From 97e24d0d41bb743833e457de5ba49c5c233eb3b3 Mon Sep 17 00:00:00 2001 From: Ellie Huxtable Date: Fri, 14 Jul 2023 20:44:08 +0100 Subject: Add new sync (#1093) * Add record migration * Add database functions for inserting history No real tests yet :( I would like to avoid running postgres lol * Add index handler, use UUIDs not strings * Fix a bunch of tests, remove Option * Add tests, all passing * Working upload sync * Record downloading works * Sync download works * Don't waste requests * Use a page size for uploads, make it variable later * Aaaaaand they're encrypted now too * Add cek * Allow reading tail across hosts * Revert "Allow reading tail across hosts" Not like that This reverts commit 7b0c72e7e050c358172f9b53cbd21b9e44cf4931. * Handle multiple shards properly * format * Format and make clippy happy * use some fancy types (#1098) * use some fancy types * fmt * Goodbye horrible tuple * Update atuin-server-postgres/migrations/20230623070418_records.sql Co-authored-by: Conrad Ludgate * fmt * Sort tests too because time sucks * fix features --------- Co-authored-by: Conrad Ludgate --- atuin-client/src/record/encryption.rs | 65 +++++++++++++++++------------------ 1 file changed, 31 insertions(+), 34 deletions(-) (limited to 'atuin-client/src/record/encryption.rs') diff --git a/atuin-client/src/record/encryption.rs b/atuin-client/src/record/encryption.rs index f14bf027..6760d97b 100644 --- a/atuin-client/src/record/encryption.rs +++ b/atuin-client/src/record/encryption.rs @@ -1,4 +1,6 @@ -use atuin_common::record::{AdditionalData, DecryptedData, EncryptedData, Encryption}; +use atuin_common::record::{ + AdditionalData, DecryptedData, EncryptedData, Encryption, HostId, RecordId, +}; use base64::{engine::general_purpose, Engine}; use eyre::{ensure, Context, Result}; use rusty_paserk::{Key, KeyId, Local, PieWrappedKey}; @@ -158,10 +160,11 @@ struct AtuinFooter { // This cannot be changed, otherwise it breaks the authenticated encryption. #[derive(Debug, Copy, Clone, Serialize)] struct Assertions<'a> { - id: &'a str, + id: &'a RecordId, version: &'a str, tag: &'a str, - host: &'a str, + host: &'a HostId, + parent: Option<&'a RecordId>, } impl<'a> From> for Assertions<'a> { @@ -171,6 +174,7 @@ impl<'a> From> for Assertions<'a> { version: ad.version, tag: ad.tag, host: ad.host, + parent: ad.parent, } } } @@ -183,7 +187,7 @@ impl Assertions<'_> { #[cfg(test)] mod tests { - use atuin_common::record::Record; + use atuin_common::{record::Record, utils::uuid_v7}; use super::*; @@ -192,10 +196,11 @@ mod tests { let key = Key::::new_os_random(); let ad = AdditionalData { - id: "foo", + id: &RecordId(uuid_v7()), version: "v0", tag: "kv", - host: "1234", + host: &HostId(uuid_v7()), + parent: None, }; let data = DecryptedData(vec![1, 2, 3, 4]); @@ -210,10 +215,11 @@ mod tests { let key = Key::::new_os_random(); let ad = AdditionalData { - id: "foo", + id: &RecordId(uuid_v7()), version: "v0", tag: "kv", - host: "1234", + host: &HostId(uuid_v7()), + parent: None, }; let data = DecryptedData(vec![1, 2, 3, 4]); @@ -233,10 +239,11 @@ mod tests { let fake_key = Key::::new_os_random(); let ad = AdditionalData { - id: "foo", + id: &RecordId(uuid_v7()), version: "v0", tag: "kv", - host: "1234", + host: &HostId(uuid_v7()), + parent: None, }; let data = DecryptedData(vec![1, 2, 3, 4]); @@ -250,10 +257,11 @@ mod tests { let key = Key::::new_os_random(); let ad = AdditionalData { - id: "foo", + id: &RecordId(uuid_v7()), version: "v0", tag: "kv", - host: "1234", + host: &HostId(uuid_v7()), + parent: None, }; let data = DecryptedData(vec![1, 2, 3, 4]); @@ -261,10 +269,8 @@ mod tests { let encrypted = PASETO_V4::encrypt(data, ad, &key.to_bytes()); let ad = AdditionalData { - id: "foo1", - version: "v0", - tag: "kv", - host: "1234", + id: &RecordId(uuid_v7()), + ..ad }; let _ = PASETO_V4::decrypt(encrypted, ad, &key.to_bytes()).unwrap_err(); } @@ -275,10 +281,11 @@ mod tests { let key2 = Key::::new_os_random(); let ad = AdditionalData { - id: "foo", + id: &RecordId(uuid_v7()), version: "v0", tag: "kv", - host: "1234", + host: &HostId(uuid_v7()), + parent: None, }; let data = DecryptedData(vec![1, 2, 3, 4]); @@ -304,10 +311,10 @@ mod tests { fn full_record_round_trip() { let key = [0x55; 32]; let record = Record::builder() - .id("1".to_owned()) + .id(RecordId(uuid_v7())) .version("v0".to_owned()) .tag("kv".to_owned()) - .host("host1".to_owned()) + .host(HostId(uuid_v7())) .timestamp(1687244806000000) .data(DecryptedData(vec![1, 2, 3, 4])) .build(); @@ -316,30 +323,20 @@ mod tests { assert!(!encrypted.data.data.is_empty()); assert!(!encrypted.data.content_encryption_key.is_empty()); - assert_eq!(encrypted.id, "1"); - assert_eq!(encrypted.host, "host1"); - assert_eq!(encrypted.version, "v0"); - assert_eq!(encrypted.tag, "kv"); - assert_eq!(encrypted.timestamp, 1687244806000000); let decrypted = encrypted.decrypt::(&key).unwrap(); assert_eq!(decrypted.data.0, [1, 2, 3, 4]); - assert_eq!(decrypted.id, "1"); - assert_eq!(decrypted.host, "host1"); - assert_eq!(decrypted.version, "v0"); - assert_eq!(decrypted.tag, "kv"); - assert_eq!(decrypted.timestamp, 1687244806000000); } #[test] fn full_record_round_trip_fail() { let key = [0x55; 32]; let record = Record::builder() - .id("1".to_owned()) + .id(RecordId(uuid_v7())) .version("v0".to_owned()) .tag("kv".to_owned()) - .host("host1".to_owned()) + .host(HostId(uuid_v7())) .timestamp(1687244806000000) .data(DecryptedData(vec![1, 2, 3, 4])) .build(); @@ -347,13 +344,13 @@ mod tests { let encrypted = record.encrypt::(&key); let mut enc1 = encrypted.clone(); - enc1.host = "host2".to_owned(); + enc1.host = HostId(uuid_v7()); let _ = enc1 .decrypt::(&key) .expect_err("tampering with the host should result in auth failure"); let mut enc2 = encrypted; - enc2.id = "2".to_owned(); + enc2.id = RecordId(uuid_v7()); let _ = enc2 .decrypt::(&key) .expect_err("tampering with the id should result in auth failure"); -- cgit v1.3.1