···
"tangled.sh/tangled.sh/core/api/tangled"
"tangled.sh/tangled.sh/core/appview/config"
"tangled.sh/tangled.sh/core/appview/db"
17
-
"tangled.sh/tangled.sh/core/appview/spindleverify"
17
+
"tangled.sh/tangled.sh/core/appview/serververify"
"tangled.sh/tangled.sh/core/idresolver"
"tangled.sh/tangled.sh/core/rbac"
···
err = i.ingestSpindleMember(e)
case tangled.SpindleNSID:
67
+
case tangled.KnotMemberNSID:
68
+
err = i.ingestKnotMember(e)
69
+
case tangled.KnotNSID:
70
+
err = i.ingestKnot(e)
···
478
-
err = spindleverify.RunVerification(context.Background(), instance, did, i.Config.Core.Dev)
482
+
err = serververify.RunVerification(context.Background(), instance, did, i.Config.Core.Dev)
l.Error("failed to add spindle to db", "err", err, "instance", instance)
484
-
_, err = spindleverify.MarkVerified(ddb, i.Enforcer, instance, did)
488
+
_, err = serververify.MarkSpindleVerified(ddb, i.Enforcer, instance, did)
return fmt.Errorf("failed to mark verified: %w", err)
···
617
+
func (i *Ingester) ingestKnotMember(e *models.Event) error {
621
+
l := i.Logger.With("handler", "ingestKnotMember")
622
+
l = l.With("nsid", e.Commit.Collection)
624
+
switch e.Commit.Operation {
625
+
case models.CommitOperationCreate:
626
+
raw := json.RawMessage(e.Commit.Record)
627
+
record := tangled.KnotMember{}
628
+
err = json.Unmarshal(raw, &record)
630
+
l.Error("invalid record", "err", err)
634
+
// only knot owner can invite to knots
635
+
ok, err := i.Enforcer.IsKnotInviteAllowed(did, record.Domain)
636
+
if err != nil || !ok {
637
+
return fmt.Errorf("failed to enforce permissions: %w", err)
640
+
memberId, err := i.IdResolver.ResolveIdent(context.Background(), record.Subject)
645
+
if memberId.Handle.IsInvalidHandle() {
649
+
err = i.Enforcer.AddKnotMember(record.Domain, memberId.DID.String())
651
+
return fmt.Errorf("failed to update ACLs: %w", err)
654
+
l.Info("added knot member")
655
+
case models.CommitOperationDelete:
656
+
// we don't store knot members in a table (like we do for spindle)
657
+
// and we can't remove this just yet. possibly fixed if we switch
659
+
// 1. a knot_members table like with spindle and store the rkey
660
+
// 2. use the knot host as the rkey
662
+
// TODO: implement member deletion
663
+
l.Info("skipping knot member delete", "did", did, "rkey", e.Commit.RKey)
669
+
func (i *Ingester) ingestKnot(e *models.Event) error {
673
+
l := i.Logger.With("handler", "ingestKnot")
674
+
l = l.With("nsid", e.Commit.Collection)
676
+
switch e.Commit.Operation {
677
+
case models.CommitOperationCreate:
678
+
raw := json.RawMessage(e.Commit.Record)
679
+
record := tangled.Knot{}
680
+
err = json.Unmarshal(raw, &record)
682
+
l.Error("invalid record", "err", err)
686
+
domain := e.Commit.RKey
688
+
ddb, ok := i.Db.Execer.(*db.DB)
690
+
return fmt.Errorf("failed to index profile record, invalid db cast")
693
+
err := db.AddKnot(ddb, domain, did)
695
+
l.Error("failed to add knot to db", "err", err, "domain", domain)
699
+
err = serververify.RunVerification(context.Background(), domain, did, i.Config.Core.Dev)
701
+
l.Error("failed to verify knot", "err", err, "domain", domain)
705
+
err = serververify.MarkKnotVerified(ddb, i.Enforcer, domain, did)
707
+
return fmt.Errorf("failed to mark verified: %w", err)
712
+
case models.CommitOperationDelete:
713
+
domain := e.Commit.RKey
715
+
ddb, ok := i.Db.Execer.(*db.DB)
717
+
return fmt.Errorf("failed to index profile record, invalid db cast")
720
+
// get record from db first
721
+
registration, err := db.RegistrationByDomain(ddb, domain)
723
+
return fmt.Errorf("failed to get registration: %w", err)
726
+
// only allow deletion by the owner
727
+
if registration.ByDid != did {
728
+
return fmt.Errorf("unauthorized deletion attempt")
731
+
tx, err := ddb.Begin()
737
+
i.Enforcer.E.LoadPolicy()
740
+
err = db.DeleteKnot(
742
+
db.FilterEq("did", did),
743
+
db.FilterEq("domain", domain),
749
+
if registration.Registered != nil {
750
+
err = i.Enforcer.RemoveKnot(domain)
761
+
err = i.Enforcer.E.SavePolicy()
kot.pink
anirudh.fi