service key server wip

data/database.py

@@ -1,20 +1,22 @@
-import string
-import logging
-import uuid
-import time
-import toposort
-import resumablehashlib
-import sys
 import inspect
+import logging
+import string
+import sys
+import time
+import uuid
 
-from random import SystemRandom
-from datetime import datetime
-from peewee import *
-from data.read_slave import ReadSlaveModel
-from data.fields import ResumableSHA256Field, ResumableSHA1Field, JSONField, Base64BinaryField
-from sqlalchemy.engine.url import make_url
 from collections import defaultdict
+from datetime import datetime
+from random import SystemRandom
 
+import resumablehashlib
+import toposort
+
+from peewee import *
+from sqlalchemy.engine.url import make_url
+
+from data.fields import ResumableSHA256Field, ResumableSHA1Field, JSONField, Base64BinaryField
+from data.read_slave import ReadSlaveModel
 from util.names import urn_generator
 
 
@@ -866,5 +868,22 @@ class TorrentInfo(BaseModel):
       (('storage', 'piece_length'), True),
     )
 
+
+_ServiceKeyApproverProxy = Proxy()
+class ServiceKeyApproval(BaseModel):
+  approver = ForeignKeyField(_ServiceKeyApproverProxy)
+  approval_type = CharField(index=True)
+  approved_date = DateTimeField(default=datetime.now)
+_ServiceKeyApproverProxy.initialize(User)
+
+
+class ServiceKey(BaseModel):
+  kid = CharField(unique=True, index=True)
+  service = CharField(index=True)
+  jwk = CharField(unique=True)
+  expiration_date = DateTimeField(null=True)
+  approval = ForeignKeyField(ServiceKeyApproval, index=True)
+
+
 is_model = lambda x: inspect.isclass(x) and issubclass(x, BaseModel) and x is not BaseModel
 all_models = [model[1] for model in inspect.getmembers(sys.modules[__name__], is_model)]

data/model/__init__.py

@@ -76,6 +76,10 @@ class InvalidManifestException(DataModelException):
   pass
 
 
+class ServiceKeyDoesNotExist(DataModelException):
+  pass
+
+
 class TooManyLoginAttemptsException(Exception):
   def __init__(self, message, retry_after):
     super(TooManyLoginAttemptsException, self).__init__(message)

data/model/service_keys.py

@@ -0,0 +1,44 @@
+from datetime import datetime
+
+from data.model import ServiceKeyDoesNotExist
+from data.database import ServiceKey
+
+def _gc_expired(service):
+  ServiceKey.delete().where(ServiceKey.service == service,
+                            ServiceKey.expiration_date <= datetime.now).execute()
+
+
+def upsert_service_key(kid, service, jwk, expiration_date):
+  _gc_expired(service)
+
+  try:
+    key = ServiceKey.select().where(ServiceKey.kid == kid).get()
+    key.service = service
+    key.jwk = jwk
+    key.expiration_date = expiration_date
+    key.save()
+  except ServiceKey.DoesNotExist:
+    ServiceKey.create(kid=kid, service=service, jwk=jwk, expiration_date=expiration_date)
+
+
+def get_service_keys(service, kid=None):
+  _gc_expired(service)
+
+  try:
+    query = ServiceKey.select().where(ServiceKey.service == service,
+                                      ~(ServiceKey.approval >> None))
+    if kid:
+      query.where(ServiceKey.kid == kid)
+    return query
+  except ServiceKey.DoesNotExist:
+    raise ServiceKeyDoesNotExist()
+
+
+def delete_service_key(service, kid):
+  _gc_expired(service)
+
+  try:
+    ServiceKey.delete().where(ServiceKey.service == service,
+                              ServiceKey.kid == kid).execute()
+  except ServiceKey.DoesNotExist:
+    raise ServiceKeyDoesNotExist()