Página Principal Explorar Ajuda
Iniciar Sessão
enikesha
/
assboard
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: c54ea44f6b
Ramos Etiquetas
assboard
/
engine.lisp

engine.lisp 4.6 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 
  1. (in-package :cl-user)
    2. 

  2. (defpackage #:assboard.engine
    3. 

  3.   (:use :cl :assboard.utils)
    4. 

  4.   (:export #:command-error
    5. 

  5.            #:process-command
    6. 

  6.            #:format-new-posting))
    7. 

  7. (in-package #:assboard.engine)
    8. 

  8. 

  9. (defvar *posting-hash-salt* "[TEST]" "Key for HMAC for new post to get id-hash")
    10. 

  10. (defvar *posting-hash-length* 8 "id-hash length")
    11. 

  11. (defvar *command-valid-for* 600 "Seconds of validity for command timestamp")
    12. 

  12. 

  13. (defun sync-keys-with-trustlist ()
    14. 

  14.   (let ((keys (assboard.pgp:list-fingerprints))
    15. 

  15.         (trustlist (assboard.wot:get-trustlist)))
    16. 

  16.     ;; Drop no-longer-trusted keys
    17. 

  17.     (loop for fgp in keys
    18. 

  18.        unless (find fgp trustlist :test #'equal :key #'car)
    19. 

  19.        do (assboard.pgp:delete-key fgp))
    20. 

  20.     ;; Download new trusted keys
    21. 

  21.     (loop for (fgp . username) in trustlist
    22. 

  22.        unless (find fgp keys :test #'equal)
    23. 

  23.        do (assboard.pgp:recv-key fgp))))
    24. 

  24. 

  25. (define-condition command-error (error) ())
    26. 

  26. (define-condition not-valid-pgp-error (command-error) ())
    27. 

  27. (define-condition not-valid-command-error (command-error) ())
    28. 

  28. (define-condition not-valid-signature-error (command-error) ())
    29. 

  29. (define-condition not-valid-timestamp-error (command-error) ())
    30. 

  30. 

  31. (defun get-post-hash (body author)
    32. 

  32.   "Get part of body+author HMAC to use id-hash."
    33. 

  33.   (let ((hmac (crypto:make-hmac
    34. 

  34.                (trivial-utf-8:string-to-utf-8-bytes *posting-hash-salt*)
    35. 

  35.                :sha512)))
    36. 

  36.     (crypto:update-hmac
    37. 

  37.      hmac
    38. 

  38.      (trivial-utf-8:string-to-utf-8-bytes (concatenate 'string body author)))
    39. 

  39.     (subseq (cl-base64:usb8-array-to-base64-string
    40. 

  40.              (crypto:hmac-digest hmac) :uri t)
    41. 

  41.             0 *posting-hash-length*)))
    42. 

  42. 

  43. (defun cmd/new-post (cmd raw)
    44. 

  44.   (let* ((fgp (assboard.data::raw-fingerprint raw))
    45. 

  45.          (author (or (cdr (assoc fgp
    46. 

  46.                                  assboard.wot:*trustlist-cache*
    47. 

  47.                                  :test #'equal))
    48. 

  48.                      fgp))
    49. 

  49.          (title-end (position #\Newline cmd))
    50. 

  50.          (title (subseq cmd 10 title-end))
    51. 

  51.          (body (subseq cmd (+ title-end 2)))
    52. 

  52.          (hash (get-post-hash body author))
    53. 

  53.          (posting
    54. 

  54.           (pomo:make-dao 'data::posting
    55. 

  55.                          :author author
    56. 

  56.                          :hash hash
    57. 

  57.                          :title title
    58. 

  58.                          :body body))
    59. 

  59.          (posting-edition
    60. 

  60.           (pomo:make-dao 'data::posting-edition
    61. 

  61.                          :posting-id (data::posting-id posting)
    62. 

  62.                          :title title
    63. 

  63.                          :body body
    64. 

  64.                          :raw-id (data::raw-id raw))))
    65. 

  65.     (values posting posting-edition)))
    66. 

  66. 

  67. (defun format-new-posting (title body)
    68. 

  68.   (format nil "NEW POST: ~A~%~%~A" title body))
    69. 

  69. 

  70. (defun cmd/close-post (cmd raw))
    71. 

  71. 

  72. (defun cmd/update-post (cmd raw))
    73. 

  73. 

  74. (defparameter +commands+
    75. 

  75.   (list (cons "NEW POST: " #'cmd/new-post)
    76. 

  76.         (cons "CLOSE POST: " #'cmd/close-post)
    77. 

  77.         (cons "UPDATE POST: " #'cmd/update-post)))
    78. 

  78. 

  79. (defun get-command-handler (command)
    80. 

  80.   (cdr (find command +commands+ :key #'car
    81. 

  81.              :test #'(lambda (s w) (starts-with w s)))))
    82. 

  82. 

  83. (defun process-command (clearsigned)
    84. 

  84.   ;; Remove possible CRLF
    85. 

  85.   (setq clearsigned (replace-all clearsigned
    86. 

  86.                                  '(#\Return #\Linefeed)
    87. 

  87.                                  (string #\Linefeed)))
    88. 

  88.   ;; Simple vanity check
    89. 

  89.   (unless (starts-with "-----BEGIN PGP SIGNED MESSAGE-----" clearsigned)
    90. 

  90.     (error 'not-valid-pgp-error))
    91. 

  91.   (handler-case
    92. 

  92.       (let* ((start (+ 2 (search '(#\Newline #\Newline) clearsigned)))
    93. 

  93.              (end (1- (search "-----BEGIN PGP SIGNATURE-----" clearsigned)))
    94. 

  94.              (command (subseq clearsigned start end))
    95. 

  95.              (handler (get-command-handler command)))
    96. 

  96.         ;; Command check
    97. 

  97.         (unless handler
    98. 

  98.           (error 'not-valid-command-error))
    99. 

  99.         ;; Signature validation
    100. 

  100.         (multiple-value-bind (fgp unixtime)
    101. 

  101.             (assboard.pgp:verify clearsigned)
    102. 

  102.           (unless fgp
    103. 

  103.             (error 'not-valid-signature-error))
    104. 

  104.           (let ((timestamp (local-time:unix-to-timestamp unixtime)))
    105. 

  105.             ;; Timestamp check
    106. 

  106.             (unless (< (abs (local-time:timestamp-difference
    107. 

  107.                              (local-time:now)
    108. 

  108.                              timestamp))
    109. 

  109.                        *command-valid-for*)
    110. 

  110.               (error 'not-valid-timestamp-error))
    111. 

  111.             ;; All checks performed, store raw command text and process it
    112. 

  112.             (let ((raw (pomo:make-dao 'data::raw
    113. 

  113.                                       :clearsigned clearsigned
    114. 

  114.                                       :fingerprint fgp
    115. 

  115.                                       :timestamp timestamp)))
    116. 

  116.               (funcall handler command raw)))))
    117. 

  117.     (type-error (e)
    118. 

  118.       (log:error e)
    119. 

  119.       (error 'not-valid-command-error))))
    120.