mastodon · xgess · Dec 27, 2018 · Dec 27, 2018 · Dec 28, 2018 · Jan 8, 2019
diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb
@@ -27,6 +27,7 @@ class SettingsController < BaseController
       preview_sensitive_media
       custom_css
       profile_directory
+      keybase_contacts
     ).freeze
 
     BOOLEAN_SETTINGS = %w(

diff --git a/app/controllers/api/v1/keybase_proofs_controller.rb b/app/controllers/api/v1/keybase_proofs_controller.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Api::V1::KeybaseProofsController < Api::BaseController
+  respond_to :json
+
+  def index
+    @account = Account.find_local!(params[:username])
+    kb_proofs = AccountIdentityProof.keybase.where(account_id: @account.id)
+
+    render json: @account, serializer: REST::KeybaseUserSerializer, proofs: kb_proofs
+  end
+end
diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+class Settings::IdentityProofsController < Settings::BaseController
+  layout 'admin'
+  before_action :authenticate_user!
+
+  def index
+    @proofs = AccountIdentityProof.where(account: current_account).order(provider: :asc, provider_username: :asc)
+    @proofs.each(&:update_liveness)
+  end
+
+  def new
+    return redirect_to settings_identity_proofs_path unless all_new_params_present?
+
+    @proof = AccountIdentityProof.new(
+      account: current_account,
+      token: params[:token],
+      provider: params[:provider],
+      provider_username: params[:provider_username]
+    )
+  end
+
+  def create
+    @proof = AccountIdentityProof.where(
+      account: current_account,
+      provider: create_params[:provider],
+      provider_username: create_params[:provider_username]
+    ).first_or_initialize
+    @proof.token = create_params[:token]
+    if @proof.save_if_valid_remotely
+      KeybaseProofWorker.perform_async(@proof.id) if @proof.keybase?
+      success_url = @proof.success_redirect(params[:useragent])
+      redirect_to Addressable::URI.parse(success_url).normalize.to_s
+    else
+      flash[:alert] = I18n.t('account_identity_proofs.notices.failed', provider: @proof.provider)
+      redirect_to settings_identity_proofs_path
+    end
+  end
+
+  private
+
+  def all_new_params_present?
+    [:provider, :provider_username, :token].all? { |k| params[k].present? }
+  end
+
+  def create_params
+    params.require(:account_identity_proof).permit(:provider, :provider_username, :token)
+  end
+end
diff --git a/app/controllers/well_known/keybase_proof_config_controller.rb b/app/controllers/well_known/keybase_proof_config_controller.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module WellKnown
+  class KeybaseProofConfigController < ActionController::Base
+    def show
+      render json: {}, serializer: KeybaseConfigSerializer
+    end
+  end
+end
diff --git a/app/helpers/settings_helper.rb b/app/helpers/settings_helper.rb
@@ -64,6 +64,23 @@ def human_locale(locale)
     HUMAN_LOCALES[locale]
   end
 
+  def identity_proof_providers
+    AccountIdentityProof::PROVIDER_MAP.values
+  end
+
+  def identity_proof_my_domain
+    ExternalProofService.my_domain
+  end
+
+  def default_provider_pic_url(provider)
+    case provider
+    when AccountIdentityProof::PROVIDER_MAP[:keybase]
+      '/keybase-logo-100@2x.png'
+    else
+      full_asset_url('/avatars/original/missing.png')
+    end
+  end
+
   def filterable_languages
     LanguageDetector.instance.language_names.select(&HUMAN_LOCALES.method(:key?))
   end

diff --git a/app/javascript/styles/mastodon/admin.scss b/app/javascript/styles/mastodon/admin.scss
@@ -222,6 +222,115 @@ $content-width: 840px;
     }
   }
 
+  .identity_proofs {
+    p {
+      font-size: 14px;
+    }
+
+    table {
+      margin: 20px 0;
+
+      td {
+        vertical-align: middle;
+
+        &.account {
+          border-bottom: 0;
+
+          a {
+            align-items: center;
+            color: $primary-text-color;
+            display: flex;
+            flex-direction: row;
+            text-decoration: none;
+
+            &:hover,
+            &:active,
+            &:focus {
+              text-decoration: underline;
+            }
+          }
+        }
+
+        &.proof a {
+          color: $darker-text-color;
+
+          &:hover,
+          &:active,
+          &:focus {
+            color: lighten($darker-text-color, 10%);
+          }
+        }
+      }
+
+      .account__avatar {
+        margin-bottom: 0;
+        margin-right: 8px;
+      }
+
+      .inactive {
+        color: $error-red;
+      }
+
+      .proof {
+        text-align: center;
+      }
+
+      .active {
+        color: $success-green;
+      }
+    }
+
+    .account__avatar {
+      margin-bottom: 1.2em;
+    }
+
+    .fa-link {
+      background-color: darken($ui-base-color, 5%);
+      border-radius: 100%;
+      font-size: 24px;
+      padding: 1em;
+    }
+
+    .column {
+      align-items: center;
+      display: flex;
+      flex: 1;
+      flex-direction: column;
+      flex-shrink: 1;
+
+      &-2 {
+        flex-grow: 0;
+        overflow: visible;
+        position: relative;
+        z-index: 1;
+      }
+    }
+
+    .connection {
+      background-color: $classic-base-color;
+      border-radius: 4px;
+      padding: 1em;
+      position: relative;
+      text-align: center;
+
+      &::after {
+        background-color: darken($ui-base-color, 5%);
+        content: '';
+        display: block;
+        height: 100%;
+        left: 50%;
+        position: absolute;
+        width: 1px;
+      }
+    }
+
+    .row {
+      align-items: center;
+      display: flex;
+      flex-direction: row;
+    }
+  }
+
   @media screen and (max-width: $no-columns-breakpoint) {
     display: block;
     overflow-y: auto;

diff --git a/app/javascript/styles/mastodon/containers.scss b/app/javascript/styles/mastodon/containers.scss
@@ -723,6 +723,20 @@
 
       a {
         color: lighten($ui-highlight-color, 8%);
+
+        &.provider_username {
+          position: relative;
+          top: -7px;
+        }
+
+        &.proof {
+          color: $darker-text-color;
+          display: block;
+          font-size: 12px;
+          position: relative;
+          text-transform: lowercase;
+          top: -11px;
+        }
       }
 
       dl:first-child .verified {

diff --git a/app/lib/keybase_proof.rb b/app/lib/keybase_proof.rb
@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module Keybase
+  class ResponseDataError < StandardError; end
+  class ExpectedProofLiveError < ResponseDataError; end
+
+  class Proof
+    def initialize(account_identity_proof, username = nil)
+      @kb_username = account_identity_proof.provider_username
+      @token = account_identity_proof.token
+      @account_identity_proof = account_identity_proof
+      @domain = ExternalProofService.my_domain
+      @base_url = ExternalProofService::Keybase.base_url
+      @_local_username = username
+    end
+
+    def local_username
+      # performance optimization: allow initializing with this
+      # value to prevent this additional query from running
+      @_local_username ||= @account_identity_proof.account.username
+    end
+
+    def valid?
+      get_from_keybase(
+        endpoint: '/_/api/1.0/sig/proof_valid.json',
+        query_params: to_keybase_params
+      ).fetch(:proof_valid)
+    rescue KeyError, NoMethodError, HTTP::Error
+      false
+    end
+
+    def remote_status
+      result = get_from_keybase(
+        endpoint: '/_/api/1.0/sig/proof_live.json',
+        query_params: to_keybase_params
+      )
+      { proof_valid: result.fetch(:proof_valid), proof_live: result.fetch(:proof_live) }
+    rescue KeyError, NoMethodError, HTTP::Error => e
+      raise Keybase::ResponseDataError, e.message
+    end
+
+    def profile_pic_url
+      get_from_keybase(
+        endpoint: '/_/api/1.0/user/pic_url.json',
+        query_params: { username: @kb_username }
+      ).fetch(:pic_url)
+    rescue KeyError, NoMethodError, HTTP::Error
+      nil
+    end
+
+    def success_redirect_url(useragent)
+      useragent ||= 'unknown'
+      params = to_keybase_params
+      params[:kb_ua] = useragent
+      build_url('/_/proof_creation_success', params)
+    end
+
+    def badge_pic_url
+      params = { domain: @domain, username: local_username }
+      build_url("/#{@kb_username}/proof_badge/#{@token}", params)
+    end
+
+    def sigchain_url
+      build_url("/#{@kb_username}/sigchain\##{@token}", {})
+    end
+
+    def profile_url
+      build_url("/#{@kb_username}", {})
+    end
+
+    private
+
+    def to_keybase_params
+      {
+        domain: @domain,
+        kb_username: @kb_username,
+        username: local_username,
+        sig_hash: @token,
+      }
+    end
+
+    def get_from_keybase(endpoint:, query_params:)
+      Request.new(:get, build_url(endpoint, query_params)).perform do |response|
+        JSON.parse(response.body, symbolize_names: true)
+      end
+    end
+
+    def build_url(endpoint, query_params)
+      uri = Addressable::URI.parse(@base_url + endpoint)
+      uri.query_values = query_params
+      uri.to_s
+    end
+  end
+end