siglog 0.1.0

A minimal Tessera-compatible transparency log server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270

//! HTTP handlers for the Tessera API.

use crate::api::paths;
use crate::error::{Error, Result};
use crate::sequencer::Sequencer;
use crate::storage::TileStorage;
use crate::types::Entry;
use crate::vindex::VerifiableIndex;
use axum::{
    body::Bytes,
    extract::{Path, State},
    http::{header, StatusCode},
    response::{IntoResponse, Response},
    Json,
};
use serde::Serialize;
use std::sync::Arc;

/// Shared application state.
#[derive(Clone)]
pub struct AppState {
    pub storage: TileStorage,
    pub sequencer: Sequencer,
    /// Optional verifiable index for key lookups.
    pub vindex: Option<Arc<VerifiableIndex>>,
}

impl AppState {
    pub fn new(storage: TileStorage, sequencer: Sequencer) -> Self {
        Self {
            storage,
            sequencer,
            vindex: None,
        }
    }

    pub fn with_vindex(mut self, vindex: Arc<VerifiableIndex>) -> Self {
        self.vindex = Some(vindex);
        self
    }
}

/// POST /add - Add an entry to the log.
///
/// Request body: raw entry data bytes
/// Response: ASCII decimal representation of assigned index
pub async fn add_entry(State(state): State<Arc<AppState>>, body: Bytes) -> Result<Response> {
    if body.is_empty() {
        return Err(Error::InvalidEntry("empty entry".into()));
    }

    // Create entry and add to sequencer
    let entry = Entry::new(body.to_vec());
    let index = state.sequencer.add(entry).await?;

    // Return index as decimal string
    let response = (StatusCode::OK, index.to_string());
    Ok(response.into_response())
}

/// GET /checkpoint - Get the current checkpoint.
///
/// Response: Signed checkpoint text with Cache-Control: no-cache
pub async fn get_checkpoint(State(state): State<Arc<AppState>>) -> Result<Response> {
    match state.storage.read_checkpoint().await? {
        Some(data) => {
            let response = (
                StatusCode::OK,
                [(header::CACHE_CONTROL, "no-cache")],
                data.into_bytes(),
            );
            Ok(response.into_response())
        }
        None => Err(Error::NotFound("checkpoint not found".into())),
    }
}

/// GET /tile/{level}/*path - Get a hash tile.
///
/// Path format: /tile/{level}/{index}[.p/{partial}]
/// Response: Raw tile bytes with Cache-Control: immutable
pub async fn get_tile(
    State(state): State<Arc<AppState>>,
    Path((level, tile_path)): Path<(String, String)>,
) -> Result<Response> {
    // Parse the level and index from path
    let (level, index, partial) = paths::parse_tile_path(&level, &tile_path)?;

    // Read from storage
    let path = paths::tile_path(level, index, partial);
    match state.storage.read_raw(&path).await? {
        Some(data) => {
            let response = (
                StatusCode::OK,
                [
                    (header::CACHE_CONTROL, "max-age=31536000, immutable"),
                    (header::CONTENT_TYPE, "application/octet-stream"),
                ],
                data,
            );
            Ok(response.into_response())
        }
        None => Err(Error::NotFound(format!("tile not found: {}", path))),
    }
}

/// GET /tile/entries/*path - Get an entry bundle.
///
/// Path format: /tile/entries/{index}[.p/{partial}]
/// Response: Raw bundle bytes
pub async fn get_entries(
    State(state): State<Arc<AppState>>,
    Path(entries_path): Path<String>,
) -> Result<Response> {
    // Parse the index from path
    let (index, partial) = paths::parse_tile_index(&entries_path)?;

    // Read from storage
    let path = paths::entries_path(index, partial);
    match state.storage.read_raw(&path).await? {
        Some(data) => {
            let response = (
                StatusCode::OK,
                [(header::CONTENT_TYPE, "application/octet-stream")],
                data,
            );
            Ok(response.into_response())
        }
        None => Err(Error::NotFound(format!("entries not found: {}", path))),
    }
}

/// Health check endpoint.
pub async fn health() -> &'static str {
    "ok"
}

/// A proof node from the prefix tree.
#[derive(Debug, Serialize)]
pub struct VindexProofNode {
    /// Number of bits in the label.
    pub label_bit_len: u32,
    /// The label bytes (path in the tree), hex-encoded.
    pub label_path: String,
    /// The hash at this node, hex-encoded.
    pub hash: String,
}

/// Response from a vindex lookup.
#[derive(Debug, Serialize)]
pub struct VindexLookupResponse {
    /// The log indices where entries with this key are stored.
    pub indices: Vec<u64>,
    /// The tree size at which this lookup is valid.
    pub tree_size: u64,
    /// Whether the key was found in the index.
    pub found: bool,
    /// The inclusion/exclusion proof from the prefix tree.
    pub proof: Vec<VindexProofNode>,
    /// The root hash of the prefix tree (commits to the entire index state).
    pub root_hash: String,
}

/// GET /vindex/lookup/{hash} - Look up entries by key hash.
///
/// Path: hex-encoded SHA256 hash (64 characters)
/// Response: JSON with log indices
pub async fn vindex_lookup(
    State(state): State<Arc<AppState>>,
    Path(hash_str): Path<String>,
) -> Result<Response> {
    let vindex = state
        .vindex
        .as_ref()
        .ok_or_else(|| Error::Internal("vindex not enabled".into()))?;

    // Parse hex hash
    let hash_bytes = hex::decode(&hash_str)
        .map_err(|e| Error::InvalidEntry(format!("invalid hex hash: {}", e)))?;

    if hash_bytes.len() != 32 {
        return Err(Error::InvalidEntry(format!(
            "hash must be 32 bytes, got {}",
            hash_bytes.len()
        )));
    }

    let mut key = [0u8; 32];
    key.copy_from_slice(&hash_bytes);

    let result = vindex.lookup(&key);
    let root_hash = vindex.root_hash();

    let response = VindexLookupResponse {
        indices: result.indices.iter().map(|i| i.value()).collect(),
        tree_size: result.tree_size,
        found: result.found,
        proof: result
            .proof
            .into_iter()
            .map(|n| VindexProofNode {
                label_bit_len: n.label_bit_len,
                label_path: hex::encode(&n.label_path),
                hash: hex::encode(n.hash),
            })
            .collect(),
        root_hash: hex::encode(root_hash),
    };

    Ok((StatusCode::OK, Json(response)).into_response())
}

/// GET /vindex/lookup/key/{key} - Look up entries by string key.
///
/// The key string is hashed with SHA256 before lookup.
/// Response: JSON with log indices
pub async fn vindex_lookup_key(
    State(state): State<Arc<AppState>>,
    Path(key): Path<String>,
) -> Result<Response> {
    let vindex = state
        .vindex
        .as_ref()
        .ok_or_else(|| Error::Internal("vindex not enabled".into()))?;

    let result = vindex.lookup_string(&key);
    let root_hash = vindex.root_hash();

    let response = VindexLookupResponse {
        indices: result.indices.iter().map(|i| i.value()).collect(),
        tree_size: result.tree_size,
        found: result.found,
        proof: result
            .proof
            .into_iter()
            .map(|n| VindexProofNode {
                label_bit_len: n.label_bit_len,
                label_path: hex::encode(&n.label_path),
                hash: hex::encode(n.hash),
            })
            .collect(),
        root_hash: hex::encode(root_hash),
    };

    Ok((StatusCode::OK, Json(response)).into_response())
}

/// GET /vindex/stats - Get vindex statistics.
#[derive(Debug, Serialize)]
pub struct VindexStatsResponse {
    pub tree_size: u64,
    pub key_count: usize,
    /// The root hash of the prefix tree (commits to the entire index state).
    pub root_hash: String,
}

pub async fn vindex_stats(State(state): State<Arc<AppState>>) -> Result<Response> {
    let vindex = state
        .vindex
        .as_ref()
        .ok_or_else(|| Error::Internal("vindex not enabled".into()))?;

    let response = VindexStatsResponse {
        tree_size: vindex.tree_size(),
        key_count: vindex.key_count(),
        root_hash: hex::encode(vindex.root_hash()),
    };

    Ok((StatusCode::OK, Json(response)).into_response())
}