etesync/django_etebase/models.py

# Copyright © 2017 Tom Hacohen
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, version 3.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

from pathlib import Path

from django.db import models, transaction
from django.conf import settings
from django.core.validators import RegexValidator
from django.db.models import Q
from django.utils.functional import cached_property
from django.utils.crypto import get_random_string


UidValidator = RegexValidator(regex=r'^[a-zA-Z0-9\-_]{20,}$', message='Not a valid UID')


class Collection(models.Model):
    main_item = models.ForeignKey('CollectionItem', related_name='parent', null=True, on_delete=models.SET_NULL)
    owner = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)

    def __str__(self):
        return self.uid

    @cached_property
    def uid(self):
        return self.main_item.uid

    @property
    def content(self):
        return self.main_item.content

    @property
    def etag(self):
        return self.content.uid

    @cached_property
    def stoken(self):
        stoken = Stoken.objects.filter(
            Q(collectionitemrevision__item__collection=self) | Q(collectionmember__collection=self)
        ).order_by('id').last()

        if stoken is None:
            raise Exception('stoken is None. Should never happen')

        return stoken.uid


class CollectionItem(models.Model):
    uid = models.CharField(db_index=True, blank=False,
                           max_length=43, validators=[UidValidator])
    collection = models.ForeignKey(Collection, related_name='items', on_delete=models.CASCADE)
    version = models.PositiveSmallIntegerField()
    encryptionKey = models.BinaryField(editable=True, blank=False, null=True)

    class Meta:
        unique_together = ('uid', 'collection')

    def __str__(self):
        return '{} {}'.format(self.uid, self.collection.uid)

    @cached_property
    def content(self):
        return self.revisions.get(current=True)

    @property
    def etag(self):
        return self.content.uid


def chunk_directory_path(instance, filename):
    item = instance.item
    col = item.collection
    user_id = col.owner.id
    return Path('user_{}'.format(user_id), col.uid, item.uid, instance.uid)


class CollectionItemChunk(models.Model):
    uid = models.CharField(db_index=True, blank=False, null=False,
                           max_length=60, validators=[UidValidator])
    item = models.ForeignKey(CollectionItem, related_name='chunks', on_delete=models.CASCADE)
    chunkFile = models.FileField(upload_to=chunk_directory_path, max_length=150, unique=True)

    def __str__(self):
        return self.uid


def generate_stoken_uid():
    return get_random_string(32, allowed_chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_')


class Stoken(models.Model):
    uid = models.CharField(db_index=True, unique=True, blank=False, null=False, default=generate_stoken_uid,
                           max_length=43, validators=[UidValidator])


class CollectionItemRevision(models.Model):
    stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT)
    uid = models.CharField(db_index=True, unique=True, blank=False, null=False,
                           max_length=43, validators=[UidValidator])
    item = models.ForeignKey(CollectionItem, related_name='revisions', on_delete=models.CASCADE)
    meta = models.BinaryField(editable=True, blank=False, null=False)
    current = models.BooleanField(db_index=True, default=True, null=True)
    deleted = models.BooleanField(default=False)

    class Meta:
        unique_together = ('item', 'current')

    def __str__(self):
        return '{} {} current={}'.format(self.uid, self.item.uid, self.current)


class RevisionChunkRelation(models.Model):
    chunk = models.ForeignKey(CollectionItemChunk, related_name='revisions_relation', on_delete=models.CASCADE)
    revision = models.ForeignKey(CollectionItemRevision, related_name='chunks_relation', on_delete=models.CASCADE)

    class Meta:
        ordering = ('id', )


class AccessLevels(models.TextChoices):
    ADMIN = 'adm'
    READ_WRITE = 'rw'
    READ_ONLY = 'ro'


class CollectionMember(models.Model):
    stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT, null=True)
    collection = models.ForeignKey(Collection, related_name='members', on_delete=models.CASCADE)
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
    encryptionKey = models.BinaryField(editable=True, blank=False, null=False)
    accessLevel = models.CharField(
        max_length=3,
        choices=AccessLevels.choices,
        default=AccessLevels.READ_ONLY,
    )

    class Meta:
        unique_together = ('user', 'collection')

    def __str__(self):
        return '{} {}'.format(self.collection.uid, self.user)

    def revoke(self):
        with transaction.atomic():
            CollectionMemberRemoved.objects.update_or_create(
                collection=self.collection, user=self.user,
                defaults={
                    'stoken': Stoken.objects.create(),
                },
            )

            self.delete()


class CollectionMemberRemoved(models.Model):
    stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT, null=True)
    collection = models.ForeignKey(Collection, related_name='removed_members', on_delete=models.CASCADE)
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)

    class Meta:
        unique_together = ('user', 'collection')

    def __str__(self):
        return '{} {}'.format(self.collection.uid, self.user)


class CollectionInvitation(models.Model):
    uid = models.CharField(db_index=True, blank=False, null=False,
                           max_length=43, validators=[UidValidator])
    version = models.PositiveSmallIntegerField(default=1)
    fromMember = models.ForeignKey(CollectionMember, on_delete=models.CASCADE)
    # FIXME: make sure to delete all invitations for the same collection once one is accepted
    # Make sure to not allow invitations if already a member

    user = models.ForeignKey(settings.AUTH_USER_MODEL, related_name='incoming_invitations', on_delete=models.CASCADE)
    signedEncryptionKey = models.BinaryField(editable=False, blank=False, null=False)
    accessLevel = models.CharField(
        max_length=3,
        choices=AccessLevels.choices,
        default=AccessLevels.READ_ONLY,
    )

    class Meta:
        unique_together = ('user', 'fromMember')

    def __str__(self):
        return '{} {}'.format(self.fromMember.collection.uid, self.user)

    @cached_property
    def collection(self):
        return self.fromMember.collection


class UserInfo(models.Model):
    owner = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, primary_key=True)
    version = models.PositiveSmallIntegerField(default=1)
    loginPubkey = models.BinaryField(editable=True, blank=False, null=False)
    pubkey = models.BinaryField(editable=True, blank=False, null=False)
    encryptedContent = models.BinaryField(editable=True, blank=False, null=False)
    salt = models.BinaryField(editable=True, blank=False, null=False)

    def __str__(self):
        return "UserInfo<{}>".format(self.owner)
Create the django_etesync app. 5 years ago			`# Copyright © 2017 Tom Hacohen`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as`
			`# published by the Free Software Foundation, version 3.`
			`#`
			`# This library is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

Merge item snapshot and item to be one model. 5 years ago			`from pathlib import Path`

Collection membership: implement leaving/revoking access. 5 years ago			`from django.db import models, transaction`
Create the django_etesync app. 5 years ago			`from django.conf import settings`
			`from django.core.validators import RegexValidator`
Collections: use the member stokens for filtering based on stoken While at it, also generalised the stoken handling to be generic and extendible. 5 years ago			`from django.db.models import Q`
Create the django_etesync app. 5 years ago			`from django.utils.functional import cached_property`
Change to standalone stoken objects (+ small optimisation). Makes it possible to now generate Stokens as we need so we can add them to non-revision objects, for example, membership changes. We also slightly improved how we filter by revs. 5 years ago			`from django.utils.crypto import get_random_string`
Create the django_etesync app. 5 years ago

Merge the uidvalidator with the base64url validator and set a min length. 4 years ago			`UidValidator = RegexValidator(regex=r'^[a-zA-Z0-9\-_]{20,}$', message='Not a valid UID')`
Create the django_etesync app. 5 years ago

			`class Collection(models.Model):`
Collection: change collections to be an extension of items Each collection now has an item and the item's UID is the collections UID. This lets us manipulate collections just like items, and as part of transactions. This is significant because it lets us change them as part of transactions! 4 years ago			`main_item = models.ForeignKey('CollectionItem', related_name='parent', null=True, on_delete=models.SET_NULL)`
Create the django_etesync app. 5 years ago			`owner = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)`

			`def __str__(self):`
			`return self.uid`

Collection remove the redundant mainItem model attr. 5 years ago			`@cached_property`
Collection: change collections to be an extension of items Each collection now has an item and the item's UID is the collections UID. This lets us manipulate collections just like items, and as part of transactions. This is significant because it lets us change them as part of transactions! 4 years ago			`def uid(self):`
			`return self.main_item.uid`
Collection remove the redundant mainItem model attr. 5 years ago
Split cstoken and stoken to be different concepts The stokens are really just integrity checks for items, and are really just tied to what revision we expected to have first what we have. So we will rename stoken to lastRev or something, and have them completely separate. A partial revert of e22a49f982046e875d4e1c5007a91353527d7a0f 5 years ago			`@property`
Collection: add content support. 5 years ago			`def content(self):`
Collection remove the redundant mainItem model attr. 5 years ago			`return self.main_item.content`
Collection: add content support. 5 years ago
Make sure to always return fresh stokens. 5 years ago			`@property`
Rename stoken to etag and cstoken to stoken. This conforms better with what people know from HTTP and properly differentiates from CSToken which is now renamed to stoken. 5 years ago			`def etag(self):`
Split cstoken and stoken to be different concepts The stokens are really just integrity checks for items, and are really just tied to what revision we expected to have first what we have. So we will rename stoken to lastRev or something, and have them completely separate. A partial revert of e22a49f982046e875d4e1c5007a91353527d7a0f 5 years ago			`return self.content.uid`
Collection: fix stoken and add cstoken for the collection token. 5 years ago
			`@cached_property`
Rename stoken to etag and cstoken to stoken. This conforms better with what people know from HTTP and properly differentiates from CSToken which is now renamed to stoken. 5 years ago			`def stoken(self):`
Collections: use the member stokens for filtering based on stoken While at it, also generalised the stoken handling to be generic and extendible. 5 years ago			`stoken = Stoken.objects.filter(`
			`Q(collectionitemrevision__item__collection=self) \| Q(collectionmember__collection=self)`
			`).order_by('id').last()`
Collection: move stoken to the model. 5 years ago
Collections: use the member stokens for filtering based on stoken While at it, also generalised the stoken handling to be generic and extendible. 5 years ago			`if stoken is None:`
			`raise Exception('stoken is None. Should never happen')`

			`return stoken.uid`
Collection: move stoken to the model. 5 years ago
More progress. 5 years ago
Create the django_etesync app. 5 years ago			`class CollectionItem(models.Model):`
Items must have a uid now (not null). This is due to the previous change. 4 years ago			`uid = models.CharField(db_index=True, blank=False,`
Uid: Change how validation is done. 5 years ago			`max_length=43, validators=[UidValidator])`
Merge item snapshot and item to be one model. 5 years ago			`collection = models.ForeignKey(Collection, related_name='items', on_delete=models.CASCADE)`
CollectionItem: move version and encryption key to the item itself. 5 years ago			`version = models.PositiveSmallIntegerField()`
Collection: add content support. 5 years ago			`encryptionKey = models.BinaryField(editable=True, blank=False, null=True)`
Create the django_etesync app. 5 years ago
			`class Meta:`
			`unique_together = ('uid', 'collection')`

			`def __str__(self):`
Collection: add content support. 5 years ago			`return '{} {}'.format(self.uid, self.collection.uid)`
Create the django_etesync app. 5 years ago
More progress. 5 years ago			`@cached_property`
			`def content(self):`
Rename Snapshot to Revision 5 years ago			`return self.revisions.get(current=True)`
Create the django_etesync app. 5 years ago
Make sure to always return fresh stokens. 5 years ago			`@property`
Rename stoken to etag and cstoken to stoken. This conforms better with what people know from HTTP and properly differentiates from CSToken which is now renamed to stoken. 5 years ago			`def etag(self):`
Split cstoken and stoken to be different concepts The stokens are really just integrity checks for items, and are really just tied to what revision we expected to have first what we have. So we will rename stoken to lastRev or something, and have them completely separate. A partial revert of e22a49f982046e875d4e1c5007a91353527d7a0f 5 years ago			`return self.content.uid`
Collection items: add a transaction endpoint. 5 years ago
Create the django_etesync app. 5 years ago
More progress - support chunk uploading. 5 years ago			`def chunk_directory_path(instance, filename):`
			`item = instance.item`
			`col = item.collection`
			`user_id = col.owner.id`
Chunk upload: item.uid can never be None so use it directly. 4 years ago			`return Path('user_{}'.format(user_id), col.uid, item.uid, instance.uid)`
More progress - support chunk uploading. 5 years ago

Create the django_etesync app. 5 years ago			`class CollectionItemChunk(models.Model):`
			`uid = models.CharField(db_index=True, blank=False, null=False,`
Allow chunk UIDs to be longer. 4 years ago			`max_length=60, validators=[UidValidator])`
More progress. 5 years ago			`item = models.ForeignKey(CollectionItem, related_name='chunks', on_delete=models.CASCADE)`
Make sure we don't upload the same file twice. 5 years ago			`chunkFile = models.FileField(upload_to=chunk_directory_path, max_length=150, unique=True)`
Create the django_etesync app. 5 years ago
			`def __str__(self):`
			`return self.uid`
More progress. 5 years ago

Change to standalone stoken objects (+ small optimisation). Makes it possible to now generate Stokens as we need so we can add them to non-revision objects, for example, membership changes. We also slightly improved how we filter by revs. 5 years ago			`def generate_stoken_uid():`
			`return get_random_string(32, allowed_chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_')`


			`class Stoken(models.Model):`
			`uid = models.CharField(db_index=True, unique=True, blank=False, null=False, default=generate_stoken_uid,`
Merge the uidvalidator with the base64url validator and set a min length. 4 years ago			`max_length=43, validators=[UidValidator])`
Change to standalone stoken objects (+ small optimisation). Makes it possible to now generate Stokens as we need so we can add them to non-revision objects, for example, membership changes. We also slightly improved how we filter by revs. 5 years ago

Rename Snapshot to Revision 5 years ago			`class CollectionItemRevision(models.Model):`
Change to standalone stoken objects (+ small optimisation). Makes it possible to now generate Stokens as we need so we can add them to non-revision objects, for example, membership changes. We also slightly improved how we filter by revs. 5 years ago			`stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT)`
Revision: add a proper uid for revisions (which we also use for sync tag). 5 years ago			`uid = models.CharField(db_index=True, unique=True, blank=False, null=False,`
Merge the uidvalidator with the base64url validator and set a min length. 4 years ago			`max_length=43, validators=[UidValidator])`
Rename Snapshot to Revision 5 years ago			`item = models.ForeignKey(CollectionItem, related_name='revisions', on_delete=models.CASCADE)`
Make meta not-null. 5 years ago			`meta = models.BinaryField(editable=True, blank=False, null=False)`
Collection Item Revision: dissalow blank for the current field. 5 years ago			`current = models.BooleanField(db_index=True, default=True, null=True)`
Collection item: rename isDeletion to deleted 5 years ago			`deleted = models.BooleanField(default=False)`
More progress. 5 years ago
			`class Meta:`
			`unique_together = ('item', 'current')`

			`def __str__(self):`
Revision: add a proper uid for revisions (which we also use for sync tag). 5 years ago			`return '{} {} current={}'.format(self.uid, self.item.uid, self.current)`
Collection: implement collection membership. 5 years ago

Change how we handle chunk ordering (and relation). 5 years ago			`class RevisionChunkRelation(models.Model):`
			`chunk = models.ForeignKey(CollectionItemChunk, related_name='revisions_relation', on_delete=models.CASCADE)`
			`revision = models.ForeignKey(CollectionItemRevision, related_name='chunks_relation', on_delete=models.CASCADE)`

			`class Meta:`
			`ordering = ('id', )`


Add a viewset to control collection membership. 5 years ago			`class AccessLevels(models.TextChoices):`
			`ADMIN = 'adm'`
			`READ_WRITE = 'rw'`
			`READ_ONLY = 'ro'`

Collection: implement collection membership. 5 years ago
Add a viewset to control collection membership. 5 years ago			`class CollectionMember(models.Model):`
CollectionMember: add stokens when we create/change the member. 5 years ago			`stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT, null=True)`
Collection: implement collection membership. 5 years ago			`collection = models.ForeignKey(Collection, related_name='members', on_delete=models.CASCADE)`
			`user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)`
			`encryptionKey = models.BinaryField(editable=True, blank=False, null=False)`
			`accessLevel = models.CharField(`
			`max_length=3,`
			`choices=AccessLevels.choices,`
			`default=AccessLevels.READ_ONLY,`
			`)`

			`class Meta:`
			`unique_together = ('user', 'collection')`

			`def __str__(self):`
			`return '{} {}'.format(self.collection.uid, self.user)`
Implement a ZKPP login flow. 5 years ago
Collection membership: implement leaving/revoking access. 5 years ago			`def revoke(self):`
			`with transaction.atomic():`
			`CollectionMemberRemoved.objects.update_or_create(`
			`collection=self.collection, user=self.user,`
			`defaults={`
			`'stoken': Stoken.objects.create(),`
			`},`
			`)`

			`self.delete()`


			`class CollectionMemberRemoved(models.Model):`
			`stoken = models.OneToOneField(Stoken, on_delete=models.PROTECT, null=True)`
			`collection = models.ForeignKey(Collection, related_name='removed_members', on_delete=models.CASCADE)`
			`user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)`

			`class Meta:`
			`unique_together = ('user', 'collection')`

			`def __str__(self):`
			`return '{} {}'.format(self.collection.uid, self.user)`

Implement a ZKPP login flow. 5 years ago
Collection invitation: implement creating and manipulating collections invitations. 5 years ago			`class CollectionInvitation(models.Model):`
			`uid = models.CharField(db_index=True, blank=False, null=False,`
Merge the uidvalidator with the base64url validator and set a min length. 4 years ago			`max_length=43, validators=[UidValidator])`
Collection invitation: implement creating and manipulating collections invitations. 5 years ago			`version = models.PositiveSmallIntegerField(default=1)`
			`fromMember = models.ForeignKey(CollectionMember, on_delete=models.CASCADE)`
			`# FIXME: make sure to delete all invitations for the same collection once one is accepted`
Incoming invitations: implement incoming invitations and accepting them 5 years ago			`# Make sure to not allow invitations if already a member`
Collection invitation: implement creating and manipulating collections invitations. 5 years ago
			`user = models.ForeignKey(settings.AUTH_USER_MODEL, related_name='incoming_invitations', on_delete=models.CASCADE)`
			`signedEncryptionKey = models.BinaryField(editable=False, blank=False, null=False)`
			`accessLevel = models.CharField(`
			`max_length=3,`
			`choices=AccessLevels.choices,`
			`default=AccessLevels.READ_ONLY,`
			`)`

			`class Meta:`
			`unique_together = ('user', 'fromMember')`

			`def __str__(self):`
			`return '{} {}'.format(self.fromMember.collection.uid, self.user)`

Incoming invitations: implement incoming invitations and accepting them 5 years ago			`@cached_property`
			`def collection(self):`
			`return self.fromMember.collection`

Collection invitation: implement creating and manipulating collections invitations. 5 years ago
Implement a ZKPP login flow. 5 years ago			`class UserInfo(models.Model):`
			`owner = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, primary_key=True)`
			`version = models.PositiveSmallIntegerField(default=1)`
Rename pubkey to loginPubkey because we'll soon have another pubkey. This breaks sharing because we no longer have a normal pubkey. This will be fixed in the next commit. 5 years ago			`loginPubkey = models.BinaryField(editable=True, blank=False, null=False)`
Add a separate pubkey/privatekey for sharing. It's separated from the login one so that encryption key and identity can be rotated separately. 5 years ago			`pubkey = models.BinaryField(editable=True, blank=False, null=False)`
Rename encryptedSeckey to encryptedContent. 4 years ago			`encryptedContent = models.BinaryField(editable=True, blank=False, null=False)`
Implement a ZKPP login flow. 5 years ago			`salt = models.BinaryField(editable=True, blank=False, null=False)`

			`def __str__(self):`
			`return "UserInfo<{}>".format(self.owner)`