[webhook] use "private" as special field for attr encryption (starlin…

…glab#34) * [webhook] use "private" as special field for attr encryption * don't support private as value --------- Co-authored-by: William Chong <me@williamchong.cloud>
likecoin · Jun 12, 2024 · c2cf3a4 · c2cf3a4
1 parent 87c17b5
commit c2cf3a4
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 24 deletions.
diff --git a/preprocessor/folder/file.go b/preprocessor/folder/file.go
@@ -46,13 +46,15 @@ func getProofModeFileMetadatas(filePath string) ([]map[string]any, error) {
 			"asset_origin_id":   assetOrigin,
 			"asset_origin_type": []string{"proofmode"},
 			"media_type":        asset.MediaType,
-			"proofmode": map[string]any{
-				"metadata":  string(asset.MetadataBytes),
-				"meta_sig":  string(asset.MetadataSignature),
-				"media_sig": string(asset.AssetSignature),
-				"pubkey":    string(asset.PubKey),
-				"ots":       asset.Ots,
-				"gst":       string(asset.Gst),
+			"private": map[string]any{ // "private" fields are encrypted
+				"proofmode": map[string]any{
+					"metadata":  string(asset.MetadataBytes),
+					"meta_sig":  string(asset.MetadataSignature),
+					"media_sig": string(asset.AssetSignature),
+					"pubkey":    string(asset.PubKey),
+					"ots":       asset.Ots,
+					"gst":       string(asset.Gst),
+				},
 			},
 		}
 		metadatas = append(metadatas, metadata)

diff --git a/webhook/attribute.go b/webhook/attribute.go
@@ -2,39 +2,41 @@ package webhook
 
 import (
 	"fmt"
-	"slices"
 
 	"github.com/starlinglab/integrity-v2/aa"
 	"github.com/starlinglab/integrity-v2/util"
 )
 
-// fields that are marked as private
-var privateFields = []string{"private", "proofmode"}
-
 // ParseMapToAttributes parses a map and a file stat map
 // to a slice of attributes for POSTing to the AA server
 // It also reads the encryption keys from the filesystem,
-// if fields are marked as private
+// if fields are put under "private" key.
+// Note that all keys under "private" are promoted to top level
+// in encrypted form
 func ParseMapToAttributes(cid string, attrMap map[string]any, fileAttributes map[string]any) ([]aa.PostKV, error) {
 
 	var attributes []aa.PostKV
 
-	for k, v := range attrMap {
-		// TODO: add whitelist/blacklist for attributes in config
-
-		var encKey []byte
-		if slices.Contains(privateFields, k) {
-			_, keyBytes, _, err := util.GenerateEncKey(cid, k)
-			if err != nil {
-				return nil, fmt.Errorf("error reading key: %w", err)
+	for key, value := range attrMap {
+		if key == "private" {
+			privMap, ok := value.(map[string]any)
+			if !ok {
+				return nil, fmt.Errorf("private must be a map of private key-value pairs")
+			}
+			for pKey, pValue := range privMap {
+				_, encKey, _, err := util.GenerateEncKey(cid, pKey)
+				if err != nil {
+					return nil, fmt.Errorf("error reading key: %w", err)
+				}
+				attributes = append(attributes, aa.PostKV{Key: pKey, Value: pValue, EncKey: encKey})
 			}
-			encKey = keyBytes
+		} else {
+			attributes = append(attributes, aa.PostKV{Key: key, Value: value})
 		}
-		attributes = append(attributes, aa.PostKV{Key: k, Value: v, EncKey: encKey})
 	}
 
-	for k, v := range fileAttributes {
-		attributes = append(attributes, aa.PostKV{Key: k, Value: v})
+	for key, value := range fileAttributes {
+		attributes = append(attributes, aa.PostKV{Key: key, Value: value})
 	}
 
 	return attributes, nil