6948c65012
Add ValidatePath() enforcing: valid UTF-8, forward-slash only, relative paths, no '..' segments, no empty segments. Called from both AddFile and AddFileWithHash. Proto comments document the rules. Closes #26
89 lines
2.2 KiB
Protocol Buffer
89 lines
2.2 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
option go_package = "git.eeqj.de/sneak/mfer/mfer";
|
|
|
|
message Timestamp {
|
|
int64 seconds = 1;
|
|
int32 nanos = 2;
|
|
}
|
|
|
|
message MFFileOuter {
|
|
enum Version {
|
|
VERSION_NONE = 0;
|
|
VERSION_ONE = 1; // only one for now
|
|
}
|
|
|
|
// required mffile root attributes 1xx
|
|
Version version = 101;
|
|
|
|
enum CompressionType {
|
|
COMPRESSION_NONE = 0;
|
|
COMPRESSION_ZSTD = 1;
|
|
}
|
|
|
|
CompressionType compressionType = 102;
|
|
|
|
// these are used solely to detect corruption/truncation
|
|
// and not for cryptographic integrity.
|
|
int64 size = 103;
|
|
bytes sha256 = 104;
|
|
|
|
// uuid must match the uuid in the inner message
|
|
bytes uuid = 105;
|
|
|
|
bytes innerMessage = 199;
|
|
// 2xx for optional manifest root attributes
|
|
// think we might use gosignify instead of gpg:
|
|
// github.com/frankbraun/gosignify
|
|
|
|
//detached signature, ascii or binary
|
|
optional bytes signature = 201;
|
|
//full GPG key id
|
|
optional bytes signer = 202;
|
|
//full GPG signing public key, ascii or binary
|
|
optional bytes signingPubKey = 203;
|
|
}
|
|
|
|
message MFFilePath {
|
|
// required attributes:
|
|
// Path invariants: must be valid UTF-8, use forward slashes only,
|
|
// be relative (no leading /), contain no ".." segments, and no
|
|
// empty segments (no "//").
|
|
string path = 1;
|
|
int64 size = 2;
|
|
|
|
// gotta have at least one:
|
|
repeated MFFileChecksum hashes = 3;
|
|
|
|
// optional per-file metadata
|
|
optional string mimeType = 301;
|
|
optional Timestamp mtime = 302;
|
|
optional Timestamp ctime = 303;
|
|
optional Timestamp atime = 304;
|
|
}
|
|
|
|
message MFFileChecksum {
|
|
// 1.0 golang implementation must write a multihash here
|
|
// it's ok to only ever use/verify sha256 multihash
|
|
bytes multiHash = 1;
|
|
}
|
|
|
|
message MFFile {
|
|
enum Version {
|
|
VERSION_NONE = 0;
|
|
VERSION_ONE = 1; // only one for now
|
|
}
|
|
Version version = 100;
|
|
|
|
// required manifest attributes:
|
|
repeated MFFilePath files = 101;
|
|
|
|
// uuid is a random v4 UUID generated when creating the manifest
|
|
// used as part of the signature to prevent replay attacks
|
|
bytes uuid = 102;
|
|
|
|
// optional manifest attributes 2xx:
|
|
optional Timestamp createdAt = 201;
|
|
}
|
|
|