X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cee6438c3ab1ed1bf66fffeb4b1b34282ca7ec7f..e892c7ee96f28bef7d5b2a9314eb9549ee56634d:/services/api/app/models/collection.rb diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb index c4740f96eb..4a054413ce 100644 --- a/services/api/app/models/collection.rb +++ b/services/api/app/models/collection.rb @@ -8,14 +8,17 @@ class Collection < ArvadosModel serialize :properties, Hash + before_validation :default_empty_manifest before_validation :check_encoding + before_validation :check_manifest_validity before_validation :check_signatures before_validation :strip_signatures_and_update_replication_confirmed validate :ensure_pdh_matches_manifest_text before_save :set_file_names + before_save :expires_at_not_in_past # Query only undeleted collections by default. - default_scope where("expires_at IS NULL or expires_at > CURRENT_TIMESTAMP") + default_scope where("expires_at IS NULL or expires_at > statement_timestamp()") api_accessible :user, extend: :common do |t| t.add :name @@ -26,6 +29,7 @@ class Collection < ArvadosModel t.add :replication_desired t.add :replication_confirmed t.add :replication_confirmed_at + t.add :expires_at end def self.attributes_required_columns @@ -35,10 +39,17 @@ class Collection < ArvadosModel # expose signed_manifest_text as manifest_text in the # API response, and never let clients select the # manifest_text column. - 'manifest_text' => ['manifest_text'], + # + # We need expires_at to determine the correct + # timestamp in signed_manifest_text. + 'manifest_text' => ['manifest_text', 'expires_at'], ) end + def self.ignored_select_attributes + super + ["updated_at", "file_names"] + end + FILE_TOKEN = /^[[:digit:]]+:[[:digit:]]+:/ def check_signatures return false if self.manifest_text.nil? @@ -61,9 +72,11 @@ class Collection < ArvadosModel api_token: api_token, now: db_current_time.to_i, } - self.manifest_text.lines.each do |entry| - entry.split[1..-1].each do |tok| - if tok =~ FILE_TOKEN + self.manifest_text.each_line do |entry| + entry.split.each do |tok| + if tok == '.' or tok.starts_with? './' + # Stream name token. + elsif tok =~ FILE_TOKEN # This is a filename token, not a blob locator. Note that we # keep checking tokens after this, even though manifest # format dictates that all subsequent tokens will also be @@ -128,8 +141,8 @@ class Collection < ArvadosModel true elsif portable_data_hash.nil? or not portable_data_hash_changed? self.portable_data_hash = computed_pdh - elsif portable_data_hash !~ /^[0-9a-f]{32}(\+\d+)?$/ - errors.add(:portable_data_hash, "is not a valid hash or hash+size") + elsif portable_data_hash !~ Keep::Locator::LOCATOR_REGEXP + errors.add(:portable_data_hash, "is not a valid locator") false elsif portable_data_hash[0..31] != computed_pdh[0..31] errors.add(:portable_data_hash, @@ -168,6 +181,10 @@ class Collection < ArvadosModel names[0,2**12] end + def default_empty_manifest + self.manifest_text ||= '' + end + def check_encoding if manifest_text.encoding.name == 'UTF-8' and manifest_text.valid_encoding? true @@ -190,17 +207,32 @@ class Collection < ArvadosModel end end + def check_manifest_validity + begin + Keep::Manifest.validate! manifest_text + true + rescue ArgumentError => e + errors.add :manifest_text, e.message + false + end + end + def signed_manifest_text if has_attribute? :manifest_text token = current_api_client_authorization.andand.api_token - @signed_manifest_text = self.class.sign_manifest manifest_text, token + exp = [db_current_time.to_i + Rails.configuration.blob_signature_ttl, + expires_at].compact.map(&:to_i).min + @signed_manifest_text = self.class.sign_manifest manifest_text, token, exp end end - def self.sign_manifest manifest, token + def self.sign_manifest manifest, token, exp=nil + if exp.nil? + exp = db_current_time.to_i + Rails.configuration.blob_signature_ttl + end signing_opts = { api_token: token, - expire: db_current_time.to_i + Rails.configuration.blob_signature_ttl, + expire: exp, } m = munge_manifest_locators(manifest) do |match| Blob.sign_locator(match[0], signing_opts) @@ -216,13 +248,13 @@ class Collection < ArvadosModel return '' if manifest == '' new_lines = [] - lines = manifest.split("\n") manifest.each_line do |line| line.rstrip! - words = line.split(' ') new_words = [] - words.each do |word| - if match = Keep::Locator::LOCATOR_REGEXP.match(word) + line.split(' ').each do |word| + if new_words.empty? + new_words << word + elsif match = Keep::Locator::LOCATOR_REGEXP.match(word) new_words << yield(match) else new_words << word @@ -230,17 +262,16 @@ class Collection < ArvadosModel end new_lines << new_words.join(' ') end - - manifest = new_lines.join("\n") + "\n" + new_lines.join("\n") + "\n" end def self.each_manifest_locator manifest # Given a manifest text and a block, yield the regexp match object # for each locator. manifest.each_line do |line| - line.rstrip! - words = line.split(' ') - words.each do |word| + # line will have a trailing newline, but the last token is never + # a locator, so it's harmless here. + line.split(' ').each do |word| if match = Keep::Locator::LOCATOR_REGEXP.match(word) yield(match) end @@ -364,4 +395,14 @@ class Collection < ArvadosModel end super end + + # If expires_at is being changed to a time in the past, change it to + # now. This allows clients to say "expires {client-current-time}" + # without failing due to clock skew, while avoiding odd log entries + # like "expiry date changed to {1 year ago}". + def expires_at_not_in_past + if expires_at_changed? and expires_at + self.expires_at = [db_current_time, expires_at].max + end + end end