From f0e5fc761436a09c3f2ad9b1a00fd905a062b16c Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 25 Feb 2020 09:09:16 -0500 Subject: [PATCH] merge some missing code from communities-allow-list --- lib/historyKeeper.js | 85 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 78 insertions(+), 7 deletions(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index bccfef38f..e2bbafa59 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -38,6 +38,7 @@ module.exports.create = function (config, cb) { channel_cache: {}, queueStorage: WriteQueue(), batchIndexReads: BatchRead("HK_GET_INDEX"), + batchMetadata: BatchRead('GET_METADATA'), //historyKeeper: config.historyKeeper, intervals: config.intervals || {}, @@ -46,6 +47,8 @@ module.exports.create = function (config, cb) { paths: {}, //msgStore: config.store, + netfluxUsers: {}, + pinStore: undefined, pinnedPads: {}, pinsLoaded: false, @@ -110,14 +113,82 @@ module.exports.create = function (config, cb) { // we drop cached metadata and indexes at the same time HK.dropChannel(Env, channelName); }, - channelOpen: function (Server, channelName, userId) { + channelOpen: function (Server, channelName, userId, wait) { Env.channel_cache[channelName] = Env.channel_cache[channelName] || {}; - Server.send(userId, [ - 0, - Env.id, - 'JOIN', - channelName - ]); + + var sendHKJoinMessage = function () { + Server.send(userId, [ + 0, + Env.id, + 'JOIN', + channelName + ]); + }; + + // a little backwards compatibility in case you don't have the latest server + // allow lists won't work unless you update, though + if (typeof(wait) !== 'function') { return void sendHKJoinMessage(); } + + var next = wait(); + var cb = function (err, info) { + next(err, info, sendHKJoinMessage); + }; + + // only conventional channels can be restricted + if ((channelName || "").length !== HK.STANDARD_CHANNEL_LENGTH) { + return void cb(); + } + + // gets and caches the metadata... + HK.getMetadata(Env, channelName, function (err, metadata) { + if (err) { + Log.error('HK_METADATA_ERR', { + channel: channelName, + error: err, + }); + } + + if (!metadata || (metadata && !metadata.restricted)) { + // the channel doesn't have metadata, or it does and it's not restricted + // either way, let them join. + return void cb(); + } + + // this channel is restricted. verify that the user in question is in the allow list + + // construct a definitive list (owners + allowed) + var allowed = HK.listAllowedUsers(metadata); + // and get the list of keys for which this user has already authenticated + var session = HK.getNetfluxSession(Env, userId); + + if (HK.isUserSessionAllowed(allowed, session)) { + return void cb(); + } + + // otherwise they're not allowed. + // respond with a special error that includes the list of keys + // which would be allowed... + // FIXME bonus points if you hash the keys to limit data exposure + cb("ERESTRICTED", allowed); + }); + }, + sessionClose: function (userId, reason) { + HK.closeNetfluxSession(Env, userId); + + // TODO RESTRICT drop user session data + if (['BAD_MESSAGE', 'SOCKET_ERROR', 'SEND_MESSAGE_FAIL_2'].indexOf(reason) !== -1) { + if (reason && reason.code === 'ECONNRESET') { return; } + return void Log.error('SESSION_CLOSE_WITH_ERROR', { + userId: userId, + reason: reason, + }); + } + + if (reason && reason === 'SOCKET_CLOSED') { return; } + Log.verbose('SESSION_CLOSE_ROUTINE', { + userId: userId, + reason: reason, + }); }, directMessage: function (Server, seq, userId, json) { // netflux-server allows you to register an id with a handler