mystiatech/GreenCoast
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mystiatech:fb7428064fa80e9e30b1f0a587972133a664c2fd
Branches Tags
mystiatech:main mystiatech:EndUserEnhancements mystiatech:deployment-test
...
compare: mystiatech:deployment-test
Branches Tags
mystiatech:EndUserEnhancements mystiatech:deployment-test mystiatech:main

5 Commits
fb7428064f ... deployment

Author SHA1 Message Date
Dani
5dfc710ae9 Added panic mode protections to make the server more secure 2025-08-22 18:54:10 -04:00
Dani
5067913c21 Fixed the device sign 2025-08-22 18:24:24 -04:00
Dani
b9fad16fa2 Removed Test Data from the git 2025-08-22 12:42:22 -04:00
Dani
0ff358552c Finished updating the readme 2025-08-22 12:40:09 -04:00
Dani
720c7e0b52 Updated the README 
Added new security layers
 2025-08-22 12:39:51 -04:00
20 changed files with 1395 additions and 1039 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -23,3 +23,4 @@ data/
# Env/config overrides
shard.yaml
.env
testdata/*

236
README.md
View File

@@ -1,24 +1,224 @@
# GreenCoast — Privacy-First, Shardable Social (Dockerized)
# GreenCoast
**Goal:** A BlueSky-like experience with **shards**, **zero-trust**, **no data collection**, **E2EE**, and easy self-hosting — from x86_64 down to **Raspberry Pi Zero**.
License: **The Unlicense** (public-domain equivalent).
This repo contains a minimal, working **shard**: an append-only object API with zero-data-collection defaults. Its structured to evolve into full federation, E2EE, and client apps, while keeping Pi Zero as a supported host.
A privacy-first, shardable social backend + minimalist client. **Zero PII**, **zero passwords**, optional **E2EE per post**, and **public-key accounts**. Includes **DPoP-style proof-of-possession**, **Discord SSO with PKCE**, and a tiny static client.
---
## Quick Start (Laptop / Dev)
## Features
**Requirements:** Docker + Compose v2
- **Zero-trust by design**: server stores no emails or passwords.
- **Accounts = public keys** (Ed25519 or P-256). No usernames required.
- **Proof-of-possession (PoP)** on every authenticated API call.
- **Short-lived tokens** (HMAC “gc2”) bound to device keys.
- **Shardable storage** (mTLS or signed shard requests).
- **No fingerprinting**: no IP/UA logs; coarse timestamps optional.
- **Static client** with strong CSP; optional E2EE per post.
- **Discord SSO (PKCE)** as an *optional* convenience.
- **Filesystem storage** supports both **flat** and **nested** object layouts.
---
## Architecture (brief)
- **Shard**: stateless API + local FS object store + in-memory index.
- **Client**: static files (HTML/JS/CSS) served by the shard or any static host.
- **Identity**: device key (P-256/Ed25519) or passkey; server mints short-lived **gc2** tokens bound to the device key (`cnf` claim).
- **Privacy**: objects can be plaintext (public) or client-encrypted (private).
---
## Security posture
- **Zero-trust**: no passwords/emails; optional SSO is *linking*, not source-of-truth.
- **DPoP-style PoP** on requests:
- Client sends:
- `Authorization: Bearer gc2.…`
- `X-GC-Key: p256:<base64-raw>` (or `ed25519:…`)
- `X-GC-TS: <unix seconds>`
- `X-GC-Proof: sig( METHOD "\n" URL "\n" TS "\n" SHA256(body) )`
- Server verifies `gc2` signature, key binding (`cnf`), timestamp window, and replay cache.
- **Replay protection**: 10-minute proof cache.
- **No fingerprinting/logging**: no IPs, no UAs.
- **Strict CSP** for client: blocks XSS/token theft.
- **Limits**: request body limits (default 10 MiB), simple per-account rate limiting.
- **Shard↔shard**: mTLS or per-shard signatures with timestamp + replay cache.
---
## Requirements
- Go 1.21+
- Docker (optional)
- A signing key for tokens: `GC_SIGNING_SECRET_HEX` (32+ bytes hex)
- (Optional) Discord OAuth app (Client ID/Secret + redirect URI)
- (Optional) Cloudflare Tunnel or other TLS reverse proxy
---
## Environment variables
GC_HTTP_ADDR=:9080
GC_HTTPS_ADDR= # optional
GC_TLS_CERT= # optional
GC_TLS_KEY= # optional
GC_STATIC_ADDR=:9082
GC_STATIC_DIR=/opt/greencoast/client
GC_DATA_DIR=/var/lib/greencoast
GC_ZERO_TRUST=true
GC_COARSE_TS=false
GC_SIGNING_SECRET_HEX=<64+ hex chars> # required for gc2 tokens
GC_REQUIRE_POP=true # default true; set false for first-run
# Dev convenience (testing only; disable for production)
GC_DEV_ALLOW_UNAUTH=false
GC_DEV_BEARER=
# Discord SSO (optional)
GC_DISCORD_CLIENT_ID=
GC_DISCORD_CLIENT_SECRET=
GC_DISCORD_REDIRECT_URI=https://greencoast.example.com/auth-callback.html
---
## Quickstart (Docker)
Minimal compose for local testing (PoP disabled + dev unauth allowed for first run):
services:
shard-test:
build: .
environment:
- GC_HTTP_ADDR=:9080
- GC_STATIC_ADDR=:9082
- GC_STATIC_DIR=/opt/greencoast/client
- GC_DATA_DIR=/var/lib/greencoast
- GC_ZERO_TRUST=true
- GC_SIGNING_SECRET_HEX=7f6e1a0f2b4d7e3a... # replace with your secret
- GC_REQUIRE_POP=false # easier first-run
- GC_DEV_ALLOW_UNAUTH=true
volumes:
- ./testdata:/var/lib/greencoast
- ./client:/opt/greencoast/client:ro
ports:
- "9080:9080"
- "9082:9082"
Open `http://localhost:9082` → set the Shard URL (`http://localhost:9080`) → publish a test post.
When ready, **turn PoP on** by removing `GC_REQUIRE_POP=false` and disabling `GC_DEV_ALLOW_UNAUTH`.
---
## Cloudflare Tunnel example
ingress:
- hostname: greencoast.example.com
service: http://shard-test:9082
- hostname: api-gc.greencoast.example.com
service: http://shard-test:9080
- service: http_status:404
Use “Full (strict)” TLS and ensure your cert covers both hosts.
---
## Client usage
- **Shard URL**: set it in the top “Connect” section (or use `?api=` query or `<meta name="gc-api-base">`).
- **Device key sign-in (no OAuth)**:
1) Client generates/stores a P-256 device key in the browser.
2) Client calls `/v1/auth/key/challenge` then `/v1/auth/key/verify` to obtain a **gc2** token bound to that key.
- **Discord SSO (optional)**:
- Requires `GC_DISCORD_CLIENT_*` env vars and a valid `GC_DISCORD_REDIRECT_URI`.
- Uses PKCE (`S256`) and binds the minted **gc2** token to the device key presented at `/start`.
---
## API (overview)
- `GET /healthz` liveness
- `PUT /v1/object` upload blob (headers: optional `X-GC-Private: 1`, `X-GC-TZ`)
- `GET /v1/object/{hash}` download blob
- `DELETE /v1/object/{hash}` delete blob
- `GET /v1/index` list indexed entries (latest first)
- `GET /v1/index/stream` SSE updates
- `POST /v1/admin/reindex` rebuild index from disk
- **Auth**
- `POST /v1/auth/key/challenge``{nonce, exp}`
- `POST /v1/auth/key/verify` `{nonce, alg, pub, sig}``{bearer, sub, exp}`
- `POST /v1/auth/discord/start` (requires `X-GC-3P-Assent: 1` and `X-GC-Key`)
- `GET /v1/auth/discord/callback` → redirects with `#bearer=…`
- **GDPR**
- `GET /v1/gdpr/policy` current data-handling posture
> When `GC_REQUIRE_POP=true`, all authenticated endpoints require PoP headers.
### PoP header format (pseudocode)
Authorization: Bearer gc2.<claims>.<sig>
X-GC-Key: p256:<base64-raw> # or ed25519:<base64-raw>
X-GC-TS: <unix seconds>
X-GC-Proof: base64(
Sign_device_key(
UPPER(METHOD) + "\n" + URL + "\n" + X-GC-TS + "\n" + SHA256(body)
)
)
---
## Storage layout & migration
- **Writes** are flat: `objects/<hash>`
- **Reads** (and reindex) also support:
- `objects/<hash>/blob|data|content`
- `objects/<hash>/<single file>`
- `objects/<prefix>/<hash>` (two-level prefix)
- To **restore** data into a fresh container:
1) Mount your objects at `/var/lib/greencoast/objects`
2) Call `POST /v1/admin/reindex` (with auth+PoP or enable dev unauth briefly)
---
## Reindex examples
Unauth (dev only):
curl -X POST https://api-gc.yourdomain/v1/admin/reindex
With bearer + PoP (placeholders):
curl -X POST https://api-gc.yourdomain/v1/admin/reindex ^
-H "Authorization: Bearer <gc2_token>" ^
-H "X-GC-Key: p256:<base64raw>" ^
-H "X-GC-TS: <unix>" ^
-H "X-GC-Proof: <base64sig>"
---
## Hardening checklist (prod)
- Set `GC_REQUIRE_POP=true`, remove dev bypass.
- Keep access token TTL ≤ 8h; rotate signing key periodically.
- Static client served with strong CSP (already enabled).
- Containers run non-root, read-only FS, `no-new-privileges`, `cap_drop: ["ALL"]`.
- Edge WAF/rate limits; 10 MiB default request cap (tunable).
- Commit `go.sum`; run `go mod verify` in CI.
---
## GDPR
- Server stores **no PII** (no emails, no IP/UA logs).
- Timestamps are UTC (or coarse UTC if enabled).
- `/v1/gdpr/policy` exposes current posture.
- Roadmap: `/v1/gdpr/export` and `/v1/gdpr/delete` to enumerate/remove blobs signed by a given key.
---
## License
This project is licensed under **The Unlicense**. See `LICENSE` for details.
```bash
git clone <your repo> greencoast
cd greencoast
cp .env.example .env
docker compose -f docker-compose.dev.yml up --build
# Health:
curl -s http://localhost:8080/healthz
# Put an object (dev mode allows unauthenticated PUT/GET):
curl -s -X PUT --data-binary @README.md http://localhost:8080/v1/object
# -> {"ok":true,"hash":"<sha256>",...}
curl -s http://localhost:8080/v1/object/<sha256> | head

336
client/app.js
View File

@@ -1,43 +1,13 @@
import { encryptString, decryptToString, toBlob } from "./crypto.js";
// ---- Helpers ----
function defaultApiBase() {
try {
const qs = new URLSearchParams(window.location.search);
const qApi = qs.get("api");
if (qApi) return qApi.replace(/\/+$/, "");
} catch {}
const m = document.querySelector('meta[name="gc-api-base"]');
if (m && m.content) return m.content.replace(/\/+$/, "");
try {
const u = new URL(window.location.href);
const proto = u.protocol;
const host = u.hostname;
const portStr = u.port;
const bracketHost = host.includes(":") ? `[${host}]` : host;
const port = portStr ? parseInt(portStr, 10) : null;
let apiPort = port;
if (port === 8082) apiPort = 8080;
else if (port === 9082) apiPort = 9080;
else if (port) apiPort = Math.max(1, port - 2);
return apiPort ? `${proto}//${bracketHost}:${apiPort}` : `${proto}//${bracketHost}`;
} catch {
return window.location.origin.replace(/\/+$/, "");
}
}
const LOCAL_TZ = Intl.DateTimeFormat().resolvedOptions().timeZone || "UTC";
// ---- DOM refs ----
// ---------- DOM ----------
const els = {
shardUrl: document.getElementById("shardUrl"),
bearer: document.getElementById("bearer"),
passphrase: document.getElementById("passphrase"),
saveConn: document.getElementById("saveConn"),
keySignIn: document.getElementById("keySignIn"),
panicWipe: document.getElementById("panicWipe"),
health: document.getElementById("health"),
visibility: document.getElementById("visibility"),
title: document.getElementById("title"),
@@ -46,118 +16,152 @@ const els = {
publishStatus: document.getElementById("publishStatus"),
posts: document.getElementById("posts"),
discordStart: document.getElementById("discordStart"),
shareTZ: document.getElementById("shareTZ"),
};
// ---- Config + state ----
// ---------- Config (no bearer in localStorage) ----------
const LS_KEY = "gc_client_config_v1";
const POSTS_KEY = "gc_posts_index_v1";
let sseCtrl = null;
// ---- Boot ----
const cfg = loadConfig();
applyConfig();
checkHealth();
syncIndex();
sse();
// ---- Storage helpers ----
function loadConfig(){ try { return JSON.parse(localStorage.getItem(LS_KEY)) ?? {}; } catch { return {}; } }
function saveConfig(c){ localStorage.setItem(LS_KEY, JSON.stringify(c)); Object.assign(cfg, c); }
function saveConfig(c){ localStorage.setItem(LS_KEY, JSON.stringify({ url: c.url, passphrase: c.passphrase })); Object.assign(cfg, c); }
function getPosts(){ try { return JSON.parse(localStorage.getItem(POSTS_KEY)) ?? []; } catch { return []; } }
function setPosts(v){ localStorage.setItem(POSTS_KEY, JSON.stringify(v)); renderPosts(); }
function norm(u){ return (u||"").replace(/\/+$/,""); }
function fmtWhen(ts, tz) {
function getBearer(){ return sessionStorage.getItem("gc_bearer") || ""; }
function setBearer(tok){ if (!tok) sessionStorage.removeItem("gc_bearer"); else sessionStorage.setItem("gc_bearer", tok); els.bearer.value = tok ? "••• (session)" : ""; }
const cfg = loadConfig();
// ---------- Security helpers ----------
const enc = new TextEncoder();
const dec = new TextDecoder();
const b64 = (u) => { let s=""; u=new Uint8Array(u); for (let i=0;i<u.length;i++) s+=String.fromCharCode(u[i]); return btoa(s).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""); };
const ub64 = (s) => { s=s.replace(/-/g,"+").replace(/_/g,"/"); while(s.length%4) s+="="; const bin=atob(s); const b=new Uint8Array(bin.length); for(let i=0;i<bin.length;i++) b[i]=bin.charCodeAt(i); return b.buffer; };
async function sha256Hex(buf){ const h = await crypto.subtle.digest("SHA-256", buf); return [...new Uint8Array(h)].map(x=>x.toString(16).padStart(2,"0")).join(""); }
// Device key (P-256), stored locally (not a bearer)
async function getDevice() {
let dev = JSON.parse(localStorage.getItem('gc_device_key_v1')||'null');
if (!dev) {
const kp = await crypto.subtle.generateKey({name:"ECDSA", namedCurve:"P-256"}, true, ["sign","verify"]);
const pkcs8 = await crypto.subtle.exportKey("pkcs8", kp.privateKey);
const rawPub = await crypto.subtle.exportKey("raw", kp.publicKey); // 65B 0x04||X||Y
dev = { alg:"p256", priv: b64(pkcs8), pub: b64(rawPub) };
localStorage.setItem('gc_device_key_v1', JSON.stringify(dev));
}
return dev;
}
// Proof-of-Possession headers for this request
async function popHeaders(method, pathOnly, bodyBuf){
const dev = await getDevice();
const ts = Math.floor(Date.now()/1000).toString();
const hashHex = await sha256Hex(bodyBuf || new Uint8Array());
const msg = enc.encode(method.toUpperCase()+"\n"+pathOnly+"\n"+ts+"\n"+hashHex);
const priv = await crypto.subtle.importKey("pkcs8", ub64(dev.priv), { name:"ECDSA", namedCurve:"P-256" }, false, ["sign"]);
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, msg);
return {
"X-GC-Key": "p256:"+dev.pub,
"X-GC-TS": ts,
"X-GC-Proof": b64(sig),
};
}
// Idle timeout → clear bearer
(function idleGuard(){
let idle;
const bump=()=>{ clearTimeout(idle); idle=setTimeout(()=>setBearer(""), 30*60*1000); }; // 30 min
["click","keydown","mousemove","touchstart","focus","visibilitychange"].forEach(ev=>addEventListener(ev,bump,{passive:true}));
bump();
})();
// ---------- API base detection ----------
function defaultApiBase() {
try {
return new Intl.DateTimeFormat(undefined, { dateStyle:"medium", timeStyle:"short", timeZone: tz }).format(new Date(ts));
} catch { return ts; }
const qs = new URLSearchParams(window.location.search);
const qApi = qs.get("api"); if (qApi) return qApi.replace(/\/+$/, "");
} catch {}
const m = document.querySelector('meta[name="gc-api-base"]');
if (m && m.content) return m.content.replace(/\/+$/, "");
try {
const u = new URL(window.location.href);
const proto = u.protocol, host = u.hostname, portStr = u.port;
const bracketHost = host.includes(":") ? `[${host}]` : host;
const port = portStr ? parseInt(portStr, 10) : null;
let apiPort = port;
if (port === 8082) apiPort = 8080;
else if (port === 9082) apiPort = 9080;
else if (port) apiPort = Math.max(1, port - 2);
return apiPort ? `${proto}//${bracketHost}:${apiPort}` : `${proto}//${bracketHost}`;
} catch {
return window.location.origin.replace(/\/+$/, "");
}
}
// ---------- App init ----------
function applyConfig(){
if (!cfg.url) {
const detected = defaultApiBase();
cfg.url = detected;
try { localStorage.setItem(LS_KEY, JSON.stringify(cfg)); } catch {}
}
els.shardUrl.value = cfg.url;
els.bearer.value = cfg.bearer ?? "";
els.shardUrl.value = cfg.url ?? defaultApiBase();
els.passphrase.value = cfg.passphrase ?? "";
els.bearer.value = getBearer() ? "••• (session)" : "";
}
applyConfig(); checkHealth(); syncIndex(); sse();
// ---------- UI wiring ----------
els.saveConn.onclick = async () => {
const c = { url: norm(els.shardUrl.value), bearer: els.bearer.value.trim(), passphrase: els.passphrase.value };
const c = { url: norm(els.shardUrl.value), passphrase: els.passphrase.value };
saveConfig(c); await checkHealth(); await syncIndex(); sse(true);
};
els.publish.onclick = publish;
els.discordStart.onclick = discordStart;
els.keySignIn.onclick = keySignIn;
els.panicWipe.onclick = panicWipe;
// Panic wipe hotkey (double-tap ESC)
let escT=0;
addEventListener("keydown", (e) => {
if (e.key === "Escape") {
const now = Date.now();
if (now - escT < 600) panicWipe();
escT = now;
}
});
// ---------- Health / Index / SSE ----------
async function checkHealth() {
if (!cfg.url) { els.health.textContent = "No API base set"; return; }
els.health.textContent = "Checking…";
try {
const r = await fetch(cfg.url + "/healthz", { mode:"cors" });
els.health.textContent = r.ok ? "Connected ✔" : `Error: ${r.status}`;
} catch (e) {
els.health.textContent = "Not reachable";
if (!cfg.url) return; els.health.textContent = "Checking…";
try { const r = await fetch(cfg.url + "/healthz"); els.health.textContent = r.ok ? "Connected ✔" : `Error: ${r.status}`; }
catch { els.health.textContent = "Not reachable"; }
}
}
async function publish() {
if (!cfg.url) return msg("Set shard URL first.", true);
const title = els.title.value.trim(); const body = els.body.value; const vis = els.visibility.value;
try {
let blob, enc=false;
if (vis === "private") {
if (!cfg.passphrase) return msg("Set a passphrase for private posts.", true);
const payload = await encryptString(JSON.stringify({ title, body }), cfg.passphrase);
blob = toBlob(payload); enc=true;
} else {
blob = toBlob(JSON.stringify({ title, body }));
}
const headers = { "Content-Type":"application/octet-stream" };
if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
if (enc) headers["X-GC-Private"] = "1";
if (els.shareTZ && els.shareTZ.checked && LOCAL_TZ) headers["X-GC-TZ"] = LOCAL_TZ; // NEW
const r = await fetch(cfg.url + "/v1/object", { method:"PUT", headers, body: blob });
if (!r.ok) throw new Error(await r.text());
const j = await r.json();
const posts = getPosts();
posts.unshift({ hash:j.hash, title: title || "(untitled)", bytes:j.bytes, ts:j.stored_at, enc, creator_tz: j.creator_tz || "" });
setPosts(posts);
els.body.value = ""; msg(`Published ${enc?"private":"public"} post. Hash: ${j.hash}`);
} catch(e){ msg("Publish failed: " + (e?.message||e), true); }
}
function msg(t, err=false){ els.publishStatus.textContent=t; els.publishStatus.style.color = err ? "#ff6b6b" : "#8b949e"; }
async function syncIndex() {
if (!cfg.url) return;
try {
const headers = {}; if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
const r = await fetch(cfg.url + "/v1/index", { headers });
const hdrs = {};
const b = getBearer();
if (b) Object.assign(hdrs, await popHeaders("GET", "/v1/index", new Uint8Array()));
const r = await fetch(cfg.url + "/v1/index", { headers: Object.assign(hdrs, b?{Authorization:"Bearer "+b}:{}) });
if (!r.ok) throw new Error("index fetch failed");
const entries = await r.json();
setPosts(entries.map(e => ({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, creator_tz: e.creator_tz || "" })));
setPosts(entries.map(e => ({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz||"" })));
} catch(e){ console.warn("index sync failed", e); }
}
function sse(forceRestart=false){
let sseCtrl;
function sse(reset){
if (!cfg.url) return;
if (sseCtrl) { sseCtrl.abort(); sseCtrl = null; }
if (sseCtrl) { sseCtrl.abort(); sseCtrl = undefined; }
sseCtrl = new AbortController();
const url = cfg.url + "/v1/index/stream";
const headers = {}; if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
fetch(url, { headers, signal: sseCtrl.signal }).then(async resp => {
const b = getBearer();
const start = async () => {
const hdrs = {};
if (b) Object.assign(hdrs, await popHeaders("GET", "/v1/index/stream", new Uint8Array()), { Authorization: "Bearer "+b });
fetch(url, { headers: hdrs, signal: sseCtrl.signal }).then(async resp => {
if (!resp.ok) return;
const reader = resp.body.getReader(); const decoder = new TextDecoder();
let buf = "";
while (true) {
const { value, done } = await reader.read(); if (done) break;
buf += decoder.decode(value, { stream:true });
let idx;
while ((idx = buf.indexOf("\n\n")) >= 0) {
let idx; while ((idx = buf.indexOf("\n\n")) >= 0) {
const chunk = buf.slice(0, idx); buf = buf.slice(idx+2);
if (chunk.startsWith("data: ")) {
try {
@@ -166,7 +170,7 @@ function sse(forceRestart=false){
const e = ev.data;
const posts = getPosts();
if (!posts.find(p => p.hash === e.hash)) {
posts.unshift({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, creator_tz: e.creator_tz || "" });
posts.unshift({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz||"" });
setPosts(posts);
}
} else if (ev.event === "delete") {
@@ -177,13 +181,93 @@ function sse(forceRestart=false){
}
}
}).catch(()=>{});
};
start();
}
// ---------- Auth ----------
async function keySignIn(){
try {
if (!cfg.url) { alert("Set shard URL first."); return; }
// 1) challenge
const cResp = await fetch(cfg.url + "/v1/auth/key/challenge", { method:"POST" });
const cTxt = await cResp.text();
if (!cResp.ok) { alert("Challenge failed: " + cTxt); return; }
const c = JSON.parse(cTxt);
// 2) sign and verify
const dev = await getDevice();
const priv = await crypto.subtle.importKey("pkcs8", ub64(dev.priv), { name:"ECDSA", namedCurve:"P-256" }, false, ["sign"]);
const msg = enc.encode("key-verify\n" + c.nonce);
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, msg);
const vResp = await fetch(cfg.url + "/v1/auth/key/verify", {
method:"POST",
headers: { "Content-Type":"application/json" },
body: JSON.stringify({ nonce:c.nonce, alg:"p256", pub: dev.pub, sig: b64(sig) })
});
const vTxt = await vResp.text();
if (!vResp.ok) { alert("Verify failed: " + vTxt); return; }
const j = JSON.parse(vTxt);
setBearer(j.bearer);
alert("Signed in ✔ (session)");
await syncIndex();
} catch (e) {
alert("Key sign-in exception: " + (e?.message || e));
}
}
async function panicWipe(){
try {
if (cfg.url) await fetch(cfg.url + "/v1/session/clear", { method:"POST" });
} catch {}
sessionStorage.clear();
localStorage.clear();
caches && caches.keys().then(keys => keys.forEach(k => caches.delete(k)));
location.replace("about:blank");
}
// ---------- Publishing / Viewing ----------
function msg(t, err=false){ els.publishStatus.textContent=t; els.publishStatus.style.color = err ? "#ff6b6b" : "inherit"; }
async function publish() {
if (!cfg.url) return msg("Set shard URL first.", true);
const b = getBearer(); if (!b) return msg("Sign in first (device key).", true);
const title = els.title.value.trim();
const body = els.body.value;
const vis = els.visibility.value;
try {
let blob, encp=false;
if (vis === "private") {
if (!cfg.passphrase) return msg("Set a passphrase for private posts.", true);
const payload = await encryptString(JSON.stringify({ title, body }), cfg.passphrase);
blob = toBlob(payload); encp=true;
} else {
blob = toBlob(JSON.stringify({ title, body }));
}
const buf = new Uint8Array(await blob.arrayBuffer());
const path = "/v1/object";
const headers = { "Content-Type":"application/octet-stream", Authorization: "Bearer "+b };
if (encp) headers["X-GC-Private"] = "1";
const pop = await popHeaders("PUT", path, buf);
Object.assign(headers, pop);
const r = await fetch(cfg.url + path, { method:"PUT", headers, body: buf });
if (!r.ok) throw new Error(await r.text());
const j = await r.json();
const posts = getPosts();
posts.unshift({ hash:j.hash, title: title || "(untitled)", bytes:j.bytes, ts:j.stored_at, enc:j.private, tz:j.creator_tz||"" });
setPosts(posts);
els.body.value = ""; msg(`Published ${encp?"private":"public"} post. Hash: ${j.hash}`);
} catch(e){ msg("Publish failed: " + (e?.message||e), true); }
}
async function viewPost(p, pre) {
pre.textContent = "Loading…";
try {
const headers = {}; if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
const r = await fetch(cfg.url + "/v1/object/" + p.hash, { headers });
const path = "/v1/object/" + p.hash;
const headers = {};
const b = getBearer();
if (b) Object.assign(headers, await popHeaders("GET", path, new Uint8Array()), { Authorization: "Bearer "+b });
const r = await fetch(cfg.url + path, { headers });
if (!r.ok) throw new Error("fetch failed " + r.status);
const buf = new Uint8Array(await r.arrayBuffer());
let text;
@@ -199,30 +283,30 @@ async function viewPost(p, pre) {
}
async function saveBlob(p) {
const headers = {}; if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
const r = await fetch(cfg.url + "/v1/object/" + p.hash, { headers });
const path = "/v1/object/" + p.hash;
const headers = {};
const b = getBearer();
if (b) Object.assign(headers, await popHeaders("GET", path, new Uint8Array()), { Authorization: "Bearer "+b });
const r = await fetch(cfg.url + path, { headers });
if (!r.ok) return alert("download failed " + r.status);
const b = await r.blob();
const a = document.createElement("a"); a.href = URL.createObjectURL(b);
const bl = await r.blob();
const a = document.createElement("a"); a.href = URL.createObjectURL(bl);
a.download = p.hash + (p.enc ? ".gcenc" : ".json"); a.click(); URL.revokeObjectURL(a.href);
}
async function delServer(p) {
const headers = {}; if (cfg.bearer) headers["Authorization"] = "Bearer " + cfg.bearer;
const path = "/v1/object/" + p.hash;
const b = getBearer(); if (!b) return alert("Sign in first.");
const headers = { Authorization: "Bearer "+b };
Object.assign(headers, await popHeaders("DELETE", path, new Uint8Array()));
if (!confirm("Delete blob from server by hash?")) return;
const r = await fetch(cfg.url + "/v1/object/" + p.hash, { method:"DELETE", headers });
const r = await fetch(cfg.url + path, { method:"DELETE", headers });
if (!r.ok) return alert("delete failed " + r.status);
setPosts(getPosts().filter(x=>x.hash!==p.hash));
}
// ---------- Discord SSO ----------
async function discordStart() {
if (!cfg.url) {
const derived = defaultApiBase();
if (derived) {
cfg.url = derived; try { localStorage.setItem(LS_KEY, JSON.stringify(cfg)); } catch {}
els.shardUrl.value = derived;
}
}
if (!cfg.url) { alert("Set shard URL first."); return; }
const r = await fetch(cfg.url + "/v1/auth/discord/start", { headers: { "X-GC-3P-Assent":"1" }});
if (!r.ok) { alert("Discord SSO not available"); return; }
@@ -230,27 +314,21 @@ async function discordStart() {
location.href = j.url;
}
// ---------- Render ----------
function renderPosts() {
const posts = getPosts(); els.posts.innerHTML = "";
for (const p of posts) {
const localStr = fmtWhen(p.ts, LOCAL_TZ) + ` (${LOCAL_TZ})`;
let creatorStr = "";
if (p.creator_tz && p.creator_tz !== LOCAL_TZ) {
creatorStr = ` · creator: ${fmtWhen(p.ts, p.creator_tz)} (${p.creator_tz})`;
}
const div = document.createElement("div"); div.className = "post";
const badge = p.enc ? `<span class="badge">private</span>` : `<span class="badge">public</span>`;
div.innerHTML = `
<div class="meta">
<code>${p.hash.slice(0,10)}…</code> · ${p.bytes} bytes · ${localStr}${creatorStr} ${badge}
</div>
<div class="meta"><code>${p.hash.slice(0,10)}…</code> · ${p.bytes} bytes · ${p.ts} ${badge}</div>
<div class="actions">
<button data-act="view">View</button>
<button data-act="save">Save blob</button>
<button data-act="delete">Delete (server)</button>
<button data-act="remove">Remove (local)</button>
</div>
<pre class="content" style="white-space:pre-wrap;margin-top:.5rem;"></pre>`;
<pre class="content"></pre>`;
const pre = div.querySelector(".content");
div.querySelector('[data-act="view"]').onclick = () => viewPost(p, pre);
div.querySelector('[data-act="save"]').onclick = () => saveBlob(p);

57
client/auth_callback.html
View File

@@ -1,43 +1,20 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8"/>
<title>GreenCoast — Auth Callback</title>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<style>
body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Arial; background:#0b1117; color:#e6edf3; display:flex; align-items:center; justify-content:center; height:100vh; }
.card { background:#0f1621; padding:1rem 1.2rem; border-radius:14px; max-width:560px; }
.muted{ color:#8b949e; }
</style>
</head>
<body>
<div class="card">
<h3>Signing you in…</h3>
<div id="msg" class="muted">Please wait.</div>
</div>
<script type="module">
const params = new URLSearchParams(location.search);
const code = params.get("code");
const origin = location.origin; // shard and client served together
const msg = (t)=>document.getElementById("msg").textContent = t;
async function run() {
if (!code) { msg("Missing 'code' parameter."); return; }
<meta charset="utf-8">
<title>Signing you in…</title>
<script>
(function(){
const hash = new URLSearchParams(location.hash.slice(1));
const bearer = hash.get("bearer");
const next = hash.get("next") || "/";
try {
const r = await fetch(origin + "/v1/auth/discord/callback?assent=1&code=" + encodeURIComponent(code));
if (!r.ok) { msg("Exchange failed: " + r.status); return; }
const j = await r.json();
const key = "gc_client_config_v1";
const cfg = JSON.parse(localStorage.getItem(key) || "{}");
cfg.bearer = j.token;
localStorage.setItem(key, JSON.stringify(cfg));
msg("Success. Redirecting…");
setTimeout(()=>location.href="/", 800);
} catch(e) {
msg("Error: " + (e?.message || e));
}
}
run();
// Prefer sessionStorage; keep localStorage for backward compatibility
if (bearer) sessionStorage.setItem("gc_bearer", bearer);
const k = "gc_client_config_v1";
const cfg = JSON.parse(localStorage.getItem(k) || "{}");
if (bearer) cfg.bearer = bearer;
localStorage.setItem(k, JSON.stringify(cfg));
} catch {}
history.replaceState(null, "", next);
location.href = next;
})();
</script>
</body>
</html>

21
client/index.html
View File

@@ -4,9 +4,9 @@
<meta charset="utf-8"/>
<title>GreenCoast — Client</title>
<meta name="viewport" content="width=device-width,initial-scale=1"/>
<!-- Force API base for Cloudflare tunneled API -->
<meta name="gc-api-base" content="https://api-gc.fullmooncyberworks.com">
<link rel="stylesheet" href="./styles.css"/>
<!-- Optional: explicit API base -->
<meta name="gc-api-base" content="https://api-gc.fullmooncyberworks.com">
</head>
<body>
<div class="container">
@@ -19,8 +19,8 @@
<input id="shardUrl" placeholder="https://api-gc.fullmooncyberworks.com" />
</div>
<div class="row">
<label>Bearer (optional)</label>
<input id="bearer" placeholder="dev-local-token" />
<label>Bearer (session)</label>
<input id="bearer" placeholder="(auto after sign-in)" disabled />
</div>
<div class="row">
<label>Passphrase (private posts)</label>
@@ -30,12 +30,16 @@
<label>3rd-party SSO</label>
<div>
<button id="discordStart">Sign in with Discord</button>
<div class="muted" style="margin-top:.4rem;">
<div class="muted" id="ssoNote">
We use external providers only if you choose to. We cannot vouch for their security.
</div>
</div>
</div>
<div class="actions">
<button id="saveConn">Save</button>
<button id="keySignIn">Sign in (device key)</button>
<button id="panicWipe" class="danger">Panic wipe</button>
</div>
<div id="health" class="muted"></div>
</section>
@@ -44,8 +48,8 @@
<div class="row">
<label>Visibility</label>
<select id="visibility">
<option value="public">Public (plaintext)</option>
<option value="private">Private (E2EE via passphrase)</option>
<option value="public">Public (plaintext)</option>
</select>
</div>
<div class="row">
@@ -56,10 +60,9 @@
<label>Body</label>
<textarea id="body" rows="6" placeholder="Write your post..."></textarea>
</div>
<div class="row">
<label><input type="checkbox" id="shareTZ" checked> Include my time zone on this post</label>
</div>
<div class="actions">
<button id="publish">Publish</button>
</div>
<div id="publishStatus" class="muted"></div>
</section>

33
client/styles.css
View File

@@ -1,18 +1,15 @@
:root { --bg:#0b1117; --card:#0f1621; --fg:#e6edf3; --muted:#8b949e; --accent:#2ea043; }
* { box-sizing: border-box; }
body { margin:0; font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Arial; background:var(--bg); color:var(--fg); }
.container { max-width: 900px; margin: 2rem auto; padding: 0 1rem; }
h1 { font-size: 1.5rem; margin-bottom: 1rem; }
.card { background: var(--card); border-radius: 14px; padding: 1rem; margin-bottom: 1rem; box-shadow: 0 8px 24px rgba(0,0,0,.3); }
h2 { margin-top: 0; font-size: 1.1rem; }
.row { display: grid; grid-template-columns: 160px 1fr; gap: .75rem; align-items: center; margin: .5rem 0; }
label { color: var(--muted); }
input, select, textarea { width: 100%; padding: .6rem .7rem; border-radius: 10px; border: 1px solid #233; background: #0b1520; color: var(--fg); }
button { background: var(--accent); color: #08130b; border: none; padding: .6rem .9rem; border-radius: 10px; cursor: pointer; font-weight: 700; }
button:hover { filter: brightness(1.05); }
.muted { color: var(--muted); margin-top: .5rem; font-size: .9rem; }
.post { border: 1px solid #1d2734; border-radius: 12px; padding: .75rem; margin: .5rem 0; background: #0c1824; }
.post .meta { font-size: .85rem; color: var(--muted); margin-bottom: .4rem; }
.post .actions { margin-top: .5rem; display:flex; gap:.5rem; }
code { background:#0a1320; padding:.15rem .35rem; border-radius:6px; }
.badge { font-size:.75rem; padding:.1rem .4rem; border-radius: 999px; background:#132235; color:#9fb7d0; margin-left:.5rem; }
:root { color-scheme: light dark; }
body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, Cantarell, "Noto Sans", sans-serif; margin: 0; padding: 2rem; }
.container { max-width: 860px; margin: 0 auto; }
h1 { margin: 0 0 1rem 0; }
.card { border: 1px solid #30363d; border-radius: 16px; padding: 1rem; margin: 1rem 0; box-shadow: 0 2px 6px rgba(0,0,0,.1); }
.row { display: grid; grid-template-columns: 160px 1fr; gap: .8rem; align-items: center; margin: .6rem 0; }
label { opacity: .8; }
input, textarea, select, button { font: inherit; padding: .6rem .7rem; border-radius: 10px; border: 1px solid #30363d; background: transparent; color: inherit; }
button { cursor: pointer; }
button.danger { border-color: #a4002a; color: #a4002a; }
.actions { display: flex; gap: .6rem; flex-wrap: wrap; margin-top: .4rem; }
.muted { opacity: .7; font-size: .9rem; }
.badge { display: inline-block; padding: .1rem .4rem; border-radius: 8px; border: 1px solid #30363d; font-size: .75rem; margin-left: .4rem; }
.post { border-top: 1px dashed #30363d; padding: .6rem 0; }
pre.content { white-space: pre-wrap; margin-top: .5rem; }

107
cmd/shard/main.go
View File

@@ -25,8 +25,9 @@ func getenvBool(key string, def bool) bool {
}
func staticHeaders(next http.Handler) http.Handler {
onion := os.Getenv("GC_ONION_LOCATION") // optional: e.g., http://xxxxxxxx.onion/
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Same security posture as API
// Security headers + strict CSP (no inline) + COEP
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-site")
@@ -34,8 +35,21 @@ func staticHeaders(next http.Handler) http.Handler {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
// Allow only self + HTTPS for fetch/SSE; no inline styles/scripts
w.Header().Set("Content-Security-Policy",
"default-src 'self'; "+
"script-src 'self'; "+
"style-src 'self'; "+
"img-src 'self' data:; "+
"connect-src 'self' https:; "+
"frame-ancestors 'none'; object-src 'none'; base-uri 'none'; form-action 'self'; "+
"require-trusted-types-for 'script'")
if onion != "" {
w.Header().Set("Onion-Location", onion)
}
// Basic CORS for client assets
// Basic CORS for static (GET only effectively)
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == http.MethodOptions {
w.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
@@ -48,68 +62,70 @@ func staticHeaders(next http.Handler) http.Handler {
}
func main() {
// ---- Config via env ----
// ---- Config ----
httpAddr := os.Getenv("GC_HTTP_ADDR")
if httpAddr == "" {
httpAddr = ":9080" // API
httpAddr = ":9080"
}
// Optional TLS for API
httpsAddr := os.Getenv("GC_HTTPS_ADDR") // leave empty for HTTP
httpsAddr := os.Getenv("GC_HTTPS_ADDR")
certFile := os.Getenv("GC_TLS_CERT")
keyFile := os.Getenv("GC_TLS_KEY")
staticAddr := os.Getenv("GC_STATIC_ADDR")
if staticAddr == "" {
staticAddr = ":9082"
}
staticDir := os.Getenv("GC_STATIC_DIR")
if staticDir == "" {
staticDir = "/opt/greencoast/client"
}
dataDir := os.Getenv("GC_DATA_DIR")
if dataDir == "" {
dataDir = "/var/lib/greencoast"
}
// Static dir + port (frontend)
staticDir := os.Getenv("GC_STATIC_DIR")
if staticDir == "" {
staticDir = "/opt/greencoast/client"
}
staticAddr := os.Getenv("GC_STATIC_ADDR")
if staticAddr == "" {
staticAddr = ":9082"
}
coarseTS := getenvBool("GC_COARSE_TS", false)
coarseTS := getenvBool("GC_COARSE_TS", true) // safer default (less precise metadata)
zeroTrust := getenvBool("GC_ZERO_TRUST", true)
signingSecretHex := os.Getenv("GC_SIGNING_SECRET_HEX")
encRequired := getenvBool("GC_ENCRYPTION_REQUIRED", true) // operator-blind by default
requirePOP := getenvBool("GC_REQUIRE_POP", true) // logged only here
signingSecretHex := os.Getenv("GC_SIGNING_SECRET_HEX")
if len(signingSecretHex) < 64 {
log.Printf("WARN: GC_SIGNING_SECRET_HEX length=%d (need >=64 hex chars)", len(signingSecretHex))
} else {
log.Printf("GC_SIGNING_SECRET_HEX OK (len=%d)", len(signingSecretHex))
}
// Discord SSO
discID := os.Getenv("GC_DISCORD_CLIENT_ID")
discSecret := os.Getenv("GC_DISCORD_CLIENT_SECRET")
discRedirect := os.Getenv("GC_DISCORD_REDIRECT_URI")
// ---- Storage ----
// ---- Storage & Index ----
store, err := storage.NewFS(dataDir)
if err != nil {
log.Fatalf("storage init: %v", err)
}
// ---- Index ----
ix := index.New()
// Optional: auto-reindex from disk on boot
if w, ok := any(store).(interface {
Walk(func(hash string, size int64, mod time.Time) error) error
}); ok {
if err := w.Walk(func(hash string, size int64, mod time.Time) error {
// Reindex on boot from existing files (coarse time if enabled)
if err := store.Walk(func(hash string, size int64, mod time.Time) error {
when := mod.UTC()
if coarseTS {
when = when.Truncate(time.Minute)
}
return ix.Put(index.Entry{
Hash: hash,
Bytes: size,
StoredAt: mod.UTC().Format(time.RFC3339Nano),
Private: false,
StoredAt: when.Format(time.RFC3339Nano),
Private: false, // unknown here
})
}); err != nil {
log.Printf("reindex on boot: %v", err)
}
}
// ---- Auth/Providers ----
ap := api.AuthProviders{
// ---- Auth providers ----
providers := api.AuthProviders{
SigningSecretHex: signingSecretHex,
Discord: api.DiscordProvider{
Enabled: discID != "" && discSecret != "" && discRedirect != "",
@@ -119,36 +135,29 @@ func main() {
},
}
// ---- API server (9080/HTTPS optional) ----
srv := api.New(store, ix, coarseTS, zeroTrust, ap)
// ---- API server ----
srv := api.New(store, ix, coarseTS, zeroTrust, providers, encRequired)
// Serve the static client in a goroutine on 9082
// ---- Static file server (separate listener) ----
go func() {
if st, err := os.Stat(staticDir); err != nil || !st.IsDir() {
log.Printf("WARN: GC_STATIC_DIR %q not found or not a dir; client may 404", staticDir)
}
mux := http.NewServeMux()
mux.Handle("/", http.FileServer(http.Dir(staticDir)))
fs := http.FileServer(http.Dir(staticDir))
h := staticHeaders(fs)
log.Printf("static listening on %s (dir=%s)", staticAddr, staticDir)
if err := http.ListenAndServe(staticAddr, staticHeaders(mux)); err != nil {
if err := http.ListenAndServe(staticAddr, h); err != nil {
log.Fatalf("static server: %v", err)
}
}()
// Prefer HTTPS if configured
// ---- Start API (HTTP or HTTPS) ----
if httpsAddr != "" && certFile != "" && keyFile != "" {
log.Printf("starting HTTPS API on %s", httpsAddr)
log.Printf("API HTTPS %s POP:%v ENC_REQUIRED:%v", httpsAddr, requirePOP, encRequired)
if err := srv.ListenHTTPS(httpsAddr, certFile, keyFile); err != nil {
log.Fatal(err)
}
return
}
// Otherwise HTTP
log.Printf("starting HTTP API on %s", httpAddr)
log.Printf("API HTTP %s POP:%v ENC_REQUIRED:%v", httpAddr, requirePOP, encRequired)
if err := srv.ListenHTTP(httpAddr); err != nil {
log.Fatal(err)
}
_ = time.Second
}

1
docker-compose.test.yml
View File

@@ -12,6 +12,7 @@ services:
- "9082:9082" # Frontend
environment:
- GC_DEV_ALLOW_UNAUTH=true
- GC_SIGNING_SECRET_HEX=92650f92d67d55368c852713a5007b90d933bff507bc77c980de7bf5442844ca
volumes:
- ./testdata:/var/lib/greencoast
- ./configs/shard.test.yaml:/app/shard.yaml:ro

1
docker-compose.yml
View File

@@ -11,6 +11,7 @@ services:
- "8081:8081"
environment:
- GC_DEV_ALLOW_UNAUTH=false
- GC_SIGNING_SECRET_HEX=92650f92d67d55368c852713a5007b90d933bff507bc77c980de7bf5442844ca
volumes:
- gc_data:/var/lib/greencoast
- ./configs/shard.sample.yaml:/app/shard.yaml:ro

1072
internal/api/http.go
View File

File diff suppressed because it is too large Load Diff

78
internal/api/ratelimit.go Normal file
View File

@@ -0,0 +1,78 @@
package api
import (
"net"
"net/http"
"sync"
"time"
)
type rateLimiter struct {
mu sync.Mutex
bk map[string]*bucket
rate float64 // tokens per second
burst float64
window time.Duration
}
type bucket struct {
tokens float64
last time.Time
}
func newRateLimiter(rps float64, burst int, window time.Duration) *rateLimiter {
return &rateLimiter{
bk: make(map[string]*bucket),
rate: rps,
burst: float64(burst),
window: window,
}
}
func (rl *rateLimiter) allow(key string) bool {
now := time.Now()
rl.mu.Lock()
defer rl.mu.Unlock()
b := rl.bk[key]
if b == nil {
b = &bucket{tokens: rl.burst, last: now}
rl.bk[key] = b
}
// refill
elapsed := now.Sub(b.last).Seconds()
b.tokens = min(rl.burst, b.tokens+elapsed*rl.rate)
b.last = now
if b.tokens < 1.0 {
return false
}
b.tokens -= 1.0
// occasional cleanup
for k, v := range rl.bk {
if now.Sub(v.last) > rl.window {
delete(rl.bk, k)
}
}
return true
}
func min(a, b float64) float64 {
if a < b {
return a
}
return b
}
func clientIP(r *http.Request) string {
// Prefer Cloudflares header if present; fall back to RemoteAddr.
if ip := r.Header.Get("CF-Connecting-IP"); ip != "" {
return ip
}
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
return r.RemoteAddr
}
return host
}

97
internal/api/static.go
View File

@@ -1,86 +1,29 @@
package api
import (
"log"
"mime"
"net/http"
"os"
"path/filepath"
"strings"
"time"
)
func init() {
// Ensure common types are known (some distros are sparse by default)
_ = mime.AddExtensionType(".js", "application/javascript; charset=utf-8")
_ = mime.AddExtensionType(".css", "text/css; charset=utf-8")
_ = mime.AddExtensionType(".html", "text/html; charset=utf-8")
_ = mime.AddExtensionType(".map", "application/json; charset=utf-8")
}
func (s *Server) MountStatic(dir string, baseURL string) {
if dir == "" {
return
}
if baseURL == "" {
baseURL = "/"
}
s.mux.Handle(baseURL, s.staticHandler(dir, baseURL))
if !strings.HasSuffix(baseURL, "/") {
s.mux.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
}
}
func (s *Server) ListenFrontendHTTP(addr, dir, baseURL string) error {
if dir == "" || addr == "" {
return nil
}
log.Printf("frontend listening on %s (dir=%s base=%s)", addr, dir, baseURL)
mx := http.NewServeMux()
mx.Handle(baseURL, s.staticHandler(dir, baseURL))
if !strings.HasSuffix(baseURL, "/") {
mx.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
}
server := &http.Server{
Addr: addr,
Handler: mx,
ReadHeaderTimeout: 5 * time.Second,
}
return server.ListenAndServe()
}
func (s *Server) staticHandler(dir, baseURL string) http.Handler {
if baseURL == "" {
baseURL = "/"
}
// secureHeaders adds strict, privacy-preserving headers to static responses.
func (s *Server) secureHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.secureHeaders(w)
up := strings.TrimPrefix(r.URL.Path, baseURL)
if up == "" || strings.HasSuffix(r.URL.Path, "/") {
up = "index.html"
}
full := filepath.Join(dir, filepath.FromSlash(up))
if !strings.HasPrefix(filepath.Clean(full), filepath.Clean(dir)) {
http.NotFound(w, r)
return
}
// Serve file if it exists, else SPA-fallback to index.html
if st, err := os.Stat(full); err == nil && !st.IsDir() {
// Set Content-Type explicitly based on extension
if ctype := mime.TypeByExtension(filepath.Ext(full)); ctype != "" {
w.Header().Set("Content-Type", ctype)
}
http.ServeFile(w, r, full)
return
}
fallback := filepath.Join(dir, "index.html")
if _, err := os.Stat(fallback); err == nil {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
http.ServeFile(w, r, fallback)
return
}
http.NotFound(w, r)
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-site")
w.Header().Set("Permissions-Policy", "camera=(), microphone=(), geolocation=(), interest-cohort=(), browsing-topics=()")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
next.ServeHTTP(w, r)
})
}
// MountStatic mounts a static file server under a prefix onto the provided mux.
// Usage (from main): s.MountStatic(mux, "/", http.Dir(staticDir))
func (s *Server) MountStatic(mux *http.ServeMux, prefix string, fs http.FileSystem) {
if prefix == "" {
prefix = "/"
}
h := http.StripPrefix(prefix, http.FileServer(fs))
mux.Handle(prefix, s.secureHeaders(h))
}

78
internal/auth/gc2.go Normal file
View File

@@ -0,0 +1,78 @@
package auth
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
"strings"
"time"
)
type Claims struct {
Sub string `json:"sub"` // account ID (acc_…)
Exp int64 `json:"exp"` // unix seconds
Nbf int64 `json:"nbf,omitempty"` // not before
Iss string `json:"iss,omitempty"` // greencoast
Aud string `json:"aud,omitempty"` // api
Jti string `json:"jti,omitempty"` // token id (optional)
CNF string `json:"cnf,omitempty"` // key binding: "p256:<b64raw>" or "ed25519:<b64raw>"
}
func MintGC2(signKey []byte, c Claims) (string, error) {
if len(signKey) == 0 {
return "", errors.New("sign key missing")
}
if c.Sub == "" || c.Exp == 0 {
return "", errors.New("claims incomplete")
}
body, _ := json.Marshal(c)
mac := hmac.New(sha256.New, signKey)
mac.Write(body)
sig := mac.Sum(nil)
return "gc2." + base64.RawURLEncoding.EncodeToString(body) + "." + base64.RawURLEncoding.EncodeToString(sig), nil
}
func VerifyGC2(signKey []byte, tok string, now time.Time) (Claims, error) {
var zero Claims
if !strings.HasPrefix(tok, "gc2.") {
return zero, errors.New("bad prefix")
}
parts := strings.Split(tok, ".")
if len(parts) != 3 {
return zero, errors.New("bad parts")
}
body, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return zero, err
}
want, err := base64.RawURLEncoding.DecodeString(parts[2])
if err != nil {
return zero, err
}
mac := hmac.New(sha256.New, signKey)
mac.Write(body)
if !hmac.Equal(want, mac.Sum(nil)) {
return zero, errors.New("bad sig")
}
var c Claims
if err := json.Unmarshal(body, &c); err != nil {
return zero, err
}
t := now.Unix()
if c.Nbf != 0 && t < c.Nbf {
return zero, errors.New("nbf")
}
if t > c.Exp {
return zero, errors.New("expired")
}
return c, nil
}
func AccountIDFromPub(raw []byte) string {
// acc_<first32 hex of sha256(pub)>
sum := sha256.Sum256(raw)
return "acc_" + hex.EncodeToString(sum[:16])
}

105
internal/index/index.go
View File

@@ -1,108 +1,63 @@
package index
import (
"sort"
"errors"
"sync"
"time"
)
// Entry is the API/JSON shape the server returns.
// StoredAt is RFC3339/RFC3339Nano in UTC.
// Entry is the minimal metadata we expose to clients.
type Entry struct {
Hash string `json:"hash"`
Bytes int64 `json:"bytes"`
StoredAt string `json:"stored_at"` // RFC3339( Nano ) string
Private bool `json:"private"`
CreatorTZ string `json:"creator_tz,omitempty"` // IANA TZ like "America/New_York"
StoredAt string `json:"stored_at"` // RFC3339Nano
Private bool `json:"private"` // true if client marked encrypted
CreatorTZ string `json:"creator_tz,omitempty"` // optional IANA TZ from client
}
// internal record with real time.Time for sorting/comparison.
type rec struct {
Hash string
Bytes int64
StoredAt time.Time
Private bool
CreatorTZ string
}
// Index is an in-memory index keyed by hash.
// Index is an in-memory map from hash -> Entry, safe for concurrent use.
type Index struct {
mu sync.RWMutex
hash map[string]rec
m map[string]Entry
}
// New creates an empty Index.
func New() *Index {
return &Index{
hash: make(map[string]rec),
}
return &Index{m: make(map[string]Entry)}
}
// Put inserts or replaces an entry.
// e.StoredAt may be RFC3339( Nano ); if empty/invalid we use time.Now().UTC().
func (ix *Index) Put(e Entry) error {
if e.Hash == "" {
return errors.New("empty hash")
}
ix.mu.Lock()
defer ix.mu.Unlock()
t := parseWhen(e.StoredAt)
if t.IsZero() {
t = time.Now().UTC()
}
ix.hash[e.Hash] = rec{
Hash: e.Hash,
Bytes: e.Bytes,
StoredAt: t,
Private: e.Private,
CreatorTZ: e.CreatorTZ,
}
ix.m[e.Hash] = e
ix.mu.Unlock()
return nil
}
// Delete removes an entry by hash (no error if absent).
func (ix *Index) Delete(hash string) error {
if hash == "" {
return errors.New("empty hash")
}
ix.mu.Lock()
defer ix.mu.Unlock()
delete(ix.hash, hash)
delete(ix.m, hash)
ix.mu.Unlock()
return nil
}
// List returns entries sorted by StoredAt descending.
func (ix *Index) List() ([]Entry, error) {
func (ix *Index) Get(hash string) (Entry, bool) {
ix.mu.RLock()
defer ix.mu.RUnlock()
tmp := make([]rec, 0, len(ix.hash))
for _, r := range ix.hash {
tmp = append(tmp, r)
}
sort.Slice(tmp, func(i, j int) bool {
return tmp[i].StoredAt.After(tmp[j].StoredAt)
})
out := make([]Entry, len(tmp))
for i, r := range tmp {
out[i] = Entry{
Hash: r.Hash,
Bytes: r.Bytes,
StoredAt: r.StoredAt.UTC().Format(time.RFC3339Nano),
Private: r.Private,
CreatorTZ: r.CreatorTZ,
}
}
return out, nil
e, ok := ix.m[hash]
ix.mu.RUnlock()
return e, ok
}
// parseWhen tries RFC3339Nano then RFC3339; returns zero time on failure.
func parseWhen(s string) time.Time {
if s == "" {
return time.Time{}
// All returns an unsorted copy of all entries.
func (ix *Index) All() []Entry {
ix.mu.RLock()
out := make([]Entry, 0, len(ix.m))
for _, v := range ix.m {
out = append(out, v)
}
if t, err := time.Parse(time.RFC3339Nano, s); err == nil {
return t
}
if t, err := time.Parse(time.RFC3339, s); err == nil {
return t
}
return time.Time{}
ix.mu.RUnlock()
return out
}

106
internal/storage/fs.go
View File

@@ -10,15 +10,11 @@ import (
"time"
)
// FSStore stores blobs on the local filesystem under root/objects/...
// It supports both a flat layout (objects/<hash>) and a nested layout
// (objects/<hash>/<file> or objects/<prefix>/<hash>).
type FSStore struct {
root string
objects string
}
// NewFS returns a file-backed blob store rooted at dir.
func NewFS(dir string) (*FSStore, error) {
if dir == "" {
return nil, errors.New("empty storage dir")
@@ -30,7 +26,6 @@ func NewFS(dir string) (*FSStore, error) {
return &FSStore{root: dir, objects: o}, nil
}
// pathFlat returns the flat path objects/<hash>.
func (s *FSStore) pathFlat(hash string) (string, error) {
if hash == "" {
return "", errors.New("empty hash")
@@ -38,7 +33,6 @@ func (s *FSStore) pathFlat(hash string) (string, error) {
return filepath.Join(s.objects, hash), nil
}
// isHexHash does a quick check for lowercase hex of length 64.
func isHexHash(name string) bool {
if len(name) != 64 {
return false
@@ -52,27 +46,14 @@ func isHexHash(name string) bool {
return true
}
// findBlobPath tries common layouts before falling back to a recursive search.
//
// Supported fast paths (in order):
// 1. objects/<hash> (flat file)
// 2. objects/<hash>/blob|data|content (common names)
// 3. objects/<hash>/<single file> (folder-per-post; pick that file)
// 4. objects/<hash[0:2]>/<hash> (two-level prefix sharding)
//
// If still not found, it walks recursively under objects/ to locate either:
// - a file named exactly <hash>, or
// - any file under a directory named <hash> (choose the most recently modified).
func (s *FSStore) findBlobPath(hash string) (string, error) {
if hash == "" {
return "", errors.New("empty hash")
}
// 1) flat file
// 1) flat
if p, _ := s.pathFlat(hash); fileExists(p) {
return p, nil
}
// 2) objects/<hash>/{blob,data,content}
dir := filepath.Join(s.objects, hash)
for _, cand := range []string{"blob", "data", "content"} {
@@ -81,11 +62,9 @@ func (s *FSStore) findBlobPath(hash string) (string, error) {
return p, nil
}
}
// 3) objects/<hash>/<single file>
if st, err := os.Stat(dir); err == nil && st.IsDir() {
ents, err := os.ReadDir(dir)
if err == nil {
ents, _ := os.ReadDir(dir)
var picked string
var pickedMod time.Time
for _, de := range ents {
@@ -94,75 +73,56 @@ func (s *FSStore) findBlobPath(hash string) (string, error) {
}
p := filepath.Join(dir, de.Name())
fi, err := os.Stat(p)
if err != nil || !fi.Mode().IsRegular() {
continue
}
// Pick newest file if multiple.
if err == nil && fi.Mode().IsRegular() {
if picked == "" || fi.ModTime().After(pickedMod) {
picked = p
pickedMod = fi.ModTime()
picked, pickedMod = p, fi.ModTime()
}
}
}
if picked != "" {
return picked, nil
}
}
}
// 4) two-level prefix: objects/aa/<hash>
// 4) two-level prefix objects/aa/<hash>
if len(hash) >= 2 {
p := filepath.Join(s.objects, hash[:2], hash)
if fileExists(p) {
return p, nil
}
}
// Fallback: recursive search
// 5) recursive search
var best string
var bestMod time.Time
err := filepath.WalkDir(s.objects, func(p string, d fs.DirEntry, err error) error {
if err != nil {
// ignore per-entry errors
return nil
}
if d.IsDir() {
_ = filepath.WalkDir(s.objects, func(p string, d fs.DirEntry, err error) error {
if err != nil || d.IsDir() {
return nil
}
base := filepath.Base(p)
// Exact filename == hash
if base == hash {
best = p
// exact match is good enough; stop here
return fs.SkipDir
}
// If parent dir name is hash, consider it
parent := filepath.Base(filepath.Dir(p))
if parent == hash {
if fi, err := os.Stat(p); err == nil && fi.Mode().IsRegular() {
if best == "" || fi.ModTime().After(bestMod) {
best = p
bestMod = fi.ModTime()
best, bestMod = p, fi.ModTime()
}
}
}
return nil
})
if err == nil && best != "" {
if best != "" {
return best, nil
}
return "", os.ErrNotExist
}
// fileExists true if path exists and is a regular file.
func fileExists(p string) bool {
fi, err := os.Stat(p)
return err == nil && fi.Mode().IsRegular()
}
// Put writes/overwrites the blob at the content hash into the flat path.
// (Nested layouts remain supported for reads/reindex, but new writes are flat.)
func (s *FSStore) Put(hash string, r io.Reader) error {
p, err := s.pathFlat(hash)
if err != nil {
@@ -189,7 +149,6 @@ func (s *FSStore) Put(hash string, r io.Reader) error {
return os.Rename(tmp, p)
}
// Get opens the blob for reading and returns its size if known.
func (s *FSStore) Get(hash string) (io.ReadCloser, int64, error) {
p, err := s.findBlobPath(hash)
if err != nil {
@@ -206,17 +165,12 @@ func (s *FSStore) Get(hash string) (io.ReadCloser, int64, error) {
return f, st.Size(), nil
}
// Delete removes the blob. It is not an error if it doesn't exist.
// It tries the flat path, common nested paths, then falls back to remove
// any file found via findBlobPath.
func (s *FSStore) Delete(hash string) error {
// Try flat
if p, _ := s.pathFlat(hash); fileExists(p) {
if err := os.Remove(p); err == nil || errors.Is(err, os.ErrNotExist) {
return nil
}
}
// Try common nested
dir := filepath.Join(s.objects, hash)
for _, cand := range []string{"blob", "data", "content"} {
p := filepath.Join(dir, cand)
@@ -234,77 +188,49 @@ func (s *FSStore) Delete(hash string) error {
}
}
}
// Fallback: whatever findBlobPath locates
if p, err := s.findBlobPath(hash); err == nil {
if err := os.Remove(p); err == nil || errors.Is(err, os.ErrNotExist) {
return nil
}
}
// If we couldn't find anything, treat as success (idempotent delete)
return nil
}
// Walk calls fn(hash, size, modTime) for each blob file found.
// It recognizes blobs when either:
// - the file name is a 64-char hex hash, or
// - the parent directory name is that hash (folder-per-post).
//
// If multiple files map to the same hash (e.g., dir contains many files),
// the newest file's size/modTime is reported.
func (s *FSStore) Walk(fn func(hash string, size int64, mod time.Time) error) error {
type rec struct {
size int64
mod time.Time
}
agg := make(map[string]rec)
err := filepath.WalkDir(s.objects, func(p string, d fs.DirEntry, err error) error {
if err != nil {
return nil // skip unreadable entries
}
if d.IsDir() {
_ = filepath.WalkDir(s.objects, func(p string, d fs.DirEntry, err error) error {
if err != nil || d.IsDir() {
return nil
}
// Only consider regular files
fi, err := os.Stat(p)
if err != nil || !fi.Mode().IsRegular() {
return nil
}
base := filepath.Base(p)
// Case 1: filename equals hash
if isHexHash(base) {
if r, ok := agg[base]; !ok || fi.ModTime().After(r.mod) {
agg[base] = rec{size: fi.Size(), mod: fi.ModTime()}
agg[base] = rec{fi.Size(), fi.ModTime()}
}
return nil
}
// Case 2: parent dir is the hash
parent := filepath.Base(filepath.Dir(p))
if isHexHash(parent) {
if r, ok := agg[parent]; !ok || fi.ModTime().After(r.mod) {
agg[parent] = rec{size: fi.Size(), mod: fi.ModTime()}
agg[parent] = rec{fi.Size(), fi.ModTime()}
}
return nil
}
// Case 3: two-level prefix layout e.g. objects/aa/<hash>
// If parent is a 2-char dir and grandparent is objects/, base might be hash.
if len(base) == 64 && isHexHash(strings.ToLower(base)) {
// already handled as Case 1, but keep as safety if different casing sneaks in
if r, ok := agg[base]; !ok || fi.ModTime().After(r.mod) {
agg[base] = rec{size: fi.Size(), mod: fi.ModTime()}
agg[base] = rec{fi.Size(), fi.ModTime()}
}
return nil
}
return nil
})
if err != nil {
return err
}
for h, r := range agg {
if err := fn(h, r.size, r.mod); err != nil {
return err

1
testdata/objects/5dcfd2e73a6c3a17b0efb103f1a3b891fc06b0189a0c5d5916435d9e5d74e963 vendored
View File

@@ -1 +0,0 @@
{"title":"Timezone Publish","body":"You can now include your timezone on all of your posts. This is completely optional but lets others see when you posted"}

1
testdata/objects/6a/16/6a166437b9988bd11e911375f3ca1b4cd10b7db9a32812409c6d79a0753dd973 vendored
View File

@@ -1 +0,0 @@
{"title":"Yarn is Testing!","body":"Hello, my name is Yarn. And I like to test. Test test 1 2 3."}

1
testdata/objects/96/28/9628e2adcd7a5e820fbdbe075027ac0ad78ef1a7a501971c2048bc5e5436b891 vendored
View File

@@ -1 +0,0 @@
<01><><EFBFBD>d<EFBFBD>+V<><56><EFBFBD>+<2B>%<>O<EFBFBD><4F>2ޒ$)<07><>zF<7A>î<EFBFBD>)4<><34><EFBFBD>O:z<><7A>*<2A>Ыe<D0AB><65>*5<><04>)<29><>#<23>V<EFBFBD> <0B>H<EFBFBD><48>!i<><69><EFBFBD>S$e<><65><EFBFBD>dx<64>]<5D><>$<24><1F>t<EFBFBD><74>6۩<><DBA9>H<EFBFBD><48>

1
testdata/objects/a0/08/a008a13ade86edbd77f5c0fcfcf35bd295c93069be42fdbd46bc65b392ddf5fb vendored
View File

@@ -1 +0,0 @@
{"title":"Public Test","body":"Hello Everyone,\n\nWelcome to GreenCoast, a BlueSky Replacement\n\nMystiatech"}

1
testdata/objects/f4/52/f452402fadb6608bd6f9b613a1d58234e2135f045ea29262574e3e4b1e5f7292 vendored
View File

@@ -1 +0,0 @@
{"title":"Test post","body":"Does this work?"}