benjamyn/any-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make acl list etc compile

Browse Source
This commit is contained in:
mcrakhman 2022-09-26 13:47:34 +02:00
parent d77d8dbdd1
commit 674e784318
No known key found for this signature in database
GPG Key ID: DED12CFEF5B8396B
9 changed files with 140 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/acl/list/aclreadkeyderive.go → pkg/acl/aclrecordproto/aclreadkeyderive.go
View File

@ -1,4 +1,4 @@
package list package aclrecordproto
import "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/symmetric" import "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/symmetric"

2
pkg/acl/list/aclstate.go
View File

@ -173,7 +173,7 @@ func (st *ACLState) saveReadKeyFromRoot(root *aclrecordproto.ACLRoot) (err error
return return
} }
readKey, err = ACLReadKeyDerive([]byte(st.identity), encPubKey) readKey, err = aclrecordproto.ACLReadKeyDerive([]byte(st.identity), encPubKey)
if err != nil { if err != nil {
return return
} }

22
pkg/acl/list/list_test.go
View File

@ -1,7 +1,7 @@
package list package list
import ( import (
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclrecordproto/aclpb" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclrecordproto"
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/testutils/acllistbuilder" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/testutils/acllistbuilder"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -23,10 +23,10 @@ func TestAclList_ACLState_UserInviteAndJoin(t *testing.T) {
idC := keychain.GetIdentity("C") idC := keychain.GetIdentity("C")
// checking final state // checking final state
assert.Equal(t, aclpb.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions)
assert.Equal(t, aclpb.ACLUserPermissions_Writer, aclList.ACLState().GetUserStates()[idB].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Writer, aclList.ACLState().GetUserStates()[idB].Permissions)
assert.Equal(t, aclpb.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions)
assert.Equal(t, aclList.Head().Content.CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash())
var records []*ACLRecord var records []*ACLRecord
aclList.Iterate(func(record *ACLRecord) (IsContinue bool) { aclList.Iterate(func(record *ACLRecord) (IsContinue bool) {
@ -44,7 +44,7 @@ func TestAclList_ACLState_UserInviteAndJoin(t *testing.T) {
assert.NoError(t, err, "should have no error with permissions of B in the record 2") assert.NoError(t, err, "should have no error with permissions of B in the record 2")
assert.Equal(t, UserPermissionPair{ assert.Equal(t, UserPermissionPair{
Identity: idB, Identity: idB,
Permission: aclpb.ACLUserPermissions_Writer, Permission: aclrecordproto.ACLUserPermissions_Writer,
}, perm) }, perm)
} }
@ -62,9 +62,9 @@ func TestAclList_ACLState_UserJoinAndRemove(t *testing.T) {
idC := keychain.GetIdentity("C") idC := keychain.GetIdentity("C")
// checking final state // checking final state
assert.Equal(t, aclpb.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions)
assert.Equal(t, aclpb.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions)
assert.Equal(t, aclList.Head().Content.CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash())
_, exists := aclList.ACLState().GetUserStates()[idB] _, exists := aclList.ACLState().GetUserStates()[idB]
assert.Equal(t, false, exists) assert.Equal(t, false, exists)
@ -78,13 +78,13 @@ func TestAclList_ACLState_UserJoinAndRemove(t *testing.T) {
// checking permissions at specific records // checking permissions at specific records
assert.Equal(t, 4, len(records)) assert.Equal(t, 4, len(records))
assert.NotEqual(t, records[2].Content.CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) assert.NotEqual(t, records[2].CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash())
perm, err := aclList.ACLState().PermissionsAtRecord(records[2].Id, idB) perm, err := aclList.ACLState().PermissionsAtRecord(records[2].Id, idB)
assert.NoError(t, err, "should have no error with permissions of B in the record 2") assert.NoError(t, err, "should have no error with permissions of B in the record 2")
assert.Equal(t, UserPermissionPair{ assert.Equal(t, UserPermissionPair{
Identity: idB, Identity: idB,
Permission: aclpb.ACLUserPermissions_Writer, Permission: aclrecordproto.ACLUserPermissions_Writer,
}, perm) }, perm)
_, err = aclList.ACLState().PermissionsAtRecord(records[3].Id, idB) _, err = aclList.ACLState().PermissionsAtRecord(records[3].Id, idB)

12
pkg/acl/testutils/acllistbuilder/keychain.go
View File

@ -1,6 +1,7 @@
package acllistbuilder package acllistbuilder
import ( import (
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclrecordproto"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/encryptionkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey"
"hash/fnv" "hash/fnv"
@ -21,6 +22,7 @@ type Keychain struct {
ReadKeys map[string]*SymKey ReadKeys map[string]*SymKey
ReadKeysByHash map[uint64]*SymKey ReadKeysByHash map[uint64]*SymKey
GeneratedIdentities map[string]string GeneratedIdentities map[string]string
DerivedIdentity string
coder signingkey.PubKeyDecoder coder signingkey.PubKeyDecoder
} }
@ -37,6 +39,7 @@ func NewKeychain() *Keychain {
} }
func (k *Keychain) ParseKeys(keys *Keys) { func (k *Keychain) ParseKeys(keys *Keys) {
k.DerivedIdentity = keys.Derived
for _, encKey := range keys.Enc { for _, encKey := range keys.Enc {
k.AddEncryptionKey(encKey) k.AddEncryptionKey(encKey)
} }
@ -123,6 +126,13 @@ func (k *Keychain) AddReadKey(key *Key) {
if err != nil { if err != nil {
panic("should be able to generate symmetric key") panic("should be able to generate symmetric key")
} }
} else if key.Value == "derived" {
signKey, _ := k.SigningKeys[k.DerivedIdentity].Raw()
encKey, _ := k.EncryptionKeys[k.DerivedIdentity].Raw()
rkey, err = aclrecordproto.ACLReadKeyDerive(signKey, encKey)
if err != nil {
panic("should be able to derive symmetric key")
}
} else { } else {
rkey, err = symmetric.FromString(key.Value) rkey, err = symmetric.FromString(key.Value)
if err != nil { if err != nil {
@ -150,7 +160,7 @@ func (k *Keychain) AddKey(key *Key) {
} }
switch parts[1] { switch parts[1] {
case "Sign": case "Signature":
k.AddSigningKey(key) k.AddSigningKey(key)
case "Enc": case "Enc":
k.AddEncryptionKey(key) k.AddEncryptionKey(key)

157
pkg/acl/testutils/acllistbuilder/liststoragebuilder.go
View File

@ -3,12 +3,13 @@ package acllistbuilder
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclchanges/aclpb" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclrecordproto"
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/storage" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/storage"
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/testutils/yamltests" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/testutils/yamltests"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/cid" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/cid"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/encryptionkey"
"github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/util/keys/asymmetric/signingkey"
"hash/fnv"
"io/ioutil" "io/ioutil"
"path" "path"
"time" "time"
@ -19,17 +20,18 @@ import (
type ACLListStorageBuilder struct { type ACLListStorageBuilder struct {
aclList string aclList string
records []*aclpb.ACLRecord records []*aclrecordproto.ACLRecord
rawRecords []*aclpb.RawACLRecord rawRecords []*aclrecordproto.RawACLRecordWithId
indexes map[string]int indexes map[string]int
keychain *Keychain keychain *Keychain
header *aclpb.ACLHeader rawRoot *aclrecordproto.RawACLRecordWithId
root *aclrecordproto.ACLRoot
id string id string
} }
func NewACLListStorageBuilder(keychain *Keychain) *ACLListStorageBuilder { func NewACLListStorageBuilder(keychain *Keychain) *ACLListStorageBuilder {
return &ACLListStorageBuilder{ return &ACLListStorageBuilder{
records: make([]*aclpb.ACLRecord, 0), records: make([]*aclrecordproto.ACLRecord, 0),
indexes: make(map[string]int), indexes: make(map[string]int),
keychain: keychain, keychain: keychain,
} }
@ -58,47 +60,66 @@ func NewACLListStorageBuilderFromFile(file string) (*ACLListStorageBuilder, erro
return tb, nil return tb, nil
} }
func (t *ACLListStorageBuilder) createRaw(rec *aclpb.ACLRecord) *aclpb.RawACLRecord { func (t *ACLListStorageBuilder) createRaw(rec proto.Marshaler, identity []byte) *aclrecordproto.RawACLRecordWithId {
aclMarshaled, err := proto.Marshal(rec) protoMarshalled, err := rec.Marshal()
if err != nil { if err != nil {
panic("should be able to marshal final acl message!") panic("should be able to marshal final acl message!")
} }
signature, err := t.keychain.SigningKeysByIdentity[string(rec.Identity)].Sign(aclMarshaled) signature, err := t.keychain.SigningKeysByIdentity[string(identity)].Sign(protoMarshalled)
if err != nil { if err != nil {
panic("should be able to sign final acl message!") panic("should be able to sign final acl message!")
} }
id, _ := cid.NewCIDFromBytes(aclMarshaled) rawRec := &aclrecordproto.RawACLRecord{
Payload: protoMarshalled,
return &aclpb.RawACLRecord{
Payload: aclMarshaled,
Signature: signature, Signature: signature,
Id: id, }
rawMarshalled, err := proto.Marshal(rawRec)
if err != nil {
panic(err)
}
id, _ := cid.NewCIDFromBytes(rawMarshalled)
return &aclrecordproto.RawACLRecordWithId{
Payload: rawMarshalled,
Id: id,
} }
} }
func (t *ACLListStorageBuilder) getRecord(idx int) *aclpb.RawACLRecord { func (t *ACLListStorageBuilder) getRecord(idx int) *aclrecordproto.RawACLRecordWithId {
return t.rawRecords[idx] if idx > 0 {
return t.rawRecords[idx-1]
}
return t.rawRoot
} }
func (t *ACLListStorageBuilder) Head() (*aclpb.RawACLRecord, error) { func (t *ACLListStorageBuilder) Head() (*aclrecordproto.RawACLRecordWithId, error) {
return t.getRecord(len(t.records) - 1), nil l := len(t.records)
if l > 1 {
return t.rawRecords[l-2], nil
}
return t.rawRoot, nil
} }
func (t *ACLListStorageBuilder) Header() (*aclpb.ACLHeader, error) { func (t *ACLListStorageBuilder) Root() (*aclrecordproto.RawACLRecordWithId, error) {
return t.header, nil return t.rawRoot, nil
} }
func (t *ACLListStorageBuilder) GetRawRecord(ctx context.Context, id string) (*aclpb.RawACLRecord, error) { func (t *ACLListStorageBuilder) GetRawRecord(ctx context.Context, id string) (*aclrecordproto.RawACLRecordWithId, error) {
recIdx, ok := t.indexes[id] recIdx, ok := t.indexes[id]
if !ok { if !ok {
if id == t.rawRoot.Id {
return t.rawRoot, nil
}
return nil, fmt.Errorf("no such record") return nil, fmt.Errorf("no such record")
} }
return t.getRecord(recIdx), nil return t.getRecord(recIdx), nil
} }
func (t *ACLListStorageBuilder) AddRawRecord(ctx context.Context, rec *aclpb.RawACLRecord) error { func (t *ACLListStorageBuilder) AddRawRecord(ctx context.Context, rec *aclrecordproto.RawACLRecordWithId) error {
panic("implement me") panic("implement me")
} }
@ -106,7 +127,7 @@ func (t *ACLListStorageBuilder) ID() (string, error) {
return t.id, nil return t.id, nil
} }
func (t *ACLListStorageBuilder) GetRawRecords() []*aclpb.RawACLRecord { func (t *ACLListStorageBuilder) GetRawRecords() []*aclrecordproto.RawACLRecordWithId {
return t.rawRecords return t.rawRecords
} }
@ -122,29 +143,29 @@ func (t *ACLListStorageBuilder) Parse(tree *YMLList) {
prevId := "" prevId := ""
for idx, rec := range tree.Records { for idx, rec := range tree.Records {
newRecord := t.parseRecord(rec, prevId) newRecord := t.parseRecord(rec, prevId)
rawRecord := t.createRaw(newRecord) rawRecord := t.createRaw(newRecord, newRecord.Identity)
t.records = append(t.records, newRecord) t.records = append(t.records, newRecord)
t.rawRecords = append(t.rawRecords, t.createRaw(newRecord)) t.rawRecords = append(t.rawRecords, rawRecord)
t.indexes[rawRecord.Id] = idx t.indexes[rawRecord.Id] = idx
prevId = rawRecord.Id prevId = rawRecord.Id
} }
t.createHeaderAndId() t.parseRoot(tree.Root)
} }
func (t *ACLListStorageBuilder) parseRecord(rec *Record, prevId string) *aclpb.ACLRecord { func (t *ACLListStorageBuilder) parseRecord(rec *Record, prevId string) *aclrecordproto.ACLRecord {
k := t.keychain.GetKey(rec.ReadKey).(*SymKey) k := t.keychain.GetKey(rec.ReadKey).(*SymKey)
var aclChangeContents []*aclpb.ACLContentValue var aclChangeContents []*aclrecordproto.ACLContentValue
for _, ch := range rec.AclChanges { for _, ch := range rec.AclChanges {
aclChangeContent := t.parseACLChange(ch) aclChangeContent := t.parseACLChange(ch)
aclChangeContents = append(aclChangeContents, aclChangeContent) aclChangeContents = append(aclChangeContents, aclChangeContent)
} }
data := &aclpb.ACLData{ data := &aclrecordproto.ACLData{
AclContent: aclChangeContents, AclContent: aclChangeContents,
} }
bytes, _ := data.Marshal() bytes, _ := data.Marshal()
return &aclpb.ACLRecord{ return &aclrecordproto.ACLRecord{
PrevId: prevId, PrevId: prevId,
Identity: []byte(t.keychain.GetIdentity(rec.Identity)), Identity: []byte(t.keychain.GetIdentity(rec.Identity)),
Data: bytes, Data: bytes,
@ -153,7 +174,7 @@ func (t *ACLListStorageBuilder) parseRecord(rec *Record, prevId string) *aclpb.A
} }
} }
func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACLContentValue) { func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecordproto.ACLContentValue) {
switch { switch {
case ch.UserAdd != nil: case ch.UserAdd != nil:
add := ch.UserAdd add := ch.UserAdd
@ -161,9 +182,9 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
encKey := t.keychain.GetKey(add.EncryptionKey).(encryptionkey.PrivKey) encKey := t.keychain.GetKey(add.EncryptionKey).(encryptionkey.PrivKey)
rawKey, _ := encKey.GetPublic().Raw() rawKey, _ := encKey.GetPublic().Raw()
convCh = &aclpb.ACLContentValue{ convCh = &aclrecordproto.ACLContentValue{
Value: &aclpb.ACLContentValue_UserAdd{ Value: &aclrecordproto.ACLContentValue_UserAdd{
UserAdd: &aclpb.ACLUserAdd{ UserAdd: &aclrecordproto.ACLUserAdd{
Identity: []byte(t.keychain.GetIdentity(add.Identity)), Identity: []byte(t.keychain.GetIdentity(add.Identity)),
EncryptionKey: rawKey, EncryptionKey: rawKey,
EncryptedReadKeys: t.encryptReadKeys(add.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeys(add.EncryptedReadKeys, encKey),
@ -185,13 +206,13 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
panic(err) panic(err)
} }
convCh = &aclpb.ACLContentValue{ convCh = &aclrecordproto.ACLContentValue{
Value: &aclpb.ACLContentValue_UserJoin{ Value: &aclrecordproto.ACLContentValue_UserJoin{
UserJoin: &aclpb.ACLUserJoin{ UserJoin: &aclrecordproto.ACLUserJoin{
Identity: []byte(t.keychain.GetIdentity(join.Identity)), Identity: []byte(t.keychain.GetIdentity(join.Identity)),
EncryptionKey: rawKey, EncryptionKey: rawKey,
AcceptSignature: signature, AcceptSignature: signature,
UserInviteId: join.InviteId, InviteId: join.InviteId,
EncryptedReadKeys: t.encryptReadKeys(join.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeys(join.EncryptedReadKeys, encKey),
}, },
}, },
@ -203,9 +224,9 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
GetKey(invite.EncryptionKey).(encryptionkey.PrivKey) GetKey(invite.EncryptionKey).(encryptionkey.PrivKey)
rawEncKey, _ := encKey.GetPublic().Raw() rawEncKey, _ := encKey.GetPublic().Raw()
convCh = &aclpb.ACLContentValue{ convCh = &aclrecordproto.ACLContentValue{
Value: &aclpb.ACLContentValue_UserInvite{ Value: &aclrecordproto.ACLContentValue_UserInvite{
UserInvite: &aclpb.ACLUserInvite{ UserInvite: &aclrecordproto.ACLUserInvite{
AcceptPublicKey: rawAcceptKey, AcceptPublicKey: rawAcceptKey,
EncryptPublicKey: rawEncKey, EncryptPublicKey: rawEncKey,
EncryptedReadKeys: t.encryptReadKeys(invite.EncryptedReadKeys, encKey), EncryptedReadKeys: t.encryptReadKeys(invite.EncryptedReadKeys, encKey),
@ -214,23 +235,12 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
}, },
}, },
} }
case ch.UserConfirm != nil:
confirm := ch.UserConfirm
convCh = &aclpb.ACLContentValue{
Value: &aclpb.ACLContentValue_UserConfirm{
UserConfirm: &aclpb.ACLUserConfirm{
Identity: []byte(t.keychain.GetIdentity(confirm.Identity)),
UserAddId: confirm.UserAddId,
},
},
}
case ch.UserPermissionChange != nil: case ch.UserPermissionChange != nil:
permissionChange := ch.UserPermissionChange permissionChange := ch.UserPermissionChange
convCh = &aclpb.ACLContentValue{ convCh = &aclrecordproto.ACLContentValue{
Value: &aclpb.ACLContentValue_UserPermissionChange{ Value: &aclrecordproto.ACLContentValue_UserPermissionChange{
UserPermissionChange: &aclpb.ACLUserPermissionChange{ UserPermissionChange: &aclrecordproto.ACLUserPermissionChange{
Identity: []byte(t.keychain.GetIdentity(permissionChange.Identity)), Identity: []byte(t.keychain.GetIdentity(permissionChange.Identity)),
Permissions: t.convertPermission(permissionChange.Permission), Permissions: t.convertPermission(permissionChange.Permission),
}, },
@ -241,7 +251,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
newReadKey := t.keychain.GetKey(remove.NewReadKey).(*SymKey) newReadKey := t.keychain.GetKey(remove.NewReadKey).(*SymKey)
var replaces []*aclpb.ACLReadKeyReplace var replaces []*aclrecordproto.ACLReadKeyReplace
for _, id := range remove.IdentitiesLeft { for _, id := range remove.IdentitiesLeft {
identity := t.keychain.GetIdentity(id) identity := t.keychain.GetIdentity(id)
encKey := t.keychain.EncryptionKeys[id] encKey := t.keychain.EncryptionKeys[id]
@ -250,16 +260,16 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL
if err != nil { if err != nil {
panic(err) panic(err)
} }
replaces = append(replaces, &aclpb.ACLReadKeyReplace{ replaces = append(replaces, &aclrecordproto.ACLReadKeyReplace{
Identity: []byte(identity), Identity: []byte(identity),
EncryptionKey: rawEncKey, EncryptionKey: rawEncKey,
EncryptedReadKey: encReadKey, EncryptedReadKey: encReadKey,
}) })
} }
convCh = &aclpb.ACLContentValue{ convCh = &aclrecordproto.ACLContentValue{
Value: &aclpb.ACLContentValue_UserRemove{ Value: &aclrecordproto.ACLContentValue_UserRemove{
UserRemove: &aclpb.ACLUserRemove{ UserRemove: &aclrecordproto.ACLUserRemove{
Identity: []byte(t.keychain.GetIdentity(remove.RemovedIdentity)), Identity: []byte(t.keychain.GetIdentity(remove.RemovedIdentity)),
ReadKeyReplaces: replaces, ReadKeyReplaces: replaces,
}, },
@ -286,20 +296,20 @@ func (t *ACLListStorageBuilder) encryptReadKeys(keys []string, encKey encryption
return return
} }
func (t *ACLListStorageBuilder) convertPermission(perm string) aclpb.ACLUserPermissions { func (t *ACLListStorageBuilder) convertPermission(perm string) aclrecordproto.ACLUserPermissions {
switch perm { switch perm {
case "admin": case "admin":
return aclpb.ACLUserPermissions_Admin return aclrecordproto.ACLUserPermissions_Admin
case "writer": case "writer":
return aclpb.ACLUserPermissions_Writer return aclrecordproto.ACLUserPermissions_Writer
case "reader": case "reader":
return aclpb.ACLUserPermissions_Reader return aclrecordproto.ACLUserPermissions_Reader
default: default:
panic(fmt.Sprintf("incorrect permission: %s", perm)) panic(fmt.Sprintf("incorrect permission: %s", perm))
} }
} }
func (t *ACLListStorageBuilder) traverseFromHead(f func(rec *aclpb.ACLRecord, id string) error) (err error) { func (t *ACLListStorageBuilder) traverseFromHead(f func(rec *aclrecordproto.ACLRecord, id string) error) (err error) {
for i := len(t.records) - 1; i >= 0; i-- { for i := len(t.records) - 1; i >= 0; i-- {
err = f(t.records[i], t.rawRecords[i].Id) err = f(t.records[i], t.rawRecords[i].Id)
if err != nil { if err != nil {
@ -309,11 +319,22 @@ func (t *ACLListStorageBuilder) traverseFromHead(f func(rec *aclpb.ACLRecord, id
return nil return nil
} }
func (t *ACLListStorageBuilder) createHeaderAndId() { func (t *ACLListStorageBuilder) parseRoot(root *Root) {
t.header = &aclpb.ACLHeader{ rawSignKey, _ := t.keychain.GetKey(root.Identity).(signingkey.PrivKey).GetPublic().Raw()
FirstId: t.rawRecords[0].Id, rawEncKey, _ := t.keychain.GetKey(root.EncryptionKey).(encryptionkey.PrivKey).GetPublic().Raw()
readKey, _ := aclrecordproto.ACLReadKeyDerive(rawSignKey, rawEncKey)
hasher := fnv.New64()
hasher.Write(readKey.Bytes())
t.root = &aclrecordproto.ACLRoot{
Identity: rawSignKey,
EncryptionKey: rawEncKey,
SpaceId: root.SpaceId,
EncryptedReadKey: nil,
DerivationScheme: "scheme",
CurrentReadKeyHash: hasher.Sum64(),
} }
bytes, _ := t.header.Marshal() t.rawRoot = t.createRaw(t.root, rawSignKey)
bytes, _ := t.rawRoot.Marshal()
id, _ := cid.NewCIDFromBytes(bytes) id, _ := cid.NewCIDFromBytes(bytes)
t.id = id t.id = id
} }

8
pkg/acl/testutils/acllistbuilder/liststoragebuildergraph_nix.go
View File

@ -9,7 +9,7 @@ package acllistbuilder
import ( import (
"fmt" "fmt"
"github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclchanges/aclpb" "github.com/anytypeio/go-anytype-infrastructure-experiments/pkg/acl/aclrecordproto"
"github.com/gogo/protobuf/proto" "github.com/gogo/protobuf/proto"
"strings" "strings"
@ -33,11 +33,11 @@ func (t *ACLListStorageBuilder) Graph() (string, error) {
graph.SetDir(true) graph.SetDir(true)
var nodes = make(map[string]struct{}) var nodes = make(map[string]struct{})
var addNodes = func(r *aclpb.ACLRecord, id string) error { var addNodes = func(r *aclrecordproto.ACLRecord, id string) error {
style := "solid" style := "solid"
var chSymbs []string var chSymbs []string
aclData := &aclpb.ACLData{} aclData := &aclrecordproto.ACLData{}
err := proto.Unmarshal(r.GetData(), aclData) err := proto.Unmarshal(r.GetData(), aclData)
if err != nil { if err != nil {
return err return err
@ -92,7 +92,7 @@ func (t *ACLListStorageBuilder) Graph() (string, error) {
return nil return nil
} }
var addLinks = func(r *aclpb.ACLRecord, id string) error { var addLinks = func(r *aclrecordproto.ACLRecord, id string) error {
if r.PrevId == "" { if r.PrevId == "" {
return nil return nil
} }

19
pkg/acl/testutils/acllistbuilder/ymlentities.go
View File

@ -6,9 +6,10 @@ type Key struct {
} }
type Keys struct { type Keys struct {
Enc []*Key `yaml:"Enc"` Derived string `yaml:"Derived"`
Sign []*Key `yaml:"Sign"` Enc []*Key `yaml:"Enc"`
Read []*Key `yaml:"Read"` Sign []*Key `yaml:"Sign"`
Read []*Key `yaml:"Read"`
} }
type ACLChange struct { type ACLChange struct {
@ -35,11 +36,6 @@ type ACLChange struct {
InviteId string `yaml:"inviteId"` InviteId string `yaml:"inviteId"`
} `yaml:"userInvite"` } `yaml:"userInvite"`
UserConfirm *struct {
Identity string `yaml:"identity"`
UserAddId string `yaml:"UserAddId"`
} `yaml:"userConfirm"`
UserRemove *struct { UserRemove *struct {
RemovedIdentity string `yaml:"removedIdentity"` RemovedIdentity string `yaml:"removedIdentity"`
NewReadKey string `yaml:"newReadKey"` NewReadKey string `yaml:"newReadKey"`
@ -63,7 +59,14 @@ type Header struct {
IsWorkspace bool `yaml:"isWorkspace"` IsWorkspace bool `yaml:"isWorkspace"`
} }
type Root struct {
Identity string `yaml:"identity"`
EncryptionKey string `yaml:"encryptionKey"`
SpaceId string `yaml:"spaceId"`
}
type YMLList struct { type YMLList struct {
Root *Root
Records []*Record `yaml:"records"` Records []*Record `yaml:"records"`
Keys Keys `yaml:"keys"` Keys Keys `yaml:"keys"`

15
pkg/acl/testutils/yamltests/userjoinexample.yml
View File

@ -1,12 +1,8 @@
records: root:
- identity: A - identity: A
aclChanges: encryptionKey: key.Enc.A
- userAdd: spaceId: space
identity: A records:
permission: admin
encryptionKey: key.Enc.A
encryptedReadKeys: [key.Read.1]
readKey: key.Read.1
- identity: A - identity: A
aclChanges: aclChanges:
- userInvite: - userInvite:
@ -31,6 +27,7 @@ records:
encryptedReadKeys: [key.Read.1] encryptedReadKeys: [key.Read.1]
readKey: key.Read.1 readKey: key.Read.1
keys: keys:
Derived: A
Enc: Enc:
- name: A - name: A
value: generated value: generated
@ -51,4 +48,4 @@ keys:
value: generated value: generated
Read: Read:
- name: 1 - name: 1
value: generated value: derived

15
pkg/acl/testutils/yamltests/userremoveexample.yml
View File

@ -1,12 +1,8 @@
records: root:
- identity: A - identity: A
aclChanges: encryptionKey: key.Enc.A
- userAdd: spaceId: space
identity: A records:
permission: admin
encryptionKey: key.Enc.A
encryptedReadKeys: [key.Read.1]
readKey: key.Read.1
- identity: A - identity: A
aclChanges: aclChanges:
- userInvite: - userInvite:
@ -38,6 +34,7 @@ records:
identitiesLeft: [A, C] identitiesLeft: [A, C]
readKey: key.Read.2 readKey: key.Read.2
keys: keys:
Derived: A
Enc: Enc:
- name: A - name: A
value: generated value: generated
@ -58,6 +55,6 @@ keys:
value: generated value: generated
Read: Read:
- name: 1 - name: 1
value: generated value: derived
- name: 2 - name: 2
value: generated value: generated