workspace share security (#192)

- Improvement: Reworked workspace shares to be more secure. Workspaces and workspace shares can only be created using the `zen workspace` command, the http endpoint is disabled unless zenserver is started with the `--workspaces-allow-changes` option enabled.
  - Each workspace are now configured via a `zenworkspaceconfig.json` file in the root of each workspace
  - A workspace can allow shares to be created via the http interface if the workspace is created with the `--allow-share-create-from-http` option enabled
  - A new http endpoint at `/ws` - issuing a `Get` operation will get you a list of workspaces
  - A new http endpoint at `/ws/refresh` - issuing a `Get` will make zenserver scan for edits in workspaces and workspace shares

1 files changed, 62 insertions, 21 deletions

diff --git a/src/zenstore/include/zenstore/workspaces.h b/src/zenstore/include/zenstore/workspaces.h
index a3e51b20d..3e9edf9f9 100644
--- a/src/zenstore/include/zenstore/workspaces.h
+++ b/src/zenstore/include/zenstore/workspaces.h
@@ -23,6 +23,8 @@ class WorkspaceShare;
 class Workspaces
 {
 public:
+	static constexpr AsciiSet ValidAliasCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789+-_.[]ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+
 	struct ChunkRequest
 	{
 		Oid		 ChunkId;
@@ -41,7 +43,11 @@ public:
 	{
 		Oid					  Id;
 		std::filesystem::path RootPath;
-		inline bool			  operator==(const WorkspaceConfiguration& Rhs) const { return Id == Rhs.Id && RootPath == Rhs.RootPath; }
+		bool				  AllowShareCreationFromHttp = false;
+		inline bool			  operator==(const WorkspaceConfiguration& Rhs) const
+		{
+			return Id == Rhs.Id && RootPath == Rhs.RootPath && AllowShareCreationFromHttp == Rhs.AllowShareCreationFromHttp;
+		}
 	};
 
 	struct WorkspaceShareConfiguration
@@ -55,26 +61,9 @@ public:
 		}
 	};
 
-	struct WorkspaceInfo
-	{
-		WorkspaceConfiguration					 Config;
-		std::vector<WorkspaceShareConfiguration> Shares;
-	};
-
 	Workspaces();
 	~Workspaces();
 
-	bool				   AddWorkspace(const WorkspaceConfiguration& Configuration);
-	WorkspaceConfiguration GetWorkspaceConfiguration(const Oid& WorkspaceId) const;
-	WorkspaceInfo		   GetWorkspaceInfo(const Oid& WorkspaceId) const;
-	bool				   RemoveWorkspace(const Oid& WorkspaceId);
-
-	bool						AddWorkspaceShare(const Oid&												   WorkspaceId,
-												  const WorkspaceShareConfiguration&						   Configuration,
-												  const std::function<Oid(const std::filesystem::path& Path)>& PathToIdCB);
-	WorkspaceShareConfiguration GetWorkspaceShareConfiguration(const Oid& WorkspaceId, const Oid& ShareId) const;
-	bool						RemoveWorkspaceShare(const Oid& WorkspaceId, const Oid& ShareId);
-
 	std::optional<std::vector<ShareFile>> GetWorkspaceShareFiles(const Oid&		   WorkspaceId,
 																 const Oid&		   ShareId,
 																 bool			   ForceRefresh,
@@ -87,9 +76,12 @@ public:
 												  const std::span<const ChunkRequest> ChunkRequests,
 												  WorkerThreadPool&					  WorkerPool);
 
-	void WriteState(const std::filesystem::path& WorkspaceStatePath);
-	void ReadState(const std::filesystem::path&									WorkspaceStatePath,
-				   const std::function<Oid(const std::filesystem::path& Path)>& PathToIdCB);
+	std::vector<Oid>						   GetWorkspaces() const;
+	std::optional<WorkspaceConfiguration>	   GetWorkspaceConfiguration(const Oid& WorkspaceId) const;
+	std::optional<std::vector<Oid>>			   GetWorkspaceShares(const Oid& WorkspaceId) const;
+	std::optional<WorkspaceShareConfiguration> GetWorkspaceShareConfiguration(const Oid& WorkspaceId, const Oid& ShareId) const;
+
+	void RefreshState(const std::filesystem::path& WorkspaceStatePath);
 
 	struct ShareAlias
 	{
@@ -99,7 +91,56 @@ public:
 
 	std::optional<ShareAlias> GetShareAlias(std::string_view Alias) const;
 
+	static bool AddWorkspace(const LoggerRef&			   Log,
+							 const std::filesystem::path&  WorkspaceStatePath,
+							 const WorkspaceConfiguration& Configuration);
+	static bool RemoveWorkspace(const LoggerRef& Log, const std::filesystem::path& WorkspaceStatePath, const Oid& WorkspaceId);
+	static bool AddWorkspaceShare(const LoggerRef&					 Log,
+								  const std::filesystem::path&		 WorkspaceRoot,
+								  const WorkspaceShareConfiguration& Configuration);
+	static bool RemoveWorkspaceShare(const LoggerRef& Log, const std::filesystem::path& WorkspaceRoot, const Oid& WorkspaceShareId);
+	static WorkspaceConfiguration FindWorkspace(const LoggerRef&			 Log,
+												const std::filesystem::path& WorkspaceStatePath,
+												const Oid&					 WorkspaceId);
+	static WorkspaceConfiguration FindWorkspace(const LoggerRef&			 InLog,
+												const std::filesystem::path& WorkspaceStatePath,
+												const std::filesystem::path& WorkspaceRoot);
+
+	static WorkspaceShareConfiguration				FindWorkspaceShare(const LoggerRef&				Log,
+																	   const std::filesystem::path& WorkspaceStatePath,
+																	   std::string_view				ShareAlias,
+																	   WorkspaceConfiguration&		OutWorkspace);
+	static WorkspaceShareConfiguration				FindWorkspaceShare(const LoggerRef&				InLog,
+																	   const std::filesystem::path& WorkspaceStatePath,
+																	   const Oid&					WorkspaceId,
+																	   const Oid&					WorkspaceShareId);
+	static WorkspaceShareConfiguration				FindWorkspaceShare(const LoggerRef&				Log,
+																	   const std::filesystem::path& WorkspaceRoot,
+																	   const Oid&					WorkspaceShareId);
+	static WorkspaceShareConfiguration				FindWorkspaceShare(const LoggerRef&				Log,
+																	   const std::filesystem::path& WorkspaceRoot,
+																	   const std::filesystem::path& SharePath);
+	static std::vector<WorkspaceConfiguration>		ReadConfig(const LoggerRef&				Log,
+															   const std::filesystem::path& WorkspaceStatePath,
+															   std::string&					OutError);
+	static std::vector<WorkspaceShareConfiguration> ReadWorkspaceConfig(const LoggerRef&			 Log,
+																		const std::filesystem::path& WorkspaceRoot,
+																		std::string&				 OutError);
+
+	static Oid PathToId(const std::filesystem::path& Path);
+
 private:
+	static void WriteConfig(const LoggerRef&						   Log,
+							const std::filesystem::path&			   WorkspaceStatePath,
+							const std::vector<WorkspaceConfiguration>& WorkspaceConfigurations);
+
+	static void WriteWorkspaceConfig(const LoggerRef&								 Log,
+									 const std::filesystem::path&					 WorkspaceRoot,
+									 const std::vector<WorkspaceShareConfiguration>& WorkspaceShareConfigurations);
+
+	void RefreshWorkspaceShares(const Oid& WorkspaceId);
+	bool RemoveWorkspace(RwLock::ExclusiveLockScope& Lock, const Oid& WorkspaceId);
+
 	LoggerRef& Log() { return m_Log; }
 
 	Ref<Workspace>									 FindWorkspace(const RwLock::SharedLockScope& Lock, const Oid& WorkspaceId) const;