gerrit-contactstore =================== Utilities to receive contact information for individual users from Gerrit and archive them in an encrypted store. Gerrit connects to the store by sending a standard HTTP POST request to the store URL, with the following form parameters in the body: * APPSEC A shared secret "password" that should be known only to Gerrit and the contact store. The contact store should test this value to deter spamming of the contact store by outside parties. * account_id Unique account_id value from the Gerrit database for the account the contact information belongs to. Base 10 integer. * email Preferred email address of the account. May facilitate lookups in the contact store at a future date. May not be provided. * filed Seconds since the UNIX epoch of when the contact information was filed. May be omitted or the empty string if the application doesn't think the supplied contact information is valid enough. * data Encrypted account data as an armored ASCII blob. This is usually several KB of text data as a single string, with embedded newlines to break the lines at about 70-75 characters. Data can be decoded using GnuPG with the correct private key. Using HTTPS for the store is encouraged, as it prevents man-in-the-middle attacks at reading the shared secret APPSEC token, or messing with the data packet. A successful store should respond with HTTP status code "200 OK" and a text/plain content consisting of only "OK\n". Any other response is considered to be a store failure. Implementations --------------- google_appengine/ ~~~~~~~~~~~~~~~~~ This implementation of the contact store runs on Google App Engine. It is a two very small Python CGIs: main.py receives the data and secure.py permits some limited searching and retrieval of the data by the application's owners (aka "developers" to Google App Engine). The encrypted data payload is stored as-is when received; that is the data stays fully encrypted within AppEngine, and the private key is never stored on AppEngine. It is therefore impossible for Google to decipher or otherwise read the contact information stored. To use this implementation, sign up for a free AppEngine account, then install the code with: cd google_appengine make APPID=your-app-id-here update and configure Gerrit to use your new application instance: $ psql reviewdb UPDATE system_config SET contact_store_url = 'https://your-app-id-here.appspot.com/store' ,contact_store_appsec = 'appsec-key-printed-during-update'; Later you can search for and download the encrypted contact information by visiting your application over the web at https://your-app-id-here.appspot.com/. Note that you must sign-in with a developer account. This provides a very simple access control system; to add additional users invite them to be developers of your application.