Add a new module to handle build server token seeds

The intent with these tokens is for them to be provided when build events are
submitted, preventing unauthorised submission of build events.

It should be possible to make the database public, so it shouldn't contain any
secret information. To have secret tokens that aren't in the database, store a
token seed, and combine this with some secret data to compute the secret.

1 files changed, 36 insertions, 0 deletions

diff --git a/guix-data-service/model/build-server-token-seed.scm b/guix-data-service/model/build-server-token-seed.scm
new file mode 100644
index 0000000..4a0c48d
--- /dev/null
+++ b/guix-data-service/model/build-server-token-seed.scm
@@ -0,0 +1,36 @@
+(define-module (guix-data-service model build-server-token-seed)
+  #:use-module (ice-9 match)
+  #:use-module (rnrs bytevectors)
+  #:use-module (squee)
+  #:use-module (gcrypt hash)
+  #:use-module (gcrypt base64)
+  #:export (compute-tokens-for-build-server))
+
+(define (compute-token secret-key-base build-server-id token-seed)
+  (let ((source-string
+         (simple-format #f "~A:~A:~A"
+                        secret-key-base
+                        build-server-id
+                        token-seed)))
+    (base64-encode
+     (bytevector-hash
+      (string->utf8 source-string)
+      (hash-algorithm sha1)))))
+
+(define (compute-tokens-for-build-server conn secret-key-base build-server-id)
+  (define query
+    "
+SELECT token_seed
+FROM build_server_token_seeds
+WHERE build_server_id = $1
+ORDER BY token_seed")
+
+  (map
+   (match-lambda
+     ((token-seed)
+      (cons token-seed
+            (compute-token secret-key-base
+                           build-server-id
+                           token-seed))))
+   (exec-query conn query (list (number->string build-server-id)))))
+