[ARVADOS] updated: 395b4e72d33c5b4df931c029a45870d354c32312

git at public.curoverse.com git at public.curoverse.com
Mon May 5 13:50:46 EDT 2014 

Summary of changes:
 services/keep/src/keep/perms.go |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

       via  395b4e72d33c5b4df931c029a45870d354c32312 (commit)
      from  8c5b4f6d87cec17f915802e3c5f14695611eba7f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 395b4e72d33c5b4df931c029a45870d354c32312
Author: Tim Pierce <twp at curoverse.com>
Date:   Mon May 5 13:52:06 2014 -0400

    Resolve code review (closes #2328)
    
    Fix doc comments and argument names for the expiry timestamp arguments
    for SignLocator and makePermSignature.

diff --git a/services/keep/src/keep/perms.go b/services/keep/src/keep/perms.go
index f3ff001..183bc2f 100644
--- a/services/keep/src/keep/perms.go
+++ b/services/keep/src/keep/perms.go
@@ -17,8 +17,8 @@ expressed as a hexadecimal number.  e.g.:
 The signature represents a guarantee that this locator was generated
 by either Keep or the API server for use with the supplied API token.
 If a request to Keep includes a locator with a valid signature and is
-accompanied by the proper API token, the user has permission to
-perform any action on that object (GET, PUT or DELETE).
+accompanied by the proper API token, the user has permission to GET
+that object.
 
 The signature may be generated either by Keep (after the user writes a
 block) or by the API server (if the user has can_read permission on
@@ -51,25 +51,25 @@ import (
 var PermissionSecret []byte
 
 // makePermSignature returns a string representing the signed permission
-// hint for the blob identified by blob_hash, api_token and timestamp.
-func makePermSignature(blob_hash string, api_token string, timestamp string) string {
+// hint for the blob identified by blob_hash, api_token and expiration timestamp.
+func makePermSignature(blob_hash string, api_token string, expiry string) string {
 	hmac := hmac.New(sha1.New, PermissionSecret)
 	hmac.Write([]byte(blob_hash))
 	hmac.Write([]byte("@"))
 	hmac.Write([]byte(api_token))
 	hmac.Write([]byte("@"))
-	hmac.Write([]byte(timestamp))
+	hmac.Write([]byte(expiry))
 	digest := hmac.Sum(nil)
 	return fmt.Sprintf("%x", digest)
 }
 
-// SignLocator takes a blob_locator, an api_token and a timestamp, and
+// SignLocator takes a blob_locator, an api_token and an expiry time, and
 // returns a signed locator string.
-func SignLocator(blob_locator string, api_token string, timestamp time.Time) string {
+func SignLocator(blob_locator string, api_token string, expiry time.Time) string {
 	// Extract the hash from the blob locator, omitting any size hint that may be present.
 	blob_hash := strings.Split(blob_locator, "+")[0]
 	// Return the signed locator string.
-	timestamp_hex := fmt.Sprintf("%08x", timestamp.Unix())
+	timestamp_hex := fmt.Sprintf("%08x", expiry.Unix())
 	return blob_locator +
 		"+A" + makePermSignature(blob_hash, api_token, timestamp_hex) +
 		"@" + timestamp_hex

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list