selfsdk 0.0.216 → 0.0.218

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2b598cf272958bc5ccdeb6e1ec1acfc4fff973b7989069654249f13cac7f7422
-  data.tar.gz: 3d08894ddb644c19bdb28b905569a64a84988980d5ab964008eba5b7e4479feb
+  metadata.gz: 6bff9337b676123f000fdea33206ecb138fff8656f2d77e182212334228d996e
+  data.tar.gz: e543e7a2040a6fcc218c4e187fd8304de0189e272e95926a35e438cfd13fe5e9
 SHA512:
-  metadata.gz: c24d8ed0c7f7f8fa97c061f39414e5634a09a5bdb65697fa5224086d86b044fa23789fd4f5b458072339eddd0aa2fe4bb3e474f853b1bc6d5526f43e247879b4
-  data.tar.gz: e803be8107ed18bb0f7750948a786dd303dbd478f3979a83fa870f55dc6bed243e89458d57ffd19f92c876c69629109d1af9b432dec8a6a23f7c0f4542b2be46
+  metadata.gz: 13edf88e46cc57be0503755f7b54cf080e261bad472ff2e8820277bdaea0ed1775f88f5fe46f407ddbf4df0d3b1f566c734e4d19a55cfb0a0ba4f6bc07d88cc3
+  data.tar.gz: e25a198896eca2e236c96405b143343323a35638b78b680ee8e96abdf426b10838d1c40786460decf44f856f03802c6e77857c10062fd1c62679a6bb288d95e7

data/lib/client.rb

@@ -99,7 +99,7 @@ module SelfSDK
           next if body[:error_id] == 'token_expired'
 
           break
-        rescue StandardError => e
+        rescue StandardError
           # retry if the server is down
         end
         sleep 2

data/lib/crypto.rb

@@ -1,37 +1,43 @@
 # Copyright 2020 Self Group Ltd. All Rights Reserved.
 
 require 'self_crypto'
+require_relative 'storage'
 
 module SelfSDK
   class Crypto
-    def initialize(client, device, storage_folder, storage_key)
+    def initialize(client, device, storage, storage_key)
       @client = client
       @device = device
       @storage_key = storage_key
-      @storage_folder = "#{storage_folder}/#{@client.jwt.key_id}"
       @lock_strategy = true
       @mode = "r+"
+      @storage = storage
+      @keys = {}
+      @mutex = Mutex.new
+
+      @storage.tx do
+        ::SelfSDK.logger.debug('Checking if account exists...')
+        if @storage.account_exists?
+          # 1a) if alice's account file exists load the pickle from the file
+          @account = SelfCrypto::Account.from_pickle(@storage.account_olm, @storage_key)
+        else
+          # 1b-i) if create a new account for alice if one doesn't exist already
+          @account = SelfCrypto::Account.from_seed(@client.jwt.key)
 
-      if File.exist?(account_path)
-        # 1a) if alice's account file exists load the pickle from the file
-        @account = SelfCrypto::Account.from_pickle(File.read(account_path), @storage_key)
-      else
-        # 1b-i) if create a new account for alice if one doesn't exist already
-        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
-
-        # 1b-ii) generate some keys for alice and publish them
-        @account.gen_otk(100)
+          # 1b-ii) generate some keys for alice and publish them
+          @account.gen_otk(100)
 
-        # 1b-iii) convert those keys to json
-        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+          # 1b-iii) convert those keys to json
+          @keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}
+          keys = @keys.to_json
 
-        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
-        res = @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
-        raise 'unable to push prekeys, please try in a few minutes' if res.code != 200
+          # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+          res = @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+          raise 'unable to push prekeys, please try in a few minutes' if res.code != 200
 
-        # 1b-v) store the account to a file
-        FileUtils.mkdir_p(@storage_folder)
-        File.write(account_path, @account.to_pickle(storage_key))
+          # 1b-v) store the account to a file
+          @storage.account_create(@account.to_pickle(@storage_key))
+        end
       end
     end
 
@@ -43,119 +49,79 @@ module SelfSDK
       gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
 
       sessions = {}
-      locks = {}
-      ::SelfSDK.logger.debug('- [crypto] managing sessions with all recipients')
-
-      recipients.each do |r|
-        f = nil
-        next if r[:id] == @client.jwt.id && r[:device_id] == @device
-
-        session_file_name = session_path(r[:id], r[:device_id])
-        session_with_bob = nil
-
-        begin
-          if File.exist?(session_file_name)
-            # Lock the session file
-            locks[session_file_name] = File.open(session_file_name, @mode)
-            locks[session_file_name].flock(File::LOCK_EX)
-          end
-          session_with_bob = get_outbound_session_with_bob(locks[session_file_name], r[:id], r[:device_id])
+      ct = ""
+      tx do
+        gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+        recipients.each do |r|
+          sid = @storage.sid(r[:id], r[:device_id])
+          next if sid == @storage.app_id
+
+          session_with_bob = get_outbound_session_with_bob(@storage.session_get_olm(sid), r[:id], r[:device_id])
+          ::SelfSDK.logger.debug("- [crypto]   adding group participant #{r[:id]}:#{r[:device_id]}")
+          gs.add_participant("#{r[:id]}:#{r[:device_id]}", session_with_bob)
+          sessions[sid] = session_with_bob
         rescue => e
           ::SelfSDK.logger.warn("- [crypto]   there is a problem adding group participant #{r[:id]}:#{r[:device_id]}, skipping...")
           ::SelfSDK.logger.warn("- [crypto] #{e}")
           next
         end
 
-        ::SelfSDK.logger.debug("- [crypto]   adding group participant #{r[:id]}:#{r[:device_id]}")
-        gs.add_participant("#{r[:id]}:#{r[:device_id]}", session_with_bob)
-        sessions[session_file_name] = session_with_bob
-      end
-
-      # 5) encrypt a message
-      ::SelfSDK.logger.debug("- [crypto] group encrypting message")
-      ct = gs.encrypt(message).to_s
+        # 5) encrypt a message
+        ::SelfSDK.logger.debug("- [crypto] group encrypting message")
+        ct = gs.encrypt(message).to_s
 
-      # 6) store the session to a file
-      ::SelfSDK.logger.debug("- [crypto] storing sessions")
-      sessions.each do |session_file_name, session_with_bob|
-        pickle = session_with_bob.to_pickle(@storage_key)
-        if locks[session_file_name]
-          locks[session_file_name].rewind
-          locks[session_file_name].write(pickle)
-          locks[session_file_name].truncate(locks[session_file_name].pos)
-        else
-          File.write(session_file_name, pickle)
+        # 6) store the session to a file
+        ::SelfSDK.logger.debug("- [crypto] storing sessions")
+        sessions.each do |sid, session_with_bob|
+          pickle = session_with_bob.to_pickle(@storage_key)
+          @storage.session_update(sid, pickle)
         end
       end
-
       ct
-    ensure
-      locks.each do |session_file_name, lock|
-        # Unlock the file
-        if lock
-          lock.flock(File::LOCK_UN)
-        end
-      end
     end
 
-    def decrypt(message, sender, sender_device)
-      f = nil
-      ::SelfSDK.logger.debug("- [crypto] decrypting a message")
-      session_file_name = session_path(sender, sender_device)
+    def decrypt(message, sender, sender_device, offset)
+      ::SelfSDK.logger.debug("- [crypto] decrypting a message #{message}")
+      sid = @storage.sid(sender, sender_device)
 
-      if File.exist?(session_file_name)
-        # Lock the session file
-        f = File.open(session_file_name, @mode)
-        f.flock(File::LOCK_EX)
-      end
-
-      ::SelfSDK.logger.debug("- [crypto] loading sessions")
-      session_with_bob = get_inbound_session_with_bob(f, message)
+      pt = ""
+      tx do
+        ::SelfSDK.logger.debug("- [crypto] loading sessions for #{sid}")
+        ::SelfSDK.logger.debug("- [crypto] #{@account.one_time_keys["curve25519"]}")
+        session_with_bob = get_inbound_session_with_bob(@storage.session_get_olm(sid), message)
 
-      # 8) create a group session and set the identity of the account you're using
-      ::SelfSDK.logger.debug("- [crypto] create a group session and set the identity of the account #{@client.jwt.id}:#{@device}")
-      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+        # 8) create a group session and set the identity of the account you're using
+        ::SelfSDK.logger.debug("- [crypto] create a group session and set the identity of the account #{@client.jwt.id}:#{@device}")
+        gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
 
-      # 9) add all recipients and their sessions
-      ::SelfSDK.logger.debug("- [crypto] add all recipients and their sessions #{@sender}:#{@sender_device}")
-      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+        # 9) add all recipients and their sessions
+        ::SelfSDK.logger.debug("- [crypto] add all recipients and their sessions #{sender}:#{sender_device}")
+        gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
 
-      # 10) decrypt the message ciphertext
-      ::SelfSDK.logger.debug("- [crypto] decrypt the message ciphertext")
-      pt = gs.decrypt("#{sender}:#{sender_device}", message).to_s
+        # 10) decrypt the message ciphertext
+        ::SelfSDK.logger.debug("- [crypto] decrypt the message ciphertext")
+        pt = gs.decrypt("#{sender}:#{sender_device}", message).to_s
 
-      # 11) store the session to a file
-      ::SelfSDK.logger.debug("- [crypto] store the session to a file")
+        # 11) store the session to a file
+        ::SelfSDK.logger.debug("- [crypto] store the session to a file")
 
-      pickle = session_with_bob.to_pickle(@storage_key)
-      if !f.nil?
-        f.rewind
-        f.write(pickle)
-        f.truncate(f.pos)
-      else
-        File.write(session_file_name, pickle)
+        pickle = session_with_bob.to_pickle(@storage_key)
+        @storage.session_update(sid, pickle)
+        @storage.account_set_offset(offset)
       end
-
       pt
-    ensure
-      # Unlock the session file
-      f&.flock(File::LOCK_UN)
-      f&.close
+    rescue => e
+      ::SelfSDK.logger.debug("- [crypto] ERROR DECRYPTING: original message:  #{message}")
+      ::SelfSDK.logger.debug("- [crypto] ERROR DECRYPTING: exception message: #{e.message}")
+      ::SelfSDK.logger.debug("- [crypto] ERROR DECRYPTING: exception backtrace: #{e.backtrace}")
+      @storage.account_set_offset(offset)
+      pt
     end
 
     private
 
-    def account_path
-      "#{@storage_folder}/account.pickle"
-    end
-
-    def session_path(selfid, device)
-      "#{@storage_folder}/#{selfid}:#{device}-session.pickle"
-    end
-
-    def get_outbound_session_with_bob(f, recipient, recipient_device)
-      if !f.nil?
-        pickle = f.read
+    def get_outbound_session_with_bob(pickle, recipient, recipient_device)
+      if !pickle.nil?
         # 2a) if bob's session file exists load the pickle from the file
         session_with_bob = SelfCrypto::Session.from_pickle(pickle, @storage_key)
       else
@@ -184,18 +150,24 @@ module SelfSDK
       session_with_bob
     end
 
-    def get_inbound_session_with_bob(f, message)
-      if !f.nil?
-        pickle = f.read
+    def get_inbound_session_with_bob(pickle, message)
+      if !pickle.nil?
         # 7a) if carol's session file exists load the pickle from the file
         session_with_bob = SelfCrypto::Session.from_pickle(pickle, @storage_key)
       end
 
+      ::SelfSDK.logger.debug("- [crypto] pickle nil? #{pickle.nil?}")
+      ::SelfSDK.logger.debug("- [crypto] getting one time message for #{@client.jwt.id}:#{@device}")
+
       # 7b-i) if you have not previously sent or received a message to/from bob,
       #       you should extract the initial message from the group message intended
       #       for your account id.
       m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
 
+      ::SelfSDK.logger.debug("- [crypto] one time message #{m}")
+      ::SelfSDK.logger.debug("- [crypto] session is nil? #{session_with_bob.nil?}")
+      ::SelfSDK.logger.debug("- [crypto] is prekey message? #{m.instance_of?(SelfCrypto::PreKeyMessage)}")
+
       # if there is no session, create one
       # if there is an existing session and we are sent a one time key message, check
       # if it belongs to this current session and create a new inbound session if it doesn't
@@ -204,6 +176,7 @@ module SelfSDK
         session_with_bob = @account.inbound_session(m)
 
         # 7b-iii) remove the session's prekey from the account
+        ::SelfSDK.logger.debug "- [crypto] removing one time keys for bob #{session_with_bob}"
         @account.remove_one_time_keys(session_with_bob)
 
         current_one_time_keys = @account.otk['curve25519']
@@ -221,12 +194,20 @@ module SelfSDK
           res = @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys.to_json)
           raise 'unable to push prekeys, please try in a few minutes' if res.code != 200
         end
-
-        File.write(account_path, @account.to_pickle(@storage_key))
+        ::SelfSDK.logger.debug "- [crypto] updating account with removed keys"
+        @storage.account_update(@account.to_pickle(@storage_key))
       end
 
       session_with_bob
     end
 
+    def tx
+      @mutex.lock
+      @storage.tx do
+        yield
+      end
+    ensure
+      @mutex.unlock
+    end
   end
 end

data/lib/messages/message.rb

@@ -31,7 +31,7 @@ module SelfSDK
              else
                 envelope = input
                 issuer = input.sender.split(":")
-                messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
+                messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last, input.offset)
              end
 
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb

@@ -13,6 +13,7 @@ require_relative 'messages/message'
 module SelfSDK
   class WebsocketClient
     ON_DEMAND_CLOSE_CODE=3999
+    CONNECTION_SUPERCEDED=1011
 
     attr_accessor :ws
 
@@ -42,7 +43,7 @@ module SelfSDK
       @ws.on :close do |event|
         SelfSDK.logger.debug "connection closed detected : #{event.code} #{event.reason}"
 
-        if event.code != ON_DEMAND_CLOSE_CODE
+        if not [ON_DEMAND_CLOSE_CODE, CONNECTION_SUPERCEDED].include? event.code
           raise StandardError('websocket connection closed') if !@auto_reconnect
 
           if !@reconnection_delay.nil?
@@ -59,6 +60,7 @@ module SelfSDK
 
     # Sends a closing message to the websocket client.
     def close
+      SelfSDK.logger.debug "connection closed by the client"
       @ws.close(ON_DEMAND_CLOSE_CODE, "connection closed by the client")
     end
 
@@ -80,7 +82,6 @@ module SelfSDK
   class MessagingClient
     DEFAULT_DEVICE="1"
     DEFAULT_AUTO_RECONNECT=true
-    DEFAULT_STORAGE_DIR="./.self_storage"
 
     PRIORITIES = { 
       'chat.invite':                 SelfSDK::Messages::PRIORITY_VISIBLE,
@@ -104,12 +105,12 @@ module SelfSDK
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
-    # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @option opts [string] :storage  the library used to persist session data.
     # @params storage_key [String] seed to encrypt messaging
     # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, storage_key, options = {})
+    def initialize(url, client, storage_key, storage, options = {})
       @mon = Monitor.new
       @messages = {}
       @acks = {}
@@ -121,18 +122,13 @@ module SelfSDK
       @timeout = 120 # seconds
       @auth_id = SecureRandom.uuid
       @device_id = options.fetch(:device_id, DEFAULT_DEVICE)
-      @raw_storage_dir = options.fetch(:storage_dir, DEFAULT_STORAGE_DIR)
-      @storage_dir = "#{@raw_storage_dir}/apps/#{@jwt.id}/devices/#{@device_id}"
-      FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
-      @offset_file = "#{@storage_dir}/#{@jwt.id}:#{@device_id}.offset"
-      @offset = read_offset
       @source = SelfSDK::Sources.new("#{__dir__}/sources.json")
+      @storage = storage
 
       unless options.include? :no_crypto
-        crypto_path = "#{@storage_dir}/keys"
-        FileUtils.mkdir_p crypto_path unless File.exist? crypto_path
-        @encryption_client = Crypto.new(@client, @device_id, crypto_path, storage_key)
+        @encryption_client = Crypto.new(@client, @device_id, @storage, storage_key)
       end
+      @offset = @storage.account_offset
 
       @ws = if options.include? :ws
               options[:ws]
@@ -246,17 +242,6 @@ module SelfSDK
       end
     end
 
-    # Sends a command to list ACL rules.
-    def list_acl_rules
-      wait_for 'acl_list' do
-        a = SelfMsg::Acl.new
-        a.id = SecureRandom.uuid
-        a.command = SelfMsg::AclCommandLIST
-
-        @ws.send a
-      end
-    end
-
     # Sends a message and waits for the response
     #
     # @params msg [SelfMsg::Message] message object to be sent
@@ -363,7 +348,7 @@ module SelfSDK
 
       SelfSDK.logger.debug " - notifying by type"
       SelfSDK.logger.debug " - #{message.typ}"
-      SelfSDK.logger.debug " - #{message}"
+      SelfSDK.logger.debug " - #{message.payload}"
       SelfSDK.logger.debug " - #{@type_observer.keys.join(',')}"
 
       # Return if there is no observer setup for this kind of message
@@ -382,12 +367,12 @@ module SelfSDK
 
     def subscribe(type, &block)
       type = @source.message_type(type) if type.is_a? Symbol
+      SelfSDK.logger.debug "Subscribing to messages by type: #{type}"
       @type_observer[type] = { block: block }
     end
 
     private
 
-
     # Cleans expired messages
     def clean_timeouts
       clean_observers
@@ -413,7 +398,6 @@ module SelfSDK
       @ws.start
     end
 
-
     # Process an event when it arrives through the websocket connection.
     def on_message(event)
       data = event.data.pack('c*')
@@ -438,29 +422,13 @@ module SelfSDK
         @messages[hdr.id][:response] = {error: e.error}
         mark_as_acknowledged(hdr.id)
         mark_as_arrived(hdr.id)
-      when SelfMsg::MsgTypeACL
-        SelfSDK.logger.debug "#{hdr.id} ACL received"
-        a = SelfMsg::Acl.new(data: data)
-        process_incomming_acl a
       end
     rescue TypeError
       SelfSDK.logger.debug "invalid array message"
     end
 
-    def process_incomming_acl(input)
-      list = JSON.parse(input.payload)
-
-      @messages['acl_list'][:response] = list
-      mark_as_arrived 'acl_list'
-    rescue StandardError => e
-      p "Error processing incoming ACL #{input.id} #{input.payload}"
-      SelfSDK.logger.debug e
-      SelfSDK.logger.debug e.backtrace
-      nil
-    end
-
     def process_incomming_message(input)
-      message = parse_and_write_offset(input)
+      message = parse(input)
 
       if @messages.include? message.id
         message.validate! @messages[message.id][:original_message]
@@ -479,21 +447,17 @@ module SelfSDK
       nil
     end
 
-    def parse_and_write_offset(input)
+    def parse(input)
       msg = SelfSDK::Messages.parse(input, self)
-      write_offset(input.offset)
-      # Avoid catching any other decryption errors.
       msg
-    rescue SelfSDK::Messages::UnmappedMessage => e
-      # this is an ummapped message, let's ignore it but write the offset.
-      write_offset(input.offset)
+    rescue SelfSDK::Messages::UnmappedMessage
       nil
     end
 
     # Authenticates current client on the websocket server.
     def authenticate
       @auth_id = SecureRandom.uuid if @auth_id.nil?
-      @offset = read_offset
+      @offset = @storage.account_offset
 
       SelfSDK.logger.debug "authenticating with offset (#{@offset})"
 
@@ -529,23 +493,6 @@ module SelfSDK
       end
     end
 
-    def read_offset
-      return 0 unless File.exist? @offset_file
-
-      File.open(@offset_file, 'rb') do |f|
-        return f.read.to_i
-      end
-    end
-
-    def write_offset(offset)
-      File.open(@offset_file, 'wb') do |f|
-        f.flock(File::LOCK_EX)
-        f.write(offset.to_s.rjust(19, "0"))
-      end
-      SelfSDK.logger.debug "offset written #{offset}"
-      @offset = offset
-    end
-
     def select_priority(mtype)
       PRIORITIES[mtype] || SelfSDK::Messages::PRIORITY_VISIBLE
     end

data/lib/selfsdk.rb

@@ -14,7 +14,6 @@ require_relative 'client'
 require_relative 'messaging'
 require_relative 'ntptime'
 require_relative 'authenticated'
-require_relative 'acl'
 require_relative 'sources'
 require_relative 'services/auth'
 require_relative 'services/requester'
@@ -50,6 +49,7 @@ module SelfSDK
     # @option opts [String] :messaging_url The messaging self provider url.
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [Symbol] :env The environment to be used, defaults to ":production".
+    # @option opts [String] :storage  the library used to persist session data.
     def initialize(app_id, app_key, storage_key, storage_dir, opts = {})
       app_key = cleanup_key(app_key)
 
@@ -61,9 +61,12 @@ module SelfSDK
       messaging_url = messaging_url(opts)
       @started = false
       unless messaging_url.nil?
+        device_id = opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE)
+        storage = opts.fetch(:storage, SelfSDK::Storage.new(@client.jwt.id, device_id, storage_dir, storage_key))
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
                                                 storage_key,
+                                                storage,
                                                 storage_dir: storage_dir,
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))

data/lib/services/messaging.rb

@@ -32,37 +32,6 @@ module SelfSDK
         @client.subscribe(type, &block)
       end
 
-      # Permits incoming messages from the a identity.
-      #
-      # @param [String] selfid to be allowed.
-      # @return [Boolean] success / failure
-      def permit_connection(selfid)
-        acl.allow selfid
-      end
-
-      # Lists app allowed connections.
-      # @return [Array] array of self ids allowed to connect to your app.
-      def allowed_connections
-        acl.list
-      end
-
-      # Checks if you're permitting messages from a specific self identifier
-      # @return [Boolean] yes|no
-      def is_permitted?(id)
-        conns = allowed_connections
-        return true if conns.include? "*"
-        return true if conns.include? id
-        return false
-      end
-
-      # Revokes incoming messages from the given identity.
-      #
-      # @param [String] selfid to be denied
-      # @return [Boolean] success / failure
-      def revoke_connection(selfid)
-        acl.deny selfid
-      end
-
       # Gets the device id for the authenticated app.
       #
       # @return [String] device_id of the running app.
@@ -101,10 +70,6 @@ module SelfSDK
       end
 
       private
-
-      def acl
-        @acl ||= ACL.new(@client)
-      end
     end
   end
 end

data/lib/services/requester.rb

@@ -48,9 +48,6 @@ module SelfSDK
       def request(selfid, facts, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
         rq = opts.fetch(:request, true)
-        if rq
-          raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
-        end
 
         req = SelfSDK::Messages::FactRequest.new(@messaging)
         req.populate(selfid, prepare_facts(facts), opts)

data/lib/storage.rb

@@ -0,0 +1,236 @@
+# Copyright 2020 Self Group Ltd. All Rights Reserved.
+require 'sqlite3'
+
+module SelfSDK
+  class Storage
+    attr_accessor :app_id
+
+    def initialize(app_id, app_device, storage_folder, _key_id)
+      @app_id = sid(app_id, app_device)
+
+      # Create the storage folder if it does not exist
+      create_directory_skel("#{storage_folder}/identities/")
+
+      # Create the database
+      @db = SQLite3::Database.new(File.join("#{storage_folder}/identities/", 'self.db'))
+      set_pragmas
+      create_accounts_table
+      create_sessions_table
+      m = StorageMigrator.new(@db, "#{storage_folder}/apps", @app_id)
+      m.migrate
+    end
+
+    def tx
+      @db.transaction
+      yield
+      @db.commit
+    rescue SQLite3::Exception => e
+      @db.rollback
+    rescue => e
+      @db.rollback
+      raise e
+    end
+
+    def account_exists?
+      row = @db.execute("SELECT olm_account FROM accounts WHERE as_identifier = ?", [@app_id.encode("UTF-8")]).first
+      !row.nil?
+    end
+
+    def account_create(olm)
+      @db.execute("INSERT INTO accounts (as_identifier, offset, olm_account) VALUES (?, ?, ?);", [ @app_id.encode("UTF-8"), 0, olm.encode("UTF-8") ])
+    rescue
+    end
+
+    def account_update(olm)
+      @db.execute("UPDATE accounts SET olm_account = ? WHERE as_identifier = ?", [ olm.encode("UTF-8"), @app_id.encode("UTF-8") ])
+    end
+
+    def account_olm
+      row = @db.execute("SELECT olm_account FROM accounts WHERE as_identifier = ?;", [@app_id.encode("UTF-8")]).first
+      return nil unless row
+
+      row.first
+    end
+
+    def account_offset
+      row = @db.execute("SELECT offset FROM accounts WHERE as_identifier = ?;", @app_id.encode("UTF-8")).first
+      return nil unless row
+
+      row.first
+    end
+
+    def account_set_offset(offset)
+      @db.execute("UPDATE accounts SET offset = ? WHERE as_identifier = ?;", [ offset, @app_id.encode("UTF-8") ])
+    end
+
+    def session_create(sid, olm)
+      @db.execute("INSERT INTO sessions (as_identifier, with_identifier, olm_session) VALUES (?, ?, ?);", [ @app_id.encode("UTF-8"), sid.encode("UTF-8"), olm.encode("UTF-8") ])
+    end
+
+    def session_update(sid, olm)
+      row = @db.execute("SELECT olm_session FROM sessions WHERE as_identifier = ? AND with_identifier = ?", [@app_id.encode("UTF-8"), sid.encode("UTF-8")]).first
+      if row.nil?
+        session_create(sid, olm)
+      else
+        @db.execute("UPDATE sessions SET olm_session = ? WHERE as_identifier = ? AND with_identifier = ?;", [ olm.encode("UTF-8"), @app_id.encode("UTF-8"), sid.encode("UTF-8") ])
+      end
+    end
+
+    def session_get_olm(sid)
+      row = @db.execute("SELECT olm_session FROM sessions WHERE as_identifier = ? AND with_identifier = ?", [@app_id.encode("UTF-8"), sid.encode("UTF-8")]).first
+      return nil if row.nil?
+
+      row.first
+    end
+
+    def sid(selfid, device)
+      "#{selfid}:#{device}"
+    end
+
+    private
+
+    # Create a folder if it does not exist
+    def create_directory_skel(storage_folder)
+      FileUtils.mkdir_p storage_folder unless File.exist? storage_folder
+    rescue Errno::ENOENT
+      raise ERR_INVALID_DIRECTORY
+    rescue
+    end
+
+    def set_pragmas
+      pragma_statement = <<~SQL
+        PRAGMA synchronous = NORMAL;
+        PRAGMA journal_mode = WAL;
+        PRAGMA temp_store = MEMORY;
+      SQL
+
+      @db.execute_batch(pragma_statement)
+    rescue SQLite3::Exception => e
+      puts "Exception occurred: #{e}"
+    end
+
+    def create_accounts_table
+      accounts_table_statement = <<~SQL
+        CREATE TABLE IF NOT EXISTS accounts (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          as_identifier TEXT NOT NULL,
+          offset INTEGER NOT NULL,
+          olm_account BLOB NOT NULL
+        );
+        CREATE UNIQUE INDEX IF NOT EXISTS idx_accounts_as_identifier
+        ON accounts (as_identifier);
+      SQL
+
+      @db.execute_batch(accounts_table_statement)
+    rescue SQLite3::Exception => e
+      puts "Exception occurred: #{e}"
+    end
+
+    def create_sessions_table
+      # TODO we could deduplicate as_identifier and with_identifier here
+      # by creating a record for each on a new identifier table,
+      # but this is only temporary
+      session_table_statement = <<~SQL
+        CREATE TABLE IF NOT EXISTS sessions (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          as_identifier TEXT NOT NULL,
+          with_identifier TEXT NOT NULL,
+          olm_session BLOB NOT NULL
+        );
+        CREATE UNIQUE INDEX IF NOT EXISTS idx_sessions_with_identifier
+        ON sessions (as_identifier, with_identifier);
+      SQL
+
+      @db.execute_batch(session_table_statement)
+    rescue SQLite3::Exception => e
+      puts "Exception occurred: #{e}"
+    end
+  end
+
+  class StorageMigrator
+    def initialize(db, storage_folder, app_id)
+      @db = db
+      # Old versions of the sdk using that same storage folder shouldn't be affected in any way
+
+      @base_path = "#{storage_folder}/#{app_id.split(':').first}"
+      @app_id = app_id
+    end
+
+    def migrate
+      return unless File.exist?(@base_path)
+
+      # Parse the account information.
+      accounts = parse_accounts
+
+      persist_accounts(accounts)
+
+      # Depreciate the base path.
+      File.rename("#{@base_path}", "#{@base_path}-depreciated")
+    end
+
+    private
+
+    def parse_accounts
+      accounts = {}
+
+      Dir.glob(File.join(@base_path, "**/*")).each do |path|
+        if File.directory?(path)
+          next
+        end
+
+        case File.extname(path)
+        when ".offset"
+          file_name = File.basename(path, ".offset")
+          offset = File.read(path)[0, 19].to_i
+
+          accounts[file_name] = {} unless accounts.key? file_name
+          accounts[file_name][:offset] = offset
+        when ".pickle"
+          file_name = File.basename(path, ".pickle")
+          content = File.read(path)
+
+          accounts[@app_id] = {} unless accounts.key? @app_id
+          if file_name == "account"
+            accounts[@app_id][:account] = content
+          else
+            if accounts.key? @app_id
+              accounts[@app_id][:sessions] = [] unless accounts[@app_id].key? :sessions
+              accounts[@app_id][:sessions] << {
+                with: file_name.sub("-session", ""),
+                session: content
+              }
+              next
+            end
+            accounts[@app_id][:account] = content
+          end
+        end
+      end
+
+      accounts
+    end
+
+    def persist_accounts(accounts)
+      @db.transaction
+      accounts.each do |inbox_id, account|
+        @db.execute(
+          "INSERT INTO accounts (as_identifier, offset, olm_account) VALUES ($1, $2, $3)",
+          [inbox_id, account[:offset], account[:account]]
+        )
+
+        account[:sessions].each do |session|
+          @db.execute(
+            "INSERT INTO sessions (as_identifier, with_identifier, olm_session) VALUES ($1, $2, $3)",
+            [inbox_id, session[:with], session[:session]]
+          )
+        end
+      end
+
+      @db.commit
+    rescue SQLite3::Exception => e
+      puts "Exception occurred"
+      puts e
+      puts e.backtrace
+      @db.rollback
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.216
+  version: 0.0.218
 platform: ruby
 authors:
 - Self Group Ltd.
@@ -178,6 +178,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -350,7 +364,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/acl.rb
 - lib/authenticated.rb
 - lib/chat/file_object.rb
 - lib/chat/group.rb
@@ -396,6 +409,7 @@ files:
 - lib/signature_graph.rb
 - lib/source_definition.rb
 - lib/sources.rb
+- lib/storage.rb
 homepage: https://www.joinself.com/
 licenses:
 - MIT

data/lib/acl.rb

@@ -1,67 +0,0 @@
-# Copyright 2020 Self Group Ltd. All Rights Reserved.
-
-# frozen_string_literal: true
-
-require 'date'
-
-# Namespace for classes and modules that handle Self interactions.
-module SelfSDK
-  # Access control list
-  class ACL
-    def initialize(messaging)
-      @messaging = messaging
-      @jwt = @messaging.jwt
-      @acl_rules = []
-    end
-
-    # Lists allowed connections.
-    def list
-      SelfSDK.logger.info "Listing allowed connections"
-      @acl_rules = @messaging.list_acl_rules if @acl_rules.empty?
-      @acl_rules
-    end
-
-    # Allows incomming messages from the given identity.
-    def allow(id)
-      @acl_rules << id
-      SelfSDK.logger.info "Allowing connections from #{id}"
-      payload = @jwt.prepare(jti: SecureRandom.uuid,
-                             cid: SecureRandom.uuid,
-                             typ: 'acl.permit',
-                             iss: @jwt.id,
-                             sub: @jwt.id,
-                             iat: (SelfSDK::Time.now - 5).strftime('%FT%TZ'),
-                             exp: (SelfSDK::Time.now + 60).strftime('%FT%TZ'),
-                             acl_source: id,
-                             acl_exp: (SelfSDK::Time.now + 360_000).to_datetime.rfc3339)
-
-      a = SelfMsg::Acl.new
-      a.id = SecureRandom.uuid
-      a.command = SelfMsg::AclCommandPERMIT
-      a.payload = payload
-
-      @messaging.send_message a
-    end
-
-    # Deny incomming messages from the given identity.
-    def deny(id)
-      @acl_rules.delete(id)
-      SelfSDK.logger.info "Denying connections from #{id}"
-      payload = @jwt.prepare(jti: SecureRandom.uuid,
-                             cid: SecureRandom.uuid,
-                             typ: 'acl.revoke',
-                             iss: @jwt.id,
-                             sub: @jwt.id,
-                             iat: (SelfSDK::Time.now - 5).strftime('%FT%TZ'),
-                             exp: (SelfSDK::Time.now + 60).strftime('%FT%TZ'),
-                             acl_source: id,
-                             acl_exp: (SelfSDK::Time.now + 360_000).to_datetime.rfc3339)
-
-      a = SelfMsg::Acl.new
-      a.id = SecureRandom.uuid
-      a.command = SelfMsg::AclCommandREVOKE
-      a.payload = payload
-      @messaging.send_message a
-    end
-  end
-end