Signal-iOS/SignalServiceKit/KeyBackupService/KBSAuthCredentialStorage.swift
2023-02-02 10:17:52 -08:00

42 lines
2.1 KiB
Swift

//
// Copyright 2023 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
extension KBS {
static let maxKBSAuthCredentialsBackedUp: Int = 10
}
public protocol KBSAuthCredentialStorage {
/// Stores an `KBSAuthCredential` to both local storage and iCloud storage, overwriting
/// any existing credentials for the same username.
/// Also marks the credential as "current", using it for future KBS requests until a new credential
/// is provided to this method.
/// Stores up to `KBS.maxKBSAuthCredentialsBackedUp` credentials; if more are inserted,
/// they are dropped in FIFO order.
///
/// Note multiple accounts can share an iCloud and so more than one user may be present in storage.
/// iCloud storage is used to re-register on other devices without the need for OTP verification via phone number.
func storeAuthCredentialForCurrentUsername(_ auth: KBSAuthCredential, _ transaction: DBWriteTransaction)
/// Gets all stored `KBSAuthCredential`s, from local disk if available, or iCloud otherwise.
/// Credentials may be expired or invalid for a particular e164; callers should poke the registration
/// server to validate them as a set.
/// Returns up to `KBS.maxKBSAuthCredentialsBackedUp` credentials.
func getAuthCredentials(_ transaction: DBReadTransaction) -> [KBSAuthCredential]
/// Gets the `KBSAuthCredential` that was most recently stored on this device.
/// Returns nil if there are no backed up credentials, or if all credentials came from iCloud
/// storage and therefore there is no concept of a "current" username.
/// In such cases, the user should go through registration using the full list with
/// `getAuthCredentials`.
func getAuthCredentialForCurrentUser(_ transaction: DBReadTransaction) -> KBSAuthCredential?
/// Removes the provided credentials from storage.
/// Should be called when the server tells the client the credential(s) are invalid.
func deleteInvalidCredentials(_: [KBSAuthCredential], _ transaction: DBWriteTransaction)
}