update ocfl-go (#26)

Use most recent version of ocfl-go, fixing #21

README.md

@@ -29,6 +29,22 @@ Images are built with `ko`
  VERSION=0.x.y KO_DOCKER_REPO=srerickson ko -B build ./cmd/chaparral
 ```
 
+## Authorization
+
+Chaparral can use signed web tokens for authentication by setting the
+`CHAPARRAL_PUBKEY_FILE` environment variable or the `pubkey_file` config value
+to the path of a PEM-encoded RSA public key.
+
+Generate a new RSA key pair:
+
+```sh
+# generate a new key
+$ openssl genrsa -out auth.pem 2048
+
+# export public key
+$openssl pkey -in auth.pem -pubout > auth-pub.pem
+```
+
 ## About the name
 
 > Chaparral is a shrubland plant community found primarily in California, in

cmd/chaparral/run/run.go

@@ -87,12 +87,10 @@ func Run(ctx context.Context, conf *Config) error {
 	chapDB := (*chapdb.SQLiteDB)(db)
 
 	logger.Debug("initializing backend...", "config", conf.Backend)
-
-	fsys, err := newBackend(conf.Backend)
+	fsys, err := newBackend(conf.Backend, logger.Logger)
 	if err != nil {
 		return err
 	}
-
 	var rootPaths []string
 	var roots []*store.StorageRoot
 	for _, rootConfig := range conf.Roots {
@@ -208,18 +206,21 @@ func Run(ctx context.Context, conf *Config) error {
 	return srvErr
 }
 
-func newBackend(storage string) (ocfl.WriteFS, error) {
+func newBackend(storage string, logger *slog.Logger) (ocfl.WriteFS, error) {
 	var b interface {
 		IsAccessible() (bool, error)
 		NewFS() (ocfl.WriteFS, error)
 	}
-	kind, loc, _ := strings.Cut(storage, "://")
+	kind, configStr, _ := strings.Cut(storage, "://")
 	switch kind {
 	case "file":
-		b = &backend.FileBackend{Path: loc}
+		b = &backend.FileBackend{Path: configStr}
 	case "s3":
-		bucket, query, _ := strings.Cut(loc, "?")
-		s3back := &backend.S3Backend{Bucket: bucket}
+		bucket, query, _ := strings.Cut(configStr, "?")
+		s3back := &backend.S3Backend{
+			Bucket: bucket,
+			Logger: logger,
+		}
 		if query != "" {
 			opts, err := url.ParseQuery(query)
 			if err != nil {

config.yaml

@@ -14,7 +14,7 @@
 # backend: file://.
 #
 # S3 example:
-# backend: s3://ocfl-bucket?region=us-west-2
+# backend: s3://ocfl?region=us-west-2
 
 
 # Upload path
@@ -26,19 +26,20 @@ uploads: "uploads"
 
 # Sorage Root config
 #
-# Multiple OCFL storage roots can be configured. Here the default storage root
-# path is set to `ocfl-default` (relative to the backend). If the storage root
-# doesn't exist, it will be created using values in `init`. Additional storage
-# roots can be added, but they need to include a unique, non-empty `id` value.
+# Multiple OCFL storage roots can be configured. If the storage root
+# doesn't exist, it will be created using values in `init`.
 roots:
-- id: "public"
-  path: "public"
+- id: "public" # id used in requests to refer to the storage root
+  path: "public" # path relative to backend (CHAPARRAL_BACKEN)
   init:
     description: "public"
     layout: "0003-hash-and-id-n-tuple-storage-layout"
 
-- id: "main"
-  path: "ocfl-default" # path relative to backend (CHAPARRAL_BACKEND)
+- id: restricted
+  path: restricted
+
+- id: "working"
+  path: "working" # path relative to backend (CHAPARRAL_BACKEND)
   init:
     # if the storage doesn't exist it will be created with 
     # these options
@@ -64,9 +65,9 @@ permissions:
   default:
     read_object: ["public::*"]
   roles:
-    # members can read any object in the 'main' storage root
+    # members can read any object in the 'restricted' storage root
     chaparral_member:
-      read_object: ["main::*"]
+      read_object: ["restricted::*"]
 
     # admins can do any action to any resource
     chaparral_admin: 

go.mod

@@ -3,73 +3,73 @@ module github.com/srerickson/chaparral
 go 1.21.0
 
 require (
-	github.com/aws/aws-sdk-go v1.50.36
+	github.com/aws/aws-sdk-go v1.51.21
 	github.com/bufbuild/connect-go v1.10.0
 	github.com/carlmjohnson/be v0.23.2
 	github.com/go-chi/chi/v5 v5.0.12
 	github.com/go-chi/httplog/v2 v2.0.9
 	github.com/go-jose/go-jose/v4 v4.0.1
 	github.com/google/uuid v1.6.0
 	github.com/kkyr/fig v0.4.0
-	github.com/pressly/goose/v3 v3.19.1
-	github.com/srerickson/ocfl-go v0.0.23
-	gocloud.dev v0.36.0
-	golang.org/x/crypto v0.21.0
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-	golang.org/x/net v0.22.0
+	github.com/pressly/goose/v3 v3.19.2
+	github.com/srerickson/ocfl-go v0.0.25
+	gocloud.dev v0.37.0
+	golang.org/x/crypto v0.22.0
+	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
+	golang.org/x/net v0.24.0
 	google.golang.org/protobuf v1.33.0
-	modernc.org/sqlite v1.29.3
+	modernc.org/sqlite v1.29.6
 )
 
 require (
-	github.com/aws/aws-sdk-go-v2 v1.25.3 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.27.7 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.7 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.51.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 // indirect
-	github.com/aws/smithy-go v1.20.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.53.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
+	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/carlmjohnson/deque v0.23.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/wire v0.6.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mfridman/interpolate v0.0.2 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/sethvargo/go-retry v0.2.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-	google.golang.org/api v0.169.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect
-	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/api v0.172.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
+	google.golang.org/grpc v1.63.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b // indirect
-	modernc.org/libc v1.44.0 // indirect
+	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.7.2 // indirect
+	modernc.org/memory v1.8.0 // indirect
 	modernc.org/strutil v1.2.0 // indirect
 	modernc.org/token v1.1.0 // indirect
 )