restrict access to metadata

2020-02-21 10:31:10 -05:00
parent ad7096d754
commit fe0e02a421
4 changed files with 38 additions and 9 deletions
--- a/lib/commands/channel.js
+++ b/lib/commands/channel.js
@@ -261,6 +261,8 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
        msg // the actual message content. Generally a string
    ];

+    // XXX RESTRICT respect allow lists
+
    // historyKeeper already knows how to handle metadata and message validation, so we just pass it off here
    // if the message isn't valid it won't be stored.
    Env.historyKeeper.channelMessage(Server, channelStruct, fullMessage);
--- a/lib/commands/metadata.js
+++ b/lib/commands/metadata.js
@@ -2,16 +2,21 @@
 const Data = module.exports;

 const Meta = require("../metadata");
-const BatchRead = require("../batch-read");
 const WriteQueue = require("../write-queue");
 const Core = require("./core");
 const Util = require("../common-util");
 const HK = require("../hk-util");

-Data.getMetadata = function (Env, channel, cb/* , Server */) {
+Data.getMetadataRaw = function (Env, channel /* channelName */, _cb) {
+    const cb = Util.once(Util.mkAsync(_cb));
    if (!Core.isValidId(channel)) { return void cb('INVALID_CHAN'); }
    if (channel.length !== HK.STANDARD_CHANNEL_LENGTH) { return cb("INVALID_CHAN_LENGTH"); }

+    var cached = Env.metadata_cache[channel];
+    if (HK.isMetadataMessage(cached)) {
+        return void cb(void 0, cached);
+    }
+
    Env.batchMetadata(channel, cb, function (done) {
        var ref = {};
        var lineHandler = Meta.createLineHandler(ref, Env.Log.error);
@@ -25,6 +30,28 @@ Data.getMetadata = function (Env, channel, cb/* , Server */) {
    });
 };

+Data.getMetadata = function (Env, channel, cb, Server, netfluxId) {
+    Data.getMetadataRaw(Env, channel, function (err, metadata) {
+        if (err) { return void cb(err); }
+
+        if (!(metadata && metadata.restricted)) {
+            // if it's not restricted then just call back
+            return void cb(void 0, metadata);
+        }
+
+        const session = HK.getNetfluxSession(Env, netfluxId);
+        const allowed = HK.listAllowedUsers(metadata);
+
+        if (!HK.isUserSessionAllowed(allowed, session)) {
+            return void cb(void 0, {
+                restricted: metadata.restricted,
+                allowed: allowed,
+            });
+        }
+        cb(void 0, metadata);
+    });
+};
+
 /* setMetadata
    - write a new line to the metadata log if a valid command is provided
    - data is an object: {