user: Add cockroachdb interface implementation #856
Conversation
|
Tested with pi/cms modes and everything seems to be running smooth, no bugs testing all features from my end. Great PR! |
This commit adds a cockroachdb implementation of the user database interface. Some details about the implementation: - Data at rest is encrypted. A few public fields (ID, username, pubkeys) have been pulled out to allow them to be queryable. - politeawww_dbutil has been updated to support the cockroachdb implementation. Commands have been added for creating encryption keys and for migrating an existing user database from leveldb to cockroachdb. - The ability to rotate encryption keys has been added to politeiawww. - The user lookup by email function has been removed from the user database interface. Email is part of the encrypted user data blob and user lookups by email need to be completely phased out of politeiawww. **Further work that will be required** - Switch all user lookups by email in politeia to be user lookups by username or ID. The politeiawww userEmails cache can be removed once this is done. - Remove the politeiawww userPubkeys cache now that the pubkeys are queryable. I'll open issues for these once this PR gets merged.
| setting. To rotate keys, set `oldencryptionkey` to the existing key and set | ||
| `encryptionkey` to the new key. Starting politeiawww with both of these config | ||
| params set will kick off a key rotation. | ||
|
|
There was a problem hiding this comment.
Neat but does this re-encrypt the entire db? I ask because what happens if you do this twice?
There was a problem hiding this comment.
Yes, it will re-encrypt the entire db. If you do it twice, without changing the config params, it will throw a cannot decrypt error on the first user it tries to decrypt because the old key is no longer valid.
| @@ -827,7 +827,7 @@ func New(user, host, net, rootCert, cert, key string) (*cockroachdb, error) { | |||
| // names manually. | |||
| c.recordsdb.SingularTable(true) | |||
|
|
|||
| log.Infof("Cache host: %v", h) | |||
| log.Infof("Cache host : %v", h) | |||
There was a problem hiding this comment.
eew. Don't put a space before the :
| @@ -112,6 +112,7 @@ type politeiawww struct { | |||
| test bool | |||
|
|
|||
| // Following entries require locks | |||
| // XXX userPubkeys can be removed now that the userdb is queryable | |||
There was a problem hiding this comment.
we do want to remain compat with leveldb so while it can go away we may have to move this functionality into the db (e.g. make it queriable and maybe add an index)
politeiawww/user.go
Outdated
| @@ -29,10 +29,15 @@ const ( | |||
|
|
|||
| // Route to reset password at GUI | |||
| ResetPasswordGuiRoute = "/password" // XXX what is this doing here? | |||
|
|
|||
| emailRegex = "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@" + | |||
There was a problem hiding this comment.
This needs to use single quotes.
util/encrypt.go
Outdated
| } | ||
|
|
||
| // NewEncryptionKey creates and save a new encryption key at the provided | ||
| // filepath. |
util/encrypt.go
Outdated
| @@ -0,0 +1,92 @@ | |||
| // Copyright (c) 2017-2019 The Decred developers | |||
There was a problem hiding this comment.
Keys must always be pointers. You violate that rule in this file.
util/encrypt.go
Outdated
|
|
||
| // EncryptionKey wraps a 32 byte encryption key and the time when it | ||
| // was created. | ||
| type EncryptionKey struct { |
There was a problem hiding this comment.
This needs a version field.
util/encrypt.go
Outdated
|
|
||
| // Encrypt encrypts a byte slice with the provided version using the | ||
| // provided key. | ||
| func Encrypt(version uint32, key [32]byte, data []byte) ([]byte, error) { |
There was a problem hiding this comment.
Key must be a pointer. Alternatively, you could use a target instead of passing the key in.
|
PR is running smooth on my end for Pi and CMS as well! Only part I'm a tad confused about is the usage of localDB vs. levelDB inside of politeiawww_dbutil. I left an inline comment below for this |
util/encrypt.go
Outdated
| // EncryptionKey wraps a 32 byte encryption key. | ||
| type EncryptionKey struct { | ||
| Version uint `json:"version"` // Version of this struct | ||
| Key *[32]byte `json:"key"` // Key used for encryption |
There was a problem hiding this comment.
After rereading this, this file needs to go.
Hex encode the key on disk.
When you load it and convert it from hex into a [32]byte slice you return the address to the caller.
Zero out in between copies of the key.
Store key as a pointer in the calling context.
Closes #820.
This commit adds a cockroachdb implementation of the user database
interface. Some details about the implementation:
Data at rest is encrypted. A few public fields (ID, username,
pubkeys) have been pulled out to allow them to be queryable.
politeawww_dbutil has been updated to support the cockroachdb
implementation. Commands have been added for creating encryption
keys and for migrating an existing user database from leveldb to
cockroachdb.
The ability to rotate encryption keys has been added to politeiawww.
The user lookup by email function has been removed from the user
database implementation. Email is part of the encrypted user data blob
and user lookups by email need to be completely phased out of
politeiawww.
Further work that will be required
Switch all user lookups by email in politeia to be user lookups by
username or ID. The politeiawww userEmails cache can be removed once
this is done.
Remove the politeiawww userPubkeys cache now that the pubkeys are
queryable.
I'll open issues for these once this PR gets merged.