Mercurial > libervia-backend
comparison libervia/backend/plugins/plugin_xep_0048.py @ 4212:5f2d496c633f
core: get rid of `pickle`:
Use of `pickle` to serialise data was a technical legacy that was causing trouble to store
in database, to update (if a class was serialised, a change could break update), and to
security (pickle can lead to code execution).
This patch remove all use of Pickle in favour in JSON, notably:
- for caching data, a Pydantic model is now used instead
- for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation
- in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and
`to_dict` method have been implemented to do serialisation.
- new methods to (de)serialise data can now be specified with Identity data types. It is
notably used to (de)serialise `path` of avatars.
A migration script has been created to convert data (for upgrade or downgrade), with
special care for XEP-0373 case. Depending of size of database, this migration script can
be long to run.
rel 443
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 23 Feb 2024 13:31:04 +0100 |
| parents | 4b842c1fb686 |
| children | 3fbd1a1285c1 |
comparison
equal
deleted
inserted
replaced
| 4211:be89ab1cbca4 | 4212:5f2d496c633f |
|---|---|
| 15 # GNU Affero General Public License for more details. | 15 # GNU Affero General Public License for more details. |
| 16 | 16 |
| 17 # You should have received a copy of the GNU Affero General Public License | 17 # You should have received a copy of the GNU Affero General Public License |
| 18 # along with this program. If not, see <http://www.gnu.org/licenses/>. | 18 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 19 | 19 |
| 20 from typing import cast | |
| 20 from libervia.backend.core.i18n import _, D_ | 21 from libervia.backend.core.i18n import _, D_ |
| 21 from libervia.backend.core import exceptions | 22 from libervia.backend.core import exceptions |
| 22 from libervia.backend.core.constants import Const as C | 23 from libervia.backend.core.constants import Const as C |
| 23 from libervia.backend.memory.persistent import PersistentBinaryDict | 24 from libervia.backend.memory.persistent import PersistentBinaryDict |
| 24 from libervia.backend.tools import xml_tools | 25 from libervia.backend.tools import xml_tools |
| 104 async def profile_connected(self, client): | 105 async def profile_connected(self, client): |
| 105 local = client.bookmarks_local = PersistentBinaryDict( | 106 local = client.bookmarks_local = PersistentBinaryDict( |
| 106 NS_BOOKMARKS, client.profile | 107 NS_BOOKMARKS, client.profile |
| 107 ) | 108 ) |
| 108 await local.load() | 109 await local.load() |
| 110 local = cast(dict[str, dict|None]|None, local) | |
| 109 if not local: | 111 if not local: |
| 110 local[XEP_0048.MUC_TYPE] = dict() | 112 local = { |
| 111 local[XEP_0048.URL_TYPE] = dict() | 113 XEP_0048.MUC_TYPE: {}, |
| 114 XEP_0048.URL_TYPE: {} | |
| 115 } | |
| 112 private = await self._get_server_bookmarks("private", client.profile) | 116 private = await self._get_server_bookmarks("private", client.profile) |
| 113 pubsub = client.bookmarks_pubsub = None | 117 pubsub = client.bookmarks_pubsub = None |
| 114 | 118 |
| 115 for bookmarks in (local, private, pubsub): | 119 for bookmarks in (local, private, pubsub): |
| 116 if bookmarks is not None: | 120 if bookmarks is not None: |