Completely remove access to client storage via accounts.

The client storage backend is now considered to be an implementation
detail and callers are expected to use the functions in the Account
trait.

Author: tmpfs

crates/account/src/account.rs

@@ -289,6 +289,12 @@ pub trait Account {
         events: Vec<DeviceEvent>,
     ) -> std::result::Result<(), Self::Error>;
 
+    /// Revoke a device.
+    async fn revoke_device(
+        &mut self,
+        device_key: &DevicePublicKey,
+    ) -> std::result::Result<(), Self::Error>;
+
     /// Current device information.
     async fn current_device(
         &self,
@@ -448,10 +454,6 @@ pub trait Account {
         &mut self,
     ) -> std::result::Result<(), Self::Error>;
 
-    /// Storage provider.
-    #[deprecated]
-    async fn storage(&self) -> Arc<RwLock<ClientStorage>>;
-
     /// Read the secret identifiers in a vault.
     async fn secret_ids(
         &self,
@@ -1690,6 +1692,13 @@ impl Account for LocalAccount {
         Ok(self.storage.patch_devices_unchecked(events).await?)
     }
 
+    async fn revoke_device(
+        &mut self,
+        device_key: &DevicePublicKey,
+    ) -> Result<()> {
+        Ok(self.storage.revoke_device(device_key).await?)
+    }
+
     async fn current_device(&self) -> Result<TrustedDevice> {
         let authenticated_user = self.storage.authenticated_user()?;
         Ok(authenticated_user.devices()?.current_device(None))
@@ -1988,11 +1997,6 @@ impl Account for LocalAccount {
         self.storage.find_folder(vault).cloned()
     }
 
-    async fn storage(&self) -> Arc<RwLock<ClientStorage>> {
-        todo!("restore storage getter for debug_assertions");
-        // self.storage.clone()
-    }
-
     async fn secret_ids(&self, summary: &Summary) -> Result<Vec<SecretId>> {
         let vault: Vault = self.storage.read_vault(summary.id()).await?;
         Ok(vault.keys().cloned().collect())

crates/ipc/src/web_service/web_accounts.rs

@@ -5,12 +5,11 @@ use notify::{
 use parking_lot::Mutex;
 use serde::{Deserialize, Serialize};
 use sos_account::{Account, AccountSwitcher};
-use sos_client_storage::ClientFolderStorage;
 use sos_core::{
     events::{AccountEvent, EventLog, WriteEvent},
     AccountId, ErrorExt, Paths, VaultId,
 };
-use sos_sync::{StorageEventLogs, SyncStorage};
+use sos_sync::SyncStorage;
 use sos_vault::SecretAccess;
 use std::{collections::HashMap, sync::Arc};
 use tokio::sync::{broadcast, RwLock};

crates/login/src/identity_folder.rs

@@ -22,12 +22,12 @@ use sos_core::{
 };
 use sos_password::diceware::generate_passphrase_words;
 use sos_signer::ed25519;
+use sos_vault::Summary;
 use sos_vault::{
     secret::{Secret, SecretId, SecretMeta, SecretRow, SecretSigner},
     BuilderCredentials, SecretAccess, Vault, VaultBuilder, VaultFlags,
     VaultId,
 };
-use sos_vault::{EncryptedEntry, Summary};
 use sos_vfs as vfs;
 use std::{
     path::{Path, PathBuf},

crates/net/src/account/network_account.rs

@@ -9,9 +9,7 @@ use sos_account::{
     SecretDelete, SecretInsert, SecretMove,
 };
 use sos_backend::{Folder, ServerOrigins};
-use sos_client_storage::{
-    AccessOptions, ClientDeviceStorage, ClientStorage, NewFolderOptions,
-};
+use sos_client_storage::{AccessOptions, NewFolderOptions};
 use sos_core::{
     commit::{CommitHash, CommitState},
     crypto::{AccessKey, Cipher, KeyDerivation},
@@ -237,44 +235,6 @@ impl NetworkAccount {
         Ok(())
     }
 
-    /// Revoke a device.
-    pub async fn revoke_device(
-        &mut self,
-        device_key: &sos_sdk::device::DevicePublicKey,
-    ) -> Result<()> {
-        let current_device = self.current_device().await?;
-        if current_device.public_key() == device_key {
-            return Err(Error::RevokeDeviceSelf);
-        }
-
-        // Update the local device event log
-        {
-            let account = self.account.lock().await;
-            let storage = account.storage().await;
-            let mut storage = storage.write().await;
-            storage.revoke_device(device_key).await?;
-        }
-
-        #[cfg(feature = "audit")]
-        {
-            let audit_event = AuditEvent::new(
-                Default::default(),
-                EventKind::RevokeDevice,
-                *self.account_id(),
-                Some(AuditData::Device(*device_key)),
-            );
-            append_audit_events(&[audit_event]).await?;
-        }
-
-        // Send the device event logs to the remote servers
-        if let Some(e) = self.sync().await.first_error() {
-            tracing::error!(error = ?e);
-            return Err(Error::RevokeDeviceSync(Box::new(e)));
-        }
-
-        Ok(())
-    }
-
     /// Set the connection identifier.
     pub fn set_connection_id(&mut self, value: Option<String>) {
         self.connection_id = value;
@@ -752,6 +712,41 @@ impl Account for NetworkAccount {
         Ok(account.patch_devices_unchecked(events).await?)
     }
 
+    async fn revoke_device(
+        &mut self,
+        device_key: &DevicePublicKey,
+    ) -> Result<()> {
+        let current_device = self.current_device().await?;
+        if current_device.public_key() == device_key {
+            return Err(Error::RevokeDeviceSelf);
+        }
+
+        // Update the local device event log
+        {
+            let mut account = self.account.lock().await;
+            account.revoke_device(device_key).await?;
+        }
+
+        #[cfg(feature = "audit")]
+        {
+            let audit_event = AuditEvent::new(
+                Default::default(),
+                EventKind::RevokeDevice,
+                *self.account_id(),
+                Some(AuditData::Device(*device_key)),
+            );
+            append_audit_events(&[audit_event]).await?;
+        }
+
+        // Send the device event logs to the remote servers
+        if let Some(e) = self.sync().await.first_error() {
+            tracing::error!(error = ?e);
+            return Err(Error::RevokeDeviceSync(Box::new(e)));
+        }
+
+        Ok(())
+    }
+
     async fn current_device(&self) -> Result<TrustedDevice> {
         let account = self.account.lock().await;
         Ok(account.current_device().await?)
@@ -1013,11 +1008,6 @@ impl Account for NetworkAccount {
         account.find_folder(vault).await
     }
 
-    async fn storage(&self) -> Arc<RwLock<ClientStorage>> {
-        let account = self.account.lock().await;
-        account.storage().await
-    }
-
     async fn load_folders(&mut self) -> Result<Vec<Summary>> {
         let mut account = self.account.lock().await;
         Ok(account.load_folders().await?)

crates/security_report/src/lib.rs

@@ -4,7 +4,6 @@ use secrecy::ExposeSecret;
 use serde::{Deserialize, Serialize};
 use sos_account::Account;
 use sos_backend::AccessPoint;
-use sos_client_storage::ClientFolderStorage;
 use sos_password::generator::measure_entropy;
 use sos_vault::{
     secret::{Secret, SecretId, SecretType},

crates/sos/src/commands/tools/authenticator.rs

@@ -6,7 +6,7 @@ use crate::{
 };
 use clap::Subcommand;
 use sos_account::{Account, FolderCreate};
-use sos_client_storage::{ClientFolderStorage, NewFolderOptions};
+use sos_client_storage::NewFolderOptions;
 use sos_migrate::{export_authenticator, import_authenticator};
 use sos_sdk::prelude::{AccountRef, VaultFlags};
 use std::path::PathBuf;

crates/storage/client/src/filesystem/mod.rs

@@ -34,7 +34,7 @@ use sos_vault::{
     Summary, Vault, VaultBuilder, VaultCommit, VaultFlags,
 };
 use sos_vfs as vfs;
-use std::{borrow::Cow, collections::HashMap, sync::Arc};
+use std::{collections::HashMap, sync::Arc};
 use tokio::sync::RwLock;
 
 #[cfg(feature = "archive")]
@@ -1482,7 +1482,7 @@ impl ClientAccountStorage for ClientFileSystemStorage {
 
     async fn lock(&mut self) {
         for (_, folder) in self.folders.iter_mut() {
-            folder.lock();
+            folder.lock().await;
         }
     }
 
@@ -1504,7 +1504,7 @@ impl ClientAccountStorage for ClientFileSystemStorage {
             .folders
             .get_mut(id)
             .ok_or(StorageError::CacheNotAvailable(*id))?;
-        folder.lock();
+        folder.lock().await;
         Ok(())
     }
 

crates/storage/client/src/storage.rs

@@ -33,8 +33,10 @@ use sos_vault::{
     secret::{Secret, SecretMeta, SecretRow},
     FolderRef, Summary, Vault, VaultCommit, VaultFlags,
 };
-use std::collections::HashSet;
-use std::{borrow::Cow, collections::HashMap, sync::Arc};
+use std::{
+    collections::{HashMap, HashSet},
+    sync::Arc,
+};
 use tokio::sync::RwLock;
 
 #[cfg(feature = "archive")]

crates/storage/client/src/traits.rs

@@ -23,7 +23,7 @@ use sos_vault::{
     secret::{Secret, SecretMeta, SecretRow},
     FolderRef, Summary, Vault,
 };
-use std::{borrow::Cow, collections::HashMap, sync::Arc};
+use std::{collections::HashMap, sync::Arc};
 
 #[cfg(feature = "archive")]
 use sos_filesystem::archive::RestoreTargets;

crates/vault/src/access_point.rs

@@ -11,7 +11,7 @@ use sos_core::{
     SecretId, VaultCommit, VaultEntry, VaultFlags, VaultId,
 };
 use sos_vfs as vfs;
-use std::{borrow::Cow, path::Path};
+use std::path::Path;
 
 pub type VaultMirror<E> =
     Box<dyn EncryptedEntry<Error = E> + Send + Sync + 'static>;

crates/web/src/linked_account.rs

@@ -9,7 +9,7 @@ use sos_account::{
     SecretDelete, SecretInsert, SecretMove,
 };
 use sos_backend::{AccountEventLog, DeviceEventLog, Folder, FolderEventLog};
-use sos_client_storage::{AccessOptions, ClientStorage, NewFolderOptions};
+use sos_client_storage::{AccessOptions, NewFolderOptions};
 use sos_core::{
     commit::{CommitHash, CommitState, Comparison},
     events::{
@@ -181,6 +181,14 @@ impl Account for LinkedAccount {
         Ok(account.patch_devices_unchecked(events).await?)
     }
 
+    async fn revoke_device(
+        &mut self,
+        device_key: &DevicePublicKey,
+    ) -> Result<()> {
+        let mut account = self.account.lock().await;
+        Ok(account.revoke_device(device_key).await?)
+    }
+
     async fn current_device(&self) -> Result<TrustedDevice> {
         let account = self.account.lock().await;
         Ok(account.current_device().await?)
@@ -345,12 +353,6 @@ impl Account for LinkedAccount {
         Ok(account.delete_account().await?)
     }
 
-    #[cfg(debug_assertions)]
-    async fn storage(&self) -> Arc<RwLock<ClientStorage>> {
-        let account = self.account.lock().await;
-        account.storage().await
-    }
-
     async fn secret_ids(&self, summary: &Summary) -> Result<Vec<SecretId>> {
         let account = self.account.lock().await;
         Ok(account.secret_ids(summary).await?)

tests/integration/tests/event_log/compact_events.rs

@@ -3,7 +3,6 @@ use crate::test_utils::{mock, setup, teardown};
 use anyhow::Result;
 use sos_account::{Account, LocalAccount};
 use sos_backend::{AccountEventLog, FolderEventLog};
-use sos_client_storage::ClientFolderStorage;
 use sos_sdk::prelude::*;
 
 /// Tests compacting a folder event log.
@@ -61,9 +60,7 @@ async fn event_log_compact() -> Result<()> {
 
     // Check the in-memory commit tree
     let new_root = {
-        let storage = account.storage().await;
-        let reader = storage.read().await;
-        let folder = reader.folders().get(default_folder.id()).unwrap();
+        let folder = account.folder(default_folder.id()).await?;
         let event_log = folder.event_log();
         let event_log = event_log.read().await;
         let tree = event_log.tree();

tests/integration/tests/network_account/listen_folder_delete.rs

@@ -1,7 +1,6 @@
 use crate::test_utils::{simulate_device, spawn, teardown, wait_for_cond};
 use anyhow::Result;
 use sos_account::{Account, FolderCreate, FolderDelete};
-use sos_client_storage::ClientFolderStorage;
 use sos_sdk::prelude::*;
 
 /// Tests syncing delete folder events between two clients

tests/integration/tests/network_account/listen_folder_import.rs

@@ -4,7 +4,6 @@ use crate::test_utils::{
 };
 use anyhow::Result;
 use sos_account::{Account, FolderCreate};
-use sos_client_storage::ClientFolderStorage;
 use sos_sdk::prelude::*;
 use sos_vault::SecretAccess;
 
@@ -44,9 +43,7 @@ async fn network_sync_listen_folder_import() -> Result<()> {
     // path when sync happens
     device1.owner.open_folder(new_folder.id()).await?;
     let mut vault = {
-        let storage = device1.owner.storage().await;
-        let reader = storage.read().await;
-        let folder = reader.folders().get(new_folder.id()).unwrap();
+        let folder = device1.owner.folder(new_folder.id()).await?;
         let access_point = folder.access_point();
         let access_point = access_point.lock().await;
         access_point.vault().clone()
@@ -89,11 +86,8 @@ async fn network_sync_listen_folder_import() -> Result<()> {
 
     // Expected folders on the local account must be computed
     // again after creating the new folder for the assertions
-    let expected_summaries: Vec<Summary> = {
-        let storage = device1.owner.storage().await;
-        let reader = storage.read().await;
-        reader.list_folders().to_vec()
-    };
+    let expected_summaries: Vec<Summary> =
+        device1.owner.list_folders().await?;
 
     // Assert first device
     let mut bridge = device1.owner.remove_server(&origin).await?.unwrap();

tests/integration/tests/network_account/send_folder_create.rs

@@ -4,7 +4,6 @@ use crate::test_utils::{
 };
 use anyhow::Result;
 use sos_account::{Account, FolderCreate};
-use sos_client_storage::ClientFolderStorage;
 use sos_sdk::prelude::*;
 
 /// Tests sending create folder events to a remote.
@@ -39,11 +38,7 @@ async fn network_sync_folder_create() -> Result<()> {
 
     // Expected folders on the local account must be computed
     // again after creating the new folder for the assertions
-    let folders: Vec<Summary> = {
-        let storage = device.owner.storage().await;
-        let reader = storage.read().await;
-        reader.list_folders().to_vec()
-    };
+    let folders: Vec<Summary> = device.owner.list_folders().await?;
 
     // Ensure we have the extra folder summary in memory
     assert_eq!(original_folders_len + 1, folders.len());

tests/integration/tests/network_account/send_folder_delete.rs

@@ -4,7 +4,6 @@ use crate::test_utils::{
 };
 use anyhow::Result;
 use sos_account::{Account, FolderCreate, FolderDelete};
-use sos_client_storage::ClientFolderStorage;
 use sos_core::ExternalFile;
 use sos_sdk::prelude::*;