db migrations, push notification test

.tool-versions

@@ -0,0 +1 @@
+golang 1.20.2

cmd/admin/user.go

@@ -6,21 +6,84 @@ import (
 	"fmt"
 	"os"
 
-	"git.rob.mx/nidito/chinampa"
 	"git.rob.mx/nidito/chinampa/pkg/command"
 	"git.rob.mx/nidito/puerta/internal/server"
 	"git.rob.mx/nidito/puerta/internal/user"
 	"github.com/sirupsen/logrus"
+	"github.com/upper/db/v4"
 	"github.com/upper/db/v4/adapter/sqlite"
 	"golang.org/x/crypto/bcrypt"
 	"gopkg.in/yaml.v3"
 )
 
-func init() {
-	chinampa.Register(userAddCommand)
+var UserReset2faCommand = &command.Command{
+	Path:        []string{"admin", "user", "reset2fa"},
+	Summary:     "Resets a user's 2FA device",
+	Description: "by deleting it",
+	Arguments: command.Arguments{
+		{
+			Name:        "handle",
+			Description: "the username to delete 2FA credentials from",
+			Required:    true,
+		},
+	},
+	Options: command.Options{
+		"db": {
+			Type:        "string",
+			Default:     "./puerta.db",
+			Description: "the database to operate on",
+		},
+		"config": {
+			Type:    "string",
+			Default: "./config.joao.yaml",
+		},
+	},
+	Action: func(cmd *command.Command) error {
+		config := cmd.Options["config"].ToValue().(string)
+		dbPath := cmd.Options["db"].ToValue().(string)
+		cfg := server.ConfigDefaults(dbPath)
+		handle := cmd.Arguments[0].ToString()
+
+		data, err := os.ReadFile(config)
+		if err != nil {
+			return fmt.Errorf("could not read config file: %w", err)
+		}
+
+		if err := yaml.Unmarshal(data, &cfg); err != nil {
+			return fmt.Errorf("could not unserialize yaml at %s: %w", config, err)
+		}
+
+		sess, err := sqlite.Open(sqlite.ConnectionURL{
+			Database: cfg.DB,
+		})
+		if err != nil {
+			return fmt.Errorf("could not open connection to db: %s", err)
+		}
+
+		u := &user.User{}
+		err = sess.Get(u, db.Cond{"handle": handle})
+		if err != nil || u == nil {
+			return fmt.Errorf("could not find user named %s: %s", handle, err)
+		}
+
+		if err := u.FetchCredentials(sess); err != nil {
+			return fmt.Errorf("could not fetch credentials for user named %s: %s", handle, err)
+		}
+
+		if !u.HasCredentials() {
+			return fmt.Errorf("User %s has no credentials to delete", handle)
+		}
+
+		if err := u.DeleteCredentials(sess); err != nil {
+			return fmt.Errorf("could not delete credentials for user named %s: %s", handle, err)
+		}
+
+		logrus.Infof("Deleted webauthn credentials for user %s", u.Name)
+		return nil
+	},
 }
 
-var userAddCommand = &command.Command{
+var UserAddCommand = &command.Command{
 	Path:        []string{"admin", "user", "create"},
 	Summary:     "Create the initial user",
 	Description: "",

cmd/db/main.go

@@ -0,0 +1,136 @@
+package db
+
+import (
+	"embed"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"git.rob.mx/nidito/chinampa/pkg/command"
+	"git.rob.mx/nidito/puerta/internal/server"
+	"github.com/sirupsen/logrus"
+	"github.com/upper/db/v4"
+	"github.com/upper/db/v4/adapter/sqlite"
+	"gopkg.in/yaml.v3"
+)
+
+//go:embed migrations/*
+var migrationsDir embed.FS
+
+const baseMigration = "0000-00-00-base.sql"
+
+func runMigration(sess db.Session, path string) error {
+	contents, err := migrationsDir.ReadFile("migrations/" + path)
+	if err != nil {
+		return err
+	}
+	q := fmt.Sprintf("%s", contents)
+	logrus.Infof("running migration\n %s", q)
+	return sess.Tx(func(sess db.Session) error {
+		q += `
+
+		;
+
+		INSERT INTO migrations (name, applied) VALUES (?, ?);
+		`
+		_, err = sess.SQL().Exec(q, path, time.Now().UTC().Format(time.RFC3339))
+
+		return err
+	})
+}
+
+var MigrationsCommand = &command.Command{
+	Path:        []string{"db", "migrate"},
+	Summary:     "Runs database migrations",
+	Description: "",
+	Options: command.Options{
+		"config": {
+			Type:    "string",
+			Default: "./config.joao.yaml",
+		},
+		"db": {
+			Type:    "string",
+			Default: "./puerta.db",
+		},
+	},
+	Action: func(cmd *command.Command) error {
+		config := cmd.Options["config"].ToValue().(string)
+		dbPath := cmd.Options["db"].ToValue().(string)
+
+		data, err := os.ReadFile(config)
+		if err != nil {
+			return fmt.Errorf("could not read config file: %w", err)
+		}
+
+		cfg := server.ConfigDefaults(dbPath)
+
+		if err := yaml.Unmarshal(data, &cfg); err != nil {
+			return fmt.Errorf("could not unserialize yaml at %s: %w", config, err)
+		}
+
+		logger := logrus.New()
+		logger.SetFormatter(&logrus.JSONFormatter{DisableTimestamp: false})
+
+		sess, err := sqlite.Open(sqlite.ConnectionURL{
+			Database: cfg.DB,
+			Options: map[string]string{
+				"_journal":      "WAL",
+				"_busy_timeout": "5000",
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		defer sess.Close()
+		cols, err := sess.Collections()
+		if err != nil {
+			return err
+		}
+
+		needsInitialMigration := true
+		for _, col := range cols {
+			if col.Name() == "migrations" {
+				logger.Infof("found migrations table: %s", col.Name())
+				needsInitialMigration = false
+				break
+			}
+		}
+
+		if needsInitialMigration {
+			logger.Info("Running initial migration")
+			if err := runMigration(sess, baseMigration); err != nil {
+				logger.Fatalf("Could not run base migration: %s", err)
+			}
+		}
+
+		migrations, err := migrationsDir.ReadDir("migrations")
+		if err != nil {
+			return err
+		}
+
+		for _, mig := range migrations {
+			name := mig.Name()
+			if strings.HasSuffix(name, ".sql") && mig.Type().IsRegular() && name != baseMigration {
+
+				cnt, err := sess.Collection("migrations").Find(db.Cond{"name": name}).Count()
+				if err != nil {
+					return fmt.Errorf("Could not count migrations for %s: %s", name, err)
+				}
+
+				if cnt > 0 {
+					logger.Infof("Already applied %s", name)
+					continue
+				}
+
+				logger.Infof("Running migration: %s", name)
+				if err := runMigration(sess, name); err != nil {
+					logger.Fatalf("Could not run base migration: %s", err)
+				}
+			}
+		}
+
+		return nil
+	},
+}

cmd/db/migrations/0000-00-00-base.sql

@@ -0,0 +1,4 @@
+CREATE TABLE migrations (
+  name TEXT NOT NULL,
+  applied TEXT NOT NULL
+);

cmd/db/migrations/2023-04-15-add-subscriptions.sql

@@ -0,0 +1,11 @@
+CREATE TABLE subscription(
+  user INTEGER NOT NULL,
+  data TEXT NOT NULL,
+  FOREIGN KEY(user) REFERENCES user(id) ON DELETE CASCADE
+);
+
+CREATE INDEX subscription_user ON subscription(user);
+
+ALTER TABLE user ADD COLUMN receives_notifications BOOLEAN DEFAULT 0 NOT NULL;
+
+

cmd/hue/main.go

@@ -6,18 +6,12 @@ import (
 	"fmt"
 	"os"
 
-	"git.rob.mx/nidito/chinampa"
 	"git.rob.mx/nidito/chinampa/pkg/command"
 	"git.rob.mx/nidito/puerta/internal/door"
 	"github.com/sirupsen/logrus"
 )
 
-func init() {
-	chinampa.Register(setupHueCommand)
-	chinampa.Register(testHueCommand)
-}
-
-var setupHueCommand = &command.Command{
+var SetupHueCommand = &command.Command{
 	Path:        []string{"hue", "setup"},
 	Summary:     "Creates a local hue user and finds out available plugs",
 	Description: "",
@@ -53,7 +47,7 @@ var setupHueCommand = &command.Command{
 	},
 }
 
-var testHueCommand = &command.Command{
+var TestHueCommand = &command.Command{
 	Path:        []string{"hue", "test"},
 	Summary:     "Uses a given configuration to open door",
 	Description: "",

cmd/server/main.go

@@ -7,18 +7,13 @@ import (
 	"net/http"
 	"os"
 
-	"git.rob.mx/nidito/chinampa"
 	"git.rob.mx/nidito/chinampa/pkg/command"
 	"git.rob.mx/nidito/puerta/internal/server"
 	"github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
 )
 
-func init() {
-	chinampa.Register(serverCommand)
-}
-
-var serverCommand = &command.Command{
+var ServerCommand = &command.Command{
 	Path:        []string{"server"},
 	Summary:     "Runs the http server",
 	Description: "",

config.template.yaml

@@ -12,3 +12,11 @@ adapter:
 http:
   listen: "localhost:8080"
   origin: http://localhost:8080
+  protocol: http
+
+push:
+  key:
+    # https://github.com/SherClockHolmes/webpush-go#generating-vapid-keys
+    # wish it was simpler to export base64-url-encoded raw bytes from openssl, but alas
+    private:
+    public:

go.mod

@@ -1,56 +1,58 @@
 module git.rob.mx/nidito/puerta
 
-go 1.18
+go 1.20
 
 require (
-	git.rob.mx/nidito/chinampa v0.0.0-20230102065449-d9b257e145ce
-	github.com/alexedwards/scs/v2 v2.5.0
+	git.rob.mx/nidito/chinampa v0.1.0
+	github.com/SherClockHolmes/webpush-go v1.2.0
+	github.com/alexedwards/scs/v2 v2.5.1
 	github.com/amimof/huego v1.2.1
-	github.com/go-webauthn/webauthn v0.6.0
+	github.com/go-webauthn/webauthn v0.8.2
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/upper/db/v4 v4.6.0
-	golang.org/x/crypto v0.4.0
+	golang.org/x/crypto v0.8.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/alecthomas/chroma v0.10.0 // indirect
-	github.com/aymanbagabas/go-osc52 v1.2.1 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/charmbracelet/glamour v0.6.0 // indirect
-	github.com/dlclark/regexp2 v1.7.0 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/dlclark/regexp2 v1.9.0 // indirect
+	github.com/fatih/color v1.15.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
-	github.com/go-webauthn/revoke v0.1.6 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.12.0 // indirect
+	github.com/go-webauthn/revoke v0.1.9 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/google/go-tpm v0.3.3 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.2.3 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mattn/go-sqlite3 v1.14.16 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.21 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.23 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
-	github.com/muesli/termenv v0.13.0 // indirect
+	github.com/muesli/termenv v0.15.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/rivo/uniseg v0.4.3 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
-	github.com/spf13/cobra v1.6.1 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	github.com/yuin/goldmark v1.5.3 // indirect
+	github.com/yuin/goldmark v1.5.4 // indirect
 	github.com/yuin/goldmark-emoji v1.0.1 // indirect
-	golang.org/x/net v0.4.0 // indirect
-	golang.org/x/sys v0.3.0 // indirect
-	golang.org/x/term v0.3.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/term v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
 )

go.sum

@@ -1,21 +1,23 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-git.rob.mx/nidito/chinampa v0.0.0-20230102065449-d9b257e145ce h1:fKG3wUdPgsviY2mE79vhXL4CalNdvhkL6vDAtdyVt0I=
-git.rob.mx/nidito/chinampa v0.0.0-20230102065449-d9b257e145ce/go.mod h1:obhWsLkUIlKJyhfa7uunrSs2O44JBqsegSAtAvY2LRM=
+git.rob.mx/nidito/chinampa v0.1.0 h1:uEaYTY2HJyNemIWIjERq6LNRrVIkjHoE835PkxmzsNI=
+git.rob.mx/nidito/chinampa v0.1.0/go.mod h1:ImvF16HDuvzSgb1VYOlrw6v1Hy/QNNNr2drVetpEvsk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/SherClockHolmes/webpush-go v1.2.0 h1:sGv0/ZWCvb1HUH+izLqrb2i68HuqD/0Y+AmGQfyqKJA=
+github.com/SherClockHolmes/webpush-go v1.2.0/go.mod h1:w6X47YApe/B9wUz2Wh8xukxlyupaxSSEbu6yKJcHN2w=
 github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek=
 github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexedwards/scs/v2 v2.5.0 h1:zgxOfNFmiJyXG7UPIuw1g2b9LWBeRLh3PjfB9BDmfL4=
-github.com/alexedwards/scs/v2 v2.5.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
+github.com/alexedwards/scs/v2 v2.5.1 h1:EhAz3Kb3OSQzD8T+Ub23fKsiuvE0GzbF5Lgn0uTwM3Y=
+github.com/alexedwards/scs/v2 v2.5.1/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
 github.com/amimof/huego v1.2.1 h1:kd36vsieclW4fZ4Vqii9DNU2+6ptWWtkp4OG0AXM8HE=
 github.com/amimof/huego v1.2.1/go.mod h1:z1Sy7Rrdzmb+XsGHVEhODrRJRDq4RCFW7trCI5cKmeA=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4=
-github.com/aymanbagabas/go-osc52 v1.2.1 h1:q2sWUyDcozPLcLabEMd+a+7Ea2DitxZVN9hTxab9L4E=
-github.com/aymanbagabas/go-osc52 v1.2.1/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -37,7 +39,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -45,13 +46,13 @@ github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
-github.com/dlclark/regexp2 v1.7.0 h1:7lJfhqlPssTb1WQx4yvTHN0uElPEv52sbaECrAQxjAo=
-github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dlclark/regexp2 v1.9.0 h1:pTK/l/3qYIKaRXuHnEnIf7Y5NxfRPfpb7dis6/gdlVI=
+github.com/dlclark/regexp2 v1.9.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
 github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
@@ -61,25 +62,26 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
+github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU=
-github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8=
-github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU=
-github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY=
+github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
+github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
+github.com/go-webauthn/webauthn v0.8.2 h1:8KLIbpldjz9KVGHfqEgJNbkhd7bbRXhNw4QWFJE15oA=
+github.com/go-webauthn/webauthn v0.8.2/go.mod h1:d+ezx/jMCNDiqSMzOchuynKb9CVU1NM9BumOnokfcVQ=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
-github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -118,7 +120,6 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/ipfs/go-detect-race v0.0.1 h1:qX/xay2W3E4Q1U7d9lNs1sU9nvguX0a7319XbyQ6cOk=
@@ -172,17 +173,14 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA=
+github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -193,16 +191,14 @@ github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
@@ -211,8 +207,9 @@ github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/microcosm-cc/bluemonday v1.0.21 h1:dNH3e4PSyE4vNX+KlRGHT5KrSvjeUkoNPwEORjffHJg=
 github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=
+github.com/microcosm-cc/bluemonday v1.0.23 h1:SMZe2IGa0NuHvnVNAZ+6B38gsTbi5e4sViiWJyDDqFY=
+github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgStuPzlK76QuruE/z4=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@@ -220,14 +217,14 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
 github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
-github.com/muesli/termenv v0.13.0 h1:wK20DRpJdDX8b7Ek2QfhvqhRQFZ237RGRO0RQ/Iqdy0=
 github.com/muesli/termenv v0.13.0/go.mod h1:sP1+uffeLaEYpyOTb8pLCUctGcGLnoFjSn4YJK5e2bc=
+github.com/muesli/termenv v0.15.1 h1:UzuTb/+hhlBugQz28rpzey4ZuKcZ03MeKsoG7IJZIxs=
+github.com/muesli/termenv v0.15.1/go.mod h1:HeAQPTzpfs016yGtA4g00CsdYnVLJvxsS4ANqrZs2sQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -246,13 +243,10 @@ github.com/remyoudompheng/bigfft v0.0.0-20190728182440-6a916e37a237/go.mod h1:qq
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
-github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
@@ -277,8 +271,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -288,13 +282,17 @@ github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/y
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
@@ -306,8 +304,8 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.5.2/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.5.3 h1:3HUJmBFbQW9fhQOzMgseU134xfi6hU+mjWywx5Ty+/M=
-github.com/yuin/goldmark v1.5.3/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.5.4 h1:2uY/xC0roWy8IBEGLgB1ywIoEJFGmRrX21YQcvGZzjU=
+github.com/yuin/goldmark v1.5.4/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark-emoji v1.0.1 h1:ctuWEyzGBwiucEqxzwe0SOYDXPAucOrE9NQC18Wa1os=
 github.com/yuin/goldmark-emoji v1.0.1/go.mod h1:2w1E6FEWLcDQkoTE+7HU6QF1F6SLlNGjRIBbIZQFqkQ=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
@@ -325,6 +323,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -335,10 +334,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20181106170214-d68db9428509/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -360,8 +358,8 @@ golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -386,26 +384,26 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
-golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -444,9 +442,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 h1:VpOs+IwYnYBaFnrNAeB8UUWtL3vEUnzSCL1nVjPhqrw=

internal/push/push.go

@@ -0,0 +1,40 @@
+package push
+
+import (
+	"git.rob.mx/nidito/puerta/internal/user"
+	webpush "github.com/SherClockHolmes/webpush-go"
+)
+
+type VAPIDKey struct {
+	Private string
+	Public  string
+}
+
+type Config struct {
+	Key *VAPIDKey
+}
+
+type Notifier struct {
+	cfg *Config
+}
+
+var self *Notifier
+
+func Notify(message string, subscriber *user.Subscription) error {
+	resp, err := webpush.SendNotification([]byte(message), subscriber.AsWebPush(), &webpush.Options{
+		Subscriber:      subscriber.ID(),
+		VAPIDPublicKey:  self.cfg.Key.Public,
+		VAPIDPrivateKey: self.cfg.Key.Private,
+		TTL:             30,
+	})
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+func Initialize(cfg *Config) {
+	self = &Notifier{cfg}
+}

internal/server/admin.go

@@ -4,9 +4,11 @@ package server
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
 
 	"git.rob.mx/nidito/puerta/internal/user"
+	"github.com/SherClockHolmes/webpush-go"
 	"github.com/julienschmidt/httprouter"
 	"github.com/sirupsen/logrus"
 	"github.com/upper/db/v4"
@@ -134,6 +136,59 @@ func deleteUser(w http.ResponseWriter, r *http.Request, params httprouter.Params
 	w.WriteHeader(http.StatusNoContent)
 }
 
+func createSubscription(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+	u := user.FromContext(r)
+	dec := json.NewDecoder(r.Body)
+	res := &webpush.Subscription{}
+	if err := dec.Decode(&res); err != nil {
+		sendError(w, err)
+		return
+	}
+	logrus.Infof("Unserialized subscription data: %v", res)
+
+	sub := &user.Subscription{
+		UserID: u.ID,
+		Data:   &user.WPS{Subscription: res},
+	}
+
+	ins, err := _db.Collection("subscription").Insert(sub)
+	if err != nil {
+		sendError(w, err)
+		return
+	}
+
+	logrus.Infof("Created subscription for: %s (%v)", u.Handle, ins)
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(`{"status": "ok"}`))
+}
+
+func deleteSubscription(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+	u := user.FromContext(r)
+
+	dec := json.NewDecoder(r.Body)
+	res := &webpush.Subscription{}
+	if err := dec.Decode(&res); err != nil {
+		sendError(w, err)
+		return
+	}
+	encoded, err := json.Marshal(res)
+
+	if err != nil {
+		sendError(w, err)
+		return
+	}
+
+	err = _db.Collection("subscription").Find(db.Cond{"user": u.ID, "data": db.Like(fmt.Sprintf("%%%s%%", encoded))}).Delete()
+	if err != nil {
+		sendError(w, fmt.Errorf("could not delete subscription: %s", err))
+		return
+	}
+
+	logrus.Infof("Deleted subscription for: %s (%s)", u.Handle, encoded)
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(`{"status": "ok"}`))
+}
+
 func rexRecords(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
 	records := []*auditLog{}
 	err := _db.Collection("log").Find().OrderBy("-timestamp").Limit(20).All(&records)

internal/server/admin.html

@@ -9,6 +9,7 @@
     <link rel="stylesheet" href="https://cdn.rob.mx/css/fonts.css" />
     <link rel="stylesheet" href="https://cdn.rob.mx/nidito/index.css" />
     <link rel="stylesheet" href="/static/index.css" />
+    <link rel="manifest" href="/static/admin-manifest.webmanifest" />
     <style>
     #user-list {
       display: grid;
@@ -41,6 +42,7 @@
           <a class="nav-item" href="#invitades">Invitades</a>
           <a class="nav-item" href="#crear">Crear Invitade</a>
           <a class="nav-item" href="#registro">Registro</a>
+          <button id="push-notifications">🔔</button>
         </nav>
       </div>
     </header>
@@ -156,6 +158,10 @@
                 <input id="edit-second_factor" type="checkbox" name="second_factor" /><label for="edit-second_factor">Requiere 2FA?</label>
               </div>
 
+              <div>
+                <input id="edit-receives_notifications" type="checkbox" name="receives_notifications" /><label for="edit-receives_notifications">Recibe Notificaciones?</label>
+              </div>
+
               <div id="actions">
                 <button class="user-delete">Eliminar</button>
                 <button class="user-save">Guardar cambios</button>
@@ -190,11 +196,15 @@
           <input type="text" name="max_ttl" placeholder="30d" autocorrect="off"/>
 
            <div>
-            <input type="checkbox" name="is_admin" /><label for="admin">Admin?</label>
+            <input type="checkbox" name="is_admin" /><label for="is_admin">Admin?</label>
           </div>
 
           <div>
-            <input type="checkbox" name="second_factor" /><label for="admin">Requiere 2FA?</label>
+            <input type="checkbox" name="second_factor" /><label for="second_factor">Requiere 2FA?</label>
+          </div>
+
+          <div>
+            <input type="checkbox" name="receives_notifications" /><label for="receives_notifications">Recibe Notificaciones?</label>
           </div>
 
           <button id="create-user-submit" type="submit">Crear</button>
@@ -235,7 +245,7 @@
     </main>
 
     <script type="module" src="https://unpkg.com/@github/webauthn-json@2.0.2/dist/esm/webauthn-json.browser-ponyfill.js"></script>
-
+    <script>window._PushKey = "$PUSH_KEY$"</script>
     <script type="module" src="/static/admin.js"></script>
   </body>
 </html>

internal/server/server.go

@@ -3,16 +3,20 @@
 package server
 
 import (
+	"bytes"
 	"embed"
 	"fmt"
+	"io"
 	"io/fs"
 	"log"
 	"net/http"
+	"os"
 	"time"
 
 	"git.rob.mx/nidito/puerta/internal/auth"
 	"git.rob.mx/nidito/puerta/internal/door"
 	"git.rob.mx/nidito/puerta/internal/errors"
+	"git.rob.mx/nidito/puerta/internal/push"
 	"git.rob.mx/nidito/puerta/internal/user"
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/julienschmidt/httprouter"
@@ -46,6 +50,7 @@ type Config struct {
 	Name    string         `yaml:"name"`
 	Adapter map[string]any `yaml:"adapter"`
 	HTTP    *HTTPConfig    `yaml:"http"`
+	WebPush *push.Config   `yaml:"push"`
 
 	DB string `yaml:"db"`
 }
@@ -124,6 +129,27 @@ func allowCORS(handler httprouter.Handle) httprouter.Handle {
 	}
 }
 
+func notifyAdmins(message string) {
+	subs := []*user.Subscription{}
+	err := _db.SQL().
+		SelectFrom("subscription as s").
+		Join("user as u").
+		On(`u.id = s.user and u.receives_notifications and u.is_admin`).
+		All(&subs)
+	if err != nil {
+		logrus.Errorf("could not fetch subscriptions: %s", err)
+	}
+
+	logrus.Infof("notifying %v admins", subs[0].AsWebPush())
+
+	for _, sub := range subs {
+		err := push.Notify(message, sub)
+		if err != nil {
+			logrus.Errorf("could not push notification to subscription %s: %s", sub.ID, err)
+		}
+	}
+}
+
 func rex(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	var err error
 	u := user.FromContext(r)
@@ -149,6 +175,7 @@ func rex(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 		http.Error(w, message, code)
 		return
 	}
+	go notifyAdmins(fmt.Sprintf("%s abrió la puerta", u.Name))
 
 	fmt.Fprintf(w, `{"status": "ok"}`)
 }
@@ -156,6 +183,7 @@ func rex(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 var _db db.Session
 
 func Initialize(config *Config) (http.Handler, error) {
+	devMode := os.Getenv("ENV") == "dev"
 	router := httprouter.New()
 	router.GlobalOPTIONS = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		allowCORS(nil)(w, r, nil)
@@ -178,26 +206,57 @@ func Initialize(config *Config) (http.Handler, error) {
 		return nil, err
 	}
 
+	origins := []string{config.HTTP.Protocol + "://" + config.HTTP.Origin}
+	if devMode {
+		origins = []string{config.HTTP.Protocol + "://" + config.HTTP.Listen}
+	}
+
 	wan, err := webauthn.New(&webauthn.Config{
 		RPDisplayName: config.Name,
 		RPID:          config.HTTP.Origin,
-		RPOrigins:     []string{config.HTTP.Protocol + "://" + config.HTTP.Origin},
-		// For dev:
-		// RPOrigins:     []string{config.HTTP.Protocol + "://" + config.HTTP.Listen},
+		RPOrigins:     origins,
 	})
 	if err != nil {
 		return nil, err
 	}
 
-	serverRoot, err := fs.Sub(staticFiles, "static")
-	if err != nil {
-		log.Fatal(err)
+	push.Initialize(config.WebPush)
+
+	var assetRoot http.FileSystem
+	if devMode {
+		pwd, _ := os.Getwd()
+		dir := pwd + "/internal/server/static/"
+		logrus.Warnf("serving static assets from %s", dir)
+		assetRoot = http.Dir(dir)
+	} else {
+		subfs, err := fs.Sub(staticFiles, "static")
+		if err != nil {
+			log.Fatal(err)
+		}
+		assetRoot = http.FS(subfs)
 	}
 
-	router.ServeFiles("/static/*filepath", http.FS(serverRoot))
+	router.ServeFiles("/static/*filepath", assetRoot)
 	router.GET("/login", renderTemplate(loginTemplate))
 	router.GET("/", auth.RequireAuthOrRedirect(renderTemplate(indexTemplate), "/login"))
-	router.GET("/admin", auth.RequireAdmin(renderTemplate(adminTemplate)))
+	router.GET("/admin-serviceworker.js", func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
+		f, err := assetRoot.Open("/admin-serviceworker.js")
+		if err != nil {
+			sendError(w, err)
+			return
+		}
+
+		buf, err := io.ReadAll(f)
+		if err != nil {
+			sendError(w, err)
+			return
+		}
+
+		w.Header().Add("content-type", "application/javascript")
+		w.WriteHeader(200)
+		w.Write(buf)
+	})
+	router.GET("/admin", auth.RequireAdmin(renderTemplate(bytes.ReplaceAll(adminTemplate, []byte("$PUSH_KEY$"), []byte(config.WebPush.Key.Public)))))
 
 	// regular api
 	router.POST("/api/login", auth.LoginHandler)
@@ -211,6 +270,8 @@ func Initialize(config *Config) (http.Handler, error) {
 	router.POST("/api/user", allowCORS(auth.RequireAdmin(auth.Enforce2FA(createUser))))
 	router.POST("/api/user/:id", allowCORS(auth.RequireAdmin(auth.Enforce2FA(updateUser))))
 	router.DELETE("/api/user/:id", allowCORS(auth.RequireAdmin(auth.Enforce2FA(deleteUser))))
+	router.POST("/api/push/subscribe", allowCORS(auth.RequireAdmin(auth.Enforce2FA(createSubscription))))
+	router.POST("/api/push/unsubscribe", allowCORS(auth.RequireAdmin(auth.Enforce2FA(deleteSubscription))))
 
 	return auth.Route(wan, _db, router), nil
 }

internal/server/static/admin-manifest.webmanifest

@@ -0,0 +1,15 @@
+{
+  "background_color": "#ffc6d7",
+  "description": "Abre la puerta del Castillo de Chapultebob",
+  "display": "standalone",
+  "icons": [
+    {
+      "src": "static/512.png",
+      "sizes": "512x512",
+      "type": "image/png"
+    }
+  ],
+  "name": "Admin Puerta",
+  "short_name": "Admin Puerta",
+  "start_url": "/admin"
+}

internal/server/static/admin-serviceworker.js

@@ -0,0 +1,11 @@
+self.addEventListener("activate", event => {
+  console.log("Service worker activated");
+});
+
+
+self.addEventListener('push', (event) => {
+  let notification = event.data.text();
+  console.log(`got notification: ${notification}`)
+  console.log(`evt: `, event)
+  self.registration.showNotification(notification);
+});

internal/server/static/admin.js

@@ -43,6 +43,7 @@ class UserInfoPanel extends HTMLElement {
     panel.querySelector('input[name=max_ttl]').value = this.getAttribute("max_ttl")
     panel.querySelector('input[name=is_admin]').checked = this.hasAttribute("is_admin")
     panel.querySelector('input[name=second_factor]').checked = this.hasAttribute("second_factor")
+    panel.querySelector('input[name=receives_notifications]').checked = this.hasAttribute("receives_notifications")
     panel.querySelector("button.user-edit").addEventListener('click', evt => {
       form.classList.toggle("hidden")
       this.classList.toggle("editing")
@@ -176,6 +177,7 @@ function userFromForm(form) {
 
   user.is_admin = user.is_admin == "on"
   user.second_factor = user.second_factor == "on"
+  user.receives_notifications = user.receives_notifications == "on"
   return user
 }
 
@@ -217,6 +219,36 @@ async function CreateUser(form) {
   window.location.hash = "#invitades"
 }
 
+async function CreateSubscription(subData) {
+  let response = await webauthn.withAuth("/api/push/subscribe", {
+    credentials: "include",
+    method: "POST",
+    body: subData,
+    headers: {
+      'Content-Type': 'application/json'
+    }
+  })
+
+  if (!response.ok) {
+    throw new Error("Could not create subscription:", response)
+  }
+}
+
+async function DeleteSubscription(subData) {
+  let response = await webauthn.withAuth("/api/push/unsubscribe", {
+    credentials: "include",
+    method: "POST",
+    body: subData,
+    headers: {
+      'Content-Type': 'application/json'
+    }
+  })
+
+  if (!response.ok) {
+    throw new Error("Could not delete subscription:", response)
+  }
+}
+
 
 async function switchTab() {
   let tabName = window.location.hash.toLowerCase().replace("#", "")
@@ -258,8 +290,75 @@ window.addEventListener("load", async function() {
   })
 
   switchTab()
+
+  const reg = await navigator.serviceWorker.register("/admin-serviceworker.js", {
+    type: "module",
+    scope: "/"
+  })
+
+  const sub = await reg.pushManager.getSubscription()
+  console.log(`registered SW, push sub: ${sub}`, reg)
+
+  const pnb = document.querySelector("#push-notifications")
+
+  if (sub) {
+    pnb.classList.add("subscribed")
+    pnb.innerHTML = "🔕"
+  } else {
+    pnb.classList.remove("subscribed")
+    pnb.innerHTML = "🔔"
+  }
+
+  pnb.addEventListener('click', async evt =>{
+    if (!pnb.classList.contains("subscribed")) {
+      if (await createPushSubscription()) {
+        pnb.classList.add("subscribed")
+        pnb.innerHTML = "🔕"
+      }
+    } else {
+      if (await deletePushSubscription()) {
+        pnb.classList.remove("subscribed")
+        pnb.innerHTML = "🔔"
+      }
+    }
+  })
 })
 
+async function createPushSubscription() {
+  const registration = await navigator.serviceWorker.getRegistration()
+  const result = await Notification.requestPermission();
+  if (result == "denied") {
+    return false
+  }
+  const subscription = await registration.pushManager.subscribe({
+    userVisibleOnly: true,
+    applicationServerKey: urlB64ToUint8Array(window._PushKey)
+  })
+
+  return await CreateSubscription(JSON.stringify(subscription.toJSON()))
+}
+
+async function deletePushSubscription() {
+  const registration = await navigator.serviceWorker.getRegistration()
+  const subscription = await registration.pushManager.getSubscription()
+  if (await subscription.unsubscribe()) {
+    return await DeleteSubscription(JSON.stringify(subscription.toJSON()))
+  }
+}
+
+const urlB64ToUint8Array = (base64String) => {
+  const padding = '='.repeat((4 - base64String.length % 4) % 4);
+  const base64 = (base64String + padding)
+    .replace(/\-/g, '+')
+    .replace(/_/g, '/');
+  const rawData = window.atob(base64);
+  const outputArray = new Uint8Array(rawData.length);
+  for (let i = 0; i < rawData.length; ++i) {
+    outputArray[i] = rawData.charCodeAt(i);
+  }
+  return outputArray;
+};
+
 window.addEventListener('hashchange', () => {
   switchTab()
 })

internal/server/static/manifest.webmanifest

@@ -1,7 +1,7 @@
 {
   "background_color": "#ffc6d7",
   "description": "Abre la puerta del Castillo de Chapultebob",
-  "display": "fullscreen",
+  "display": "standalone",
   "icons": [
     {
       "src": "static/icon@192.png",

internal/user/credential.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 
 	"github.com/go-webauthn/webauthn/webauthn"
+	"github.com/upper/db/v4"
 )
 
 type Credential struct {
@@ -23,3 +24,7 @@ func (c *Credential) AsWebAuthn() webauthn.Credential {
 	}
 	return *c.wan
 }
+
+func (c *Credential) Store(sess db.Session) db.Store {
+	return sess.Collection("credential")
+}

internal/user/subscription.go

@@ -0,0 +1,75 @@
+package user
+
+import (
+	"database/sql"
+	"encoding/json"
+	"fmt"
+
+	"github.com/SherClockHolmes/webpush-go"
+	"github.com/upper/db/v4"
+)
+
+type WPS struct {
+	*webpush.Subscription
+}
+
+func (w *WPS) Scan(value any) error {
+	if value == nil {
+		return nil
+	}
+
+	sub := &webpush.Subscription{}
+	if valueStr, ok := value.(string); ok {
+		if err := json.Unmarshal([]byte(valueStr), &sub); err != nil {
+			return fmt.Errorf("could not unmarshal str: %s, err: %s", valueStr, err)
+		}
+		w.Subscription = sub
+	} else if valueList, ok := value.([]byte); ok {
+		if err := json.Unmarshal(valueList, &sub); err != nil {
+			return fmt.Errorf("could not unmarshal bytes: %s, err: %s", valueList, err)
+		}
+		w.Subscription = sub
+	}
+
+	return nil
+}
+
+func (w WPS) MarshalDB() (any, error) {
+	return json.Marshal(w.Subscription)
+}
+
+func (w WPS) MarshalJSON() ([]byte, error) {
+	return json.Marshal(w.Subscription)
+}
+
+func (w *WPS) UnmarshalJSON(value []byte) error {
+	sub := &webpush.Subscription{}
+	if err := json.Unmarshal(value, &sub); err != nil {
+		return err
+	}
+	w.Subscription = sub
+	return nil
+}
+
+type Subscription struct {
+	UserID int  `db:"user"`
+	Data   *WPS `db:"data"`
+}
+
+func (s *Subscription) AsWebPush() *webpush.Subscription {
+	return s.Data.Subscription
+}
+
+func (s *Subscription) ID() string {
+	return fmt.Sprintf("user-%d@puerta.nidi.to", s.UserID)
+}
+
+func (s *Subscription) Store(sess db.Session) db.Store {
+	return sess.Collection("subscription")
+}
+
+var _ sql.Scanner = &WPS{}
+var _ db.Record = &Subscription{}
+var _ db.Marshaler = &WPS{}
+var _ json.Marshaler = &WPS{}
+var _ json.Unmarshaler = &WPS{}

internal/user/user.go

@@ -36,6 +36,8 @@ type User struct {
 	Require2FA  bool      `db:"second_factor" json:"second_factor"`
 	Schedule    *Schedule `db:"schedule,omitempty" json:"schedule,omitempty"`
 	TTL         *TTL      `db:"max_ttl,omitempty" json:"max_ttl,omitempty"`
+	IsNotified  bool      `db:"receives_notifications" json:"receives_notifications"`
+	subs        []*Subscription
 	credentials []*Credential
 }
 
@@ -86,6 +88,17 @@ func (u *User) FetchCredentials(sess db.Session) error {
 	return nil
 }
 
+func (u *User) DeleteCredentials(sess db.Session) error {
+	err := sess.Collection("credential").Find(db.Cond{"user": u.ID}).Delete()
+	if err != nil {
+		return err
+	}
+	u.credentials = []*Credential{}
+	logrus.Debugf("deleted all credentials for %d", u.ID)
+
+	return nil
+}
+
 func (o *User) UnmarshalJSON(b []byte) error {
 	type alias User
 	xo := &alias{TTL: &DefaultTTL}

main.go

@@ -7,9 +7,10 @@ import (
 
 	"git.rob.mx/nidito/chinampa"
 	"git.rob.mx/nidito/chinampa/pkg/runtime"
-	_ "git.rob.mx/nidito/puerta/cmd/admin"
-	_ "git.rob.mx/nidito/puerta/cmd/hue"
-	_ "git.rob.mx/nidito/puerta/cmd/server"
+	"git.rob.mx/nidito/puerta/cmd/admin"
+	"git.rob.mx/nidito/puerta/cmd/db"
+	"git.rob.mx/nidito/puerta/cmd/hue"
+	"git.rob.mx/nidito/puerta/cmd/server"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,6 +33,15 @@ func main() {
 		Description: "Does other door related stuff too.",
 	}
 
+	chinampa.Register(
+		admin.UserAddCommand,
+		admin.UserReset2faCommand,
+		hue.SetupHueCommand,
+		hue.TestHueCommand,
+		server.ServerCommand,
+		db.MigrationsCommand,
+	)
+
 	if err := chinampa.Execute(cfg); err != nil {
 		logrus.Errorf("total failure: %s", err)
 		os.Exit(2)

schema.sql

@@ -9,7 +9,8 @@ CREATE TABLE user(
   max_ttl TEXT DEFAULT "30d", -- golang auth.TTL
   schedule TEXT, -- golang auth.UserSchedule
   second_factor BOOLEAN DEFAULT 1,
-  is_admin BOOLEAN DEFAULT 0 NOT NULL
+  is_admin BOOLEAN DEFAULT 0 NOT NULL,
+  receives_notifications BOOLEAN DEFAULT 0 NOT NULL
 );
 
 CREATE INDEX user_id ON user(id);
@@ -43,6 +44,19 @@ CREATE TABLE log(
   user_agent varchar(255) NOT NULL
 );
 
+CREATE TABLE subscription(
+  user INTEGER NOT NULL,
+  data TEXT NOT NULL,
+  FOREIGN KEY(user) REFERENCES user(id) ON DELETE CASCADE
+);
+
+CREATE INDEX subscription_user ON subscription(user);
+
 CREATE INDEX log_timestamp_idx ON log(timestamp);
 CREATE INDEX log_timestamp_error_idx ON log(timestamp,error);
 CREATE INDEX log_timestamp_user_idx ON log(timestamp,user);
+
+CREATE TABLE migrations (
+  name TEXT NOT NULL,
+  applied TEXT NOT NULL
+);