ACT grantee management (#37)

* implement grantee management

* Add POST endpoint + fixes

* Save grantees as pubkey list and fix remove error; CHG: act-handler logger names

* Refactor: pass getter, putter to controller functions

* Refactor: error handling in dynamicaccess; Read cache header only for download handlers

* CHG: grantees ref is encrypted and added to history ref + tests

* Fix nil pointer dereference panic

* CHG: put actref in handlegrantees; Add: pin, tag,deferred headers

* CHG: pass loadsave to handlers; check if history address is nil

* FIX: re-init history so that it can be saved; only add publisher if histroy is zero

* make act timestamp optional

* fix revoke grantees

* Fix: Act timestamp header nil check; Uploadhandler UT

* Fix controller nil pointer deref

---------

Co-authored-by: Bálint Ujvári <[email protected]>

pkg/dynamicaccess/controller.go

@@ -35,7 +35,6 @@ type Controller interface {
 
 type controller struct {
 	accessLogic ActLogic
-	datadir     string
 }
 
 var _ Controller = (*controller)(nil)
@@ -56,7 +55,7 @@ func (c *controller) DownloadHandler(
 	if err != nil {
 		return swarm.ZeroAddress, err
 	}
-	act, err := kvs.NewManifestReference(ls, entry.Reference())
+	act, err := kvs.NewReference(ls, entry.Reference())
 	if err != nil {
 		return swarm.ZeroAddress, err
 	}
@@ -112,7 +111,7 @@ func (c *controller) UploadHandler(
 		if err != nil {
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
-		storage, err = kvs.NewManifestReference(ls, actRef)
+		storage, err = kvs.NewReference(ls, actRef)
 		if err != nil {
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
@@ -122,10 +121,9 @@ func (c *controller) UploadHandler(
 	return actRef, historyRef, encryptedRef, err
 }
 
-func NewController(accessLogic ActLogic, datadir string) Controller {
+func NewController(accessLogic ActLogic) Controller {
 	return &controller{
 		accessLogic: accessLogic,
-		datadir:     datadir,
 	}
 }
 
@@ -155,7 +153,7 @@ func (c *controller) HandleGrantees(
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
 		actref := entry.Reference()
-		act, err = kvs.NewManifestReference(ls, actref)
+		act, err = kvs.NewReference(ls, actref)
 		if err != nil {
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
@@ -164,6 +162,15 @@ func (c *controller) HandleGrantees(
 		if err != nil {
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
+		// generate new access key and new act
+		act, err = kvs.New(ls)
+		if err != nil {
+			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
+		}
+		err = c.accessLogic.AddPublisher(ctx, act, publisher)
+		if err != nil {
+			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
+		}
 	}
 
 	var gl GranteeList
@@ -197,17 +204,15 @@ func (c *controller) HandleGrantees(
 	}
 
 	var granteesToAdd []*ecdsa.PublicKey
-	// generate new access key and new act
 	if len(removeList) != 0 || encryptedglref.IsZero() {
-		act, err = kvs.NewManifest(ls)
+		// generate new access key and new act
+		act, err = kvs.New(ls)
 		if err != nil {
 			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
-		if historyref.IsZero() {
-			err = c.accessLogic.AddPublisher(ctx, act, publisher)
-			if err != nil {
-				return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
-			}
+		err = c.accessLogic.AddPublisher(ctx, act, publisher)
+		if err != nil {
+			return swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, swarm.ZeroAddress, err
 		}
 		granteesToAdd = gl.Get()
 	} else {

pkg/dynamicaccess/controller_test.go

@@ -29,11 +29,11 @@ func getHistoryFixture(ctx context.Context, ls file.LoadSaver, al dynamicaccess.
 	kvs0, _ := kvs.NewManifest(ls)
 	al.AddPublisher(ctx, kvs0, publisher)
 	kvs0Ref, _ := kvs0.Save(ctx)
-	kvs1, _ := kvs.NewManifest(ls)
+	kvs1, _ := kvs.New(ls)
 	al.AddPublisher(ctx, kvs1, publisher)
 	al.AddGrantee(ctx, kvs1, publisher, &pk1.PublicKey, nil)
 	kvs1Ref, _ := kvs1.Save(ctx)
-	kvs2, _ := kvs.NewManifest(ls)
+	kvs2, _ := kvs.New(ls)
 	al.AddPublisher(ctx, kvs2, publisher)
 	al.AddGrantee(ctx, kvs2, publisher, &pk2.PublicKey, nil)
 	kvs2Ref, _ := kvs2.Save(ctx)
@@ -48,13 +48,11 @@ func getHistoryFixture(ctx context.Context, ls file.LoadSaver, al dynamicaccess.
 }
 
 func TestController_UploadHandler(t *testing.T) {
-	t.Parallel()
-	dir := t.TempDir()
 	ctx := context.Background()
 	publisher := getPrivKey(0)
 	diffieHellman := dynamicaccess.NewDefaultSession(publisher)
 	al := dynamicaccess.NewLogic(diffieHellman)
-	c := dynamicaccess.NewController(al, dir)
+	c := dynamicaccess.NewController(al)
 	ls := createLs()
 
 	t.Run("New upload", func(t *testing.T) {
@@ -65,7 +63,7 @@ func TestController_UploadHandler(t *testing.T) {
 		h, _ := dynamicaccess.NewHistoryReference(ls, hRef)
 		entry, _ := h.Lookup(ctx, time.Now().Unix())
 		actRef := entry.Reference()
-		act, _ := kvs.NewManifestReference(ls, actRef)
+		act, _ := kvs.NewReference(ls, actRef)
 		expRef, err := al.EncryptRef(ctx, act, &publisher.PublicKey, ref)
 
 		assert.NoError(t, err)
@@ -88,7 +86,7 @@ func TestController_UploadHandler(t *testing.T) {
 		h, _ = dynamicaccess.NewHistoryReference(ls, hRef2)
 		entry, _ := h.Lookup(ctx, time.Now().Unix())
 		actRef := entry.Reference()
-		act, _ := kvs.NewManifestReference(ls, actRef)
+		act, _ := kvs.NewReference(ls, actRef)
 		expRef, err := al.EncryptRef(ctx, act, &publisher.PublicKey, ref)
 
 		assert.NoError(t, err)
@@ -98,20 +96,18 @@ func TestController_UploadHandler(t *testing.T) {
 }
 
 func TestController_PublisherDownload(t *testing.T) {
-	t.Parallel()
-	dir := t.TempDir()
 	ctx := context.Background()
 	publisher := getPrivKey(0)
 	diffieHellman := dynamicaccess.NewDefaultSession(publisher)
 	al := dynamicaccess.NewLogic(diffieHellman)
-	c := dynamicaccess.NewController(al, dir)
+	c := dynamicaccess.NewController(al)
 	ls := createLs()
 	ref := swarm.RandAddress(t)
 	href, err := getHistoryFixture(ctx, ls, al, &publisher.PublicKey)
 	h, err := dynamicaccess.NewHistoryReference(ls, href)
 	entry, err := h.Lookup(ctx, time.Now().Unix())
 	actRef := entry.Reference()
-	act, err := kvs.NewManifestReference(ls, actRef)
+	act, err := kvs.NewReference(ls, actRef)
 	encRef, err := al.EncryptRef(ctx, act, &publisher.PublicKey, ref)
 
 	assert.NoError(t, err)
@@ -121,25 +117,23 @@ func TestController_PublisherDownload(t *testing.T) {
 }
 
 func TestController_GranteeDownload(t *testing.T) {
-	t.Parallel()
 	ctx := context.Background()
 	publisher := getPrivKey(0)
 	grantee := getPrivKey(2)
 	publisherDH := dynamicaccess.NewDefaultSession(publisher)
 	publisherAL := dynamicaccess.NewLogic(publisherDH)
-	dir := t.TempDir()
 
 	diffieHellman := dynamicaccess.NewDefaultSession(grantee)
 	al := dynamicaccess.NewLogic(diffieHellman)
 	ls := createLs()
-	c := dynamicaccess.NewController(al, dir)
+	c := dynamicaccess.NewController(al)
 	ref := swarm.RandAddress(t)
 	href, err := getHistoryFixture(ctx, ls, publisherAL, &publisher.PublicKey)
 	h, err := dynamicaccess.NewHistoryReference(ls, href)
 	ts := time.Date(2001, time.April, 1, 0, 0, 0, 0, time.UTC).Unix()
 	entry, err := h.Lookup(ctx, ts)
 	actRef := entry.Reference()
-	act, err := kvs.NewManifestReference(ls, actRef)
+	act, err := kvs.NewReference(ls, actRef)
 	encRef, err := publisherAL.EncryptRef(ctx, act, &publisher.PublicKey, ref)
 
 	assert.NoError(t, err)
@@ -149,17 +143,15 @@ func TestController_GranteeDownload(t *testing.T) {
 }
 
 func TestController_HandleGrantees(t *testing.T) {
-	t.Parallel()
 	ctx := context.Background()
-	dir := t.TempDir()
 	publisher := getPrivKey(1)
 	diffieHellman := dynamicaccess.NewDefaultSession(publisher)
 	al := dynamicaccess.NewLogic(diffieHellman)
 	keys, _ := al.Session.Key(&publisher.PublicKey, [][]byte{{1}})
 	refCipher := encryption.New(keys[0], 0, uint32(0), sha3.NewLegacyKeccak256)
 	ls := createLs()
 	gls := loadsave.New(mockStorer.ChunkStore(), mockStorer.Cache(), requestPipelineFactory(context.Background(), mockStorer.Cache(), true, redundancy.NONE))
-	c := dynamicaccess.NewController(al, dir)
+	c := dynamicaccess.NewController(al)
 	href, _ := getHistoryFixture(ctx, ls, al, &publisher.PublicKey)
 
 	grantee1 := getPrivKey(0)
@@ -226,10 +218,8 @@ func TestController_HandleGrantees(t *testing.T) {
 }
 
 func TestController_GetGrantees(t *testing.T) {
-	t.Parallel()
 	ctx := context.Background()
 	publisher := getPrivKey(1)
-	dir := t.TempDir()
 	caller := getPrivKey(0)
 	grantee := getPrivKey(2)
 	diffieHellman1 := dynamicaccess.NewDefaultSession(publisher)
@@ -238,8 +228,8 @@ func TestController_GetGrantees(t *testing.T) {
 	al2 := dynamicaccess.NewLogic(diffieHellman2)
 	ls := createLs()
 	gls := loadsave.New(mockStorer.ChunkStore(), mockStorer.Cache(), requestPipelineFactory(context.Background(), mockStorer.Cache(), true, redundancy.NONE))
-	c1 := dynamicaccess.NewController(al1, dir)
-	c2 := dynamicaccess.NewController(al2, dir)
+	c1 := dynamicaccess.NewController(al1)
+	c2 := dynamicaccess.NewController(al2)
 
 	t.Run("get by publisher", func(t *testing.T) {
 		addList := []*ecdsa.PublicKey{&grantee.PublicKey}

pkg/dynamicaccess/grantee_test.go

@@ -42,7 +42,6 @@ func generateKeyListFixture() ([]*ecdsa.PublicKey, error) {
 }
 
 func TestGranteeAddGet(t *testing.T) {
-	t.Parallel()
 	gl, _ := dynamicaccess.NewGranteeList(createLs())
 	keys, err := generateKeyListFixture()
 	if err != nil {
@@ -107,7 +106,6 @@ func TestGranteeAddGet(t *testing.T) {
 }
 
 func TestGranteeRemove(t *testing.T) {
-	t.Parallel()
 	gl, _ := dynamicaccess.NewGranteeList(createLs())
 	keys, err := generateKeyListFixture()
 	if err != nil {
@@ -214,7 +212,6 @@ func TestGranteeSave(t *testing.T) {
 }
 
 func TestGranteeRemoveTwo(t *testing.T) {
-	t.Parallel()
 	gl, _ := dynamicaccess.NewGranteeList(createLs())
 	keys, err := generateKeyListFixture()
 	if err != nil {

pkg/node/devnode.go

@@ -238,8 +238,7 @@ func NewDevBee(logger log.Logger, o *DevOptions) (b *DevBee, err error) {
 
 	session := dynamicaccess.NewDefaultSession(mockKey)
 	actLogic := dynamicaccess.NewLogic(session)
-	// TODO: mock data dir ?
-	dac := dynamicaccess.NewController(actLogic, "todo")
+	dac := dynamicaccess.NewController(actLogic)
 	b.dacCloser = dac
 
 	pssService := pss.New(mockKey, logger)

pkg/node/node.go

@@ -776,7 +776,7 @@ func NewBee(
 	evictFn = func(id []byte) error { return localStore.EvictBatch(context.Background(), id) }
 
 	actLogic := dynamicaccess.NewLogic(session)
-	dac := dynamicaccess.NewController(actLogic, o.DataDir)
+	dac := dynamicaccess.NewController(actLogic)
 	b.dacCloser = dac
 
 	var (