37b3416a41
It's now possible for activities we be attributed to actors that have more than one key. We allow up to 2 keys. We also store in the DB. Scaling to support any number of keys is trivial, but I'm limiting to 2 to avoid potential trouble and because 2 is the actual number we need. By having 2 keys, and replacing only one of them in each rotation, we avoid race conditions. With 1 key, the following can happen: 1. We send an activity to another server 2. We rotate our key 3. The server reaches the activity in its processing queue, tries to verify our request signature, but fails because it can't fetch the key. It's the old key and we discarded it already, replaced it with the new one When we use 2 keys, the previous key remains available and other servers have time to finish processing our requests signed with that key. We can safely rotate, without worrying about whether the user sent anything right before the rotation time. Caveat: With this feature, we allow OTHER servers to rotate freely. It's safe because it's optional, but it's just Vervis right now. Once Vervis itself starts using 2 keys, it will be able to rotate freely without race condition risk, but probably Mastodon etc. won't accept its signatures because of the use of 2 keys and because they're server-scope keys. Maybe I can get these features adopted by the fediverse?
230 lines
4.9 KiB
Text
230 lines
4.9 KiB
Text
-- This file is part of Vervis.
|
|
--
|
|
-- Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.
|
|
--
|
|
-- ♡ Copying is an act of love. Please copy, reuse and share.
|
|
--
|
|
-- The author(s) have dedicated all copyright and related and neighboring
|
|
-- rights to this software to the public domain worldwide. This software is
|
|
-- distributed without any warranty.
|
|
--
|
|
-- You should have received a copy of the CC0 Public Domain Dedication along
|
|
-- with this software. If not, see
|
|
-- <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
|
|
-------------------------------------------------------------------------------
|
|
-- People
|
|
-------------------------------------------------------------------------------
|
|
|
|
Sharer
|
|
ident ShrIdent
|
|
name Text Maybe
|
|
created UTCTime
|
|
|
|
UniqueSharer ident
|
|
|
|
Person
|
|
ident SharerId
|
|
login Text
|
|
passphraseHash ByteString
|
|
email EmailAddress
|
|
verified Bool
|
|
verifiedKey Text
|
|
verifiedKeyCreated UTCTime
|
|
resetPassKey Text
|
|
resetPassKeyCreated UTCTime
|
|
about Text
|
|
|
|
UniquePersonIdent ident
|
|
UniquePersonLogin login
|
|
UniquePersonEmail email
|
|
|
|
VerifKey
|
|
ident URI
|
|
public PublicKey
|
|
sharer RemoteSharerId
|
|
|
|
UniqueVerifKey ident
|
|
|
|
RemoteSharer
|
|
ident URI
|
|
|
|
UniqueRemoteSharer ident
|
|
|
|
SshKey
|
|
ident KyIdent
|
|
person PersonId
|
|
algo ByteString
|
|
content ByteString
|
|
|
|
UniqueSshKey person ident
|
|
|
|
Group
|
|
ident SharerId
|
|
|
|
UniqueGroup ident
|
|
|
|
GroupMember
|
|
person PersonId
|
|
group GroupId
|
|
role GroupRole
|
|
joined UTCTime
|
|
|
|
UniqueGroupMember person group
|
|
|
|
RepoCollab
|
|
repo RepoId
|
|
person PersonId
|
|
role ProjectRoleId Maybe
|
|
|
|
UniqueRepoCollab repo person
|
|
|
|
ProjectRole
|
|
ident RlIdent
|
|
sharer SharerId
|
|
desc Text
|
|
|
|
UniqueProjectRole sharer ident
|
|
|
|
ProjectRoleInherit
|
|
parent ProjectRoleId
|
|
child ProjectRoleId
|
|
|
|
UniqueProjectRoleInherit parent child
|
|
|
|
ProjectAccess
|
|
role ProjectRoleId
|
|
op ProjectOperation
|
|
|
|
UniqueProjectAccess role op
|
|
|
|
ProjectCollab
|
|
project ProjectId
|
|
person PersonId
|
|
role ProjectRoleId Maybe
|
|
|
|
UniqueProjectCollab project person
|
|
|
|
-------------------------------------------------------------------------------
|
|
-- Projects
|
|
-------------------------------------------------------------------------------
|
|
|
|
Project
|
|
ident PrjIdent
|
|
sharer SharerId
|
|
name Text Maybe
|
|
desc Text Maybe
|
|
workflow WorkflowId
|
|
nextTicket Int
|
|
wiki RepoId Maybe
|
|
collabUser ProjectRoleId Maybe
|
|
collabAnon ProjectRoleId Maybe
|
|
|
|
UniqueProject ident sharer
|
|
|
|
Repo
|
|
ident RpIdent
|
|
sharer SharerId
|
|
vcs VersionControlSystem
|
|
project ProjectId Maybe
|
|
desc Text Maybe
|
|
mainBranch Text
|
|
collabUser ProjectRoleId Maybe
|
|
collabAnon ProjectRoleId Maybe
|
|
|
|
UniqueRepo ident sharer
|
|
|
|
Workflow
|
|
sharer SharerId
|
|
ident WflIdent
|
|
name Text Maybe
|
|
desc Text Maybe
|
|
scope WorkflowScope
|
|
|
|
UniqueWorkflow sharer ident
|
|
|
|
WorkflowField
|
|
workflow WorkflowId
|
|
ident FldIdent
|
|
name Text
|
|
desc Text Maybe
|
|
type WorkflowFieldType
|
|
enm WorkflowFieldEnumId Maybe
|
|
required Bool
|
|
constant Bool
|
|
filterNew Bool
|
|
filterTodo Bool
|
|
filterClosed Bool
|
|
|
|
UniqueWorkflowField workflow ident
|
|
|
|
WorkflowFieldEnum
|
|
workflow WorkflowId
|
|
ident EnmIdent
|
|
name Text
|
|
desc Text Maybe
|
|
|
|
UniqueWorkflowFieldEnum workflow ident
|
|
|
|
WorkflowFieldEnumCtor
|
|
enum WorkflowFieldEnumId
|
|
name Text
|
|
desc Text Maybe
|
|
|
|
UniqueWorkflowFieldEnumCtor enum name
|
|
|
|
TicketParamText
|
|
ticket TicketId
|
|
field WorkflowFieldId
|
|
value Text
|
|
|
|
UniqueTicketParamText ticket field
|
|
|
|
TicketParamEnum
|
|
ticket TicketId
|
|
field WorkflowFieldId
|
|
value WorkflowFieldEnumCtorId
|
|
|
|
UniqueTicketParamEnum ticket field value
|
|
|
|
Ticket
|
|
project ProjectId
|
|
number Int
|
|
created UTCTime
|
|
creator PersonId
|
|
title Text
|
|
desc Text -- Assume this is Pandoc Markdown
|
|
assignee PersonId Maybe
|
|
status TicketStatus
|
|
closed UTCTime
|
|
closer PersonId
|
|
discuss DiscussionId
|
|
|
|
UniqueTicket project number
|
|
|
|
TicketDependency
|
|
parent TicketId
|
|
child TicketId
|
|
|
|
UniqueTicketDependency parent child
|
|
|
|
TicketClaimRequest
|
|
person PersonId
|
|
ticket TicketId
|
|
message Text -- Assume this is Pandoc Markdown
|
|
created UTCTime
|
|
|
|
UniqueTicketClaimRequest person ticket
|
|
|
|
Discussion
|
|
nextMessage Int
|
|
|
|
Message
|
|
author PersonId
|
|
created UTCTime
|
|
content Text -- Assume this is Pandoc Markdown
|
|
parent MessageId Maybe
|
|
root DiscussionId
|
|
number Int
|
|
|
|
UniqueMessage root number
|