core

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CredentialMasterKeyEnv    = "DRS_CREDENTIAL_MASTER_KEY"
	CredentialLocalKeyFileEnv = "DRS_CREDENTIAL_LOCAL_KEY_FILE"
	DatabaseSQLiteFileEnv     = "DRS_DB_SQLITE_FILE"
	CredentialKeyManagerEnv   = "DRS_CREDENTIAL_KEY_MANAGER"
	CredentialKMSKeyIDEnv     = "DRS_CREDENTIAL_KMS_KEY_ID"
)
View Source 
const RequestIDHeader = "X-Request-Id"

Variables

View Source 
var (
	ErrNotFound     = errors.New("not found")
	ErrUnauthorized = errors.New("unauthorized")
	ErrConflict     = errors.New("conflict")
)

Functions

func AuditS3CredentialAccess 

func AuditS3CredentialAccess(ctx context.Context, action string, bucket string, err error)

func CheckAccess 

func CheckAccess(recordResources []string, userResources []string) bool

CheckAccess verifies if a user has access to a record based on RBAC resources. A record is accessible if: 1. It has NO required resources (public). 2. OR the user has at least one of the resources listed on the record.

func CredentialEncryptionEnabled 

func CredentialEncryptionEnabled() (bool, error)

func DecryptCredentialField 

func DecryptCredentialField(value string) (string, error)

func EncryptCredentialField 

func EncryptCredentialField(plaintext string) (string, error)

func GetRequestID 

func GetRequestID(ctx context.Context) string

func GetUserAuthz 

func GetUserAuthz(ctx context.Context) []string

GetUserAuthz returns the list of resources the user is authorized to access. If not found, returns empty list (no access to protected resources).

func GetUserPrivileges 

func GetUserPrivileges(ctx context.Context) map[string]map[string]bool

func HasAuthHeader 

func HasAuthHeader(ctx context.Context) bool

func HasMethodAccess 

func HasMethodAccess(ctx context.Context, method string, resources []string) bool

func IsGen3Mode 

func IsGen3Mode(ctx context.Context) bool

func MintObjectIDFromChecksum 

func MintObjectIDFromChecksum(checksum string, authz []string) string

MintObjectIDFromChecksum returns a deterministic UUID for a checksum. The generated UUID is scoped to the first lexical "org/project" authorization when available, which avoids cross-project collisions for identical content.

func RegisterCredentialKeyManager 

func RegisterCredentialKeyManager(name string, factory func() (CredentialKeyManager, error)) error

func ResourcePathForScope 

func ResourcePathForScope(org, project string) string

func WithRequestID 

func WithRequestID(ctx context.Context, requestID string) context.Context

Types

type AuthzContextKey 

type AuthzContextKey string
const (
	// UserAuthzKey is the context key for the user's authorized resources list
	UserAuthzKey AuthzContextKey = "user_authz"
	// UserPrivilegesKey stores method-aware privileges (resource -> method -> allowed).
	UserPrivilegesKey AuthzContextKey = "user_privileges"
	// AuthHeaderPresentKey indicates whether the incoming request had an Authorization header.
	AuthHeaderPresentKey AuthzContextKey = "auth_header_present"
	// AuthModeKey contains the configured server mode: local or gen3.
	AuthModeKey AuthzContextKey = "auth_mode"
)
const RequestIDKey AuthzContextKey = "request_id"

type BucketScope 

type BucketScope struct {
	Organization string `db:"organization"`
	ProjectID    string `db:"project_id"`
	Bucket       string `db:"bucket"`
	PathPrefix   string `db:"path_prefix"`
}

type CredentialKeyManager 

type CredentialKeyManager interface {
	Name() string
	WrapDataKey(ctx context.Context, dataKey []byte) (*WrappedDataKey, error)
	UnwrapDataKey(ctx context.Context, wrapped *WrappedDataKey) ([]byte, error)
}

type DatabaseInterface 

type DatabaseInterface interface {
	GetServiceInfo(ctx context.Context) (*drs.Service, error)
	GetObject(ctx context.Context, id string) (*InternalObject, error)
	DeleteObject(ctx context.Context, id string) error
	CreateObject(ctx context.Context, obj *InternalObject) error
	GetObjectsByChecksum(ctx context.Context, checksum string) ([]InternalObject, error)
	GetObjectsByChecksums(ctx context.Context, checksums []string) (map[string][]InternalObject, error)
	ListObjectIDsByResourcePrefix(ctx context.Context, resourcePrefix string) ([]string, error)
	CreateObjectAlias(ctx context.Context, aliasID, canonicalObjectID string) error
	ResolveObjectAlias(ctx context.Context, aliasID string) (string, error)

	// New Bulk Operations
	GetBulkObjects(ctx context.Context, ids []string) ([]InternalObject, error)
	BulkDeleteObjects(ctx context.Context, ids []string) error
	RegisterObjects(ctx context.Context, objects []InternalObject) error // Bulk Create

	// Access Methods
	UpdateObjectAccessMethods(ctx context.Context, objectID string, accessMethods []drs.AccessMethod) error
	BulkUpdateAccessMethods(ctx context.Context, updates map[string][]drs.AccessMethod) error // Map of ObjectID -> AccessMethods

	// S3 Credential Management
	GetS3Credential(ctx context.Context, bucket string) (*S3Credential, error)
	SaveS3Credential(ctx context.Context, cred *S3Credential) error
	DeleteS3Credential(ctx context.Context, bucket string) error
	ListS3Credentials(ctx context.Context) ([]S3Credential, error)
	CreateBucketScope(ctx context.Context, scope *BucketScope) error
	GetBucketScope(ctx context.Context, organization, projectID string) (*BucketScope, error)
	ListBucketScopes(ctx context.Context) ([]BucketScope, error)

	// LFS pending metadata lifecycle.
	SavePendingLFSMeta(ctx context.Context, entries []PendingLFSMeta) error
	GetPendingLFSMeta(ctx context.Context, oid string) (*PendingLFSMeta, error)
	PopPendingLFSMeta(ctx context.Context, oid string) (*PendingLFSMeta, error)

	// File usage metrics lifecycle.
	RecordFileUpload(ctx context.Context, objectID string) error
	RecordFileDownload(ctx context.Context, objectID string) error
	GetFileUsage(ctx context.Context, objectID string) (*FileUsage, error)
	ListFileUsage(ctx context.Context, limit, offset int, inactiveSince *time.Time) ([]FileUsage, error)
	GetFileUsageSummary(ctx context.Context, inactiveSince *time.Time) (FileUsageSummary, error)
}

DatabaseInterface defines the methods required for a database backend

type DrsObjectAccessMethod 

type DrsObjectAccessMethod struct {
	ObjectID string `db:"object_id"`
	URL      string `db:"url"`
	Type     string `db:"type"` // e.g., "s3"
}

DrsObjectAccessMethod represents the internal database record for a DRS Access Method (URL)

type DrsObjectAuthz 

type DrsObjectAuthz struct {
	ObjectID string `db:"object_id"`
	Resource string `db:"resource"`
}

DrsObjectAuthz represents the internal database record for DRS RBAC

type DrsObjectChecksum 

type DrsObjectChecksum struct {
	ObjectID string `db:"object_id"`
	Type     string `db:"type"`
	Checksum string `db:"checksum"`
}

DrsObjectChecksum represents the internal database record for DRS Checksums

type DrsObjectRecord 

type DrsObjectRecord struct {
	ID          string    `db:"id"`
	Description string    `db:"description"`
	CreatedTime time.Time `db:"created_time"`
	UpdatedTime time.Time `db:"updated_time"`
	Size        int64     `db:"size"`
	Version     string    `db:"version"`
	Name        string    `db:"name"`
	MimeType    string    `db:"mime_type"`
}

DrsObjectRecord represents the internal database record for a DRS Object

type DrsObjectWithAuthz 

type DrsObjectWithAuthz = InternalObject

DrsObjectWithAuthz is retained as a compatibility alias while code migrates to InternalObject.

type FileUsage 

type FileUsage struct {
	ObjectID         string
	Name             string
	Size             int64
	UploadCount      int64
	DownloadCount    int64
	LastUploadTime   *time.Time
	LastDownloadTime *time.Time
	LastAccessTime   *time.Time
}

FileUsage captures per-object transfer activity that can drive lifecycle policies.

type FileUsageSummary 

type FileUsageSummary struct {
	TotalFiles        int64
	TotalUploads      int64
	TotalDownloads    int64
	InactiveFileCount int64
}

FileUsageSummary provides aggregate transfer insights.

type InternalObject 

type InternalObject struct {
	drs.DrsObject
	Authorizations []string
}

InternalObject is the internal DRS domain model used by the fast/internal API and storage layer. The official GA4GH DRS schema object lives in `drs.DrsObject`.

func (InternalObject) External 

func (o InternalObject) External() drs.DrsObject

type PendingLFSMeta 

type PendingLFSMeta struct {
	OID       string
	Candidate drs.DrsObjectCandidate
	CreatedAt time.Time
	ExpiresAt time.Time
}

PendingLFSMeta stores a staged LFS metadata packet keyed by object checksum. It is submitted before transfer and consumed at verify-time.

type ResourceScope 

type ResourceScope struct {
	Organization string
	Project      string
}

func ParseResourcePath 

func ParseResourcePath(path string) ResourceScope

type S3Credential 

type S3Credential struct {
	Bucket    string `db:"bucket"`
	Provider  string `db:"provider"`
	Region    string `db:"region"`
	AccessKey string `db:"access_key"`
	SecretKey string `db:"secret_key"`
	Endpoint  string `db:"endpoint"`
}

S3Credential represents the 's3_credential' table

func ParseS3CredentialFromStorage 

func ParseS3CredentialFromStorage(cred *S3Credential) (*S3Credential, error)

func PrepareS3CredentialForStorage 

func PrepareS3CredentialForStorage(cred *S3Credential) (*S3Credential, error)

type WrappedDataKey 

type WrappedDataKey struct {
	Manager    string
	KeyID      string
	Ciphertext string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.