Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Origins + more test suite passing #7

Merged
merged 47 commits into from
Mar 29, 2024
Merged
Changes from 1 commit
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
190fd93
WIP
malcolmstill Mar 19, 2024
ec48aff
Working test001
malcolmstill Mar 19, 2024
bb0942f
Initial parser
malcolmstill Mar 19, 2024
525d888
Fix parameter name
malcolmstill Mar 20, 2024
40880e4
More illuminating name
malcolmstill Mar 21, 2024
d876d4c
WIP parser
malcolmstill Mar 23, 2024
10432f2
WIP parser
malcolmstill Mar 23, 2024
e7dc323
WIP parser
malcolmstill Mar 23, 2024
7e07bf5
Test 010 passes
malcolmstill Mar 23, 2024
185e678
Test 012 passes
malcolmstill Mar 23, 2024
521bbb9
Test 022 works
malcolmstill Mar 23, 2024
04da1de
Convert bytes and set
malcolmstill Mar 23, 2024
fad0623
Some RFC 3339 support
malcolmstill Mar 24, 2024
7acf870
WIP date
malcolmstill Mar 24, 2024
9d44302
WIP expressions
malcolmstill Mar 24, 2024
59011f7
WIP expression parser
malcolmstill Mar 24, 2024
f5c7dc1
Working expression parse
malcolmstill Mar 24, 2024
b17b962
Fix
malcolmstill Mar 24, 2024
9faa7d8
WIP
malcolmstill Mar 24, 2024
e36ccc6
WIP
malcolmstill Mar 25, 2024
0df1e74
WIP
malcolmstill Mar 25, 2024
e19e375
RuleSet / FactSet
malcolmstill Mar 25, 2024
3d061f8
Trusted facts compiles but does not work
malcolmstill Mar 25, 2024
2524056
Still not working
malcolmstill Mar 26, 2024
9f9fa9d
WIP
malcolmstill Mar 26, 2024
1959667
Fixed iterator (need to be pointers to FactSet, not FactSet by value)…
malcolmstill Mar 26, 2024
ec38967
WIP
malcolmstill Mar 26, 2024
2fd0b47
WIP
malcolmstill Mar 26, 2024
bb37f8c
I have a feeling we shouldn't think about TrustedOrigins as containin…
malcolmstill Mar 26, 2024
283109b
Fix Term.convert
malcolmstill Mar 26, 2024
710f96c
Rule.findMatch: evalute expressions where rule has no body predicates
malcolmstill Mar 26, 2024
9cb5ba4
Parse external key out of block
malcolmstill Mar 26, 2024
d1d7f3b
Verify external signature
malcolmstill Mar 26, 2024
a92c5b0
Test 027 passes
malcolmstill Mar 26, 2024
25ea0f0
More scope stuff
malcolmstill Mar 27, 2024
0aa6dd0
Test 024 third pary works
malcolmstill Mar 28, 2024
fd7aed5
Fix test 025
malcolmstill Mar 28, 2024
3b29527
Partial fix fo r test 026
malcolmstill Mar 28, 2024
286621b
Implement policies / builder expression conversion
malcolmstill Mar 28, 2024
b029049
Fix parser + working test 026...this required some additional mapping…
malcolmstill Mar 28, 2024
5ca2107
Depend on zig-regex + working test 014
malcolmstill Mar 28, 2024
270e63c
Concat
malcolmstill Mar 28, 2024
460f826
Update the samples...eveything now works apart from test 018
malcolmstill Mar 28, 2024
a5a06c0
Latest samples.json + required sample.zig changes
malcolmstill Mar 28, 2024
26028a7
Yay, test018 passes...all the tests pass!
malcolmstill Mar 28, 2024
f8bb0f3
Fix double free
malcolmstill Mar 28, 2024
58cfd30
Let's get all module tests running again
malcolmstill Mar 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
WIP
malcolmstill committed Mar 25, 2024
commit e36ccc61cb9f4a868e21fbcd33ddd01929fd7419
15 changes: 12 additions & 3 deletions biscuit-datalog/src/expression.zig
Original file line number Diff line number Diff line change
@@ -98,9 +98,18 @@ pub const Expression = struct {
return stack.items[0];
}

pub fn convert(expression: Expression, _: *const SymbolTable, _: *SymbolTable) !Expression {
//
return expression;
pub fn convert(expression: Expression, old_symbols: *const SymbolTable, new_symbols: *SymbolTable) !Expression {
std.debug.print("Converting expression\n", .{});
const ops = try expression.ops.clone();

for (ops.items, 0..) |op, i| {
ops.items[i] = switch (op) {
.value => |trm| .{ .value = try trm.convert(old_symbols, new_symbols) },
else => op,
};
}

return .{ .ops = ops };
}

pub fn format(expression: Expression, comptime _: []const u8, _: std.fmt.FormatOptions, writer: anytype) !void {
36 changes: 26 additions & 10 deletions biscuit-datalog/src/origin.zig
Original file line number Diff line number Diff line change
@@ -31,7 +31,19 @@ pub const TrustedOrigins = struct {
return .{ .origin = Origin.init(allocator) };
}

pub fn initFromScopes(
/// Return a TrustedOrigins default of trusting the authority block (0)
/// and the authorizer (max int).
pub fn defaultOrigins(allocator: mem.Allocator) TrustedOrigins {
var trusted_origins = TrustedOrigins.init(allocator);

try trusted_origins.origin.insert(0); // Authority block?
try trusted_origins.origin.insert(std.math.maxInt(u64));

return trusted_origins;
}

/// Given a rule (rule scopes) generate
pub fn fromScopes(
allocator: mem.Allocator,
rule_scopes: []const Scope,
default_origins: TrustedOrigins,
@@ -44,30 +56,34 @@ pub const TrustedOrigins = struct {
if (rule_scopes.len == 0) {
var origins = default_origins.clone();

origins.insert(current_block);
origins.insert(max_int);
try origins.insert(current_block);
try origins.insert(max_int);

return origins;
}

var origins = Origin.init(allocator);
origins.insert(max_int);
origins.insert(current_block);
var trusted_origins = TrustedOrigins.init(allocator);
trusted_origins.origin.insert(max_int);
trusted_origins.origin.insert(current_block);

for (rule_scopes) |scope| {
switch (scope) {
.authority => origins.insert(0),
.authority => trusted_origins.origin.insert(0),
.previous => {
if (current_block == max_int) continue;
// TODO: extend

for (0..current_block + 1) |i| {
try trusted_origins.origins.insert(i);
}
},
.public_key => |public_key_id| {
_ = public_key_id;
// TODO: extend

@panic("Unimplemented");
},
}
}

return .{ .origin = origins };
return trusted_origins;
}
};
4 changes: 2 additions & 2 deletions biscuit-format/src/serialized_biscuit.zig
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ pub const SerializedBiscuit = struct {
///
/// This decodes the toplevel-level biscuit format from protobuf and verifies
/// the token.
pub fn initFromBytes(allocator: mem.Allocator, bytes: []const u8, public_key: Ed25519.PublicKey) !SerializedBiscuit {
pub fn fromBytes(allocator: mem.Allocator, bytes: []const u8, public_key: Ed25519.PublicKey) !SerializedBiscuit {
const b = try schema.decodeBiscuit(allocator, bytes);
errdefer b.deinit();

@@ -139,7 +139,7 @@ test {
const bytes = try decode.urlSafeBase64ToBytes(allocator, token);
defer allocator.free(bytes);

var b = try SerializedBiscuit.initFromBytes(allocator, bytes, public_key);
var b = try SerializedBiscuit.fromBytes(allocator, bytes, public_key);
defer b.deinit();
}
}
2 changes: 1 addition & 1 deletion biscuit-samples/src/main.zig
Original file line number Diff line number Diff line change
@@ -128,7 +128,7 @@ pub fn validate(alloc: mem.Allocator, token: []const u8, public_key: std.crypto.
}

pub fn runValidation(alloc: mem.Allocator, token: []const u8, public_key: std.crypto.sign.Ed25519.PublicKey, authorizer_code: []const u8, errors: *std.ArrayList(AuthorizerError)) !void {
var b = try Biscuit.initFromBytes(alloc, token, public_key);
var b = try Biscuit.fromBytes(alloc, token, public_key);
defer b.deinit();

var a = b.authorizer(alloc);
3 changes: 2 additions & 1 deletion biscuit/src/authorizer.zig
Original file line number Diff line number Diff line change
@@ -123,7 +123,8 @@ pub const Authorizer = struct {
if (authorizer.biscuit) |biscuit| {
for (biscuit.blocks.items, 1..) |block, block_id| {
std.debug.print("block = {any}\n", .{block});
for (block.checks.items, 0..) |check, check_id| {
for (block.checks.items, 0..) |c, check_id| {
const check = try c.convert(&block.symbols, &authorizer.symbols);
std.debug.print("check = {any}\n", .{check});
for (check.queries.items) |*query| {
const is_match = try authorizer.world.queryMatch(query, authorizer.symbols);
12 changes: 6 additions & 6 deletions biscuit/src/biscuit.zig
Original file line number Diff line number Diff line change
@@ -12,16 +12,16 @@ pub const Biscuit = struct {
blocks: std.ArrayList(Block),
symbols: std.ArrayList([]const u8),

pub fn initFromBytes(allocator: mem.Allocator, token_bytes: []const u8, public_key: Ed25519.PublicKey) !Biscuit {
var serialized = try SerializedBiscuit.initFromBytes(allocator, token_bytes, public_key);
pub fn fromBytes(allocator: mem.Allocator, token_bytes: []const u8, public_key: Ed25519.PublicKey) !Biscuit {
var serialized = try SerializedBiscuit.fromBytes(allocator, token_bytes, public_key);
errdefer serialized.deinit();

const authority = try Block.initFromBytes(allocator, serialized.authority.block);
const authority = try Block.fromBytes(allocator, serialized.authority.block);
std.debug.print("authority block =\n{any}\n", .{authority});

var blocks = std.ArrayList(Block).init(allocator);
for (serialized.blocks.items) |b| {
const block = try Block.initFromBytes(allocator, b.block);
const block = try Block.fromBytes(allocator, b.block);
std.debug.print("non-authority block =\n{any}\n", .{block});
try blocks.append(block);
}
@@ -74,7 +74,7 @@ test {
const bytes = try decode.urlSafeBase64ToBytes(allocator, token);
defer allocator.free(bytes);

var b = try Biscuit.initFromBytes(allocator, bytes, public_key);
var b = try Biscuit.fromBytes(allocator, bytes, public_key);
defer b.deinit();

var a = b.authorizer(allocator);
@@ -105,7 +105,7 @@ test "Tokens that should fail to validate" {
const bytes = try decode.urlSafeBase64ToBytes(allocator, token);
defer allocator.free(bytes);

var b = try Biscuit.initFromBytes(allocator, bytes, public_key);
var b = try Biscuit.fromBytes(allocator, bytes, public_key);
defer b.deinit();

var a = b.authorizer(allocator);
3 changes: 2 additions & 1 deletion biscuit/src/block.zig
Original file line number Diff line number Diff line change
@@ -28,7 +28,8 @@ pub const Block = struct {
}

/// Given a blocks contents as bytes, derserialize into runtime block
pub fn initFromBytes(allocator: std.mem.Allocator, data: []const u8) !Block {
pub fn fromBytes(allocator: std.mem.Allocator, data: []const u8) !Block {
std.debug.print("Block.fromBytes\n", .{});
const decoded_block = try schema.decodeBlock(allocator, data);
defer decoded_block.deinit();