trustbloc / edge-core Goto Github PK
View Code? Open in Web Editor NEWShared libraries
License: Apache License 2.0
Shared libraries
License: Apache License 2.0
This will be used in the EDV project so that it can avoid recreating indices unnecessarily.
When a document is deleted, couchDB does a soft delete and marks it at 'deleted'. If we attempt to fetch the deleted document with its ID, an error "Not Found: deleted"
is thrown.
Currently, we do not take this into account when we check for errors from the getRevID() call which does not allow deleted docs to be recreated.
CouchDB is on version 3 now. Update Kivik, tests, etc and anything else that might need updating to support CouchDB 3. One notable change is that they got rid of "Admin Party mode", so some tweaks will need to be made to the tests as currently there isn't a proper admin user set up.
If the user sets ErrGet
on this store then the store's Get()
operation should immediately return with that error.
edge-core/pkg/storage/mockstore/mockstore.go
Lines 86 to 96 in 9c16791
edge-core/pkg/utils/cmd/util.go
Lines 34 to 35 in a790ef1
The CouchDB store always uses Context.Background(). Change this so that the context is specified by the caller somehow.
This issue was created from #7 (comment)
The CouchDB storage provider's NewProvider()
constructor does not perform a smoke test to see if CouchDB is actually ready to be used.
Warning: using the kivik client's Ping()
method is not enough because that just queries the _up
endpoint, which doesn't guarantee the calls to create databases will succeed. PR hyperledger-archives/aries-framework-go#2180 took the approach of querying for the existence of the _users
database as a proxy to determine whether the CouchDB database is ready for use.
This will support the functionality described in trustbloc/edv#49
Two reasons:
part of #75
I believe there's an SQL injection attack possibility here that needs to be addressed...unless this is somehow handled by the underlying library already. I found an article here that looks helpful: https://www.calhoun.io/what-is-sql-injection-and-how-do-i-avoid-it-in-go/
^ It describes how to avoid injection attacks via escaping (so you can still have your parameterized table name). Not sure if they're using the same library as you, but I assume there should be an equivalent if your library is different
A custom logger has its own logging levels and mechanisms to initialize those levels, so a custom logger should not have to use the logging levels defined in edge-core.
we will use https://github.com/igor-pavlenko/httpsignatures-go instead
In addition to the non-persistent simple database from trustbloc/edge-store#27, we need a real CouchDB implementation.
This will be useful for edv.
Support both Shamir secret sharing for use when splitting a secret.
The CouchDB provider type keeps a local cache of CouchDBStore objects. If a client calls provider.OpenStore(), the method checks to see if the store already exists in the local cache so it doesn't have to do another network call, which should save time. When closing a store via the provider, this store will be removed from the local cache.
However, if the underlying database in CouchDB is removed by an external force, then that cache will be out of date and OpenStore will return a CouchDBStore object that will fail consistently. provider.CreateStore() would need to be called again to make that CouchDBStore object functional again, or alternatively a new Provider object could just be created.
Is this ok?
Many projects can benefit from having the docker utility used in BDD tests implemented in this project and then reused.
Here is one example of the utility I'm referring to.
Users may see this error after operating the mysql
store for a while.
A likely cause of this problem is the implementation's use of the MySQL USE
statement: it only applies to the connection in which it is executed.
Golang's sql/DB
manages a pool of connections. Executing USE
in one of them does not affect the rest. Also, connections in pools may be recycled after MySQL closes the connection due to idleness.
The implementation needs to ensure USE
is ran on each connection that will be used to write or read data.
Related: trustbloc/adapter#295
I've been forced to update golangci-lint while working on #75 (because http.Request.Header.Value
does not exist in whatever go version is shipped with golangci-lint 1.21) and found these errors:
pkg/storage/mysql/mysqlstore.go:166:30: rows.Err must be checked (rowserrcheck)
rows, err := newDBConn.Query(
^
pkg/storage/mysql/mysqlstore.go:318:31: rows.Err must be checked (rowserrcheck)
resultRows, err := s.db.Query(findQuery)
^
pkg/storage/mysql/mysqlstore.go:388:30: rows.Err must be checked (rowserrcheck)
rows, err := indexStmt.Query(s.tableName)
^
pkg/storage/mysql/mysqlstore.go:383:32: Rows/Stmt was not closed (sqlclosecheck)
indexStmt, err := s.db.Prepare(getIndexStmt)
This task is a followup to fix these linting issues.
see: https://github.com/trustbloc/edge-core/blob/master/go.mod#L10
(and associated imports)
should be github.com/cenkalti/backoff/v4
Port the logging utility from Aries over to Trustbloc: https://github.com/hyperledger/aries-framework-go/blob/master/pkg/common/log/logger.go
part of #75
Need to serialize CapabilityDelegation properly as JSON-LD documents before proof verification.
part of #75
spec: https://w3c-ccg.github.io/zcap-ld/
some examples: https://github.com/decentralized-identity/secure-data-store/issues/113
Known spec issues:
Would be good to have a Delete()
method on the store interface.
Use case: transient storage, where a state machine needs to delete state to ensure a particular instance of the machine proceed properly on towards the next state.
part of #75
We need to validate the proof on the zcap-ld tokens.
It would be nice to have an API that looks like this:
// mysql provider automatically selected
provider, err := storage.Open("mysql://root:my-secret-pw@tcp(127.0.0.1:3306)/")
if err != nil {
// handle error
}
This would reduce refactors users would have to do when selecting different storage providers.
Current obstacles:
storage
package and implementation-specific packagesNeed to use the backtick to protect against illegal characters that may be present in the user's store name.
Needed for trustbloc/edv#7
Requirement
It is desired to enable an authorization strategy using a form of authorization capabilities where the sender's authentication and capability invocation are transmitted in HTTP message headers using HTTP signatures.
The capability invoker crafts an HTTP message with special headers indicating their KID, the content being signed over, as well as the actual signature itself. The sender's signing key is presumed to have been communicated out of band to the verifier.
Initial signing algorithm supported will be ECDSA using curve P-256 and SHA-256.
Note: we should not use (algorithm)
since it enables attack vectors in some cases (eg. "ecdsa-sha256" section 5.1.2).
We will use igor-pavlenko/httpsignatures-go to create and parse HTTP signatures as per the HTTPbis draft.
Breakdown
Signature
header using ECDSA with curve P-256 and SHA-256*http.Request
s with signaturesdid:key
#98httpsignatures.Secrets
implementation for did:key
(for verification) #105Known spec issues #89 :
References
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.