Merge pull request #58 from cipherstash/feat/add-new-sealer-api

[WIP] Add Identifiable and new API

Author: Bennett Hardwick

.github/workflows/test.yml

@@ -14,6 +14,7 @@ defaults:
 
 env:
   CARGO_REGISTRIES_CIPHERSTASH_TOKEN: "Token ${{ secrets.CLOUDSMITH_CARGO_TOKEN }}"
+  RUSTFLAGS: "-D warnings"
 
 jobs:
   test:
@@ -35,7 +36,7 @@ jobs:
           toolchain: stable
 
       - name: "Run tests"
-        run: cargo test --all-targets
+        run: cargo test --all-targets -- --ignored
         env:
           CS_WORKSPACE_ID: ${{ secrets.CS_WORKSPACE_ID }}
           CS_CLIENT_ACCESS_KEY: ${{ secrets.CS_CLIENT_ACCESS_KEY }}

cipherstash-dynamodb-derive/src/decryptable.rs

@@ -11,6 +11,17 @@ pub(crate) fn derive_decryptable(input: DeriveInput) -> Result<TokenStream, syn:
 
     let protected_attributes = settings.protected_attributes();
     let plaintext_attributes = settings.plaintext_attributes();
+
+    let protected_attributes_cow = settings
+        .protected_attributes()
+        .into_iter()
+        .map(|x| quote! { std::borrow::Cow::Borrowed(#x) });
+
+    let plaintext_attributes_cow = settings
+        .plaintext_attributes()
+        .into_iter()
+        .map(|x| quote! { std::borrow::Cow::Borrowed(#x) });
+
     let skipped_attributes = settings.skipped_attributes();
     let ident = settings.ident();
 
@@ -41,6 +52,14 @@ pub(crate) fn derive_decryptable(input: DeriveInput) -> Result<TokenStream, syn:
     let expanded = quote! {
         #[automatically_derived]
         impl cipherstash_dynamodb::traits::Decryptable for #ident {
+            fn protected_attributes() -> std::borrow::Cow<'static, [std::borrow::Cow<'static, str>]> {
+                std::borrow::Cow::Borrowed(&[#(#protected_attributes_cow,)*])
+            }
+
+            fn plaintext_attributes() -> std::borrow::Cow<'static, [std::borrow::Cow<'static, str>]> {
+                std::borrow::Cow::Borrowed(&[#(#plaintext_attributes_cow,)*])
+            }
+
             fn from_unsealed(unsealed: cipherstash_dynamodb::crypto::Unsealed) -> Result<Self, cipherstash_dynamodb::crypto::SealError> {
                 Ok(Self {
                     #(#from_unsealed_impl,)*

cipherstash-dynamodb-derive/src/encryptable.rs

@@ -9,109 +9,56 @@ pub(crate) fn derive_encryptable(input: DeriveInput) -> Result<TokenStream, syn:
         .field_attributes(&input)?
         .build()?;
 
-    let partition_key_field = settings.get_partition_key();
-    let partition_key = format_ident!("{partition_key_field}");
-    let type_name = settings.type_name.clone();
-
-    let sort_key_prefix = settings
-        .sort_key_prefix
-        .as_ref()
-        .map(|x| quote! { Some(#x) })
-        .unwrap_or_else(|| quote! { None });
-
     let protected_attributes = settings.protected_attributes();
     let plaintext_attributes = settings.plaintext_attributes();
-    let ident = settings.ident();
 
-    let is_partition_key_encrypted = protected_attributes.contains(&partition_key_field.as_str());
-    let is_sort_key_encrypted = settings
-        .sort_key_field
-        .as_ref()
-        .map(|x| protected_attributes.contains(&x.as_str()))
-        .unwrap_or(true);
+    let protected_attributes_cow = settings
+        .protected_attributes()
+        .into_iter()
+        .map(|x| quote! { std::borrow::Cow::Borrowed(#x) });
+
+    let plaintext_attributes_cow = settings
+        .plaintext_attributes()
+        .into_iter()
+        .map(|x| quote! { std::borrow::Cow::Borrowed(#x) });
+
+    let ident = settings.ident();
 
     let into_unsealed_impl = protected_attributes
         .iter()
         .map(|attr| {
             let attr_ident = format_ident!("{attr}");
 
             quote! {
-                .add_protected(#attr, |x| cipherstash_dynamodb::traits::Plaintext::from(x.#attr_ident.to_owned()))
+                unsealed.add_protected(#attr, cipherstash_dynamodb::traits::Plaintext::from(self.#attr_ident.to_owned()));
             }
         })
         .chain(plaintext_attributes.iter().map(|attr| {
             let attr_ident = format_ident!("{attr}");
 
             quote! {
-                .add_plaintext(#attr, |x| cipherstash_dynamodb::traits::TableAttribute::from(x.#attr_ident.clone()))
+                unsealed.add_unprotected(#attr, cipherstash_dynamodb::traits::TableAttribute::from(self.#attr_ident.clone()));
             }
         }));
 
-    let sort_key_impl = if let Some(sort_key_field) = &settings.sort_key_field {
-        let sort_key_attr = format_ident!("{sort_key_field}");
-
-        quote! {
-            if let Some(prefix) = Self::sort_key_prefix() {
-                format!("{}#{}", prefix, self.#sort_key_attr)
-            } else {
-                self.#sort_key_attr.to_string()
-            }
-        }
-    } else {
-        quote! { Self::type_name().into() }
-    };
-
-    let primary_key_impl = if settings.sort_key_field.is_some() {
-        quote! { type PrimaryKey = cipherstash_dynamodb::PkSk; }
-    } else {
-        quote! { type PrimaryKey = cipherstash_dynamodb::Pk; }
-    };
-
     let expanded = quote! {
         #[automatically_derived]
         impl cipherstash_dynamodb::traits::Encryptable for #ident {
-            #primary_key_impl
-
-            #[inline]
-            fn type_name() -> &'static str {
-                #type_name
-            }
-
-            fn sort_key(&self) -> String {
-                #sort_key_impl
-            }
-
-            #[inline]
-            fn sort_key_prefix() -> Option<&'static str> {
-                #sort_key_prefix
-            }
-
-            #[inline]
-            fn is_partition_key_encrypted() -> bool {
-                #is_partition_key_encrypted
+            fn protected_attributes() -> std::borrow::Cow<'static, [std::borrow::Cow<'static, str>]> {
+                std::borrow::Cow::Borrowed(&[#(#protected_attributes_cow,)*])
             }
 
-            #[inline]
-            fn is_sort_key_encrypted() -> bool {
-                #is_sort_key_encrypted
+            fn plaintext_attributes() -> std::borrow::Cow<'static, [std::borrow::Cow<'static, str>]> {
+                std::borrow::Cow::Borrowed(&[#(#plaintext_attributes_cow,)*])
             }
 
-            fn partition_key(&self) -> String {
-                self.#partition_key.to_string()
-            }
-
-            fn protected_attributes() -> Vec<&'static str> {
-                vec![#(#protected_attributes,)*]
-            }
+            #[allow(clippy::needless_question_mark)]
+            fn into_unsealed(self) -> cipherstash_dynamodb::crypto::Unsealed {
+                let mut unsealed = cipherstash_dynamodb::crypto::Unsealed::new_with_descriptor(<Self as cipherstash_dynamodb::traits::Identifiable>::type_name());
 
-            fn plaintext_attributes() -> Vec<&'static str> {
-                vec![#(#plaintext_attributes,)*]
-            }
+                #(#into_unsealed_impl)*
 
-            #[allow(clippy::needless_question_mark)]
-            fn into_sealer(self) -> Result<cipherstash_dynamodb::crypto::Sealer<Self>, cipherstash_dynamodb::crypto::SealError> {
-                Ok(cipherstash_dynamodb::crypto::Sealer::new_with_descriptor(self, Self::type_name())
-                    #(#into_unsealed_impl?)*)
+                unsealed
             }
         }
     };

cipherstash-dynamodb-derive/src/identifiable.rs

@@ -0,0 +1,89 @@
+use crate::settings::Settings;
+use proc_macro2::TokenStream;
+use quote::{format_ident, quote};
+use syn::DeriveInput;
+
+pub(crate) fn derive_identifiable(input: DeriveInput) -> Result<TokenStream, syn::Error> {
+    let settings = Settings::builder(&input)
+        .container_attributes(&input)?
+        .field_attributes(&input)?
+        .build()?;
+
+    let Some(partition_key_field) = settings.get_partition_key() else {
+        return Err(syn::Error::new(
+            proc_macro2::Span::call_site(),
+            "Missing required attribute for Identifiable: #[partition_key]",
+        ));
+    };
+
+    let partition_key_attr = format_ident!("{partition_key_field}");
+
+    let protected_attributes = settings.protected_attributes();
+    let ident = settings.ident();
+
+    let is_partition_key_encrypted = protected_attributes.contains(&partition_key_field.as_str());
+
+    let is_sort_key_encrypted = settings
+        .sort_key_field
+        .as_ref()
+        .map(|x| protected_attributes.contains(&x.as_str()))
+        .unwrap_or(true);
+
+    let primary_key_impl = if let Some(sort_key_field) = &settings.sort_key_field {
+        let sort_key_attr = format_ident!("{sort_key_field}");
+
+        quote! {
+            type PrimaryKey = cipherstash_dynamodb::PkSk;
+
+            fn get_primary_key(&self) -> Self::PrimaryKey {
+                cipherstash_dynamodb::PkSk(
+                    self.#partition_key_attr.to_string(),
+                    self.#sort_key_attr.to_string()
+                )
+            }
+        }
+    } else {
+        quote! {
+            type PrimaryKey = cipherstash_dynamodb::Pk;
+
+            fn get_primary_key(&self) -> Self::PrimaryKey {
+                cipherstash_dynamodb::Pk(
+                    self.#partition_key_attr.to_string()
+                )
+            }
+        }
+    };
+    let type_name = &settings.type_name;
+
+    let sort_key_prefix_impl = if let Some(prefix) = &settings.sort_key_prefix {
+        quote! { Some(std::borrow::Cow::Borrowed(#prefix)) }
+    } else {
+        quote! { None }
+    };
+
+    let expanded = quote! {
+        impl cipherstash_dynamodb::traits::Identifiable for #ident {
+            #primary_key_impl
+
+            #[inline]
+            fn type_name() -> std::borrow::Cow<'static, str> {
+                std::borrow::Cow::Borrowed(#type_name)
+            }
+
+            #[inline]
+            fn sort_key_prefix() -> Option<std::borrow::Cow<'static, str>> {
+                #sort_key_prefix_impl
+            }
+
+            fn is_pk_encrypted() -> bool {
+                #is_partition_key_encrypted
+            }
+
+            fn is_sk_encrypted() -> bool {
+                #is_sort_key_encrypted
+            }
+        }
+    };
+
+    Ok(expanded)
+}

cipherstash-dynamodb-derive/src/lib.rs

@@ -4,6 +4,7 @@ extern crate syn;
 
 mod decryptable;
 mod encryptable;
+mod identifiable;
 mod searchable;
 mod settings;
 
@@ -17,6 +18,13 @@ pub fn derive_encryptable(input: TokenStream) -> TokenStream {
         .into()
 }
 
+#[proc_macro_derive(Identifiable, attributes(cipherstash, sort_key, partition_key))]
+pub fn derive_identifiable(input: TokenStream) -> TokenStream {
+    identifiable::derive_identifiable(parse_macro_input!(input as DeriveInput))
+        .unwrap_or_else(syn::Error::into_compile_error)
+        .into()
+}
+
 #[proc_macro_derive(Decryptable, attributes(cipherstash, sort_key, partition_key))]
 pub fn derive_decryptable(input: TokenStream) -> TokenStream {
     decryptable::derive_decryptable(parse_macro_input!(input as DeriveInput))

cipherstash-dynamodb-derive/src/searchable.rs

@@ -19,7 +19,7 @@ pub(crate) fn derive_searchable(input: DeriveInput) -> Result<TokenStream, syn::
             let index_type = index.to_cipherstash_dynamodb_type()?;
 
             Ok::<_, syn::Error>(quote! {
-                ( #index_name, #index_type )
+                ( std::borrow::Cow::Borrowed(#index_name), #index_type )
             })
         })
         .collect::<Result<Vec<_>, _>>()?;
@@ -53,8 +53,8 @@ pub(crate) fn derive_searchable(input: DeriveInput) -> Result<TokenStream, syn::
     let expanded = quote! {
         #[automatically_derived]
         impl cipherstash_dynamodb::traits::Searchable for #ident {
-            fn protected_indexes() -> Vec<( &'static str, cipherstash_dynamodb::IndexType )> {
-                vec![#(#protected_indexes_impl,)*]
+            fn protected_indexes() -> std::borrow::Cow<'static, [( std::borrow::Cow<'static, str>, cipherstash_dynamodb::IndexType )]> {
+                std::borrow::Cow::Borrowed(&[#(#protected_indexes_impl,)*])
             }
 
             fn index_by_name(index_name: &str, index_type: cipherstash_dynamodb::IndexType) -> Option<Box<dyn cipherstash_dynamodb::traits::ComposableIndex>> {

cipherstash-dynamodb-derive/src/settings/builder.rs

@@ -349,13 +349,6 @@ impl SettingsBuilder {
 
         let sort_key_prefix = sort_key_prefix.into_prefix(&type_name);
 
-        let partition_key_field = partition_key_field.ok_or_else(|| {
-            syn::Error::new(
-                proc_macro2::Span::call_site(),
-                "Missing required attribute: #[partition_key]",
-            )
-        })?;
-
         Ok(Settings {
             ident,
             sort_key_prefix,

cipherstash-dynamodb-derive/src/settings/mod.rs

@@ -16,7 +16,7 @@ pub(crate) struct Settings {
     pub(crate) sort_key_prefix: Option<String>,
     pub(crate) type_name: String,
     pub(crate) sort_key_field: Option<String>,
-    pub(crate) partition_key_field: String,
+    pub(crate) partition_key_field: Option<String>,
     protected_attributes: Vec<String>,
     unprotected_attributes: Vec<String>,
 
@@ -69,7 +69,7 @@ impl Settings {
             .collect()
     }
 
-    pub(crate) fn get_partition_key(&self) -> String {
+    pub(crate) fn get_partition_key(&self) -> Option<String> {
         self.partition_key_field.clone()
     }
 }

examples/common/license.rs

@@ -1,6 +1,6 @@
-use cipherstash_dynamodb::{Decryptable, Encryptable, Searchable};
+use cipherstash_dynamodb::{Decryptable, Encryptable, Identifiable, Searchable};
 
-#[derive(Debug, Encryptable, Decryptable, Searchable)]
+#[derive(Debug, Identifiable, Encryptable, Decryptable, Searchable)]
 pub struct License {
     #[partition_key]
     email: String,
@@ -35,15 +35,4 @@ mod tests {
     fn test_cipherstash_typename() {
         assert_eq!(License::type_name(), "license");
     }
-
-    #[test]
-    fn test_cipherstash_instance() {
-        let license = License::new("[email protected]", "1234", "2020-01-01");
-        assert_eq!(license.partition_key(), "[email protected]");
-        assert_eq!(
-            License::protected_attributes(),
-            vec!["email", "expires", "number"]
-        );
-        assert!(License::plaintext_attributes().is_empty());
-    }
 }