// Copyright (C) 2019 Storj Labs, Inc. // See LICENSE for copying information. package mobile import ( "time" libuplink "storj.io/storj/lib/uplink" "storj.io/storj/pkg/macaroon" ) // Caveat TODO type Caveat struct { DisallowReads bool DisallowWrites bool DisallowLists bool DisallowDeletes bool AllowedPaths []*CaveatPath // if set, the validity time window NotAfter int64 NotBefore int64 // nonce is set to some random bytes so that you can make arbitrarily // many restricted macaroons with the same (or no) restrictions. Nonce []byte } // CaveatPath If any entries exist, require all access to happen in at least // one of them. type CaveatPath struct { Bucket []byte EncryptedPathPrefix []byte } // NewCaveat TODO func NewCaveat() *Caveat { return &Caveat{ AllowedPaths: make([]*CaveatPath, 0), } } // AddCaveatPath TODO func (caveat Caveat) AddCaveatPath(path *CaveatPath) { caveat.AllowedPaths = append(caveat.AllowedPaths, path) } // APIKey represents an access credential to certain resources type APIKey struct { lib *libuplink.APIKey } // Serialize serializes the API key to a string func (a APIKey) Serialize() string { return a.lib.Serialize() } // IsZero returns if the api key is an uninitialized value func (a *APIKey) IsZero() bool { return a.lib.IsZero() } // ParseAPIKey parses an API key func ParseAPIKey(val string) (*APIKey, error) { k, err := libuplink.ParseAPIKey(val) if err != nil { return nil, safeError(err) } return &APIKey{lib: &k}, nil } // Restrict generates a new APIKey with the provided Caveat attached. func (a APIKey) Restrict(caveat *Caveat) (*APIKey, error) { paths := make([]*macaroon.Caveat_Path, 0) for _, path := range caveat.AllowedPaths { paths = append(paths, &macaroon.Caveat_Path{ Bucket: path.Bucket, EncryptedPathPrefix: path.EncryptedPathPrefix, }) } libCaveat := macaroon.Caveat{ DisallowReads: caveat.DisallowReads, DisallowWrites: caveat.DisallowWrites, DisallowLists: caveat.DisallowLists, DisallowDeletes: caveat.DisallowDeletes, AllowedPaths: paths, Nonce: caveat.Nonce, } if caveat.NotAfter != 0 { notAfter := time.Unix(caveat.NotAfter, 0) libCaveat.NotAfter = ¬After } if caveat.NotBefore != 0 { notBefore := time.Unix(caveat.NotBefore, 0) libCaveat.NotBefore = ¬Before } k, err := a.lib.Restrict(libCaveat) if err != nil { return nil, safeError(err) } return &APIKey{lib: &k}, nil }