web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

clean up a few tasks related to allow lists

Browse Source
This commit is contained in:
ansuz 2020-03-03 15:52:49 -05:00
parent 92325a27f7
commit 170aa6d47e
4 changed files with 87 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
lib/commands/channel.js
View File

@ -5,6 +5,7 @@ const Util = require("../common-util");
const nThen = require("nthen"); const nThen = require("nthen");
const Core = require("./core"); const Core = require("./core");
const Metadata = require("./metadata"); const Metadata = require("./metadata");
const HK = require("../hk-util");
Channel.clearOwnedChannel = function (Env, safeKey, channelId, cb, Server) { Channel.clearOwnedChannel = function (Env, safeKey, channelId, cb, Server) {
if (typeof(channelId) !== 'string' || channelId.length !== 32) { if (typeof(channelId) !== 'string' || channelId.length !== 32) {
@ -228,7 +229,9 @@ Channel.isNewChannel = function (Env, channel, cb) {
Otherwise behaves the same as sending to a channel Otherwise behaves the same as sending to a channel
*/ */
Channel.writePrivateMessage = function (Env, args, cb, Server) { Channel.writePrivateMessage = function (Env, args, _cb, Server, netfluxId) {
var cb = Util.once(Util.mkAsync(_cb));
var channelId = args[0]; var channelId = args[0];
var msg = args[1]; var msg = args[1];
@ -246,31 +249,52 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
return void cb("NOT_IMPLEMENTED"); return void cb("NOT_IMPLEMENTED");
} }
// historyKeeper expects something with an 'id' attribute nThen(function (w) {
// it will fail unless you provide it, but it doesn't need anything else Metadata.getMetadataRaw(Env, channelId, w(function (err, metadata) {
var channelStruct = { if (err) {
id: channelId, w.abort();
}; Env.Log.error('HK_WRITE_PRIVATE_MESSAGE', err);
return void cb('METADATA_ERR');
}
// construct a message to store and broadcast if (!metadata || !metadata.restricted) {
var fullMessage = [ return;
0, // idk }
null, // normally the netflux id, null isn't rejected, and it distinguishes messages written in this way
"MSG", // indicate that this is a MSG
channelId, // channel id
msg // the actual message content. Generally a string
];
// XXX RESTRICT respect allow lists var session = HK.getNetfluxSession(Env, netfluxId);
var allowed = HK.listAllowedUsers(metadata);
// historyKeeper already knows how to handle metadata and message validation, so we just pass it off here if (HK.isUserSessionAllowed(allowed, session)) { return; }
// if the message isn't valid it won't be stored.
Env.historyKeeper.channelMessage(Server, channelStruct, fullMessage);
Server.getChannelUserList(channelId).forEach(function (userId) { w.abort();
Server.send(userId, fullMessage); cb('INSUFFICIENT_PERMISSIONS');
}));
}).nThen(function () {
// historyKeeper expects something with an 'id' attribute
// it will fail unless you provide it, but it doesn't need anything else
var channelStruct = {
id: channelId,
};
// construct a message to store and broadcast
var fullMessage = [
0, // idk
null, // normally the netflux id, null isn't rejected, and it distinguishes messages written in this way
"MSG", // indicate that this is a MSG
channelId, // channel id
msg // the actual message content. Generally a string
];
// historyKeeper already knows how to handle metadata and message validation, so we just pass it off here
// if the message isn't valid it won't be stored.
Env.historyKeeper.channelMessage(Server, channelStruct, fullMessage);
Server.getChannelUserList(channelId).forEach(function (userId) {
Server.send(userId, fullMessage);
});
cb();
}); });
cb();
}; };

3
lib/historyKeeper.js
View File

@ -69,8 +69,7 @@ module.exports.create = function (config, cb) {
blockDailyCheck: config.blockDailyCheck === true, blockDailyCheck: config.blockDailyCheck === true,
myDomain: config.httpUnsafeOrigin, myDomain: config.httpUnsafeOrigin,
// XXX not included in the config... mySubdomain: config.mySubdomain, // only exists for the accounts integration
mySubdomain: config.mySubdomain,
customLimits: config.customLimits || {}, customLimits: config.customLimits || {},
// FIXME this attribute isn't in the default conf // FIXME this attribute isn't in the default conf
// but it is referenced in Quota // but it is referenced in Quota

26
lib/hk-util.js
View File

@ -834,6 +834,7 @@ const directMessageCommands = {
*/ */
HK.onDirectMessage = function (Env, Server, seq, userId, json) { HK.onDirectMessage = function (Env, Server, seq, userId, json) {
const Log = Env.Log; const Log = Env.Log;
const HISTORY_KEEPER_ID = Env.id;
Log.silly('HK_MESSAGE', json); Log.silly('HK_MESSAGE', json);
let parsed; let parsed;
@ -891,10 +892,27 @@ HK.onDirectMessage = function (Env, Server, seq, userId, json) {
return; return;
} }
// XXX NOT ALLOWED /* Anyone in the userlist that isn't in the allow list should have already
// respond to txid with error as in handleGetHistory been kicked out of the channel. Likewise, disallowed users should not
// send the allow list anyway, it might not get used currently be able to add themselves to the userlist because JOIN commands respect
// but will in the future access control settings. The error that is sent below protects against
the remaining case, in which users try to get history without having
joined the channel. Normally we'd send the allow list to tell them the
key with which they should authenticate, but since we don't use this
behaviour, I'm doing the easy thing and just telling them to GO AWAY.
We can implement the more advanced behaviour later if it turns out that
we need it. This command validates guards against all kinds of history
access: GET_HISTORY, GET_HISTORY_RANGE, GET_FULL_HISTORY.
*/
w.abort();
return void Server.send(userId, [
seq,
'ERROR',
'ERESTRICTED',
HISTORY_KEEPER_ID
]);
})); }));
}).nThen(function () { }).nThen(function () {
// run the appropriate command from the map // run the appropriate command from the map

23
scripts/tests/test-rpc.js
View File

@ -373,11 +373,24 @@ nThen(function (w) {
} }
})); }));
}).nThen(function (w) { }).nThen(function (w) {
// XXX RESTRICT GET_METADATA should fail because alice is not on the allow list alice.anonRpc.send('GET_METADATA', oscar.mailboxChannel, w(function (err, response) {
// expect INSUFFICIENT_PERMISSIONS if (!response) { throw new Error("EXPECTED RESPONSE"); }
alice.anonRpc.send('GET_METADATA', oscar.mailboxChannel, w(function (err) { var metadata = response[0];
if (!err) { var expected_fields = ['restricted', 'allowed'];
// XXX RESTRICT alice should not be permitted to read oscar's mailbox's metadata for (var key in metadata) {
if (expected_fields.indexOf(key) === -1) {
console.log(metadata);
throw new Error("EXPECTED METADATA TO BE RESTRICTED");
}
}
}));
}).nThen(function (w) {
alice.anonRpc.send('WRITE_PRIVATE_MESSAGE', [
oscar.mailboxChannel,
'["VANDALISM"]',
], w(function (err) {
if (err !== 'INSUFFICIENT_PERMISSIONS') {
throw new Error("EXPECTED INSUFFICIENT PERMISSIONS ERROR");
} }
})); }));
}).nThen(function (w) { }).nThen(function (w) {