🚧 wip: BYOK implement

.eslintrc.json

@@ -23,14 +23,17 @@
     "plugin:tailwindcss/recommended"
   ],
   "rules": {
+    "react/react-in-jsx-scope": "off",
+    "react/jsx-uses-react": "off",
     "tailwindcss/classnames-order": [
       "warn",
       {
         "officialSorting": true
       }
     ],
     "implicit-arrow-linebreak": "off",
-    "operator-linebreak": "off"
+    "operator-linebreak": "off",
+    "no-nested-ternary": "off"
   },
   "settings": {
     "react": {

.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

apps/backend/envoy-dev.yaml

@@ -77,5 +77,5 @@ static_resources:
               - endpoint:
                   address:
                     socket_address:
-                      address: 172.29.64.1
+                      address: 127.0.0.1
                       port_value: 52345

apps/backend/package.json

@@ -13,13 +13,12 @@
   },
   "dependencies": {
     "@grpc/grpc-js": "^1.11.3",
-    "@keyv/sqlite": "^4.0.1",
     "@packages/grpc": "workspace:^",
     "@types/apple-music-api": "^0.4.4",
-    "cache-manager": "^6.1.0",
+    "better-sqlite3": "^11.3.0",
     "es-toolkit": "^1.23.0",
-    "jose": "^5.9.3",
-    "keyv": "^5.0.3",
+    "jose": "^5.9.4",
+    "knex": "^3.1.0",
     "tslog": "^4.9.3"
   },
   "devDependencies": {

apps/backend/src/index.ts

@@ -1,25 +1,10 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
 import { ILogObj, Logger } from 'tslog';
 import * as grpc from '@grpc/grpc-js';
 
 import { SearchService } from './services/search.service';
+import { ByokService } from './services/byok.service';
+
+import DatabaseUtil from './utils/db.util';
 
 try {
   process.loadEnvFile('.env');
@@ -32,8 +17,11 @@ const logger: Logger<ILogObj> = new Logger({
 
 const server = new grpc.Server();
 server.addService(SearchService.definition, new SearchService());
+server.addService(ByokService.definition, new ByokService());
 
 if (require.main === module) {
+  new DatabaseUtil().init();
+
   server.bindAsync(
     '0.0.0.0:52345',
     grpc.ServerCredentials.createInsecure(),

apps/backend/src/services/byok.service.ts

@@ -0,0 +1,178 @@
+import * as grpc from '@grpc/grpc-js';
+
+import { ILogObj, Logger } from 'tslog';
+
+import {
+  ByokQuery,
+  ByokResult,
+  ByokEncResult,
+  ByokEncJwk,
+  UnimplementedByokService,
+} from '@packages/grpc/__generated__/am2mxm-api';
+import { Empty } from '@packages/grpc/__generated__/google/protobuf/empty';
+
+import DatabaseUtil from '../utils/db.util';
+import { requestToMxm } from '../utils/request.util';
+import { decryptByokKey, getNewKeyPair } from '../utils/byokKey.util';
+
+import { isNilOrBlank } from '../utils/es-toolkit-inspired/isNilOrBlank';
+
+import { BadRequestError } from '../exceptions/BadRequest.exception';
+
+import { EMxmUrlType } from '../types/mxmUrl.type';
+
+const logger: Logger<ILogObj> = new Logger({
+  name: 'lunaiz.am2mxm.api.v1.Byok',
+  type: 'pretty',
+});
+
+const database = new DatabaseUtil();
+
+export class ByokService extends UnimplementedByokService {
+  // eslint-disable-next-line class-methods-use-this
+  async getEncPublicKey(
+    _: grpc.ServerUnaryCall<Empty, ByokEncResult>,
+    callback: grpc.sendUnaryData<ByokEncResult>,
+  ): Promise<void> {
+    try {
+      // Get RSA Public Key for encrypt of BYOK key
+
+      const knex = database.connection;
+      const { sessionKey, publicKey } = await getNewKeyPair(knex);
+
+      return callback(
+        null,
+        new ByokEncResult({
+          session_key: sessionKey,
+          public_key: new ByokEncJwk({
+            ...(await crypto.subtle.exportKey('jwk', publicKey)),
+          }),
+        }),
+      );
+    } catch (error) {
+      logger.error(error);
+
+      if (error instanceof BadRequestError) {
+        return callback({
+          code: grpc.status.INVALID_ARGUMENT,
+          details: error.message,
+        } as grpc.ServiceError);
+      }
+
+      return callback({
+        code: grpc.status.INTERNAL,
+        details: (error as Error).message || 'Internal Server Error',
+      } as grpc.ServiceError);
+    }
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  async checkMxMKeyValidity(
+    call: grpc.ServerUnaryCall<ByokQuery, ByokResult>,
+    callback: grpc.sendUnaryData<ByokResult>,
+  ): Promise<void> {
+    try {
+      // Validate Musixmatch BYOK key
+      const knex = database.connection;
+
+      if (isNilOrBlank(call.request.session_key)) {
+        throw new BadRequestError(
+          'Request missing required field: session_key',
+        );
+      }
+
+      if (isNilOrBlank(call.request.byok_key)) {
+        throw new BadRequestError('Request missing required field: byok_key');
+      }
+
+      const byokKey = await decryptByokKey(
+        call.request.session_key,
+        call.request.byok_key,
+        knex,
+      );
+
+      if (!byokKey) {
+        return callback(null, new ByokResult({ valid: false }));
+      }
+
+      const r = await requestToMxm(
+        {
+          type: EMxmUrlType.TRACK,
+          isrc: 'GBARL9300135', // Never gonna give you up
+        },
+        byokKey,
+      );
+
+      return callback(null, new ByokResult({ valid: r.ok }));
+    } catch (error) {
+      logger.error(error);
+
+      if (error instanceof BadRequestError) {
+        return callback({
+          code: grpc.status.INVALID_ARGUMENT,
+          details: error.message,
+        } as grpc.ServiceError);
+      }
+
+      return callback({
+        code: grpc.status.INTERNAL,
+        details: (error as Error).message || 'Internal Server Error',
+      } as grpc.ServiceError);
+    }
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  async checkAMKeyValidity(
+    call: grpc.ServerUnaryCall<ByokQuery, ByokResult>,
+    callback: grpc.sendUnaryData<ByokResult>,
+  ): Promise<void> {
+    try {
+      // Validate Apple Music BYOK key
+      const knex = database.connection;
+
+      if (isNilOrBlank(call.request.session_key)) {
+        throw new BadRequestError(
+          'Request missing required field: session_key',
+        );
+      }
+
+      if (isNilOrBlank(call.request.byok_key)) {
+        throw new BadRequestError('Request missing required field: byok_key');
+      }
+
+      const byokKey = await decryptByokKey(
+        call.request.session_key,
+        call.request.byok_key,
+        knex,
+      );
+
+      if (!byokKey) {
+        return callback(null, new ByokResult({ valid: false }));
+      }
+
+      const r = await fetch('https://api.music.apple.com/v1/test', {
+        headers: {
+          Authorization: `Bearer ${byokKey}`,
+        },
+      });
+
+      return callback(null, new ByokResult({ valid: r.ok }));
+    } catch (error) {
+      logger.error(error);
+
+      if (error instanceof BadRequestError) {
+        return callback({
+          code: grpc.status.INVALID_ARGUMENT,
+          details: error.message,
+        } as grpc.ServiceError);
+      }
+
+      return callback({
+        code: grpc.status.INTERNAL,
+        details: (error as Error).message || 'Internal Server Error',
+      } as grpc.ServiceError);
+    }
+  }
+}
+
+export default ByokService;