Make key storage limits configurable instead of hardcoding to 2

This commit is contained in:
fr33domlover 2019-02-24 01:35:07 +00:00
parent 17524b6ee1
commit 2e705b6868
3 changed files with 27 additions and 8 deletions

View file

@ -76,6 +76,9 @@ database:
database: "_env:PGDATABASE:vervis_dev" database: "_env:PGDATABASE:vervis_dev"
poolsize: "_env:PGPOOLSIZE:10" poolsize: "_env:PGPOOLSIZE:10"
max-instance-keys: 2
max-actor-keys: 2
############################################################################### ###############################################################################
# Version control repositories # Version control repositories
############################################################################### ###############################################################################

View file

@ -598,10 +598,14 @@ instanceAndActor host luActor luInbox = do
idAndNew (Right iid) = (iid, True) idAndNew (Right iid) = (iid, True)
actorRoom :: RemoteSharerId -> AppDB Bool actorRoom :: RemoteSharerId -> AppDB Bool
actorRoom rsid = actorRoom rsid = do
sumUpTo 2 mn <- getsYesod $ appMaxActorKeys . appSettings
(count [VerifKeySharedUsageUser ==. rsid]) case mn of
(count [VerifKeySharer ==. Just rsid]) Nothing -> pure True
Just n ->
sumUpTo n
(count [VerifKeySharedUsageUser ==. rsid])
(count [VerifKeySharer ==. Just rsid])
-- | Given a shared key we have in our DB, verify that the given actor lists -- | Given a shared key we have in our DB, verify that the given actor lists
-- this key, and update the DB accordingly. -- this key, and update the DB accordingly.
@ -805,10 +809,14 @@ instance YesodHttpSig App where
vkid <- insert $ VerifKey luKey iid mexpires key Nothing vkid <- insert $ VerifKey luKey iid mexpires key Nothing
insert_ $ VerifKeySharedUsage vkid rsid insert_ $ VerifKeySharedUsage vkid rsid
return $ Right () return $ Right ()
else return $ Left "We already store 2 keys" else return $ Left "We've reached key storage limit"
where where
instanceRoom iid = instanceRoom iid = do
(< 2) <$> count [VerifKeyInstance ==. iid, VerifKeySharer ==. Nothing] mn <- getsYesod $ appMaxInstanceKeys . appSettings
case mn of
Nothing -> pure True
Just n ->
(< n) <$> count [VerifKeyInstance ==. iid, VerifKeySharer ==. Nothing]
addPersonalKey host luInbox (VerifKeyDetail luKey key mexpires luActor _) = do addPersonalKey host luInbox (VerifKeyDetail luKey key mexpires luActor _) = do
(iid, rsid, inew) <- instanceAndActor host luActor luInbox (iid, rsid, inew) <- instanceAndActor host luActor luInbox
room <- room <-
@ -819,7 +827,7 @@ instance YesodHttpSig App where
then do then do
insert_ $ VerifKey luKey iid mexpires key (Just rsid) insert_ $ VerifKey luKey iid mexpires key (Just rsid)
return $ Right () return $ Right ()
else return $ Left "We already store 2 keys" else return $ Left "We've reached key storage limit"
updateVerifKey vkid vkd = updateVerifKey vkid vkd =
update vkid [VerifKeyExpires =. vkdExpires vkd, VerifKeyPublic =. vkdKey vkd] update vkid [VerifKeyExpires =. vkdExpires vkd, VerifKeyPublic =. vkdKey vkd]

View file

@ -50,6 +50,12 @@ data AppSettings = AppSettings
appStaticDir :: String appStaticDir :: String
-- | Configuration settings for accessing the database. -- | Configuration settings for accessing the database.
, appDatabaseConf :: PostgresConf , appDatabaseConf :: PostgresConf
-- | Maximal number of remote instance-scope keys to cache in our local
-- database per instance.
, appMaxInstanceKeys :: Maybe Int
-- | Maximal number of keys (personal keys or usage of shared keys) to
-- remember cached in our database per remote actor.
, appMaxActorKeys :: Maybe Int
-- | Base for all generated URLs. If @Nothing@, determined from the -- | Base for all generated URLs. If @Nothing@, determined from the
-- request headers. -- request headers.
, appRoot :: Maybe Text , appRoot :: Maybe Text
@ -119,6 +125,8 @@ instance FromJSON AppSettings where
#endif #endif
appStaticDir <- o .: "static-dir" appStaticDir <- o .: "static-dir"
appDatabaseConf <- o .: "database" appDatabaseConf <- o .: "database"
appMaxInstanceKeys <- o .:? "max-instance-keys"
appMaxActorKeys <- o .:? "max-actor-keys"
appRoot <- o .:? "approot" appRoot <- o .:? "approot"
appHost <- fromString <$> o .: "host" appHost <- fromString <$> o .: "host"
appPort <- o .: "http-port" appPort <- o .: "http-port"