Skip to main content

Module signed_writes_kind

reddb_server::runtime

Module signed_writes_kind 

Source
Expand description

Issue #522 — runtime wiring for CREATE COLLECTION ... SIGNED_BY (...) collections.

The pure logic — registry + verify_insert + error taxonomy — lives in crate::storage::signed_writes. This module is the thin adapter that:

  1. Persists the per-collection signer registry on the existing red_config config tree under red.collection.{name}.signed_writes.* so it survives restarts.
  2. Loads the registry on demand for the INSERT-time verification path and the ALTER COLLECTION ... ADD|REVOKE SIGNER executor.
  3. Builds the canonical bytes the client must have signed by reusing the engine’s existing canonical-payload encoding (super::blockchain_kind::canonical_payload) with the two signed-writes reserved columns stripped — same encoding the blockchain hash binds, so no new on-the-wire spec is introduced.

Structs§

SignerColumn
Pulled-apart signer / signature reserved columns. Carries:

Constants§

RESERVED_COLUMNS
Reserved column set automatically present on every signed-writes collection. Filtered out of the canonical-payload bytes the client signs.
SIGNATURE_BYTES
Length sanity: a signature blob must be exactly 64 bytes. Surfaced to the caller so it can return MalformedSignature before computing the canonical payload.

Functions§

add_signer
Apply ALTER COLLECTION ... ADD SIGNER 'hex' on a signed-writes collection. Returns true if the registry actually changed.
install
Persist the registry-bearing marker plus the initial allowed-signer list. Idempotent: re-calling with the same list is a no-op if a registry is already installed.
is_signed
Returns true if CREATE COLLECTION ... SIGNED_BY (...) was issued (or ALTER COLLECTION ... ADD SIGNER has been used to enable the registry) and there is at least a marker in red_config.
map_error
Map a SignedWriteError onto a [RedDBError] whose marker prefix is picked up by the transport-layer status mapper.
registry
Load the current registry. Cheap enough for the INSERT hot path: two red_config reads + two JSON parses, no scan of the parent collection.
revoke_signer
Apply ALTER COLLECTION ... REVOKE SIGNER 'hex' on a signed-writes collection. Returns true if the key was previously allowed.
split_signature_fields
Pull the signer_pubkey and signature values out of the row’s fields. Returns the parsed reserved columns + the residual field list (fields stripped of the two reserved columns) — the residual goes into the canonical payload.
verify_row
Top-level INSERT-time check used by the engine. Computes the canonical payload from the (already reserved-column-stripped) residual fields and dispatches to verify_insert.