WIP: put a shape on a LDPSourceKeyPair model (#236) (!211) · Merge requests · djangoldp-packages / djangoldp

decentral1se requested to merge decentral1se/djangoldp:key-model-236 into master Mar 16, 2021

Didn't get much time today but just to get something up that can be looked at (it is missing a lot but just to move the discussion a long).

@calummackervoy, I am wondering if this what you had in mind? A model on the djangoldp core side which re-uses the RSAKey model? Following your logic in #236 (comment 56015), if a LDPSource has a linked key pair, then it is "trusted" and incoming requests can be verified using the locally stored public key part. The management command will easy the UX of importing a key and linking it with a source (I will also prepare something on the Django admin side too).

Sooo, then I can imagine when we receive requests, we can pull out the @id, do a lookup with something like LDPSourceKeyPair.objects.get(source=id) and if we find nothing, then we know to reject. Otherwise, we can verify.

And yeah, I can use a check against settings.SITE_URL to know if the key pair matches the local server. Then I can use that key pair to sign outgoing requests.

With some feedback on this, I can hammer it out and then can get onto the signing/verifying code shortly after.

Edited Mar 16, 2021 by decentral1se

WIP: put a shape on a LDPSourceKeyPair model (#236)

Merge request reports