Nats Native Behaviors + Peer is Stateless
This commit is contained in:
@@ -7,6 +7,7 @@ import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"slices"
|
||||
"strings"
|
||||
|
||||
"runtime/debug"
|
||||
@@ -34,6 +35,7 @@ import (
|
||||
"github.com/beego/beego/v2/server/web/filter/cors"
|
||||
"github.com/google/uuid"
|
||||
"github.com/goraz/onion"
|
||||
"github.com/libp2p/go-libp2p/core/crypto"
|
||||
"github.com/rs/zerolog"
|
||||
)
|
||||
|
||||
@@ -641,7 +643,7 @@ func GetConcatenatedName(peerId string, namespace string) string {
|
||||
return peerId + "-" + n
|
||||
}
|
||||
|
||||
// ------------- Loading resources ----------
|
||||
// ------------- Loading resources ----------GetAccessor
|
||||
|
||||
func LoadOneStorage(storageId string, user string, peerID string, groups []string) (*resources.StorageResource, error) {
|
||||
|
||||
@@ -690,3 +692,76 @@ func LoadOneData(dataId string, user string, peerID string, groups []string) (*r
|
||||
return res.ToDataResource(), nil
|
||||
|
||||
}
|
||||
|
||||
// verify signature...
|
||||
func InitNATSDecentralizedEmitter(authorizedDT ...tools.DataType) {
|
||||
tools.NewNATSCaller().ListenNats(map[tools.NATSMethod]func(tools.NATSResponse){
|
||||
tools.CREATE_RESOURCE: func(resp tools.NATSResponse) {
|
||||
if resp.FromApp == config.GetAppName() || !slices.Contains(authorizedDT, resp.Datatype) {
|
||||
return
|
||||
}
|
||||
p := map[string]interface{}{}
|
||||
if err := json.Unmarshal(resp.Payload, &p); err == nil {
|
||||
if err := verify(resp.Payload); err != nil {
|
||||
return // don't trust anyone... only friends and foes are privilege
|
||||
}
|
||||
access := NewRequestAdmin(LibDataEnum(resp.Datatype), nil)
|
||||
if data := access.Search(nil, fmt.Sprintf("%v", p[resp.SearchAttr]), false); len(data.Data) > 0 {
|
||||
delete(p, "id")
|
||||
access.UpdateOne(p, data.Data[0].GetID())
|
||||
} else {
|
||||
access.StoreOne(p)
|
||||
}
|
||||
}
|
||||
},
|
||||
tools.REMOVE_RESOURCE: func(resp tools.NATSResponse) {
|
||||
if resp.FromApp == config.GetAppName() || !slices.Contains(authorizedDT, resp.Datatype) {
|
||||
return
|
||||
}
|
||||
if err := verify(resp.Payload); err != nil {
|
||||
return // don't trust anyone... only friends and foes are privilege
|
||||
}
|
||||
p := map[string]interface{}{}
|
||||
access := NewRequestAdmin(LibDataEnum(resp.Datatype), nil)
|
||||
err := json.Unmarshal(resp.Payload, &p)
|
||||
if err == nil {
|
||||
if data := access.Search(nil, fmt.Sprintf("%v", p[resp.SearchAttr]), false); len(data.Data) > 0 {
|
||||
access.DeleteOne(fmt.Sprintf("%v", p[resp.SearchAttr]))
|
||||
}
|
||||
}
|
||||
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func verify(payload []byte) error {
|
||||
var obj utils.AbstractObject
|
||||
if err := json.Unmarshal(payload, &obj); err == nil {
|
||||
obj.Unsign()
|
||||
origin := NewRequestAdmin(LibDataEnum(PEER), nil).LoadOne(obj.GetCreatorID())
|
||||
if origin.Data == nil || origin.Data.(*peer.Peer).Relation != peer.PARTNER {
|
||||
return errors.New("don't know personnaly this guy") // don't trust anyone... only friends and foes are privilege
|
||||
}
|
||||
data, err := base64.StdEncoding.DecodeString(origin.Data.(*peer.Peer).PublicKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pk, err := crypto.UnmarshalPublicKey(data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
b, err := json.Marshal(obj)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if ok, err := pk.Verify(b, obj.GetSignature()); err != nil {
|
||||
return err
|
||||
} else if !ok {
|
||||
return errors.New("signature is not corresponding to public key")
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
} else {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user