diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs --- a/services/identity/src/client_service.rs +++ b/services/identity/src/client_service.rs @@ -120,8 +120,7 @@ let username_in_reserved_usernames_table = self .client .get_user_id_from_reserved_usernames_table(&message.username) - .await - .map_err(handle_db_error)? + .await? .is_some(); if username_in_reserved_usernames_table { @@ -165,8 +164,7 @@ .insert_workflow(WorkflowInProgress::Registration(Box::new( registration_state, ))) - .await - .map_err(handle_db_error)?; + .await?; let response = RegistrationStartResponse { session_id, @@ -192,8 +190,7 @@ let Some(original_username) = self .client .get_original_username_from_reserved_usernames_table(&message.username) - .await - .map_err(handle_db_error)? + .await? else { return Err(tonic::Status::permission_denied( tonic_status_messages::USERNAME_NOT_RESERVED, @@ -232,8 +229,7 @@ .insert_workflow(WorkflowInProgress::Registration(Box::new( registration_state, ))) - .await - .map_err(handle_db_error)?; + .await?; let response = RegistrationStartResponse { session_id, @@ -250,11 +246,8 @@ let platform_metadata = get_platform_metadata(&request)?; let message = request.into_inner(); - if let Some(WorkflowInProgress::Registration(state)) = self - .client - .get_workflow(message.session_id) - .await - .map_err(handle_db_error)? + if let Some(WorkflowInProgress::Registration(state)) = + self.client.get_workflow(message.session_id).await? { let server_registration = comm_opaque2::server::Registration::new(); let password_file = server_registration @@ -272,8 +265,7 @@ platform_metadata, login_time, ) - .await - .map_err(handle_db_error)?; + .await?; // Create access token let token = AccessTokenData::with_created_time( @@ -286,11 +278,7 @@ let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; let response = AuthResponse { user_id, @@ -316,8 +304,7 @@ let user_id_and_password_file = self .client .get_user_info_and_password_file_from_username(&message.username) - .await - .map_err(handle_db_error)?; + .await?; let UserInfoAndPasswordFile { user_id, @@ -334,8 +321,7 @@ let username_in_reserved_usernames_table = self .client .get_user_id_from_reserved_usernames_table(&message.username) - .await - .map_err(handle_db_error)? + .await? .is_some(); if username_in_reserved_usernames_table { @@ -396,8 +382,7 @@ let session_id = self .client .insert_workflow(WorkflowInProgress::Login(Box::new(login_state))) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(OpaqueLoginStartResponse { session_id, @@ -414,11 +399,8 @@ let platform_metadata = get_platform_metadata(&request)?; let message = request.into_inner(); - let Some(WorkflowInProgress::Login(state)) = self - .client - .get_workflow(message.session_id) - .await - .map_err(handle_db_error)? + let Some(WorkflowInProgress::Login(state)) = + self.client.get_workflow(message.session_id).await? else { return Err(tonic::Status::not_found( tonic_status_messages::SESSION_NOT_FOUND, @@ -434,8 +416,7 @@ self .client .remove_device(state.user_id.clone(), device_to_remove) - .await - .map_err(handle_db_error)?; + .await?; } let login_time = chrono::Utc::now(); @@ -447,8 +428,7 @@ platform_metadata, login_time, ) - .await - .map_err(handle_db_error)?; + .await?; // Create access token let token = AccessTokenData::with_created_time( @@ -461,11 +441,7 @@ let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; let response = AuthResponse { user_id: state.user_id, @@ -508,8 +484,7 @@ let user_id = if let Some(user_id) = self .client .get_user_id_from_user_info(wallet_address.clone(), &AuthType::Wallet) - .await - .map_err(handle_db_error)? + .await? { self .check_device_id_taken(&flattened_device_key_upload, Some(&user_id)) @@ -523,16 +498,14 @@ platform_metadata, login_time, ) - .await - .map_err(handle_db_error)?; + .await?; user_id } else { let Some(user_id) = self .client .get_user_id_from_reserved_usernames_table(&wallet_address) - .await - .map_err(handle_db_error)? + .await? else { return Err(tonic::Status::not_found( tonic_status_messages::USER_NOT_FOUND, @@ -570,8 +543,7 @@ message.farcaster_id, None, ) - .await - .map_err(handle_db_error)?; + .await?; user_id }; @@ -587,11 +559,7 @@ let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; let response = AuthResponse { user_id, @@ -623,8 +591,7 @@ let username_in_reserved_usernames_table = self .client .get_user_id_from_reserved_usernames_table(&wallet_address) - .await - .map_err(handle_db_error)? + .await? .is_some(); if username_in_reserved_usernames_table { @@ -661,8 +628,7 @@ message.farcaster_id, initial_device_list, ) - .await - .map_err(handle_db_error)?; + .await?; // Create access token let token = AccessTokenData::with_created_time( @@ -675,11 +641,7 @@ let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; let response = AuthResponse { user_id, @@ -796,17 +758,13 @@ let user_identity = self .client .get_user_identity(&user_id) - .await - .map_err(handle_db_error)? + .await? .ok_or_else(|| { tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) })?; - let Some(device_list) = self - .client - .get_current_device_list(&user_id) - .await - .map_err(handle_db_error)? + let Some(device_list) = + self.client.get_current_device_list(&user_id).await? else { warn!("User {} does not have valid device list. Secondary device auth impossible.", redact_sensitive_data(&user_id)); return Err(tonic::Status::aborted( @@ -831,11 +789,7 @@ &mut OsRng, ); let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; self .client @@ -845,8 +799,7 @@ platform_metadata, login_time, ) - .await - .map_err(handle_db_error)?; + .await?; let response = AuthResponse { user_id, @@ -874,20 +827,17 @@ self.client.get_user_identity(&user_id), self.client.get_current_device_list(&user_id) ); - let user_identity = - identity_response.map_err(handle_db_error)?.ok_or_else(|| { - tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) - })?; - - let device_list = device_list_response - .map_err(handle_db_error)? - .ok_or_else(|| { - warn!( - "User {} does not have a valid device list.", - redact_sensitive_data(&user_id) - ); - tonic::Status::aborted(tonic_status_messages::DEVICE_LIST_ERROR) - })?; + let user_identity = identity_response?.ok_or_else(|| { + tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) + })?; + + let device_list = device_list_response?.ok_or_else(|| { + warn!( + "User {} does not have a valid device list.", + redact_sensitive_data(&user_id) + ); + tonic::Status::aborted(tonic_status_messages::DEVICE_LIST_ERROR) + })?; if !device_list.device_ids.contains(&device_id) { return Err(tonic::Status::permission_denied( @@ -906,11 +856,7 @@ &mut OsRng, ); let access_token = token.access_token.clone(); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + self.client.put_access_token_data(token).await?; let response = AuthResponse { user_id, @@ -926,16 +872,15 @@ _request: tonic::Request, ) -> Result, tonic::Status> { let nonce_data = generate_nonce_data(&mut OsRng); - match self + self .client .add_nonce_to_nonces_table(nonce_data.clone()) - .await - { - Ok(_) => Ok(Response::new(GenerateNonceResponse { - nonce: nonce_data.nonce, - })), - Err(e) => Err(handle_db_error(e)), - } + .await?; + + let response = GenerateNonceResponse { + nonce: nonce_data.nonce, + }; + Ok(Response::new(response)) } #[tracing::instrument(skip_all)] @@ -953,8 +898,7 @@ message.device_id.clone(), message.access_token, ) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(VerifyUserAccessTokenResponse { token_valid }); debug!( @@ -976,17 +920,13 @@ &message.signature, )?; - let filtered_user_details = self - .client - .filter_out_taken_usernames(user_details) - .await - .map_err(handle_db_error)?; + let filtered_user_details = + self.client.filter_out_taken_usernames(user_details).await?; self .client .add_usernames_to_reserved_usernames_table(filtered_user_details) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(Empty {}); Ok(response) @@ -1007,8 +947,7 @@ self .client .delete_username_from_reserved_usernames_table(username) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(Empty {}); Ok(response) @@ -1049,10 +988,9 @@ .client .get_user_id_from_user_info(user_ident.clone(), &auth_type), ); - let is_reserved = get_user_id_from_reserved_usernames_table_result - .map_err(handle_db_error)? - .is_some(); - let user_id = user_id_result.map_err(handle_db_error)?; + let is_reserved = + get_user_id_from_reserved_usernames_table_result?.is_some(); + let user_id = user_id_result?; Ok(Response::new(FindUserIdResponse { user_id, @@ -1070,8 +1008,7 @@ let farcaster_users = self .client .get_farcaster_users(message.farcaster_ids) - .await - .map_err(handle_db_error)? + .await? .into_iter() .map(|d| d.0) .collect(); @@ -1085,11 +1022,8 @@ &self, username: &str, ) -> Result<(), tonic::Status> { - let username_taken = self - .client - .username_taken(username.to_string()) - .await - .map_err(handle_db_error)?; + let username_taken = + self.client.username_taken(username.to_string()).await?; if username_taken { return Err(tonic::Status::already_exists( tonic_status_messages::USERNAME_ALREADY_EXISTS, @@ -1105,8 +1039,7 @@ let wallet_address_taken = self .client .wallet_address_taken(wallet_address.to_string()) - .await - .map_err(handle_db_error)?; + .await?; if wallet_address_taken { return Err(tonic::Status::already_exists( tonic_status_messages::WALLET_ADDRESS_TAKEN, @@ -1122,8 +1055,7 @@ let fid_already_registered = !self .client .get_farcaster_users(vec![farcaster_id.to_string()]) - .await - .map_err(handle_db_error)? + .await? .is_empty(); if fid_already_registered { return Err(tonic::Status::already_exists( @@ -1139,11 +1071,8 @@ requesting_user_id: Option<&str>, ) -> Result<(), tonic::Status> { let device_id = key_upload.device_id_key.as_str(); - let Some(existing_device_user_id) = self - .client - .find_user_id_for_device(device_id) - .await - .map_err(handle_db_error)? + let Some(existing_device_user_id) = + self.client.find_user_id_for_device(device_id).await? else { // device ID doesn't exist return Ok(()); @@ -1171,12 +1100,7 @@ &self, nonce: &str, ) -> Result<(), tonic::Status> { - match self - .client - .get_nonce_from_nonces_table(nonce) - .await - .map_err(handle_db_error)? - { + match self.client.get_nonce_from_nonces_table(nonce).await? { None => { return Err(tonic::Status::invalid_argument( tonic_status_messages::INVALID_NONCE, @@ -1189,11 +1113,12 @@ tonic_status_messages::NONCE_EXPIRED, )); } - Some(nonce_data) => self - .client - .remove_nonce_from_nonces_table(&nonce_data.nonce) - .await - .map_err(handle_db_error)?, + Some(nonce_data) => { + self + .client + .remove_nonce_from_nonces_table(&nonce_data.nonce) + .await? + } }; Ok(()) } @@ -1212,8 +1137,7 @@ let maybe_keyserver_device_id = self .client .get_keyserver_device_id_for_user(user_id) - .await - .map_err(handle_db_error)?; + .await?; let Some(existing_keyserver_device_id) = maybe_keyserver_device_id else { return Ok(None); @@ -1411,8 +1335,7 @@ notif_prekey: message.notif_prekey()?, notif_prekey_signature: message.notif_prekey_signature()?, notif_one_time_keys: message.one_time_notif_prekeys()?, - device_type: DeviceType::try_from(DBDeviceTypeInt(message.device_type()?)) - .map_err(handle_db_error)?, + device_type: DeviceType::try_from(DBDeviceTypeInt(message.device_type()?))?, }; Ok(flattened_device_key_upload) diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs --- a/services/identity/src/grpc_services/authenticated.rs +++ b/services/identity/src/grpc_services/authenticated.rs @@ -16,7 +16,7 @@ use comm_lib::auth::AuthService; use comm_opaque2::grpc::protocol_error_to_grpc_status; use tonic::{Request, Response, Status}; -use tracing::{debug, error, trace, warn}; +use tracing::{debug, error, trace}; use super::protos::auth::{ identity_client_service_server::IdentityClientService, @@ -67,13 +67,11 @@ // This function cannot be `async`, yet must call the async db call // Force tokio to resolve future in current thread without an explicit .await let valid_token = tokio::task::block_in_place(move || { - handle - .block_on(new_db_client.verify_access_token( - user_id, - device_id, - access_token, - )) - .map_err(handle_db_error) + handle.block_on(new_db_client.verify_access_token( + user_id, + device_id, + access_token, + )) })?; if !valid_token { @@ -145,8 +143,7 @@ content_key.into(), notif_key.into(), ) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(Empty {}); Ok(response) @@ -163,8 +160,7 @@ let devices_map = self .db_client .get_keys_for_user(user_id, true) - .await - .map_err(handle_db_error)? + .await? .ok_or_else(|| { tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) })?; @@ -204,8 +200,7 @@ let identifier = self .db_client .get_user_identity(user_id) - .await - .map_err(handle_db_error)? + .await? .ok_or_else(|| { tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) })?; @@ -226,8 +221,7 @@ let identifier = self .db_client .get_user_identity(&message.user_id) - .await - .map_err(handle_db_error)? + .await? .ok_or_else(|| { tonic::Status::not_found(tonic_status_messages::USER_NOT_FOUND) })?; @@ -235,8 +229,7 @@ let Some(keyserver_info) = self .db_client .get_keyserver_keys_for_user(&message.user_id) - .await - .map_err(handle_db_error)? + .await? else { return Err(Status::not_found( tonic_status_messages::KEYSERVER_NOT_FOUND, @@ -246,8 +239,7 @@ let primary_device_data = self .db_client .get_primary_device_data(&message.user_id) - .await - .map_err(handle_db_error)?; + .await?; let primary_device_keys = primary_device_data.device_key_info; let response = Response::new(KeyserverKeysResponse { @@ -276,8 +268,7 @@ &message.content_one_time_prekeys, &message.notif_one_time_prekeys, ) - .await - .map_err(handle_db_error)?; + .await?; Ok(tonic::Response::new(Empty {})) } @@ -293,8 +284,7 @@ let Some((username, password_file)) = self .db_client .get_username_and_password_file(&user_id) - .await - .map_err(handle_db_error)? + .await? else { return Err(tonic::Status::permission_denied( tonic_status_messages::WALLET_USER, @@ -326,8 +316,7 @@ let session_id = self .db_client .insert_workflow(WorkflowInProgress::Update(Box::new(update_state))) - .await - .map_err(handle_db_error)?; + .await?; let response = UpdateUserPasswordStartResponse { session_id, @@ -346,11 +335,8 @@ let message = request.into_inner(); - let Some(WorkflowInProgress::Update(state)) = self - .db_client - .get_workflow(message.session_id) - .await - .map_err(handle_db_error)? + let Some(WorkflowInProgress::Update(state)) = + self.db_client.get_workflow(message.session_id).await? else { return Err(tonic::Status::not_found( tonic_status_messages::SESSION_NOT_FOUND, @@ -370,8 +356,7 @@ self .db_client .update_user_password(user_id, password_file) - .await - .map_err(handle_db_error)?; + .await?; let response = Empty {}; Ok(Response::new(response)) @@ -384,23 +369,17 @@ ) -> Result, tonic::Status> { let (user_id, device_id) = get_user_and_device_id(&request)?; - self - .db_client - .remove_device(&user_id, &device_id) - .await - .map_err(handle_db_error)?; + self.db_client.remove_device(&user_id, &device_id).await?; self .db_client .delete_otks_table_rows_for_user_device(&user_id, &device_id) - .await - .map_err(handle_db_error)?; + .await?; self .db_client .delete_access_token_data(&user_id, &device_id) - .await - .map_err(handle_db_error)?; + .await?; let device_list = self .db_client @@ -485,15 +464,10 @@ // on our own. (Side effect would skip the primary device). false, ) - .await - .map_err(handle_db_error)?; + .await?; debug!(user_id, "Attempting to delete user's access tokens"); - self - .db_client - .delete_all_tokens_for_user(&user_id) - .await - .map_err(handle_db_error)?; + self.db_client.delete_all_tokens_for_user(&user_id).await?; // We must delete the one-time keys first because doing so requires device // IDs from the devices table @@ -501,15 +475,13 @@ self .db_client .delete_otks_table_rows_for_user(&user_id) - .await - .map_err(handle_db_error)?; + .await?; debug!(user_id, "Attempting to delete user's devices"); let device_ids = self .db_client .delete_devices_data_for_user(&user_id) - .await - .map_err(handle_db_error)?; + .await?; spawn_delete_tunnelbroker_data_task(device_ids); @@ -539,14 +511,12 @@ self .db_client .delete_access_token_data(&user_id, &device_id) - .await - .map_err(handle_db_error)?; + .await?; self .db_client .delete_otks_table_rows_for_user_device(&user_id, &device_id) - .await - .map_err(handle_db_error)?; + .await?; spawn_delete_tunnelbroker_data_task([device_id].into()); @@ -566,8 +536,7 @@ let user_is_password_authenticated = self .db_client .user_is_password_authenticated(&user_id) - .await - .map_err(handle_db_error)?; + .await?; if user_is_password_authenticated { return Err(tonic::Status::permission_denied( @@ -575,11 +544,7 @@ )); } - let device_ids = self - .db_client - .delete_user(user_id.clone()) - .await - .map_err(handle_db_error)?; + let device_ids = self.db_client.delete_user(user_id.clone()).await?; spawn_delete_tunnelbroker_data_task(device_ids); spawn_delete_backup_data_task(user_id, self.comm_auth_service.clone()); @@ -600,8 +565,7 @@ let maybe_username_and_password_file = self .db_client .get_username_and_password_file(&user_id) - .await - .map_err(handle_db_error)?; + .await?; let Some((username, password_file_bytes)) = maybe_username_and_password_file @@ -628,8 +592,7 @@ .insert_workflow(WorkflowInProgress::PasswordUserDeletion(Box::new( delete_state, ))) - .await - .map_err(handle_db_error)?; + .await?; let response = Response::new(DeletePasswordUserStartResponse { session_id, @@ -647,11 +610,8 @@ let message = request.into_inner(); debug!("Attempting to finish deleting password user: {}", user_id); - let Some(WorkflowInProgress::PasswordUserDeletion(state)) = self - .db_client - .get_workflow(message.session_id) - .await - .map_err(handle_db_error)? + let Some(WorkflowInProgress::PasswordUserDeletion(state)) = + self.db_client.get_workflow(message.session_id).await? else { return Err(tonic::Status::not_found( tonic_status_messages::SESSION_NOT_FOUND, @@ -663,11 +623,7 @@ .finish(&message.opaque_login_upload) .map_err(protocol_error_to_grpc_status)?; - let device_ids = self - .db_client - .delete_user(user_id.clone()) - .await - .map_err(handle_db_error)?; + let device_ids = self.db_client.delete_user(user_id.clone()).await?; spawn_delete_tunnelbroker_data_task(device_ids); spawn_delete_backup_data_task(user_id, self.comm_auth_service.clone()); @@ -698,8 +654,7 @@ let mut db_result = self .db_client .get_device_list_history(user_id, since) - .await - .map_err(handle_db_error)?; + .await?; // these should be sorted already, but just in case db_result.sort_by_key(|list| list.timestamp); @@ -734,11 +689,8 @@ ); // 1. Fetch device lists - let device_lists = self - .db_client - .get_current_device_lists(user_ids) - .await - .map_err(handle_db_error)?; + let device_lists = + self.db_client.get_current_device_lists(user_ids).await?; trace!("Found device lists for {} users", device_lists.keys().len()); // 2. Fetch platform details @@ -756,8 +708,7 @@ let platform_details = self .db_client .get_devices_platform_details(flattened_user_device_ids) - .await - .map_err(handle_db_error)?; + .await?; trace!( "Found platform details for {} users", platform_details.keys().len() @@ -808,8 +759,7 @@ self .db_client .apply_devicelist_update(&user_id, update, Some(validator), true) - .await - .map_err(handle_db_error)?; + .await?; Ok(Response::new(Empty {})) } @@ -825,8 +775,7 @@ let mut get_farcaster_users_response = self .db_client .get_farcaster_users(vec![message.farcaster_id.clone()]) - .await - .map_err(handle_db_error)?; + .await?; if get_farcaster_users_response.len() > 1 { error!( @@ -849,8 +798,7 @@ self .db_client .add_farcaster_id(user_id, message.farcaster_id) - .await - .map_err(handle_db_error)?; + .await?; let response = Empty {}; Ok(Response::new(response)) @@ -863,11 +811,7 @@ ) -> Result, tonic::Status> { let (user_id, _) = get_user_and_device_id(&request)?; - self - .db_client - .remove_farcaster_id(user_id) - .await - .map_err(handle_db_error)?; + self.db_client.remove_farcaster_id(user_id).await?; let response = Empty {}; Ok(Response::new(response)) @@ -884,8 +828,7 @@ let users_table_results = self .db_client .find_db_user_identities(user_ids.clone()) - .await - .map_err(handle_db_error)?; + .await?; // Look up only user IDs that haven't been found in users table let reserved_user_ids_to_query: Vec = user_ids @@ -895,8 +838,7 @@ let reserved_user_identifiers = self .db_client .query_reserved_usernames_by_user_ids(reserved_user_ids_to_query) - .await - .map_err(handle_db_error)?; + .await?; let identities = users_table_results .into_iter() @@ -927,8 +869,7 @@ self .db_client .update_device_platform_details(user_id, device_id, platform_details) - .await - .map_err(handle_db_error)?; + .await?; Ok(Response::new(Empty {})) }