Merge pull request #52 from berty/dev/moul/sqlcipher

Create sqlcipher library + gorm init

.circleci/config.yml

@@ -43,6 +43,11 @@ jobs:
             (cd core; make _ci_prepare)
             mkdir -p /tmp/test-results
             go get github.com/jstemmer/go-junit-report
+      - run:
+          name: install openssl 1.0.x
+          command: |
+            sudo apt-get update
+            sudo apt-get install libssl1.0-dev
       #- run:
       #    name: install core
       #    command: |

core/Makefile

@@ -4,13 +4,16 @@ CODE_PATHS = $(filter-out node_modules/,$(wildcard */))
 PROTOS = $(call rwildcard, $(CODE_PATHS), *.proto)
 GENERATED_FILES = $(patsubst %.proto,%.pb.go,$(PROTOS))
 PROTOC_OPTS = --proto_path=../vendor:../vendor/github.com/gogo/protobuf:.
+CGO_LDFLAGS ?= -L/usr/local/opt/openssl/lib
+CGO_CPPFLAGS ?= -I/usr/local/opt/openssl/include
+BUILD_ENV ?= CGO_LDFLAGS="$(CGO_LDFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)"
 
 .PHONY: all
 all: test
 
 .PHONY: test
 test: generate
-	go test -test.timeout 30s -v ./...
+	$(BUILD_ENV) go test -test.timeout 30s -v ./...
 
 %.pb.go: %.proto
 	protoc $(PROTOC_OPTS) --gofast_out=plugins=grpc:"$(GOPATH)/src" "$(dir $<)"/*.proto

core/sql/gorm.go

@@ -0,0 +1,38 @@
+package sql
+
+import (
+	"errors"
+
+	"github.com/go-gormigrate/gormigrate"
+	"github.com/jinzhu/gorm"
+
+	"github.com/berty/berty/core/api/entity"
+)
+
+// Init configures an active gorm connection
+func Init(db *gorm.DB) (*gorm.DB, error) {
+	db = db.Set("gorm:auto_preload", true)
+	db = db.Set("gorm:association_autoupdate", false)
+
+	// FIXME: configure zap logger
+	// FIXME: configure hard delete
+
+	m := gormigrate.New(db, gormigrate.DefaultOptions, []*gormigrate.Migration{
+		{
+			ID: "1",
+			Migrate: func(tx *gorm.DB) error {
+				return tx.AutoMigrate(
+					entity.Contact{},
+				).Error
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return errors.New("not implemented")
+			},
+		},
+	})
+	if err := m.Migrate(); err != nil {
+		return nil, err
+	}
+
+	return db, nil
+}

core/sql/gorm_test.go

@@ -0,0 +1,33 @@
+package sql
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/berty/berty/core/sql/sqlcipher"
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+func TestInit(t *testing.T) {
+	Convey("testing Init", t, func() {
+		tmpFile, err := ioutil.TempFile("", "sqlite")
+		So(err, ShouldBeNil)
+		defer os.Remove(tmpFile.Name())
+
+		// create a database
+		db, err := sqlcipher.Open(tmpFile.Name(), []byte(`s3cur3`))
+		So(err, ShouldBeNil)
+		So(db, ShouldNotBeNil)
+		defer db.Close()
+
+		// disable logger for the tests
+		db.LogMode(false)
+
+		// call init
+		db, err = Init(db)
+		So(err, ShouldBeNil)
+		So(db, ShouldNotBeNil)
+		So(db.HasTable("contacts"), ShouldBeTrue)
+	})
+}

core/sql/sqlcipher/sqlcipher.go

@@ -0,0 +1,38 @@
+package sqlcipher
+
+import (
+	"fmt"
+
+	"github.com/jinzhu/gorm"
+	"github.com/pkg/errors"
+	_ "github.com/xeodou/go-sqlcipher"
+)
+
+// Open initialize a new gorm db connection and configure sqlcipher key
+//
+// source can be
+//   - a string in the following form '/tmp/db'
+//   - a `*sql.DB` object
+// key is the private key used for encryption
+func Open(source interface{}, key []byte) (*gorm.DB, error) {
+	// initialize gorm database
+	db, err := gorm.Open("sqlite3", source)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to initialize a new gorm connection")
+	}
+
+	// disable logger to prevent printing warns that are already returned
+	db.LogMode(false)
+
+	// set encryption key
+	if err := db.Exec(fmt.Sprintf(`PRAGMA key = %q`, key)).Error; err != nil {
+		return nil, errors.Wrap(err, "failed to set sqlcipher key")
+	}
+
+	// verify encryption key
+	if err := db.Exec("SELECT 1 FROM sqlite_master").Error; err != nil {
+		return nil, errors.Wrap(err, "invalid sqlcipher encryption key")
+	}
+
+	return db, nil
+}

core/sql/sqlcipher/sqlcipher_test.go

@@ -0,0 +1,45 @@
+package sqlcipher
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+func TestOpen(t *testing.T) {
+	Convey("testing Open", t, func() {
+		tmpFile, err := ioutil.TempFile("", "sqlite")
+		So(err, ShouldBeNil)
+		defer os.Remove(tmpFile.Name())
+
+		// create a database
+		db, err := Open(tmpFile.Name(), []byte(`s3cur3`))
+		So(err, ShouldBeNil)
+		So(db, ShouldNotBeNil)
+		So(db.Exec("CREATE TABLE test (id int)").Error, ShouldBeNil)
+		So(db.Exec("SELECT * FROM test").Error, ShouldBeNil)
+		So(db.Close(), ShouldBeNil)
+
+		// reopen the database with the good key
+		db, err = Open(tmpFile.Name(), []byte(`s3cur3`))
+		So(err, ShouldBeNil)
+		So(db, ShouldNotBeNil)
+		So(db.Exec("SELECT * FROM test").Error, ShouldBeNil)
+		So(db.Close(), ShouldBeNil)
+
+		// reopen the database with an invalid key
+		db, err = Open(tmpFile.Name(), []byte(`invalid`))
+		So(err, ShouldNotBeNil)
+		So(err.Error(), ShouldEqual, "invalid sqlcipher encryption key: file is encrypted or is not a database")
+		So(db, ShouldBeNil)
+
+		// reopen the database with the good key
+		db, err = Open(tmpFile.Name(), []byte(`s3cur3`))
+		So(err, ShouldBeNil)
+		So(db, ShouldNotBeNil)
+		So(db.Exec("SELECT * FROM test").Error, ShouldBeNil)
+		So(db.Close(), ShouldBeNil)
+	})
+}