from parsec.api.protocol.base import BaseReqSchema, BaseRepSchema, CmdSerializer
from parsec.api.protocol.types import OrganizationIDField, DeviceIDField
class APIV1_OrganizationCreateReqSchema(BaseReqSchema):
organization_id = OrganizationIDField(required=True)
expiration_date = fields.DateTime(allow_none=True, required=False)
class APIV1_OrganizationCreateRepSchema(BaseRepSchema):
bootstrap_token = fields.String(required=True)
expiration_date = fields.DateTime(allow_none=True, required=False)
apiv1_organization_create_serializer = CmdSerializer(
APIV1_OrganizationCreateReqSchema, APIV1_OrganizationCreateRepSchema
)
class APIV1_OrganizationBootstrapReqSchema(BaseReqSchema):
bootstrap_token = fields.String(required=True)
root_verify_key = fields.VerifyKey(required=True)
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
# Same certificates than above, but expurged of human_handle/device_label
# Backward compatibility prevent those field to be required, however
# they should be considered so by recent version of Parsec (hence the
# `allow_none=False`).
# Hence only old version of Parsec will provide a payload with missing
# redacted fields. In such case we consider the non-redacted can also
# be used as redacted given the to-be-redacted fields have been introduce
# Parsec Cloud (https://parsec.cloud) Copyright (c) AGPLv3 2019 Scille SAS
from parsec.serde import BaseSchema, fields
from parsec.api.protocol.base import BaseReqSchema, BaseRepSchema, CmdSerializer
from parsec.api.protocol.types import DeviceIDField
__all__ = ("message_get_serializer",)
class MessageGetReqSchema(BaseReqSchema):
offset = fields.Integer(required=True, validate=lambda n: n >= 0)
class MessageSchema(BaseSchema):
count = fields.Integer(required=True)
sender = DeviceIDField(required=True)
timestamp = fields.DateTime(required=True)
body = fields.Bytes(required=True)
class MessageGetRepSchema(BaseRepSchema):
messages = fields.List(fields.Nested(MessageSchema), required=True)
message_get_serializer = CmdSerializer(MessageGetReqSchema, MessageGetRepSchema)
from parsec.serde import fields
from parsec.api.protocol.base import BaseReqSchema, BaseRepSchema, CmdSerializer
__all__ = ("block_create_serializer", "block_read_serializer")
class BlockCreateReqSchema(BaseReqSchema):
block_id = fields.UUID(required=True)
realm_id = fields.UUID(required=True)
block = fields.Bytes(required=True)
class BlockCreateRepSchema(BaseRepSchema):
pass
block_create_serializer = CmdSerializer(BlockCreateReqSchema,
BlockCreateRepSchema)
class BlockReadReqSchema(BaseReqSchema):
block_id = fields.UUID(required=True)
class BlockReadRepSchema(BaseRepSchema):
block = fields.Bytes(required=True)
block_read_serializer = CmdSerializer(BlockReadReqSchema, BlockReadRepSchema)
required=True) # Signature should be checked before loading
class PkiEnrollmentSubmitRepSchema(BaseRepSchema):
submitted_on = fields.DateTime(required=True)
class PkiEnrollmentErrorSubmitRepSchema(BaseRepSchema):
status = fields.String(required=True)
submitted_on = fields.DateTime(required=True)
pki_enrollment_submit_serializer = CmdSerializer(
PkiEnrollmentSubmitReqSchema,
PkiEnrollmentSubmitRepSchema,
extra_error_schemas={
"already_submitted": PkiEnrollmentErrorSubmitRepSchema
},
)
# pki_enrollment_info
class PkiEnrollmentInfoReqSchema(BaseReqSchema):
enrollment_id = fields.UUID(required=True)
class PkiEnrollmentInfoRepSubmittedSchema(BaseRepSchema):
enrollment_status = fields.EnumCheckedConstant(
PkiEnrollmentStatus.SUBMITTED, required=True)
submitted_on = fields.DateTime(required=True)
APIEvent.INVITE_STATUS_CHANGED:
EventsInviteStatusChangedRepSchema(),
APIEvent.REALM_ROLES_UPDATED:
EventsRealmRolesUpdatedRepSchema(),
APIEvent.REALM_VLOBS_UPDATED:
EventsRealmVlobsUpdatedRepSchema(),
APIEvent.REALM_MAINTENANCE_STARTED:
EventsRealmMaintenanceStartedRepSchema(),
APIEvent.REALM_MAINTENANCE_FINISHED:
EventsRealmMaintenanceFinishedRepSchema(),
}
def get_obj_type(self, obj: Dict[str, object]) -> APIEvent:
return cast(APIEvent, obj["event"])
events_listen_serializer = CmdSerializer(EventsListenReqSchema,
EventsListenRepSchema)
class EventsSubscribeReqSchema(BaseReqSchema):
pass
class EventsSubscribeRepSchema(BaseRepSchema):
pass
events_subscribe_serializer = CmdSerializer(EventsSubscribeReqSchema,
EventsSubscribeRepSchema)
class UserGetReqSchema(BaseReqSchema):
user_id = UserIDField(required=True)
class UserGetRepSchema(BaseRepSchema):
user_certificate = fields.Bytes(required=True)
revoked_user_certificate = fields.Bytes(required=True, allow_none=True)
device_certificates = fields.List(fields.Bytes(required=True),
required=True)
trustchain = fields.Nested(TrustchainSchema, required=True)
user_get_serializer = CmdSerializer(UserGetReqSchema, UserGetRepSchema)
class APIV1_UserFindReqSchema(BaseReqSchema):
query = fields.String(missing=None)
omit_revoked = fields.Boolean(missing=False)
page = fields.Int(missing=1, validate=lambda n: n > 0)
per_page = fields.Integer(missing=100, validate=lambda n: 0 < n <= 100)
class APIV1_UserFindRepSchema(BaseRepSchema):
results = fields.List(UserIDField())
page = fields.Int(validate=lambda n: n > 0)
per_page = fields.Integer(validate=lambda n: 0 < n <= 100)
total = fields.Int(validate=lambda n: n >= 0)
# Parsec Cloud (https://parsec.cloud) Copyright (c) AGPLv3 2019 Scille SAS
from parsec.serde import fields
from parsec.api.protocol.base import BaseReqSchema, BaseRepSchema, CmdSerializer
__all__ = ("ping_serializer", )
class PingReqSchema(BaseReqSchema):
ping = fields.String(required=True)
class PingRepSchema(BaseRepSchema):
pong = fields.String(required=True)
ping_serializer = CmdSerializer(PingReqSchema, PingRepSchema)
vlob_id = fields.UUID(required=True)
# If blob contains a signed message, it timestamp cannot be directly enforced
# by the backend (given the message is probably also encrypted).
# Hence the timestamp is passed in clear so backend can reject the message
# if it considers the timestamp invalid. On top of that each client asking
# for the message will receive the declared timestamp to check against
# the actual timestamp within the message.
timestamp = fields.DateTime(required=True)
blob = fields.Bytes(required=True)
class VlobCreateRepSchema(BaseRepSchema):
pass
vlob_create_serializer = CmdSerializer(VlobCreateReqSchema, VlobCreateRepSchema)
class VlobReadReqSchema(BaseReqSchema):
encryption_revision = fields.Integer(required=True)
vlob_id = fields.UUID(required=True)
version = fields.Integer(validate=lambda n: n is None or _validate_version(n), missing=None)
timestamp = fields.DateTime(allow_none=True, missing=None)
class VlobReadRepSchema(BaseRepSchema):
version = fields.Integer(required=True, validate=_validate_version)
blob = fields.Bytes(required=True)
author = DeviceIDField(required=True)
timestamp = fields.DateTime(required=True)
class InviteNewReqSchema(OneOfSchema):
type_field = "type"
type_schemas = {
InvitationType.USER: InviteNewUserReqSchema(),
InvitationType.DEVICE: InviteNewDeviceReqSchema(),
}
def get_obj_type(self, obj: Dict[str, object]) -> InvitationType:
return cast(InvitationType, obj["type"])
class InviteNewRepSchema(BaseRepSchema):
token = fields.UUID(required=True)
invite_new_serializer = CmdSerializer(InviteNewReqSchema, InviteNewRepSchema)
class InvitationDeletedReason(Enum):
FINISHED = "FINISHED"
CANCELLED = "CANCELLED"
ROTTEN = "ROTTEN"
InvitationDeletedReasonField = fields.enum_field_factory(
InvitationDeletedReason)
class InviteDeleteReqSchema(BaseReqSchema):
token = fields.UUID(required=True)
reason = InvitationDeletedReasonField(required=True)
READER = "READER"
RealmRoleField = fields.enum_field_factory(RealmRole)
MaintenanceTypeField = fields.enum_field_factory(MaintenanceType)
class RealmCreateReqSchema(BaseReqSchema):
role_certificate = fields.Bytes(required=True)
class RealmCreateRepSchema(BaseRepSchema):
pass
realm_create_serializer = CmdSerializer(RealmCreateReqSchema, RealmCreateRepSchema)
class RealmStatusReqSchema(BaseReqSchema):
realm_id = fields.UUID(required=True)
class RealmStatusRepSchema(BaseRepSchema):
in_maintenance = fields.Boolean(required=True)
maintenance_type = MaintenanceTypeField(allow_none=True)
maintenance_started_on = fields.DateTime(required=True, allow_none=True)
maintenance_started_by = DeviceIDField(required=True, allow_none=True)
encryption_revision = fields.Integer(required=True)
realm_status_serializer = CmdSerializer(RealmStatusReqSchema, RealmStatusRepSchema)
__all__ = "organization_bootstrap_serializer"
class OrganizationCreateReqSchema(BaseReqSchema):
organization_id = OrganizationIDField(required=True)
expiration_date = fields.DateTime(allow_none=True, required=False)
class OrganizationCreateRepSchema(BaseRepSchema):
bootstrap_token = fields.String(required=True)
expiration_date = fields.DateTime(allow_none=True, required=False)
organization_create_serializer = CmdSerializer(
OrganizationCreateReqSchema, OrganizationCreateRepSchema
)
class OrganizationBootstrapReqSchema(BaseReqSchema):
bootstrap_token = fields.String(required=True)
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
root_verify_key = fields.VerifyKey(required=True)
class OrganizationBootstrapRepSchema(BaseRepSchema):
pass
organization_bootstrap_serializer = CmdSerializer(
BlockIDField = fields.uuid_based_field_factory(BlockID)
class BlockCreateReqSchema(BaseReqSchema):
block_id = BlockIDField(required=True)
realm_id = RealmIDField(required=True)
block = fields.Bytes(required=True)
class BlockCreateRepSchema(BaseRepSchema):
pass
block_create_serializer = CmdSerializer(BlockCreateReqSchema, BlockCreateRepSchema)
@attr.s(slots=True, frozen=True, auto_attribs=True, kw_only=True, eq=False)
class BlockReadReq(BaseReq):
class SCHEMA_CLS(BaseTypedReqSchema):
cmd = fields.CheckedConstant("block_read", required=True)
block_id = BlockIDField(required=True)
block_id: BlockID
@attr.s(slots=True, frozen=True, auto_attribs=True, kw_only=True, eq=False)
class BlockReadRepOk(BaseRep):
class SCHEMA_CLS(BaseTypedRepSchema):
status = fields.CheckedConstant("ok", required=True)
class UserGetReqSchema(BaseReqSchema):
user_id = UserIDField(required=True)
class UserGetRepSchema(BaseRepSchema):
user_certificate = fields.Bytes(required=True)
revoked_user_certificate = fields.Bytes(required=True, allow_none=True)
device_certificates = fields.List(fields.Bytes(required=True),
required=True)
trustchain = fields.Nested(TrustchainSchema, required=True)
user_get_serializer = CmdSerializer(UserGetReqSchema, UserGetRepSchema)
class FindUserReqSchema(BaseReqSchema):
query = fields.String(missing=None)
omit_revoked = fields.Boolean(missing=False)
page = fields.Int(missing=1, validate=lambda n: n > 0)
per_page = fields.Integer(missing=100, validate=lambda n: 0 < n <= 100)
class FindUserRepSchema(BaseRepSchema):
results = fields.List(UserIDField())
page = fields.Int(validate=lambda n: n > 0)
per_page = fields.Integer(validate=lambda n: 0 < n <= 100)
total = fields.Int(validate=lambda n: n >= 0)
revoked_users = fields.List(fields.Bytes(required=True))
class UserGetReqSchema(BaseReqSchema):
user_id = UserIDField(required=True)
class UserGetRepSchema(BaseRepSchema):
user_certificate = fields.Bytes(required=True)
revoked_user_certificate = fields.Bytes(required=True, allow_none=True)
device_certificates = fields.List(fields.Bytes(required=True), required=True)
trustchain = fields.Nested(TrustchainSchema, required=True)
user_get_serializer = CmdSerializer(UserGetReqSchema, UserGetRepSchema)
#### User creation API ####
class UserCreateReqSchema(BaseReqSchema):
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
# Same certificates than above, but expurged of human_handle/device_label
redacted_user_certificate = fields.Bytes(required=True)
redacted_device_certificate = fields.Bytes(required=True)
class UserCreateRepSchema(BaseRepSchema):
pass