storj/satellite/console/consolewasm/access.go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.

package consolewasm

import (
	"encoding/base64"

	"storj.io/common/encryption"
	"storj.io/common/grant"
	"storj.io/common/macaroon"
	"storj.io/common/storj"
)

// GenAccessGrant creates a new access grant and returns it serialized form.
func GenAccessGrant(satelliteNodeURL, apiKey, encryptionPassphrase, base64EncodedSalt string) (string, error) {
	parsedAPIKey, err := macaroon.ParseAPIKey(apiKey)
	if err != nil {
		return "", err
	}

	key, err := DeriveRootKey(encryptionPassphrase, base64EncodedSalt)
	if err != nil {
		return "", err
	}

	encAccess := grant.NewEncryptionAccessWithDefaultKey(key)
	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
	encAccess.LimitTo(parsedAPIKey)

	accessString, err := (&grant.Access{
		SatelliteAddress: satelliteNodeURL,
		APIKey:           parsedAPIKey,
		EncAccess:        encAccess,
	}).Serialize()
	if err != nil {
		return "", err
	}
	return accessString, nil
}

// DeriveRootKey derives the root key portion of the access grant.
func DeriveRootKey(encryptionPassphrase, base64EncodedSalt string) (*storj.Key, error) {
	const concurrency = 8
	saltBytes, err := base64.StdEncoding.DecodeString(base64EncodedSalt)
	if err != nil {
		return nil, err
	}
	return encryption.DeriveRootKey([]byte(encryptionPassphrase), saltBytes, "", concurrency)
}
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`// Copyright (C) 2020 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

satellite/console/wasm: reduce size to <9MB Make changes so that we only import the necessary files from the console package so that the generated wasm code is as small as possible. This change gets the compiled wasm code down to 8.6MB uncompressed and 2MB when compressed with `gzip --best`. https://review.dev.storj.io/c/storj/storj/+/3396 Change-Id: Ifdd4be285810757b46bbbe43327c0d0139e5f8f7 2020-12-14 16:33:33 +00:00			`package consolewasm`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00
			`import (`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`"encoding/base64"`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00
			`"storj.io/common/encryption"`
satellite/wasm: support restricting full access grants to paths Change-Id: Id6d4fa41db068d32e7c0d542d9d8805fba927fc6 2021-03-25 22:57:25 +00:00			`"storj.io/common/grant"`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`"storj.io/common/macaroon"`
			`"storj.io/common/storj"`
			`)`

			`// GenAccessGrant creates a new access grant and returns it serialized form.`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`func GenAccessGrant(satelliteNodeURL, apiKey, encryptionPassphrase, base64EncodedSalt string) (string, error) {`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`parsedAPIKey, err := macaroon.ParseAPIKey(apiKey)`
			`if err != nil {`
			`return "", err`
			`}`

{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`key, err := DeriveRootKey(encryptionPassphrase, base64EncodedSalt)`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`if err != nil {`
			`return "", err`
			`}`

satellite/wasm: support restricting full access grants to paths Change-Id: Id6d4fa41db068d32e7c0d542d9d8805fba927fc6 2021-03-25 22:57:25 +00:00			`encAccess := grant.NewEncryptionAccessWithDefaultKey(key)`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`encAccess.SetDefaultPathCipher(storj.EncAESGCM)`
sat/console/consolewasm: restrict enc access to api key Change-Id: Ie263ffc7343e59ee9a90996b259bb04258a78f29 2021-02-11 22:52:32 +00:00			`encAccess.LimitTo(parsedAPIKey)`

satellite/wasm: support restricting full access grants to paths Change-Id: Id6d4fa41db068d32e7c0d542d9d8805fba927fc6 2021-03-25 22:57:25 +00:00			`accessString, err := (&grant.Access{`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`SatelliteAddress: satelliteNodeURL,`
			`APIKey: parsedAPIKey,`
			`EncAccess: encAccess,`
sat/console/consolewasm: restrict enc access to api key Change-Id: Ie263ffc7343e59ee9a90996b259bb04258a78f29 2021-02-11 22:52:32 +00:00			`}).Serialize()`
satellite/cosole: add tests for wasm access code Change-Id: I78f71b2f0bef03b6e87cd7d79ccaef5f45393b55 2020-11-11 13:45:03 +00:00			`if err != nil {`
			`return "", err`
			`}`
			`return accessString, nil`
			`}`
web/satellite: add consent screen for oauth When an application wants to interact with resources on behalf of an end-user, it needs to be granted access. In OAuth, this is done when a user submits the consent screen. Change-Id: Id838772f76999f63f5c9dbdda0995697b41c123a 2022-02-14 20:06:35 +00:00
			`// DeriveRootKey derives the root key portion of the access grant.`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`func DeriveRootKey(encryptionPassphrase, base64EncodedSalt string) (*storj.Key, error) {`
			`const concurrency = 8`
			`saltBytes, err := base64.StdEncoding.DecodeString(base64EncodedSalt)`
web/satellite: add consent screen for oauth When an application wants to interact with resources on behalf of an end-user, it needs to be granted access. In OAuth, this is done when a user submits the consent screen. Change-Id: Id838772f76999f63f5c9dbdda0995697b41c123a 2022-02-14 20:06:35 +00:00			`if err != nil {`
			`return nil, err`
			`}`
{satellite/console,web/satellite}: get project salt from satellite Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a 2022-09-13 14:12:14 +01:00			`return encryption.DeriveRootKey([]byte(encryptionPassphrase), saltBytes, "", concurrency)`
web/satellite: add consent screen for oauth When an application wants to interact with resources on behalf of an end-user, it needs to be granted access. In OAuth, this is done when a user submits the consent screen. Change-Id: Id838772f76999f63f5c9dbdda0995697b41c123a 2022-02-14 20:06:35 +00:00			`}`