duckity 1.0.3

Duckity SDK for Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314

#![doc = include_str!("../README.md")]

use std::{
    net::{IpAddr, Ipv4Addr, Ipv6Addr},
    time::Duration,
};

use base64::{Engine, prelude::BASE64_URL_SAFE_NO_PAD};
use num_bigint::BigUint;
use reqwest::Client;
use serde::Serialize;

/// The size of a Duckity challenge in bytes.
const CHALLENGE_SIZE: usize = 397;

/// A client for interacting with the Duckity API.
///
/// To create a new client, use [`DuckityClient::new()`]. If you're using a self-hosted duckling,
/// use [`DuckityClient::with_domain()`] to point to your custom domain.
///
/// To get a challenge, use [`DuckityClient::get_challenge()`]. To solve it, use
/// [`Challenge::solve()`]. Use [`Solution::encode()`] to get the encoded solution string.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DuckityClient {
    /// The domain the client is pointing to.
    domain: String,
}

impl DuckityClient {
    /// Create a new Duckity client.
    ///
    /// Use [`DuckityClient::with_domain()`] instead if you want to point to a custom domain.
    ///
    /// Returns:
    /// [`DuckityClient`] - A new Duckity client.
    pub fn new() -> Self {
        Self {
            domain: "quack.duckity.dev".to_string(),
        }
    }

    /// Create a new Duckity client pointing to a custom domain.
    ///
    /// Use this if you're self-hosting Duckity or using a different environment.
    ///
    /// Arguments:
    /// * `domain` - The domain to point the client to.
    ///
    /// Returns:
    /// [`DuckityClient`] - A new Duckity client.
    pub fn with_domain(domain: impl ToString) -> Self {
        Self {
            domain: domain.to_string(),
        }
    }

    /// Get a challenge for the given application ID and profile code.
    ///
    /// Arguments:
    /// * `app_id` - The application ID to get the challenge for.
    /// * `profile_code` - The profile code to use for the challenge.
    ///
    /// Returns:
    /// * [`Ok<Challenge>`] - The challenge if successful.
    /// * [`Err<DuckityError>`] - An error if the request failed.
    pub async fn get_challenge(
        &self,
        app_id: impl ToString,
        profile_code: impl ToString,
    ) -> Result<Challenge, DuckityError> {
        let payload = ChallengeRequestPayload {
            profile: profile_code.to_string(),
        };

        let response = Client::new()
            .post(format!(
                "https://{}/v1/challenges/{}",
                self.domain,
                app_id.to_string()
            ))
            .json(&payload)
            .timeout(Duration::from_secs(10))
            .send()
            .await?;

        if response.status().is_success() {
            let bytes = response.bytes().await?;

            let challenge = Challenge::decode(&bytes)?;

            Ok(challenge)
        } else {
            let error_response: ErrorResponse = response.json().await?;

            Err(DuckityError::ApiError(
                error_response.title,
                error_response.message,
            ))
        }
    }

    /// Validate a challenge solution with the server.
    ///
    /// Arguments:
    /// * `app_id` - The application ID the challenge was issued for.
    /// * `app_secret` - The application secret for authentication.
    /// * `profile_code` - The profile code used for the challenge.
    /// * `solution` - The solution to validate, as a base64 URL-safe encoded string.
    /// * `client_ip` - The client IP address the challenge was issued for.
    ///
    /// Returns:
    /// * [`Ok<()>`] - If the validation was successful.
    /// * [`Err<DuckityError>`] - An error if the validation failed.
    pub async fn validate_challenge(
        &self,
        app_id: impl ToString,
        app_secret: impl ToString,
        profile_code: impl ToString,
        solution: String,
        client_ip: IpAddr,
    ) -> Result<(), DuckityError> {
        let payload = ValidationRequest {
            token: solution,
            ip: client_ip,
            profile: profile_code.to_string(),
        };

        let response = Client::new()
            .post(format!(
                "https://{}/v1/challenges/{}/validate",
                self.domain,
                app_id.to_string()
            ))
            .json(&payload)
            .timeout(Duration::from_secs(10))
            .bearer_auth(app_secret.to_string())
            .send()
            .await?;

        if response.status().is_success() {
            Ok(())
        } else {
            let error_response: ErrorResponse = response.json().await?;

            Err(DuckityError::ApiError(
                error_response.title,
                error_response.message,
            ))
        }
    }
}

impl Default for DuckityClient {
    fn default() -> Self {
        Self::new()
    }
}

/// An error that can occur when using the Duckity client.
#[derive(Debug, thiserror::Error)]
pub enum DuckityError {
    /// An error occurred with the Duckity client while making an HTTP request.
    #[error("An error occurred with the Duckity client while making an HTTP request: {0}")]
    RequestFailed(#[from] reqwest::Error),

    /// An error occurred while decoding the challenge.
    #[error(
        "An error occurred while decoding the challenge. Did the API return a valid response? {0}"
    )]
    DecodingFailed(&'static str),

    /// An API error occurred.
    #[error("An API error occurred: {0}: {1}")]
    ApiError(String, String),
}

#[derive(Serialize)]
struct ChallengeRequestPayload {
    /// The profile code to use for the challenge.
    profile: String,
}

/// A Duckity challenge.
///
/// Use [`Challenge::solve()`] to solve the challenge and get a [`Solution`].
pub struct Challenge(Vec<u8>);

impl Challenge {
    /// Decode a Duckity challenge from bytes.
    ///
    /// Arguments:
    /// * `data` - The bytes to decode the challenge from.
    ///
    /// Returns:
    /// * [`Ok<Challenge>`] - The decoded challenge.
    /// * [`Err<DuckityError>`] - An error if the challenge was invalid.
    pub fn decode(data: &[u8]) -> Result<Self, DuckityError> {
        if data.len() != CHALLENGE_SIZE {
            return Err(DuckityError::DecodingFailed(
                "The challenge size in bytes was not the expected byte size.",
            ));
        }

        Ok(Self(data.to_vec()))
    }

    /// Get the 'x' value from the challenge.
    ///
    /// Returns:
    /// * [`BigUint`] - The 'x' value.
    pub fn x(&self) -> BigUint {
        BigUint::from_bytes_be(&self.0[32..64])
    }

    /// Get the 'p' value from the challenge.
    ///
    /// Returns:
    /// * [`BigUint`] - The 'p' value.
    pub fn p(&self) -> BigUint {
        BigUint::from_bytes_be(&self.0[64..320])
    }

    /// Get the 't' value from the challenge.
    ///
    /// Returns:
    /// * [`u32`] - The 't' value.
    pub fn t(&self) -> u32 {
        u32::from_be_bytes(self.0[320..324].try_into().unwrap())
    }

    /// Get the client IP address the challenge was issued for.
    /// 
    /// Returns:
    /// * [`Ok<IpAddr>`] - The client IP address.
    /// * [`Err<DuckityError>`] - An error if the IP address could not be decoded.
    pub fn ip(&self) -> Result<IpAddr, DuckityError> {
        let client_ip_bytes = &self.0[340..357];

        match client_ip_bytes[0] {
            4 => {
                let octets: [u8; 4] = client_ip_bytes[1..5].try_into().expect("The slice had an incorrect length for challenge's IPv4 bytes (expected 4 bytes, but it wasn't 4 bytes)");
                Ok(IpAddr::V4(Ipv4Addr::from(octets)))
            }
            6 => {
                let octets: [u8; 16] = client_ip_bytes[1..17].try_into().expect("The slice had an incorrect length for challenge's IPv6 bytes (expected 16 bytes, but it wasn't 16 bytes)");
                Ok(IpAddr::V6(Ipv6Addr::from(octets)))
            }
            _ => Err(DuckityError::DecodingFailed(
                "The challenge contained an invalid IP address version. Only IPv4 and IPv6 are supported.",
            )),
        }
    }

    /// Solve the Duckity challenge.
    ///
    /// Note that this operation can be computationally intensive depending on the hardness 't'. Do
    /// not run this on the main thread in a GUI application, nor in an async function. To run it
    /// in tokio, for example, use `tokio::task::spawn_blocking`.
    ///
    /// Returns:
    /// * [`Solution<'_>`] - The solution to the challenge.
    pub fn solve(&self) -> Solution<'_> {
        let x = self.x();
        let p = self.p();
        let t = self.t();

        let mut y = x;
        for _ in 0..t {
            let e = (&p + (BigUint::ZERO + 1u8)) >> 2; // (p+1)/4
            y = y.modpow(&e, &p);
        }

        Solution(self, y)
    }
}

/// The solution to a Duckity challenge.
pub struct Solution<'a>(&'a Challenge, BigUint);

impl Solution<'_> {
    /// Encode the solution as a base64 URL-safe string.
    ///
    /// Returns:
    /// * [`String`] - The encoded solution.
    pub fn encode(&self) -> String {
        let mut buf = Vec::with_capacity(CHALLENGE_SIZE + 256);

        buf.extend_from_slice(&self.0.0);
        buf.extend_from_slice(&self.1.to_bytes_be());

        BASE64_URL_SAFE_NO_PAD.encode(buf)
    }

    /// Get the raw size of the solution in bytes.
    ///
    /// Returns:
    /// * [`usize`] - The size of the solution in bytes.
    pub fn raw_size(&self) -> usize {
        self.0.0.len() + self.1.to_bytes_be().len()
    }
}

#[derive(serde::Serialize)]
struct ValidationRequest {
    token: String,
    ip: IpAddr,
    profile: String,
}

#[derive(serde::Deserialize)]
struct ErrorResponse {
    title: String,
    message: String,
}