search

cryptomator / hub

Cryptomator Hub helps you manage vaults in large teams
GNU Affero General Public License v3.0
36 stars 8 forks source link

Web of Trust #281

Open overheadhunter opened 1 month ago

overheadhunter commented 1 month ago

API endpoints

This adds two new methods to the users resource:

  1. PUT /api/users/trusted/{userId}, which stores a signature created by the current user for the user referenced by userId
  2. GET /api/users/trusted, which retrieves all users with their corresponding signature chains that are directly or transitively trusted by the current user

These added test cases demonstrate the usage.

Database

This adds a new table wot as well as a view effective_wot. The wot table stores all signatures added via the aforementioned endpoint. The effective_wot contains the signature chains by looking up transitive trusts up to a graph depth of 10.

ERM.png

Frontend

A component is added to signify whether a user can be trusted. It shows whether a chain of trust between the user in question and the logged in user exists. Furthermore it allows to sign the user's public keys.

Future work

Currently, there are two new parameters in the settings table that may be exposed to the admin interface in a separate future PR:

  1. wot_max_depth limits the number of edges in the WoT graph between two users when trying to find a trust chain
  2. wot_id_verify_len is used by the frontend to specify how many hex digits of the hash of user U's public key a signer S has to enter in order to sign U's keys.

The chosen defaults are up for debate, of course.

coderabbitai[bot] commented 1 month ago

Walkthrough

The changes introduce new event types and corresponding DTOs for signing Web of Trust (WoT) IDs, expand MemberDto with public key fields, add REST resources for settings management, and implement trust-related user operations. Additionally, there are significant updates to the front-end components and types to support these new features, while also introducing comprehensive integration tests and an enriched database schema to manage the trust relationships.

Changes

File(s) Change Summary
backend/src/.../AuditLogResource.java Added handling for SignedWotIdEvent, including new DTOs and methods for conversion and retrieval.
backend/src/.../MemberDto.java Included ecdhPublicKey and ecdsaPublicKey fields, updating constructor and fromEntity methods.
backend/src/.../SettingsResource.java Introduced a RESTful API for managing settings with endpoints subject to role-based access control.
backend/src/.../UserDto.java Deprecated legacyEcdhPublicKey field, noting its eventual removal.
backend/src/.../UsersResource.java Added methods for trust-related operations and introduced relevant data transfer objects.
backend/src/.../EffectiveWot.java Introduced EffectiveWot entity with methods for finding trusted users and a repository class for DB ops.
backend/src/.../Settings.java Added fields wotMaxDepth and wotIdVerifyLen with corresponding getter/setter methods, and updates in utility methods.
backend/src/.../StringArrayType.java Created a custom UserType for handling string arrays in Hibernate with necessary methods.
backend/src/.../EventLogger.java Added logWotIdSigned method to log the signing of WoT IDs.
backend/src/.../SignedWotIdEvent.java Introduced this entity class representing a signed WoT ID event with necessary methods and overrides.
backend/src/.../flyway/V16__WoT.sql Altered the database schema to add new columns and tables for WoT IDs, and created a view to calculate trust relationships.
backend/src/.../AuditLogResourceIT.java Added integration tests for AuditLogResource, including necessary mocks and setups.
backend/src/.../SettingsResourceIT.java Introduced integration tests for the newly created SettingsResource API endpoints with different roles.
frontend/src/.../auditlog.ts Refactored AuditEventDto types into base and derived types for specific events.
frontend/src/.../backend.ts Added new types and methods for handling trust operations and fetching settings data.
frontend/src/.../crypto.ts Renamed key usage constants, updated methods to align with these changes, and introduced getJwkThumbprint function.
frontend/src/.../GrantPermissionDialog.vue Updated imports and replaced getFingerprint with wot.computeFingerprint.
frontend/src/.../SignUserKeysDialog.vue Created a new dialog component for signing user keys.
frontend/src/.../TrustDetails.vue Added a component for displaying trust levels and managing key signing processes.
frontend/src/.../AuditLogDetailsSignedWotId.vue Added a component to display details related to signed identities in an audit log.

Poem

In cryptos' nested lair so deep,
Trust and keys a vigil keep,
Signatures bind, new depths they plumb,
Into the heart of trust we come.
Harmony in settings found,
Where Webs of Trust (WoT) are wound,
In this code, secure and sound.
πŸ‡πŸ”’βœ¨

[!TIP]

Early access features - OpenAI `gpt-4o` model for reviews and chat. Note: - You can disable early access features from the CodeRabbit UI or by setting `early_access: false` in the CodeRabbit configuration file. - Please join our [Discord Community](https://discord.com/invite/GsXnASn26c) to provide feedback and report issues. - OSS projects are always opted into early access features.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)
Tips ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.
overheadhunter commented 1 month ago

@SailReal this is still WiP, but could you please review the backend part up to this point? This is merely the dumb storage logic, all signature creation and validation will then be done by the frontend.

The signature will simply be a JWT containing the trusted user's public key and is signed by the trusting user. Intermediate items in the signature chain can therefore be simply validated without further db lookups. Just the root and leaf public keys must be checked against their respective owners.

overheadhunter commented 1 week ago

No idea what the tooltip (remark number 6) is about. It was there before already.