anyproto/any-sync
1
0
Fork 0
mirror of https://github.com/anyproto/any-sync.git synced 2025-06-08 05:57:03 +09:00
Code Activity

Encrypt read key with invites on key change

Browse source
This commit is contained in:
Mikhail Rakhmanov 2025-05-12 13:29:41 +02:00
parent c2dc1770b6
commit ac68d0850b
No known key found for this signature in database
GPG key ID: DED12CFEF5B8396B
2 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

23
commonspace/object/acl/list/aclrecordbuilder.go
View file

@ -626,7 +626,10 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
if err != nil { if err != nil {
return nil, err return nil, err
} }
var aclReadKeys []*aclrecordproto.AclEncryptedReadKey var (
aclReadKeys []*aclrecordproto.AclEncryptedReadKey
invites []*aclrecordproto.AclEncryptedReadKey
)
for identity, st := range a.state.accountStates { for identity, st := range a.state.accountStates {
if removedIdentities != nil { if removedIdentities != nil {
if _, exists := removedIdentities[identity]; exists { if _, exists := removedIdentities[identity]; exists {
@ -649,6 +652,23 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
EncryptedReadKey: enc, EncryptedReadKey: enc,
}) })
} }
for _, invite := range a.state.invites {
if invite.Type != aclrecordproto.AclInviteType_AnyoneCanJoin {
continue
}
protoIdentity, err := invite.Key.Marshall()
if err != nil {
return nil, err
}
enc, err := invite.Key.Encrypt(protoKey)
if err != nil {
return nil, err
}
invites = append(invites, &aclrecordproto.AclEncryptedReadKey{
Identity: protoIdentity,
EncryptedReadKey: enc,
})
}
// encrypting metadata key with new read key // encrypting metadata key with new read key
mkPubKey, err := payload.MetadataKey.GetPublic().Marshall() mkPubKey, err := payload.MetadataKey.GetPublic().Marshall()
if err != nil { if err != nil {
@ -680,6 +700,7 @@ func (a *aclRecordBuilder) buildReadKeyChange(payload ReadKeyChangePayload, remo
MetadataPubKey: mkPubKey, MetadataPubKey: mkPubKey,
EncryptedMetadataPrivKey: encPrivKey, EncryptedMetadataPrivKey: encPrivKey,
EncryptedOldReadKey: encOldKey, EncryptedOldReadKey: encOldKey,
InviteKeys: invites,
} }
return readRec, nil return readRec, nil
} }

6
commonspace/object/acl/list/acltestsuite_test.go
View file

@ -53,6 +53,7 @@ func TestAclExecutor(t *testing.T) {
{"a.init::a", nil}, {"a.init::a", nil},
// creating an invite // creating an invite
{"a.invite::invId", nil}, {"a.invite::invId", nil},
{"a.invite_anyone::oldInvId", nil},
// cannot self join // cannot self join
{"a.join::invId", ErrInsufficientPermissions}, {"a.join::invId", ErrInsufficientPermissions},
// now b can join // now b can join
@ -130,7 +131,12 @@ func TestAclExecutor(t *testing.T) {
{"a.changes::r,g", ErrInsufficientPermissions}, {"a.changes::r,g", ErrInsufficientPermissions},
{"a.invite_anyone::invAnyoneId", nil}, {"a.invite_anyone::invAnyoneId", nil},
{"new.invite_join::invAnyoneId", nil}, {"new.invite_join::invAnyoneId", nil},
// invite keys persist after user removal
{"a.remove::new", nil},
{"new1.invite_join::invAnyoneId", nil}, {"new1.invite_join::invAnyoneId", nil},
{"a.revoke::invAnyoneId", nil},
{"new2.invite_join::invAnyoneId", ErrNoSuchInvite},
{"new2.invite_join::oldInvId", nil},
} }
for _, cmd := range cmds { for _, cmd := range cmds {
err := a.Execute(cmd.cmd) err := a.Execute(cmd.cmd)