Pre-0.7.0 fixes

autoload-phpunit.php

@@ -59,11 +59,17 @@ function tableExists(EasyDB $db, string $tableName): bool
             mkdir(__DIR__ . '/tmp/db/', 0777, true);
         }
         $temp = __DIR__ . '/tmp/db/' . sodium_bin2hex(random_bytes(16)) . '-test.db';
-        $pkdConfig->withDatabase(new EasyDBCache(new PDO('sqlite:' . $temp)));
+        $mainPDO = new PDO('sqlite:' . $temp);
+        $mainPDO->exec('PRAGMA jounral_mode=WAL');
+        $mainPDO->exec('PRAGMA busy_timeout=5000');
+        $pkdConfig->withDatabase(new EasyDBCache($mainPDO));
         chmod($temp, 0777);
 
         // Create second DB connection for testing concurrency
-        $GLOBALS['PKD_PHPUNIT_DB'] = new EasyDBCache(new PDO('sqlite:' . $temp));
+        $secondPDO = new PDO('sqlite:' . $temp);
+        $secondPDO->exec('PRAGMA jounral_mode=WAL');
+        $secondPDO->exec('PRAGMA busy_timeout=5000');
+        $GLOBALS['PKD_PHPUNIT_DB'] = new EasyDBCache($secondPDO);
 
         // Call cleanup-test-db.php to cleanup test file after phpunit is finished.
         if (getenv('AUTO_CLEANUP_TEST_DB')) {

config/hpke.php

@@ -49,5 +49,6 @@
         'encaps-key' =>
             Base64UrlSafe::encodeUnpadded($encapsKey->bytes),
     ], JSON_PRETTY_PRINT));
+    chmod(__DIR__ . '/hpke.json', 0600);
 }
 return new HPKE($hpke, $decapsKey, $encapsKey);

docs/reference/classes/meta.md

@@ -28,10 +28,11 @@ Server configuration parameters
 | `$hostname` | `string` | (readonly)  |
 | `$cacheKey` | `string` | (readonly)  |
 | `$httpCacheTtl` | `int` | (readonly)  |
+| `$serverAllowsBurnDown` | `bool` | (readonly)  |
 
 ### Methods
 
-#### [`__construct`](../../../src/Meta/Params.php#L19-L45)
+#### [`__construct`](../../../src/Meta/Params.php#L19-L46)
 
 Returns `void`
 
@@ -45,34 +46,39 @@ These parameters MUST be public and MUST have a default value
 - `$hostname`: `string` = 'localhost'
 - `$cacheKey`: `string` = ''
 - `$httpCacheTtl`: `int` = 60
+- `$serverAllowsBurnDown`: `bool` = true
 
 **Throws:** `DependencyException`
 
-#### [`getActorUsername`](../../../src/Meta/Params.php#L47-L50)
+#### [`getActorUsername`](../../../src/Meta/Params.php#L48-L51)
 
 Returns `string`
 
-#### [`getCacheKey`](../../../src/Meta/Params.php#L52-L55)
+#### [`getBurnDownEnabled`](../../../src/Meta/Params.php#L53-L56)
+
+Returns `bool`
+
+#### [`getCacheKey`](../../../src/Meta/Params.php#L58-L61)
 
 Returns `string`
 
-#### [`getHashFunction`](../../../src/Meta/Params.php#L57-L60)
+#### [`getHashFunction`](../../../src/Meta/Params.php#L63-L66)
 
 Returns `string`
 
-#### [`getHostname`](../../../src/Meta/Params.php#L62-L65)
+#### [`getHostname`](../../../src/Meta/Params.php#L68-L71)
 
 Returns `string`
 
-#### [`getHttpCacheTtl`](../../../src/Meta/Params.php#L67-L70)
+#### [`getHttpCacheTtl`](../../../src/Meta/Params.php#L73-L76)
 
 Returns `int`
 
-#### [`getOtpMaxLife`](../../../src/Meta/Params.php#L72-L75)
+#### [`getOtpMaxLife`](../../../src/Meta/Params.php#L78-L81)
 
 Returns `int`
 
-#### [`getEmptyTreeRoot`](../../../src/Meta/Params.php#L77-L80)
+#### [`getEmptyTreeRoot`](../../../src/Meta/Params.php#L83-L86)
 
 Returns `string`
 

docs/reference/classes/ratelimit.md

@@ -142,7 +142,7 @@ Returns `?DateTimeImmutable`
 
 **Throws:** `DateMalformedIntervalStringException`
 
-#### [`getIntervalFromFailureCount`](../../../src/RateLimit/DefaultRateLimiting.php#L249-L262)
+#### [`getIntervalFromFailureCount`](../../../src/RateLimit/DefaultRateLimiting.php#L249-L263)
 
 Returns `DateInterval`
 
@@ -152,7 +152,7 @@ Returns `DateInterval`
 
 **Throws:** `DateMalformedIntervalStringException`
 
-#### [`recordPenalty`](../../../src/RateLimit/DefaultRateLimiting.php#L268-L277)
+#### [`recordPenalty`](../../../src/RateLimit/DefaultRateLimiting.php#L269-L278)
 
 Returns `void`
 
@@ -165,7 +165,7 @@ Returns `void`
 
 **Throws:** `DateMalformedIntervalStringException`
 
-#### [`increaseFailures`](../../../src/RateLimit/DefaultRateLimiting.php#L282-L296)
+#### [`increaseFailures`](../../../src/RateLimit/DefaultRateLimiting.php#L283-L297)
 
 Returns `FediE2EE\PKDServer\RateLimit\RateLimitData`
 
@@ -235,15 +235,15 @@ Returns `string`
 
 - `$array`: `array`
 
-#### [`getRequestActor`](../../../src/RateLimit/DefaultRateLimiting.php#L155-L175)
+#### [`getRequestActor`](../../../src/RateLimit/DefaultRateLimiting.php#L155-L173)
 
 Returns `?string`
 
 **Parameters:**
 
 - `$request`: `Psr\Http\Message\ServerRequestInterface`
 
-#### [`getRequestDomain`](../../../src/RateLimit/DefaultRateLimiting.php#L177-L185)
+#### [`getRequestDomain`](../../../src/RateLimit/DefaultRateLimiting.php#L175-L183)
 
 Returns `?string`
 

docs/reference/classes/requesthandlers-api.md

@@ -320,13 +320,13 @@ static · Returns `string`
 
 ### Methods
 
-#### [`__construct`](../../../src/RequestHandlers/Api/BurnDown.php#L49-L52)
+#### [`__construct`](../../../src/RequestHandlers/Api/BurnDown.php#L54-L57)
 
 Returns `void`
 
 **Throws:** `DependencyException`
 
-#### [`handle`](../../../src/RequestHandlers/Api/BurnDown.php#L69-L91)
+#### [`handle`](../../../src/RequestHandlers/Api/BurnDown.php#L79-L106)
 
 Returns `Psr\Http\Message\ResponseInterface`
 
@@ -336,7 +336,7 @@ Returns `Psr\Http\Message\ResponseInterface`
 
 - `$request`: `Psr\Http\Message\ServerRequestInterface`
 
-**Throws:** `CacheException`, `CertaintyException`, `CryptoException`, `DependencyException`, `HPKEException`, `JsonException`, `NotImplementedException`, `ParserException`, `SodiumException`, `TableException`, `InvalidArgumentException`
+**Throws:** `BaseJsonException`, `BundleException`, `CacheException`, `CertaintyException`, `ConcurrentException`, `CryptoException`, `DateMalformedStringException`, `DependencyException`, `HPKEException`, `InvalidArgumentException`, `JsonException`, `NotImplementedException`, `ParserException`, `RandomException`, `SodiumException`, `TableException`
 
 #### [`getVerifiedStream`](../../../src/RequestHandlers/Api/BurnDown.php#L39-L62)
 
@@ -2707,7 +2707,7 @@ static · Returns `string`
 
 ### Methods
 
-#### [`handle`](../../../src/RequestHandlers/Api/Info.php#L34-L45)
+#### [`handle`](../../../src/RequestHandlers/Api/Info.php#L34-L46)
 
 Returns `Psr\Http\Message\ResponseInterface`
 

docs/reference/classes/tables.md

@@ -342,7 +342,7 @@ Return the witness data (including public key) for a given origin
 
 **Throws:** `TableException`
 
-#### [`addWitnessCosignature`](../../../src/Tables/MerkleState.php#L112-L157)
+#### [`addWitnessCosignature`](../../../src/Tables/MerkleState.php#L112-L160)
 
 **API** · Returns `bool`
 
@@ -354,29 +354,29 @@ Return the witness data (including public key) for a given origin
 
 **Throws:** `CryptoException`, `DependencyException`, `JsonException`, `NotImplementedException`, `ProtocolException`, `SodiumException`, `TableException`
 
-#### [`getCosignatures`](../../../src/Tables/MerkleState.php#L162-L180)
+#### [`getCosignatures`](../../../src/Tables/MerkleState.php#L165-L183)
 
 Returns `array`
 
 **Parameters:**
 
 - `$leafId`: `int`
 
-#### [`countCosignatures`](../../../src/Tables/MerkleState.php#L182-L192)
+#### [`countCosignatures`](../../../src/Tables/MerkleState.php#L185-L195)
 
 Returns `int`
 
 **Parameters:**
 
 - `$leafId`: `int`
 
-#### [`getLatestRoot`](../../../src/Tables/MerkleState.php#L200-L209)
+#### [`getLatestRoot`](../../../src/Tables/MerkleState.php#L203-L212)
 
 **API** · Returns `string`
 
 **Throws:** `DependencyException`, `SodiumException`
 
-#### [`insertLeaf`](../../../src/Tables/MerkleState.php#L228-L292)
+#### [`insertLeaf`](../../../src/Tables/MerkleState.php#L231-L295)
 
 **API** · Returns `bool`
 
@@ -386,27 +386,27 @@ Insert leaf with retry logic for deadlocks
 
 - `$leaf`: `FediE2EE\PKDServer\Tables\Records\MerkleLeaf`
 - `$inTransaction`: `callable`
-- `$maxRetries`: `int` = 5
+- `$maxRetries`: `int` = 20
 
 **Throws:** `ConcurrentException`, `CryptoException`, `DependencyException`, `NotImplementedException`, `RandomException`, `SodiumException`
 
-#### [`getLeafByRoot`](../../../src/Tables/MerkleState.php#L311-L327)
+#### [`getLeafByRoot`](../../../src/Tables/MerkleState.php#L314-L330)
 
 **API** · Returns `?FediE2EE\PKDServer\Tables\Records\MerkleLeaf`
 
 **Parameters:**
 
 - `$root`: `string`
 
-#### [`getLeafByID`](../../../src/Tables/MerkleState.php#L332-L348)
+#### [`getLeafByID`](../../../src/Tables/MerkleState.php#L335-L351)
 
 **API** · Returns `?FediE2EE\PKDServer\Tables\Records\MerkleLeaf`
 
 **Parameters:**
 
 - `$primaryKey`: `int`
 
-#### [`getHashesSince`](../../../src/Tables/MerkleState.php#L388-L430)
+#### [`getHashesSince`](../../../src/Tables/MerkleState.php#L391-L435)
 
 **API** · Returns `array`
 
@@ -994,7 +994,7 @@ Returns `void`
 
 **Throws:** `JsonException`, `TableException`
 
-#### [`getHistory`](../../../src/Tables/ReplicaHistory.php#L71-L82)
+#### [`getHistory`](../../../src/Tables/ReplicaHistory.php#L71-L84)
 
 Returns `array`
 
@@ -1006,7 +1006,7 @@ Returns `array`
 
 **Throws:** `JsonException`
 
-#### [`getHistorySince`](../../../src/Tables/ReplicaHistory.php#L88-L108)
+#### [`getHistorySince`](../../../src/Tables/ReplicaHistory.php#L90-L110)
 
 Returns `array`
 

docs/reference/classes/traits.md

@@ -873,15 +873,15 @@ Returns `string`
 
 - `$array`: `array`
 
-#### [`getRequestActor`](../../../src/Traits/NetworkTrait.php#L155-L175)
+#### [`getRequestActor`](../../../src/Traits/NetworkTrait.php#L155-L173)
 
 Returns `?string`
 
 **Parameters:**
 
 - `$request`: `Psr\Http\Message\ServerRequestInterface`
 
-#### [`getRequestDomain`](../../../src/Traits/NetworkTrait.php#L177-L185)
+#### [`getRequestDomain`](../../../src/Traits/NetworkTrait.php#L175-L183)
 
 Returns `?string`
 

docs/reference/routes.md

@@ -8,7 +8,7 @@ This document lists all API routes defined via `#[Route]` attributes.
 |---------------|---------------|--------|
 | `/` | [`RequestHandlers\IndexPage`](../../src/RequestHandlers/IndexPage.php) | `handle` |
 | `/.well-known/webfinger` | [`RequestHandlers\ActivityPub\Finger`](../../src/RequestHandlers/ActivityPub/Finger.php) | `handle` |
-| `/api/burndown` | [`RequestHandlers\Api\Revoke`](../../src/RequestHandlers/Api/Revoke.php) | `handle` |
+| `/api/burndown` | [`RequestHandlers\Api\BurnDown`](../../src/RequestHandlers/Api/BurnDown.php) | `handle` |
 | `/api/checkpoint` | [`RequestHandlers\Api\Checkpoint`](../../src/RequestHandlers/Api/Checkpoint.php) | `handle` |
 | `/api/extensions` | [`RequestHandlers\Api\Extensions`](../../src/RequestHandlers/Api/Extensions.php) | `handle` |
 | `/api/history` | [`RequestHandlers\Api\History`](../../src/RequestHandlers/Api/History.php) | `handle` |
@@ -24,7 +24,7 @@ This document lists all API routes defined via `#[Route]` attributes.
 | `/api/replicas/{replica_id}/actor/{actor_id}/keys/key/{key_id}` | [`RequestHandlers\Api\ReplicaInfo`](../../src/RequestHandlers/Api/ReplicaInfo.php) | `actorKey` |
 | `/api/replicas/{replica_id}/history` | [`RequestHandlers\Api\ReplicaInfo`](../../src/RequestHandlers/Api/ReplicaInfo.php) | `history` |
 | `/api/replicas/{replica_id}/history/since/{hash}` | [`RequestHandlers\Api\ReplicaInfo`](../../src/RequestHandlers/Api/ReplicaInfo.php) | `historySince` |
-| `/api/revoke` | [`RequestHandlers\Api\BurnDown`](../../src/RequestHandlers/Api/BurnDown.php) | `handle` |
+| `/api/revoke` | [`RequestHandlers\Api\Revoke`](../../src/RequestHandlers/Api/Revoke.php) | `handle` |
 | `/api/server-public-key` | [`RequestHandlers\Api\ServerPublicKey`](../../src/RequestHandlers/Api/ServerPublicKey.php) | `handle` |
 | `/api/totp/disenroll` | [`RequestHandlers\Api\TotpDisenroll`](../../src/RequestHandlers/Api/TotpDisenroll.php) | `handle` |
 | `/api/totp/enroll` | [`RequestHandlers\Api\TotpEnroll`](../../src/RequestHandlers/Api/TotpEnroll.php) | `handle` |

public/index.php

@@ -29,6 +29,9 @@
     if ($ex instanceof RateLimitException) {
         // Rate-limited by the Middleware
         http_response_code(420);
+        if (!is_null($ex->rateLimitedUntil)) {
+            header('Retry-After: ' . $ex->rateLimitedUntil->format(DateTimeInterface::ATOM));
+        }
         echo $ex->getMessage(), PHP_EOL;
         if (!is_null($ex->rateLimitedUntil)) {
             echo 'Try again after: ',

src/Meta/Params.php

@@ -23,6 +23,7 @@
         public string $hostname = 'localhost',
         public string $cacheKey = '',
         public int $httpCacheTtl = 60,
+        public bool $serverAllowsBurnDown = true,
     ) {
         if (!Tree::isHashFunctionAllowed($this->hashAlgo)) {
             throw new DependencyException('Disallowed hash algorithm');
@@ -49,6 +50,11 @@
         return $this->actorUsername;
     }
 
+    public function getBurnDownEnabled(): bool
+    {
+        return $this->serverAllowsBurnDown;
+    }
+
     public function getCacheKey(): string
     {
         return $this->cacheKey;

src/Protocol/Payload.php

@@ -9,7 +9,7 @@
     ProtocolMessageInterface
 };
 use FediE2EE\PKDServer\Traits\JsonTrait;
-use function array_key_exists, json_decode;
+use function array_key_exists;
 
 readonly class Payload
 {
@@ -42,7 +42,7 @@ public function decode(): array
      */
     public function getMerkleTreePayload(): string
     {
-        $decoded = json_decode($this->rawJson, true);
+        $decoded = self::jsonDecode($this->rawJson);
         if (array_key_exists('key-id', $decoded)) {
             unset($decoded['key-id']);
         }

src/RateLimit/DefaultRateLimiting.php

@@ -187,7 +187,7 @@
                 break;
             }
 
-        } while ($data->failures > 0);
+        } while ($failures > 0);
         // Either way, return the updated rate-limit info:
         return $data->withFailures($failures)->withCooldownStart($start);
     }
@@ -251,11 +251,12 @@
         if ($failures < 1) {
             return new DateInterval('PT0S');
         }
-        $milliseconds = $this->baseDelay << ($failures - 1);
+        $shift = min($failures - 1, 60);
+        $milliseconds = $this->baseDelay << $shift;
         $seconds = (int) floor($milliseconds / 1000);
         $us = ($milliseconds % 1000) * 1000;
         $interval = DateInterval::createFromDateString($seconds . ' seconds + ' . $us . ' microseconds');
         if (!($interval instanceof DateInterval)) {
             throw new DateMalformedIntervalStringException('Invalid interval string');
         }
         return $interval;

src/RateLimit/Storage/Filesystem.php

@@ -93,7 +93,7 @@ public function set(string $type, string $identifier, RateLimitData $data): bool
             'expires' => time() + $this->ttl,
             'data' => self::jsonEncode($data),
         ]);
-        return file_put_contents($file, $bundled) !== false;
+        return file_put_contents($file, $bundled, LOCK_EX) !== false;
     }
 
     /**