ascii-chat 0.8.38
Real-time terminal-based video chat with ASCII art conversion
Loading...
Searching...
No Matches
discovery/database.c
Go to the documentation of this file.
1
10#include <ascii-chat/discovery/database.h>
11#include <ascii-chat/discovery/strings.h>
12#include <ascii-chat/log/logging.h>
13#include <ascii-chat/network/webrtc/turn_credentials.h>
14#include <ascii-chat/util/time.h>
15#include <string.h>
16#include <time.h>
17#include <inttypes.h>
18#include <sodium.h>
19
20// ============================================================================
21// SQL Query Constants (Defined Once - Compile-time string concatenation)
22// ============================================================================
23
24// Base SELECT for all session fields
25#define SELECT_SESSION_BASE \
26 "SELECT session_string, session_id, host_pubkey, password_hash, " \
27 "max_participants, current_participants, capabilities, has_password, " \
28 "expose_ip_publicly, session_type, server_address, server_port, " \
29 "created_at, expires_at, last_activity_at, initiator_id, host_established, " \
30 "host_participant_id, host_address, host_port, host_connection_type, " \
31 "in_migration, migration_start_ns FROM sessions"
32
33// ============================================================================
34// SQL schema for creating tables
35// ============================================================================
36
37static const char *schema_sql =
38 // Sessions table (session_string is primary key for uniqueness guarantee)
39 "CREATE TABLE IF NOT EXISTS sessions ("
40 " session_string TEXT PRIMARY KEY," // Prevents duplicate session strings at DB level
41 " session_id BLOB UNIQUE NOT NULL," // Kept for compatibility, still unique
42 " host_pubkey BLOB NOT NULL,"
43 " password_hash TEXT,"
44 " max_participants INTEGER DEFAULT 4,"
45 " current_participants INTEGER DEFAULT 0,"
46 " capabilities INTEGER DEFAULT 3," // video + audio
47 " has_password INTEGER DEFAULT 0,"
48 " expose_ip_publicly INTEGER DEFAULT 0,"
49 " session_type INTEGER DEFAULT 0,"
50 " server_address TEXT,"
51 " server_port INTEGER DEFAULT 0,"
52 " created_at INTEGER NOT NULL,"
53 " expires_at INTEGER NOT NULL,"
54 " last_activity_at INTEGER NOT NULL,"
55 // Discovery mode host negotiation fields
56 " initiator_id BLOB," // First participant (for tiebreaker)
57 " host_established INTEGER DEFAULT 0," // 0=negotiating, 1=host designated
58 " host_participant_id BLOB," // Current host's participant_id
59 " host_address TEXT," // Host's reachable address
60 " host_port INTEGER DEFAULT 0," // Host's port
61 " host_connection_type INTEGER DEFAULT 0," // How to reach host
62 // Host migration state
63 " in_migration INTEGER DEFAULT 0," // 0=not migrating, 1=collecting HOST_LOST packets
64 " migration_start_ns INTEGER DEFAULT 0" // When migration started in nanoseconds
65 ");"
66
67 // Participants table
68 "CREATE TABLE IF NOT EXISTS participants ("
69 " participant_id BLOB PRIMARY KEY,"
70 " session_string TEXT NOT NULL,"
71 " identity_pubkey BLOB NOT NULL,"
72 " joined_at INTEGER NOT NULL,"
73 " FOREIGN KEY (session_string) REFERENCES sessions(session_string) ON DELETE CASCADE"
74 ");"
75
76 // Session keys table (multi-key support with versioning)
77 "CREATE TABLE IF NOT EXISTS session_keys ("
78 " id INTEGER PRIMARY KEY AUTOINCREMENT,"
79 " session_string TEXT NOT NULL,"
80 " identity_pubkey BLOB NOT NULL," // Ed25519 public key (32 bytes)
81 " key_version INTEGER NOT NULL," // Versioning for key rotation
82 " added_at INTEGER NOT NULL," // When key was added (Unix ms)
83 " revoked INTEGER DEFAULT 0," // 0=active, 1=revoked
84 " FOREIGN KEY (session_string) REFERENCES sessions(session_string) ON DELETE CASCADE,"
85 " UNIQUE(session_string, identity_pubkey)" // Prevent duplicate keys per session
86 ");"
87
88 // Rate limiting events
89 "CREATE TABLE IF NOT EXISTS rate_events ("
90 " id INTEGER PRIMARY KEY AUTOINCREMENT,"
91 " ip_address TEXT NOT NULL,"
92 " event_type TEXT NOT NULL,"
93 " timestamp INTEGER NOT NULL"
94 ");"
95
96 // Indexes for efficient queries
97 "CREATE INDEX IF NOT EXISTS idx_sessions_id ON sessions(session_id);"
98 "CREATE INDEX IF NOT EXISTS idx_sessions_activity ON sessions(last_activity_at);"
99 "CREATE INDEX IF NOT EXISTS idx_participants_session ON participants(session_string);"
100 "CREATE INDEX IF NOT EXISTS idx_session_keys_session ON session_keys(session_string);"
101 "CREATE INDEX IF NOT EXISTS idx_session_keys_active ON session_keys(session_string, revoked);"
102 "CREATE INDEX IF NOT EXISTS idx_rate_events ON rate_events(ip_address, event_type, timestamp);";
103
104// ============================================================================
105// Helper Functions
106// ============================================================================
107
111static void generate_uuid(uint8_t uuid_out[16]) {
112 randombytes_buf(uuid_out, 16);
113 uuid_out[6] = (uuid_out[6] & 0x0F) | 0x40; // Version 4
114 uuid_out[8] = (uuid_out[8] & 0x3F) | 0x80; // RFC4122 variant
115}
116
120static uint64_t database_get_current_time_ms(void) {
121 uint64_t current_time_ns = time_get_realtime_ns();
122 return time_ns_to_ms(current_time_ns);
123}
124
128static bool verify_password(const char *password, const char *hash) {
129 return crypto_pwhash_str_verify(hash, password, strlen(password)) == 0;
130}
131
138static session_entry_t *load_session_from_row(sqlite3_stmt *stmt) {
139 session_entry_t *session = SAFE_MALLOC(sizeof(session_entry_t), session_entry_t *);
140 if (!session) {
141 return NULL;
142 }
143 memset(session, 0, sizeof(*session));
144
145 // Column order from SELECT statements must match:
146 // 0: session_string, 1: session_id, 2: host_pubkey, 3: password_hash,
147 // 4: max_participants, 5: current_participants, 6: capabilities,
148 // 7: has_password, 8: expose_ip_publicly, 9: session_type,
149 // 10: server_address, 11: server_port, 12: created_at, 13: expires_at,
150 // 14: last_activity_at, 15: initiator_id, 16: host_established, 17: host_participant_id,
151 // 18: host_address, 19: host_port, 20: host_connection_type,
152 // 21: in_migration, 22: migration_start_ns
153
154 const char *str = (const char *)sqlite3_column_text(stmt, 0);
155 if (str) {
156 SAFE_STRNCPY(session->session_string, str, sizeof(session->session_string));
157 }
158
159 const void *blob = sqlite3_column_blob(stmt, 1);
160 if (blob) {
161 memcpy(session->session_id, blob, 16);
162 }
163
164 blob = sqlite3_column_blob(stmt, 2);
165 if (blob) {
166 memcpy(session->host_pubkey, blob, 32);
167 }
168
169 str = (const char *)sqlite3_column_text(stmt, 3);
170 if (str) {
171 SAFE_STRNCPY(session->password_hash, str, sizeof(session->password_hash));
172 }
173
174 session->max_participants = (uint8_t)sqlite3_column_int(stmt, 4);
175 session->current_participants = (uint8_t)sqlite3_column_int(stmt, 5);
176 session->capabilities = (uint8_t)sqlite3_column_int(stmt, 6);
177 session->has_password = sqlite3_column_int(stmt, 7) != 0;
178 session->expose_ip_publicly = sqlite3_column_int(stmt, 8) != 0;
179 session->session_type = (uint8_t)sqlite3_column_int(stmt, 9);
180
181 str = (const char *)sqlite3_column_text(stmt, 10);
182 if (str) {
183 SAFE_STRNCPY(session->server_address, str, sizeof(session->server_address));
184 }
185
186 session->server_port = (uint16_t)sqlite3_column_int(stmt, 11);
187 session->created_at = (uint64_t)sqlite3_column_int64(stmt, 12);
188 session->expires_at = (uint64_t)sqlite3_column_int64(stmt, 13);
189 session->last_activity_at = (uint64_t)sqlite3_column_int64(stmt, 14);
190
191 // Discovery mode host negotiation fields
192 blob = sqlite3_column_blob(stmt, 15);
193 if (blob) {
194 memcpy(session->initiator_id, blob, 16);
195 }
196
197 session->host_established = sqlite3_column_int(stmt, 16) != 0;
198
199 blob = sqlite3_column_blob(stmt, 17);
200 if (blob) {
201 memcpy(session->host_participant_id, blob, 16);
202 }
203
204 str = (const char *)sqlite3_column_text(stmt, 18);
205 if (str) {
206 SAFE_STRNCPY(session->host_address, str, sizeof(session->host_address));
207 }
208
209 session->host_port = (uint16_t)sqlite3_column_int(stmt, 19);
210 session->host_connection_type = (uint8_t)sqlite3_column_int(stmt, 20);
211
212 // Host migration state
213 session->in_migration = sqlite3_column_int(stmt, 21) != 0;
214 session->migration_start_ns = (uint64_t)sqlite3_column_int64(stmt, 22);
215
216 return session;
217}
218
222static void load_session_participants(sqlite3 *db, session_entry_t *session) {
223 static const char *sql = "SELECT participant_id, identity_pubkey, joined_at "
224 "FROM participants WHERE session_string = ?";
225
226 sqlite3_stmt *stmt = NULL;
227 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
228 return;
229 }
230
231 sqlite3_bind_text(stmt, 1, session->session_string, -1, SQLITE_STATIC);
232
233 size_t idx = 0;
234 while (sqlite3_step(stmt) == SQLITE_ROW && idx < MAX_PARTICIPANTS) {
235 participant_t *p = SAFE_MALLOC(sizeof(participant_t), participant_t *);
236 if (!p) {
237 break;
238 }
239 memset(p, 0, sizeof(*p));
240
241 const void *blob = sqlite3_column_blob(stmt, 0);
242 if (blob) {
243 memcpy(p->participant_id, blob, 16);
244 }
245
246 blob = sqlite3_column_blob(stmt, 1);
247 if (blob) {
248 memcpy(p->identity_pubkey, blob, 32);
249 }
250
251 p->joined_at = (uint64_t)sqlite3_column_int64(stmt, 2);
252
253 session->participants[idx++] = p;
254 }
255
256 sqlite3_finalize(stmt);
257}
258
259// ============================================================================
260// Database Lifecycle
261// ============================================================================
262
263asciichat_error_t database_init(const char *db_path, sqlite3 **db) {
264 if (!db_path || !db) {
265 return SET_ERRNO(ERROR_INVALID_PARAM, "db_path or db is NULL");
266 }
267
268 log_info("Opening database: %s", db_path);
269
270 int rc = sqlite3_open(db_path, db);
271 if (rc != SQLITE_OK) {
272 const char *err = sqlite3_errmsg(*db);
273 sqlite3_close(*db);
274 *db = NULL;
275 return SET_ERRNO(ERROR_CONFIG, "Failed to open database: %s", err);
276 }
277
278 // Enable Write-Ahead Logging for concurrent reads
279 char *err_msg = NULL;
280 rc = sqlite3_exec(*db, "PRAGMA journal_mode=WAL;", NULL, NULL, &err_msg);
281 if (rc != SQLITE_OK) {
282 log_warn("Failed to enable WAL mode: %s", err_msg ? err_msg : "unknown error");
283 sqlite3_free(err_msg);
284 }
285
286 // Enable foreign key constraints
287 rc = sqlite3_exec(*db, "PRAGMA foreign_keys=ON;", NULL, NULL, &err_msg);
288 if (rc != SQLITE_OK) {
289 log_error("Failed to enable foreign keys: %s", err_msg ? err_msg : "unknown error");
290 sqlite3_free(err_msg);
291 sqlite3_close(*db);
292 *db = NULL;
293 return SET_ERRNO(ERROR_CONFIG, "Failed to enable foreign keys");
294 }
295
296 // Create schema
297 rc = sqlite3_exec(*db, schema_sql, NULL, NULL, &err_msg);
298 if (rc != SQLITE_OK) {
299 log_error("Failed to create schema: %s", err_msg ? err_msg : "unknown error");
300 sqlite3_free(err_msg);
301 sqlite3_close(*db);
302 *db = NULL;
303 return SET_ERRNO(ERROR_CONFIG, "Failed to create database schema");
304 }
305
306 log_info("Database initialized successfully (SQLite as single source of truth)");
307 return ASCIICHAT_OK;
308}
309
310void database_close(sqlite3 *db) {
311 if (!db) {
312 return;
313 }
314 sqlite3_close(db);
315 log_debug("Database closed");
316}
317
318// ============================================================================
319// Session Operations
320// ============================================================================
321
322asciichat_error_t database_session_create(sqlite3 *db, const acip_session_create_t *req, const acds_config_t *config,
323 acip_session_created_t *resp) {
324 if (!db || !req || !config || !resp) {
325 return SET_ERRNO(ERROR_INVALID_PARAM, "db, req, config, or resp is NULL");
326 }
327
328 memset(resp, 0, sizeof(*resp));
329
330 // Generate or use reserved session string
331 char session_string[ACIP_MAX_SESSION_STRING_LEN] = {0};
332 if (req->reserved_string_len > 0) {
333 const char *reserved_str = (const char *)(req + 1);
334 size_t len = req->reserved_string_len < (ACIP_MAX_SESSION_STRING_LEN - 1) ? req->reserved_string_len
335 : (ACIP_MAX_SESSION_STRING_LEN - 1);
336 memcpy(session_string, reserved_str, len);
337 session_string[len] = '\0';
338
339 if (!is_session_string(session_string)) {
340 asciichat_error_context_t ctx;
341 if (HAS_ERRNO(&ctx)) {
342 return SET_ERRNO(ERROR_INVALID_PARAM, "Invalid session string: %s (%s)", session_string, ctx.context_message);
343 }
344 return SET_ERRNO(ERROR_INVALID_PARAM, "Invalid session string: %s", session_string);
345 }
346 } else {
347 asciichat_error_t result = acds_string_generate(session_string, sizeof(session_string));
348 if (result != ASCIICHAT_OK) {
349 return result;
350 }
351 }
352
353 // Generate session ID
354 uint8_t session_id[16];
355 generate_uuid(session_id);
356
357 // Set timestamps
358 uint64_t now = database_get_current_time_ms();
359 uint64_t expires_at = now + ACIP_SESSION_EXPIRATION_MS;
360
361 // Calculate max_participants
362 uint8_t max_participants =
363 req->max_participants > 0 && req->max_participants <= MAX_PARTICIPANTS ? req->max_participants : MAX_PARTICIPANTS;
364
365 // Insert into database
366 const char *sql = "INSERT INTO sessions "
367 "(session_string, session_id, host_pubkey, password_hash, max_participants, "
368 "current_participants, capabilities, has_password, expose_ip_publicly, "
369 "session_type, server_address, server_port, created_at, expires_at, last_activity_at) "
370 "VALUES (?, ?, ?, ?, ?, 0, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
371
372 sqlite3_stmt *stmt = NULL;
373 int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
374 if (rc != SQLITE_OK) {
375 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare session insert: %s", sqlite3_errmsg(db));
376 }
377
378 log_info("DATABASE_SESSION_CREATE: expose_ip_publicly=%d, server_address='%s' server_port=%u, session_type=%u, "
379 "has_password=%u",
380 req->expose_ip_publicly, req->server_address, req->server_port, req->session_type, req->has_password);
381 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
382 sqlite3_bind_blob(stmt, 2, session_id, 16, SQLITE_STATIC);
383 sqlite3_bind_blob(stmt, 3, req->identity_pubkey, 32, SQLITE_STATIC);
384 sqlite3_bind_text(stmt, 4, req->has_password ? (const char *)req->password_hash : NULL, -1, SQLITE_STATIC);
385 sqlite3_bind_int(stmt, 5, max_participants);
386 sqlite3_bind_int(stmt, 6, req->capabilities);
387 sqlite3_bind_int(stmt, 7, req->has_password ? 1 : 0);
388 sqlite3_bind_int(stmt, 8, req->expose_ip_publicly ? 1 : 0);
389 sqlite3_bind_int(stmt, 9, req->session_type);
390 sqlite3_bind_text(stmt, 10, req->server_address, -1, SQLITE_STATIC);
391 sqlite3_bind_int(stmt, 11, req->server_port);
392 sqlite3_bind_int64(stmt, 12, (sqlite3_int64)now);
393 sqlite3_bind_int64(stmt, 13, (sqlite3_int64)expires_at);
394 sqlite3_bind_int64(stmt, 14, (sqlite3_int64)now); // last_activity_at = created_at
395
396 rc = sqlite3_step(stmt);
397 sqlite3_finalize(stmt);
398
399 if (rc != SQLITE_DONE) {
400 if (rc == SQLITE_CONSTRAINT) {
401 return SET_ERRNO(ERROR_INVALID_STATE, "Session string already exists: %s", session_string);
402 }
403 return SET_ERRNO(ERROR_CONFIG, "Failed to insert session: %s", sqlite3_errmsg(db));
404 }
405
406 // Fill response
407 resp->session_string_len = (uint8_t)strlen(session_string);
408 SAFE_STRNCPY(resp->session_string, session_string, sizeof(resp->session_string));
409 memcpy(resp->session_id, session_id, 16);
410 resp->expires_at = expires_at;
411 resp->stun_count = config->stun_count;
412 resp->turn_count = config->turn_count;
413
414 log_info("Session created: %s (session_id=%02x%02x%02x%02x..., max_participants=%d, has_password=%d)", session_string,
415 session_id[0], session_id[1], session_id[2], session_id[3], max_participants, req->has_password ? 1 : 0);
416
417 return ASCIICHAT_OK;
418}
419
420asciichat_error_t database_session_lookup(sqlite3 *db, const char *session_string, const acds_config_t *config,
421 acip_session_info_t *resp) {
422 if (!db || !session_string || !config || !resp) {
423 return SET_ERRNO(ERROR_INVALID_PARAM, "db, session_string, config, or resp is NULL");
424 }
425
426 memset(resp, 0, sizeof(*resp));
427
428 const char *sql = "SELECT session_string, session_id, host_pubkey, password_hash, "
429 "max_participants, current_participants, capabilities, has_password, "
430 "expose_ip_publicly, session_type, server_address, server_port, "
431 "created_at, expires_at, last_activity_at FROM sessions WHERE session_string = ?";
432
433 sqlite3_stmt *stmt = NULL;
434 int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
435 if (rc != SQLITE_OK) {
436 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare session lookup: %s", sqlite3_errmsg(db));
437 }
438
439 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
440
441 rc = sqlite3_step(stmt);
442 if (rc != SQLITE_ROW) {
443 sqlite3_finalize(stmt);
444 resp->found = 0;
445 log_debug("Session lookup failed: %s (not found)", session_string);
446 return ASCIICHAT_OK;
447 }
448
449 // Load session data
450 resp->found = 1;
451
452 const void *blob = sqlite3_column_blob(stmt, 1);
453 if (blob) {
454 memcpy(resp->session_id, blob, 16);
455 }
456
457 blob = sqlite3_column_blob(stmt, 2);
458 if (blob) {
459 memcpy(resp->host_pubkey, blob, 32);
460 }
461
462 resp->max_participants = (uint8_t)sqlite3_column_int(stmt, 4);
463 resp->current_participants = (uint8_t)sqlite3_column_int(stmt, 5);
464 resp->capabilities = (uint8_t)sqlite3_column_int(stmt, 6);
465 resp->has_password = sqlite3_column_int(stmt, 7) != 0;
466 resp->session_type = (uint8_t)sqlite3_column_int(stmt, 9);
467 resp->created_at = (uint64_t)sqlite3_column_int64(stmt, 12);
468 resp->expires_at = (uint64_t)sqlite3_column_int64(stmt, 13);
469
470 // ACDS policy flags
471 resp->require_server_verify = config->require_server_verify ? 1 : 0;
472 resp->require_client_verify = config->require_client_verify ? 1 : 0;
473
474 sqlite3_finalize(stmt);
475
476 log_debug("Session lookup: %s (found, participants=%d/%d)", session_string, resp->current_participants,
477 resp->max_participants);
478
479 return ASCIICHAT_OK;
480}
481
482asciichat_error_t database_session_join(sqlite3 *db, const acip_session_join_t *req, const acds_config_t *config,
483 acip_session_joined_t *resp) {
484 if (!db || !req || !config || !resp) {
485 return SET_ERRNO(ERROR_INVALID_PARAM, "db, req, config, or resp is NULL");
486 }
487
488 memset(resp, 0, sizeof(*resp));
489 resp->success = 0;
490
491 // Extract session string
492 char session_string[ACIP_MAX_SESSION_STRING_LEN] = {0};
493 size_t len = req->session_string_len < (ACIP_MAX_SESSION_STRING_LEN - 1) ? req->session_string_len
494 : (ACIP_MAX_SESSION_STRING_LEN - 1);
495 memcpy(session_string, req->session_string, len);
496 session_string[len] = '\0';
497
498 // Find session
499 session_entry_t *session = database_session_find_by_string(db, session_string);
500 if (!session) {
501 resp->error_code = ACIP_ERROR_SESSION_NOT_FOUND;
502 SAFE_STRNCPY(resp->error_message, "Session not found", sizeof(resp->error_message));
503 log_warn("Session join failed: %s (not found)", session_string);
504 return ASCIICHAT_OK;
505 }
506
507 // Check if session is full
508 if (session->current_participants >= session->max_participants) {
509 session_entry_destroy(session);
510 resp->error_code = ACIP_ERROR_SESSION_FULL;
511 SAFE_STRNCPY(resp->error_message, "Session is full", sizeof(resp->error_message));
512 log_warn("Session join failed: %s (full)", session_string);
513 return ASCIICHAT_OK;
514 }
515
516 // Verify password if required
517 if (session->has_password && req->has_password) {
518 if (!verify_password(req->password, session->password_hash)) {
519 session_entry_destroy(session);
520 resp->error_code = ACIP_ERROR_INVALID_PASSWORD;
521 SAFE_STRNCPY(resp->error_message, "Invalid password", sizeof(resp->error_message));
522 log_warn("Session join failed: %s (invalid password)", session_string);
523 return ASCIICHAT_OK;
524 }
525 } else if (session->has_password && !req->has_password) {
526 session_entry_destroy(session);
527 resp->error_code = ACIP_ERROR_INVALID_PASSWORD;
528 SAFE_STRNCPY(resp->error_message, "Password required", sizeof(resp->error_message));
529 log_warn("Session join failed: %s (password required)", session_string);
530 return ASCIICHAT_OK;
531 }
532
533 // Generate participant ID
534 uint8_t participant_id[16];
535 generate_uuid(participant_id);
536 uint64_t now = database_get_current_time_ms();
537
538 // Begin transaction
539 char *err_msg = NULL;
540 int rc = sqlite3_exec(db, "BEGIN IMMEDIATE;", NULL, NULL, &err_msg);
541 if (rc != SQLITE_OK) {
542 session_entry_destroy(session);
543 log_error("Failed to begin transaction: %s", err_msg ? err_msg : "unknown");
544 sqlite3_free(err_msg);
545 return SET_ERRNO(ERROR_CONFIG, "Failed to begin transaction");
546 }
547
548 // Insert participant
549 const char *insert_sql = "INSERT INTO participants (participant_id, session_string, identity_pubkey, joined_at) "
550 "VALUES (?, ?, ?, ?)";
551 sqlite3_stmt *stmt = NULL;
552 rc = sqlite3_prepare_v2(db, insert_sql, -1, &stmt, NULL);
553 if (rc != SQLITE_OK) {
554 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
555 session_entry_destroy(session);
556 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare participant insert: %s", sqlite3_errmsg(db));
557 }
558
559 sqlite3_bind_blob(stmt, 1, participant_id, 16, SQLITE_STATIC);
560 sqlite3_bind_text(stmt, 2, session->session_string, -1, SQLITE_STATIC);
561 sqlite3_bind_blob(stmt, 3, req->identity_pubkey, 32, SQLITE_STATIC);
562 sqlite3_bind_int64(stmt, 4, (sqlite3_int64)now);
563
564 rc = sqlite3_step(stmt);
565 sqlite3_finalize(stmt);
566
567 if (rc != SQLITE_DONE) {
568 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
569 session_entry_destroy(session);
570 return SET_ERRNO(ERROR_CONFIG, "Failed to insert participant: %s", sqlite3_errmsg(db));
571 }
572
573 // Update participant count and last activity
574 const char *update_sql = "UPDATE sessions SET current_participants = current_participants + 1, "
575 "last_activity_at = ? WHERE session_string = ?";
576 rc = sqlite3_prepare_v2(db, update_sql, -1, &stmt, NULL);
577 if (rc == SQLITE_OK) {
578 sqlite3_bind_int64(stmt, 1, (sqlite3_int64)now);
579 sqlite3_bind_text(stmt, 2, session->session_string, -1, SQLITE_STATIC);
580 sqlite3_step(stmt);
581 sqlite3_finalize(stmt);
582 }
583
584 // Set initiator_id if this is the first participant (for discovery mode tiebreaker)
585 bool is_first_participant = (session->current_participants == 0);
586 bool is_zero_initiator = true;
587 for (int i = 0; i < 16; i++) {
588 if (session->initiator_id[i] != 0) {
589 is_zero_initiator = false;
590 break;
591 }
592 }
593
594 if (is_first_participant || is_zero_initiator) {
595 const char *initiator_sql = "UPDATE sessions SET initiator_id = ? WHERE session_string = ?";
596 rc = sqlite3_prepare_v2(db, initiator_sql, -1, &stmt, NULL);
597 if (rc == SQLITE_OK) {
598 sqlite3_bind_blob(stmt, 1, participant_id, 16, SQLITE_STATIC);
599 sqlite3_bind_text(stmt, 2, session->session_string, -1, SQLITE_STATIC);
600 sqlite3_step(stmt);
601 sqlite3_finalize(stmt);
602 memcpy(session->initiator_id, participant_id, 16);
603 log_debug("Set initiator_id to new participant %02x%02x...", participant_id[0], participant_id[1]);
604 }
605 }
606
607 // Commit transaction
608 rc = sqlite3_exec(db, "COMMIT;", NULL, NULL, &err_msg);
609 if (rc != SQLITE_OK) {
610 log_error("Failed to commit transaction: %s", err_msg ? err_msg : "unknown");
611 sqlite3_free(err_msg);
612 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
613 session_entry_destroy(session);
614 return SET_ERRNO(ERROR_CONFIG, "Failed to commit transaction");
615 }
616
617 // Fill response
618 resp->success = 1;
619 resp->error_code = ACIP_ERROR_NONE;
620 memcpy(resp->participant_id, participant_id, 16);
621 memcpy(resp->session_id, session->session_id, 16);
622
623 // Discovery mode host negotiation fields
624 memcpy(resp->initiator_id, session->initiator_id, 16);
625 resp->host_established = session->host_established ? 1 : 0;
626 if (session->host_established) {
627 memcpy(resp->host_id, session->host_participant_id, 16);
628 }
629 // peer_count = current_participants (excluding self) that need to negotiate
630 resp->peer_count = session->current_participants; // Will be incremented after this returns
631
632 log_debug("SESSION_JOIN response: session_id=%02x%02x%02x%02x..., participant_id=%02x%02x%02x%02x..., "
633 "initiator=%02x%02x..., host_established=%d, peer_count=%d",
634 resp->session_id[0], resp->session_id[1], resp->session_id[2], resp->session_id[3], resp->participant_id[0],
635 resp->participant_id[1], resp->participant_id[2], resp->participant_id[3], resp->initiator_id[0],
636 resp->initiator_id[1], resp->host_established, resp->peer_count);
637
638 // IP disclosure logic
639 bool reveal_ip = false;
640 log_info("DATABASE_SESSION_JOIN: has_password=%d, expose_ip_publicly=%d, server_address='%s'", session->has_password,
641 session->expose_ip_publicly, session->server_address);
642 if (session->has_password) {
643 reveal_ip = true; // Password was verified
644 } else if (session->expose_ip_publicly) {
645 reveal_ip = true; // Explicit opt-in
646 }
647 log_info("DATABASE_SESSION_JOIN: reveal_ip=%d", reveal_ip);
648
649 if (reveal_ip) {
650 SAFE_STRNCPY(resp->server_address, session->server_address, sizeof(resp->server_address));
651 resp->server_port = session->server_port;
652 resp->session_type = session->session_type;
653
654 // Generate TURN credentials for WebRTC sessions
655 if (session->session_type == SESSION_TYPE_WEBRTC && config->turn_secret[0] != '\0') {
656 turn_credentials_t turn_creds;
657 asciichat_error_t turn_result =
658 turn_generate_credentials(session_string, config->turn_secret, 86400, &turn_creds);
659 if (turn_result == ASCIICHAT_OK) {
660 SAFE_STRNCPY(resp->turn_username, turn_creds.username, sizeof(resp->turn_username));
661 SAFE_STRNCPY(resp->turn_password, turn_creds.password, sizeof(resp->turn_password));
662 log_debug("Generated TURN credentials for session %s", session_string);
663 }
664 }
665
666 log_info("Participant joined session %s (participants=%d/%d, server=%s:%d, type=%s)", session_string,
667 session->current_participants + 1, session->max_participants, resp->server_address, resp->server_port,
668 session->session_type == SESSION_TYPE_WEBRTC ? "WebRTC" : "DirectTCP");
669 } else {
670 log_info("Participant joined session %s (participants=%d/%d, IP WITHHELD)", session_string,
671 session->current_participants + 1, session->max_participants);
672 }
673
674 session_entry_destroy(session);
675 return ASCIICHAT_OK;
676}
677
678asciichat_error_t database_session_leave(sqlite3 *db, const uint8_t session_id[16], const uint8_t participant_id[16]) {
679 if (!db || !session_id || !participant_id) {
680 return SET_ERRNO(ERROR_INVALID_PARAM, "db, session_id, or participant_id is NULL");
681 }
682
683 // Look up session_string from session_id
684 char session_string[SESSION_STRING_BUFFER_SIZE] = {0};
685 const char *lookup_sql = "SELECT session_string FROM sessions WHERE session_id = ?";
686 sqlite3_stmt *stmt = NULL;
687 int rc = sqlite3_prepare_v2(db, lookup_sql, -1, &stmt, NULL);
688 if (rc != SQLITE_OK) {
689 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare session lookup: %s", sqlite3_errmsg(db));
690 }
691
692 sqlite3_bind_blob(stmt, 1, session_id, 16, SQLITE_STATIC);
693 rc = sqlite3_step(stmt);
694 if (rc != SQLITE_ROW) {
695 sqlite3_finalize(stmt);
696 return SET_ERRNO(ERROR_INVALID_STATE, "Session not found");
697 }
698
699 const char *str = (const char *)sqlite3_column_text(stmt, 0);
700 if (str) {
701 SAFE_STRNCPY(session_string, str, sizeof(session_string));
702 }
703 sqlite3_finalize(stmt);
704
705 if (session_string[0] == '\0') {
706 return SET_ERRNO(ERROR_INVALID_STATE, "Session string is empty");
707 }
708
709 // Begin transaction
710 char *err_msg = NULL;
711 rc = sqlite3_exec(db, "BEGIN IMMEDIATE;", NULL, NULL, &err_msg);
712 if (rc != SQLITE_OK) {
713 log_error("Failed to begin transaction: %s", err_msg ? err_msg : "unknown");
714 sqlite3_free(err_msg);
715 return SET_ERRNO(ERROR_CONFIG, "Failed to begin transaction");
716 }
717
718 // Delete participant
719 const char *del_sql = "DELETE FROM participants WHERE participant_id = ? AND session_string = ?";
720 rc = sqlite3_prepare_v2(db, del_sql, -1, &stmt, NULL);
721 if (rc != SQLITE_OK) {
722 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
723 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare participant delete: %s", sqlite3_errmsg(db));
724 }
725
726 sqlite3_bind_blob(stmt, 1, participant_id, 16, SQLITE_STATIC);
727 sqlite3_bind_text(stmt, 2, session_string, -1, SQLITE_STATIC);
728 rc = sqlite3_step(stmt);
729 sqlite3_finalize(stmt);
730
731 if (rc != SQLITE_DONE) {
732 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
733 return SET_ERRNO(ERROR_CONFIG, "Failed to delete participant: %s", sqlite3_errmsg(db));
734 }
735
736 int changes = sqlite3_changes(db);
737 if (changes == 0) {
738 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
739 return SET_ERRNO(ERROR_INVALID_STATE, "Participant not in session");
740 }
741
742 uint64_t now = database_get_current_time_ms();
743
744 // Decrement participant count and update last activity
745 const char *update_sql = "UPDATE sessions SET current_participants = current_participants - 1, "
746 "last_activity_at = ? WHERE session_string = ? AND current_participants > 0";
747 rc = sqlite3_prepare_v2(db, update_sql, -1, &stmt, NULL);
748 if (rc == SQLITE_OK) {
749 sqlite3_bind_int64(stmt, 1, (sqlite3_int64)now);
750 sqlite3_bind_text(stmt, 2, session_string, -1, SQLITE_STATIC);
751 sqlite3_step(stmt);
752 sqlite3_finalize(stmt);
753 }
754
755 // Check if session is now empty and delete if so
756 const char *check_sql = "SELECT current_participants FROM sessions WHERE session_string = ?";
757 rc = sqlite3_prepare_v2(db, check_sql, -1, &stmt, NULL);
758 if (rc == SQLITE_OK) {
759 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
760 if (sqlite3_step(stmt) == SQLITE_ROW) {
761 int count = sqlite3_column_int(stmt, 0);
762
763 if (count <= 0) {
764 log_info("Session %s has no participants, deleting", session_string);
765 sqlite3_finalize(stmt);
766
767 // Delete empty session
768 const char *del_session_sql = "DELETE FROM sessions WHERE session_string = ?";
769 rc = sqlite3_prepare_v2(db, del_session_sql, -1, &stmt, NULL);
770 if (rc == SQLITE_OK) {
771 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
772 sqlite3_step(stmt);
773 sqlite3_finalize(stmt);
774 }
775 stmt = NULL;
776 } else {
777 log_info("Participant left session %s (participants=%d remaining)", session_string, count);
778 }
779 }
780 if (stmt) {
781 sqlite3_finalize(stmt);
782 }
783 }
784
785 // Commit transaction
786 rc = sqlite3_exec(db, "COMMIT;", NULL, NULL, &err_msg);
787 if (rc != SQLITE_OK) {
788 log_error("Failed to commit transaction: %s", err_msg ? err_msg : "unknown");
789 sqlite3_free(err_msg);
790 sqlite3_exec(db, "ROLLBACK;", NULL, NULL, NULL);
791 return SET_ERRNO(ERROR_CONFIG, "Failed to commit transaction");
792 }
793
794 return ASCIICHAT_OK;
795}
796
797session_entry_t *database_session_find_by_id(sqlite3 *db, const uint8_t session_id[16]) {
798 if (!db || !session_id) {
799 return NULL;
800 }
801
802 static const char sql[] = SELECT_SESSION_BASE " WHERE session_id = ?";
803
804 sqlite3_stmt *stmt = NULL;
805 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
806 return NULL;
807 }
808
809 sqlite3_bind_blob(stmt, 1, session_id, 16, SQLITE_STATIC);
810
811 session_entry_t *session = NULL;
812 if (sqlite3_step(stmt) == SQLITE_ROW) {
813 session = load_session_from_row(stmt);
814 if (session) {
815 load_session_participants(db, session);
816 }
817 }
818
819 sqlite3_finalize(stmt);
820 return session;
821}
822
823session_entry_t *database_session_find_by_string(sqlite3 *db, const char *session_string) {
824 if (!db || !session_string) {
825 return NULL;
826 }
827
828 static const char sql[] = SELECT_SESSION_BASE " WHERE session_string = ?";
829
830 sqlite3_stmt *stmt = NULL;
831 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
832 return NULL;
833 }
834
835 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
836
837 session_entry_t *session = NULL;
838 if (sqlite3_step(stmt) == SQLITE_ROW) {
839 session = load_session_from_row(stmt);
840 if (session) {
841 load_session_participants(db, session);
842 }
843 }
844
845 sqlite3_finalize(stmt);
846 return session;
847}
848
849void database_session_cleanup_expired(sqlite3 *db) {
850 if (!db) {
851 return;
852 }
853
854 uint64_t now = database_get_current_time_ms();
855 // 3 hours in milliseconds
856 uint64_t inactivity_threshold = 3ULL * SEC_PER_HOUR * MS_PER_SEC_INT;
857 uint64_t cutoff_time = now - inactivity_threshold;
858
859 // Log sessions about to be deleted
860 const char *log_sql = "SELECT session_string, last_activity_at FROM sessions WHERE last_activity_at < ?";
861 sqlite3_stmt *stmt = NULL;
862 if (sqlite3_prepare_v2(db, log_sql, -1, &stmt, NULL) == SQLITE_OK) {
863 sqlite3_bind_int64(stmt, 1, (sqlite3_int64)cutoff_time);
864 while (sqlite3_step(stmt) == SQLITE_ROW) {
865 const char *session_string = (const char *)sqlite3_column_text(stmt, 0);
866 uint64_t last_activity = (uint64_t)sqlite3_column_int64(stmt, 1);
867 uint64_t inactive_ms = now - last_activity;
868 uint64_t inactive_hours = inactive_ms / (SEC_PER_HOUR * MS_PER_SEC_INT);
869 log_info("Session %s inactive for %lu hours, deleting", session_string ? session_string : "<unknown>",
870 inactive_hours);
871 }
872 sqlite3_finalize(stmt);
873 }
874
875 // Delete inactive sessions (CASCADE deletes participants)
876 const char *del_sql = "DELETE FROM sessions WHERE last_activity_at < ?";
877 if (sqlite3_prepare_v2(db, del_sql, -1, &stmt, NULL) == SQLITE_OK) {
878 sqlite3_bind_int64(stmt, 1, (sqlite3_int64)cutoff_time);
879 sqlite3_step(stmt);
880 int deleted = sqlite3_changes(db);
881 sqlite3_finalize(stmt);
882
883 if (deleted > 0) {
884 log_info("Cleaned up %d inactive sessions (>3 hours)", deleted);
885 }
886 }
887}
888
889asciichat_error_t database_session_update_host(sqlite3 *db, const uint8_t session_id[16],
890 const uint8_t host_participant_id[16], const char *host_address,
891 uint16_t host_port, uint8_t connection_type) {
892 if (!db || !session_id || !host_participant_id) {
893 return SET_ERRNO(ERROR_INVALID_PARAM, "db, session_id, or host_participant_id is NULL");
894 }
895
896 uint64_t now = database_get_current_time_ms();
897
898 const char *sql = "UPDATE sessions SET "
899 "host_established = 1, "
900 "host_participant_id = ?, "
901 "host_address = ?, "
902 "host_port = ?, "
903 "host_connection_type = ?, "
904 "last_activity_at = ? "
905 "WHERE session_id = ?";
906
907 sqlite3_stmt *stmt = NULL;
908 int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
909 if (rc != SQLITE_OK) {
910 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare host update: %s", sqlite3_errmsg(db));
911 }
912
913 sqlite3_bind_blob(stmt, 1, host_participant_id, 16, SQLITE_STATIC);
914 sqlite3_bind_text(stmt, 2, host_address ? host_address : "", -1, SQLITE_STATIC);
915 sqlite3_bind_int(stmt, 3, host_port);
916 sqlite3_bind_int(stmt, 4, connection_type);
917 sqlite3_bind_int64(stmt, 5, (sqlite3_int64)now);
918 sqlite3_bind_blob(stmt, 6, session_id, 16, SQLITE_STATIC);
919
920 rc = sqlite3_step(stmt);
921 sqlite3_finalize(stmt);
922
923 if (rc != SQLITE_DONE) {
924 return SET_ERRNO(ERROR_CONFIG, "Failed to update host: %s", sqlite3_errmsg(db));
925 }
926
927 int changes = sqlite3_changes(db);
928 if (changes == 0) {
929 return SET_ERRNO(ERROR_INVALID_STATE, "Session not found for host update");
930 }
931
932 log_info("Session host updated: participant=%02x%02x..., address=%s:%u, type=%d", host_participant_id[0],
933 host_participant_id[1], host_address ? host_address : "(none)", host_port, connection_type);
934
935 return ASCIICHAT_OK;
936}
937
938asciichat_error_t database_session_clear_host(sqlite3 *db, const uint8_t session_id[16]) {
939 if (!db || !session_id) {
940 return SET_ERRNO(ERROR_INVALID_PARAM, "db or session_id is NULL");
941 }
942
943 const char *sql = "UPDATE sessions SET "
944 "host_established = 0, "
945 "host_participant_id = NULL, "
946 "host_address = NULL, "
947 "host_port = 0, "
948 "host_connection_type = 0 "
949 "WHERE session_id = ?";
950
951 sqlite3_stmt *stmt = NULL;
952 int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
953 if (rc != SQLITE_OK) {
954 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare host clear: %s", sqlite3_errmsg(db));
955 }
956
957 sqlite3_bind_blob(stmt, 1, session_id, 16, SQLITE_STATIC);
958
959 rc = sqlite3_step(stmt);
960 sqlite3_finalize(stmt);
961
962 if (rc != SQLITE_DONE) {
963 return SET_ERRNO(ERROR_CONFIG, "Failed to clear host: %s", sqlite3_errmsg(db));
964 }
965
966 int changes = sqlite3_changes(db);
967 if (changes == 0) {
968 return SET_ERRNO(ERROR_INVALID_STATE, "Session not found for host clear");
969 }
970
971 log_info("Session host cleared (session=%02x%02x...) - ready for migration", session_id[0], session_id[1]);
972
973 return ASCIICHAT_OK;
974}
975
976asciichat_error_t database_session_start_migration(sqlite3 *db, const uint8_t session_id[16]) {
977 if (!db || !session_id) {
978 return SET_ERRNO(ERROR_INVALID_PARAM, "db or session_id is NULL");
979 }
980
981 uint64_t now_ns = time_get_realtime_ns();
982
983 const char *sql = "UPDATE sessions SET "
984 "in_migration = 1, "
985 "migration_start_ns = ? "
986 "WHERE session_id = ?";
987
988 sqlite3_stmt *stmt = NULL;
989 int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
990 if (rc != SQLITE_OK) {
991 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare migration start: %s", sqlite3_errmsg(db));
992 }
993
994 sqlite3_bind_int64(stmt, 1, (sqlite3_int64)now_ns);
995 sqlite3_bind_blob(stmt, 2, session_id, 16, SQLITE_STATIC);
996
997 rc = sqlite3_step(stmt);
998 sqlite3_finalize(stmt);
999
1000 if (rc != SQLITE_DONE) {
1001 return SET_ERRNO(ERROR_CONFIG, "Failed to start migration: %s", sqlite3_errmsg(db));
1002 }
1003
1004 int changes = sqlite3_changes(db);
1005 if (changes == 0) {
1006 return SET_ERRNO(ERROR_INVALID_STATE, "Session not found for migration start");
1007 }
1008
1009 log_info("Session migration started (session=%02x%02x..., start_ns=%" PRIu64 ")", session_id[0], session_id[1],
1010 now_ns);
1011
1012 return ASCIICHAT_OK;
1013}
1014
1015bool database_session_is_migration_ready(sqlite3 *db, const uint8_t session_id[16], uint64_t migration_window_ms) {
1016 if (!db || !session_id) {
1017 return false;
1018 }
1019
1020 uint64_t now_ns = time_get_realtime_ns();
1021 const char *sql = "SELECT in_migration, migration_start_ns FROM sessions WHERE session_id = ?";
1022
1023 sqlite3_stmt *stmt = NULL;
1024 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
1025 return false;
1026 }
1027
1028 sqlite3_bind_blob(stmt, 1, session_id, 16, SQLITE_STATIC);
1029
1030 bool ready = false;
1031 if (sqlite3_step(stmt) == SQLITE_ROW) {
1032 int in_migration = sqlite3_column_int(stmt, 0);
1033 uint64_t migration_start_ns = (uint64_t)sqlite3_column_int64(stmt, 1);
1034
1035 if (in_migration) {
1036 uint64_t elapsed_ns = now_ns - migration_start_ns;
1037 uint64_t migration_window_ns = migration_window_ms * NS_PER_MS_INT;
1038 if (elapsed_ns >= migration_window_ns) {
1039 ready = true;
1040 log_debug("Migration window complete (session=%02x%02x..., elapsed=%lu ns, window=%lu ns)", session_id[0],
1041 session_id[1], elapsed_ns, migration_window_ns);
1042 }
1043 }
1044 }
1045
1046 sqlite3_finalize(stmt);
1047 return ready;
1048}
1049
1050// ============================================================================
1051// Multi-Key Management Functions
1052// ============================================================================
1053
1054asciichat_error_t database_session_add_key(sqlite3 *db, const char *session_string, const uint8_t identity_pubkey[32],
1055 uint32_t key_version) {
1056 if (!db || !session_string || !identity_pubkey) {
1057 return SET_ERRNO(ERROR_INVALID_PARAM, "Invalid parameters for add_key");
1058 }
1059
1060 const char *sql = "INSERT OR IGNORE INTO session_keys (session_string, identity_pubkey, key_version, added_at) "
1061 "VALUES (?, ?, ?, ?)";
1062
1063 sqlite3_stmt *stmt = NULL;
1064 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
1065 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare add_key statement: %s", sqlite3_errmsg(db));
1066 }
1067
1068 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
1069 sqlite3_bind_blob(stmt, 2, identity_pubkey, 32, SQLITE_STATIC);
1070 sqlite3_bind_int(stmt, 3, key_version);
1071 sqlite3_bind_int64(stmt, 4, database_get_current_time_ms());
1072
1073 int rc = sqlite3_step(stmt);
1074 sqlite3_finalize(stmt);
1075
1076 if (rc != SQLITE_DONE) {
1077 return SET_ERRNO(ERROR_CONFIG, "Failed to add session key: %s", sqlite3_errmsg(db));
1078 }
1079
1080 log_debug("Added key to session %s (version=%u)", session_string, key_version);
1081 return ASCIICHAT_OK;
1082}
1083
1084asciichat_error_t database_session_revoke_key(sqlite3 *db, const char *session_string,
1085 const uint8_t identity_pubkey[32]) {
1086 if (!db || !session_string || !identity_pubkey) {
1087 return SET_ERRNO(ERROR_INVALID_PARAM, "Invalid parameters for revoke_key");
1088 }
1089
1090 const char *sql = "UPDATE session_keys SET revoked = 1 WHERE session_string = ? AND identity_pubkey = ?";
1091
1092 sqlite3_stmt *stmt = NULL;
1093 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
1094 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare revoke_key statement: %s", sqlite3_errmsg(db));
1095 }
1096
1097 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
1098 sqlite3_bind_blob(stmt, 2, identity_pubkey, 32, SQLITE_STATIC);
1099
1100 int rc = sqlite3_step(stmt);
1101 sqlite3_finalize(stmt);
1102
1103 if (rc != SQLITE_DONE) {
1104 return SET_ERRNO(ERROR_CONFIG, "Failed to revoke session key: %s", sqlite3_errmsg(db));
1105 }
1106
1107 log_debug("Revoked key from session %s", session_string);
1108 return ASCIICHAT_OK;
1109}
1110
1111bool database_session_verify_key(sqlite3 *db, const char *session_string, const uint8_t identity_pubkey[32]) {
1112 if (!db || !session_string || !identity_pubkey) {
1113 return false;
1114 }
1115
1116 const char *sql = "SELECT 1 FROM session_keys WHERE session_string = ? AND identity_pubkey = ? AND revoked = 0";
1117
1118 sqlite3_stmt *stmt = NULL;
1119 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
1120 return false;
1121 }
1122
1123 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
1124 sqlite3_bind_blob(stmt, 2, identity_pubkey, 32, SQLITE_STATIC);
1125
1126 bool valid = (sqlite3_step(stmt) == SQLITE_ROW);
1127 sqlite3_finalize(stmt);
1128
1129 return valid;
1130}
1131
1132asciichat_error_t database_session_get_keys(sqlite3 *db, const char *session_string, uint8_t (*keys_out)[32],
1133 size_t max_keys, size_t *count_out) {
1134 if (!db || !session_string || !keys_out || !count_out) {
1135 return SET_ERRNO(ERROR_INVALID_PARAM, "Invalid parameters for get_keys");
1136 }
1137
1138 const char *sql = "SELECT identity_pubkey FROM session_keys WHERE session_string = ? AND revoked = 0 "
1139 "ORDER BY key_version ASC";
1140
1141 sqlite3_stmt *stmt = NULL;
1142 if (sqlite3_prepare_v2(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
1143 return SET_ERRNO(ERROR_CONFIG, "Failed to prepare get_keys statement: %s", sqlite3_errmsg(db));
1144 }
1145
1146 sqlite3_bind_text(stmt, 1, session_string, -1, SQLITE_STATIC);
1147
1148 size_t count = 0;
1149 while (sqlite3_step(stmt) == SQLITE_ROW && count < max_keys) {
1150 const void *blob = sqlite3_column_blob(stmt, 0);
1151 if (blob && sqlite3_column_bytes(stmt, 0) == 32) {
1152 memcpy(keys_out[count], blob, 32);
1153 count++;
1154 }
1155 }
1156
1157 sqlite3_finalize(stmt);
1158 *count_out = count;
1159
1160 log_debug("Retrieved %zu keys for session %s", count, session_string);
1161 return ASCIICHAT_OK;
1162}
valid
bool valid
Definition asciichat_errno.c:66
database_session_update_host
asciichat_error_t database_session_update_host(sqlite3 *db, const uint8_t session_id[16], const uint8_t host_participant_id[16], const char *host_address, uint16_t host_port, uint8_t connection_type)
Definition discovery/database.c:889
database_session_clear_host
asciichat_error_t database_session_clear_host(sqlite3 *db, const uint8_t session_id[16])
Definition discovery/database.c:938
database_session_lookup
asciichat_error_t database_session_lookup(sqlite3 *db, const char *session_string, const acds_config_t *config, acip_session_info_t *resp)
Definition discovery/database.c:420
database_session_add_key
asciichat_error_t database_session_add_key(sqlite3 *db, const char *session_string, const uint8_t identity_pubkey[32], uint32_t key_version)
Definition discovery/database.c:1054
database_session_join
asciichat_error_t database_session_join(sqlite3 *db, const acip_session_join_t *req, const acds_config_t *config, acip_session_joined_t *resp)
Definition discovery/database.c:482
database_session_start_migration
asciichat_error_t database_session_start_migration(sqlite3 *db, const uint8_t session_id[16])
Definition discovery/database.c:976
database_session_leave
asciichat_error_t database_session_leave(sqlite3 *db, const uint8_t session_id[16], const uint8_t participant_id[16])
Definition discovery/database.c:678
database_close
void database_close(sqlite3 *db)
Definition discovery/database.c:310
database_session_find_by_id
session_entry_t * database_session_find_by_id(sqlite3 *db, const uint8_t session_id[16])
Definition discovery/database.c:797
SELECT_SESSION_BASE
#define SELECT_SESSION_BASE
Definition discovery/database.c:25
database_session_find_by_string
session_entry_t * database_session_find_by_string(sqlite3 *db, const char *session_string)
Definition discovery/database.c:823
database_session_is_migration_ready
bool database_session_is_migration_ready(sqlite3 *db, const uint8_t session_id[16], uint64_t migration_window_ms)
Definition discovery/database.c:1015
database_session_create
asciichat_error_t database_session_create(sqlite3 *db, const acip_session_create_t *req, const acds_config_t *config, acip_session_created_t *resp)
Definition discovery/database.c:322
database_session_get_keys
asciichat_error_t database_session_get_keys(sqlite3 *db, const char *session_string, uint8_t(*keys_out)[32], size_t max_keys, size_t *count_out)
Definition discovery/database.c:1132
database_init
asciichat_error_t database_init(const char *db_path, sqlite3 **db)
Definition discovery/database.c:263
database_session_verify_key
bool database_session_verify_key(sqlite3 *db, const char *session_string, const uint8_t identity_pubkey[32])
Definition discovery/database.c:1111
database_session_revoke_key
asciichat_error_t database_session_revoke_key(sqlite3 *db, const char *session_string, const uint8_t identity_pubkey[32])
Definition discovery/database.c:1084
database_session_cleanup_expired
void database_session_cleanup_expired(sqlite3 *db)
Definition discovery/database.c:849
is_session_string
bool is_session_string(const char *str)
Definition discovery/strings.c:221
acds_string_generate
asciichat_error_t acds_string_generate(char *output, size_t output_size)
Definition discovery/strings.c:192
session_entry_destroy
void session_entry_destroy(session_entry_t *entry)
Free a session entry and all its resources.
Definition lib/discovery/session.c:15
MAX_PARTICIPANTS
#define MAX_PARTICIPANTS
Definition session.h:33
session_id
uint8_t session_id[16]
Definition src/client/webrtc.c:62
participant_id
uint8_t participant_id[16]
Definition src/client/webrtc.c:63
acds_config_t
Discovery server configuration.
Definition discovery-service/main.h:71
acds_config_t::require_server_verify
bool require_server_verify
ACDS policy: require servers to verify client identity during handshake.
Definition discovery-service/main.h:81
acds_config_t::turn_count
uint8_t turn_count
Number of configured TURN servers (0-4)
Definition discovery-service/main.h:87
acds_config_t::turn_secret
char turn_secret[256]
Shared secret for TURN credential generation (HMAC-SHA1)
Definition discovery-service/main.h:89
acds_config_t::stun_count
uint8_t stun_count
Number of configured STUN servers (0-4)
Definition discovery-service/main.h:85
acds_config_t::require_client_verify
bool require_client_verify
ACDS policy: require clients to verify server identity during handshake.
Definition discovery-service/main.h:82
turn_generate_credentials
asciichat_error_t turn_generate_credentials(const char *session_id, const char *secret, uint32_t validity_seconds, turn_credentials_t *out_credentials)
Definition turn_credentials.c:142
time_get_realtime_ns
uint64_t time_get_realtime_ns(void)
Definition util/time.c:59