forked from berty/berty
-
Notifications
You must be signed in to change notification settings - Fork 0
/
orbitdb_signed_entry_accesscontroller.go
119 lines (93 loc) · 2.86 KB
/
orbitdb_signed_entry_accesscontroller.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package bertyprotocol
import (
"context"
"encoding/json"
"sync"
cid "github.com/ipfs/go-cid"
mh "github.com/multiformats/go-multihash"
"github.com/pkg/errors"
"go.uber.org/zap"
"berty.tech/berty/v2/go/pkg/errcode"
logac "berty.tech/go-ipfs-log/accesscontroller"
"berty.tech/go-ipfs-log/identityprovider"
"berty.tech/go-orbit-db/accesscontroller"
"berty.tech/go-orbit-db/iface"
)
type simpleAccessController struct {
allowedKeys map[string][]string
logger *zap.Logger
lock sync.RWMutex
}
func (o *simpleAccessController) SetLogger(logger *zap.Logger) {
o.lock.Lock()
defer o.lock.Unlock()
o.logger = logger
}
func (o *simpleAccessController) Logger() *zap.Logger {
o.lock.RLock()
defer o.lock.RUnlock()
return o.logger
}
func (o *simpleAccessController) Grant(ctx context.Context, capability string, keyID string) error {
return nil
}
func (o *simpleAccessController) Revoke(ctx context.Context, capability string, keyID string) error {
return nil
}
func (o *simpleAccessController) Load(ctx context.Context, address string) error {
return nil
}
func simpleAccessControllerCID(allowedKeys map[string][]string) (cid.Cid, error) {
d, err := json.Marshal(allowedKeys)
if err != nil {
return cid.Undef, errcode.ErrInvalidInput.Wrap(err)
}
c, err := cid.Prefix{
Version: 1,
Codec: cid.Raw,
MhType: mh.SHA2_256,
MhLength: -1,
}.Sum(d)
if err != nil {
return cid.Undef, errcode.ErrInvalidInput.Wrap(err)
}
return c, nil
}
func (o *simpleAccessController) Save(ctx context.Context) (accesscontroller.ManifestParams, error) {
c, err := simpleAccessControllerCID(o.allowedKeys)
if err != nil {
return nil, errcode.ErrInvalidInput.Wrap(err)
}
return accesscontroller.NewManifestParams(c, true, "simple"), nil
}
func (o *simpleAccessController) Close() error {
return nil
}
func (o *simpleAccessController) Type() string {
return "bertysimple"
}
func (o *simpleAccessController) GetAuthorizedByRole(role string) ([]string, error) {
return o.allowedKeys[role], nil
}
func (o *simpleAccessController) CanAppend(e logac.LogEntry, p identityprovider.Interface, additionalContext accesscontroller.CanAppendAdditionalContext) error {
for _, id := range o.allowedKeys["write"] {
if e.GetIdentity().ID == id || id == "*" {
return nil
}
}
return errors.New("not allowed to write entry")
}
// NewSimpleAccessController Returns a non configurable access controller
func NewSimpleAccessController(_ context.Context, _ iface.BaseOrbitDB, params accesscontroller.ManifestParams, options ...accesscontroller.Option) (accesscontroller.Interface, error) {
if params == nil {
return &simpleAccessController{}, errors.New("an options object is required")
}
ac := &simpleAccessController{
allowedKeys: params.GetAllAccess(),
}
for _, o := range options {
o(ac)
}
return ac, nil
}
var _ accesscontroller.Interface = &simpleAccessController{}