diff --git a/cli/collection_create.go b/cli/collection_create.go index 9525b821fa..f4c36fbd53 100644 --- a/cli/collection_create.go +++ b/cli/collection_create.go @@ -34,7 +34,7 @@ Options: and permissions are controlled by ACP (Access Control Policy). -e, --encrypt - Encrypt flag specified if the document needs to be encrypted. If set DefraDB will generate a + Encrypt flag specified if the document needs to be encrypted. If set, DefraDB will generate a symmetric key for encryption using AES-GCM. Example: create from string: @@ -99,7 +99,7 @@ Example: create from stdin: }, } cmd.PersistentFlags().BoolVarP(&shouldEncrypt, "encrypt", "e", false, - "Encryption key used to encrypt/decrypt the document") + "Flag to enable encryption of the document") cmd.Flags().StringVarP(&file, "file", "f", "", "File containing document(s)") return cmd } diff --git a/cli/request.go b/cli/request.go index b6ec8e05ce..795046ece9 100644 --- a/cli/request.go +++ b/cli/request.go @@ -26,11 +26,21 @@ const ( func MakeRequestCommand() *cobra.Command { var filePath string + var shouldEncrypt bool var cmd = &cobra.Command{ Use: "query [-i --identity] [request]", Short: "Send a DefraDB GraphQL query request", Long: `Send a DefraDB GraphQL query request to the database. +Options: + -i, --identity + Marks the document as private and set the identity as the owner. The access to the document + and permissions are controlled by ACP (Access Control Policy). + + -e, --encrypt + Encrypt flag specified if the document needs to be encrypted. If set, DefraDB will generate a + symmetric key for encryption using AES-GCM. + A query request can be sent as a single argument. Example command: defradb client query 'query { ... }' @@ -71,6 +81,7 @@ To learn more about the DefraDB GraphQL Query Language, refer to https://docs.so } store := mustGetContextStore(cmd) + setContextDocEncryption(cmd, shouldEncrypt, nil) result := store.ExecRequest(cmd.Context(), request) var errors []string @@ -89,6 +100,8 @@ To learn more about the DefraDB GraphQL Query Language, refer to https://docs.so }, } + cmd.PersistentFlags().BoolVarP(&shouldEncrypt, "encrypt", "e", false, + "Flag to enable encryption of the document") cmd.Flags().StringVarP(&filePath, "file", "f", "", "File containing the query request") return cmd } diff --git a/http/client.go b/http/client.go index 2843ee4f2d..bca22b9395 100644 --- a/http/client.go +++ b/http/client.go @@ -29,6 +29,7 @@ import ( "github.com/sourcenetwork/defradb/client" "github.com/sourcenetwork/defradb/datastore" "github.com/sourcenetwork/defradb/event" + "github.com/sourcenetwork/defradb/internal/encryption" ) var _ client.DB = (*Client)(nil) @@ -355,6 +356,12 @@ func (c *Client) ExecRequest( return result } err = c.http.setDefaultHeaders(req) + + encConf := encryption.GetContextConfig(ctx) + if encConf.HasValue() && encConf.Value().IsEncrypted { + req.Header.Set(DocEncryptionHeader, "1") + } + if err != nil { result.GQL.Errors = []error{err} return result diff --git a/http/handler_store.go b/http/handler_store.go index de534a8c1d..df2136db87 100644 --- a/http/handler_store.go +++ b/http/handler_store.go @@ -22,6 +22,7 @@ import ( "github.com/sourcenetwork/immutable" "github.com/sourcenetwork/defradb/client" + "github.com/sourcenetwork/defradb/internal/encryption" ) type storeHandler struct{} @@ -312,7 +313,12 @@ func (s *storeHandler) ExecRequest(rw http.ResponseWriter, req *http.Request) { return } - result := store.ExecRequest(req.Context(), request.Query) + ctx := req.Context() + if req.Header.Get(DocEncryptionHeader) == "1" { + ctx = encryption.SetContextConfig(ctx, encryption.DocEncConfig{IsEncrypted: true}) + } + + result := store.ExecRequest(ctx, request.Query) if result.Subscription == nil { responseJSON(rw, http.StatusOK, GraphQLResponse{result.GQL.Data, result.GQL.Errors}) diff --git a/tests/clients/cli/wrapper.go b/tests/clients/cli/wrapper.go index 18e306c0f4..b1fdae8a8a 100644 --- a/tests/clients/cli/wrapper.go +++ b/tests/clients/cli/wrapper.go @@ -31,6 +31,7 @@ import ( "github.com/sourcenetwork/defradb/datastore" "github.com/sourcenetwork/defradb/event" "github.com/sourcenetwork/defradb/http" + "github.com/sourcenetwork/defradb/internal/encryption" "github.com/sourcenetwork/defradb/net" ) @@ -399,6 +400,11 @@ func (w *Wrapper) ExecRequest( result := &client.RequestResult{} + encCond := encryption.GetContextConfig(ctx) + if encCond.HasValue() && encCond.Value().IsEncrypted { + args = append(args, "--encrypt") + } + stdOut, stdErr, err := w.cmd.executeStream(ctx, args) if err != nil { result.GQL.Errors = []error{err}