clean up a few tasks related to allow lists

2020-03-03 15:52:49 -05:00
parent 92325a27f7
commit 170aa6d47e
4 changed files with 87 additions and 33 deletions
--- a/lib/commands/channel.js
+++ b/lib/commands/channel.js
@@ -5,6 +5,7 @@ const Util = require("../common-util");
 const nThen = require("nthen");
 const Core = require("./core");
 const Metadata = require("./metadata");
+const HK = require("../hk-util");

 Channel.clearOwnedChannel = function (Env, safeKey, channelId, cb, Server) {
    if (typeof(channelId) !== 'string' || channelId.length !== 32) {
@@ -228,7 +229,9 @@ Channel.isNewChannel = function (Env, channel, cb) {

    Otherwise behaves the same as sending to a channel
 */
-Channel.writePrivateMessage = function (Env, args, cb, Server) {
+Channel.writePrivateMessage = function (Env, args, _cb, Server, netfluxId) {
+    var cb = Util.once(Util.mkAsync(_cb));
+
    var channelId = args[0];
    var msg = args[1];

@@ -246,31 +249,52 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
        return void cb("NOT_IMPLEMENTED");
    }

-    // historyKeeper expects something with an 'id' attribute
-    // it will fail unless you provide it, but it doesn't need anything else
-    var channelStruct = {
-        id: channelId,
-    };
+    nThen(function (w) {
+        Metadata.getMetadataRaw(Env, channelId, w(function (err, metadata) {
+            if (err) {
+                w.abort();
+                Env.Log.error('HK_WRITE_PRIVATE_MESSAGE', err);
+                return void cb('METADATA_ERR');
+            }

-    // construct a message to store and broadcast
-    var fullMessage = [
-        0, // idk
-        null, // normally the netflux id, null isn't rejected, and it distinguishes messages written in this way
-        "MSG", // indicate that this is a MSG
-        channelId, // channel id
-        msg // the actual message content. Generally a string
-    ];
+            if (!metadata || !metadata.restricted) {
+                return;
+            }

-    // XXX RESTRICT respect allow lists
+            var session = HK.getNetfluxSession(Env, netfluxId);
+            var allowed = HK.listAllowedUsers(metadata);

-    // historyKeeper already knows how to handle metadata and message validation, so we just pass it off here
-    // if the message isn't valid it won't be stored.
-    Env.historyKeeper.channelMessage(Server, channelStruct, fullMessage);
+            if (HK.isUserSessionAllowed(allowed, session)) { return; }

-    Server.getChannelUserList(channelId).forEach(function (userId) {
-        Server.send(userId, fullMessage);
+            w.abort();
+            cb('INSUFFICIENT_PERMISSIONS');
+        }));
+    }).nThen(function () {
+        // historyKeeper expects something with an 'id' attribute
+        // it will fail unless you provide it, but it doesn't need anything else
+        var channelStruct = {
+            id: channelId,
+        };
+
+        // construct a message to store and broadcast
+        var fullMessage = [
+            0, // idk
+            null, // normally the netflux id, null isn't rejected, and it distinguishes messages written in this way
+            "MSG", // indicate that this is a MSG
+            channelId, // channel id
+            msg // the actual message content. Generally a string
+        ];
+
+
+        // historyKeeper already knows how to handle metadata and message validation, so we just pass it off here
+        // if the message isn't valid it won't be stored.
+        Env.historyKeeper.channelMessage(Server, channelStruct, fullMessage);
+
+        Server.getChannelUserList(channelId).forEach(function (userId) {
+            Server.send(userId, fullMessage);
+        });
+
+        cb();
    });
-
-    cb();
 };