diff --git a/conf/api.cfg.inc b/conf/api.cfg.inc index e76f88fd..df65c332 100644 --- a/conf/api.cfg.inc +++ b/conf/api.cfg.inc @@ -9,6 +9,11 @@ # within this duration of the local clock tokenduration = 10m +[manifest] + # used with mig manifests, this indicates the number of valid signatures + # that must be applied to a manifest for the api to mark it as active + requiredsignatures = 2 + [server] # local listening ip ip = "127.0.0.1" diff --git a/database/manifest.go b/database/manifest.go index 8e42de6f..fd159ecb 100644 --- a/database/manifest.go +++ b/database/manifest.go @@ -12,10 +12,6 @@ import ( "mig.ninja/mig" ) -// The number of signatures required for a manifest to be marked as active. -// XXX This should probably be somewhere else like in the configuration file. -const REQUIRED_SIGNATURES int = 1 - // Add a new manifest record to the database func (db *DB) ManifestAdd(mr mig.ManifestRecord) (err error) { _, err = db.c.Exec(`INSERT INTO manifests VALUES @@ -25,7 +21,7 @@ func (db *DB) ManifestAdd(mr mig.ManifestRecord) (err error) { } // Add a signature to the database for an existing manifest -func (db *DB) ManifestAddSignature(mid float64, sig string, invid float64) (err error) { +func (db *DB) ManifestAddSignature(mid float64, sig string, invid float64, reqsig int) (err error) { res, err := db.c.Exec(`INSERT INTO manifestsig (manifestid, pgpsignature, investigatorid) SELECT $1, $2, $3 @@ -42,7 +38,7 @@ func (db *DB) ManifestAddSignature(mid float64, sig string, invid float64) (err return fmt.Errorf("Manifest signing operation failed") } - err = db.ManifestUpdateStatus(mid) + err = db.ManifestUpdateStatus(mid, reqsig) return } @@ -56,8 +52,10 @@ func (db *DB) ManifestDisable(mid float64) (err error) { return } -// Update the status of a manifest based on the number of signatures it has -func (db *DB) ManifestUpdateStatus(mid float64) (err error) { +// Update the status of a manifest based on the number of signatures it has, +// reqsig is passed as an argument that indicates the number of signatures +// a manifest must have to be considered active +func (db *DB) ManifestUpdateStatus(mid float64, reqsig int) (err error) { var cnt int err = db.c.QueryRow(`SELECT COUNT(*) FROM manifestsig WHERE manifestid=$1`, mid).Scan(&cnt) @@ -65,7 +63,7 @@ func (db *DB) ManifestUpdateStatus(mid float64) (err error) { return err } status := "staged" - if cnt >= REQUIRED_SIGNATURES { + if cnt >= reqsig { status = "active" } _, err = db.c.Exec(`UPDATE manifests SET status=$1 WHERE diff --git a/mig-api/context.go b/mig-api/context.go index ab13f1c4..1be7bd33 100644 --- a/mig-api/context.go +++ b/mig-api/context.go @@ -34,6 +34,9 @@ type Context struct { Mutex sync.Mutex UpdateTime time.Time } + Manifest struct { + RequiredSignatures int + } Postgres struct { Host, User, Password, DBName, SSLMode string Port, MaxConn int @@ -80,6 +83,10 @@ func Init(path string, debug bool) (ctx Context, err error) { panic(err) } + if ctx.Manifest.RequiredSignatures < 1 { + panic("manifest:requiredsignatures must be at least 1 in config file") + } + ctx, err = initDB(ctx) if err != nil { panic(err) diff --git a/mig-api/manifest_endpoints.go b/mig-api/manifest_endpoints.go index b7def08b..abf3417a 100644 --- a/mig-api/manifest_endpoints.go +++ b/mig-api/manifest_endpoints.go @@ -72,7 +72,7 @@ func statusManifest(respWriter http.ResponseWriter, request *http.Request) { if err != nil { panic(err) } - err = ctx.DB.ManifestUpdateStatus(manifestid) + err = ctx.DB.ManifestUpdateStatus(manifestid, ctx.Manifest.RequiredSignatures) if err != nil { panic(err) } @@ -118,7 +118,8 @@ func signManifest(respWriter http.ResponseWriter, request *http.Request) { panic("Invalid signature specified") } - err = ctx.DB.ManifestAddSignature(manifestid, sig, getInvID(request)) + err = ctx.DB.ManifestAddSignature(manifestid, sig, getInvID(request), + ctx.Manifest.RequiredSignatures) if err != nil { panic(err) }