-
Notifications
You must be signed in to change notification settings - Fork 7
Identities sharing graph example
CI edited this page Apr 5, 2019
·
4 revisions
In this example we create the identities sharing graph as described in Identity concept description.
The following sharing graph is created:
images/concepts/identity/users_group.png
Show code
const DataPeps = require("datapeps-sdk");
global.fetch = require("node-fetch");
global.Headers = global.fetch.Headers;
const ALICE_LOGIN = "aliceliddell";
const BOB_LOGIN = "bobmorane";
const CHARLIE_LOGIN = "charliebucket";
const ALICE_GROUP_LOGIN = "aliceGroup";
const BOB_GROUP_LOGIN = "bobGroup";
let aliceGroup = {
login: ALICE_GROUP_LOGIN,
name: "Alice's Group",
kind: "group",
payload: new TextEncoder().encode(
JSON.stringify({
description: `This is a group created by ${ALICE_LOGIN}`
})
)
};
let bobGroup = {
login: BOB_GROUP_LOGIN,
name: "Bob's Group",
kind: "group",
payload: new TextEncoder().encode(
JSON.stringify({
description: `This is a group created by ${BOB_LOGIN}`
})
)
};
async function encryptForGroup(session, group, kind, payload, data) {}
async function main() {
// Alice establishes a session
let aliceSession = await DataPeps.Session.login(ALICE_LOGIN, "aliceP@ssw0rd");
console.log("Alice creates a session");
// Alice creates a group shared by herself and Bob
try {
await new DataPeps.IdentityAPI(aliceSession).create(aliceGroup, {
sharingGroup: [ALICE_LOGIN, BOB_LOGIN]
});
} catch (e) {
if (
e instanceof DataPeps.Error &&
e.kind == DataPeps.ServerError.IdentityAlreadyExists
) {
console.log(`Group ${ALICE_GROUP_LOGIN} already exists`);
} else throw e;
}
console.log("Alice creates a group");
// Bob establishes a session
let bobSession = await DataPeps.Session.login(BOB_LOGIN, "bobP@ssw0rd");
console.log("Bob creates a session");
// Bob creates a group shared only by the created alice's group
try {
await new DataPeps.IdentityAPI(bobSession).create(bobGroup, {
sharingGroup: [ALICE_GROUP_LOGIN]
});
} catch (e) {
if (
e instanceof DataPeps.Error &&
e.kind == DataPeps.ServerError.IdentityAlreadyExists
) {
console.log(`Group ${BOB_GROUP_LOGIN} already exists`);
} else throw e;
}
console.log("Bob creates a group");
// Bob adds Charlie to the created group
await new DataPeps.IdentityAPI(bobSession).extendSharingGroup(
BOB_GROUP_LOGIN,
[CHARLIE_LOGIN]
);
// encrypting message for Alice's group
let aliceGroupResource = await new DataPeps.ResourceAPI(aliceSession).create(
"text",
{ description: "Text messages shared in Alice's group" },
[ALICE_GROUP_LOGIN]
);
let aliceGroupEncryptedMessage = aliceGroupResource.encrypt(
new TextEncoder().encode("A message to Alice's group")
);
console.log("Alice encrypts a message for Alice's group");
// checking that Alice has an access to the resource
let groupResourceForAlice = await new DataPeps.ResourceAPI(aliceSession).get(
aliceGroupResource.id,
{
assume: ALICE_GROUP_LOGIN
}
);
let aliceDecryptedMessage = groupResourceForAlice.decrypt(
aliceGroupEncryptedMessage
);
console.log(
"Alice's decrypted message:",
new TextDecoder().decode(aliceDecryptedMessage)
);
// checking that Bob has an access to the resource
let groupResourceForBob = await new DataPeps.ResourceAPI(bobSession).get(
aliceGroupResource.id,
{
assume: ALICE_GROUP_LOGIN
}
);
let bobDecryptedMessage = groupResourceForBob.decrypt(
aliceGroupEncryptedMessage
);
console.log(
"Bob's decrypted message:",
new TextDecoder().decode(bobDecryptedMessage)
);
// logging in as Charlie...
let charlieSession = await DataPeps.Session.login(
CHARLIE_LOGIN,
"charlieP@ssw0rd"
);
// ...and checking that Charlie does not have an access to the resource
try {
await new DataPeps.ResourceAPI(charlieSession).get(aliceGroupResource.id, {
assume: ALICE_GROUP_LOGIN
});
} catch (e) {
if (
e instanceof DataPeps.Error &&
e.kind === DataPeps.ServerError.IdentityCannotAssumeOwnership
) {
console.log("Charlie cannot access to the message");
} else throw e;
}
// encrypting message for Bob's group
let bobGroupResource = await new DataPeps.ResourceAPI(bobSession).create(
"text",
{ description: "Text messages shared in the Bob's group" },
[BOB_GROUP_LOGIN]
);
let bobGroupEncryptedMessage = bobGroupResource.encrypt(
new TextEncoder().encode("A message to the Bob's group")
);
console.log("Bob encrypts a message for the Bob's group");
// checking that Alice has an access to the resource
groupResourceForAlice = await new DataPeps.ResourceAPI(aliceSession).get(
bobGroupResource.id,
{
assume: BOB_GROUP_LOGIN
}
);
aliceDecryptedMessage = groupResourceForAlice.decrypt(
bobGroupEncryptedMessage
);
console.log(
"Alice's decrypted message:",
new TextDecoder().decode(aliceDecryptedMessage)
);
// checking that Bob has an access to the resource
groupResourceForBob = await new DataPeps.ResourceAPI(bobSession).get(
bobGroupResource.id,
{
assume: BOB_GROUP_LOGIN
}
);
bobDecryptedMessage = groupResourceForBob.decrypt(bobGroupEncryptedMessage);
console.log(
"Bob's decrypted message:",
new TextDecoder().decode(bobDecryptedMessage)
);
// checking that Charlie has an access to the resource
let groupResourceForCharlie = await new DataPeps.ResourceAPI(
charlieSession
).get(bobGroupResource.id, {
assume: BOB_GROUP_LOGIN
});
let charlieDecryptedMessage = groupResourceForCharlie.decrypt(
bobGroupEncryptedMessage
);
console.log(
"Charlie's decrypted message:",
new TextDecoder().decode(charlieDecryptedMessage)
);
}
main().catch(e => console.log("An error occurred: ", e));Before running the example make sure you followed the steps described here.
To fetch the code run the following command in the examples directory:
git clone https://gist.github.com/8e9a0cce356d4d1bb2351a2ff223600c.git identities-sharing-graphTo run this example execute the following command in the examples directory:
node identities-sharing-graph/identities-sharing-graph.js- Session
- Identity
- Resource
- Delegated access