GothenburgBitFactory/taskwarrior
1
0
Fork 0
mirror of https://github.com/GothenburgBitFactory/taskwarrior.git synced 2025-08-22 11:13:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #132 from djmitche/issue60

Browse source 
Use a single secret value to identify clients
This commit is contained in:
Dustin J. Mitchell 2020-12-28 20:51:08 -05:00 committed by GitHub
commit 21684666a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 177 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cli/src/invocation/mod.rs
View file

@ -108,20 +108,20 @@ fn get_replica(settings: &Config) -> Fallible<Replica> {
fn get_server(settings: &Config) -> Fallible<Box<dyn server::Server>> {
// if server_client_id and server_origin are both set, use
// the remote server
if let (Ok(client_id), Ok(origin)) = (
if let (Ok(client_key), Ok(origin)) = (
settings.get_str("server_client_id"),
settings.get_str("server_origin"),
) {
let client_id = Uuid::parse_str(&client_id)?;
let client_key = Uuid::parse_str(&client_key)?;
let encryption_secret = settings
.get_str("encryption_secret")
.map_err(|_| format_err!("Could not read `encryption_secret` configuration"))?;
log::debug!("Using sync-server with origin {}", origin);
log::debug!("Sync client ID: {}", client_id);
log::debug!("Sync client ID: {}", client_key);
Ok(server::from_config(ServerConfig::Remote {
origin,
client_id,
client_key,
encryption_secret: encryption_secret.as_bytes().to_vec(),
})?)
} else {

9
docs/src/sync-protocol.md
View file

@ -9,6 +9,8 @@ The protocol builds on the model presented in the previous chapter, and in parti
From the server's perspective, replicas are indistinguishable, so this protocol uses the term "client" to refer generically to all replicas replicating a single task history.
Each client is identified and authenticated with a "client key", known only to the server and to the replicas replicating the task history.
## Server
For each client, the server is responsible for storing the task history, in the form of a branch-free sequence of versions.
@ -66,11 +68,12 @@ If not found, the server returns a negative response.
The transactions above are realized for an HTTP server at `<origin>` using the HTTP requests and responses described here.
The `origin` *should* be an HTTPS endpoint on general principle, but nothing in the functonality or security of the protocol depends on connection encryption.
The replica identifies itself to the server using a `clientId` in the form of a UUID.
The replica identifies itself to the server using a `clientKey` in the form of a UUID.
This value is passed with every request in the `X-Client-Id` header, in its dashed-hex format.
### AddVersion
The request is a `POST` to `<origin>/client/<clientId>/add-version/<parentVersionId>`.
The request is a `POST` to `<origin>/client/add-version/<parentVersionId>`.
The request body contains the history segment, optionally encoded using any encoding supported by actix-web.
The content-type must be `application/vnd.taskchampion.history-segment`.
@ -84,7 +87,7 @@ Other error responses (4xx or 5xx) may be returned and should be treated appropr
### GetChildVersion
The request is a `GET` to `<origin>/client/<clientId>/get-child-version/<parentVersionId>`.
The request is a `GET` to `<origin>/client/get-child-version/<parentVersionId>`.
The response is 404 NOT FOUND if no such version exists.
Otherwise, the response is a 200 OK.
The version's history segment is returned in the response body, with content-type `application/vnd.taskchampion.history-segment`.

44
sync-server/src/api/add_version.rs
View file

@ -1,8 +1,8 @@
use crate::api::{
failure_to_ise, ServerState, HISTORY_SEGMENT_CONTENT_TYPE, PARENT_VERSION_ID_HEADER,
VERSION_ID_HEADER,
client_key_header, failure_to_ise, ServerState, HISTORY_SEGMENT_CONTENT_TYPE,
PARENT_VERSION_ID_HEADER, VERSION_ID_HEADER,
};
use crate::server::{add_version, AddVersionResult, ClientId, VersionId, NO_VERSION_ID};
use crate::server::{add_version, AddVersionResult, VersionId, NO_VERSION_ID};
use actix_web::{error, post, web, HttpMessage, HttpRequest, HttpResponse, Result};
use futures::StreamExt;
@ -19,11 +19,11 @@ const MAX_SIZE: usize = 100 * 1024 * 1024;
/// parent version ID in the `X-Parent-Version-Id` header.
///
/// Returns other 4xx or 5xx responses on other errors.
#[post("/client/{client_id}/add-version/{parent_version_id}")]
#[post("/client/add-version/{parent_version_id}")]
pub(crate) async fn service(
req: HttpRequest,
server_state: web::Data<ServerState>,
web::Path((client_id, parent_version_id)): web::Path<(ClientId, VersionId)>,
web::Path((parent_version_id,)): web::Path<(VersionId,)>,
mut payload: web::Payload,
) -> Result<HttpResponse> {
// check content-type
@ -31,6 +31,8 @@ pub(crate) async fn service(
return Err(error::ErrorBadRequest("Bad content-type"));
}
let client_key = client_key_header(&req)?;
// read the body in its entirety
let mut body = web::BytesMut::new();
while let Some(chunk) = payload.next().await {
@ -52,16 +54,16 @@ pub(crate) async fn service(
let mut txn = server_state.txn().map_err(failure_to_ise)?;
// get, or create, the client
let client = match txn.get_client(client_id).map_err(failure_to_ise)? {
let client = match txn.get_client(client_key).map_err(failure_to_ise)? {
Some(client) => client,
None => {
txn.new_client(client_id, NO_VERSION_ID)
txn.new_client(client_key, NO_VERSION_ID)
.map_err(failure_to_ise)?;
txn.get_client(client_id).map_err(failure_to_ise)?.unwrap()
txn.get_client(client_key).map_err(failure_to_ise)?.unwrap()
}
};
let result = add_version(txn, client_id, client, parent_version_id, body.to_vec())
let result = add_version(txn, client_key, client, parent_version_id, body.to_vec())
.map_err(failure_to_ise)?;
Ok(match result {
AddVersionResult::Ok(version_id) => HttpResponse::Ok()
@ -83,7 +85,7 @@ mod test {
#[actix_rt::test]
async fn test_success() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let version_id = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
@ -91,19 +93,20 @@ mod test {
// set up the storage contents..
{
let mut txn = server_box.txn().unwrap();
txn.new_client(client_id, Uuid::nil()).unwrap();
txn.new_client(client_key, Uuid::nil()).unwrap();
}
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!("/client/{}/add-version/{}", client_id, parent_version_id);
let uri = format!("/client/add-version/{}", parent_version_id);
let req = test::TestRequest::post()
.uri(&uri)
.header(
"Content-Type",
"application/vnd.taskchampion.history-segment",
)
.header("X-Client-Key", client_key.to_string())
.set_payload(b"abcd".to_vec())
.to_request();
let resp = test::call_service(&mut app, req).await;
@ -119,7 +122,7 @@ mod test {
#[actix_rt::test]
async fn test_conflict() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let version_id = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
@ -127,19 +130,20 @@ mod test {
// set up the storage contents..
{
let mut txn = server_box.txn().unwrap();
txn.new_client(client_id, version_id).unwrap();
txn.new_client(client_key, version_id).unwrap();
}
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!("/client/{}/add-version/{}", client_id, parent_version_id);
let uri = format!("/client/add-version/{}", parent_version_id);
let req = test::TestRequest::post()
.uri(&uri)
.header(
"Content-Type",
"application/vnd.taskchampion.history-segment",
)
.header("X-Client-Key", client_key.to_string())
.set_payload(b"abcd".to_vec())
.to_request();
let resp = test::call_service(&mut app, req).await;
@ -153,16 +157,17 @@ mod test {
#[actix_rt::test]
async fn test_bad_content_type() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!("/client/{}/add-version/{}", client_id, parent_version_id);
let uri = format!("/client/add-version/{}", parent_version_id);
let req = test::TestRequest::post()
.uri(&uri)
.header("Content-Type", "not/correct")
.header("X-Client-Key", client_key.to_string())
.set_payload(b"abcd".to_vec())
.to_request();
let resp = test::call_service(&mut app, req).await;
@ -171,19 +176,20 @@ mod test {
#[actix_rt::test]
async fn test_empty_body() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!("/client/{}/add-version/{}", client_id, parent_version_id);
let uri = format!("/client/add-version/{}", parent_version_id);
let req = test::TestRequest::post()
.uri(&uri)
.header(
"Content-Type",
"application/vnd.taskchampion.history-segment",
)
.header("X-Client-Key", client_key.to_string())
.to_request();
let resp = test::call_service(&mut app, req).await;
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);

61
sync-server/src/api/get_child_version.rs
View file

@ -1,9 +1,9 @@
use crate::api::{
failure_to_ise, ServerState, HISTORY_SEGMENT_CONTENT_TYPE, PARENT_VERSION_ID_HEADER,
VERSION_ID_HEADER,
client_key_header, failure_to_ise, ServerState, HISTORY_SEGMENT_CONTENT_TYPE,
PARENT_VERSION_ID_HEADER, VERSION_ID_HEADER,
};
use crate::server::{get_child_version, ClientId, VersionId};
use actix_web::{error, get, web, HttpResponse, Result};
use crate::server::{get_child_version, VersionId};
use actix_web::{error, get, web, HttpRequest, HttpResponse, Result};
/// Get a child version.
///
@ -13,18 +13,21 @@ use actix_web::{error, get, web, HttpResponse, Result};
///
/// If no such child exists, returns a 404 with no content.
/// Returns other 4xx or 5xx responses on other errors.
#[get("/client/{client_id}/get-child-version/{parent_version_id}")]
#[get("/client/get-child-version/{parent_version_id}")]
pub(crate) async fn service(
req: HttpRequest,
server_state: web::Data<ServerState>,
web::Path((client_id, parent_version_id)): web::Path<(ClientId, VersionId)>,
web::Path((parent_version_id,)): web::Path<(VersionId,)>,
) -> Result<HttpResponse> {
let mut txn = server_state.txn().map_err(failure_to_ise)?;
txn.get_client(client_id)
let client_key = client_key_header(&req)?;
txn.get_client(client_key)
.map_err(failure_to_ise)?
.ok_or_else(|| error::ErrorNotFound("no such client"))?;
let result = get_child_version(txn, client_id, parent_version_id).map_err(failure_to_ise)?;
let result = get_child_version(txn, client_key, parent_version_id).map_err(failure_to_ise)?;
if let Some(result) = result {
Ok(HttpResponse::Ok()
.content_type(HISTORY_SEGMENT_CONTENT_TYPE)
@ -49,7 +52,7 @@ mod test {
#[actix_rt::test]
async fn test_success() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let version_id = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
@ -57,19 +60,19 @@ mod test {
// set up the storage contents..
{
let mut txn = server_box.txn().unwrap();
txn.new_client(client_id, Uuid::new_v4()).unwrap();
txn.add_version(client_id, version_id, parent_version_id, b"abcd".to_vec())
txn.new_client(client_key, Uuid::new_v4()).unwrap();
txn.add_version(client_key, version_id, parent_version_id, b"abcd".to_vec())
.unwrap();
}
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!(
"/client/{}/get-child-version/{}",
client_id, parent_version_id
);
let req = test::TestRequest::get().uri(&uri).to_request();
let uri = format!("/client/get-child-version/{}", parent_version_id);
let req = test::TestRequest::get()
.uri(&uri)
.header("X-Client-Key", client_key.to_string())
.to_request();
let mut resp = test::call_service(&mut app, req).await;
assert_eq!(resp.status(), StatusCode::OK);
assert_eq!(
@ -92,17 +95,17 @@ mod test {
#[actix_rt::test]
async fn test_client_not_found() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!(
"/client/{}/get-child-version/{}",
client_id, parent_version_id
);
let req = test::TestRequest::get().uri(&uri).to_request();
let uri = format!("/client/get-child-version/{}", parent_version_id);
let req = test::TestRequest::get()
.uri(&uri)
.header("X-Client-Key", client_key.to_string())
.to_request();
let resp = test::call_service(&mut app, req).await;
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
assert_eq!(resp.headers().get("X-Version-Id"), None);
@ -111,23 +114,23 @@ mod test {
#[actix_rt::test]
async fn test_version_not_found() {
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let server_box: Box<dyn Storage> = Box::new(InMemoryStorage::new());
// create the client, but not the version
{
let mut txn = server_box.txn().unwrap();
txn.new_client(client_id, Uuid::new_v4()).unwrap();
txn.new_client(client_key, Uuid::new_v4()).unwrap();
}
let server_state = ServerState::new(server_box);
let mut app = test::init_service(App::new().service(app_scope(server_state))).await;
let uri = format!(
"/client/{}/get-child-version/{}",
client_id, parent_version_id
);
let req = test::TestRequest::get().uri(&uri).to_request();
let uri = format!("/client/get-child-version/{}", parent_version_id);
let req = test::TestRequest::get()
.uri(&uri)
.header("X-Client-Key", client_key.to_string())
.to_request();
let resp = test::call_service(&mut app, req).await;
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
assert_eq!(resp.headers().get("X-Version-Id"), None);

24
sync-server/src/api/mod.rs
View file

@ -1,5 +1,6 @@
use crate::server::ClientKey;
use crate::storage::Storage;
use actix_web::{error, http::StatusCode, web, Scope};
use actix_web::{error, http::StatusCode, web, HttpRequest, Result, Scope};
use std::sync::Arc;
mod add_version;
@ -9,10 +10,13 @@ mod get_child_version;
pub(crate) const HISTORY_SEGMENT_CONTENT_TYPE: &str =
"application/vnd.taskchampion.history-segment";
/// The header names for version ID
/// The header name for version ID
pub(crate) const VERSION_ID_HEADER: &str = "X-Version-Id";
/// The header names for parent version ID
/// The header name for client key
pub(crate) const CLIENT_KEY_HEADER: &str = "X-Client-Key";
/// The header name for parent version ID
pub(crate) const PARENT_VERSION_ID_HEADER: &str = "X-Parent-Version-Id";
/// The type containing a reference to the Storage object in the Actix state.
@ -28,3 +32,17 @@ pub(crate) fn api_scope() -> Scope {
fn failure_to_ise(err: failure::Error) -> impl actix_web::ResponseError {
error::InternalError::new(err, StatusCode::INTERNAL_SERVER_ERROR)
}
/// Get the client key
fn client_key_header(req: &HttpRequest) -> Result<ClientKey> {
fn badrequest() -> error::Error {
error::ErrorBadRequest("bad x-client-id")
}
if let Some(client_key_hdr) = req.headers().get(CLIENT_KEY_HEADER) {
let client_key = client_key_hdr.to_str().map_err(|_| badrequest())?;
let client_key = ClientKey::parse_str(client_key).map_err(|_| badrequest())?;
Ok(client_key)
} else {
Err(badrequest())
}
}

46
sync-server/src/server.rs
View file

@ -8,7 +8,7 @@ use uuid::Uuid;
pub const NO_VERSION_ID: VersionId = Uuid::nil();
pub(crate) type HistorySegment = Vec<u8>;
pub(crate) type ClientId = Uuid;
pub(crate) type ClientKey = Uuid;
pub(crate) type VersionId = Uuid;
/// Response to get_child_version
@ -21,11 +21,11 @@ pub(crate) struct GetVersionResult {
pub(crate) fn get_child_version<'a>(
mut txn: Box<dyn StorageTxn + 'a>,
client_id: ClientId,
client_key: ClientKey,
parent_version_id: VersionId,
) -> Fallible<Option<GetVersionResult>> {
Ok(txn
.get_version_by_parent(client_id, parent_version_id)?
.get_version_by_parent(client_key, parent_version_id)?
.map(|version| GetVersionResult {
version_id: version.version_id,
parent_version_id: version.parent_version_id,
@ -44,14 +44,14 @@ pub(crate) enum AddVersionResult {
pub(crate) fn add_version<'a>(
mut txn: Box<dyn StorageTxn + 'a>,
client_id: ClientId,
client_key: ClientKey,
client: Client,
parent_version_id: VersionId,
history_segment: HistorySegment,
) -> Fallible<AddVersionResult> {
log::debug!(
"add_version(client_id: {}, parent_version_id: {})",
client_id,
"add_version(client_key: {}, parent_version_id: {})",
client_key,
parent_version_id,
);
@ -71,8 +71,8 @@ pub(crate) fn add_version<'a>(
);
// update the DB
txn.add_version(client_id, version_id, parent_version_id, history_segment)?;
txn.set_client_latest_version_id(client_id, version_id)?;
txn.add_version(client_key, version_id, parent_version_id, history_segment)?;
txn.set_client_latest_version_id(client_key, version_id)?;
txn.commit()?;
Ok(AddVersionResult::Ok(version_id))
@ -87,9 +87,9 @@ mod test {
fn gcv_not_found() -> Fallible<()> {
let storage = InMemoryStorage::new();
let txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
assert_eq!(get_child_version(txn, client_id, parent_version_id)?, None);
assert_eq!(get_child_version(txn, client_key, parent_version_id)?, None);
Ok(())
}
@ -97,20 +97,20 @@ mod test {
fn gcv_found() -> Fallible<()> {
let storage = InMemoryStorage::new();
let mut txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let version_id = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let history_segment = b"abcd".to_vec();
txn.add_version(
client_id,
client_key,
version_id,
parent_version_id,
history_segment.clone(),
)?;
assert_eq!(
get_child_version(txn, client_id, parent_version_id)?,
get_child_version(txn, client_key, parent_version_id)?,
Some(GetVersionResult {
version_id,
parent_version_id,
@ -124,7 +124,7 @@ mod test {
fn av_conflict() -> Fallible<()> {
let storage = InMemoryStorage::new();
let mut txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let history_segment = b"abcd".to_vec();
let existing_parent_version_id = Uuid::new_v4();
@ -135,7 +135,7 @@ mod test {
assert_eq!(
add_version(
txn,
client_id,
client_key,
client,
parent_version_id,
history_segment.clone()
@ -145,9 +145,9 @@ mod test {
// verify that the storage wasn't updated
txn = storage.txn()?;
assert_eq!(txn.get_client(client_id)?, None);
assert_eq!(txn.get_client(client_key)?, None);
assert_eq!(
txn.get_version_by_parent(client_id, parent_version_id)?,
txn.get_version_by_parent(client_key, parent_version_id)?,
None
);
@ -157,7 +157,7 @@ mod test {
fn test_av_success(latest_version_id_nil: bool) -> Fallible<()> {
let storage = InMemoryStorage::new();
let mut txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let history_segment = b"abcd".to_vec();
let latest_version_id = if latest_version_id_nil {
@ -166,12 +166,12 @@ mod test {
parent_version_id
};
txn.new_client(client_id, latest_version_id)?;
let client = txn.get_client(client_id)?.unwrap();
txn.new_client(client_key, latest_version_id)?;
let client = txn.get_client(client_key)?.unwrap();
let result = add_version(
txn,
client_id,
client_key,
client,
parent_version_id,
history_segment.clone(),
@ -182,10 +182,10 @@ mod test {
// verify that the storage was updated
txn = storage.txn()?;
let client = txn.get_client(client_id)?.unwrap();
let client = txn.get_client(client_key)?.unwrap();
assert_eq!(client.latest_version_id, new_version_id);
let version = txn
.get_version_by_parent(client_id, parent_version_id)?
.get_version_by_parent(client_key, parent_version_id)?
.unwrap();
assert_eq!(version.version_id, new_version_id);
assert_eq!(version.parent_version_id, parent_version_id);

30
sync-server/src/storage/inmemory.rs
View file

@ -4,10 +4,10 @@ use std::collections::HashMap;
use std::sync::{Mutex, MutexGuard};
struct Inner {
/// Clients, indexed by client_id
/// Clients, indexed by client_key
clients: HashMap<Uuid, Client>,
/// Versions, indexed by (client_id, parent_version_id)
/// Versions, indexed by (client_key, parent_version_id)
versions: HashMap<(Uuid, Uuid), Version>,
}
@ -34,48 +34,48 @@ impl Storage for InMemoryStorage {
}
impl<'a> StorageTxn for InnerTxn<'a> {
fn get_client(&mut self, client_id: Uuid) -> Fallible<Option<Client>> {
Ok(self.0.clients.get(&client_id).cloned())
fn get_client(&mut self, client_key: Uuid) -> Fallible<Option<Client>> {
Ok(self.0.clients.get(&client_key).cloned())
}
fn new_client(&mut self, client_id: Uuid, latest_version_id: Uuid) -> Fallible<()> {
if self.0.clients.get(&client_id).is_some() {
return Err(format_err!("Client {} already exists", client_id));
fn new_client(&mut self, client_key: Uuid, latest_version_id: Uuid) -> Fallible<()> {
if self.0.clients.get(&client_key).is_some() {
return Err(format_err!("Client {} already exists", client_key));
}
self.0
.clients
.insert(client_id, Client { latest_version_id });
.insert(client_key, Client { latest_version_id });
Ok(())
}
fn set_client_latest_version_id(
&mut self,
client_id: Uuid,
client_key: Uuid,
latest_version_id: Uuid,
) -> Fallible<()> {
if let Some(client) = self.0.clients.get_mut(&client_id) {
if let Some(client) = self.0.clients.get_mut(&client_key) {
client.latest_version_id = latest_version_id;
Ok(())
} else {
Err(format_err!("Client {} does not exist", client_id))
Err(format_err!("Client {} does not exist", client_key))
}
}
fn get_version_by_parent(
&mut self,
client_id: Uuid,
client_key: Uuid,
parent_version_id: Uuid,
) -> Fallible<Option<Version>> {
Ok(self
.0
.versions
.get(&(client_id, parent_version_id))
.get(&(client_key, parent_version_id))
.cloned())
}
fn add_version(
&mut self,
client_id: Uuid,
client_key: Uuid,
version_id: Uuid,
parent_version_id: Uuid,
history_segment: Vec<u8>,
@ -88,7 +88,7 @@ impl<'a> StorageTxn for InnerTxn<'a> {
};
self.0
.versions
.insert((client_id, version.parent_version_id), version);
.insert((client_key, version.parent_version_id), version);
Ok(())
}

64
sync-server/src/storage/kv.rs
View file

@ -4,28 +4,28 @@ use kv::msgpack::Msgpack;
use kv::{Bucket, Config, Error, Serde, Store, ValueBuf};
use std::path::Path;
/// Key for versions: concatenation of client_id and parent_version_id
type VersionKey = [u8; 32];
/// DB Key for versions: concatenation of client_key and parent_version_id
type VersionDbKey = [u8; 32];
fn version_key(client_id: Uuid, parent_version_id: Uuid) -> VersionKey {
fn version_db_key(client_key: Uuid, parent_version_id: Uuid) -> VersionDbKey {
let mut key = [0u8; 32];
key[..16].clone_from_slice(client_id.as_bytes());
key[..16].clone_from_slice(client_key.as_bytes());
key[16..].clone_from_slice(parent_version_id.as_bytes());
key
}
/// Key for clients: just the client_id
type ClientKey = [u8; 16];
/// Key for clients: just the client_key
type ClientDbKey = [u8; 16];
fn client_key(client_id: Uuid) -> ClientKey {
*client_id.as_bytes()
fn client_db_key(client_key: Uuid) -> ClientDbKey {
*client_key.as_bytes()
}
/// KVStorage is an on-disk storage backend which uses LMDB via the `kv` crate.
pub(crate) struct KVStorage<'t> {
store: Store,
clients_bucket: Bucket<'t, ClientKey, ValueBuf<Msgpack<Client>>>,
versions_bucket: Bucket<'t, VersionKey, ValueBuf<Msgpack<Version>>>,
clients_bucket: Bucket<'t, ClientDbKey, ValueBuf<Msgpack<Client>>>,
versions_bucket: Bucket<'t, VersionDbKey, ValueBuf<Msgpack<Version>>>,
}
impl<'t> KVStorage<'t> {
@ -37,9 +37,9 @@ impl<'t> KVStorage<'t> {
let store = Store::new(config)?;
let clients_bucket =
store.bucket::<ClientKey, ValueBuf<Msgpack<Client>>>(Some("clients"))?;
store.bucket::<ClientDbKey, ValueBuf<Msgpack<Client>>>(Some("clients"))?;
let versions_bucket =
store.bucket::<VersionKey, ValueBuf<Msgpack<Version>>>(Some("versions"))?;
store.bucket::<VersionDbKey, ValueBuf<Msgpack<Version>>>(Some("versions"))?;
Ok(KVStorage {
store,
@ -73,17 +73,17 @@ impl<'t> Txn<'t> {
}
}
fn clients_bucket(&self) -> &'t Bucket<'t, ClientKey, ValueBuf<Msgpack<Client>>> {
fn clients_bucket(&self) -> &'t Bucket<'t, ClientDbKey, ValueBuf<Msgpack<Client>>> {
&self.storage.clients_bucket
}
fn versions_bucket(&self) -> &'t Bucket<'t, VersionKey, ValueBuf<Msgpack<Version>>> {
fn versions_bucket(&self) -> &'t Bucket<'t, VersionDbKey, ValueBuf<Msgpack<Version>>> {
&self.storage.versions_bucket
}
}
impl<'t> StorageTxn for Txn<'t> {
fn get_client(&mut self, client_id: Uuid) -> Fallible<Option<Client>> {
let key = client_key(client_id);
fn get_client(&mut self, client_key: Uuid) -> Fallible<Option<Client>> {
let key = client_db_key(client_key);
let bucket = self.clients_bucket();
let kvtxn = self.kvtxn();
@ -97,8 +97,8 @@ impl<'t> StorageTxn for Txn<'t> {
Ok(Some(client))
}
fn new_client(&mut self, client_id: Uuid, latest_version_id: Uuid) -> Fallible<()> {
let key = client_key(client_id);
fn new_client(&mut self, client_key: Uuid, latest_version_id: Uuid) -> Fallible<()> {
let key = client_db_key(client_key);
let bucket = self.clients_bucket();
let kvtxn = self.kvtxn();
let client = Client { latest_version_id };
@ -108,19 +108,19 @@ impl<'t> StorageTxn for Txn<'t> {
fn set_client_latest_version_id(
&mut self,
client_id: Uuid,
client_key: Uuid,
latest_version_id: Uuid,
) -> Fallible<()> {
// implementation is the same as new_client..
self.new_client(client_id, latest_version_id)
self.new_client(client_key, latest_version_id)
}
fn get_version_by_parent(
&mut self,
client_id: Uuid,
client_key: Uuid,
parent_version_id: Uuid,
) -> Fallible<Option<Version>> {
let key = version_key(client_id, parent_version_id);
let key = version_db_key(client_key, parent_version_id);
let bucket = self.versions_bucket();
let kvtxn = self.kvtxn();
let version = match kvtxn.get(&bucket, key) {
@ -135,12 +135,12 @@ impl<'t> StorageTxn for Txn<'t> {
fn add_version(
&mut self,
client_id: Uuid,
client_key: Uuid,
version_id: Uuid,
parent_version_id: Uuid,
history_segment: Vec<u8>,
) -> Fallible<()> {
let key = version_key(client_id, parent_version_id);
let key = version_db_key(client_key, parent_version_id);
let bucket = self.versions_bucket();
let kvtxn = self.kvtxn();
let version = Version {
@ -184,17 +184,17 @@ mod test {
let storage = KVStorage::new(&tmp_dir.path())?;
let mut txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let latest_version_id = Uuid::new_v4();
txn.new_client(client_id, latest_version_id)?;
txn.new_client(client_key, latest_version_id)?;
let client = txn.get_client(client_id)?.unwrap();
let client = txn.get_client(client_key)?.unwrap();
assert_eq!(client.latest_version_id, latest_version_id);
let latest_version_id = Uuid::new_v4();
txn.set_client_latest_version_id(client_id, latest_version_id)?;
txn.set_client_latest_version_id(client_key, latest_version_id)?;
let client = txn.get_client(client_id)?.unwrap();
let client = txn.get_client(client_key)?.unwrap();
assert_eq!(client.latest_version_id, latest_version_id);
Ok(())
@ -216,18 +216,18 @@ mod test {
let storage = KVStorage::new(&tmp_dir.path())?;
let mut txn = storage.txn()?;
let client_id = Uuid::new_v4();
let client_key = Uuid::new_v4();
let version_id = Uuid::new_v4();
let parent_version_id = Uuid::new_v4();
let history_segment = b"abc".to_vec();
txn.add_version(
client_id,
client_key,
version_id,
parent_version_id,
history_segment.clone(),
)?;
let version = txn
.get_version_by_parent(client_id, parent_version_id)?
.get_version_by_parent(client_key, parent_version_id)?
.unwrap();
assert_eq!(

10
sync-server/src/storage/mod.rs
View file

@ -24,29 +24,29 @@ pub(crate) struct Version {
pub(crate) trait StorageTxn {
/// Get information about the given client
fn get_client(&mut self, client_id: Uuid) -> Fallible<Option<Client>>;
fn get_client(&mut self, client_key: Uuid) -> Fallible<Option<Client>>;
/// Create a new client with the given latest_version_id
fn new_client(&mut self, client_id: Uuid, latest_version_id: Uuid) -> Fallible<()>;
fn new_client(&mut self, client_key: Uuid, latest_version_id: Uuid) -> Fallible<()>;
/// Set the client's latest_version_id
fn set_client_latest_version_id(
&mut self,
client_id: Uuid,
client_key: Uuid,
latest_version_id: Uuid,
) -> Fallible<()>;
/// Get a version, indexed by parent version id
fn get_version_by_parent(
&mut self,
client_id: Uuid,
client_key: Uuid,
parent_version_id: Uuid,
) -> Fallible<Option<Version>>;
/// Add a version (that must not already exist)
fn add_version(
&mut self,
client_id: Uuid,
client_key: Uuid,
version_id: Uuid,
parent_version_id: Uuid,
history_segment: Vec<u8>,

4
taskchampion/src/config.rs
View file

@ -20,8 +20,8 @@ pub enum ServerConfig {
/// Sync server "origin"; a URL with schema and hostname but no path or trailing `/`
origin: String,
/// Client ID to identify this replica to the server
client_id: Uuid,
/// Client Key to identify and authenticate this replica to the server
client_key: Uuid,
/// Private encryption secret used to encrypt all data sent to the server. This can
/// be any suitably un-guessable string of bytes.

4
taskchampion/src/server/mod.rs
View file

@ -18,8 +18,8 @@ pub fn from_config(config: ServerConfig) -> Fallible<Box<dyn Server>> {
ServerConfig::Local { server_dir } => Box::new(LocalServer::new(server_dir)?),
ServerConfig::Remote {
origin,
client_id,
client_key,
encryption_secret,
} => Box::new(RemoteServer::new(origin, client_id, encryption_secret)),
} => Box::new(RemoteServer::new(origin, client_key, encryption_secret)),
})
}

21
taskchampion/src/server/remote/mod.rs
View file

@ -8,7 +8,7 @@ use crypto::{HistoryCiphertext, HistoryCleartext, Secret};
pub struct RemoteServer {
origin: String,
client_id: Uuid,
client_key: Uuid,
encryption_secret: Secret,
agent: ureq::Agent,
}
@ -17,13 +17,13 @@ pub struct RemoteServer {
/// taskchampion-sync-server).
impl RemoteServer {
/// Construct a new RemoteServer. The `origin` is the sync server's protocol and hostname
/// without a trailing slash, such as `https://tcsync.example.com`. Pass a client_id to
/// without a trailing slash, such as `https://tcsync.example.com`. Pass a client_key to
/// identify this client to the server. Multiple replicas synchronizing the same task history
/// should use the same client_id.
pub fn new(origin: String, client_id: Uuid, encryption_secret: Vec<u8>) -> RemoteServer {
/// should use the same client_key.
pub fn new(origin: String, client_key: Uuid, encryption_secret: Vec<u8>) -> RemoteServer {
RemoteServer {
origin,
client_id,
client_key,
encryption_secret: encryption_secret.into(),
agent: ureq::agent(),
}
@ -56,10 +56,7 @@ impl Server for RemoteServer {
parent_version_id: VersionId,
history_segment: HistorySegment,
) -> Fallible<AddVersionResult> {
let url = format!(
"{}/client/{}/add-version/{}",
self.origin, self.client_id, parent_version_id
);
let url = format!("{}/client/add-version/{}", self.origin, parent_version_id);
let history_cleartext = HistoryCleartext {
parent_version_id,
history_segment,
@ -74,6 +71,7 @@ impl Server for RemoteServer {
"Content-Type",
"application/vnd.taskchampion.history-segment",
)
.set("X-Client-Key", &self.client_key.to_string())
.send_bytes(history_ciphertext.as_ref());
if resp.ok() {
let version_id = get_uuid_header(&resp, "X-Version-Id")?;
@ -88,14 +86,15 @@ impl Server for RemoteServer {
fn get_child_version(&mut self, parent_version_id: VersionId) -> Fallible<GetVersionResult> {
let url = format!(
"{}/client/{}/get-child-version/{}",
self.origin, self.client_id, parent_version_id
"{}/client/get-child-version/{}",
self.origin, parent_version_id
);
let resp = self
.agent
.get(&url)
.timeout_connect(10_000)
.timeout_read(60_000)
.set("X-Client-Key", &self.client_key.to_string())
.call();
if resp.ok() {