From d41f73623428e90026dcaf1d053bf5ab61cfe773 Mon Sep 17 00:00:00 2001 From: mcrakhman Date: Tue, 13 Sep 2022 12:26:37 +0200 Subject: [PATCH] Revert "Use string instead of bytes, to simplify code" This reverts commit a907cde3993868dbf27938fe609fd2bbc02db2b5. --- pkg/acl/account/accountdata.go | 3 +- pkg/acl/aclchanges/aclpb/aclchanges.pb.go | 296 ++++++++++-------- .../aclchanges/aclpb/protos/aclchanges.proto | 22 +- pkg/acl/list/aclstate.go | 46 +-- pkg/acl/list/changebuilder.go | 4 +- .../acllistbuilder/liststoragebuilder.go | 14 +- pkg/acl/tree/change.go | 1 + pkg/acl/tree/changebuilder.go | 2 +- pkg/acl/tree/changevalidator.go | 2 +- pkg/acl/tree/objecttreefactory.go | 2 +- pkg/acl/tree/signablecontent.go | 2 +- 11 files changed, 209 insertions(+), 185 deletions(-) diff --git a/pkg/acl/account/accountdata.go b/pkg/acl/account/accountdata.go index 1bf30c95..bc775854 100644 --- a/pkg/acl/account/accountdata.go +++ b/pkg/acl/account/accountdata.go @@ -7,8 +7,7 @@ import ( ) type AccountData struct { // TODO: create a convenient constructor for this - // Identity is non utf8 encoded, but we use this type, to eliminate copying between []byte to string conversions - Identity string + Identity []byte // TODO: this is essentially the same as sign key SignKey signingkey.PrivKey EncKey encryptionkey.PrivKey Decoder keys.Decoder diff --git a/pkg/acl/aclchanges/aclpb/aclchanges.pb.go b/pkg/acl/aclchanges/aclpb/aclchanges.pb.go index 9c7c75b4..ecd124b1 100644 --- a/pkg/acl/aclchanges/aclpb/aclchanges.pb.go +++ b/pkg/acl/aclchanges/aclpb/aclchanges.pb.go @@ -380,7 +380,7 @@ func (m *ACLState) GetInvites() map[string]*ACLUserInvite { } type ACLUserState struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,3,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` Permissions ACLUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=acl.ACLUserPermissions" json:"permissions,omitempty"` @@ -420,11 +420,11 @@ func (m *ACLUserState) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserState proto.InternalMessageInfo -func (m *ACLUserState) GetIdentity() string { +func (m *ACLUserState) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserState) GetEncryptionKey() []byte { @@ -457,7 +457,7 @@ func (m *ACLUserState) GetIsConfirmed() bool { // we already know identity and encryptionKey type ACLUserAdd struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,3,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` Permissions ACLUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=acl.ACLUserPermissions" json:"permissions,omitempty"` @@ -496,11 +496,11 @@ func (m *ACLUserAdd) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserAdd proto.InternalMessageInfo -func (m *ACLUserAdd) GetIdentity() string { +func (m *ACLUserAdd) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserAdd) GetEncryptionKey() []byte { @@ -526,7 +526,7 @@ func (m *ACLUserAdd) GetPermissions() ACLUserPermissions { // TODO: this is not used as of now type ACLUserConfirm struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` UserAddId string `protobuf:"bytes,2,opt,name=userAddId,proto3" json:"userAddId,omitempty"` } @@ -563,11 +563,11 @@ func (m *ACLUserConfirm) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserConfirm proto.InternalMessageInfo -func (m *ACLUserConfirm) GetIdentity() string { +func (m *ACLUserConfirm) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserConfirm) GetUserAddId() string { @@ -654,7 +654,7 @@ func (m *ACLUserInvite) GetInviteId() string { } type ACLUserJoin struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` AcceptSignature []byte `protobuf:"bytes,3,opt,name=acceptSignature,proto3" json:"acceptSignature,omitempty"` UserInviteId string `protobuf:"bytes,4,opt,name=userInviteId,proto3" json:"userInviteId,omitempty"` @@ -694,11 +694,11 @@ func (m *ACLUserJoin) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserJoin proto.InternalMessageInfo -func (m *ACLUserJoin) GetIdentity() string { +func (m *ACLUserJoin) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserJoin) GetEncryptionKey() []byte { @@ -730,7 +730,7 @@ func (m *ACLUserJoin) GetEncryptedReadKeys() [][]byte { } type ACLUserRemove struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` ReadKeyReplaces []*ACLReadKeyReplace `protobuf:"bytes,3,rep,name=readKeyReplaces,proto3" json:"readKeyReplaces,omitempty"` } @@ -767,11 +767,11 @@ func (m *ACLUserRemove) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserRemove proto.InternalMessageInfo -func (m *ACLUserRemove) GetIdentity() string { +func (m *ACLUserRemove) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserRemove) GetReadKeyReplaces() []*ACLReadKeyReplace { @@ -782,7 +782,7 @@ func (m *ACLUserRemove) GetReadKeyReplaces() []*ACLReadKeyReplace { } type ACLReadKeyReplace struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` EncryptedReadKey []byte `protobuf:"bytes,3,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"` } @@ -820,11 +820,11 @@ func (m *ACLReadKeyReplace) XXX_DiscardUnknown() { var xxx_messageInfo_ACLReadKeyReplace proto.InternalMessageInfo -func (m *ACLReadKeyReplace) GetIdentity() string { +func (m *ACLReadKeyReplace) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLReadKeyReplace) GetEncryptionKey() []byte { @@ -842,7 +842,7 @@ func (m *ACLReadKeyReplace) GetEncryptedReadKey() []byte { } type ACLUserPermissionChange struct { - Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` Permissions ACLUserPermissions `protobuf:"varint,2,opt,name=permissions,proto3,enum=acl.ACLUserPermissions" json:"permissions,omitempty"` } @@ -879,11 +879,11 @@ func (m *ACLUserPermissionChange) XXX_DiscardUnknown() { var xxx_messageInfo_ACLUserPermissionChange proto.InternalMessageInfo -func (m *ACLUserPermissionChange) GetIdentity() string { +func (m *ACLUserPermissionChange) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLUserPermissionChange) GetPermissions() ACLUserPermissions { @@ -895,7 +895,7 @@ func (m *ACLUserPermissionChange) GetPermissions() ACLUserPermissions { type ACLRecord struct { PrevId string `protobuf:"bytes,1,opt,name=prevId,proto3" json:"prevId,omitempty"` - Identity string `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` CurrentReadKeyHash uint64 `protobuf:"varint,4,opt,name=currentReadKeyHash,proto3" json:"currentReadKeyHash,omitempty"` Timestamp int64 `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"` @@ -941,11 +941,11 @@ func (m *ACLRecord) GetPrevId() string { return "" } -func (m *ACLRecord) GetIdentity() string { +func (m *ACLRecord) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *ACLRecord) GetData() []byte { @@ -971,7 +971,7 @@ func (m *ACLRecord) GetTimestamp() int64 { type ACLHeader struct { FirstId string `protobuf:"bytes,1,opt,name=firstId,proto3" json:"firstId,omitempty"` - Identity string `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` } func (m *ACLHeader) Reset() { *m = ACLHeader{} } @@ -1014,11 +1014,11 @@ func (m *ACLHeader) GetFirstId() string { return "" } -func (m *ACLHeader) GetIdentity() string { +func (m *ACLHeader) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } type RawTreeChange struct { @@ -1132,7 +1132,7 @@ type TreeChange struct { ChangesData []byte `protobuf:"bytes,4,opt,name=changesData,proto3" json:"changesData,omitempty"` CurrentReadKeyHash uint64 `protobuf:"varint,5,opt,name=currentReadKeyHash,proto3" json:"currentReadKeyHash,omitempty"` Timestamp int64 `protobuf:"varint,6,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - Identity string `protobuf:"bytes,7,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,7,opt,name=identity,proto3" json:"identity,omitempty"` IsSnapshot bool `protobuf:"varint,8,opt,name=isSnapshot,proto3" json:"isSnapshot,omitempty"` } @@ -1211,11 +1211,11 @@ func (m *TreeChange) GetTimestamp() int64 { return 0 } -func (m *TreeChange) GetIdentity() string { +func (m *TreeChange) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *TreeChange) GetIsSnapshot() bool { @@ -1229,7 +1229,7 @@ type TreeHeader struct { FirstId string `protobuf:"bytes,1,opt,name=firstId,proto3" json:"firstId,omitempty"` AclId string `protobuf:"bytes,2,opt,name=aclId,proto3" json:"aclId,omitempty"` TreeHeaderType TreeHeaderType `protobuf:"varint,3,opt,name=treeHeaderType,proto3,enum=acl.TreeHeaderType" json:"treeHeaderType,omitempty"` - Identity string `protobuf:"bytes,4,opt,name=identity,proto3" json:"identity,omitempty"` + Identity []byte `protobuf:"bytes,4,opt,name=identity,proto3" json:"identity,omitempty"` Data []byte `protobuf:"bytes,5,opt,name=data,proto3" json:"data,omitempty"` } @@ -1287,11 +1287,11 @@ func (m *TreeHeader) GetTreeHeaderType() TreeHeaderType { return TreeHeaderType_Object } -func (m *TreeHeader) GetIdentity() string { +func (m *TreeHeader) GetIdentity() []byte { if m != nil { return m.Identity } - return "" + return nil } func (m *TreeHeader) GetData() []byte { @@ -1361,44 +1361,44 @@ var fileDescriptor_37a022c841a51877 = []byte{ 0xf8, 0x27, 0x91, 0x48, 0xa7, 0x38, 0x53, 0xdd, 0xfc, 0x0c, 0x5a, 0xb6, 0x00, 0x75, 0xa0, 0xfa, 0x9c, 0x4e, 0x55, 0x1d, 0x35, 0xb0, 0x5c, 0xa2, 0x1d, 0xc3, 0xc3, 0xa2, 0x5a, 0xd1, 0xa6, 0x58, 0x2b, 0x7c, 0xe0, 0xbe, 0xe7, 0xf8, 0xbf, 0x38, 0xd0, 0xb2, 0x5d, 0x44, 0x9b, 0xb0, 0xc2, 0x42, - 0x1a, 0x09, 0x26, 0xb2, 0x53, 0xf3, 0xbd, 0xe4, 0x82, 0x46, 0x41, 0x3a, 0x4d, 0x04, 0x8b, 0xa3, - 0x03, 0x3a, 0x35, 0xe5, 0x5f, 0x06, 0xd1, 0x9b, 0xb0, 0x6e, 0x00, 0x1a, 0x62, 0xcd, 0x92, 0x0e, - 0xb1, 0x85, 0xe7, 0x05, 0xe8, 0x7d, 0x68, 0x26, 0x79, 0xa5, 0x71, 0x55, 0x56, 0xed, 0xbd, 0x7b, - 0x8b, 0x0b, 0x94, 0x63, 0x5b, 0x17, 0x6d, 0x43, 0x93, 0x71, 0x93, 0x7e, 0x1a, 0xaa, 0xea, 0x5a, - 0xc1, 0x36, 0xe4, 0xff, 0xe0, 0x00, 0x14, 0xbf, 0xd5, 0xff, 0x28, 0x36, 0xff, 0x11, 0xb4, 0xcb, - 0xe5, 0x7e, 0xab, 0xf3, 0x5b, 0xd0, 0x30, 0xfd, 0x62, 0x14, 0x2a, 0xc7, 0x1b, 0xb8, 0x00, 0xfc, - 0xdf, 0x1d, 0x58, 0x2d, 0x15, 0x00, 0xda, 0x81, 0x35, 0x12, 0x04, 0x34, 0x11, 0x8f, 0xcf, 0x4f, - 0xc6, 0x2c, 0x38, 0x30, 0x15, 0xd4, 0xc2, 0xb3, 0x30, 0xda, 0x85, 0x8e, 0x89, 0xab, 0x50, 0xd5, - 0xcc, 0xcc, 0xe1, 0xff, 0x5d, 0xe2, 0x25, 0x15, 0x2a, 0x90, 0x91, 0xce, 0xba, 0xa4, 0xc2, 0xec, - 0xfd, 0x9f, 0x1c, 0x68, 0x5a, 0xbd, 0xe5, 0x25, 0xe4, 0x3c, 0x27, 0xeb, 0x28, 0x6f, 0xfb, 0x55, - 0x9b, 0xac, 0x1c, 0x46, 0x3e, 0xb4, 0x8a, 0xce, 0x37, 0x0a, 0x55, 0x4c, 0x0d, 0x5c, 0xc2, 0x16, - 0x93, 0x54, 0xbb, 0x81, 0x24, 0x7f, 0x92, 0x67, 0xce, 0x34, 0xf6, 0xdb, 0xc2, 0xf9, 0x18, 0xd6, - 0x4c, 0x57, 0xc2, 0x34, 0x19, 0x93, 0x20, 0xef, 0x2c, 0x77, 0x33, 0x56, 0x71, 0x49, 0x8c, 0x67, - 0xd5, 0xfd, 0xaf, 0x1d, 0x58, 0x9f, 0x53, 0x7b, 0x09, 0x14, 0x16, 0x55, 0x94, 0xc7, 0x66, 0x38, - 0x9c, 0xc3, 0xfd, 0x04, 0xee, 0xdd, 0xf0, 0x32, 0xdd, 0xea, 0xc8, 0x4c, 0x39, 0xb9, 0xff, 0xe0, - 0x5f, 0xfb, 0xce, 0x81, 0x46, 0xf1, 0xf2, 0xdf, 0x85, 0xe5, 0x24, 0xa5, 0x17, 0xa3, 0xd0, 0x5c, - 0x61, 0x76, 0xa5, 0xcb, 0xdd, 0x99, 0xcb, 0x11, 0x2c, 0x85, 0x44, 0x10, 0x13, 0x93, 0x5a, 0xa3, - 0x1e, 0xa0, 0xe0, 0x3c, 0x4d, 0x69, 0x24, 0x70, 0xf1, 0x54, 0xa8, 0x92, 0x58, 0xc2, 0x0b, 0x24, - 0xf2, 0x1f, 0x16, 0x6c, 0x42, 0xb9, 0x20, 0x93, 0x44, 0x55, 0x75, 0x15, 0x17, 0x80, 0xdf, 0x57, - 0x2e, 0x0e, 0x29, 0x09, 0x69, 0x2a, 0x87, 0x93, 0x67, 0x2c, 0xe5, 0x22, 0xf7, 0x31, 0xdb, 0xde, - 0xe6, 0xa4, 0xff, 0x29, 0xac, 0x62, 0x72, 0x79, 0x9c, 0x52, 0x6a, 0xe8, 0xfc, 0x97, 0x33, 0x8e, - 0x3f, 0x80, 0x3b, 0xa5, 0x83, 0x9e, 0x32, 0x71, 0x36, 0x52, 0x46, 0x29, 0xb9, 0x34, 0x83, 0x86, - 0x3e, 0xb0, 0x00, 0xcc, 0x60, 0xe4, 0xe6, 0x83, 0xd1, 0xb7, 0x2e, 0x80, 0xe5, 0xcb, 0x36, 0x34, - 0x45, 0x4a, 0xa9, 0x0c, 0x70, 0x14, 0xea, 0x47, 0xb6, 0x81, 0x6d, 0x48, 0x1e, 0x4f, 0x82, 0xb1, - 0xde, 0x65, 0x3d, 0x2e, 0x07, 0xd0, 0x6b, 0xd0, 0xe6, 0x11, 0x49, 0xf8, 0x59, 0x2c, 0xf6, 0x09, - 0x97, 0x3f, 0x9f, 0x9e, 0xc1, 0x66, 0x50, 0x79, 0x8f, 0x99, 0xfe, 0xe4, 0x80, 0xa0, 0xd2, 0xd1, - 0xc2, 0x36, 0x74, 0x43, 0xde, 0x6a, 0x7f, 0x2f, 0x6f, 0xcb, 0x33, 0x79, 0x2b, 0x25, 0xa4, 0x3e, - 0x53, 0x35, 0x5d, 0x00, 0xc6, 0x8f, 0x8c, 0x7f, 0xde, 0x8a, 0x7a, 0xbe, 0x2c, 0xc4, 0xff, 0xde, - 0xd1, 0x14, 0xfd, 0x65, 0xd6, 0x37, 0xa0, 0x46, 0x82, 0x71, 0x4e, 0x8b, 0xde, 0xa0, 0x0f, 0xa1, - 0x2d, 0x72, 0xeb, 0xe3, 0x69, 0xa2, 0xdb, 0x56, 0xdb, 0x0c, 0x53, 0xc7, 0x25, 0x11, 0x9e, 0x51, - 0x2d, 0xf9, 0xbd, 0x74, 0x43, 0xb5, 0xd7, 0x8a, 0x6a, 0xdf, 0x7d, 0x08, 0x68, 0xfe, 0x37, 0x43, - 0x0d, 0xa8, 0xf5, 0xc3, 0x09, 0x8b, 0x3a, 0x15, 0x04, 0xb0, 0xfc, 0x34, 0x65, 0x82, 0xa6, 0x1d, - 0x47, 0xae, 0xb1, 0xba, 0xaa, 0xe3, 0xa2, 0x26, 0xd4, 0x75, 0x6b, 0x0b, 0x3b, 0xd5, 0xdd, 0xd7, - 0xa1, 0x5d, 0xf6, 0x4b, 0xaa, 0x7e, 0x7e, 0xf2, 0x15, 0x0d, 0x44, 0xa7, 0x22, 0x4f, 0x3b, 0x4a, - 0x48, 0x40, 0x3b, 0xce, 0xfe, 0x2b, 0x3f, 0x5e, 0x75, 0x9d, 0x17, 0x57, 0x5d, 0xe7, 0xd7, 0xab, - 0xae, 0xf3, 0xcd, 0x75, 0xb7, 0xf2, 0xe2, 0xba, 0x5b, 0xf9, 0xf9, 0xba, 0x5b, 0xf9, 0xb2, 0xa6, - 0x86, 0xfd, 0x93, 0x65, 0x35, 0xdb, 0xbf, 0xf3, 0x67, 0x00, 0x00, 0x00, 0xff, 0xff, 0x7e, 0xb7, - 0x4f, 0x73, 0x0f, 0x0c, 0x00, 0x00, + 0x1a, 0x09, 0x26, 0xa6, 0xa6, 0xf2, 0xf3, 0xbd, 0xe4, 0x82, 0x46, 0x41, 0x3a, 0x4d, 0x04, 0x8b, + 0xa3, 0x03, 0x3a, 0x35, 0xe5, 0x5f, 0x06, 0xd1, 0x9b, 0xb0, 0x6e, 0x00, 0x1a, 0x62, 0xcd, 0x92, + 0x0e, 0xb1, 0x85, 0xe7, 0x05, 0xe8, 0x7d, 0x68, 0x26, 0x79, 0xa5, 0x71, 0x55, 0x56, 0xed, 0xbd, + 0x7b, 0x8b, 0x0b, 0x94, 0x63, 0x5b, 0x17, 0x6d, 0x43, 0x93, 0x71, 0x93, 0x7e, 0x1a, 0xaa, 0xea, + 0x5a, 0xc1, 0x36, 0xe4, 0xff, 0xe0, 0x00, 0x14, 0xbf, 0xd5, 0xff, 0x28, 0x36, 0xff, 0x11, 0xb4, + 0xcb, 0xe5, 0x7e, 0xab, 0xf3, 0x5b, 0xd0, 0x30, 0xfd, 0x62, 0x14, 0x2a, 0xc7, 0x1b, 0xb8, 0x00, + 0xfc, 0xdf, 0x1d, 0x58, 0x2d, 0x15, 0x00, 0xda, 0x81, 0x35, 0x12, 0x04, 0x34, 0x11, 0x8f, 0xcf, + 0x4f, 0xc6, 0x2c, 0x38, 0xa0, 0xd9, 0x91, 0xb3, 0x30, 0xda, 0x85, 0x8e, 0x89, 0xab, 0x50, 0xd5, + 0xcc, 0xcc, 0xe1, 0xff, 0x5d, 0xe2, 0x25, 0x15, 0x2a, 0x90, 0x91, 0xce, 0x7a, 0x03, 0xe7, 0x7b, + 0xff, 0x27, 0x07, 0x9a, 0x56, 0x6f, 0x79, 0x09, 0x39, 0xcf, 0xc9, 0x3a, 0xca, 0xdb, 0x7e, 0xd5, + 0x26, 0x2b, 0x87, 0x91, 0x0f, 0xad, 0xa2, 0xf3, 0x8d, 0x42, 0x15, 0x53, 0x03, 0x97, 0xb0, 0xc5, + 0x24, 0xd5, 0x6e, 0x20, 0xc9, 0x9f, 0xe4, 0x99, 0x33, 0x8d, 0xfd, 0xb6, 0x70, 0x3e, 0x86, 0x35, + 0xd3, 0x95, 0x30, 0x4d, 0xc6, 0x24, 0xc8, 0x3b, 0xcb, 0xdd, 0x8c, 0x55, 0x5c, 0x12, 0xe3, 0x59, + 0x75, 0xff, 0x6b, 0x07, 0xd6, 0xe7, 0xd4, 0x5e, 0x02, 0x85, 0x45, 0x15, 0xe5, 0xb1, 0x19, 0x0e, + 0xe7, 0x70, 0x3f, 0x81, 0x7b, 0x37, 0xbc, 0x4c, 0xb7, 0x3a, 0x32, 0x53, 0x4e, 0xee, 0x3f, 0xf8, + 0xd7, 0xbe, 0x73, 0xa0, 0x51, 0xbc, 0xfc, 0x77, 0x61, 0x39, 0x49, 0xe9, 0xc5, 0x28, 0x34, 0x4d, + 0xd5, 0xec, 0x4a, 0x97, 0xbb, 0x33, 0x97, 0x23, 0x58, 0x0a, 0x89, 0x20, 0x26, 0x26, 0xb5, 0x46, + 0x3d, 0x40, 0xc1, 0x79, 0x9a, 0xd2, 0x48, 0xe0, 0xe2, 0xa9, 0x50, 0x25, 0xb1, 0x84, 0x17, 0x48, + 0xe4, 0x3f, 0x2c, 0xd8, 0x84, 0x72, 0x41, 0x26, 0x89, 0xaa, 0xea, 0x2a, 0x2e, 0x00, 0xbf, 0xaf, + 0x5c, 0x1c, 0x52, 0x12, 0xd2, 0x54, 0x0e, 0x27, 0xcf, 0x58, 0xca, 0x45, 0xee, 0x63, 0xb6, 0xbd, + 0xcd, 0x49, 0xff, 0x53, 0x58, 0xc5, 0xe4, 0xf2, 0x38, 0xa5, 0xd4, 0xd0, 0xf9, 0x2f, 0x67, 0x1c, + 0x7f, 0x00, 0x77, 0x4a, 0x07, 0x3d, 0x65, 0xe2, 0x6c, 0xa4, 0x8c, 0x52, 0x72, 0x69, 0x06, 0x0d, + 0x7d, 0x60, 0x01, 0x98, 0xc1, 0xc8, 0xcd, 0x07, 0xa3, 0x6f, 0x5d, 0x00, 0xcb, 0x97, 0x6d, 0x68, + 0x8a, 0x94, 0x52, 0x19, 0xe0, 0x28, 0xd4, 0x8f, 0x6c, 0x03, 0xdb, 0x90, 0x3c, 0x9e, 0x04, 0x63, + 0xbd, 0xcb, 0x7a, 0x5c, 0x0e, 0xa0, 0xd7, 0xa0, 0xcd, 0x23, 0x92, 0xf0, 0xb3, 0x58, 0xec, 0x13, + 0x2e, 0x7f, 0x3e, 0x3d, 0x83, 0xcd, 0xa0, 0xf2, 0x1e, 0x33, 0xfd, 0xc9, 0x01, 0x41, 0xa5, 0xa3, + 0x85, 0x6d, 0xe8, 0x86, 0xbc, 0xd5, 0xfe, 0x5e, 0xde, 0x96, 0x67, 0xf2, 0x56, 0x4a, 0x48, 0x7d, + 0xa6, 0x6a, 0xba, 0x00, 0x8c, 0x1f, 0x19, 0xff, 0xbc, 0x15, 0xf5, 0x7c, 0x59, 0x88, 0xff, 0xbd, + 0xa3, 0x29, 0xfa, 0xcb, 0xac, 0x6f, 0x40, 0x8d, 0x04, 0xe3, 0x9c, 0x16, 0xbd, 0x41, 0x1f, 0x42, + 0x5b, 0xe4, 0xd6, 0xc7, 0xd3, 0x44, 0xb7, 0xad, 0xb6, 0x19, 0xa6, 0x8e, 0x4b, 0x22, 0x3c, 0xa3, + 0x5a, 0xf2, 0x7b, 0xe9, 0x86, 0x6a, 0xaf, 0x15, 0xd5, 0xbe, 0xfb, 0x10, 0xd0, 0xfc, 0x6f, 0x86, + 0x1a, 0x50, 0xeb, 0x87, 0x13, 0x16, 0x75, 0x2a, 0x08, 0x60, 0xf9, 0x69, 0xca, 0x04, 0x4d, 0x3b, + 0x8e, 0x5c, 0x63, 0x75, 0x55, 0xc7, 0x45, 0x4d, 0xa8, 0xeb, 0xd6, 0x16, 0x76, 0xaa, 0xbb, 0xaf, + 0x43, 0xbb, 0xec, 0x97, 0x54, 0xfd, 0xfc, 0xe4, 0x2b, 0x1a, 0x88, 0x4e, 0x45, 0x9e, 0x76, 0x94, + 0x90, 0x80, 0x76, 0x9c, 0xfd, 0x57, 0x7e, 0xbc, 0xea, 0x3a, 0x2f, 0xae, 0xba, 0xce, 0xaf, 0x57, + 0x5d, 0xe7, 0x9b, 0xeb, 0x6e, 0xe5, 0xc5, 0x75, 0xb7, 0xf2, 0xf3, 0x75, 0xb7, 0xf2, 0x65, 0x4d, + 0x0d, 0xfb, 0x27, 0xcb, 0x6a, 0xb6, 0x7f, 0xe7, 0xcf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8c, 0x25, + 0x31, 0x18, 0x0f, 0x0c, 0x00, 0x00, } func (m *RawACLRecord) Marshal() (dAtA []byte, err error) { @@ -3735,7 +3735,7 @@ func (m *ACLUserState) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -3745,23 +3745,25 @@ func (m *ACLUserState) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { @@ -3922,7 +3924,7 @@ func (m *ACLUserAdd) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -3932,23 +3934,25 @@ func (m *ACLUserAdd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { @@ -4089,7 +4093,7 @@ func (m *ACLUserConfirm) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -4099,23 +4103,25 @@ func (m *ACLUserConfirm) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { @@ -4404,7 +4410,7 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -4414,23 +4420,25 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { @@ -4618,7 +4626,7 @@ func (m *ACLUserRemove) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -4628,23 +4636,25 @@ func (m *ACLUserRemove) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 3: if wireType != 2 { @@ -4734,7 +4744,7 @@ func (m *ACLReadKeyReplace) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -4744,23 +4754,25 @@ func (m *ACLReadKeyReplace) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { @@ -4884,7 +4896,7 @@ func (m *ACLUserPermissionChange) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -4894,23 +4906,25 @@ func (m *ACLUserPermissionChange) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 2: if wireType != 0 { @@ -5017,7 +5031,7 @@ func (m *ACLRecord) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -5027,23 +5041,25 @@ func (m *ACLRecord) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 3: if wireType != 2 { @@ -5203,7 +5219,7 @@ func (m *ACLHeader) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -5213,23 +5229,25 @@ func (m *ACLHeader) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex default: iNdEx = preIndex @@ -5687,7 +5705,7 @@ func (m *TreeChange) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -5697,23 +5715,25 @@ func (m *TreeChange) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 8: if wireType != 0 { @@ -5872,7 +5892,7 @@ func (m *TreeHeader) Unmarshal(dAtA []byte) error { if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclchanges @@ -5882,23 +5902,25 @@ func (m *TreeHeader) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclchanges } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclchanges } if postIndex > l { return io.ErrUnexpectedEOF } - m.Identity = string(dAtA[iNdEx:postIndex]) + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } iNdEx = postIndex case 5: if wireType != 2 { diff --git a/pkg/acl/aclchanges/aclpb/protos/aclchanges.proto b/pkg/acl/aclchanges/aclpb/protos/aclchanges.proto index 2ac1e5f7..73a3fc1f 100644 --- a/pkg/acl/aclchanges/aclpb/protos/aclchanges.proto +++ b/pkg/acl/aclchanges/aclpb/protos/aclchanges.proto @@ -33,7 +33,7 @@ message ACLState { } message ACLUserState { - string identity = 1; + bytes identity = 1; bytes encryptionKey = 2; repeated bytes encryptedReadKeys = 3; // all read keys that we know ACLUserPermissions permissions = 4; @@ -42,7 +42,7 @@ message ACLUserState { // we already know identity and encryptionKey message ACLUserAdd { - string identity = 1; // public signing key + bytes identity = 1; // public signing key bytes encryptionKey = 2; // public encryption key repeated bytes encryptedReadKeys = 3; // all read keys that we know for the user ACLUserPermissions permissions = 4; @@ -50,7 +50,7 @@ message ACLUserAdd { // TODO: this is not used as of now message ACLUserConfirm { // not needed for read permissions - string identity = 1; // not needed + bytes identity = 1; // not needed string userAddId = 2; } @@ -63,7 +63,7 @@ message ACLUserInvite { } message ACLUserJoin { - string identity = 1; + bytes identity = 1; bytes encryptionKey = 2; bytes acceptSignature = 3; // sign acceptPublicKey string userInviteId = 4; @@ -71,18 +71,18 @@ message ACLUserJoin { } message ACLUserRemove { - string identity = 1; + bytes identity = 1; repeated ACLReadKeyReplace readKeyReplaces = 3; // new read key encrypted for all users } message ACLReadKeyReplace { - string identity = 1; + bytes identity = 1; bytes encryptionKey = 2; bytes encryptedReadKey = 3; } message ACLUserPermissionChange { - string identity = 1; + bytes identity = 1; ACLUserPermissions permissions = 2; } @@ -95,7 +95,7 @@ enum ACLUserPermissions { message ACLRecord { string prevId = 1; - string identity = 2; + bytes identity = 2; bytes data = 3; uint64 currentReadKeyHash = 4; int64 timestamp = 5; @@ -103,7 +103,7 @@ message ACLRecord { message ACLHeader { string firstId = 1; - string identity = 2; // the identity of the creator + bytes identity = 2; // the identity of the creator } // Tree protos @@ -125,7 +125,7 @@ message TreeChange { bytes changesData = 4; uint64 currentReadKeyHash = 5; int64 timestamp = 6; - string identity = 7; + bytes identity = 7; bool isSnapshot = 8; } @@ -138,6 +138,6 @@ message TreeHeader { string firstId = 1; string aclId = 2; TreeHeaderType treeHeaderType = 3; - string identity = 4; + bytes identity = 4; bytes data = 5; // this should be reserved for the client to add the data it needs } diff --git a/pkg/acl/list/aclstate.go b/pkg/acl/list/aclstate.go index fceeaadc..d7a849fb 100644 --- a/pkg/acl/list/aclstate.go +++ b/pkg/acl/list/aclstate.go @@ -1,6 +1,7 @@ package list import ( + "bytes" "errors" "fmt" "github.com/anytypeio/go-anytype-infrastructure-experiments/app/logger" @@ -147,7 +148,7 @@ func (st *ACLState) applyChangeAndUpdate(recordWrapper *ACLRecord) (err error) { var permissions []UserPermissionPair for _, state := range st.userStates { permission := UserPermissionPair{ - Identity: state.Identity, + Identity: string(state.Identity), Permission: state.Permissions, } permissions = append(permissions, permission) @@ -157,7 +158,7 @@ func (st *ACLState) applyChangeAndUpdate(recordWrapper *ACLRecord) (err error) { return nil } -func (st *ACLState) applyChangeData(changeData *aclpb.ACLData, hash uint64, identity string) (err error) { +func (st *ACLState) applyChangeData(changeData *aclpb.ACLData, hash uint64, identity []byte) (err error) { defer func() { if err != nil { return @@ -170,7 +171,7 @@ func (st *ACLState) applyChangeData(changeData *aclpb.ACLData, hash uint64, iden skipIdentityCheck := st.isUserJoin(changeData) || (st.currentReadKeyHash == 0 && st.isUserAdd(changeData, identity)) if !skipIdentityCheck { // we check signature when we add this to the Tree, so no need to do it here - if _, exists := st.userStates[identity]; !exists { + if _, exists := st.userStates[string(identity)]; !exists { err = ErrNoSuchUser return } @@ -211,11 +212,12 @@ func (st *ACLState) applyChangeContent(ch *aclpb.ACLContentValue) error { } func (st *ACLState) applyUserPermissionChange(ch *aclpb.ACLUserPermissionChange) error { - if _, exists := st.userStates[ch.Identity]; !exists { + chIdentity := string(ch.Identity) + if _, exists := st.userStates[chIdentity]; !exists { return ErrNoSuchUser } - st.userStates[ch.Identity].Permissions = ch.Permissions + st.userStates[chIdentity].Permissions = ch.Permissions return nil } @@ -229,8 +231,9 @@ func (st *ACLState) applyUserJoin(ch *aclpb.ACLUserJoin) error { if !exists { return fmt.Errorf("no such invite with id %s", ch.UserInviteId) } + chIdentity := string(ch.Identity) - if _, exists = st.userStates[ch.Identity]; exists { + if _, exists = st.userStates[chIdentity]; exists { return ErrUserAlreadyExists } @@ -241,7 +244,7 @@ func (st *ACLState) applyUserJoin(ch *aclpb.ACLUserJoin) error { return fmt.Errorf("public key verifying invite accepts is given in incorrect format: %v", err) } - res, err := verificationKey.(signingkey.PubKey).Verify([]byte(ch.Identity), signature) + res, err := verificationKey.(signingkey.PubKey).Verify(ch.Identity, signature) if err != nil { return fmt.Errorf("verification returned error: %w", err) } @@ -250,7 +253,7 @@ func (st *ACLState) applyUserJoin(ch *aclpb.ACLUserJoin) error { } // if ourselves -> we need to decrypt the read keys - if st.identity == ch.Identity { + if st.identity == chIdentity { for _, key := range ch.EncryptedReadKeys { key, hash, err := st.decryptReadKeyAndHash(key) if err != nil { @@ -269,23 +272,24 @@ func (st *ACLState) applyUserJoin(ch *aclpb.ACLUserJoin) error { Permissions: invite.Permissions, IsConfirmed: true, } - st.userStates[ch.Identity] = userState + st.userStates[chIdentity] = userState return nil } func (st *ACLState) applyUserAdd(ch *aclpb.ACLUserAdd) error { - if _, exists := st.userStates[ch.Identity]; exists { + chIdentity := string(ch.Identity) + if _, exists := st.userStates[chIdentity]; exists { return ErrUserAlreadyExists } - st.userStates[ch.Identity] = &aclpb.ACLUserState{ + st.userStates[chIdentity] = &aclpb.ACLUserState{ Identity: ch.Identity, EncryptionKey: ch.EncryptionKey, Permissions: ch.Permissions, EncryptedReadKeys: ch.EncryptedReadKeys, } - if ch.Identity == st.identity { + if chIdentity == st.identity { for _, key := range ch.EncryptedReadKeys { key, hash, err := st.decryptReadKeyAndHash(key) if err != nil { @@ -300,15 +304,16 @@ func (st *ACLState) applyUserAdd(ch *aclpb.ACLUserAdd) error { } func (st *ACLState) applyUserRemove(ch *aclpb.ACLUserRemove) error { - if ch.Identity == st.identity { + chIdentity := string(ch.Identity) + if chIdentity == st.identity { return ErrDocumentForbidden } - if _, exists := st.userStates[ch.Identity]; !exists { + if _, exists := st.userStates[chIdentity]; !exists { return ErrNoSuchUser } - delete(st.userStates, ch.Identity) + delete(st.userStates, chIdentity) for _, replace := range ch.ReadKeyReplaces { repIdentity := string(replace.Identity) @@ -359,8 +364,8 @@ func (st *ACLState) decryptReadKeyAndHash(msg []byte) (*symmetric.Key, uint64, e return key, hasher.Sum64(), nil } -func (st *ACLState) hasPermission(identity string, permission aclpb.ACLUserPermissions) bool { - state, exists := st.userStates[identity] +func (st *ACLState) hasPermission(identity []byte, permission aclpb.ACLUserPermissions) bool { + state, exists := st.userStates[string(identity)] if !exists { return false } @@ -373,13 +378,10 @@ func (st *ACLState) isUserJoin(data *aclpb.ACLData) bool { return data.GetAclContent() != nil && data.GetAclContent()[0].GetUserJoin() != nil } -func (st *ACLState) isUserAdd(data *aclpb.ACLData, identity string) bool { - if len(data.GetAclContent()) == 0 { - return false - } +func (st *ACLState) isUserAdd(data *aclpb.ACLData, identity []byte) bool { // if we have a UserAdd, then it should always be the first one applied userAdd := data.GetAclContent()[0].GetUserAdd() - return data.GetAclContent() != nil && userAdd != nil && userAdd.GetIdentity() == identity + return data.GetAclContent() != nil && userAdd != nil && bytes.Compare(userAdd.GetIdentity(), identity) == 0 } func (st *ACLState) GetUserStates() map[string]*aclpb.ACLUserState { diff --git a/pkg/acl/list/changebuilder.go b/pkg/acl/list/changebuilder.go index 52a44e18..c6413cb0 100644 --- a/pkg/acl/list/changebuilder.go +++ b/pkg/acl/list/changebuilder.go @@ -82,7 +82,7 @@ func (c *aclChangeBuilder) UserAdd(identity string, encryptionKey encryptionkey. ch := &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserAdd{ UserAdd: &aclpb.ACLUserAdd{ - Identity: identity, + Identity: []byte(identity), EncryptionKey: rawKey, EncryptedReadKeys: encryptedKeys, Permissions: permissions, @@ -98,7 +98,7 @@ func (c *aclChangeBuilder) BuildAndApply() (*ACLRecord, []byte, error) { PrevId: c.list.Head().Id, CurrentReadKeyHash: c.readKeyHash, Timestamp: int64(time.Now().Nanosecond()), - Identity: string(c.acc.Identity), + Identity: c.acc.Identity, } marshalledData, err := proto.Marshal(c.aclData) diff --git a/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go b/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go index fb73d450..c6d8703a 100644 --- a/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go +++ b/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go @@ -146,7 +146,7 @@ func (t *ACLListStorageBuilder) parseRecord(rec *Record, prevId string) *aclpb.A return &aclpb.ACLRecord{ PrevId: prevId, - Identity: t.keychain.GetIdentity(rec.Identity), + Identity: []byte(t.keychain.GetIdentity(rec.Identity)), Data: bytes, CurrentReadKeyHash: k.Hash, Timestamp: time.Now().Unix(), @@ -164,7 +164,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL convCh = &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserAdd{ UserAdd: &aclpb.ACLUserAdd{ - Identity: t.keychain.GetIdentity(add.Identity), + Identity: []byte(t.keychain.GetIdentity(add.Identity)), EncryptionKey: rawKey, EncryptedReadKeys: t.encryptReadKeys(add.EncryptedReadKeys, encKey), Permissions: t.convertPermission(add.Permission), @@ -188,7 +188,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL convCh = &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserJoin{ UserJoin: &aclpb.ACLUserJoin{ - Identity: t.keychain.GetIdentity(join.Identity), + Identity: []byte(t.keychain.GetIdentity(join.Identity)), EncryptionKey: rawKey, AcceptSignature: signature, UserInviteId: join.InviteId, @@ -220,7 +220,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL convCh = &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserConfirm{ UserConfirm: &aclpb.ACLUserConfirm{ - Identity: t.keychain.GetIdentity(confirm.Identity), + Identity: []byte(t.keychain.GetIdentity(confirm.Identity)), UserAddId: confirm.UserAddId, }, }, @@ -231,7 +231,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL convCh = &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserPermissionChange{ UserPermissionChange: &aclpb.ACLUserPermissionChange{ - Identity: t.keychain.GetIdentity(permissionChange.Identity), + Identity: []byte(t.keychain.GetIdentity(permissionChange.Identity)), Permissions: t.convertPermission(permissionChange.Permission), }, }, @@ -251,7 +251,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL panic(err) } replaces = append(replaces, &aclpb.ACLReadKeyReplace{ - Identity: identity, + Identity: []byte(identity), EncryptionKey: rawEncKey, EncryptedReadKey: encReadKey, }) @@ -260,7 +260,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclpb.ACL convCh = &aclpb.ACLContentValue{ Value: &aclpb.ACLContentValue_UserRemove{ UserRemove: &aclpb.ACLUserRemove{ - Identity: t.keychain.GetIdentity(remove.RemovedIdentity), + Identity: []byte(t.keychain.GetIdentity(remove.RemovedIdentity)), ReadKeyReplaces: replaces, }, }, diff --git a/pkg/acl/tree/change.go b/pkg/acl/tree/change.go index 930a7abc..cefc9327 100644 --- a/pkg/acl/tree/change.go +++ b/pkg/acl/tree/change.go @@ -65,6 +65,7 @@ func NewChange(id string, ch *aclpb.TreeChange, signature []byte) *Change { Content: ch, SnapshotId: ch.SnapshotBaseId, IsSnapshot: ch.IsSnapshot, + Identity: string(ch.Identity), Sign: signature, } } diff --git a/pkg/acl/tree/changebuilder.go b/pkg/acl/tree/changebuilder.go index c58cf218..67985c82 100644 --- a/pkg/acl/tree/changebuilder.go +++ b/pkg/acl/tree/changebuilder.go @@ -18,7 +18,7 @@ type BuilderContent struct { aclHeadId string snapshotBaseId string currentReadKeyHash uint64 - identity string + identity []byte isSnapshot bool signingKey signingkey.PrivKey readKey *symmetric.Key diff --git a/pkg/acl/tree/changevalidator.go b/pkg/acl/tree/changevalidator.go index 1dfac831..bbc337cf 100644 --- a/pkg/acl/tree/changevalidator.go +++ b/pkg/acl/tree/changevalidator.go @@ -43,7 +43,7 @@ func (v *objectTreeValidator) validateChange(tree *Tree, aclList list.ACLList, c state = aclList.ACLState() ) // checking if the user could write - perm, err = state.PermissionsAtRecord(c.Content.AclHeadId, c.Content.Identity) + perm, err = state.PermissionsAtRecord(c.Content.AclHeadId, c.Identity) if err != nil { return } diff --git a/pkg/acl/tree/objecttreefactory.go b/pkg/acl/tree/objecttreefactory.go index 01afdc92..a62c8add 100644 --- a/pkg/acl/tree/objecttreefactory.go +++ b/pkg/acl/tree/objecttreefactory.go @@ -142,7 +142,7 @@ func createTreeHeaderAndId( raw *aclpb.RawTreeChangeWithId, treeType aclpb.TreeHeaderType, aclId string, - identity string, + identity []byte, headerData []byte) (header *aclpb.TreeHeader, treeId string, err error) { header = &aclpb.TreeHeader{ FirstId: raw.Id, diff --git a/pkg/acl/tree/signablecontent.go b/pkg/acl/tree/signablecontent.go index b51d1dea..4774c2fb 100644 --- a/pkg/acl/tree/signablecontent.go +++ b/pkg/acl/tree/signablecontent.go @@ -7,6 +7,6 @@ import ( type SignableChangeContent struct { Data []byte Key signingkey.PrivKey - Identity string + Identity []byte IsSnapshot bool }