Vervis/config/models
fr33domlover 37b3416a41 Support remote actors specifying 2 keys, and DB storage of these keys
It's now possible for activities we be attributed to actors that have more than
one key. We allow up to 2 keys. We also store in the DB. Scaling to support any
number of keys is trivial, but I'm limiting to 2 to avoid potential trouble and
because 2 is the actual number we need.

By having 2 keys, and replacing only one of them in each rotation, we avoid
race conditions. With 1 key, the following can happen:

1. We send an activity to another server
2. We rotate our key
3. The server reaches the activity in its processing queue, tries to verify our
   request signature, but fails because it can't fetch the key. It's the old
   key and we discarded it already, replaced it with the new one

When we use 2 keys, the previous key remains available and other servers have
time to finish processing our requests signed with that key. We can safely
rotate, without worrying about whether the user sent anything right before the
rotation time.

Caveat: With this feature, we allow OTHER servers to rotate freely. It's safe
because it's optional, but it's just Vervis right now. Once Vervis itself
starts using 2 keys, it will be able to rotate freely without race condition
risk, but probably Mastodon etc. won't accept its signatures because of the use
of 2 keys and because they're server-scope keys.

Maybe I can get these features adopted by the fediverse?
2019-02-04 19:38:50 +00:00

230 lines
4.9 KiB
Text

-- This file is part of Vervis.
--
-- Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.
--
-- ♡ Copying is an act of love. Please copy, reuse and share.
--
-- The author(s) have dedicated all copyright and related and neighboring
-- rights to this software to the public domain worldwide. This software is
-- distributed without any warranty.
--
-- You should have received a copy of the CC0 Public Domain Dedication along
-- with this software. If not, see
-- <http://creativecommons.org/publicdomain/zero/1.0/>.
-------------------------------------------------------------------------------
-- People
-------------------------------------------------------------------------------
Sharer
ident ShrIdent
name Text Maybe
created UTCTime
UniqueSharer ident
Person
ident SharerId
login Text
passphraseHash ByteString
email EmailAddress
verified Bool
verifiedKey Text
verifiedKeyCreated UTCTime
resetPassKey Text
resetPassKeyCreated UTCTime
about Text
UniquePersonIdent ident
UniquePersonLogin login
UniquePersonEmail email
VerifKey
ident URI
public PublicKey
sharer RemoteSharerId
UniqueVerifKey ident
RemoteSharer
ident URI
UniqueRemoteSharer ident
SshKey
ident KyIdent
person PersonId
algo ByteString
content ByteString
UniqueSshKey person ident
Group
ident SharerId
UniqueGroup ident
GroupMember
person PersonId
group GroupId
role GroupRole
joined UTCTime
UniqueGroupMember person group
RepoCollab
repo RepoId
person PersonId
role ProjectRoleId Maybe
UniqueRepoCollab repo person
ProjectRole
ident RlIdent
sharer SharerId
desc Text
UniqueProjectRole sharer ident
ProjectRoleInherit
parent ProjectRoleId
child ProjectRoleId
UniqueProjectRoleInherit parent child
ProjectAccess
role ProjectRoleId
op ProjectOperation
UniqueProjectAccess role op
ProjectCollab
project ProjectId
person PersonId
role ProjectRoleId Maybe
UniqueProjectCollab project person
-------------------------------------------------------------------------------
-- Projects
-------------------------------------------------------------------------------
Project
ident PrjIdent
sharer SharerId
name Text Maybe
desc Text Maybe
workflow WorkflowId
nextTicket Int
wiki RepoId Maybe
collabUser ProjectRoleId Maybe
collabAnon ProjectRoleId Maybe
UniqueProject ident sharer
Repo
ident RpIdent
sharer SharerId
vcs VersionControlSystem
project ProjectId Maybe
desc Text Maybe
mainBranch Text
collabUser ProjectRoleId Maybe
collabAnon ProjectRoleId Maybe
UniqueRepo ident sharer
Workflow
sharer SharerId
ident WflIdent
name Text Maybe
desc Text Maybe
scope WorkflowScope
UniqueWorkflow sharer ident
WorkflowField
workflow WorkflowId
ident FldIdent
name Text
desc Text Maybe
type WorkflowFieldType
enm WorkflowFieldEnumId Maybe
required Bool
constant Bool
filterNew Bool
filterTodo Bool
filterClosed Bool
UniqueWorkflowField workflow ident
WorkflowFieldEnum
workflow WorkflowId
ident EnmIdent
name Text
desc Text Maybe
UniqueWorkflowFieldEnum workflow ident
WorkflowFieldEnumCtor
enum WorkflowFieldEnumId
name Text
desc Text Maybe
UniqueWorkflowFieldEnumCtor enum name
TicketParamText
ticket TicketId
field WorkflowFieldId
value Text
UniqueTicketParamText ticket field
TicketParamEnum
ticket TicketId
field WorkflowFieldId
value WorkflowFieldEnumCtorId
UniqueTicketParamEnum ticket field value
Ticket
project ProjectId
number Int
created UTCTime
creator PersonId
title Text
desc Text -- Assume this is Pandoc Markdown
assignee PersonId Maybe
status TicketStatus
closed UTCTime
closer PersonId
discuss DiscussionId
UniqueTicket project number
TicketDependency
parent TicketId
child TicketId
UniqueTicketDependency parent child
TicketClaimRequest
person PersonId
ticket TicketId
message Text -- Assume this is Pandoc Markdown
created UTCTime
UniqueTicketClaimRequest person ticket
Discussion
nextMessage Int
Message
author PersonId
created UTCTime
content Text -- Assume this is Pandoc Markdown
parent MessageId Maybe
root DiscussionId
number Int
UniqueMessage root number