restrict access to metadata

lib/rpc.js

@@ -19,15 +19,15 @@ const UNAUTHENTICATED_CALLS = {
     GET_DELETED_PADS: Pinning.getDeletedPads,
     IS_CHANNEL_PINNED: Pinning.isChannelPinned,
     IS_NEW_CHANNEL: Channel.isNewChannel,
-    WRITE_PRIVATE_MESSAGE: Channel.writePrivateMessage, // XXX RESTRICT
-    GET_METADATA: Metadata.getMetadata, // XXX RESTRICT
+    WRITE_PRIVATE_MESSAGE: Channel.writePrivateMessage,
+    GET_METADATA: Metadata.getMetadata,
 };
 
 var isUnauthenticateMessage = function (msg) {
     return msg && msg.length === 2 && typeof(UNAUTHENTICATED_CALLS[msg[0]]) === 'function';
 };
 
-var handleUnauthenticatedMessage = function (Env, msg, respond, Server) {
+var handleUnauthenticatedMessage = function (Env, msg, respond, Server, netfluxId) {
     Env.Log.silly('LOG_RPC', msg[0]);
 
     var method = UNAUTHENTICATED_CALLS[msg[0]];
@@ -37,7 +37,7 @@ var handleUnauthenticatedMessage = function (Env, msg, respond, Server) {
             return void respond(err);
         }
         respond(err, [null, value, null]);
-    }, Server);
+    }, Server, netfluxId);
 };
 
 const AUTHENTICATED_USER_TARGETED = {
@@ -137,7 +137,7 @@ var rpc = function (Env, Server, userId, data, respond) {
     }
 
     if (isUnauthenticateMessage(msg)) {
-        return handleUnauthenticatedMessage(Env, msg, respond, Server);
+        return handleUnauthenticatedMessage(Env, msg, respond, Server, userId);
     }
 
     var signature = msg.shift();