Decrypt join records

commonspace/acl/aclclient/acjoiningclient.go

@@ -19,34 +19,34 @@ import (
 
 const CName = "common.acl.aclclient"
 
-type AclInvitingClient interface {
+type AclJoiningClient interface {
 	app.Component
 	AclGetRecords(ctx context.Context, spaceId, aclHead string) ([]*consensusproto.RawRecordWithId, error)
 	RequestJoin(ctx context.Context, spaceId string, payload list.RequestJoinPayload) error
 }
 
-type aclInvitingClient struct {
+type aclJoiningClient struct {
 	nodeConf nodeconf.Service
 	pool     pool.Pool
 	keys     *accountdata.AccountKeys
 }
 
-func NewAclInvitingClient() AclInvitingClient {
-	return &aclInvitingClient{}
+func NewAclJoiningClient() AclJoiningClient {
+	return &aclJoiningClient{}
 }
 
-func (c *aclInvitingClient) Name() (name string) {
+func (c *aclJoiningClient) Name() (name string) {
 	return CName
 }
 
-func (c *aclInvitingClient) Init(a *app.App) (err error) {
+func (c *aclJoiningClient) Init(a *app.App) (err error) {
 	c.pool = a.MustComponent(pool.CName).(pool.Pool)
 	c.nodeConf = a.MustComponent(nodeconf.CName).(nodeconf.Service)
 	c.keys = a.MustComponent(accountservice.CName).(accountservice.Service).Account()
 	return nil
 }
 
-func (c *aclInvitingClient) AclGetRecords(ctx context.Context, spaceId, aclHead string) (recs []*consensusproto.RawRecordWithId, err error) {
+func (c *aclJoiningClient) AclGetRecords(ctx context.Context, spaceId, aclHead string) (recs []*consensusproto.RawRecordWithId, err error) {
 	var res *spacesyncproto.AclGetRecordsResponse
 	err = c.doClient(ctx, aclHead, func(cl spacesyncproto.DRPCSpaceSyncClient) error {
 		var err error
@@ -70,7 +70,7 @@ func (c *aclInvitingClient) AclGetRecords(ctx context.Context, spaceId, aclHead
 	return
 }
 
-func (c *aclInvitingClient) RequestJoin(ctx context.Context, spaceId string, payload list.RequestJoinPayload) (err error) {
+func (c *aclJoiningClient) RequestJoin(ctx context.Context, spaceId string, payload list.RequestJoinPayload) (err error) {
 	res, err := c.AclGetRecords(ctx, spaceId, "")
 	if err != nil {
 		return err
@@ -87,7 +87,11 @@ func (c *aclInvitingClient) RequestJoin(ctx context.Context, spaceId string, pay
 		return err
 	}
 	pubIdentity := payload.InviteKey.GetPublic()
-	for _, rec := range acl.AclState().JoinRecords() {
+	joinRecs, err := acl.AclState().JoinRecords(false)
+	if err != nil {
+		return err
+	}
+	for _, rec := range joinRecs {
 		if rec.RequestIdentity.Equals(pubIdentity) {
 			// that means that we already requested to join
 			return nil
@@ -110,7 +114,7 @@ func (c *aclInvitingClient) RequestJoin(ctx context.Context, spaceId string, pay
 	})
 }
 
-func (c *aclInvitingClient) doClient(ctx context.Context, spaceId string, f func(cl spacesyncproto.DRPCSpaceSyncClient) error) error {
+func (c *aclJoiningClient) doClient(ctx context.Context, spaceId string, f func(cl spacesyncproto.DRPCSpaceSyncClient) error) error {
 	p, err := c.pool.GetOneOf(ctx, c.nodeConf.NodeIds(spaceId))
 	if err != nil {
 		return err

commonspace/acl/aclwaiter/aclwaiter.go

@@ -32,7 +32,7 @@ type AclWaiter interface {
 }
 
 type aclWaiter struct {
-	client aclclient.AclInvitingClient
+	client aclclient.AclJoiningClient
 	keys   *accountdata.AccountKeys
 
 	periodicCall periodicsync.PeriodicSync
@@ -53,7 +53,7 @@ func New(spaceId string, onFinish func() error) AclWaiter {
 }
 
 func (a *aclWaiter) Init(app *app.App) (err error) {
-	a.client = app.MustComponent(aclclient.CName).(aclclient.AclInvitingClient)
+	a.client = app.MustComponent(aclclient.CName).(aclclient.AclJoiningClient)
 	a.keys = app.MustComponent(accountservice.CName).(accountservice.Service).Account()
 	a.periodicCall = periodicsync.NewPeriodicSync(checkIntervalSecs, timeout, a.loop, log.With(zap.String("spaceId", a.spaceId)))
 	return nil

commonspace/object/acl/list/aclstate.go

@@ -401,6 +401,7 @@ func (st *AclState) applyRequestJoin(ch *aclrecordproto.AclAccountRequestJoin, r
 	st.requestRecords[record.Id] = RequestRecord{
 		RequestIdentity: record.Identity,
 		RequestMetadata: ch.Metadata,
+		KeyRecordId:     st.CurrentReadKeyId(),
 		Type:            RequestTypeJoin,
 	}
 	return nil
@@ -420,7 +421,7 @@ func (st *AclState) applyRequestAccept(ch *aclrecordproto.AclAccountRequestAccep
 		PubKey:          acceptIdentity,
 		Permissions:     AclPermissions(ch.Permissions),
 		RequestMetadata: requestRecord.RequestMetadata,
-		KeyRecordId:     st.CurrentReadKeyId(),
+		KeyRecordId:     requestRecord.KeyRecordId,
 	}
 	delete(st.pendingRequests, mapKeyFromPubKey(st.requestRecords[ch.RequestRecordId].RequestIdentity))
 	if !st.pubKey.Equals(acceptIdentity) {
@@ -601,10 +602,21 @@ func (st *AclState) Permissions(identity crypto.PubKey) AclPermissions {
 	return state.Permissions
 }
 
-func (st *AclState) JoinRecords() (records []RequestRecord) {
+func (st *AclState) JoinRecords(decrypt bool) (records []RequestRecord, err error) {
 	for _, recId := range st.pendingRequests {
 		rec := st.requestRecords[recId]
 		if rec.Type == RequestTypeJoin {
+			if decrypt {
+				aclKeys := st.keys[rec.KeyRecordId]
+				if aclKeys.MetadataPrivKey == nil {
+					return nil, ErrFailedToDecrypt
+				}
+				res, err := aclKeys.MetadataPrivKey.Decrypt(rec.RequestMetadata)
+				if err != nil {
+					return nil, err
+				}
+				rec.RequestMetadata = res
+			}
 			records = append(records, rec)
 		}
 	}

commonspace/object/acl/list/models.go

@@ -19,6 +19,7 @@ type AclRecord struct {
 type RequestRecord struct {
 	RequestIdentity crypto.PubKey
 	RequestMetadata []byte
+	KeyRecordId     string
 	Type            RequestType
 }