benjamyn/any-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change invite logic

Browse Source
This commit is contained in:
mcrakhman 2022-10-27 17:09:07 +02:00 committed by Mikhail Iudin
parent 1e73844ac0
commit 481e2c52af
No known key found for this signature in database
GPG Key ID: FAAAA8BAABDFF1C0
9 changed files with 228 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

235
common/pkg/acl/aclrecordproto/aclrecord.pb.go
View File

@ -681,10 +681,9 @@ func (m *ACLUserAdd) GetPermissions() ACLUserPermissions {
type ACLUserInvite struct { type ACLUserInvite struct {
AcceptPublicKey []byte `protobuf:"bytes,1,opt,name=acceptPublicKey,proto3" json:"acceptPublicKey,omitempty"` AcceptPublicKey []byte `protobuf:"bytes,1,opt,name=acceptPublicKey,proto3" json:"acceptPublicKey,omitempty"`
EncryptPublicKey []byte `protobuf:"bytes,2,opt,name=encryptPublicKey,proto3" json:"encryptPublicKey,omitempty"` EncryptSymKeyHash uint64 `protobuf:"varint,2,opt,name=encryptSymKeyHash,proto3" json:"encryptSymKeyHash,omitempty"`
EncryptedReadKeys [][]byte `protobuf:"bytes,3,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,3,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"`
Permissions ACLUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=aclrecord.ACLUserPermissions" json:"permissions,omitempty"` Permissions ACLUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=aclrecord.ACLUserPermissions" json:"permissions,omitempty"`
InviteId string `protobuf:"bytes,5,opt,name=inviteId,proto3" json:"inviteId,omitempty"`
} }
func (m *ACLUserInvite) Reset() { *m = ACLUserInvite{} } func (m *ACLUserInvite) Reset() { *m = ACLUserInvite{} }
@ -727,11 +726,11 @@ func (m *ACLUserInvite) GetAcceptPublicKey() []byte {
return nil return nil
} }
func (m *ACLUserInvite) GetEncryptPublicKey() []byte { func (m *ACLUserInvite) GetEncryptSymKeyHash() uint64 {
if m != nil { if m != nil {
return m.EncryptPublicKey return m.EncryptSymKeyHash
} }
return nil return 0
} }
func (m *ACLUserInvite) GetEncryptedReadKeys() [][]byte { func (m *ACLUserInvite) GetEncryptedReadKeys() [][]byte {
@ -748,18 +747,11 @@ func (m *ACLUserInvite) GetPermissions() ACLUserPermissions {
return ACLUserPermissions_Admin return ACLUserPermissions_Admin
} }
func (m *ACLUserInvite) GetInviteId() string {
if m != nil {
return m.InviteId
}
return ""
}
type ACLUserJoin struct { type ACLUserJoin struct {
Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"`
AcceptSignature []byte `protobuf:"bytes,3,opt,name=acceptSignature,proto3" json:"acceptSignature,omitempty"` AcceptSignature []byte `protobuf:"bytes,3,opt,name=acceptSignature,proto3" json:"acceptSignature,omitempty"`
InviteId string `protobuf:"bytes,4,opt,name=inviteId,proto3" json:"inviteId,omitempty"` AcceptPubKey []byte `protobuf:"bytes,4,opt,name=acceptPubKey,proto3" json:"acceptPubKey,omitempty"`
EncryptedReadKeys [][]byte `protobuf:"bytes,5,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,5,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"`
} }
@ -817,11 +809,11 @@ func (m *ACLUserJoin) GetAcceptSignature() []byte {
return nil return nil
} }
func (m *ACLUserJoin) GetInviteId() string { func (m *ACLUserJoin) GetAcceptPubKey() []byte {
if m != nil { if m != nil {
return m.InviteId return m.AcceptPubKey
} }
return "" return nil
} }
func (m *ACLUserJoin) GetEncryptedReadKeys() [][]byte { func (m *ACLUserJoin) GetEncryptedReadKeys() [][]byte {
@ -1019,61 +1011,61 @@ func init() {
} }
var fileDescriptor_14abe0d1b4206d54 = []byte{ var fileDescriptor_14abe0d1b4206d54 = []byte{
// 859 bytes of a gzipped FileDescriptorProto // 854 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xdf, 0x59, 0x3b, 0x71, 0xf6, 0xd9, 0x6d, 0xdc, 0x11, 0xa4, 0xab, 0xa8, 0x58, 0xd6, 0x8a, 0x14, 0xdf, 0x59, 0x3b, 0x71, 0xf6, 0xd9, 0x6d, 0xdc, 0x11, 0xa4, 0xab, 0xa8, 0x58, 0xd6, 0x8a,
0x83, 0x55, 0x81, 0x0b, 0x06, 0xa9, 0x28, 0x07, 0x90, 0x6b, 0x5a, 0xd9, 0x24, 0x87, 0x6a, 0x02, 0x83, 0x55, 0x81, 0x0b, 0x06, 0xa9, 0x28, 0x07, 0x90, 0x6b, 0x5a, 0x39, 0x24, 0x87, 0x6a, 0x02,
0x14, 0x71, 0x9b, 0xee, 0x8e, 0x92, 0x51, 0xed, 0xdd, 0xd5, 0xec, 0xd8, 0xc8, 0x47, 0xce, 0x5c, 0x14, 0x71, 0x9b, 0xee, 0x8e, 0xe2, 0x51, 0xed, 0xdd, 0xd5, 0xec, 0xd8, 0xc8, 0x47, 0xce, 0x5c,
0xe0, 0x23, 0xf0, 0x41, 0x38, 0x71, 0xe1, 0xd8, 0x0b, 0x12, 0x47, 0x94, 0x7c, 0x01, 0xee, 0x5c, 0xe0, 0x23, 0xf0, 0x41, 0xb8, 0x23, 0x71, 0xe9, 0x05, 0xc4, 0x11, 0x25, 0x1f, 0x83, 0x0b, 0x9a,
0xd0, 0xcc, 0xfe, 0xdf, 0xb5, 0x2d, 0x2a, 0x59, 0x3d, 0x24, 0xde, 0xf7, 0xde, 0xef, 0x3d, 0xff, 0xd9, 0xff, 0xbb, 0xb6, 0x45, 0x25, 0xab, 0x87, 0xc4, 0xf3, 0xde, 0xfb, 0xbd, 0xe7, 0xdf, 0xfc,
0xe6, 0xf7, 0xde, 0xbc, 0x35, 0x7c, 0x18, 0xbe, 0xba, 0x7a, 0x44, 0xdd, 0xb9, 0xfa, 0x13, 0xcc, 0xe6, 0xcd, 0x1b, 0xc3, 0x87, 0xe1, 0xab, 0xeb, 0x47, 0xd4, 0x9d, 0xab, 0x3f, 0xc1, 0xdc, 0x40,
0x0d, 0x84, 0x17, 0x8a, 0x40, 0x06, 0x8f, 0xf4, 0xff, 0x28, 0xf7, 0x0e, 0xb5, 0x03, 0x5b, 0x99, 0x78, 0xa1, 0x08, 0x64, 0xf0, 0x48, 0xff, 0x8f, 0x72, 0xef, 0x50, 0x3b, 0xb0, 0x95, 0x39, 0x9c,
0xc3, 0x79, 0x06, 0x1d, 0x42, 0x7f, 0x18, 0x4f, 0x2e, 0x88, 0xb6, 0xb1, 0x0d, 0xad, 0x90, 0xae, 0x67, 0xd0, 0x21, 0xf4, 0x87, 0xf1, 0xe4, 0x92, 0x68, 0x1b, 0xdb, 0xd0, 0x0a, 0xe9, 0x7a, 0x1e,
0xe7, 0x01, 0xf5, 0x6c, 0xd4, 0x47, 0x83, 0x0e, 0x49, 0x4d, 0xfc, 0x00, 0xac, 0x88, 0x5f, 0xf9, 0x50, 0xcf, 0x46, 0x7d, 0x34, 0xe8, 0x90, 0xd4, 0xc4, 0x0f, 0xc0, 0x8a, 0xf8, 0xb5, 0x4f, 0xe5,
0x54, 0x2e, 0x05, 0xb3, 0x4d, 0x1d, 0xcb, 0x1d, 0xce, 0xe7, 0x80, 0x8b, 0x75, 0x5e, 0x70, 0x79, 0x52, 0x30, 0xdb, 0xd4, 0xb1, 0xdc, 0xe1, 0x7c, 0x0e, 0xb8, 0x58, 0xe7, 0x05, 0x97, 0xb3, 0xf3,
0x3d, 0xdb, 0x55, 0xed, 0x2e, 0x98, 0xdc, 0xd3, 0x65, 0x2c, 0x62, 0x72, 0xcf, 0xf9, 0x15, 0x81, 0x5d, 0xd5, 0xee, 0x82, 0xc9, 0x3d, 0x5d, 0xc6, 0x22, 0x26, 0xf7, 0x9c, 0x5f, 0x11, 0x58, 0x39,
0x95, 0xb3, 0x38, 0x81, 0xc3, 0x50, 0xb0, 0xd5, 0x2c, 0x4e, 0xb3, 0x48, 0x62, 0xe1, 0x53, 0x38, 0x8b, 0x13, 0x38, 0x0c, 0x05, 0x5b, 0x9d, 0xc7, 0x69, 0x16, 0x49, 0x2c, 0x7c, 0x0a, 0x47, 0xdc,
0xe2, 0x1e, 0xf3, 0x25, 0x97, 0xeb, 0x84, 0x42, 0x66, 0x63, 0x0c, 0x4d, 0x8f, 0x4a, 0x6a, 0x37, 0x63, 0xbe, 0xe4, 0x72, 0x9d, 0x50, 0xc8, 0x6c, 0x8c, 0xa1, 0xe9, 0x51, 0x49, 0xed, 0x86, 0xf6,
0xb4, 0x5f, 0x3f, 0xe3, 0x21, 0x60, 0x77, 0x29, 0x04, 0xf3, 0x25, 0x61, 0xd4, 0x3b, 0x67, 0xeb, 0xeb, 0x35, 0x1e, 0x02, 0x76, 0x97, 0x42, 0x30, 0x5f, 0x12, 0x46, 0xbd, 0x0b, 0xb6, 0x9e, 0xd2,
0x29, 0x8d, 0xae, 0xed, 0x66, 0x1f, 0x0d, 0x9a, 0x64, 0x43, 0x44, 0x9d, 0x51, 0xf2, 0x05, 0x8b, 0x68, 0x66, 0x37, 0xfb, 0x68, 0xd0, 0x24, 0x1b, 0x22, 0x6a, 0x8f, 0x92, 0x2f, 0x58, 0x24, 0xe9,
0x24, 0x5d, 0x84, 0xf6, 0x41, 0x1f, 0x0d, 0x1a, 0x24, 0x77, 0x38, 0x3f, 0x99, 0xd0, 0x52, 0x1c, 0x22, 0xb4, 0x0f, 0xfa, 0x68, 0xd0, 0x20, 0xb9, 0xc3, 0xf9, 0xc9, 0x84, 0x96, 0xe2, 0x18, 0x04,
0x83, 0x40, 0x96, 0x98, 0xa0, 0x0a, 0x93, 0xf7, 0xe1, 0x0e, 0xf3, 0x5d, 0xb1, 0x0e, 0x25, 0x0f, 0xb2, 0xc4, 0x04, 0x55, 0x98, 0xbc, 0x0f, 0x77, 0x98, 0xef, 0x8a, 0x75, 0x28, 0x79, 0xe0, 0x5f,
0xfc, 0x73, 0x96, 0x52, 0x2d, 0x3b, 0x95, 0x36, 0x51, 0x48, 0x5d, 0x36, 0xf3, 0x34, 0x65, 0x8b, 0xb0, 0x94, 0x6a, 0xd9, 0xa9, 0xb4, 0x89, 0x42, 0xea, 0xb2, 0x73, 0x4f, 0x53, 0xb6, 0x48, 0x6a,
0xa4, 0x26, 0x7e, 0x08, 0xdd, 0x04, 0xca, 0xbc, 0x84, 0x9d, 0xe6, 0xdc, 0x21, 0x35, 0xbf, 0xc2, 0xe2, 0x87, 0xd0, 0x4d, 0xa0, 0xcc, 0x4b, 0xd8, 0x69, 0xce, 0x1d, 0x52, 0xf3, 0x2b, 0xac, 0xc7,
0x7a, 0x4c, 0xf0, 0x15, 0x55, 0x65, 0x2f, 0xdd, 0x6b, 0xb6, 0x60, 0x9a, 0xb8, 0x45, 0x6a, 0xfe, 0x04, 0x5f, 0x51, 0x55, 0xf6, 0xca, 0x9d, 0xb1, 0x05, 0xd3, 0xc4, 0x2d, 0x52, 0xf3, 0x6f, 0x51,
0x2d, 0x6a, 0x1c, 0xfe, 0x3f, 0x35, 0x5a, 0x55, 0x35, 0xfe, 0x34, 0xe1, 0x78, 0x3c, 0xb9, 0x98, 0xe3, 0xf0, 0xff, 0xa9, 0xd1, 0xaa, 0xaa, 0xf1, 0xa7, 0x09, 0xc7, 0xe3, 0xc9, 0xe5, 0x24, 0xf0,
0x04, 0xbe, 0x64, 0xbe, 0xfc, 0x96, 0xce, 0x97, 0x0c, 0x7f, 0x0c, 0xad, 0x65, 0xc4, 0xc4, 0xd8, 0x25, 0xf3, 0xe5, 0xb7, 0x74, 0xbe, 0x64, 0xf8, 0x63, 0x68, 0x2d, 0x23, 0x26, 0xc6, 0x5e, 0x7c,
0x8b, 0x1b, 0xd7, 0x1e, 0xbd, 0x3b, 0xcc, 0x67, 0x6f, 0x3c, 0xb9, 0xf8, 0x26, 0x0e, 0x4e, 0x0d, 0x70, 0xed, 0xd1, 0xbb, 0xc3, 0xbc, 0xf7, 0xc6, 0x93, 0xcb, 0x6f, 0xe2, 0xe0, 0xd4, 0x20, 0x29,
0x92, 0xe2, 0xf0, 0x19, 0x80, 0x7a, 0x24, 0x6c, 0x11, 0xac, 0xe2, 0xb9, 0x6a, 0x8f, 0xec, 0x7a, 0x0e, 0x9f, 0x01, 0xa8, 0x25, 0x61, 0x8b, 0x60, 0x15, 0xf7, 0x55, 0x7b, 0x64, 0xd7, 0xb3, 0xe2,
0x56, 0x1c, 0x9f, 0x1a, 0xa4, 0x80, 0xc6, 0xdf, 0xc1, 0x3b, 0xca, 0x7a, 0xce, 0xc4, 0x82, 0x47, 0xf8, 0xd4, 0x20, 0x05, 0x34, 0xfe, 0x0e, 0xde, 0x51, 0xd6, 0x73, 0x26, 0x16, 0x3c, 0x8a, 0x78,
0x11, 0x0f, 0xfc, 0xc9, 0x35, 0xf5, 0xaf, 0x98, 0xd6, 0xb3, 0x3d, 0x72, 0xea, 0x55, 0xaa, 0xc8, 0xe0, 0x4f, 0x66, 0xd4, 0xbf, 0x66, 0x5a, 0xcf, 0xf6, 0xc8, 0xa9, 0x57, 0xa9, 0x22, 0xa7, 0x06,
0xa9, 0x41, 0x36, 0x56, 0x48, 0x59, 0xcd, 0xfc, 0x15, 0x97, 0x4c, 0x8b, 0xbf, 0x91, 0x55, 0x1c, 0xd9, 0x58, 0x21, 0x65, 0x75, 0xee, 0xaf, 0xb8, 0x64, 0x5a, 0xfc, 0x8d, 0xac, 0xe2, 0x78, 0xca,
0x4f, 0x59, 0xc5, 0x16, 0xfe, 0x14, 0x8e, 0x94, 0xf5, 0x55, 0xc0, 0x7d, 0xdd, 0x8a, 0xf6, 0xe8, 0x2a, 0xb6, 0xf0, 0xa7, 0x70, 0xa4, 0xac, 0xaf, 0x02, 0xee, 0xeb, 0xa3, 0x68, 0x8f, 0x4e, 0xea,
0xa4, 0x9e, 0xa9, 0xa2, 0x53, 0x83, 0x64, 0xc8, 0x27, 0x2d, 0x38, 0x58, 0x29, 0x0d, 0x9d, 0xa7, 0x99, 0x2a, 0x3a, 0x35, 0x48, 0x86, 0x7c, 0xd2, 0x82, 0x83, 0x95, 0xd2, 0xd0, 0x79, 0xaa, 0x9b,
0x7a, 0xc8, 0xbe, 0x54, 0xe3, 0x7b, 0x06, 0x40, 0xdd, 0x79, 0xa2, 0xb0, 0x8d, 0xfa, 0x8d, 0x41, 0xec, 0x4b, 0xd5, 0xbe, 0x67, 0x00, 0xd4, 0x9d, 0x27, 0x0a, 0xdb, 0xa8, 0xdf, 0x18, 0xb4, 0x47,
0x7b, 0x74, 0x5a, 0xae, 0x55, 0x94, 0x9f, 0x14, 0xd0, 0xce, 0xbf, 0x08, 0x8e, 0xc6, 0x93, 0x8b, 0xa7, 0xe5, 0x5a, 0x45, 0xf9, 0x49, 0x01, 0xed, 0xfc, 0x8b, 0xe0, 0x68, 0x3c, 0xb9, 0xbc, 0x92,
0x4b, 0x49, 0x25, 0x53, 0x13, 0x29, 0xf2, 0xc6, 0xb2, 0x48, 0xd7, 0x6a, 0x92, 0xb2, 0x13, 0x3f, 0x54, 0x32, 0xd5, 0x91, 0x22, 0x3f, 0x58, 0x16, 0xe9, 0x5a, 0x4d, 0x52, 0x76, 0xe2, 0xc7, 0xf1,
0x8e, 0x0f, 0xad, 0x53, 0x22, 0xdb, 0xd4, 0x5f, 0x77, 0xbf, 0x4e, 0x5d, 0xc7, 0x49, 0x01, 0x8a, 0xa6, 0x75, 0x4a, 0x64, 0x9b, 0xfa, 0xeb, 0xee, 0xd7, 0xa9, 0xeb, 0x38, 0x29, 0x40, 0xf1, 0x19,
0xcf, 0xa0, 0xc5, 0xf5, 0xd9, 0x23, 0xbb, 0xa1, 0xb3, 0xfa, 0xe5, 0x2c, 0x0d, 0x1b, 0xc6, 0xf2, 0xb4, 0xb8, 0xde, 0x7b, 0x64, 0x37, 0x74, 0x56, 0xbf, 0x9c, 0xa5, 0x61, 0xc3, 0x58, 0x9e, 0xe8,
0x44, 0x4f, 0x7d, 0x29, 0xd6, 0x24, 0x4d, 0x38, 0xfd, 0x1a, 0x3a, 0xc5, 0x00, 0xee, 0x42, 0xe3, 0xa9, 0x2f, 0xc5, 0x9a, 0xa4, 0x09, 0xa7, 0x5f, 0x43, 0xa7, 0x18, 0xc0, 0x5d, 0x68, 0xbc, 0x62,
0x15, 0x5b, 0x27, 0xf7, 0x5e, 0x3d, 0xe2, 0x61, 0xa2, 0xcc, 0xf6, 0xe1, 0x88, 0x0b, 0x90, 0x18, 0xeb, 0xe4, 0xde, 0xab, 0x25, 0x1e, 0x26, 0xca, 0x6c, 0x6f, 0x8e, 0xb8, 0x00, 0x89, 0x61, 0x67,
0x76, 0x66, 0x7e, 0x86, 0x9c, 0x5f, 0x10, 0x74, 0x8a, 0x74, 0xf7, 0x70, 0x5f, 0xbf, 0x80, 0x76, 0xe6, 0x67, 0xc8, 0xf9, 0x05, 0x41, 0xa7, 0x48, 0x77, 0x0f, 0xf7, 0xf5, 0x0b, 0x68, 0x87, 0x59,
0x98, 0x8d, 0x49, 0xa4, 0x67, 0xec, 0xee, 0xe8, 0xbd, 0x5d, 0x33, 0x16, 0x91, 0x62, 0x86, 0xf3, 0x9b, 0x44, 0xba, 0xc7, 0xee, 0x8e, 0xde, 0xdb, 0xd5, 0x63, 0x11, 0x29, 0x66, 0x38, 0xbf, 0x21,
0x1b, 0x02, 0xc8, 0xef, 0xc0, 0x1e, 0x18, 0x7d, 0x00, 0xf7, 0xaa, 0xfb, 0x20, 0x6e, 0x40, 0x87, 0x80, 0xfc, 0x0e, 0xec, 0x81, 0xd1, 0x07, 0x70, 0xaf, 0x3a, 0x0f, 0xe2, 0x03, 0xe8, 0x90, 0x7a,
0xd4, 0x03, 0x55, 0xfe, 0xcd, 0x37, 0xe6, 0xff, 0x0f, 0x82, 0x3b, 0x25, 0xc1, 0xf1, 0x00, 0x8e, 0xa0, 0xca, 0xbf, 0xf9, 0xc6, 0xfc, 0xff, 0x42, 0x70, 0xa7, 0x24, 0x38, 0x1e, 0xc0, 0x31, 0x75,
0xa9, 0xeb, 0xb2, 0x50, 0x3e, 0x5f, 0xbe, 0x9c, 0x73, 0xf7, 0x9c, 0xa5, 0x27, 0xa9, 0xba, 0x0b, 0x5d, 0x16, 0xca, 0xe7, 0xcb, 0x97, 0x73, 0xee, 0x5e, 0xb0, 0x74, 0x27, 0x55, 0x77, 0x81, 0xea,
0x2b, 0x2d, 0x87, 0x9a, 0xa5, 0x95, 0x96, 0x63, 0xdf, 0xee, 0xb1, 0x74, 0x1f, 0xf4, 0x71, 0x66, 0xd5, 0x7a, 0x91, 0x4e, 0x1e, 0x53, 0x4f, 0x9e, 0x7a, 0xe0, 0x6d, 0x6f, 0xec, 0x0f, 0x04, 0xed,
0x5e, 0xb2, 0x39, 0x33, 0xdb, 0xf9, 0x1d, 0x41, 0xbb, 0x70, 0x61, 0xf7, 0xd0, 0xb3, 0x4c, 0xb2, 0xc2, 0xb5, 0xdc, 0xc3, 0xc9, 0x64, 0xc2, 0x5c, 0x65, 0x2f, 0x66, 0xa3, 0x28, 0x4c, 0xe6, 0xc6,
0xcb, 0xec, 0x5d, 0xda, 0x28, 0x4a, 0x96, 0xb9, 0x4b, 0xbc, 0x9a, 0x65, 0x5e, 0x9b, 0x25, 0x3a, 0x0e, 0x74, 0x32, 0xad, 0xf2, 0x39, 0x5f, 0xf2, 0x6d, 0x96, 0xe3, 0x60, 0x8b, 0x1c, 0x4e, 0x94,
0xd8, 0x22, 0x91, 0x13, 0x65, 0x7d, 0x4b, 0xf6, 0xe6, 0xae, 0x63, 0x3c, 0x83, 0xe3, 0x64, 0x2b, 0x9d, 0x52, 0x32, 0x25, 0x77, 0x6d, 0xe7, 0x19, 0x1c, 0x27, 0x33, 0x80, 0xb0, 0x70, 0x4e, 0xdd,
0x10, 0x16, 0xce, 0xa9, 0x9b, 0xdd, 0xe9, 0x07, 0x65, 0x4d, 0x49, 0x09, 0x44, 0xaa, 0x49, 0xce, 0xec, 0x06, 0x3f, 0x28, 0xeb, 0x47, 0x4a, 0x20, 0x52, 0x4d, 0x72, 0x7e, 0x44, 0x70, 0xaf, 0x06,
0x8f, 0x08, 0xee, 0xd5, 0x60, 0x7b, 0x10, 0x70, 0xd3, 0xcb, 0xb1, 0xb1, 0xf9, 0xe5, 0xe8, 0xac, 0xdb, 0x83, 0x90, 0x9b, 0x9e, 0xc2, 0xc6, 0xe6, 0xa7, 0xd0, 0x59, 0xc1, 0xfd, 0x2d, 0x63, 0x7e,
0xe0, 0xfe, 0x96, 0xc5, 0xbf, 0x93, 0x48, 0x65, 0xa4, 0xcc, 0x37, 0x1d, 0xa9, 0x87, 0x8f, 0x01, 0x27, 0x91, 0x4a, 0xfb, 0x98, 0x6f, 0xda, 0x3e, 0x0f, 0x1f, 0x03, 0xae, 0x43, 0xb0, 0x05, 0x07,
0xd7, 0x21, 0xd8, 0x82, 0x83, 0xb1, 0xb7, 0xe0, 0x7e, 0xd7, 0xc0, 0x00, 0x87, 0x2f, 0x04, 0x97, 0x63, 0x6f, 0xc1, 0xfd, 0xae, 0x81, 0x01, 0x0e, 0x5f, 0x08, 0x2e, 0x99, 0xe8, 0x22, 0xb5, 0x56,
0x4c, 0x74, 0x91, 0x7a, 0x56, 0x7c, 0x99, 0xe8, 0x9a, 0x4f, 0x3e, 0xfa, 0xe3, 0xa6, 0x87, 0x5e, 0x7c, 0x99, 0xe8, 0x9a, 0x4f, 0x3e, 0xfa, 0xfd, 0xa6, 0x87, 0x5e, 0xdf, 0xf4, 0xd0, 0x3f, 0x37,
0xdf, 0xf4, 0xd0, 0xdf, 0x37, 0x3d, 0xf4, 0xf3, 0x6d, 0xcf, 0x78, 0x7d, 0xdb, 0x33, 0xfe, 0xba, 0x3d, 0xf4, 0xf3, 0x6d, 0xcf, 0x78, 0x7d, 0xdb, 0x33, 0xfe, 0xbe, 0xed, 0x19, 0xdf, 0x9f, 0x6c,
0xed, 0x19, 0xdf, 0x9f, 0x6c, 0xfe, 0x85, 0xf7, 0xf2, 0x50, 0x7f, 0x7c, 0xf2, 0x5f, 0x00, 0x00, 0xfe, 0x3d, 0xf7, 0xf2, 0x50, 0x7f, 0x7c, 0xf2, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa5, 0x4a,
0x00, 0xff, 0xff, 0x0d, 0xd2, 0xee, 0x14, 0x02, 0x0a, 0x00, 0x00, 0x77, 0x11, 0xf0, 0x09, 0x00, 0x00,
} }
func (m *RawACLRecord) Marshal() (dAtA []byte, err error) { func (m *RawACLRecord) Marshal() (dAtA []byte, err error) {
@ -1640,13 +1632,6 @@ func (m *ACLUserInvite) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i _ = i
var l int var l int
_ = l _ = l
if len(m.InviteId) > 0 {
i -= len(m.InviteId)
copy(dAtA[i:], m.InviteId)
i = encodeVarintAclrecord(dAtA, i, uint64(len(m.InviteId)))
i--
dAtA[i] = 0x2a
}
if m.Permissions != 0 { if m.Permissions != 0 {
i = encodeVarintAclrecord(dAtA, i, uint64(m.Permissions)) i = encodeVarintAclrecord(dAtA, i, uint64(m.Permissions))
i-- i--
@ -1661,12 +1646,10 @@ func (m *ACLUserInvite) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x1a dAtA[i] = 0x1a
} }
} }
if len(m.EncryptPublicKey) > 0 { if m.EncryptSymKeyHash != 0 {
i -= len(m.EncryptPublicKey) i = encodeVarintAclrecord(dAtA, i, uint64(m.EncryptSymKeyHash))
copy(dAtA[i:], m.EncryptPublicKey)
i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptPublicKey)))
i-- i--
dAtA[i] = 0x12 dAtA[i] = 0x10
} }
if len(m.AcceptPublicKey) > 0 { if len(m.AcceptPublicKey) > 0 {
i -= len(m.AcceptPublicKey) i -= len(m.AcceptPublicKey)
@ -1707,10 +1690,10 @@ func (m *ACLUserJoin) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x2a dAtA[i] = 0x2a
} }
} }
if len(m.InviteId) > 0 { if len(m.AcceptPubKey) > 0 {
i -= len(m.InviteId) i -= len(m.AcceptPubKey)
copy(dAtA[i:], m.InviteId) copy(dAtA[i:], m.AcceptPubKey)
i = encodeVarintAclrecord(dAtA, i, uint64(len(m.InviteId))) i = encodeVarintAclrecord(dAtA, i, uint64(len(m.AcceptPubKey)))
i-- i--
dAtA[i] = 0x22 dAtA[i] = 0x22
} }
@ -2146,9 +2129,8 @@ func (m *ACLUserInvite) Size() (n int) {
if l > 0 { if l > 0 {
n += 1 + l + sovAclrecord(uint64(l)) n += 1 + l + sovAclrecord(uint64(l))
} }
l = len(m.EncryptPublicKey) if m.EncryptSymKeyHash != 0 {
if l > 0 { n += 1 + sovAclrecord(uint64(m.EncryptSymKeyHash))
n += 1 + l + sovAclrecord(uint64(l))
} }
if len(m.EncryptedReadKeys) > 0 { if len(m.EncryptedReadKeys) > 0 {
for _, b := range m.EncryptedReadKeys { for _, b := range m.EncryptedReadKeys {
@ -2159,10 +2141,6 @@ func (m *ACLUserInvite) Size() (n int) {
if m.Permissions != 0 { if m.Permissions != 0 {
n += 1 + sovAclrecord(uint64(m.Permissions)) n += 1 + sovAclrecord(uint64(m.Permissions))
} }
l = len(m.InviteId)
if l > 0 {
n += 1 + l + sovAclrecord(uint64(l))
}
return n return n
} }
@ -2184,7 +2162,7 @@ func (m *ACLUserJoin) Size() (n int) {
if l > 0 { if l > 0 {
n += 1 + l + sovAclrecord(uint64(l)) n += 1 + l + sovAclrecord(uint64(l))
} }
l = len(m.InviteId) l = len(m.AcceptPubKey)
if l > 0 { if l > 0 {
n += 1 + l + sovAclrecord(uint64(l)) n += 1 + l + sovAclrecord(uint64(l))
} }
@ -3903,10 +3881,10 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error {
} }
iNdEx = postIndex iNdEx = postIndex
case 2: case 2:
if wireType != 2 { if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field EncryptPublicKey", wireType) return fmt.Errorf("proto: wrong wireType = %d for field EncryptSymKeyHash", wireType)
} }
var byteLen int m.EncryptSymKeyHash = 0
for shift := uint(0); ; shift += 7 { for shift := uint(0); ; shift += 7 {
if shift >= 64 { if shift >= 64 {
return ErrIntOverflowAclrecord return ErrIntOverflowAclrecord
@ -3916,26 +3894,11 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error {
} }
b := dAtA[iNdEx] b := dAtA[iNdEx]
iNdEx++ iNdEx++
byteLen |= int(b&0x7F) << shift m.EncryptSymKeyHash |= uint64(b&0x7F) << shift
if b < 0x80 { if b < 0x80 {
break break
} }
} }
if byteLen < 0 {
return ErrInvalidLengthAclrecord
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthAclrecord
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.EncryptPublicKey = append(m.EncryptPublicKey[:0], dAtA[iNdEx:postIndex]...)
if m.EncryptPublicKey == nil {
m.EncryptPublicKey = []byte{}
}
iNdEx = postIndex
case 3: case 3:
if wireType != 2 { if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKeys", wireType) return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKeys", wireType)
@ -3987,38 +3950,6 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error {
break break
} }
} }
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field InviteId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAclrecord
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAclrecord
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAclrecord
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.InviteId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default: default:
iNdEx = preIndex iNdEx = preIndex
skippy, err := skipAclrecord(dAtA[iNdEx:]) skippy, err := skipAclrecord(dAtA[iNdEx:])
@ -4173,9 +4104,9 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error {
iNdEx = postIndex iNdEx = postIndex
case 4: case 4:
if wireType != 2 { if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field InviteId", wireType) return fmt.Errorf("proto: wrong wireType = %d for field AcceptPubKey", wireType)
} }
var stringLen uint64 var byteLen int
for shift := uint(0); ; shift += 7 { for shift := uint(0); ; shift += 7 {
if shift >= 64 { if shift >= 64 {
return ErrIntOverflowAclrecord return ErrIntOverflowAclrecord
@ -4185,23 +4116,25 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error {
} }
b := dAtA[iNdEx] b := dAtA[iNdEx]
iNdEx++ iNdEx++
stringLen |= uint64(b&0x7F) << shift byteLen |= int(b&0x7F) << shift
if b < 0x80 { if b < 0x80 {
break break
} }
} }
intStringLen := int(stringLen) if byteLen < 0 {
if intStringLen < 0 {
return ErrInvalidLengthAclrecord return ErrInvalidLengthAclrecord
} }
postIndex := iNdEx + intStringLen postIndex := iNdEx + byteLen
if postIndex < 0 { if postIndex < 0 {
return ErrInvalidLengthAclrecord return ErrInvalidLengthAclrecord
} }
if postIndex > l { if postIndex > l {
return io.ErrUnexpectedEOF return io.ErrUnexpectedEOF
} }
m.InviteId = string(dAtA[iNdEx:postIndex]) m.AcceptPubKey = append(m.AcceptPubKey[:0], dAtA[iNdEx:postIndex]...)
if m.AcceptPubKey == nil {
m.AcceptPubKey = []byte{}
}
iNdEx = postIndex iNdEx = postIndex
case 5: case 5:
if wireType != 2 { if wireType != 2 {

14
common/pkg/acl/aclrecordproto/protos/aclrecord.proto
View File

@ -63,28 +63,18 @@ message ACLUserAdd {
ACLUserPermissions permissions = 4; ACLUserPermissions permissions = 4;
} }
// signing accept key
// rsa encryption key -> read keys
// accept key, encrypt key, invite id
// GetSpace(id) -> ... (space header + acl root) -> diff
// Join(ACLJoinRecord) -> Ok
//
message ACLUserInvite { message ACLUserInvite {
bytes acceptPublicKey = 1; bytes acceptPublicKey = 1;
bytes encryptPublicKey = 2; uint64 encryptSymKeyHash = 2;
repeated bytes encryptedReadKeys = 3; repeated bytes encryptedReadKeys = 3;
ACLUserPermissions permissions = 4; ACLUserPermissions permissions = 4;
string inviteId = 5;
} }
message ACLUserJoin { message ACLUserJoin {
bytes identity = 1; bytes identity = 1;
bytes encryptionKey = 2; bytes encryptionKey = 2;
bytes acceptSignature = 3; bytes acceptSignature = 3;
string inviteId = 4; bytes acceptPubKey = 4;
repeated bytes encryptedReadKeys = 5; repeated bytes encryptedReadKeys = 5;
} }

65
common/pkg/acl/list/aclrecordbuilder.go
View File

@ -4,6 +4,8 @@ import (
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric"
"github.com/gogo/protobuf/proto" "github.com/gogo/protobuf/proto"
) )
@ -23,6 +25,69 @@ func newACLRecordBuilder(id string, keychain *common.Keychain) ACLRecordBuilder
} }
} }
func (a *aclRecordBuilder) BuildUserJoin(acceptPrivKeyBytes []byte, encSymKeyBytes []byte, state *ACLState) (rec *aclrecordproto.RawACLRecord, err error) {
acceptPrivKey, err := signingkey.NewSigningEd25519PrivKeyFromBytes(acceptPrivKeyBytes)
if err != nil {
return
}
acceptPubKeyBytes, err := acceptPrivKey.GetPublic().Raw()
if err != nil {
return
}
encSymKey, err := symmetric.DeriveFromBytes(encSymKeyBytes)
if err != nil {
return
}
invite, err := state.Invite(acceptPubKeyBytes)
if err != nil {
return
}
encPrivKey, signPrivKey := state.UserKeys()
var symKeys [][]byte
for _, rk := range invite.EncryptedReadKeys {
dec, err := encSymKey.Decrypt(rk)
if err != nil {
return nil, err
}
newEnc, err := encPrivKey.GetPublic().Encrypt(dec)
if err != nil {
return nil, err
}
symKeys = append(symKeys, newEnc)
}
idSignature, err := acceptPrivKey.Sign(state.Identity())
if err != nil {
return
}
encPubKeyBytes, err := encPrivKey.GetPublic().Raw()
if err != nil {
return
}
userJoin := &aclrecordproto.ACLUserJoin{
Identity: state.Identity(),
EncryptionKey: encPubKeyBytes,
AcceptSignature: idSignature,
AcceptPubKey: acceptPubKeyBytes,
EncryptedReadKeys: symKeys,
}
marshalledJoin, err := userJoin.Marshal()
if err != nil {
return
}
joinSignature, err := signPrivKey.Sign(marshalledJoin)
if err != nil {
return
}
rec = &aclrecordproto.RawACLRecord{
Payload: marshalledJoin,
Signature: joinSignature,
}
return
}
func (a *aclRecordBuilder) ConvertFromRaw(rawIdRecord *aclrecordproto.RawACLRecordWithId) (rec *ACLRecord, err error) { func (a *aclRecordBuilder) ConvertFromRaw(rawIdRecord *aclrecordproto.RawACLRecordWithId) (rec *ACLRecord, err error) {
rawRec := &aclrecordproto.RawACLRecord{} rawRec := &aclrecordproto.RawACLRecord{}
err = proto.Unmarshal(rawIdRecord.Payload, rawRec) err = proto.Unmarshal(rawIdRecord.Payload, rawRec)

45
common/pkg/acl/list/aclstate.go
View File

@ -7,6 +7,7 @@ import (
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/app/logger" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/app/logger"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric"
@ -23,6 +24,8 @@ var ErrUserRemoved = errors.New("user was removed from the document")
var ErrDocumentForbidden = errors.New("your user was forbidden access to the document") var ErrDocumentForbidden = errors.New("your user was forbidden access to the document")
var ErrUserAlreadyExists = errors.New("user already exists") var ErrUserAlreadyExists = errors.New("user already exists")
var ErrNoSuchRecord = errors.New("no such record") var ErrNoSuchRecord = errors.New("no such record")
var ErrNoSuchInvite = errors.New("no such invite")
var ErrOldInvite = errors.New("invite is too old")
var ErrInsufficientPermissions = errors.New("insufficient permissions") var ErrInsufficientPermissions = errors.New("insufficient permissions")
var ErrNoReadKey = errors.New("acl state doesn't have a read key") var ErrNoReadKey = errors.New("acl state doesn't have a read key")
var ErrInvalidSignature = errors.New("signature is invalid") var ErrInvalidSignature = errors.New("signature is invalid")
@ -41,6 +44,7 @@ type ACLState struct {
userInvites map[string]*aclrecordproto.ACLUserInvite userInvites map[string]*aclrecordproto.ACLUserInvite
encryptionKey encryptionkey.PrivKey encryptionKey encryptionkey.PrivKey
signingKey signingkey.PrivKey signingKey signingkey.PrivKey
totalReadKeys int
identity string identity string
permissionsAtRecord map[string][]UserPermissionPair permissionsAtRecord map[string][]UserPermissionPair
@ -199,6 +203,8 @@ func (st *ACLState) saveReadKeyFromRoot(root *aclrecordproto.ACLRoot) (err error
} }
st.currentReadKeyHash = root.CurrentReadKeyHash st.currentReadKeyHash = root.CurrentReadKeyHash
st.userReadKeys[root.CurrentReadKeyHash] = readKey st.userReadKeys[root.CurrentReadKeyHash] = readKey
st.totalReadKeys++
return return
} }
@ -207,7 +213,10 @@ func (st *ACLState) applyChangeData(changeData *aclrecordproto.ACLData, hash uin
if err != nil { if err != nil {
return return
} }
st.currentReadKeyHash = hash if hash != st.currentReadKeyHash {
st.totalReadKeys++
st.currentReadKeyHash = hash
}
}() }()
if !st.isUserJoin(changeData) { if !st.isUserJoin(changeData) {
@ -262,14 +271,14 @@ func (st *ACLState) applyUserPermissionChange(ch *aclrecordproto.ACLUserPermissi
} }
func (st *ACLState) applyUserInvite(ch *aclrecordproto.ACLUserInvite) error { func (st *ACLState) applyUserInvite(ch *aclrecordproto.ACLUserInvite) error {
st.userInvites[ch.InviteId] = ch st.userInvites[string(ch.AcceptPublicKey)] = ch
return nil return nil
} }
func (st *ACLState) applyUserJoin(ch *aclrecordproto.ACLUserJoin) error { func (st *ACLState) applyUserJoin(ch *aclrecordproto.ACLUserJoin) error {
invite, exists := st.userInvites[ch.InviteId] invite, exists := st.userInvites[string(ch.AcceptPubKey)]
if !exists { if !exists {
return fmt.Errorf("no such invite with id %s", ch.InviteId) return fmt.Errorf("no such invite with such public key %s", keys.EncodeBytesToString(ch.AcceptPubKey))
} }
chIdentity := string(ch.Identity) chIdentity := string(ch.Identity)
@ -284,7 +293,7 @@ func (st *ACLState) applyUserJoin(ch *aclrecordproto.ACLUserJoin) error {
return fmt.Errorf("public key verifying invite accepts is given in incorrect format: %v", err) return fmt.Errorf("public key verifying invite accepts is given in incorrect format: %v", err)
} }
res, err := verificationKey.(signingkey.PubKey).Verify(ch.Identity, signature) res, err := verificationKey.Verify(ch.Identity, signature)
if err != nil { if err != nil {
return fmt.Errorf("verification returned error: %w", err) return fmt.Errorf("verification returned error: %w", err)
} }
@ -361,8 +370,8 @@ func (st *ACLState) applyUserRemove(ch *aclrecordproto.ACLUserRemove) error {
return ErrFailedToDecrypt return ErrFailedToDecrypt
} }
st.currentReadKeyHash = hash st.userReadKeys[hash] = key
st.userReadKeys[st.currentReadKeyHash] = key break
} }
} }
return nil return nil
@ -404,6 +413,26 @@ func (st *ACLState) isUserAdd(data *aclrecordproto.ACLData, identity []byte) boo
return data.GetAclContent() != nil && userAdd != nil && bytes.Compare(userAdd.GetIdentity(), identity) == 0 return data.GetAclContent() != nil && userAdd != nil && bytes.Compare(userAdd.GetIdentity(), identity) == 0
} }
func (st *ACLState) GetUserStates() map[string]*aclrecordproto.ACLUserState { func (st *ACLState) UserStates() map[string]*aclrecordproto.ACLUserState {
return st.userStates return st.userStates
} }
func (st *ACLState) Invite(acceptPubKey []byte) (invite *aclrecordproto.ACLUserInvite, err error) {
invite, exists := st.userInvites[string(acceptPubKey)]
if !exists {
err = ErrNoSuchInvite
return
}
if len(invite.EncryptedReadKeys) != st.totalReadKeys {
err = ErrOldInvite
}
return
}
func (st *ACLState) UserKeys() (encKey encryptionkey.PrivKey, signKey signingkey.PrivKey) {
return st.encryptionKey, st.signingKey
}
func (st *ACLState) Identity() []byte {
return []byte(st.identity)
}

12
common/pkg/acl/list/list_test.go
View File

@ -22,9 +22,9 @@ func TestAclList_ACLState_UserInviteAndJoin(t *testing.T) {
idC := keychain.GetIdentity("C") idC := keychain.GetIdentity("C")
// checking final state // checking final state
assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().UserStates()[idA].Permissions)
assert.Equal(t, aclrecordproto.ACLUserPermissions_Writer, aclList.ACLState().GetUserStates()[idB].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Writer, aclList.ACLState().UserStates()[idB].Permissions)
assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().UserStates()[idC].Permissions)
assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash())
var records []*ACLRecord var records []*ACLRecord
@ -61,11 +61,11 @@ func TestAclList_ACLState_UserJoinAndRemove(t *testing.T) {
idC := keychain.GetIdentity("C") idC := keychain.GetIdentity("C")
// checking final state // checking final state
assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().UserStates()[idA].Permissions)
assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().UserStates()[idC].Permissions)
assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash())
_, exists := aclList.ACLState().GetUserStates()[idB] _, exists := aclList.ACLState().UserStates()[idB]
assert.Equal(t, false, exists) assert.Equal(t, false, exists)
var records []*ACLRecord var records []*ACLRecord

38
common/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go
View File

@ -9,6 +9,7 @@ import (
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric"
"hash/fnv" "hash/fnv"
"io/ioutil" "io/ioutil"
"path" "path"
@ -183,7 +184,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord
UserAdd: &aclrecordproto2.ACLUserAdd{ UserAdd: &aclrecordproto2.ACLUserAdd{
Identity: []byte(t.keychain.GetIdentity(add.Identity)), Identity: []byte(t.keychain.GetIdentity(add.Identity)),
EncryptionKey: rawKey, EncryptionKey: rawKey,
EncryptedReadKeys: t.encryptReadKeys(add.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeysWithPubKey(add.EncryptedReadKeys, encKey),
Permissions: t.convertPermission(add.Permission), Permissions: t.convertPermission(add.Permission),
}, },
}, },
@ -191,16 +192,16 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord
case ch.UserJoin != nil: case ch.UserJoin != nil:
join := ch.UserJoin join := ch.UserJoin
encKey := t.keychain. encKey := t.keychain.GetKey(join.EncryptionKey).(encryptionkey.PrivKey)
GetKey(join.EncryptionKey).(encryptionkey.PrivKey)
rawKey, _ := encKey.GetPublic().Raw() rawKey, _ := encKey.GetPublic().Raw()
idKey, _ := t.keychain.SigningKeysByYAMLIdentity[join.Identity].GetPublic().Raw() idKey, _ := t.keychain.SigningKeysByYAMLIdentity[join.Identity].GetPublic().Raw()
signKey := t.keychain.GetKey(join.AcceptSignature).(signingkey.PrivKey) signKey := t.keychain.GetKey(join.AcceptKey).(signingkey.PrivKey)
signature, err := signKey.Sign(idKey) signature, err := signKey.Sign(idKey)
if err != nil { if err != nil {
panic(err) panic(err)
} }
acceptPubKey, _ := signKey.GetPublic().Raw()
convCh = &aclrecordproto2.ACLContentValue{ convCh = &aclrecordproto2.ACLContentValue{
Value: &aclrecordproto2.ACLContentValue_UserJoin{ Value: &aclrecordproto2.ACLContentValue_UserJoin{
@ -208,26 +209,24 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord
Identity: []byte(t.keychain.GetIdentity(join.Identity)), Identity: []byte(t.keychain.GetIdentity(join.Identity)),
EncryptionKey: rawKey, EncryptionKey: rawKey,
AcceptSignature: signature, AcceptSignature: signature,
InviteId: join.InviteId, AcceptPubKey: acceptPubKey,
EncryptedReadKeys: t.encryptReadKeys(join.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeysWithPubKey(join.EncryptedReadKeys, encKey),
}, },
}, },
} }
case ch.UserInvite != nil: case ch.UserInvite != nil:
invite := ch.UserInvite invite := ch.UserInvite
rawAcceptKey, _ := t.keychain.GetKey(invite.AcceptKey).(signingkey.PrivKey).GetPublic().Raw() rawAcceptKey, _ := t.keychain.GetKey(invite.AcceptKey).(signingkey.PrivKey).GetPublic().Raw()
encKey := t.keychain. hash := t.keychain.GetKey(invite.EncryptionKey).(*SymKey).Hash
GetKey(invite.EncryptionKey).(encryptionkey.PrivKey) encKey := t.keychain.ReadKeysByHash[hash]
rawEncKey, _ := encKey.GetPublic().Raw()
convCh = &aclrecordproto2.ACLContentValue{ convCh = &aclrecordproto2.ACLContentValue{
Value: &aclrecordproto2.ACLContentValue_UserInvite{ Value: &aclrecordproto2.ACLContentValue_UserInvite{
UserInvite: &aclrecordproto2.ACLUserInvite{ UserInvite: &aclrecordproto2.ACLUserInvite{
AcceptPublicKey: rawAcceptKey, AcceptPublicKey: rawAcceptKey,
EncryptPublicKey: rawEncKey, EncryptSymKeyHash: hash,
EncryptedReadKeys: t.encryptReadKeys(invite.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeysWithSymKey(invite.EncryptedReadKeys, encKey.Key),
Permissions: t.convertPermission(invite.Permissions), Permissions: t.convertPermission(invite.Permissions),
InviteId: invite.InviteId,
}, },
}, },
} }
@ -278,7 +277,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord
return convCh return convCh
} }
func (t *ACLListStorageBuilder) encryptReadKeys(keys []string, encKey encryptionkey.PrivKey) (enc [][]byte) { func (t *ACLListStorageBuilder) encryptReadKeysWithPubKey(keys []string, encKey encryptionkey.PrivKey) (enc [][]byte) {
for _, k := range keys { for _, k := range keys {
realKey := t.keychain.GetKey(k).(*SymKey).Key.Bytes() realKey := t.keychain.GetKey(k).(*SymKey).Key.Bytes()
res, err := encKey.GetPublic().Encrypt(realKey) res, err := encKey.GetPublic().Encrypt(realKey)
@ -291,6 +290,19 @@ func (t *ACLListStorageBuilder) encryptReadKeys(keys []string, encKey encryption
return return
} }
func (t *ACLListStorageBuilder) encryptReadKeysWithSymKey(keys []string, key *symmetric.Key) (enc [][]byte) {
for _, k := range keys {
realKey := t.keychain.GetKey(k).(*SymKey).Key.Bytes()
res, err := key.Encrypt(realKey)
if err != nil {
panic(err)
}
enc = append(enc, res)
}
return
}
func (t *ACLListStorageBuilder) convertPermission(perm string) aclrecordproto2.ACLUserPermissions { func (t *ACLListStorageBuilder) convertPermission(perm string) aclrecordproto2.ACLUserPermissions {
switch perm { switch perm {
case "admin": case "admin":

4
common/pkg/acl/testutils/acllistbuilder/ymlentities.go
View File

@ -23,8 +23,7 @@ type ACLChange struct {
UserJoin *struct { UserJoin *struct {
Identity string `yaml:"identity"` Identity string `yaml:"identity"`
EncryptionKey string `yaml:"encryptionKey"` EncryptionKey string `yaml:"encryptionKey"`
AcceptSignature string `yaml:"acceptSignature"` AcceptKey string `yaml:"acceptKey"`
InviteId string `yaml:"inviteId"`
EncryptedReadKeys []string `yaml:"encryptedReadKeys"` EncryptedReadKeys []string `yaml:"encryptedReadKeys"`
} `yaml:"userJoin"` } `yaml:"userJoin"`
@ -33,7 +32,6 @@ type ACLChange struct {
EncryptionKey string `yaml:"encryptionKey"` EncryptionKey string `yaml:"encryptionKey"`
EncryptedReadKeys []string `yaml:"encryptedReadKeys"` EncryptedReadKeys []string `yaml:"encryptedReadKeys"`
Permissions string `yaml:"permissions"` Permissions string `yaml:"permissions"`
InviteId string `yaml:"inviteId"`
} `yaml:"userInvite"` } `yaml:"userInvite"`
UserRemove *struct { UserRemove *struct {

8
common/pkg/acl/testutils/yamltests/userjoinexample.yml
View File

@ -6,10 +6,9 @@ records:
aclChanges: aclChanges:
- userInvite: - userInvite:
acceptKey: key.Sign.Onetime1 acceptKey: key.Sign.Onetime1
encryptionKey: key.Enc.Onetime1 encryptionKey: key.Read.EncKey
encryptedReadKeys: [key.Read.1] encryptedReadKeys: [key.Read.1]
permissions: writer permissions: writer
inviteId: A.1.2
- userAdd: - userAdd:
identity: C identity: C
permission: reader permission: reader
@ -21,8 +20,7 @@ records:
- userJoin: - userJoin:
identity: B identity: B
encryptionKey: key.Enc.B encryptionKey: key.Enc.B
acceptSignature: key.Sign.Onetime1 acceptKey: key.Sign.Onetime1
inviteId: A.1.2
encryptedReadKeys: [key.Read.1] encryptedReadKeys: [key.Read.1]
readKey: key.Read.1 readKey: key.Read.1
keys: keys:
@ -48,3 +46,5 @@ keys:
Read: Read:
- name: 1 - name: 1
value: derived value: derived
- name: EncKey
value: generated

8
common/pkg/acl/testutils/yamltests/userremoveexample.yml
View File

@ -6,10 +6,9 @@ records:
aclChanges: aclChanges:
- userInvite: - userInvite:
acceptKey: key.Sign.Onetime1 acceptKey: key.Sign.Onetime1
encryptionKey: key.Enc.Onetime1 encryptionKey: key.Read.EncKey
encryptedReadKeys: [key.Read.1] encryptedReadKeys: [key.Read.1]
permissions: writer permissions: writer
inviteId: A.1.2
- userAdd: - userAdd:
identity: C identity: C
permission: reader permission: reader
@ -21,8 +20,7 @@ records:
- userJoin: - userJoin:
identity: B identity: B
encryptionKey: key.Enc.B encryptionKey: key.Enc.B
acceptSignature: key.Sign.Onetime1 acceptKey: key.Sign.Onetime1
inviteId: A.1.2
encryptedReadKeys: [key.Read.1] encryptedReadKeys: [key.Read.1]
readKey: key.Read.1 readKey: key.Read.1
- identity: A - identity: A
@ -57,3 +55,5 @@ keys:
value: derived value: derived
- name: 2 - name: 2
value: generated value: generated
- name: EncKey
value: generated