void_core/collab/

invite.rs

//! Invite format for contributor onboarding.
//!
//! An invite is a lightweight JSON blob that solves the bootstrap problem:
//! the manifest is encrypted inside commits (via content_key derived from
//! root key), so you need the root key to read the manifest, but you need
//! the manifest to get the root key. The invite provides the ECIES-wrapped
//! key **outside** the commit chain as a one-time bootstrap token.
//!
//! Once cloned via invite, subsequent access uses the manifest embedded
//! in commits.

use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
use serde::{Deserialize, Serialize};

use super::manifest::{SigningPubKey, WrappedKey};

/// Magic type identifier for invite blob detection.
pub const INVITE_TYPE_V1: &str = "void-invite/v1";

/// A lightweight invite blob for contributor onboarding.
///
/// Stored as JSON, pinned to IPFS as a CID. Contains an ECIES-wrapped
/// repo key for a specific recipient, signed by the repo owner.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Invite {
    /// Magic identifier for detection: "void-invite/v1"
    #[serde(rename = "type")]
    pub invite_type: String,

    /// Human-readable repo name.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub repo_name: Option<String>,

    /// Stable repo identifier (UUID).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub repo_id: Option<String>,

    /// Commit CID to clone from (string-encoded CID).
    pub head_cid: String,

    /// ECIES-wrapped repo key for the recipient.
    pub wrapped_key: WrappedKey,

    /// Recipient's signing pubkey (who this invite is for).
    pub for_recipient: SigningPubKey,

    /// Owner's signing pubkey (who created the invite).
    pub from_owner: SigningPubKey,

    /// Unix timestamp (seconds since epoch).
    pub created_at: u64,

    /// Ed25519 signature from owner over signable fields.
    #[serde(with = "signature_base64")]
    pub signature: Vec<u8>,
}

impl Invite {
    /// Build the canonical byte sequence for signing/verification.
    ///
    /// Format: `type || head_cid || wrapped_key || for_recipient || from_owner || created_at`
    /// Each field is length-prefixed (4-byte little-endian length + bytes).
    pub fn signable_bytes(&self) -> Vec<u8> {
        let mut buf = Vec::with_capacity(256);

        // type
        append_field(&mut buf, self.invite_type.as_bytes());
        // head_cid
        append_field(&mut buf, self.head_cid.as_bytes());
        // wrapped_key
        append_field(&mut buf, self.wrapped_key.as_bytes());
        // for_recipient
        append_field(&mut buf, self.for_recipient.as_bytes());
        // from_owner
        append_field(&mut buf, self.from_owner.as_bytes());
        // created_at
        buf.extend_from_slice(&self.created_at.to_le_bytes());

        // Optional fields (presence-tagged)
        match &self.repo_name {
            Some(name) => {
                buf.push(1);
                append_field(&mut buf, name.as_bytes());
            }
            None => buf.push(0),
        }
        match &self.repo_id {
            Some(id) => {
                buf.push(1);
                append_field(&mut buf, id.as_bytes());
            }
            None => buf.push(0),
        }

        buf
    }

    /// Sign this invite with the owner's Ed25519 signing key.
    pub fn sign(&mut self, signing_key: &SigningKey) {
        let signable = self.signable_bytes();
        let sig: Signature = signing_key.sign(&signable);
        self.signature = sig.to_bytes().to_vec();
    }

    /// Verify the Ed25519 signature against `from_owner`.
    ///
    /// Returns `true` if the signature is valid, `false` otherwise.
    pub fn verify(&self) -> bool {
        if self.signature.len() != 64 {
            return false;
        }

        let Ok(verifying_key) = VerifyingKey::from_bytes(self.from_owner.as_bytes()) else {
            return false;
        };

        let mut sig_bytes = [0u8; 64];
        sig_bytes.copy_from_slice(&self.signature);
        let signature = Signature::from_bytes(&sig_bytes);

        let signable = self.signable_bytes();
        verifying_key.verify(&signable, &signature).is_ok()
    }
}

/// Try to detect whether a byte slice is a void invite blob.
///
/// Attempts JSON parse and checks for the `"void-invite/v1"` type field.
/// This is intentionally lenient — it only checks the type field, not
/// full deserialization, to be usable as a fast detection heuristic.
pub fn is_invite_blob(data: &[u8]) -> bool {
    // Quick rejection: must start with '{' (JSON object)
    let trimmed = match data.iter().position(|&b| !b.is_ascii_whitespace()) {
        Some(pos) => &data[pos..],
        None => return false,
    };
    if !trimmed.starts_with(b"{") {
        return false;
    }

    // Try to parse just enough to check the type field
    let Ok(value) = serde_json::from_slice::<serde_json::Value>(data) else {
        return false;
    };

    value
        .get("type")
        .and_then(|v| v.as_str())
        .map_or(false, |t| t == INVITE_TYPE_V1)
}

/// Parse an invite from JSON bytes, returning `None` if not an invite.
pub fn parse_invite(data: &[u8]) -> Option<Invite> {
    if !is_invite_blob(data) {
        return None;
    }
    serde_json::from_slice(data).ok()
}

/// Append a length-prefixed field to a buffer.
fn append_field(buf: &mut Vec<u8>, data: &[u8]) {
    buf.extend_from_slice(&(data.len() as u32).to_le_bytes());
    buf.extend_from_slice(data);
}

// ============================================================================
// Serde helper for signature as base64
// ============================================================================

mod signature_base64 {
    use base64::{engine::general_purpose::STANDARD, Engine};
    use serde::{Deserialize, Deserializer, Serializer};

    pub fn serialize<S>(bytes: &[u8], serializer: S) -> Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        serializer.serialize_str(&STANDARD.encode(bytes))
    }

    pub fn deserialize<'de, D>(deserializer: D) -> Result<Vec<u8>, D::Error>
    where
        D: Deserializer<'de>,
    {
        let s = String::deserialize(deserializer)?;
        STANDARD.decode(s).map_err(serde::de::Error::custom)
    }
}

// ============================================================================
// Tests
// ============================================================================

#[cfg(test)]
mod tests {
    use super::*;

    fn make_test_invite() -> (Invite, SigningKey) {
        let signing_key = SigningKey::generate(&mut rand::thread_rng());
        let owner_pub = SigningPubKey::from_bytes(signing_key.verifying_key().to_bytes());
        let recipient_pub = SigningPubKey::from_bytes([0xbb; 32]);

        let invite = Invite {
            invite_type: INVITE_TYPE_V1.to_string(),
            repo_name: Some("test-repo".to_string()),
            repo_id: Some("uuid-1234".to_string()),
            head_cid: "bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi".to_string(),
            wrapped_key: WrappedKey::from_bytes(vec![0xaa; 92]),
            for_recipient: recipient_pub,
            from_owner: owner_pub,
            created_at: 1700000000,
            signature: vec![],
        };

        (invite, signing_key)
    }

    #[test]
    fn sign_and_verify_roundtrip() {
        let (mut invite, signing_key) = make_test_invite();

        invite.sign(&signing_key);
        assert_eq!(invite.signature.len(), 64);
        assert!(invite.verify());
    }

    #[test]
    fn verify_fails_with_wrong_key() {
        let (mut invite, signing_key) = make_test_invite();
        invite.sign(&signing_key);

        // Tamper with from_owner (point to different key)
        invite.from_owner = SigningPubKey::from_bytes([0xcc; 32]);
        assert!(!invite.verify());
    }

    #[test]
    fn verify_fails_with_tampered_data() {
        let (mut invite, signing_key) = make_test_invite();
        invite.sign(&signing_key);

        // Tamper with head_cid
        invite.head_cid = "bafytampered".to_string();
        assert!(!invite.verify());
    }

    #[test]
    fn verify_fails_with_empty_signature() {
        let (invite, _) = make_test_invite();
        assert!(!invite.verify());
    }

    #[test]
    fn json_roundtrip() {
        let (mut invite, signing_key) = make_test_invite();
        invite.sign(&signing_key);

        let json = serde_json::to_string_pretty(&invite).unwrap();
        let parsed: Invite = serde_json::from_str(&json).unwrap();

        assert_eq!(parsed.invite_type, INVITE_TYPE_V1);
        assert_eq!(parsed.head_cid, invite.head_cid);
        assert_eq!(parsed.repo_name, invite.repo_name);
        assert_eq!(parsed.for_recipient.as_bytes(), invite.for_recipient.as_bytes());
        assert_eq!(parsed.from_owner.as_bytes(), invite.from_owner.as_bytes());
        assert!(parsed.verify());
    }

    #[test]
    fn is_invite_blob_detects_valid() {
        let (mut invite, signing_key) = make_test_invite();
        invite.sign(&signing_key);

        let json = serde_json::to_vec(&invite).unwrap();
        assert!(is_invite_blob(&json));
    }

    #[test]
    fn is_invite_blob_rejects_non_json() {
        assert!(!is_invite_blob(b"not json"));
        assert!(!is_invite_blob(b""));
        assert!(!is_invite_blob(&[0x00, 0x01, 0x02]));
    }

    #[test]
    fn is_invite_blob_rejects_wrong_type() {
        let json = br#"{"type": "something-else"}"#;
        assert!(!is_invite_blob(json));
    }

    #[test]
    fn is_invite_blob_rejects_missing_type() {
        let json = br#"{"headCid": "bafyabc"}"#;
        assert!(!is_invite_blob(json));
    }

    #[test]
    fn parse_invite_roundtrip() {
        let (mut invite, signing_key) = make_test_invite();
        invite.sign(&signing_key);

        let json = serde_json::to_vec(&invite).unwrap();
        let parsed = parse_invite(&json).unwrap();
        assert!(parsed.verify());
        assert_eq!(parsed.head_cid, invite.head_cid);
    }

    #[test]
    fn signable_bytes_deterministic() {
        let (invite, _) = make_test_invite();
        let a = invite.signable_bytes();
        let b = invite.signable_bytes();
        assert_eq!(a, b);
    }

    #[test]
    fn signable_bytes_differ_with_different_data() {
        let (mut invite_a, _) = make_test_invite();
        let invite_b = invite_a.clone();

        invite_a.head_cid = "bafydifferent".to_string();
        assert_ne!(invite_a.signable_bytes(), invite_b.signable_bytes());
    }
}