clean up a few tasks related to allow lists

lib/commands/channel.js

@@ -5,6 +5,7 @@ const Util = require("../common-util");
 const nThen = require("nthen");
 const Core = require("./core");
 const Metadata = require("./metadata");
+const HK = require("../hk-util");
 
 Channel.clearOwnedChannel = function (Env, safeKey, channelId, cb, Server) {
     if (typeof(channelId) !== 'string' || channelId.length !== 32) {
@@ -228,7 +229,9 @@ Channel.isNewChannel = function (Env, channel, cb) {
 
     Otherwise behaves the same as sending to a channel
 */
-Channel.writePrivateMessage = function (Env, args, cb, Server) {
+Channel.writePrivateMessage = function (Env, args, _cb, Server, netfluxId) {
+    var cb = Util.once(Util.mkAsync(_cb));
+
     var channelId = args[0];
     var msg = args[1];
 
@@ -246,6 +249,27 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
         return void cb("NOT_IMPLEMENTED");
     }
 
+    nThen(function (w) {
+        Metadata.getMetadataRaw(Env, channelId, w(function (err, metadata) {
+            if (err) {
+                w.abort();
+                Env.Log.error('HK_WRITE_PRIVATE_MESSAGE', err);
+                return void cb('METADATA_ERR');
+            }
+
+            if (!metadata || !metadata.restricted) {
+                return;
+            }
+
+            var session = HK.getNetfluxSession(Env, netfluxId);
+            var allowed = HK.listAllowedUsers(metadata);
+
+            if (HK.isUserSessionAllowed(allowed, session)) { return; }
+
+            w.abort();
+            cb('INSUFFICIENT_PERMISSIONS');
+        }));
+    }).nThen(function () {
         // historyKeeper expects something with an 'id' attribute
         // it will fail unless you provide it, but it doesn't need anything else
         var channelStruct = {
@@ -261,7 +285,6 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
             msg // the actual message content. Generally a string
         ];
 
-    // XXX RESTRICT respect allow lists
 
         // historyKeeper already knows how to handle metadata and message validation, so we just pass it off here
         // if the message isn't valid it won't be stored.
@@ -272,5 +295,6 @@ Channel.writePrivateMessage = function (Env, args, cb, Server) {
         });
 
         cb();
+    });
 };
 

lib/historyKeeper.js

@@ -69,8 +69,7 @@ module.exports.create = function (config, cb) {
         blockDailyCheck: config.blockDailyCheck === true,
 
         myDomain: config.httpUnsafeOrigin,
-        // XXX not included in the config...
+        mySubdomain: config.mySubdomain, // only exists for the accounts integration
-        mySubdomain: config.mySubdomain,
         customLimits: config.customLimits || {},
         // FIXME this attribute isn't in the default conf
         // but it is referenced in Quota

lib/hk-util.js

@@ -834,6 +834,7 @@ const directMessageCommands = {
 */
 HK.onDirectMessage = function (Env, Server, seq, userId, json) {
     const Log = Env.Log;
+    const HISTORY_KEEPER_ID = Env.id;
     Log.silly('HK_MESSAGE', json);
 
     let parsed;
@@ -891,10 +892,27 @@ HK.onDirectMessage = function (Env, Server, seq, userId, json) {
                 return;
             }
 
-            // XXX NOT ALLOWED
+/*  Anyone in the userlist that isn't in the allow list should have already
-            // respond to txid with error as in handleGetHistory
+    been kicked out of the channel. Likewise, disallowed users should not
-            // send the allow list anyway, it might not get used currently
+    be able to add themselves to the userlist because JOIN commands respect
-            // but will in the future
+    access control settings. The error that is sent below protects against
+    the remaining case, in which users try to get history without having
+    joined the channel. Normally we'd send the allow list to tell them the
+    key with which they should authenticate, but since we don't use this
+    behaviour, I'm doing the easy thing and just telling them to GO AWAY.
+
+    We can implement the more advanced behaviour later if it turns out that
+    we need it. This command validates guards against all kinds of history
+    access: GET_HISTORY, GET_HISTORY_RANGE, GET_FULL_HISTORY.
+*/
+
+            w.abort();
+            return void Server.send(userId, [
+                seq,
+                'ERROR',
+                'ERESTRICTED',
+                HISTORY_KEEPER_ID
+            ]);
         }));
     }).nThen(function () {
         // run the appropriate command from the map

scripts/tests/test-rpc.js

@@ -373,11 +373,24 @@ nThen(function  (w) {
         }
     }));
 }).nThen(function (w) {
-    // XXX RESTRICT GET_METADATA should fail because alice is not on the allow list
+    alice.anonRpc.send('GET_METADATA', oscar.mailboxChannel, w(function (err, response) {
-    // expect INSUFFICIENT_PERMISSIONS
+        if (!response) { throw new Error("EXPECTED RESPONSE"); }
-    alice.anonRpc.send('GET_METADATA', oscar.mailboxChannel, w(function (err) {
+        var metadata = response[0];
-        if (!err) {
+        var expected_fields = ['restricted', 'allowed'];
-            // XXX RESTRICT alice should not be permitted to read oscar's mailbox's metadata
+        for (var key in metadata) {
+            if (expected_fields.indexOf(key) === -1) {
+                console.log(metadata);
+                throw new Error("EXPECTED METADATA TO BE RESTRICTED");
+            }
+        }
+    }));
+}).nThen(function (w) {
+    alice.anonRpc.send('WRITE_PRIVATE_MESSAGE', [
+        oscar.mailboxChannel,
+        '["VANDALISM"]',
+    ], w(function (err) {
+        if (err !== 'INSUFFICIENT_PERMISSIONS') {
+            throw new Error("EXPECTED INSUFFICIENT PERMISSIONS ERROR");
         }
     }));
 }).nThen(function (w) {