blek
/
cupidgpg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init repo

This commit is contained in:
b1ek 2024-07-27 20:55:13 +10:00
commit 71ee60b60b
Signed by: blek
GPG Key ID: 14546221E3595D0C
25 changed files with 6696 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.eslintrc.js Normal file
View File

@ -0,0 +1,25 @@
module.exports = {
parser: '@typescript-eslint/parser',
parserOptions: {
project: 'tsconfig.json',
tsconfigRootDir: __dirname,
sourceType: 'module',
},
plugins: ['@typescript-eslint/eslint-plugin'],
extends: [
'plugin:@typescript-eslint/recommended',
'plugin:prettier/recommended',
],
root: true,
env: {
node: true,
jest: true,
},
ignorePatterns: ['.eslintrc.js'],
rules: {
'@typescript-eslint/interface-name-prefix': 'off',
'@typescript-eslint/explicit-function-return-type': 'off',
'@typescript-eslint/explicit-module-boundary-types': 'off',
'@typescript-eslint/no-explicit-any': 'off',
},
};

56
.gitignore vendored Normal file
View File

@ -0,0 +1,56 @@
# compiled output
/dist
/node_modules
/build
# Logs
logs
*.log
npm-debug.log*
pnpm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# OS
.DS_Store
# Tests
/coverage
/.nyc_output
# IDEs and editors
/.idea
.project
.classpath
.c9/
*.launch
.settings/
*.sublime-workspace
# IDE - VSCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# temp directory
.temp
.tmp
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

4
.prettierrc Normal file
View File

@ -0,0 +1,4 @@
{
"singleQuote": true,
"trailingComma": "all"
}

10
.swcrc Normal file
View File

@ -0,0 +1,10 @@
{
"jsc": {
"target": "esnext"
},
"isModule": true,
"module": {
"type": "nodenext",
"strict": true
}
}

21
.vscode/launch.json vendored Normal file
View File

@ -0,0 +1,21 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Launch Program",
"skipFiles": [
"<node_internals>/**"
],
"runtimeExecutable": "yarn",
"runtimeArgs": [ "start" ],
"outFiles": [
"${workspaceFolder}/dist/**/*.js"
]
}
]
}

5
README.md Normal file
View File

@ -0,0 +1,5 @@
# cupid
this is a keyserver that queries multiple keyservers at once providing most recent data
## deploying limitations
it has to be deployed behind

9
nest-cli.json Normal file
View File

@ -0,0 +1,9 @@
{
"$schema": "https://json.schemastore.org/nest-cli",
"collection": "@nestjs/schematics",
"sourceRoot": "src",
"compilerOptions": {
"deleteOutDir": true,
"builder": "swc"
}
}

80
package.json Normal file
View File

@ -0,0 +1,80 @@
{
"name": "cupid",
"version": "0.0.1",
"description": "",
"author": "",
"private": true,
"license": "GPL-3.0-only",
"type": "module",
"scripts": {
"build": "nest build",
"format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
"start": "nest start",
"start:dev": "nest start --watch",
"start:debug": "nest start --debug --watch",
"start:prod": "node dist/main",
"lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
"test": "jest",
"test:watch": "jest --watch",
"test:cov": "jest --coverage",
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./test/jest-e2e.json"
},
"dependencies": {
"@nestjs/common": "^10.0.0",
"@nestjs/core": "^10.0.0",
"@nestjs/platform-express": "^10.0.0",
"@nestjs/platform-fastify": "^10.3.10",
"fastify": "^4.28.1",
"hbs": "^4.2.0",
"ip-address": "^9.0.5",
"ky": "^1.5.0",
"reflect-metadata": "^0.2.0",
"rxjs": "^7.8.1"
},
"devDependencies": {
"@fastify/static": "^7.0.4",
"@fastify/view": "^9.1.0",
"@nestjs/cli": "^10.0.0",
"@nestjs/schematics": "^10.0.0",
"@nestjs/testing": "^10.0.0",
"@swc/cli": "^0.4.0",
"@swc/core": "^1.7.2",
"@types/express": "^4.17.17",
"@types/hbs": "^4.0.4",
"@types/jest": "^29.5.2",
"@types/node": "^20.3.1",
"@types/supertest": "^6.0.0",
"@typescript-eslint/eslint-plugin": "^7.0.0",
"@typescript-eslint/parser": "^7.0.0",
"eslint": "^8.42.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-prettier": "^5.0.0",
"jest": "^29.5.0",
"prettier": "^3.0.0",
"source-map-support": "^0.5.21",
"supertest": "^7.0.0",
"ts-jest": "^29.1.0",
"ts-loader": "^9.4.3",
"ts-node": "^10.9.1",
"tsconfig-paths": "^4.2.0",
"typescript": "^5.1.3"
},
"jest": {
"moduleFileExtensions": [
"js",
"json",
"ts"
],
"rootDir": "src",
"testRegex": ".*\\.spec\\.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverageFrom": [
"**/*.(t|j)s"
],
"coverageDirectory": "../coverage",
"testEnvironment": "node"
}
}

9
src/app.module.ts Normal file
View File

@ -0,0 +1,9 @@
import { KeysModule } from './keys/keys.module.js';
import { Module } from '@nestjs/common';
import { ViewsController } from './views.controller.js';
@Module({
controllers: [ ViewsController ],
imports: [ KeysModule ]
})
export class AppModule {}

43
src/keys/controllers/hkp.controller.ts Normal file
View File

@ -0,0 +1,43 @@
import { BadRequestException, Controller, Get, Query, Req } from "@nestjs/common";
import { Address4, Address6 } from "ip-address";
import type { FastifyRequest } from 'fastify';
import { HKPOperation, VALID_OPS } from "../providers/abstract.provider.js";
import { AllKeysProvider } from "../providers/all.provider.js";
import { serializeIndexes } from "../indexes.js";
@Controller()
export class HKPController {
constructor(
private allKeysProvider: AllKeysProvider
) {}
@Get('pks/lookup')
async lookup(@Req() req: FastifyRequest, @Query('search') search: string, @Query('op') op: HKPOperation) {
if (VALID_OPS.indexOf(op) === -1) {
throw new BadRequestException('op MUST be one of: ' + VALID_OPS.join(', '));
}
let ip: Address4 | Address6 | null = null;
if (Address4.isValid(req.ip.replace(/^.*:/, ''))) {
ip = new Address4(req.ip.replace(/^.*:/, ''))
} else if (Address6.isValid(req.ip)) {
ip = new Address6(req.ip)
}
if (ip === null) {
ip = new Address4('127.0.0.1');
}
const miscData = { ip }
switch (op) {
case 'get':
return this.allKeysProvider.get(search, miscData);
case 'index':
const indexes = await this.allKeysProvider.index(search, miscData);
return serializeIndexes(indexes);
}
}
}

139
src/keys/indexes.ts Normal file
View File

@ -0,0 +1,139 @@
// as per https://www.ietf.org/archive/id/draft-gallagher-openpgp-hkp-05.html#name-machine-readable-indexes
export interface Index {
prefix: 'info' | 'pub' | 'uid';
}
export type Indexes = Index[];
export class InfoLine implements Index {
prefix: 'info';
version: 1;
count: number;
constructor(indexLine: string) {
parseIndex<InfoLine>(this, indexLine, [ 'version', 'count' ]);
this.prefix = 'info';
if (this.version != 1) {
throw new Error('InfoLine\'s version MUST be 1! Got ' + this.version)
}
if (this.count) {
if (typeof this.count !== 'number') {
if (isNaN(this.count)) {
throw new Error('InfoLine\'s count MUST NOT be NaN!');
}
}
}
}
}
export class PubLine implements Index {
prefix: 'pub';
keyid?: string;
keylen?: number;
algorithm?: string;
creationdate?: number;
expirationdate?: number;
flags?: string;
version?: string;
constructor(indexLine: string) {
parseIndex<PubLine>(this, indexLine, [ 'keyid', 'keylen', 'algorithm', 'creationdate', 'expirationdate', 'flags', 'version' ]);
this.prefix = 'pub';
if (this.creationdate && typeof this.creationdate !== 'number') {
this.creationdate = parseFloat(this.creationdate);
if (isNaN(this.creationdate)) {
throw new Error('PubLine\'s creationdate MUST NOT be NaN!');
}
}
if (this.expirationdate && typeof this.expirationdate !== 'number') {
this.expirationdate = parseFloat(this.expirationdate);
if (isNaN(this.expirationdate)) {
throw new Error('PubLine\'s expirationdate MUST NOT be NaN!');
}
}
}
}
export class UidLine implements Index {
prefix: 'uid';
uidstring?: string;
creationdate?: string;
expirationdate?: string;
flags?: string;
constructor(indexLine: string) {
parseIndex<UidLine>(this, indexLine, [ 'uidstring', 'creationdate', 'expirationdate', 'flags' ]);
this.prefix = 'uid';
}
}
export function assertValidPrefix(prefix: string, throwError = true): boolean {
if ([ 'info', 'pub', 'uid' ].indexOf(prefix) == -1) {
if (!throwError) {
return false;
}
throw new Error('Prefix must be one of: info, pub, uid')
}
return true
}
export function parseIndexes(untyped: string[]): Indexes {
return untyped
.filter(x => x.split(':').length > 1)
.filter(x => assertValidPrefix(x.split(':')[0], false))
.map(x => {
const prefix = x.split(':')[0] as 'info' | 'pub' | 'uid';
switch (prefix) {
case 'info': return new InfoLine(x)
case 'pub': return new PubLine(x)
case 'uid': return new UidLine(x)
}
})
}
export function parseIndex<T extends Index>(self: any, index: string, keys: (keyof T)[]): void {
let exploded = index.replaceAll('\r', '').split(':');
if (keys.length > exploded.length) {
throw new Error('keys MUST NOT be longer than index');
}
const prefix = exploded[0] as 'info' | 'pub' | 'uid';
assertValidPrefix(prefix, true);
self.prefix = prefix;
exploded = exploded.slice(1, exploded.length);
for (let i = 0; i != keys.length; i++) {
self[keys[i]] = decodeURIComponent(exploded[i]);
}
}
export function serializeIndexes(indexes: Indexes): string {
let out: (string | number | undefined)[][] = [];
for (const index of indexes) {
if (index instanceof InfoLine) {
out.push([ 'info', index.version, index.count ]);
}
if (index instanceof PubLine) {
out.push([ 'pub', index.keyid, index.algorithm, index.keylen, index.creationdate, index.expirationdate, index.flags, index.version ]);
}
if (index instanceof UidLine) {
out.push([ 'uid', index.uidstring, index.creationdate, index.expirationdate, index.flags ]);
}
}
return out
.map(
x => x
.map(x => x ?? '')
.map(encodeURIComponent)
.join(':')
)
.join('\n') + '\n'
}

11
src/keys/keys.module.ts Normal file
View File

@ -0,0 +1,11 @@
import { Module } from "@nestjs/common";
import { HKPController } from "./controllers/hkp.controller.js";
import { OpenPGPKeysProvider } from "./providers/openpgp.provider.js";
import { AllKeysProvider } from "./providers/all.provider.js";
@Module({
providers: [ OpenPGPKeysProvider, AllKeysProvider ],
controllers: [ HKPController ],
exports: [ OpenPGPKeysProvider, AllKeysProvider ]
})
export class KeysModule {}

31
src/keys/providers/abstract.provider.ts Normal file
View File

@ -0,0 +1,31 @@
import { Get, Injectable } from '@nestjs/common';
import { Indexes } from '../indexes.js';
import { Address4, Address6 } from 'ip-address';
export type AdditionalData = { ip: Address4 | Address6 };
export type HKPOperation = keyof AbstractKeysProvider;
export type GetOperationReturn = string | 404;
export const VALID_OPS: readonly HKPOperation[] = Object.freeze([ 'get', 'index' ])
/** https://www.ietf.org/archive/id/draft-gallagher-openpgp-hkp-05.html#name-the-op-operation-field */
@Injectable()
export abstract class AbstractKeysProvider {
readonly url = Object.freeze('http://none');
/**
The "get" operation requests keys from the keyserver by textual search. A string that specifies which key(s) to return is provided in the "search" field.
The response to a successful "get" request is a HTTP document containing an ASCII-armored keyring as specified in [Section 8](https://www.ietf.org/archive/id/draft-gallagher-openpgp-hkp-05.html#keyring-format).
The response MAY be wrapped in any HTML or other text desired, except that the actual key data consisting of an initial line break, the "-----BEGIN PGP PUBLIC KEY BLOCK-----" header, the armored key data itself, the "-----END PGP PUBLIC KEY BLOCK-----" header, and a final line break MUST NOT be modified from the form specified in [[I-D.ietf-openpgp-crypto-refresh](https://www.ietf.org/archive/id/draft-gallagher-openpgp-hkp-05.html#I-D.ietf-openpgp-crypto-refresh)].
If no keys match the request, the keyserver SHOULD return an appropriate HTTP error code such as 404 ("Not Found").
*/
@Get()
async get(search: string, data: AdditionalData): Promise<GetOperationReturn> { return 404 }
@Get()
async index(search: string, data: AdditionalData): Promise<Indexes> { return [] }
}

48
src/keys/providers/all.provider.ts Normal file
View File

@ -0,0 +1,48 @@
import { Get, Injectable } from "@nestjs/common";
import { AbstractKeysProvider, type AdditionalData } from "./abstract.provider.js";
import { Indexes, InfoLine } from "../indexes.js";
import { OpenPGPKeysProvider } from "./openpgp.provider.js";
/**
* This provider searches all key providers and returns their combined result
*/
@Injectable()
export class AllKeysProvider implements AbstractKeysProvider {
constructor(
private openPgpKeysProvider: OpenPGPKeysProvider
) {}
getAll(): AbstractKeysProvider[] {
return [
this.openPgpKeysProvider
]
}
@Get()
async get(search: string, data: AdditionalData): Promise<string | 404> {
const all = this.getAll();
const promises = await Promise.all(all.map(x => x.get(search, data)))
if (promises.filter(x => x == 404).length == promises.length) { // all failed
return 404
} else {
// if there are multiple keys, join them together to avoid missing data
return promises
.filter(x => typeof x === 'string')
.join('\n')
}
}
@Get()
async index(search: string, data: AdditionalData): Promise<Indexes> {
const all = this.getAll();
const promises = await Promise.all(all.map(x => x.index(search, data)))
// merge indexes if there are multiple
const out = [ new InfoLine('info:1:1') ] as Indexes;
promises.forEach(x => x.filter(x => x.prefix !== 'info').forEach(y => out.push(y)));
return out;
}
}

22
src/keys/providers/openpgp.provider.ts Normal file
View File

@ -0,0 +1,22 @@
import { Get, Injectable } from "@nestjs/common";
import { AbstractKeysProvider } from "./abstract.provider.js";
import type { AdditionalData } from "./abstract.provider.js";
import { proxyGetOp, proxyIndexOp } from "./utils.js";
import { Indexes } from "../indexes.js";
@Injectable()
export class OpenPGPKeysProvider implements AbstractKeysProvider {
readonly url = Object.freeze('https://keys.openpgp.org');
@Get()
async get(search: string, data: AdditionalData): Promise<string | 404> {
return proxyGetOp(this.url + '/pks/lookup', search, data);
}
@Get()
async index(search: string, data: AdditionalData): Promise<Indexes> {
return proxyIndexOp(this.url + '/pks/lookup', search, data);
}
}

22
src/keys/providers/ubuntu.provider.ts Normal file
View File

@ -0,0 +1,22 @@
import { Get, Injectable } from "@nestjs/common";
import { AbstractKeysProvider } from "./abstract.provider.js";
import type { AdditionalData } from "./abstract.provider.js";
import { proxyGetOp, proxyIndexOp } from "./utils.js";
import { Indexes } from "../indexes.js";
@Injectable()
export class UbuntuKeysProvider implements AbstractKeysProvider {
readonly url = Object.freeze('https://keyserver.ubuntu.com');
@Get()
async get(search: string, data: AdditionalData): Promise<string | 404> {
return proxyGetOp(this.url + '/pks/lookup', search, data);
}
@Get()
async index(search: string, data: AdditionalData): Promise<Indexes> {
return proxyIndexOp(this.url + '/pks/lookup', search, data);
}
}

47
src/keys/providers/utils.ts Normal file
View File

@ -0,0 +1,47 @@
import ky, { ResponsePromise } from "ky";
import { AdditionalData, GetOperationReturn, HKPOperation } from "./abstract.provider.js";
import { Indexes, parseIndexes } from "../indexes.js";
const BEGIN_HEADER = '-----BEGIN PGP PUBLIC KEY BLOCK-----';
const END_HEADER = '-----END PGP PUBLIC KEY BLOCK-----';
export function getKey(raw: string): string {
return (
raw
.replace(new RegExp(`.*${BEGIN_HEADER}`, 'gm'), BEGIN_HEADER)
.replace(new RegExp(`${END_HEADER}.*`, 'gm'), END_HEADER)
);
}
/**
* Proxy request to a 3rd party keyserver via ky
*/
export function proxyRequest(url: string, op: HKPOperation, search: string, data: AdditionalData): ResponsePromise {
return ky(
url,
{
headers: {
'User-Agent': 'Cupid (https://cupid.blek.codes)'
},
searchParams: {
op,
search
}
}
)
}
export async function proxyGetOp(url: string, search: string, data: AdditionalData): Promise<GetOperationReturn> {
const httpRes = await proxyRequest(url, 'get', search, data);
if (httpRes.status !== 200) { return 404 }
return getKey(await httpRes.text())
}
export async function proxyIndexOp(url: string, search: string, data: AdditionalData): Promise<Indexes> {
const httpRes = await proxyRequest(url, 'index', search, data);
if (httpRes.status !== 200) { return [] }
const rawIndexes = await httpRes.text();
return parseIndexes(rawIndexes.split('\n'))
}

28
src/main.ts Normal file
View File

@ -0,0 +1,28 @@
import { FastifyAdapter, NestFastifyApplication } from '@nestjs/platform-fastify';
import { NestFactory } from '@nestjs/core';
import handlebars from 'hbs';
import { join } from 'path';
import { AppModule } from './app.module.js';
async function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(AppModule, new FastifyAdapter());
const root = import.meta.dirname;
app.useStaticAssets({
root: join(root, '..', 'public'),
prefix: '/public/'
});
app.setViewEngine({
engine: {
handlebars
},
templates: join(root, '..', 'views')
})
await app.listen(3000);
}
bootstrap();

17
src/views.controller.ts Normal file
View File

@ -0,0 +1,17 @@
import { Controller, Get, Render } from "@nestjs/common";
import { AllKeysProvider } from "./keys/providers/all.provider.js";
@Controller()
export class ViewsController {
constructor(
private allKeysProvider: AllKeysProvider
) { }
@Get()
@Render('index.html')
index() {
return { keys: this.allKeysProvider.getAll().map(x => x.url) }
}
}

25
test/app.e2e-spec.ts Normal file
View File

@ -0,0 +1,25 @@
import { Test, TestingModule } from '@nestjs/testing';
import { INestApplication } from '@nestjs/common';
import request from 'supertest';
import { AppModule } from './../src/app.module.js';
describe('AppController (e2e)', () => {
let app: INestApplication;
beforeEach(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = moduleFixture.createNestApplication();
await app.init();
});
it('/ (GET)', () => {
return request(app.getHttpServer())
.get('/')
.expect(200)
.expect(res => res.headers['Content-Type'] == 'text/html');
});
});

9
test/jest-e2e.json Normal file
View File

@ -0,0 +1,9 @@
{
"moduleFileExtensions": ["js", "json", "ts"],
"rootDir": ".",
"testEnvironment": "node",
"testRegex": ".e2e-spec.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
}
}

4
tsconfig.build.json Normal file
View File

@ -0,0 +1,4 @@
{
"extends": "./tsconfig.json",
"exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
}

21
tsconfig.json Normal file
View File

@ -0,0 +1,21 @@
{
"compilerOptions": {
"module": "NodeNext",
"declaration": true,
"removeComments": true,
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"allowSyntheticDefaultImports": true,
"target": "ESNext",
"sourceMap": true,
"outDir": "./dist",
"baseUrl": "./",
"incremental": true,
"skipLibCheck": true,
"strictNullChecks": true,
"noImplicitAny": true,
"strictBindCallApply": true,
"forceConsistentCasingInFileNames": true,
"noFallthroughCasesInSwitch": true
}
}

27
views/index.html Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Cupid GPG server</title>
</head>
<body>
<h1>Cupid</h1>
<p>
this is a GPG keyserver that serves keys from all the following servers combined:
</p>
<ul>
{{#each keys}}
<li>{{ this }}</li>
{{/each}}
</ul>
<p>
point is to reduce situations when one keyserver has a key but another one which you use, doesnt
</p>
<h2>transparency</h2>
<p>
a specific instance (like this one) may not be fully transparent. in fact, its recommended for you to make your own instance
</p>
</body>
</html>

5983
yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff