Commit Graph

120 Commits

Author SHA1 Message Date
Filippo Valsorda f9cfd754a2 blobserver/encrypt: rewrite encryption to use NaCl and a simpler meta
NaCl offers authenticated encryption, which means that the blobstore
can't tamper with the data.  Since SHA-1 were checked one could not
change a blob outright, but could add new blobs by tampering with the
meta blobs, too.  It's true that only signed blobs should cause actions
just by being present, but we are already far too deep in the chain of
assumptions, just not to spend a bit of CPU adding a MAC.  The new
scheme is much easier to prove secure.

Also simplified the meta by removing the IV (which is in the encrypted
blob anyway) and the encrypted size (which is plaintext size + overhead).

Finally, added tests (including a storagetest) and tried to make this
sort of production-ready.

Still to do are meta compaction and a way to regenerate the meta from
the blobs, in case of meta corruption (which now we can do securely
thanks to NaCl authentication).

golang.org/x/crypto/nacl/secretbox:
golang.org/x/crypto/poly1305:
golang.org/x/crypto/salsa20/salsa:
golang.org/x/crypto/scrypt:
golang.org/x/crypto/pbkdf2:
	1e61df8d9ea476e2e1504cd9a32b40280c7c6c7e

Change-Id: I095c6204ac093f6292c7943dbb77655d2c51aba6
2017-12-29 14:16:34 -08:00
mpl 0cc6301f12 config: rm gphotos importer
Since it's not yet ready.

Change-Id: I2009aefeca8a2feab8b053f5eb8b0370e22f6732
2017-05-09 23:32:31 +02:00
Tamás Gulácsi 0bfa352bae pkg/importer: add gphotos, a Google Photos importer
Uses the Google Drive API to import photos from the Google Photos folder
in Google Drive.

Still a work in progress, so not yet added to allimporters.

Issues #874 #896

Change-Id: I9b9bffe071434b2a55be667579c3699a3addb8ed
2017-05-08 18:41:34 +02:00
Mathieu Lonjaret 1486c78dec Merge "app/scanningcabinet: move static UI files to folder" 2017-03-27 14:23:15 +00:00
Mathieu Lonjaret e0107f74bc Merge "Initial cut at importing financial transactions using Plaid.com. No Plaid-specific UI in this first pass; just import/data model only." 2017-03-26 00:24:48 +00:00
Michael Morrissey f35578a2e2 Initial cut at importing financial transactions using Plaid.com. No Plaid-specific UI in this first pass; just import/data model only.
vendor: add github.com/plaid/plaid-go at rev 02b6af68061bf89a293eaf15dc6c955ce02dd22b

Change-Id: I1003d1d21416b9f2c7eb40085e62ec8481a0c6ed
2017-03-25 10:41:01 -04:00
Steve Armstrong 9e2e35cf6f app/scanningcabinet: move static UI files to folder
Change-Id: I410fbaf0a113732cc2bde319607edab384122678
2017-03-24 21:36:03 -07:00
mpl 1d32408503 pkg/server: make share handler support share deletions
Since we don't actually ever remove blobs (until we add garbage
collection, and even then), if a share claim gets deleted (with a delete
claim), the only knowledge of the deletion resides in the Index.

So when the share handler verifies the sharing chain, there is nothing
preventing it from reading a supposedly deleted share claim (from the
blobserver), and concluding that the share chain is valid.

This change adds the index handler to the share handler, so it can check
the deletion status of a share claim, and hence support "share
cancellation".

Fixes #914

Change-Id: I572fdddee30e745aa2d2a6720c83c8e8c916515d
2017-03-24 22:33:50 +01:00
Euan Kemp 9ebb29e28e devcam/server: update default config with prefix
This update the default configuration such that `devcam server` and
`devcam server -hello` work again. Changes in whether prefix and listen
were required on the application left both of those targets broken.

The default server target was only broken briefly, when the scanning
cabinet was introduced.

The `server -hello` command has been broken for months.

This change is a temporary one. A more proper fix is present in
https://camlistore-review.googlesource.com/#/c/9206/.

Once that change is merged, this commit can be reverted.

Change-Id: If692760da265502fece3b981bdd34d4d5bea5690
2017-03-04 12:29:49 -08:00
mpl 5a24ffd854 new app: scanning cabinet
WARNING: this app is still experimental, and even its data schema might
change. Do not use in production.

This change adds a Camlistore-based port of the scanning cabinet app
originally created by Brad Fitzpatrick:
https://github.com/bradfitz/scanningcabinet

Some of it is inspired from the App Engine Go port of Patrick Borgeest:
https://bitbucket.org/pborgeest/nometicland

The data schema is roughly as follows:

-a scan is a permanode, with the node type: "scanningcabinet:scan".
-a scan's camliContent attribute is set to the actual image file.
-a scan also holds the "dateCreated" attribute, as well as the
"document" attribute, which references the document this scan is a part
of (if any).

-a document is a permanode, with the node type: "scanningcabinet:doc".
-a document page, is modeled by the "camliPath:sha1-xxx" = "pageNumber"
relation, where sha1-xxx is the blobRef of a scan.
-a document can also hold the following attributes: "dateCreated",
"tag", "locationText", "title", "startDate", and "paymentDueDate".

Known caveats, in decreasing order of concern:
-the data schema might still change.
-the scancab tool, to actually create and upload the files from physical
documents, is practically untested (since I do not own a scanner).
-some parts, in particular related to searches, are probably
sub-optimized.
-the usual unavoidable bugs.

Change-Id: If6afc509e13f7c21164a3abd276fec075a3813bb
2017-02-15 17:14:45 +01:00
mpl 7291617da7 pkg/server: add share handler prefix to discovery
Change-Id: I5354e3ea375d73d837b5432b63c78a78d1a5bc10
2016-11-10 00:59:19 +01:00
mpl 0016221f8c config/config/dev-server-config.json: fix SourceRoot for publisher
This should have been done with
0367de7b61

Change-Id: Icc7ab39fa0220c757781cc108e5243d4193e78d1
2016-08-30 18:42:14 +02:00
Mathieu Lonjaret 41516af23d Merge "config: used leveldb for the dev server instead of kv" 2016-08-05 14:55:18 +00:00
mpl 120dce4efc config: used leveldb for the dev server instead of kv
Related: issue #779

Change-Id: I97dedc19eb9a4562bdde2ac6dcef7f3d706acd38
2016-08-05 16:53:04 +02:00
mpl 5a10947138 config/dev-server-config.json: fix publisher
This change should have been with
65343d114d , to keep up with the app
handler changes.

It is ok to hardcode 3179 as the server's listen port (even if that is
not the actually chosen port), because the app handler will only use the
host part of the listen address.

Change-Id: Ib0a40a0376680d67a0617f184d5986117c704246
2016-07-19 17:58:47 +02:00
Mathieu Lonjaret d471cba23f Merge "serverinit: enable blobPacked in default config" 2015-12-24 23:28:20 +00:00
mpl afb47c7cd9 devcam server: add syndtr/goleveldb indexer. make it the default.
Change-Id: Ice835d7505404ad9eeaf040d465409bb0e4c420d
2015-07-26 17:53:36 +02:00
mpl 66a5a6176f serverinit: enable blobPacked in default config
Also, devcam server: make loose blobs location consistent with
location on production server.

Change-Id: Ib4314f4b736595c071e710792d2e8ecacebf3a14
2015-07-23 16:43:13 +02:00
Mario Russo 7b1903d5b1 pkg/server: added help handler
- Available at '/help/'
- Loads and parses server config upon init and generates the necessary client config for access
- Links to 'Downloadable Tools' are not functional (task is not yet completed)
- A link was added to the default server page as well as a 'Help' option to the Piggy menu

Issue: #536

Change-Id: I10629de034c908ebc76f6feacbbfca1df7bf1c2b
2015-05-28 10:02:17 +02:00
Fabian Reinartz 76a445a956 pkg/server: decouple sign handler from UI, replace JSON maps with structs
Signhandler was moved from the ui to the root handler and genconfig
adjusted accordingly.
New discovery struct types to replace the JSON maps are defined in
pkg/types/camtypes. The changes are related to Issue #539.

Change-Id: Ib3f12feeaf6fa81107de2d468cab491723e590ae
2015-05-25 09:28:07 +02:00
Brad Fitzpatrick 3e84782750 devcam: always use blobpacked for devcam server
Maybe it can be an option in the future, but for now it's
always on.

Change-Id: I7ec408b145870fc7dcffa42638ebb0daf595982d
2015-02-04 21:02:38 -08:00
Salmān Aljammāz 4e39af1086 Generate self-signed certs with the correct hostname.
This change makes gce/create.go generate a self-signed certificate
with the hostname from the -hostname argument and upload it to GCS
before creating a new camlistore instance.

It also makes camlistored use baseURL to figure out the hostname
when generating its self-signed certificate.

Change-Id: I64f85853dab34a7ce95e5d5997e58f2e5da43496
2014-11-13 15:53:40 +00:00
mpl bb49185463 serverinit: add support for memory-only indexer. Enable in devcam.
To avoid confusion, the previously named "memoryIndex" configuration
parameter, which actually meant to slurp the index into the memory
corpus, has been renamed to "copyIndexToMemory". "memoryIndex" is now
the parameter to enable a memory-only indexer.

http://camlistore.org/issue/416

Change-Id: I7026e5463fda3a1887a88e0b07d4e3431c60c8b7
2014-08-26 22:46:13 +02:00
mpl a34f9e2669 publisher app
http://camlistore.org/issue/365

Change-Id: I281fdcbbe6a2bdf15607e75a21bc93b453f82c85
2014-06-15 00:03:03 +02:00
mpl 173adebc19 Merge "apps: more generic app handler work, to prepare for publisher" 2014-06-10 21:29:01 +00:00
mpl 9723b5c814 apps: more generic app handler work, to prepare for publisher
http://camlistore.org/issue/365

Change-Id: I3c34ba1f09debc3aaaf68ad9fb11b595470b6b5d
2014-06-14 18:36:10 +02:00
Brad Fitzpatrick d5fb600ac2 Better demo setup
Change-Id: I61e55e3773e30332e6a7d3b426090fbe946a2462
2014-06-02 15:55:10 +09:00
mpl 21dda2b4ef app/hello: dummy server application (hello world)
Change-Id: I6690b9459325af5a76d1de679d56701eefdd195e
2014-05-08 22:15:01 +02:00
mpl 291320d451 pkg/index: cleanup, refactor sub pkgs
http://camlistore.org/issue/263

Change-Id: I319bb097f0ce30b2bd5271b5c3bbff92b8dcc318
2014-04-05 01:22:05 +02:00
Brad Fitzpatrick bf2a7b60a3 Importer overhaul. Only Foursquare is currently working.
The rest are currently stubbed out and will need updating
to the new APIs.

Change-Id: I9d70302b3ac1026192413bf9dcd3c8f1eb420349
2014-03-31 10:56:30 -07:00
Nick O'Neill 2d70c95aef Tweet importing with some basic info
Change-Id: I73455eef50dcdc495ddc042d266b3a4a8020c877
2014-03-20 18:57:43 -07:00
Tamás Gulácsi 65fa5d6d3e Picasa: add importer.
Imports all images from all albums, and puts each image in its album.
Each album is linked under "Picasa (<username>)".
Tries to skip already imported files (check based on album/filename).
See Issue #391.

Change-Id: If00751671a429891c05bbe41f59c1421b2ff2de8
2014-03-17 10:52:51 +01:00
mpl 6707837806 pkg/types/serverconfig: json-tagged struct
Also changed the TLS/HTTPS config keys for consistency.

http://camlistore.org/issue/339

Change-Id: I704ec129f91b93ebb20bc1191816166a2f10692d
2014-02-10 21:49:11 +01:00
Brad Fitzpatrick a384ff188d Get rid of CAMLI_DEV_KEYBLOBS / keyblobs / etc.
Fixes camlistore.org/issue/277

Change-Id: I7f380f9d18785f600fa0c442d5a19cd118782788
2014-01-20 13:47:08 -08:00
Brad Fitzpatrick d1f2ae227f Start of Foursquare importer.
Change-Id: I56b0e71a3aad697b82710ebea6fc941436a3c119
2014-01-14 20:45:23 -08:00
Brad Fitzpatrick 48e67cab16 devcam: add --publish=false and --mini option to start a lite server with no blobs
Change-Id: Idcde77f72126800d610c632940552f04c396634d
2014-01-13 20:11:43 -08:00
mpl bf8c463d0a pkg/client: multi servers config
http://camlistore.org/issue/309

Change-Id: I22bbbf6a808a772272f153b2535d693bd986d13a
2014-01-05 23:19:43 -08:00
Aaron Boodman 63ec18c3f3 Make the devcam server search handler honor the secring and identity flags.
Change-Id: I7bfbbc82f9ed429b2fa61c84e8c0d514641444fe
2013-12-28 16:24:28 -08:00
mpl 6e7eacea4a Merge "pkg/client: some cleanup, doc on the website" 2013-12-23 22:31:45 +00:00
mpl 1e8d46ee45 pkg/client: some cleanup, doc on the website
Changed some keys to be consistent with the server config, and removed
some others.

We're now using jsonconfig to get the keys and validate the config.

Removed some unused funcs/methods, moved some global vars as members of a client.

Also, having two possible defaults for the secret keyring
(.config/camlistore/identity-secring.gpg and .gnupg/secring.gpg)
was annoying and confusing imho, so I removed the latter.

http://camlistore.org/issue/259

Change-Id: Icf79fa8822b62b5d91843698861dd19cb553607a
2013-12-23 20:23:21 +01:00
Brad Fitzpatrick 5c5666d037 Thumbnail cleanups and let the meta map persist on disk with a sorted.KeyValue
Previously, every time you restarted the server, it forgot about all
thumbnails previously generated.  (in practice it didn't/doesn't
matter with a single user, though, since they're still cached in the
browser and we always reply to If-Modified-Since immediately without
checking the cache)  But it'll matter more with the Publish handler.

Also, rename some stuff, clean up some stuff, drop an unused interface.

And then necessarily change the serverconfig low-level generator to use
a kvfile for the thumbmeta map when using local disk for blobs.

--

Change-Id: I4dcfcb21429a440aa118794c03f7abf7bd69c33b
2013-12-14 09:37:56 -08:00
Brad Fitzpatrick bf54591e8d Remove the memIndex option from genconfig and devcam; default memoryIndex to on.
We had the legacy "memIndex" option to put the Camlistore index in
memory (the leveldb memdb) as an option in genconfig called
"memIndex", and we also had an option called "memoryIndex" for whether
to slurp the on-disk index to memory on start-up.  Too confusing!

Instead, delete "memIndex" (since it's not the default anyway, now
that we have kv).

Then, also (the original point of this change): default the
memoryIndex option to true, so search works for people by default.
This option might go away in the future if it becomes the only required
way.

Also, document this.

Change-Id: Iddffa6e19adbf09c5aacd063aa44de362d90633b
2013-12-11 12:20:22 +04:00
Brad Fitzpatrick f544114844 Fix diskpacked regression, add tests, start of storagetest.
Regressed from rev cb6f423e. Eventually pkg storagetest should test all methods of blobserver.Storage
for all storage target types.

Change-Id: I2c1c93b76fd9280a3eb429b1d71c64a693ed1ace
2013-11-30 13:06:04 -08:00
Brad Fitzpatrick 9261c9b303 dev-server-config: no longer need to replicate to a sync. the sync subscribes to its source.
Change-Id: I7734f47f039cbdd40fcb672ba60d6a2488b42bdc
2013-11-24 17:11:40 -08:00
Brad Fitzpatrick 62fbbb61a0 encrypt: use key metaIndex for index, not meta; that was used. fixes devcam server.
Change-Id: I483c696dcc3402537bec136f8847c17767760b3b
2013-11-23 11:11:05 -08:00
Brad Fitzpatrick cfd02e6c89 Fix dev server config's root storage's fetch/stat.
Don't want to read from the indexer or a async target.

Change-Id: I72831a6ce3fba6e005c71c3e8ac73557cd268c34
2013-11-22 22:50:40 -08:00
Brad Fitzpatrick 70475701d1 Get rid of QueueCreator and all its associated complexity.
Previous TODO entry was:

-- Get rid of QueueCreator entirely. Plan:
     -- sync handler still has a source and dest (one pair) but
        instead of calling CreateQueue on the source, it instead
        has an index.Storage (configured via a RequiredObject
        so it can be a kvfile, leveldb, mysql, postgres etc)
     -- make all the index.Storage types be instantiable
        from a jsonconfig Object, perhaps with constructors keyed
        on a "type" field.
     -- make sync handler support blobserver.Receiver (or StatReceiver)
        like indexes, so it can receive blobs.  but all it needs to
        do to acknowledge the ReceiveBlob is write and flush to its
        index.Storage. the syncing is async by default. (otherwise callers
        could just use "replica" if they wanted sync replication).
        But maybe for ease of configuration switching, we could also
        support a sync mode.  when it needs to replicate a blob,
        it uses the source.
     -- future option: sync mirror to an alternate path on ReceiveBlob
        that can delete. e.g. you're uploading to s3 and google,
        but don't want to upload to both at once, so you use the localdisk
        as a buffer to spread out your upstream bandwidth.
     -- end result: no more hardlinks or queue creator.

Change-Id: I6244fc4f3a655f08470ae3160502659399f468ed
2013-11-22 14:33:31 -08:00
Aaron Boodman 93b0bbbee5 Flickr importer: store credentials in Camlistore, not weird JSON file.
Change-Id: I07ed4e9043c9fa448425144886dc3b7047c4e85b
2013-11-22 09:50:03 -08:00
mpl f8b41e236e Merge "server/publish.go: use go html template for publishing" 2013-11-19 22:22:17 +00:00
mpl a6aeff034c server/publish.go: use go html template for publishing
Change-Id: Ic1c55d35e52e407864d339927b453de58a64e03c
2013-11-19 17:50:26 +01:00