route/internal/database/boltdb.go

305 lines
7.1 KiB
Go
Raw Normal View History

package database
import (
"time"
2017-04-29 02:47:24 +00:00
"github.com/Xe/ln"
"github.com/Xe/uuid"
"github.com/asdine/storm"
"github.com/brandur/simplebox"
2017-04-29 02:47:24 +00:00
"github.com/pkg/errors"
"golang.org/x/net/context"
)
// Database errors
var (
ErrNotImplemented = errors.New("database: not implemented")
ErrInvalidKind = errors.New("database: invalid route kind")
2017-04-29 02:47:24 +00:00
ErrRouteAlreadyExists = errors.New("database: route already exists")
ErrTokenAleradyExists = errors.New("database: token already exists")
ErrNoSuchRoute = errors.New("database: no such route")
ErrNoSuchToken = errors.New("database: no such token")
ErrCantDecryptCert = errors.New("database: can't decrypt cert")
ErrUnknownCryptMethod = errors.New("database: unknown encryption method")
2017-04-29 02:47:24 +00:00
ErrUnknown = errors.New("database: unknown error")
)
// BoltDBStorage is a backend that uses https://github.com/boltdb/bolt to store
// route data.
type BoltDBStorage struct {
db *storm.DB
sb *simplebox.SimpleBox
cs *boltCertificateStorage
rs *boltRouteStorage
ts *boltTokenStorage
}
type boltCertificateStorage struct {
*BoltDBStorage
}
type boltRouteStorage struct {
*BoltDBStorage
}
type boltTokenStorage struct {
*BoltDBStorage
}
// NewBoltStorage creates a new Storage instance backed by BoltDB + Storm.
func NewBoltStorage(path string, key *[32]byte) (Storage, error) {
db, err := storm.Open(path)
if err != nil {
return nil, err
}
b := &BoltDBStorage{
db: db,
sb: simplebox.NewFromSecretKey(key),
}
b.cs = &boltCertificateStorage{b}
b.rs = &boltRouteStorage{b}
b.ts = &boltTokenStorage{b}
return Storage(b), nil
}
// Certs gets the certificate storage interface.
func (b *BoltDBStorage) Certs() Certs { return b.cs }
// Routes gets the route storage interface.
func (b *BoltDBStorage) Routes() Routes { return b.rs }
// Tokens gets the token storage interface.
func (b *BoltDBStorage) Tokens() Tokens { return b.ts }
// Close cleans up resources for this Storage.
func (b *BoltDBStorage) Close() error { return b.db.Close() }
// interface compliance
var (
_ Storage = &BoltDBStorage{}
_ Certs = &boltCertificateStorage{}
_ Routes = &boltRouteStorage{}
_ Tokens = &boltTokenStorage{}
)
func (b *boltRouteStorage) Get(ctx context.Context, id string) (Route, error) {
2017-12-03 02:16:37 +00:00
return b.getRouteBy(ctx, "ID", id)
}
func (b *boltRouteStorage) GetHost(ctx context.Context, id string) (Route, error) {
2017-12-03 02:16:37 +00:00
return b.getRouteBy(ctx, "Hostname", id)
}
// getRouteBy gets a single route out of the database by a given field data.
func (b *boltRouteStorage) getRouteBy(ctx context.Context, match, val string) (Route, error) {
r := Route{}
2017-12-03 02:16:37 +00:00
err := b.db.One(match, val, &r)
2017-04-29 02:47:24 +00:00
if err != nil {
2017-12-03 02:18:02 +00:00
ln.Error(ctx, err, ln.Action("get route"), ln.F{"match": match, "val": val})
2017-04-29 02:47:24 +00:00
switch err {
case storm.ErrNotFound:
2017-04-29 02:51:49 +00:00
return Route{}, errors.Wrapf(err, "%v", ErrNoSuchRoute)
case storm.ErrAlreadyExists:
return Route{}, errors.Wrapf(err, "%v", ErrRouteAlreadyExists)
2017-04-29 02:47:24 +00:00
default:
2017-04-29 02:51:49 +00:00
return Route{}, errors.Wrapf(err, "%v", ErrUnknown)
2017-04-29 02:47:24 +00:00
}
}
return r, nil
}
// GetAll gets all routes out of the database for a given user by username.
func (b *boltRouteStorage) GetAll(ctx context.Context, user string) ([]Route, error) {
rs := []Route{}
err := b.db.All(&rs)
return rs, err
}
// Put creates a new route in the database.
func (b *boltRouteStorage) Put(ctx context.Context, r Route) (Route, error) {
if r.ID == "" {
r.ID = uuid.New()
}
err := b.db.Save(&r)
if err != nil {
return Route{}, err
}
2017-04-29 05:58:08 +00:00
defer b.db.Commit()
ln.Log(ctx, r, ln.Action("new route created in database"))
2017-04-29 05:58:08 +00:00
return r, err
}
// Delete removes a route from the database.
func (b *boltRouteStorage) Delete(ctx context.Context, inp Route) (Route, error) {
r := Route{}
err := b.db.One("ID", inp.ID, &r)
if err != nil {
return r, err
}
2017-04-29 05:58:08 +00:00
defer b.db.Commit()
ln.Log(ctx, r, ln.Action("route deleted from database"))
return r, b.db.DeleteStruct(&r)
}
// GetBody fetches a token from the database. This is mainly used in validation
// of tokens.
func (b *boltTokenStorage) GetBody(ctx context.Context, token string) (Token, error) {
t := Token{}
err := b.db.One("Body", token, &t)
return t, err
}
// Get fetches a token by a given token ID.
func (b *boltTokenStorage) Get(ctx context.Context, id string) (Token, error) {
2017-04-29 02:47:24 +00:00
t := Token{}
err := b.db.One("ID", id, &t)
if err != nil {
switch err {
case storm.ErrNotFound:
return Token{}, ErrNoSuchToken
default:
return Token{}, err
}
}
return t, nil
}
// GetAll fetches all of the tokens owned by a given owner.
func (b *boltTokenStorage) GetAll(ctx context.Context, owner string) ([]Token, error) {
ts := []Token{}
err := b.db.Find("Owner", owner, &ts)
return ts, err
}
// Put adds a new token to the database.
func (b *boltTokenStorage) Put(ctx context.Context, t Token) (Token, error) {
if t.ID == "" {
t.ID = uuid.New()
t.CreatedAt = time.Now()
t.Active = true
t.Body = uuid.New()
}
err := b.db.Save(&t)
if err != nil {
return Token{}, err
}
2017-04-29 05:58:08 +00:00
defer b.db.Commit()
ln.Log(ctx, t, ln.Action("new token put into database"))
return t, nil
}
// Delete removes a token from the database.
func (b *boltTokenStorage) Delete(ctx context.Context, id string) (Token, error) {
t := Token{}
err := b.db.One("ID", id, &t)
if err != nil {
return t, err
}
ln.Log(ctx, t, ln.Action("token deleted from database"))
return t, b.db.DeleteStruct(&t)
}
// DeleteExpired deletes all expired tokens.
func (b *boltTokenStorage) DeleteExpired(ctx context.Context) error {
return errors.New("not implemented")
}
// GetAll fetches all certificates and returns their DECRYPTED BODIES to the caller.
// This is intended for usage in migration tools only.
func (b *boltCertificateStorage) GetAll(ctx context.Context) ([]CachedCert, error) {
var cc []CachedCert
err := b.db.All(&cc)
if err != nil {
return nil, err
}
var result []CachedCert
for _, c := range cc {
r := CachedCert{
Key: c.Key,
}
r.Body, err = b.sb.Decrypt(c.Body)
if err != nil {
return nil, err
}
result = append(result, r)
}
return result, nil
}
// Get fetches a TLS certificate from the database.
func (b *boltCertificateStorage) Get(ctx context.Context, key string) ([]byte, error) {
cc := CachedCert{}
err := b.db.One("Key", key, &cc)
if err != nil {
return nil, err
}
var body []byte
if b.sb == nil {
return nil, ErrCantDecryptCert
}
body, err = b.sb.Decrypt(cc.Body)
if err != nil {
return nil, err
}
return body, nil
}
// Put adds a new TLS certificate to the database.
func (b *boltCertificateStorage) Put(ctx context.Context, key string, data []byte) error {
cc := CachedCert{
Key: key,
Body: data,
}
if b.sb != nil {
cc.Body = b.sb.Encrypt(data)
}
2017-04-29 05:58:08 +00:00
defer b.db.Commit()
ln.Log(ctx, ln.Action("certificate saved to database"), ln.F{"domain": key})
return b.db.Save(&cc)
}
// Delete removes a certificate from the database.
func (b *boltCertificateStorage) Delete(ctx context.Context, key string) error {
cc := CachedCert{}
err := b.db.One("Key", key, &cc)
if err != nil {
return err
}
2017-04-29 05:58:08 +00:00
defer b.db.Commit()
ln.Log(ctx, ln.F{"domain": key}, ln.Action("certificate deleted from database"))
return b.db.DeleteStruct(&cc)
}