings.ToLower(name)
+
+	hash := hashMD5(name)
+	link := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err := app.replaceLink(src, link)
+	if err != nil {
+		return err
+	}
+
+	hash = hashSHA256(name)
+	link = filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err = app.replaceLink(src, link)
+
+	return err
+}
+
+func (app *avatarApp) removeLinks(kind, name string) error {
+	if !strings.ContainsRune(name, '@') {
+		return nil
+	}
+	name = strings.ToLower(name)
+
+	hash := hashMD5(name)
+	link := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err := os.Remove(link)
+	if err != nil {
+		return err
+	}
+
+	hash = hashSHA256(name)
+	link = filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err = os.Remove(link)
+
+	return err
+}
+
+func (app *avatarApp) replaceLink(src, link string) error {
+	if dst, err := os.Readlink(link); err != nil {
+		if os.IsNotExist(err) {
+			err = os.Symlink(src, link)
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		if dst != src {
+			err = os.Remove(link)
+			if err != nil {
+				return err
+			}
+			err = os.Symlink(src, link)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		return false
+	}
+	return !info.IsDir()
+}
+
+func sizeByKind(kind string, size int) (sizeW int, sizeH int, resize bool) {
+	switch kind {
+	case "avatar":
+		if size == 0 {
+			size = 128
+		}
+		sizeW = clamp(128, 640, size)
+		sizeH = sizeW
+		resize = true
+
+		return
+	case "cover":
+		if size == 0 {
+			size = 940
+		}
+
+		sizeW = clamp(640, 1300, size)
+		sizeH = ratio(sizeW, 2.7)
+		resize = true
+
+		return
+	default:
+		return 0, 0, false
+	}
+}
+
+func ratio(size int, ratio float64) int {
+	return int(float64(size) / ratio)
+}
+func clamp(min, max, size int) int {
+	if size > max {
+		return max
+	}
+
+	if size < min {
+		return min
+	}
+
+	return size
+}
--- a/pkg/keyproofs/routes-keyproofs.go
+++ b/pkg/keyproofs/routes-keyproofs.go
@@ -147,6 +147,7 @@ func (app *keyproofApp) getProofs(w http.ResponseWriter, r *http.Request) {

 	page := page{Style: defaultStyle}
 	page.AppName = fmt.Sprintf("%s v%s", cfg.GetString("app-name"), cfg.GetString("app-version"))
+	page.AppBuild = fmt.Sprintf("%s %s", cfg.GetString("build-date"), cfg.GetString("build-hash"))

 	// Wait for either entity to resolve or timeout
 	select {
--- a/pkg/keyproofs/routes-wkd.go
+++ b/pkg/keyproofs/routes-wkd.go
@@ -0,0 +1,212 @@
+package keyproofs
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/fsnotify/fsnotify"
+	"github.com/go-chi/chi"
+	"github.com/rs/zerolog/log"
+	"github.com/sour-is/keyproofs/pkg/graceful"
+)
+
+type wkdApp struct {
+	path   string
+	domain string
+}
+
+func NewWKDApp(ctx context.Context, path, domain string) (*wkdApp, error) {
+	log := log.Ctx(ctx)
+
+	path = filepath.Clean(path)
+	app := &wkdApp{path: path}
+	err := app.CheckFiles(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	watch, err := fsnotify.NewWatcher()
+	if err != nil {
+		return nil, err
+	}
+	for _, typ := range []string{"keys"} {
+		err = watch.Add(filepath.Join(path, typ))
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	log.Debug().Msg("startup wkd watcher")
+	wg := graceful.WaitGroup(ctx)
+	wg.Go(func() error {
+		for {
+			select {
+			case <-ctx.Done():
+				log.Debug().Msg("shutdown wkd watcher")
+				return nil
+			case op := <-watch.Events:
+				log.Print(op)
+				switch op.Op {
+				case fsnotify.Create:
+					path = filepath.Dir(op.Name)
+					kind := filepath.Base(path)
+					name := filepath.Base(op.Name)
+					if err := app.createLinks(kind, name); err != nil {
+						fmt.Println(err)
+					}
+				case fsnotify.Remove, fsnotify.Rename:
+					path = filepath.Dir(op.Name)
+					kind := filepath.Base(path)
+					name := filepath.Base(op.Name)
+					if err := app.removeLinks(kind, name); err != nil {
+						log.Error().Err(err).Send()
+					}
+				default:
+				}
+			case err := <-watch.Errors:
+				fmt.Println(err)
+			}
+		}
+	})
+
+	return app, nil
+}
+
+func (app *wkdApp) CheckFiles(ctx context.Context) error {
+	log := log.Ctx(ctx)
+
+	for _, name := range []string{".links", "wkd"} {
+		log.Debug().Msgf("mkdir: %s", filepath.Join(app.path, name))
+		err := os.MkdirAll(filepath.Join(app.path, name), 0700)
+		if err != nil {
+			return err
+		}
+	}
+
+	return filepath.Walk(app.path, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			if info.Name() == ".links" {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
+		path = filepath.Dir(path)
+		kind := filepath.Base(path)
+		name := info.Name()
+
+		log.Debug().Msgf("link: %s %s %s", app.path, kind, name)
+
+		return app.createLinks(kind, name)
+	})
+}
+
+func (app *wkdApp) get(w http.ResponseWriter, r *http.Request) {
+	log := log.Ctx(r.Context())
+
+	log.Print(r.Host)
+
+	kind := chi.URLParam(r, "kind")
+	hash := chi.URLParam(r, "hash")
+
+	if strings.ContainsRune(hash, '@') {
+		avatarHost, _, err := styleSRV(r.Context(), hash)
+		if err != nil {
+			writeText(w, 500, err.Error())
+			return
+		}
+		hash = hashSHA256(strings.ToLower(hash))
+		http.Redirect(w, r, fmt.Sprintf("https://%s/%s/%s?%s", avatarHost, kind, hash, r.URL.RawQuery), 301)
+		return
+	}
+
+	fname := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	log.Debug().Msgf("path: %s", fname)
+
+	f, err := os.Open(fname)
+	if err != nil {
+		writeText(w, 500, err.Error())
+		return
+	}
+
+	_, err = io.Copy(w, f)
+	if err != nil {
+		writeText(w, 500, err.Error())
+		return
+	}
+}
+
+func (app *wkdApp) Routes(r *chi.Mux) {
+	r.MethodFunc("GET", "/.well-known/openpgpkey/hu/{hash}", app.get)
+	r.MethodFunc("GET", "/.well-known/openpgpkey/hu/{domain}/{hash}", app.get)
+}
+
+func (app *wkdApp) createLinks(kind, name string) error {
+	if !strings.ContainsRune(name, '@') {
+		return nil
+	}
+
+	src := filepath.Join("..", kind, name)
+	name = strings.ToLower(name)
+
+	hash := hashMD5(name)
+	link := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err := app.replaceLink(src, link)
+	if err != nil {
+		return err
+	}
+
+	return err
+}
+
+func (app *wkdApp) removeLinks(kind, name string) error {
+	if !strings.ContainsRune(name, '@') {
+		return nil
+	}
+	name = strings.ToLower(name)
+
+	hash := hashMD5(name)
+	link := filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err := os.Remove(link)
+	if err != nil {
+		return err
+	}
+
+	hash = hashSHA256(name)
+	link = filepath.Join(app.path, ".links", strings.Join([]string{kind, hash}, "-"))
+	err = os.Remove(link)
+
+	return err
+}
+
+func (app *wkdApp) replaceLink(src, link string) error {
+	if dst, err := os.Readlink(link); err != nil {
+		if os.IsNotExist(err) {
+			err = os.Symlink(src, link)
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		if dst != src {
+			err = os.Remove(link)
+			if err != nil {
+				return err
+			}
+			err = os.Symlink(src, link)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
--- a/pkg/keyproofs/style.go
+++ b/pkg/keyproofs/style.go
@@ -37,7 +37,6 @@ func getStyle(ctx context.Context, email string) (*Style, error) {
 	hash := md5.New()
 	email = strings.TrimSpace(strings.ToLower(email))
 	_, _ = hash.Write([]byte(email))
-
 	id := hash.Sum(nil)

 	style := &Style{}
--- a/pkg/keyproofs/template.go
+++ b/pkg/keyproofs/template.go
@@ -1,10 +1,11 @@
 package keyproofs

 type page struct {
-	AppName string
-	Entity  *Entity
-	Style   *Style
-	Proofs  *Proofs
+	AppName  string
+	AppBuild string
+	Entity   *Entity
+	Style    *Style
+	Proofs   *Proofs

 	Markdown   string
 	HasProofs  bool
@@ -50,6 +51,7 @@ var pageTPL = `
 		.shade { background-color: {{index .Palette 3}}80; border-radius: .25rem;}
 		.lead { padding:0; margin:0;  }
 		.scroll { height: 20em; overflow: scroll; }
+
 		@media only screen and (max-width: 991px) {
 			.jumbotron h1 { font-size: 2rem; }
 			.jumbotron .lead { font-size: 1.0rem; }
@@ -80,7 +82,7 @@ var pageTPL = `
 			{{template "content" .}}

 			<div class="card-footer text-muted text-center">
-				<a href="/">{{.AppName}}</a>
+				<a href="/" alt="{{.AppBuild}}">{{.AppName}}</a>
 				| &copy; 2020 Sour.is
 				| <a href="/id/me@sour.is">About me</a>
 				| <a href="https://github.com/sour-is/keyproofs">GitHub</a>
--- a/sour.is-keyproofs.service
+++ b/sour.is-keyproofs.service
@@ -1,10 +1,11 @@
 [Unit]
-Description=sour.is paste API
+Description=sour.is KeyProofs API
 After=syslog.target network.target

 [Service]
 Type=simple
 User=www-data
+Group=www-data
 WorkingDirectory=/var/www
 ExecStart=/usr/local/bin/sour.is-keyproofs
Author	SHA1	Message	Date
Jon Lundy	90bba0e527	adding twtxt proofs	2020-12-01 12:24:35 -07:00
Jon Lundy	b3922980db	add image resize, default avatars, and other fixes	2020-11-30 11:54:52 -07:00
Jon Lundy	7878834155	fixes and such	2020-11-30 11:53:49 -07:00
Jon Lundy	8f48e36da8	fix missing files	2020-11-28 15:17:44 -07:00
Jon Lundy	7e3eee56e0	push tags on create	2020-11-28 15:14:02 -07:00
Jon Lundy	616997fdc6	add libravatar/style endpoint	2020-11-28 15:11:49 -07:00