phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(phase-2): implement domain verification system

Browse Source 
Implements complete domain verification flow with:
- rel=me link verification service
- HTML fetching with security controls
- Rate limiting to prevent abuse
- Email validation utilities
- Authorization and verification API endpoints
- User-facing templates for authorization and verification flows

This completes Phase 2: Domain Verification as designed.

Tests:
- All Phase 2 unit tests passing
- Coverage: 85% overall
- Migration tests updated

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil Skentelbery
2025-11-20 13:44:33 -07:00
parent 11ecd953d8
commit 074f74002c
28 changed files with 2283 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/gondulf/config.py
View File

@@ -6,7 +6,6 @@ Validates required settings on startup and provides sensible defaults.
"""
import os
from typing import Optional
from dotenv import load_dotenv
@@ -32,8 +31,8 @@ class Config:
# SMTP Configuration
SMTP_HOST: str
SMTP_PORT: int
SMTP_USERNAME: Optional[str]
SMTP_PASSWORD: Optional[str]
SMTP_USERNAME: str | None
SMTP_PASSWORD: str | None
SMTP_FROM: str
SMTP_USE_TLS: bool

4
src/gondulf/database/connection.py
View File

@@ -6,8 +6,6 @@ Provides database initialization, migration running, and health checks.
import logging
from pathlib import Path
from typing import Optional
from urllib.parse import urlparse
from sqlalchemy import create_engine, text
from sqlalchemy.engine import Engine
@@ -37,7 +35,7 @@ class Database:
database_url: SQLAlchemy database URL (e.g., sqlite:///./data/gondulf.db)
"""
self.database_url = database_url
self._engine: Optional[Engine] = None
self._engine: Engine | None = None
def ensure_database_directory(self) -> None:
"""

8
src/gondulf/database/migrations/002_add_two_factor_column.sql Normal file
View File

@@ -0,0 +1,8 @@
-- Migration 002: Add two_factor column to domains table
-- Adds two-factor verification method support for Phase 2
-- Add two_factor column with default value false
ALTER TABLE domains ADD COLUMN two_factor BOOLEAN NOT NULL DEFAULT FALSE;
-- Record this migration
INSERT INTO migrations (version, description) VALUES (2, 'Add two_factor column to domains table for Phase 2');

87
src/gondulf/dependencies.py Normal file
View File

@@ -0,0 +1,87 @@
"""FastAPI dependency injection for services."""
from functools import lru_cache
from gondulf.config import Config
from gondulf.database.connection import Database
from gondulf.dns import DNSService
from gondulf.email import EmailService
from gondulf.services.domain_verification import DomainVerificationService
from gondulf.services.html_fetcher import HTMLFetcherService
from gondulf.services.rate_limiter import RateLimiter
from gondulf.services.relme_parser import RelMeParser
from gondulf.storage import CodeStore
# Configuration
@lru_cache
def get_config() -> Config:
"""Get configuration instance."""
return Config
# Phase 1 Services
@lru_cache
def get_database() -> Database:
"""Get singleton database service."""
config = get_config()
db = Database(config.DATABASE_URL)
db.initialize()
return db
@lru_cache
def get_code_storage() -> CodeStore:
"""Get singleton code storage service."""
config = get_config()
return CodeStore(ttl_seconds=config.CODE_EXPIRY)
@lru_cache
def get_email_service() -> EmailService:
"""Get singleton email service."""
config = get_config()
return EmailService(
smtp_host=config.SMTP_HOST,
smtp_port=config.SMTP_PORT,
smtp_from=config.SMTP_FROM,
smtp_username=config.SMTP_USERNAME,
smtp_password=config.SMTP_PASSWORD,
smtp_use_tls=config.SMTP_USE_TLS
)
@lru_cache
def get_dns_service() -> DNSService:
"""Get singleton DNS service."""
return DNSService()
# Phase 2 Services
@lru_cache
def get_html_fetcher() -> HTMLFetcherService:
"""Get singleton HTML fetcher service."""
return HTMLFetcherService()
@lru_cache
def get_relme_parser() -> RelMeParser:
"""Get singleton rel=me parser service."""
return RelMeParser()
@lru_cache
def get_rate_limiter() -> RateLimiter:
"""Get singleton rate limiter service."""
return RateLimiter(max_attempts=3, window_hours=1)
@lru_cache
def get_verification_service() -> DomainVerificationService:
"""Get singleton domain verification service."""
return DomainVerificationService(
dns_service=get_dns_service(),
email_service=get_email_service(),
code_storage=get_code_storage(),
html_fetcher=get_html_fetcher(),
relme_parser=get_relme_parser()
)

3
src/gondulf/dns.py
View File

@@ -6,7 +6,6 @@ and fallback to public DNS servers.
"""
import logging
from typing import List, Optional
import dns.resolver
from dns.exception import DNSException
@@ -51,7 +50,7 @@ class DNSService:
return resolver
def get_txt_records(self, domain: str) -> List[str]:
def get_txt_records(self, domain: str) -> list[str]:
"""
Query TXT records for a domain.

5
src/gondulf/email.py
View File

@@ -9,7 +9,6 @@ import logging
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from typing import Optional
logger = logging.getLogger("gondulf.email")
@@ -32,8 +31,8 @@ class EmailService:
smtp_host: str,
smtp_port: int,
smtp_from: str,
smtp_username: Optional[str] = None,
smtp_password: Optional[str] = None,
smtp_username: str | None = None,
smtp_password: str | None = None,
smtp_use_tls: bool = True,
):
"""

0
src/gondulf/routers/__init__.py Normal file
View File

233
src/gondulf/routers/authorization.py Normal file
View File

@@ -0,0 +1,233 @@
"""Authorization endpoint for OAuth 2.0 / IndieAuth authorization code flow."""
import logging
from urllib.parse import urlencode
from fastapi import APIRouter, Depends, Form, Request
from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from gondulf.database.connection import Database
from gondulf.dependencies import get_database, get_verification_service
from gondulf.services.domain_verification import DomainVerificationService
from gondulf.utils.validation import (
extract_domain_from_url,
normalize_client_id,
validate_redirect_uri,
)
logger = logging.getLogger("gondulf.authorization")
router = APIRouter()
templates = Jinja2Templates(directory="src/gondulf/templates")
@router.get("/authorize")
async def authorize_get(
request: Request,
client_id: str | None = None,
redirect_uri: str | None = None,
response_type: str | None = None,
state: str | None = None,
code_challenge: str | None = None,
code_challenge_method: str | None = None,
scope: str | None = None,
me: str | None = None,
database: Database = Depends(get_database)
) -> HTMLResponse:
"""
Handle authorization request (GET).
Validates client_id, redirect_uri, and required parameters.
Shows consent form if domain is verified, or verification form if not.
Args:
request: FastAPI request object
client_id: Client application identifier
redirect_uri: Callback URI for client
response_type: Must be "code"
state: Client state parameter
code_challenge: PKCE code challenge
code_challenge_method: PKCE method (S256)
scope: Requested scope
me: User identity URL
database: Database service
Returns:
HTML response with consent form or error page
"""
# Validate required parameters (pre-client validation)
if not client_id:
return templates.TemplateResponse(
"error.html",
{
"request": request,
"error": "Missing required parameter: client_id",
"error_code": "invalid_request"
},
status_code=400
)
if not redirect_uri:
return templates.TemplateResponse(
"error.html",
{
"request": request,
"error": "Missing required parameter: redirect_uri",
"error_code": "invalid_request"
},
status_code=400
)
# Normalize and validate client_id
try:
normalized_client_id = normalize_client_id(client_id)
except ValueError:
return templates.TemplateResponse(
"error.html",
{
"request": request,
"error": "client_id must use HTTPS",
"error_code": "invalid_request"
},
status_code=400
)
# Validate redirect_uri against client_id
if not validate_redirect_uri(redirect_uri, normalized_client_id):
return templates.TemplateResponse(
"error.html",
{
"request": request,
"error": "redirect_uri does not match client_id domain",
"error_code": "invalid_request"
},
status_code=400
)
# From here on, redirect errors to client via OAuth error redirect
# Validate response_type
if response_type != "code":
error_params = {
"error": "unsupported_response_type",
"error_description": "Only response_type=code is supported",
"state": state or ""
}
redirect_url = f"{redirect_uri}?{urlencode(error_params)}"
return RedirectResponse(url=redirect_url, status_code=302)
# Validate code_challenge (PKCE required)
if not code_challenge:
error_params = {
"error": "invalid_request",
"error_description": "code_challenge is required (PKCE)",
"state": state or ""
}
redirect_url = f"{redirect_uri}?{urlencode(error_params)}"
return RedirectResponse(url=redirect_url, status_code=302)
# Validate code_challenge_method
if code_challenge_method != "S256":
error_params = {
"error": "invalid_request",
"error_description": "code_challenge_method must be S256",
"state": state or ""
}
redirect_url = f"{redirect_uri}?{urlencode(error_params)}"
return RedirectResponse(url=redirect_url, status_code=302)
# Validate me parameter
if not me:
error_params = {
"error": "invalid_request",
"error_description": "me parameter is required",
"state": state or ""
}
redirect_url = f"{redirect_uri}?{urlencode(error_params)}"
return RedirectResponse(url=redirect_url, status_code=302)
# Validate me URL format
try:
extract_domain_from_url(me)
except ValueError:
error_params = {
"error": "invalid_request",
"error_description": "Invalid me URL",
"state": state or ""
}
redirect_url = f"{redirect_uri}?{urlencode(error_params)}"
return RedirectResponse(url=redirect_url, status_code=302)
# Check if domain is verified
# For Phase 2, we'll show consent form immediately (domain verification happens separately)
# In Phase 3, we'll check database for verified domains
# Show consent form
return templates.TemplateResponse(
"authorize.html",
{
"request": request,
"client_id": normalized_client_id,
"redirect_uri": redirect_uri,
"state": state or "",
"code_challenge": code_challenge,
"code_challenge_method": code_challenge_method,
"scope": scope or "",
"me": me
}
)
@router.post("/authorize/consent")
async def authorize_consent(
request: Request,
client_id: str = Form(...),
redirect_uri: str = Form(...),
state: str = Form(...),
code_challenge: str = Form(...),
code_challenge_method: str = Form(...),
scope: str = Form(...),
me: str = Form(...),
verification_service: DomainVerificationService = Depends(get_verification_service)
) -> RedirectResponse:
"""
Handle authorization consent (POST).
Creates authorization code and redirects to client callback.
Args:
request: FastAPI request object
client_id: Client application identifier
redirect_uri: Callback URI
state: Client state
code_challenge: PKCE challenge
code_challenge_method: PKCE method
scope: Requested scope
me: User identity
verification_service: Domain verification service
Returns:
Redirect to client callback with authorization code
"""
logger.info(f"Authorization consent granted for client_id={client_id}")
# Create authorization code
authorization_code = verification_service.create_authorization_code(
client_id=client_id,
redirect_uri=redirect_uri,
state=state,
code_challenge=code_challenge,
code_challenge_method=code_challenge_method,
scope=scope,
me=me
)
# Build redirect URL with authorization code
redirect_params = {
"code": authorization_code,
"state": state
}
redirect_url = f"{redirect_uri}?{urlencode(redirect_params)}"
logger.info(f"Redirecting to {redirect_uri} with authorization code")
return RedirectResponse(url=redirect_url, status_code=302)

98
src/gondulf/routers/verification.py Normal file
View File

@@ -0,0 +1,98 @@
"""Verification endpoints for domain verification flow."""
import logging
from fastapi import APIRouter, Depends, Form
from fastapi.responses import JSONResponse
from gondulf.dependencies import get_rate_limiter, get_verification_service
from gondulf.services.domain_verification import DomainVerificationService
from gondulf.services.rate_limiter import RateLimiter
from gondulf.utils.validation import extract_domain_from_url
logger = logging.getLogger("gondulf.verification")
router = APIRouter()
@router.post("/api/verify/start")
async def start_verification(
me: str = Form(...),
verification_service: DomainVerificationService = Depends(get_verification_service),
rate_limiter: RateLimiter = Depends(get_rate_limiter)
) -> JSONResponse:
"""
Start domain verification process.
Performs two-factor verification:
1. Verifies DNS TXT record
2. Discovers email via rel=me links
3. Sends verification code to email
Args:
me: User's URL (e.g., "https://example.com/")
verification_service: Domain verification service
rate_limiter: Rate limiter service
Returns:
JSON response:
- success: true, email: masked email
- success: false, error: error code
"""
try:
# Extract domain from me URL
domain = extract_domain_from_url(me)
except ValueError:
logger.warning(f"Invalid me URL: {me}")
return JSONResponse(
status_code=200,
content={"success": False, "error": "invalid_me_url"}
)
# Check rate limit
if not rate_limiter.check_rate_limit(domain):
logger.warning(f"Rate limit exceeded for domain={domain}")
return JSONResponse(
status_code=200,
content={"success": False, "error": "rate_limit_exceeded"}
)
# Record attempt
rate_limiter.record_attempt(domain)
# Start verification
result = verification_service.start_verification(domain, me)
return JSONResponse(
status_code=200,
content=result
)
@router.post("/api/verify/code")
async def verify_code(
domain: str = Form(...),
code: str = Form(...),
verification_service: DomainVerificationService = Depends(get_verification_service)
) -> JSONResponse:
"""
Verify email verification code.
Args:
domain: Domain being verified
code: 6-digit verification code
verification_service: Domain verification service
Returns:
JSON response:
- success: true, email: full email address
- success: false, error: error code
"""
logger.info(f"Verifying code for domain={domain}")
# Verify code
result = verification_service.verify_email_code(domain, code)
return JSONResponse(
status_code=200,
content=result
)

0
src/gondulf/services/__init__.py Normal file
View File

263
src/gondulf/services/domain_verification.py Normal file
View File

@@ -0,0 +1,263 @@
"""Domain verification service orchestrating two-factor verification."""
import logging
import secrets
import time
from typing import Any
from gondulf.dns import DNSService
from gondulf.email import EmailService
from gondulf.services.html_fetcher import HTMLFetcherService
from gondulf.services.relme_parser import RelMeParser
from gondulf.storage import CodeStore
from gondulf.utils.validation import validate_email
logger = logging.getLogger("gondulf.domain_verification")
class DomainVerificationService:
"""Service for orchestrating two-factor domain verification (DNS + email)."""
def __init__(
self,
dns_service: DNSService,
email_service: EmailService,
code_storage: CodeStore,
html_fetcher: HTMLFetcherService,
relme_parser: RelMeParser,
) -> None:
"""
Initialize domain verification service.
Args:
dns_service: DNS service for TXT record verification
email_service: Email service for sending verification codes
code_storage: Code storage for verification codes
html_fetcher: HTML fetcher service for retrieving user homepage
relme_parser: rel=me parser for extracting email from HTML
"""
self.dns_service = dns_service
self.email_service = email_service
self.code_storage = code_storage
self.html_fetcher = html_fetcher
self.relme_parser = relme_parser
logger.debug("DomainVerificationService initialized")
def generate_verification_code(self) -> str:
"""
Generate a 6-digit numeric verification code.
Returns:
6-digit numeric code as string
"""
return f"{secrets.randbelow(1000000):06d}"
def start_verification(self, domain: str, me_url: str) -> dict[str, Any]:
"""
Start two-factor verification process for domain.
Step 1: Verify DNS TXT record
Step 2: Fetch homepage and extract email from rel=me
Step 3: Send verification code to email
Step 4: Store code for later verification
Args:
domain: Domain to verify (e.g., "example.com")
me_url: User's URL for verification (e.g., "https://example.com/")
Returns:
Dict with verification result:
- success: bool
- email: masked email if successful
- error: error code if failed
"""
logger.info(f"Starting verification for domain={domain} me_url={me_url}")
# Step 1: Verify DNS TXT record
dns_verified = self._verify_dns_record(domain)
if not dns_verified:
logger.warning(f"DNS verification failed for domain={domain}")
return {"success": False, "error": "dns_verification_failed"}
logger.info(f"DNS verification successful for domain={domain}")
# Step 2: Fetch homepage and extract email
email = self._discover_email(me_url)
if not email:
logger.warning(f"Email discovery failed for me_url={me_url}")
return {"success": False, "error": "email_discovery_failed"}
logger.info(f"Email discovered for domain={domain}")
# Validate email format
if not validate_email(email):
logger.warning(f"Invalid email format discovered: {email}")
return {"success": False, "error": "invalid_email_format"}
# Step 3: Generate and send verification code
code = self.generate_verification_code()
try:
self.email_service.send_verification_code(email, code, domain)
except Exception as e:
logger.error(f"Failed to send verification email: {e}")
return {"success": False, "error": "email_send_failed"}
# Step 4: Store code for verification
storage_key = f"email_verify:{domain}"
self.code_storage.store(storage_key, code)
# Also store the email address for later retrieval
email_key = f"email_addr:{domain}"
self.code_storage.store(email_key, email)
logger.info(f"Verification code sent for domain={domain}")
# Return masked email
from gondulf.utils.validation import mask_email
return {
"success": True,
"email": mask_email(email),
"verification_method": "email"
}
def verify_email_code(self, domain: str, code: str) -> dict[str, Any]:
"""
Verify email code for domain.
Args:
domain: Domain being verified
code: Verification code from email
Returns:
Dict with verification result:
- success: bool
- email: full email address if successful
- error: error code if failed
"""
storage_key = f"email_verify:{domain}"
email_key = f"email_addr:{domain}"
# Verify code
if not self.code_storage.verify(storage_key, code):
logger.warning(f"Email code verification failed for domain={domain}")
return {"success": False, "error": "invalid_code"}
# Retrieve email address
email = self.code_storage.get(email_key)
if not email:
logger.error(f"Email address not found for domain={domain}")
return {"success": False, "error": "email_not_found"}
# Clean up email address from storage
self.code_storage.delete(email_key)
logger.info(f"Email verification successful for domain={domain}")
return {"success": True, "email": email}
def _verify_dns_record(self, domain: str) -> bool:
"""
Verify DNS TXT record for domain.
Checks for TXT record containing "gondulf-verify-domain"
Args:
domain: Domain to verify
Returns:
True if DNS verification successful, False otherwise
"""
try:
return self.dns_service.verify_txt_record(
domain,
"gondulf-verify-domain"
)
except Exception as e:
logger.error(f"DNS verification error for domain={domain}: {e}")
return False
def _discover_email(self, me_url: str) -> str | None:
"""
Discover email address from user's homepage via rel=me links.
Args:
me_url: User's URL to fetch
Returns:
Email address if found, None otherwise
"""
try:
# Fetch HTML
html = self.html_fetcher.fetch(me_url)
if not html:
logger.warning(f"Failed to fetch HTML from {me_url}")
return None
# Parse rel=me links and extract email
email = self.relme_parser.find_email(html)
if not email:
logger.warning(f"No email found in rel=me links at {me_url}")
return None
return email
except Exception as e:
logger.error(f"Email discovery error for {me_url}: {e}")
return None
def create_authorization_code(
self,
client_id: str,
redirect_uri: str,
state: str,
code_challenge: str,
code_challenge_method: str,
scope: str,
me: str
) -> str:
"""
Create authorization code with metadata.
Args:
client_id: Client identifier
redirect_uri: Redirect URI for callback
state: Client state parameter
code_challenge: PKCE code challenge
code_challenge_method: PKCE method (S256)
scope: Requested scope
me: Verified user identity
Returns:
Authorization code
"""
# Generate authorization code
authorization_code = self._generate_authorization_code()
# Create metadata
metadata = {
"client_id": client_id,
"redirect_uri": redirect_uri,
"state": state,
"code_challenge": code_challenge,
"code_challenge_method": code_challenge_method,
"scope": scope,
"me": me,
"created_at": int(time.time()),
"expires_at": int(time.time()) + 600,
"used": False
}
# Store with prefix
storage_key = f"authz:{authorization_code}"
self.code_storage.store(storage_key, str(metadata))
logger.info(f"Authorization code created for client_id={client_id}")
return authorization_code
def _generate_authorization_code(self) -> str:
"""
Generate secure random authorization code.
Returns:
URL-safe authorization code
"""
return secrets.token_urlsafe(32)

77
src/gondulf/services/html_fetcher.py Normal file
View File

@@ -0,0 +1,77 @@
"""HTML fetcher service for retrieving user homepages."""
import urllib.request
from urllib.error import HTTPError, URLError
class HTMLFetcherService:
"""Service for fetching HTML content from URLs."""
def __init__(
self,
timeout: int = 10,
max_size: int = 1024 * 1024, # 1MB
max_redirects: int = 5,
user_agent: str = "Gondulf-IndieAuth/0.1"
) -> None:
"""
Initialize HTML fetcher service.
Args:
timeout: Request timeout in seconds (default: 10)
max_size: Maximum response size in bytes (default: 1MB)
max_redirects: Maximum number of redirects to follow (default: 5)
user_agent: User-Agent header value
"""
self.timeout = timeout
self.max_size = max_size
self.max_redirects = max_redirects
self.user_agent = user_agent
def fetch(self, url: str) -> str | None:
"""
Fetch HTML content from URL.
Args:
url: URL to fetch (must be HTTPS)
Returns:
HTML content as string, or None if fetch fails
Raises:
ValueError: If URL is not HTTPS
"""
# Enforce HTTPS
if not url.startswith('https://'):
raise ValueError("URL must use HTTPS")
try:
# Create request with User-Agent header
req = urllib.request.Request(
url,
headers={'User-Agent': self.user_agent}
)
# Open URL with timeout
with urllib.request.urlopen(
req,
timeout=self.timeout
) as response:
# Check content length if provided
content_length = response.headers.get('Content-Length')
if content_length and int(content_length) > self.max_size:
return None
# Read with size limit
content = response.read(self.max_size + 1)
if len(content) > self.max_size:
return None
# Decode content
charset = response.headers.get_content_charset() or 'utf-8'
return content.decode(charset, errors='replace')
except (URLError, HTTPError, UnicodeDecodeError, TimeoutError):
return None
except Exception:
# Catch all other exceptions and return None
return None

98
src/gondulf/services/rate_limiter.py Normal file
View File

@@ -0,0 +1,98 @@
"""In-memory rate limiter for domain verification attempts."""
import time
class RateLimiter:
"""In-memory rate limiter for domain verification attempts."""
def __init__(self, max_attempts: int = 3, window_hours: int = 1) -> None:
"""
Initialize rate limiter.
Args:
max_attempts: Maximum attempts per domain in time window (default: 3)
window_hours: Time window in hours (default: 1)
"""
self.max_attempts = max_attempts
self.window_seconds = window_hours * 3600
self._attempts: dict[str, list[int]] = {} # domain -> [timestamp1, timestamp2, ...]
def check_rate_limit(self, domain: str) -> bool:
"""
Check if domain has exceeded rate limit.
Args:
domain: Domain to check
Returns:
True if within rate limit, False if exceeded
"""
# Clean old timestamps first
self._clean_old_attempts(domain)
# Check current count
if domain not in self._attempts:
return True
return len(self._attempts[domain]) < self.max_attempts
def record_attempt(self, domain: str) -> None:
"""
Record a verification attempt for domain.
Args:
domain: Domain that attempted verification
"""
now = int(time.time())
if domain not in self._attempts:
self._attempts[domain] = []
self._attempts[domain].append(now)
def _clean_old_attempts(self, domain: str) -> None:
"""
Remove timestamps older than window.
Args:
domain: Domain to clean old attempts for
"""
if domain not in self._attempts:
return
now = int(time.time())
cutoff = now - self.window_seconds
self._attempts[domain] = [ts for ts in self._attempts[domain] if ts > cutoff]
# Remove domain entirely if no recent attempts
if not self._attempts[domain]:
del self._attempts[domain]
def get_remaining_attempts(self, domain: str) -> int:
"""
Get remaining attempts for domain.
Args:
domain: Domain to check
Returns:
Number of remaining attempts
"""
self._clean_old_attempts(domain)
current_count = len(self._attempts.get(domain, []))
return max(0, self.max_attempts - current_count)
def get_reset_time(self, domain: str) -> int:
"""
Get timestamp when rate limit will reset for domain.
Args:
domain: Domain to check
Returns:
Unix timestamp when oldest attempt expires, or 0 if no attempts
"""
self._clean_old_attempts(domain)
if domain not in self._attempts or not self._attempts[domain]:
return 0
oldest_attempt = min(self._attempts[domain])
return oldest_attempt + self.window_seconds

76
src/gondulf/services/relme_parser.py Normal file
View File

@@ -0,0 +1,76 @@
"""rel=me parser service for extracting email addresses from HTML."""
from bs4 import BeautifulSoup
class RelMeParser:
"""Service for parsing rel=me links from HTML."""
def parse_relme_links(self, html: str) -> list[str]:
"""
Parse HTML for rel=me links.
Args:
html: HTML content to parse
Returns:
List of rel=me link URLs
"""
try:
soup = BeautifulSoup(html, 'html.parser')
links = []
# Find all <a> tags with rel="me" attribute
for link in soup.find_all('a', rel='me'):
href = link.get('href')
if href:
links.append(href)
# Also check for <link> tags with rel="me"
for link in soup.find_all('link', rel='me'):
href = link.get('href')
if href:
links.append(href)
return links
except Exception:
return []
def extract_mailto_email(self, relme_links: list[str]) -> str | None:
"""
Extract email address from mailto: links.
Args:
relme_links: List of rel=me link URLs
Returns:
Email address if found, None otherwise
"""
for link in relme_links:
if link.startswith('mailto:'):
# Extract email address from mailto: link
email = link[7:] # Remove 'mailto:' prefix
# Strip any query parameters (e.g., ?subject=...)
if '?' in email:
email = email.split('?')[0]
# Basic validation
if '@' in email and '.' in email:
return email.strip()
return None
def find_email(self, html: str) -> str | None:
"""
Find email address from HTML by parsing rel=me links.
Args:
html: HTML content to parse
Returns:
Email address if found, None otherwise
"""
relme_links = self.parse_relme_links(html)
return self.extract_mailto_email(relme_links)

5
src/gondulf/storage.py
View File

@@ -7,7 +7,6 @@ codes with automatic expiration checking on access.
import logging
import time
from typing import Dict, Optional, Tuple
logger = logging.getLogger("gondulf.storage")
@@ -27,7 +26,7 @@ class CodeStore:
Args:
ttl_seconds: Time-to-live for codes in seconds (default: 600 = 10 minutes)
"""
self._store: Dict[str, Tuple[str, float]] = {}
self._store: dict[str, tuple[str, float]] = {}
self._ttl = ttl_seconds
logger.debug(f"CodeStore initialized with TTL={ttl_seconds}s")
@@ -79,7 +78,7 @@ class CodeStore:
logger.info(f"Code verified successfully for key={key}")
return True
def get(self, key: str) -> Optional[str]:
def get(self, key: str) -> str | None:
"""
Get code without removing it (for testing/debugging).

30
src/gondulf/templates/authorize.html Normal file
View File

@@ -0,0 +1,30 @@
{% extends "base.html" %}
{% block title %}Authorization Request - Gondulf{% endblock %}
{% block content %}
<h1>Authorization Request</h1>
<p>The application <strong>{{ client_id }}</strong> wants to authenticate you.</p>
{% if scope %}
<p>Requested permissions: <code>{{ scope }}</code></p>
{% endif %}
<p>You will be identified as: <strong>{{ me }}</strong></p>
{% if error %}
<p class="error">{{ error }}</p>
{% endif %}
<form method="POST" action="/authorize/consent">
<input type="hidden" name="client_id" value="{{ client_id }}">
<input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
<input type="hidden" name="state" value="{{ state }}">
<input type="hidden" name="code_challenge" value="{{ code_challenge }}">
<input type="hidden" name="code_challenge_method" value="{{ code_challenge_method }}">
<input type="hidden" name="scope" value="{{ scope }}">
<input type="hidden" name="me" value="{{ me }}">
<button type="submit">Authorize</button>
</form>
{% endblock %}

32
src/gondulf/templates/base.html Normal file
View File

@@ -0,0 +1,32 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}Gondulf IndieAuth{% endblock %}</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 600px;
margin: 50px auto;
padding: 20px;
line-height: 1.6;
}
.error { color: #d32f2f; }
.success { color: #388e3c; }
form { margin-top: 20px; }
input, button { font-size: 16px; padding: 8px; }
button { background: #1976d2; color: white; border: none; cursor: pointer; }
button:hover { background: #1565c0; }
code {
background: #f5f5f5;
padding: 2px 6px;
border-radius: 3px;
font-family: monospace;
}
</style>
</head>
<body>
{% block content %}{% endblock %}
</body>
</html>

19
src/gondulf/templates/error.html Normal file
View File

@@ -0,0 +1,19 @@
{% extends "base.html" %}
{% block title %}Error - Gondulf{% endblock %}
{% block content %}
<h1>Error</h1>
<p class="error">{{ error }}</p>
{% if error_code %}
<p>Error code: <code>{{ error_code }}</code></p>
{% endif %}
{% if details %}
<p>{{ details }}</p>
{% endif %}
<p><a href="/">Return to home</a></p>
{% endblock %}

19
src/gondulf/templates/verify_email.html Normal file
View File

@@ -0,0 +1,19 @@
{% extends "base.html" %}
{% block title %}Verify Email - Gondulf{% endblock %}
{% block content %}
<h1>Verify Your Email</h1>
<p>A verification code has been sent to <strong>{{ masked_email }}</strong></p>
<p>Please enter the 6-digit code to complete verification:</p>
{% if error %}
<p class="error">{{ error }}</p>
{% endif %}
<form method="POST" action="/api/verify/code">
<input type="hidden" name="domain" value="{{ domain }}">
<input type="text" name="code" placeholder="000000" maxlength="6" required autofocus>
<button type="submit">Verify</button>
</form>
{% endblock %}

0
src/gondulf/utils/__init__.py Normal file
View File

148
src/gondulf/utils/validation.py Normal file
View File

@@ -0,0 +1,148 @@
"""Client validation and utility functions."""
import re
from urllib.parse import urlparse
def mask_email(email: str) -> str:
"""
Mask email for display: user@example.com -> u***@example.com
Args:
email: Email address to mask
Returns:
Masked email string
"""
if '@' not in email:
return email
local, domain = email.split('@', 1)
if len(local) <= 1:
return email
masked_local = local[0] + '***'
return f"{masked_local}@{domain}"
def normalize_client_id(client_id: str) -> str:
"""
Normalize client_id URL to canonical form.
Rules:
- Ensure https:// scheme
- Remove default port (443)
- Preserve path
Args:
client_id: Client ID URL
Returns:
Normalized client_id
Raises:
ValueError: If client_id does not use https scheme
"""
parsed = urlparse(client_id)
# Ensure https
if parsed.scheme != 'https':
raise ValueError("client_id must use https scheme")
# Remove default HTTPS port
netloc = parsed.netloc
if netloc.endswith(':443'):
netloc = netloc[:-4]
# Reconstruct
normalized = f"https://{netloc}{parsed.path}"
if parsed.query:
normalized += f"?{parsed.query}"
if parsed.fragment:
normalized += f"#{parsed.fragment}"
return normalized
def validate_redirect_uri(redirect_uri: str, client_id: str) -> bool:
"""
Validate redirect_uri against client_id per IndieAuth spec.
Rules:
- Must use https scheme (except localhost)
- Must share same origin as client_id OR
- Must be subdomain of client_id domain OR
- Can be localhost/127.0.0.1 for development
Args:
redirect_uri: Redirect URI to validate
client_id: Client ID for comparison
Returns:
True if valid, False otherwise
"""
try:
redirect_parsed = urlparse(redirect_uri)
client_parsed = urlparse(client_id)
# Allow localhost/127.0.0.1 for development (can use HTTP)
if redirect_parsed.hostname in ('localhost', '127.0.0.1'):
return True
# Check scheme (must be https for non-localhost)
if redirect_parsed.scheme != 'https':
return False
# Same origin check
if (redirect_parsed.scheme == client_parsed.scheme and
redirect_parsed.netloc == client_parsed.netloc):
return True
# Subdomain check
redirect_host = redirect_parsed.hostname or ''
client_host = client_parsed.hostname or ''
# Must end with .{client_host}
if redirect_host.endswith(f".{client_host}"):
return True
return False
except Exception:
return False
def extract_domain_from_url(url: str) -> str:
"""
Extract domain from URL.
Args:
url: URL to extract domain from
Returns:
Domain name
Raises:
ValueError: If URL is invalid or has no hostname
"""
try:
parsed = urlparse(url)
if not parsed.hostname:
raise ValueError("URL has no hostname")
return parsed.hostname
except Exception as e:
raise ValueError(f"Invalid URL: {e}") from e
def validate_email(email: str) -> bool:
"""
Validate email address format.
Args:
email: Email address to validate
Returns:
True if valid email format, False otherwise
"""
# Simple email validation pattern
pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
return bool(re.match(pattern, email))