From e1a0085405726659571f82b6c2ecfb207e3d93da Mon Sep 17 00:00:00 2001 From: gammazero Date: Mon, 28 Aug 2023 21:50:28 -0700 Subject: [PATCH] Separate encrypted and non-encrypted paths Do not rely on dbl-sha2-256 codec to determine if querying for encrypted or non-encrypted multihash. Use URL path instead. --- server/server.go | 24 +++++++++++++------ server/server_test.go | 54 ++++++++++++++++++++++++++++++++++++------- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/server/server.go b/server/server.go index feb1cb9..c73fe58 100644 --- a/server/server.go +++ b/server/server.go @@ -8,7 +8,6 @@ import ( "net" "net/http" "path" - "strings" "time" logging "github.com/ipfs/go-log/v2" @@ -75,9 +74,12 @@ func New(dhs dhstore.DHStore, addr string, options ...Option) (*Server, error) { }, } - mux.HandleFunc("/cid/", s.handleMhOrCidSubtree) + mux.HandleFunc("/cid/", s.handleNoEncMhOrCidSubtree) + mux.HandleFunc("/encrypted/cid/", s.handleEncMhOrCidSubtree) mux.HandleFunc("/multihash", s.handleMh) - mux.HandleFunc("/multihash/", s.handleMhOrCidSubtree) + mux.HandleFunc("/encrypted/multihash", s.handleMh) + mux.HandleFunc("/multihash/", s.handleNoEncMhOrCidSubtree) + mux.HandleFunc("/encrypted/multihash/", s.handleEncMhOrCidSubtree) mux.HandleFunc("/metadata", s.handleMetadata) mux.HandleFunc("/metadata/", s.handleMetadataSubtree) mux.HandleFunc("/ready", s.handleReady) @@ -132,7 +134,15 @@ func (s *Server) handleMh(w http.ResponseWriter, r *http.Request) { } } -func (s *Server) handleMhOrCidSubtree(w http.ResponseWriter, r *http.Request) { +func (s *Server) handleEncMhOrCidSubtree(w http.ResponseWriter, r *http.Request) { + s.handleMhOrCidSubtree(w, r, true) +} + +func (s *Server) handleNoEncMhOrCidSubtree(w http.ResponseWriter, r *http.Request) { + s.handleMhOrCidSubtree(w, r, false) +} + +func (s *Server) handleMhOrCidSubtree(w http.ResponseWriter, r *http.Request, encrypted bool) { if r.Method != http.MethodGet { w.Header().Set("Allow", http.MethodGet) http.Error(w, "", http.StatusMethodNotAllowed) @@ -146,7 +156,7 @@ func (s *Server) handleMhOrCidSubtree(w http.ResponseWriter, r *http.Request) { return } - if rspWriter.MultihashCode() == multihash.DBL_SHA2_256 { + if encrypted { s.lookupMh(newEncResponseWriter(rspWriter), r) return } @@ -370,7 +380,7 @@ func (s *Server) handleMetadataSubtree(w http.ResponseWriter, r *http.Request) { } func (s *Server) handleGetMetadata(w http.ResponseWriter, r *http.Request) { - sk := strings.TrimPrefix(path.Base(r.URL.Path), "metadata/") + sk := path.Base(r.URL.Path) hvk, err := base58.Decode(sk) if err != nil { http.Error(w, fmt.Sprintf("cannot decode key %s as bas58: %s", sk, err.Error()), http.StatusBadRequest) @@ -394,7 +404,7 @@ func (s *Server) handleGetMetadata(w http.ResponseWriter, r *http.Request) { } func (s *Server) handleDeleteMetadata(w http.ResponseWriter, r *http.Request) { - sk := strings.TrimPrefix(path.Base(r.URL.Path), "metadata/") + sk := path.Base(r.URL.Path) b, err := base58.Decode(sk) if err != nil { http.Error(w, fmt.Sprintf("cannot decode key %s as bas58: %s", sk, err.Error()), http.StatusBadRequest) diff --git a/server/server_test.go b/server/server_test.go index aefae74..9f2d432 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -43,6 +43,12 @@ func TestNewServeMux(t *testing.T) { onTarget: "/multihash", expectStatus: http.StatusMethodNotAllowed, }, + { + name: "GET /encrypted/multihash is 405", + onMethod: http.MethodGet, + onTarget: "/multihash", + expectStatus: http.StatusMethodNotAllowed, + }, { name: "PUT /multihash with no body is 400", onMethod: http.MethodPut, @@ -64,6 +70,14 @@ func TestNewServeMux(t *testing.T) { expectStatus: http.StatusBadRequest, expectBody: "at least one merge must be specified", }, + { + name: "PUT /multihash with no merges is 400", + onMethod: http.MethodPut, + onTarget: "/multihash", + onBody: "{}", + expectStatus: http.StatusBadRequest, + expectBody: "at least one merge must be specified", + }, { name: "PUT /multihash with invalid multihash is 400", onMethod: http.MethodPut, @@ -135,20 +149,20 @@ func TestNewServeMux(t *testing.T) { dhfind: true, }, { - name: "GET /multihash/subtree with valid absent dbl-sha2-256 multihash is 404", + name: "GET /encrypted/multihash/subtree with valid absent dbl-sha2-256 multihash is 404", onMethod: http.MethodGet, - onTarget: "/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", + onTarget: "/encrypted/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", expectStatus: http.StatusNotFound, }, { - name: "GET /multihash/subtree with valid present dbl-sha2-256 multihash is 200", + name: "GET /encrypted/multihash/subtree with valid present dbl-sha2-256 multihash is 200", onStore: func(t *testing.T, store dhstore.DHStore) { mh, err := multihash.FromB58String("2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82") require.NoError(t, err) require.NoError(t, store.MergeIndexes([]dhstore.Index{{Key: mh, Value: []byte("fish")}})) }, onMethod: http.MethodGet, - onTarget: "/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", + onTarget: "/encrypted/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", expectStatus: http.StatusOK, expectBody: `{"EncryptedMultihashResults": [{ "Multihash": "ViAJKqT0hRtxENbtjWwvnRogQknxUnhswNrose3ZjEP8Iw==", "EncryptedValueKeys": ["ZmlzaA=="] }]}`, expectJSON: true, @@ -169,6 +183,22 @@ func TestNewServeMux(t *testing.T) { expectStatus: http.StatusBadRequest, expectBody: "varint not minimally encoded", }, + { + name: "streaming GET /encrypted/multihash/subtree with bad length is 400", + onAcceptHeader: "application/x-ndjson", + onMethod: http.MethodGet, + onTarget: "/encrypted/multihash/asda", + expectStatus: http.StatusBadRequest, + expectBody: "length greater than remaining number of bytes in buffer", + }, + { + name: "streaming GET /encrypted/multihash/subtree with invalid varint is 400", + onAcceptHeader: "application/x-ndjson", + onMethod: http.MethodGet, + onTarget: "/encrypted/multihash/Quickfish", + expectStatus: http.StatusBadRequest, + expectBody: "varint not minimally encoded", + }, { name: "streaming GET /multihash/subtree with invalid multihash is 400", onAcceptHeader: "application/x-ndjson", @@ -177,6 +207,14 @@ func TestNewServeMux(t *testing.T) { expectStatus: http.StatusBadRequest, expectBody: "input isn't valid multihash", }, + { + name: "streaming GET /encrypted/multihash/subtree with invalid multihash is 400", + onAcceptHeader: "application/x-ndjson", + onMethod: http.MethodGet, + onTarget: "/encrypted/multihash/Qmackerel", + expectStatus: http.StatusBadRequest, + expectBody: "input isn't valid multihash", + }, { name: "streaming GET /multihash/subtree with valid non-dbl-sha2-256 multihash is 400", onAcceptHeader: "application/x-ndjson", @@ -194,14 +232,14 @@ func TestNewServeMux(t *testing.T) { dhfind: true, }, { - name: "streaming GET /multihash/subtree with valid absent dbl-sha2-256 multihash is 404", + name: "streaming GET /encrypted/multihash/subtree with valid absent dbl-sha2-256 multihash is 404", onAcceptHeader: "application/x-ndjson", onMethod: http.MethodGet, - onTarget: "/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", + onTarget: "/encrypted/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", expectStatus: http.StatusNotFound, }, { - name: "streaming GET /multihash/subtree with valid present dbl-sha2-256 multihash is 200", + name: "streaming GET /encrypted/multihash/subtree with valid present dbl-sha2-256 multihash is 200", onAcceptHeader: "application/x-ndjson", onStore: func(t *testing.T, store dhstore.DHStore) { mh, err := multihash.FromB58String("2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82") @@ -213,7 +251,7 @@ func TestNewServeMux(t *testing.T) { })) }, onMethod: http.MethodGet, - onTarget: "/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", + onTarget: "/encrypted/multihash/2wvdp9y1J63yDvaPawP4kUjXezRLcu9x9u2DAB154dwai82", expectStatus: http.StatusOK, expectBody: `{"EncryptedValueKey":"ZmlzaA=="} {"EncryptedValueKey":"bG9ic3Rlcg=="}