julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

spindle: rework ownership state

ownership is reset upon boot based on config.


Signed-off-by: oppiliappan <me@oppi.li>

oppi.li fce55b57 2975e4bd

verified
options
unified split
Changed files
+28 -10
appview
state
spindlestream.go
nix
vm.nix
spindle
server.go
+4 -1
appview/state/spindlestream.go 
···

       
20

       
20

       
 

       
)


     

       
21

       
21

       
 

       



     

       
22

       
22

       
 

       
func Spindlestream(ctx context.Context, c *config.Config, d *db.DB, enforcer *rbac.Enforcer) (*ec.Consumer, error) {


     

       
23

       

       
-

       
	spindles, err := db.GetSpindles(d)


     

       

       
23

       
+

       
	spindles, err := db.GetSpindles(


     

       

       
24

       
+

       
		d,


     

       

       
25

       
+

       
		db.FilterIsNot("verified", "null"),


     

       

       
26

       
+

       
	)


     

       
24

       
27

       
 

       
	if err != nil {


     

       
25

       
28

       
 

       
		return nil, err


     

       
26

       
29

       
 

       
	}
+1 -1
nix/vm.nix 
···

       
21

       
21

       
 

       
        g = config.services.tangled-knot.gitUser;


     

       
22

       
22

       
 

       
      in [


     

       
23

       
23

       
 

       
        "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first


     

       
24

       

       
-

       
        "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=7387221d57e64499b179a9dff19c5f1abf436470e2976d3585badddad5282970"


     

       

       
24

       
+

       
        "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=168c426fa6d9829fcbe85c96bdf144e800fb9737d6ca87f21acc543b1aa3e440"


     

       
25

       
25

       
 

       
      ];


     

       
26

       
26

       
 

       
      services.tangled-knot = {


     

       
27

       
27

       
 

       
        enable = true;
+23 -8
spindle/server.go 
···

       
218

       
218

       
 

       



     

       
219

       
219

       
 

       
func (s *Spindle) configureOwner() error {


     

       
220

       
220

       
 

       
	cfgOwner := s.cfg.Server.Owner


     

       
221

       

       
-

       
	serverOwner, err := s.e.GetUserByRole("server:owner", rbacDomain)


     

       

       
221

       
+

       



     

       

       
222

       
+

       
	existing, err := s.e.GetSpindleUsersByRole("server:owner", rbacDomain)


     

       
222

       
223

       
 

       
	if err != nil {


     

       
223

       

       
-

       
		return fmt.Errorf("failed to fetch server:owner: %w", err)


     

       

       
224

       
+

       
		return err


     

       
224

       
225

       
 

       
	}


     

       
225

       
226

       
 

       



     

       
226

       

       
-

       
	if len(serverOwner) == 0 {


     

       
227

       

       
-

       
		s.e.AddKnotOwner(rbacDomain, cfgOwner)


     

       
228

       

       
-

       
	} else {


     

       
229

       

       
-

       
		if serverOwner[0] != cfgOwner {


     

       
230

       

       
-

       
			return fmt.Errorf("server owner mismatch: %s != %s", cfgOwner, serverOwner[0])


     

       

       
227

       
+

       
	switch len(existing) {


     

       

       
228

       
+

       
	case 0:


     

       

       
229

       
+

       
		// no owner configured, continue


     

       

       
230

       
+

       
	case 1:


     

       

       
231

       
+

       
		// find existing owner


     

       

       
232

       
+

       
		existingOwner := existing[0]


     

       

       
233

       
+

       



     

       

       
234

       
+

       
		// no ownership change, this is okay


     

       

       
235

       
+

       
		if existingOwner == s.cfg.Server.Owner {


     

       

       
236

       
+

       
			break


     

       

       
237

       
+

       
		}


     

       

       
238

       
+

       



     

       

       
239

       
+

       
		// remove existing owner


     

       

       
240

       
+

       
		err = s.e.RemoveSpindleOwner(rbacDomain, existingOwner)


     

       

       
241

       
+

       
		if err != nil {


     

       

       
242

       
+

       
			return nil


     

       
231

       
243

       
 

       
		}


     

       

       
244

       
+

       
	default:


     

       

       
245

       
+

       
		return fmt.Errorf("more than one owner in DB, try deleting %q and starting over", s.cfg.Server.DBPath)


     

       
232

       
246

       
 

       
	}


     

       
233

       

       
-

       
	return nil


     

       

       
247

       
+

       



     

       

       
248

       
+

       
	return s.e.AddSpindleOwner(rbacDomain, cfgOwner)


     

       
234

       
249

       
 

       
}