diff options
Diffstat (limited to 'soledad/shared_db.py')
-rw-r--r-- | soledad/shared_db.py | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/soledad/shared_db.py b/soledad/shared_db.py new file mode 100644 index 00000000..c27bba71 --- /dev/null +++ b/soledad/shared_db.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +""" +Created on Tue Mar 5 18:46:38 2013 + +@author: drebs +""" + +try: + import simplejson as json +except ImportError: + import json # noqa + +from u1db import errors +from u1db.remote import http_database + + +#----------------------------------------------------------------------------- +# Soledad shared database +#----------------------------------------------------------------------------- + +class NoTokenForAuth(Exception): + """ + No token was found for token-based authentication. + """ + + +class Unauthorized(Exception): + """ + User does not have authorization to perform task. + """ + + +class SoledadSharedDatabase(http_database.HTTPDatabase): + """ + This is a shared HTTP database that holds users' encrypted keys. + + An authorization token is attached to every request other than + get_doc_unauth, which has the purpose of retrieving encrypted content from + the shared database without the need to associate user information with + the request. + """ + # TODO: prevent client from messing with the shared DB. + # TODO: define and document API. + + @staticmethod + def open_database(url, create, token=None): + """ + Open a Soledad shared database. + """ + db = SoledadSharedDatabase(url, token=token) + db.open(create) + return db + + @staticmethod + def delete_database(url): + """ + Dummy method that prevents from deleting shared database. + """ + raise Unauthorized("Can't delete shared database.") + + def __init__(self, url, document_factory=None, creds=None, token=None): + """ + Initialize database with auth token and encryption powers. + """ + self._token = token + super(SoledadSharedDatabase, self).__init__(url, document_factory, + creds) + + def _request(self, method, url_parts, params=None, body=None, + content_type=None, auth=True): + """ + Perform token-based http request. + """ + # add the auth-token as a request parameter + if auth: + if not self._token: + raise NoTokenForAuth() + if not params: + params = {} + params['auth_token'] = self._token + return super(SoledadSharedDatabase, self)._request( + method, url_parts, + params, + body, + content_type) + + def _request_json(self, method, url_parts, params=None, body=None, + content_type=None, auth=True): + """ + Perform token-based http request. + """ + # allow for token-authenticated requests. + res, headers = self._request(method, url_parts, + params=params, body=body, + content_type=content_type, auth=auth) + return json.loads(res), headers + + def get_doc_unauth(self, doc_id): + """ + Modified method to allow for unauth request. + """ + db = http_database.HTTPDatabase(self._url, factory=self._factory, + creds=self._creds) + return db.get_doc(doc_id) |