Add vault metadata WiP (#19).

Author: chenkins

backend/setup/aws_sts/createbucketpermissionpolicy.json

@@ -21,7 +21,7 @@
         "s3:PutObject"
       ],
       "Resource": [
-        "arn:aws:s3:::cipherduck*/vault.cryptomator",
+        "arn:aws:s3:::cipherduck*/vault.uvf",
         "arn:aws:s3:::cipherduck*/*/"
       ]
     }

backend/setup/minio_sts/createbucketpolicy.json

@@ -20,7 +20,7 @@
       ],
       "Resource": [
         "arn:aws:s3:::cipherduck*/*/",
-        "arn:aws:s3:::cipherduck*/vault.cryptomator"
+        "arn:aws:s3:::cipherduck*/vault.uvf"
       ]
     }
   ]

backend/src/main/java/org/cryptomator/hub/api/VaultResource.java

@@ -441,6 +441,10 @@ public Response createOrUpdate(@PathParam("vaultId") UUID vaultId, @Valid @NotNu
 		vault.description = vaultDto.description;
 		vault.archived = existingVault.isEmpty() ? false : vaultDto.archived;
 
+		// / start cipherduck extension
+		vault.metadata = vaultDto.metadata;
+		// \ end cipherduck extension
+
 		vault.persistAndFlush(); // trigger PersistenceException before we continue with
 		if (existingVault.isEmpty()) {
 			var access = new VaultAccess();
@@ -525,10 +529,17 @@ public record VaultDto(@JsonProperty("id") UUID id,
 						   @JsonProperty("masterkey") @OnlyBase64Chars String masterkey, @JsonProperty("iterations") Integer iterations,
 						   @JsonProperty("salt") @OnlyBase64Chars String salt,
 						   @JsonProperty("authPublicKey") @OnlyBase64Chars String authPublicKey, @JsonProperty("authPrivateKey") @OnlyBase64Chars String authPrivateKey
+						   // / start cipherduck extension
+							,@JsonProperty("metadata") @NotNull String metadata
+						   // \ end cipherduck extension
 	) {
 
 		public static VaultDto fromEntity(Vault entity) {
-			return new VaultDto(entity.id, entity.name, entity.description, entity.archived, entity.creationTime.truncatedTo(ChronoUnit.MILLIS), entity.masterkey, entity.iterations, entity.salt, entity.authenticationPublicKey, entity.authenticationPrivateKey);
+			return new VaultDto(entity.id, entity.name, entity.description, entity.archived, entity.creationTime.truncatedTo(ChronoUnit.MILLIS), entity.masterkey, entity.iterations, entity.salt, entity.authenticationPublicKey, entity.authenticationPrivateKey
+					// / start cipherduck extension
+					, entity.metadata
+					// \ end cipherduck extension
+					);
 		}
 
 	}

backend/src/main/java/org/cryptomator/hub/api/cipherduck/CreateS3STSBucketDto.java

@@ -0,0 +1,27 @@
+package org.cryptomator.hub.api.cipherduck;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.UUID;
+
+public record CreateS3STSBucketDto(
+		@JsonProperty("vaultId")
+		String vaultId,
+		@JsonProperty("storageConfigId")
+		UUID storageConfigId,
+		@JsonProperty("vaultUvf")
+		String vaultUvf,
+		@JsonProperty("rootDirHash")
+		String rootDirHash,
+		@JsonProperty("awsAccessKey")
+		String awsAccessKey,
+		@JsonProperty("awsSecretKey")
+		String awsSecretKey,
+		@JsonProperty("sessionToken")
+		String sessionToken,
+		@JsonProperty("region")
+		String region
+) {
+
+}
+

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageDto.java

@@ -9,7 +9,7 @@ public record StorageDto(
 		String vaultId,
 		@JsonProperty("storageConfigId")
 		UUID storageConfigId,
-		@JsonProperty("vaultConfigToken")
+		@JsonProperty("vaultUvf")
 		String vaultConfigToken,
 		@JsonProperty("rootDirHash")
 		String rootDirHash,

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageProfileResource.java

@@ -27,7 +27,6 @@
 import java.util.List;
 import java.util.UUID;
 import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 @Path("/storageprofile")
 public class StorageProfileResource {
@@ -137,7 +136,7 @@ public Response archive(@PathParam("profileId") UUID profileId, @FormParam("arch
 	@Transactional
 	@Operation(summary = "get configs for storage backends", description = "get list of configs for storage backends")
 	@APIResponse(responseCode = "200", description = "uploaded storage configuration")
-	public VaultJWEPayloadDto getVaultJWEBackendDto(final StorageProfileDto.Protocol protocol) {
+	public VaultMasterkeyJWEDto getVaultJWEBackendDto(final StorageProfileDto.Protocol protocol) {
 		// N.B. temporary workaround to have VaultJWEBackendDto exposed in openapi.json for now....
 		return null;
 	}

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageProfileS3Dto.java

@@ -35,7 +35,7 @@ public enum S3_STORAGE_CLASSES {
 	@Schema(description = "Whether to use path style for S3 endpoint for template upload/bucket creation.", example = "false", defaultValue = "false")
 	Boolean withPathStyleAccessEnabled = false;
 
-	@JsonProperty(value = "storageClass")
+	@JsonProperty(value = "storageClass", defaultValue = "STANDARD")
 	@Schema(description = "Storage class for upload. Defaults to STANDARD", example = "STANDARD", required = true)
 	S3_STORAGE_CLASSES storageClass = S3_STORAGE_CLASSES.STANDARD;
 

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageProfileS3STSDto.java

@@ -34,11 +34,11 @@ public enum S3_SERVERSIDE_ENCRYPTION {
 	String stsRoleArnClient;
 
 	@JsonProperty(value = "stsRoleArnHub", required = true)
-	@Schema(description = "STS role for frontend to assume to create buckets (used with inline policy and passed to hub backend). Will be the same as stsRoleArnClient for AWS, different for MinIO.", example = "arn:aws:iam::<ACCOUNT ID>:role/cipherduck-createbucket")
+	@Schema(description = "STS role for frontend to assume to create buckets (used with inline policy and passed to hub storage). Will be the same as stsRoleArnClient for AWS, different for MinIO.", example = "arn:aws:iam::<ACCOUNT ID>:role/cipherduck-createbucket")
 	String stsRoleArnHub;
 
 	@JsonProperty("stsEndpoint")
-	@Schema(description = "STS endpoint to use for AssumeRoleWithWebIdentity and AssumeRole for getting a temporary access token passed to the backend. Defaults to AWS SDK default.", nullable = true)
+	@Schema(description = "STS endpoint to use for AssumeRoleWithWebIdentity and AssumeRole for getting a temporary access token passed to the storage. Defaults to AWS SDK default.", nullable = true)
 	String stsEndpoint;
 
 	@JsonProperty(value = "bucketVersioning", defaultValue = "true", required = true)

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageResource.java

@@ -55,7 +55,7 @@ public class StorageResource {
 	@APIResponse(responseCode = "400", description = "Could not create bucket")
 	@APIResponse(responseCode = "409", description = "Vault with this ID or bucket with this name already exists")
 	@APIResponse(responseCode = "410", description = "Storage profile is archived")
-	public Response createBucket(@PathParam("vaultId") UUID vaultId, final StorageDto storage) {
+	public Response createBucket(@PathParam("vaultId") UUID vaultId, final CreateS3STSBucketDto storage) {
 		Optional<Vault> vault = Vault.<Vault>findByIdOptional(vaultId);
 		if (vault.isPresent()) {
 			throw new ClientErrorException(String.format("Vault with ID %s already exists", vaultId), Response.Status.CONFLICT);

backend/src/main/java/org/cryptomator/hub/api/cipherduck/VaultJWEBackendDto.java

@@ -5,7 +5,7 @@
 /**
  * Part of vault JWE specifying the vault bookmark.
  * Allows to create a bookmark in the client referencing the vendor in the storage profiles.
- * This Java record is unused in hub, only its ts counterpart in `backend.ts`.
+ * This Java record is unused in hub, only its ts counterpart in `storage.ts`.
  * It will used in Cipherduck client in the OpenAPI generator.
  */
 public record VaultJWEBackendDto(