-
Notifications
You must be signed in to change notification settings - Fork 387
/
revocation.go
75 lines (60 loc) · 1.84 KB
/
revocation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
package satellitedb
import (
"context"
"fmt"
"github.com/zeebo/errs"
"storj.io/common/lrucache"
"storj.io/storj/satellite/satellitedb/dbx"
)
type revocationDB struct {
db *satelliteDB
lru *lrucache.ExpiringLRU
methods dbx.Methods
}
// Revoke will revoke the supplied tail.
func (db *revocationDB) Revoke(ctx context.Context, tail []byte, apiKeyID []byte) error {
return errs.Wrap(db.methods.CreateNoReturn_Revocation(ctx, dbx.Revocation_Revoked(tail), dbx.Revocation_ApiKeyId(apiKeyID)))
}
// Check will check whether any of the supplied tails have been revoked.
func (db *revocationDB) Check(ctx context.Context, tails [][]byte) (bool, error) {
numTails := len(tails)
if numTails == 0 {
return false, errs.New("Empty list of tails")
}
// The finalTail is the last tail provided in the macaroon. We cache the
// revocation status of this final tail so that, if this macaroon is used
// again before the cache key expires, we do not have to check the database
// again.
finalTail := tails[numTails-1]
val, err := db.lru.Get(string(finalTail), func() (interface{}, error) {
const query = "SELECT EXISTS(SELECT 1 FROM revocations WHERE revoked IN (%s))"
var (
tailQuery, comma string
tailsForQuery = make([]interface{}, numTails)
revoked bool
)
for i, tail := range tails {
if i == 1 {
comma = ","
}
tailQuery += fmt.Sprintf("%s$%d", comma, i+1)
tailsForQuery[i] = tail
}
row := db.db.QueryRowContext(ctx, fmt.Sprintf(query, tailQuery), tailsForQuery...)
err := row.Scan(&revoked)
if err != nil {
return nil, err
}
return revoked, nil
})
if err != nil {
return false, errs.Wrap(err)
}
revoked, ok := val.(bool)
if !ok {
return false, errs.New("Revoked not a bool")
}
return revoked, nil
}