Skip to content
This repository was archived by the owner on Sep 16, 2021. It is now read-only.

DIYServer

Jump to bottom
Maxim Ermilov edited this page Sep 7, 2017 · 3 revisions

Introduction

We strongly encourage you to use Google App Engine for the Cauliflower Vest service due to the usual benefits of cloud hosting platforms: scaleability, virtual instances, cost, etc. While we believe a cloud solution works best we understand it may not be possible for your organization to use Google App Engine. We welcome development on new escrow service solutions for general use platforms.

You may wish to port the Cauliflower Vest server or write your own from scratch. This should be relatively simple since our server code is modular, small, and actually quite basic. In general, it's simply a data storage getter/setter with ACLs and secure storage into a database with a simple schema. Please also see this wiki for more server background info.

Details

To get yourself orientated, view the URL to code mapping module:

cauliflowervest/server/urls.py

Look towards the bottom for the URL mapping which maps URLs to classes which handle each request type.

application = webapp.WSGIApplication([
    (r'/filevault/([\w\d\-]+)/?$', filevault.FileVault),
    (r'/logs$', logs.Logs),
    (r'/search$', search.Search),
    (r'/_ah/warmup$', Warmup),
    (r'/?$', Home),
    ], debug=True)

If you follow the mappings to the respective modules you will find the http handlers for possible get/post/put operations. For example, consider cauliflowervest/server/handlers/filevault.py which handles the /filevault/ resource expressed in the regex above.

In App Engine the class method names match the http method, so to find the HTTP PUT handler look for the put method.

  def put(self, volume_uuid=None):
    """Handles PUT requests."""
    if settings.ALLOW_ALL_DOMAIN_USERS_TO_ESCROW:
      self.VerifyDomainUser()
    else:
      self.VerifyPermissions(permissions.ESCROW)

    if volume_uuid and self.request.body:
      self.PutNewPassphrase(volume_uuid, self.request.body, self.request)
    else:
      models.FileVaultAccessLog.Log(
          message='Unknown PUT', request=self.request)
      self.error(400)

Given some combination of web programming experience, reading the client source, and creative editing/sub-classing/re-plugging new database storage methods (anything models.*), we believe one could easily implement at least a basic escrow service for other service backends in Python. This service could then run in whatever type of environment is required for your organization.

Clone this wiki locally