Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Z
ZKAPAuthorizer
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
Administrator
ZKAPAuthorizer
Commits
3c3da497
Commit
3c3da497
authored
6 years ago
by
Jean-Paul Calderone
Browse files
Options
Downloads
Patches
Plain Diff
docstrings
parent
92642b77
Branches
Branches containing commit
No related tags found
1 merge request
!4
Cryptoless Tahoe-LAFS storage server plugin
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
src/_secureaccesstokenauthorizer/_storage_server.py
+59
-1
59 additions, 1 deletion
src/_secureaccesstokenauthorizer/_storage_server.py
with
59 additions
and
1 deletion
src/_secureaccesstokenauthorizer/_storage_server.py
+
59
−
1
View file @
3c3da497
...
...
@@ -118,6 +118,15 @@ def add_arguments(schema, kwargs):
class
RITokenAuthorizedStorageServer
(
RemoteInterface
):
"""
An object which can store and retrieve shares, subject to token-based
authorization.
This is much the same as ``allmydata.interfaces.RIStorageServer`` but
several of its methods take an additional ``tokens`` parameter. Clients
are expected to supply suitable tokens and only after the tokens have been
validated is service provided.
"""
__remote_name__
=
(
"
RITokenAuthorizedStorageServer.tahoe.privatestorage.io
"
)
...
...
@@ -148,37 +157,86 @@ class RITokenAuthorizedStorageServer(RemoteInterface):
# attributes on self and it's hard to avoid that.
@attr.s
(
cmp
=
False
)
class
SecureAccessTokenAuthorizerStorageServer
(
Referenceable
):
"""
A class which wraps an ``RIStorageServer`` to insert token validity checks
before allowing certain functionality.
"""
_original
=
attr
.
ib
(
validator
=
provides
(
RIStorageServer
))
def
_validate_tokens
(
self
,
tokens
):
pass
"""
Check that all of the given tokens are valid.
:raise InvalidToken: If any token in ``tokens`` is not valid.
:return NoneType: If all of the tokens in ``tokens`` are valid.
:note: This is yet to be implemented so it always returns ``None``.
"""
return
None
def
remote_get_version
(
self
):
"""
Pass through without token check to allow clients to learn about our
version and configuration in case it helps them decide how to behave.
"""
return
self
.
_original
.
remote_get_version
()
def
remote_allocate_buckets
(
self
,
tokens
,
*
a
,
**
kw
):
"""
Pass through after a token check to ensure that clients can only allocate
storage for immutable shares if they present valid tokens.
"""
self
.
_validate_tokens
(
tokens
)
return
self
.
_original
.
remote_allocate_buckets
(
*
a
,
**
kw
)
def
remote_get_buckets
(
self
,
storage_index
):
"""
Pass through without token check to let clients read immutable shares as
long as those shares exist.
"""
return
self
.
_original
.
remote_get_buckets
(
storage_index
)
def
remote_add_lease
(
self
,
tokens
,
*
a
,
**
kw
):
"""
Pass through after a token check to ensure clients can only extend the
duration of share storage if they present valid tokens.
"""
self
.
_validate_tokens
(
tokens
)
return
self
.
_original
.
remote_add_lease
(
*
a
,
**
kw
)
def
remote_renew_lease
(
self
,
tokens
,
*
a
,
**
kw
):
"""
Pass through after a token check to ensure clients can only extend the
duration of share storage if they present valid tokens.
"""
self
.
_validate_tokens
(
tokens
)
return
self
.
_original
.
remote_renew_lease
(
*
a
,
**
kw
)
def
remote_advise_corrupt_share
(
self
,
*
a
,
**
kw
):
"""
Pass through without a token check to let clients inform us of possible
issues with the system without incurring any cost to themselves.
"""
return
self
.
_original
.
remote_advise_corrupt_share
(
*
a
,
**
kw
)
def
remote_slot_testv_and_readv_and_writev
(
self
,
tokens
,
*
a
,
**
kw
):
"""
Pass through after a token check to ensure clients can only allocate
storage for mutable shares if they present valid tokens.
:note: This method can be used both to allocate storage and to rewrite
data in already-allocated storage. These cases may not be the
same from the perspective of token validation.
"""
self
.
_validate_tokens
(
tokens
)
return
self
.
_original
.
remote_slot_testv_and_readv_and_writev
(
*
a
,
**
kw
)
def
remote_slot_readv
(
self
,
*
a
,
**
kw
):
"""
Pass through without a token check to let clients read mutable shares as
long as those shares exist.
"""
return
self
.
_original
.
remote_slot_readv
(
*
a
,
**
kw
)
# I don't understand why this is required.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment