summaryrefslogtreecommitdiff
path: root/soledad/shared_db.py
diff options
context:
space:
mode:
Diffstat (limited to 'soledad/shared_db.py')
-rw-r--r--soledad/shared_db.py104
1 files changed, 104 insertions, 0 deletions
diff --git a/soledad/shared_db.py b/soledad/shared_db.py
new file mode 100644
index 00000000..c27bba71
--- /dev/null
+++ b/soledad/shared_db.py
@@ -0,0 +1,104 @@
+# -*- coding: utf-8 -*-
+"""
+Created on Tue Mar 5 18:46:38 2013
+
+@author: drebs
+"""
+
+try:
+ import simplejson as json
+except ImportError:
+ import json # noqa
+
+from u1db import errors
+from u1db.remote import http_database
+
+
+#-----------------------------------------------------------------------------
+# Soledad shared database
+#-----------------------------------------------------------------------------
+
+class NoTokenForAuth(Exception):
+ """
+ No token was found for token-based authentication.
+ """
+
+
+class Unauthorized(Exception):
+ """
+ User does not have authorization to perform task.
+ """
+
+
+class SoledadSharedDatabase(http_database.HTTPDatabase):
+ """
+ This is a shared HTTP database that holds users' encrypted keys.
+
+ An authorization token is attached to every request other than
+ get_doc_unauth, which has the purpose of retrieving encrypted content from
+ the shared database without the need to associate user information with
+ the request.
+ """
+ # TODO: prevent client from messing with the shared DB.
+ # TODO: define and document API.
+
+ @staticmethod
+ def open_database(url, create, token=None):
+ """
+ Open a Soledad shared database.
+ """
+ db = SoledadSharedDatabase(url, token=token)
+ db.open(create)
+ return db
+
+ @staticmethod
+ def delete_database(url):
+ """
+ Dummy method that prevents from deleting shared database.
+ """
+ raise Unauthorized("Can't delete shared database.")
+
+ def __init__(self, url, document_factory=None, creds=None, token=None):
+ """
+ Initialize database with auth token and encryption powers.
+ """
+ self._token = token
+ super(SoledadSharedDatabase, self).__init__(url, document_factory,
+ creds)
+
+ def _request(self, method, url_parts, params=None, body=None,
+ content_type=None, auth=True):
+ """
+ Perform token-based http request.
+ """
+ # add the auth-token as a request parameter
+ if auth:
+ if not self._token:
+ raise NoTokenForAuth()
+ if not params:
+ params = {}
+ params['auth_token'] = self._token
+ return super(SoledadSharedDatabase, self)._request(
+ method, url_parts,
+ params,
+ body,
+ content_type)
+
+ def _request_json(self, method, url_parts, params=None, body=None,
+ content_type=None, auth=True):
+ """
+ Perform token-based http request.
+ """
+ # allow for token-authenticated requests.
+ res, headers = self._request(method, url_parts,
+ params=params, body=body,
+ content_type=content_type, auth=auth)
+ return json.loads(res), headers
+
+ def get_doc_unauth(self, doc_id):
+ """
+ Modified method to allow for unauth request.
+ """
+ db = http_database.HTTPDatabase(self._url, factory=self._factory,
+ creds=self._creds)
+ return db.get_doc(doc_id)