Merge pull request #237 from mozilla-services/fix/170

Fix/170

make_hawk_token.py

@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+"""Create a Hawk token for tests
+
+requires hawkauthlib, tokenlib, webob
+
+Creates the hawk headers for auth::tests, in particular valid_header and
+valid_header_with_querystring.
+
+The latter modifies the query string which changes the mac/nonce and
+potentially ts values (in the Hawk header).
+
+"""
+import hmac
+import os
+import time
+from binascii import hexlify
+from datetime import timedelta
+from hashlib import sha256
+
+import hawkauthlib
+import tokenlib
+from webob.request import Request
+
+LEGACY_UID = 1
+FXA_UID = "319b98f9961ff1dbdd07313cd6ba925a"
+FXA_KID = "de697ad66d845b2873c9d7e13b8971af"
+DEVICE_ID = "device1"
+NODE = "http://localhost:5000"
+# 10 years
+DURATION = timedelta(days=10 * 365).total_seconds()
+
+SECRET = "Ted Koppel is a robot"
+HMAC_KEY = b"foo"
+
+SALT = hexlify(os.urandom(3)).decode('ascii')
+
+
+def create_token():
+    expires = int(time.time()) + DURATION
+    token_data = {
+        'uid': LEGACY_UID,
+        'node': NODE,
+        'expires': expires,
+        'fxa_uid': FXA_UID,
+        'fxa_kid': FXA_KID,
+        'hashed_fxa_uid': metrics_hash(FXA_UID),
+        'hashed_device_id': metrics_hash(DEVICE_ID),
+        'salt': SALT,
+    }
+    token = tokenlib.make_token(token_data, secret=SECRET)
+    key = tokenlib.get_derived_secret(token, secret=SECRET)
+    return token, key, expires, SALT
+
+
+def metrics_hash(value):
+    hasher = hmac.new(HMAC_KEY, b'', sha256)
+    # value may be an email address, in which case we only want the first part
+    hasher.update(value.encode('utf-8').split(b"@", 1)[0])
+    return hasher.hexdigest()
+
+def main():
+    token, key, expires, salt = create_token()
+    path = "http://localhost:5000/storage/1.5/1/storage/col2"
+    req = Request.blank(path)
+    header = hawkauthlib.sign_request(req, token, key)
+    print("Expires: ", expires)
+    print("Salt: ", salt)
+    print("\nPath: ", path)
+    print("Hawk Authorization Header: ", header)
+
+    path = ("http://localhost:5000/storage/1.5/1/storage/col2"
+            "?batch=MTUzNjE5ODk3NjkyMQ==&commit=true")
+    req = Request.blank(path, POST="")
+    header = hawkauthlib.sign_request(req, token, key)
+    print("\nPath: ", path)
+    print("Hawk Authorization Header: ", header)
+
+
+if __name__ == '__main__':
+    main()

spanner-2019-10-01.ddl

@@ -0,0 +1,37 @@
+CREATE TABLE batches (
+  userid STRING(MAX) NOT NULL,
+  collection INT64 NOT NULL,
+  id TIMESTAMP NOT NULL,
+  fxa_kid STRING(MAX) NOT NULL,
+  bsos STRING(MAX) NOT NULL,
+  expiry TIMESTAMP NOT NULL,
+  timestamp TIMESTAMP,
+) PRIMARY KEY(userid, fxa_kid, collection, id);
+
+CREATE TABLE collections (
+  collectionid INT64 NOT NULL,
+  name STRING(MAX) NOT NULL,
+) PRIMARY KEY(collectionid);
+
+CREATE TABLE user_collections (
+  userid STRING(MAX) NOT NULL,
+  fxa_kid STRING(MAX) NOT NULL,
+  collection INT64 NOT NULL,
+  last_modified TIMESTAMP NOT NULL,
+) PRIMARY KEY(userid, fxa_kid, collection);
+
+CREATE TABLE bso (
+  userid STRING(MAX) NOT NULL,
+  fxa_kid STRING(MAX) NOT NULL,
+  collection INT64 NOT NULL,
+  id STRING(MAX) NOT NULL,
+  sortindex INT64,
+  modified TIMESTAMP NOT NULL,
+  payload STRING(MAX) NOT NULL,
+  ttl TIMESTAMP NOT NULL,
+) PRIMARY KEY(userid, fxa_kid, collection, id),
+  INTERLEAVE IN PARENT user_collections ON DELETE CASCADE;
+
+CREATE INDEX BsoLastModified ON bso(userid, fxa_kid, collection, modified DESC, ttl), INTERLEAVE IN user_collections;
+
+CREATE INDEX BsoTtl ON bso(ttl)