feat: 🔒 sign pagination

mdcpp · Dec 11, 2023 · a1d92e3 · a1d92e3
1 parent aea9ec9
commit a1d92e3
Show file tree

Hide file tree

Showing 10 changed files with 120 additions and 69 deletions.
diff --git a/backend/Cargo.lock b/backend/Cargo.lock
diff --git a/backend/Cargo.toml b/backend/Cargo.toml
@@ -32,14 +32,17 @@ tracing-opentelemetry = "0.22.0"
 rand = "0.8.5"
 rand_hc = "0.3.2"
 blake2 = "0.10.6"
-k256 = "0.13.2"
 # a lot of opentelemetry dependencies
 opentelemetry = {version="0.21.0", features = ["metrics"]}
 opentelemetry_sdk = { version = "0.21.1", features = ["rt-tokio","metrics"] }
 opentelemetry-stdout = { version = "0.2.0", features = ["metrics"] }
 opentelemetry-semantic-conventions = "0.13.0"
 opentelemetry-otlp = { version = "0.14.0", features = ["metrics"] }
 
+[dependencies.k256]
+version = "0.13.2"
+features = ["arithmetic","serde","sha256"]
+
 [dependencies.tokio-stream]
 version = "0.1.14"
 features = ["sync"]

diff --git a/backend/src/controller/crypto.rs b/backend/src/controller/crypto.rs
@@ -1,11 +1,14 @@
-use rand::SeedableRng;
+use k256::ecdsa::{
+    signature::{Signer, Verifier},
+    Signature, SigningKey, VerifyingKey,
+};
+use rand::{rngs::OsRng, SeedableRng};
 use rand_hc::Hc128Rng;
-use serde::{de::DeserializeOwned, Serialize};
+use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use spin::Mutex;
 use tracing::Span;
-use k256::{SecretKey, Secp256k1, PublicKey};
 
-use crate::{init::config::GlobalConfig, report_internal};
+use crate::init::config::GlobalConfig;
 use blake2::{Blake2b512, Digest};
 
 type Result<T> = std::result::Result<T, Error>;
@@ -16,30 +19,14 @@ pub enum Error {
     Bincode(#[from] bincode::Error),
     #[error("Invalid signature")]
     InvalidSignature,
-    #[error("Encode error")]
-    Encode,
-    #[error("Decode error")]
-    Decode,
 }
 
 impl From<Error> for tonic::Status {
     fn from(value: Error) -> Self {
-        match value {
-            Error::Bincode(_) => report_internal!(debug, "`{}`", value),
-            Error::InvalidSignature => report_internal!(trace, "`{}`", value),
-            Error::Encode => report_internal!(trace, "`{}`", value),
-            Error::Decode => tonic::Status::invalid_argument("signature is invalid"),
-        }
+        tonic::Status::invalid_argument("Invalid signature")
     }
 }
 
-pub struct CryptoController {
-    salt: Vec<u8>,
-    rng: Mutex<Hc128Rng>,
-    secret:SecretKey,
-    public:PublicKey,
-}
-
 #[derive(PartialEq, Eq)]
 pub struct HashValue(Vec<u8>);
 
@@ -55,18 +42,30 @@ impl From<HashValue> for Vec<u8> {
     }
 }
 
+#[derive(Serialize, Deserialize)]
+struct Signed {
+    data: Vec<u8>,
+    signature: Signature,
+}
+pub struct CryptoController {
+    salt: Vec<u8>,
+    signing_key: SigningKey,
+    verifying_key: VerifyingKey,
+}
+
 impl CryptoController {
     #[tracing::instrument(parent=span,name="crypto_construct",level = "info",skip_all)]
     pub fn new(config: &GlobalConfig, span: &Span) -> Self {
         let salt = config.database.salt.as_bytes().to_vec();
 
-        let mut rng = Hc128Rng::from_entropy();
-        let secret=SecretKey::random(&mut rng);
-        let public=secret.public_key();
+        let signing_key = SigningKey::random(&mut OsRng);
+
+        let verifying_key = signing_key.verifying_key().clone();
+
         Self {
             salt,
-            rng: Mutex::new(rng),
-            secret,public
+            signing_key,
+            verifying_key,
         }
     }
     #[tracing::instrument(name = "crypto_hasheq_controller", level = "debug", skip_all)]
@@ -90,13 +89,27 @@ impl CryptoController {
     }
     #[tracing::instrument(level = "trace", skip_all)]
     pub fn encode<M: Serialize>(&self, obj: M) -> Result<Vec<u8>> {
-        let mut raw = bincode::serialize(&obj)?;
+        let raw = bincode::serialize(&obj)?;
 
-        todo!()
+        let signature: Signature = self.signing_key.sign(&raw);
+
+        let signed = Signed {
+            data: raw,
+            signature,
+        };
+        Ok(bincode::serialize(&signed)?)
     }
     #[tracing::instrument(level = "trace", skip_all)]
     pub fn decode<M: DeserializeOwned>(&self, raw: Vec<u8>) -> Result<M> {
-        todo!()
+        let raw: Signed = bincode::deserialize(&raw)?;
+        let signature = raw.signature;
+
+        self.verifying_key
+            .verify(&raw.data, &signature)
+            .map_err(|_| Error::InvalidSignature)?;
+
+        let obj = bincode::deserialize(&raw.data)?;
+        Ok(obj)
     }
 }
 

diff --git a/backend/src/endpoint/contest.rs b/backend/src/endpoint/contest.rs
@@ -106,7 +106,7 @@ impl ContestSet for Arc<Server> {
             }
             list_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as NoParentPager<Entity>>::from_raw(old.session)?
+                <Pager<Entity> as NoParentPager<Entity>>::from_raw(old.session, &self)?
             }
         };
 
@@ -117,7 +117,7 @@ impl ContestSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListContestResponse { list, next_session }))
     }
@@ -133,7 +133,7 @@ impl ContestSet for Arc<Server> {
             text_search_request::Request::Text(create) => Pager::text_search(create),
             text_search_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<_> as NoParentPager<Entity>>::from_raw(old.session)?
+                <Pager<_> as NoParentPager<Entity>>::from_raw(old.session, &self)?
             }
         };
 
@@ -144,7 +144,7 @@ impl ContestSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListContestResponse { list, next_session }))
     }

diff --git a/backend/src/endpoint/education.rs b/backend/src/endpoint/education.rs
@@ -234,7 +234,10 @@ impl EducationSet for Arc<Server> {
             }
             list_by_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -245,7 +248,7 @@ impl EducationSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListEducationResponse { list, next_session }))
     }

diff --git a/backend/src/endpoint/problem.rs b/backend/src/endpoint/problem.rs
@@ -112,7 +112,10 @@ impl ProblemSet for Arc<Server> {
             }
             list_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<contest::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<contest::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -123,7 +126,7 @@ impl ProblemSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListProblemResponse { list, next_session }))
     }
@@ -142,7 +145,7 @@ impl ProblemSet for Arc<Server> {
             }
             text_search_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<_> as HasParentPager<contest::Entity, Entity>>::from_raw(old.session)?
+                <Pager<_> as HasParentPager<contest::Entity, Entity>>::from_raw(old.session, &self)?
             }
         };
 
@@ -153,7 +156,7 @@ impl ProblemSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListProblemResponse { list, next_session }))
     }
@@ -409,7 +412,10 @@ impl ProblemSet for Arc<Server> {
             }
             list_by_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<contest::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<contest::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -420,7 +426,7 @@ impl ProblemSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListProblemResponse { list, next_session }))
     }

diff --git a/backend/src/endpoint/submit.rs b/backend/src/endpoint/submit.rs
@@ -75,7 +75,10 @@ impl SubmitSet for Arc<Server> {
             }
             list_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -86,7 +89,7 @@ impl SubmitSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListSubmitResponse { list, next_session }))
     }
@@ -106,7 +109,10 @@ impl SubmitSet for Arc<Server> {
             }
             list_by_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -117,7 +123,7 @@ impl SubmitSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListSubmitResponse { list, next_session }))
     }

diff --git a/backend/src/endpoint/testcase.rs b/backend/src/endpoint/testcase.rs
@@ -95,7 +95,10 @@ impl TestcaseSet for Arc<Server> {
             }
             list_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -106,7 +109,7 @@ impl TestcaseSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListTestcaseResponse { list, next_session }))
     }
@@ -293,7 +296,10 @@ impl TestcaseSet for Arc<Server> {
             }
             list_by_request::Request::Pager(old) => {
                 reverse = old.reverse;
-                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(old.session)?
+                <Pager<Entity> as HasParentPager<problem::Entity, Entity>>::from_raw(
+                    old.session,
+                    &self,
+                )?
             }
         };
 
@@ -304,7 +310,7 @@ impl TestcaseSet for Arc<Server> {
             .map(|x| x.into())
             .collect();
 
-        let next_session = pager.into_raw();
+        let next_session = pager.into_raw(&self);
 
         Ok(Response::new(ListTestcaseResponse { list, next_session }))
     }