datafold 0.1.55

A personal database for data sovereignty with AI-powered ingestion
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

//! Security-related types and data structures

use serde::{Deserialize, Serialize};
use std::collections::HashMap;

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SignedMessage {
    pub payload: String,       // Base64 encoded JSON payload
    pub public_key_id: String, // ID of the public key
    pub signature: String,     // Hex-encoded signature
    pub timestamp: i64,        // Unix timestamp
}

impl SignedMessage {
    pub fn new(payload: String, public_key_id: String, signature: String, timestamp: i64) -> Self {
        Self {
            payload,
            public_key_id,
            signature,
            timestamp,
        }
    }
}

/// Public key registration request from client
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
pub struct PublicKeyRegistration {
    /// Base64-encoded Ed25519 public key
    pub public_key: String,
    /// User or client ID
    pub owner_id: String,
    /// Requested permissions
    pub permissions: Vec<String>,
    /// Optional metadata
    pub metadata: HashMap<String, String>,
    /// Optional expiration timestamp
    pub expires_at: Option<u64>,
}

/// Public key information stored on the backend
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PublicKeyInfo {
    /// Unique identifier for this public key
    pub id: String,
    /// Base64-encoded Ed25519 public key
    pub public_key: String,
    /// User or client ID associated with this key
    pub owner_id: String,
    /// When this key was registered
    pub created_at: i64,
    /// Optional expiration timestamp
    pub expires_at: Option<i64>,
    /// Whether this key is currently active
    pub is_active: bool,
    /// Permissions associated with this key
    pub permissions: Vec<String>,
    /// Additional metadata
    pub metadata: HashMap<String, String>,
}

impl PublicKeyInfo {
    /// Create a new public key info
    pub fn new(id: String, public_key: String, owner_id: String, permissions: Vec<String>) -> Self {
        Self {
            id,
            public_key,
            owner_id,
            created_at: chrono::Utc::now().timestamp(),
            expires_at: None,
            is_active: true,
            permissions,
            metadata: HashMap::new(),
        }
    }

    /// Check if this key is currently valid
    pub fn is_valid(&self) -> bool {
        if !self.is_active {
            return false;
        }

        if let Some(expires_at) = self.expires_at {
            return chrono::Utc::now().timestamp() < expires_at;
        }

        true
    }

    /// Add metadata to this key
    pub fn with_metadata(mut self, key: String, value: String) -> Self {
        self.metadata.insert(key, value);
        self
    }

    /// Set expiration time
    pub fn with_expiration(mut self, expires_at: i64) -> Self {
        self.expires_at = Some(expires_at);
        self
    }
}

/// Encrypted data container for at-rest storage
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EncryptedData {
    /// Base64-encoded encrypted data
    pub data: String,
    /// Base64-encoded nonce/IV used for encryption
    pub nonce: String,
    /// Tag for authentication (AES-GCM)
    pub tag: String,
    /// Encryption algorithm used
    pub algorithm: String,
    /// Timestamp when data was encrypted
    pub encrypted_at: i64,
}

impl EncryptedData {
    /// Create a new encrypted data container
    pub fn new(data: String, nonce: String, tag: String) -> Self {
        Self {
            data,
            nonce,
            tag,
            algorithm: "AES-256-GCM".to_string(),
            encrypted_at: chrono::Utc::now().timestamp(),
        }
    }
}

/// Key registration request from client
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeyRegistrationRequest {
    /// Base64-encoded Ed25519 public key
    pub public_key: String,
    /// User or client ID
    pub owner_id: String,
    /// Requested permissions
    pub permissions: Vec<String>,
    /// Optional metadata
    pub metadata: HashMap<String, String>,
    /// Optional expiration timestamp
    pub expires_at: Option<i64>,
}

/// Key registration response from backend
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeyRegistrationResponse {
    /// Whether registration was successful
    pub success: bool,
    /// Unique identifier assigned to the public key
    pub public_key_id: Option<String>,
    /// The registered public key information (included on successful registration)
    pub key: Option<PublicKeyInfo>,
    /// Error message if registration failed
    pub error: Option<String>,
}

/// Message verification result
#[derive(Debug, Clone)]
pub struct VerificationResult {
    /// Whether the signature is valid
    pub is_valid: bool,
    /// Public key info used for verification
    pub public_key_info: Option<PublicKeyInfo>,
    /// Error message if verification failed
    pub error: Option<String>,
    /// Whether the message timestamp is within acceptable range
    pub timestamp_valid: bool,
}

impl VerificationResult {
    /// Create a successful verification result
    pub fn success(public_key_info: PublicKeyInfo, timestamp_valid: bool) -> Self {
        Self {
            is_valid: true,
            public_key_info: Some(public_key_info),
            error: None,
            timestamp_valid,
        }
    }

    /// Create a failed verification result
    pub fn failure(error: String) -> Self {
        Self {
            is_valid: false,
            public_key_info: None,
            error: Some(error),
            timestamp_valid: false,
        }
    }
}