From 7ee877821069fdedcbb225e533988187fe614526 Mon Sep 17 00:00:00 2001 From: ansuz Date: Fri, 21 Feb 2020 13:05:07 -0500 Subject: [PATCH] kick unauthorized users from restricted channels and update dependencies --- lib/commands/metadata.js | 70 ++++++++++++++++++++++++++++++---------- package-lock.json | 4 +-- package.json | 2 +- 3 files changed, 55 insertions(+), 21 deletions(-) diff --git a/lib/commands/metadata.js b/lib/commands/metadata.js index 21132dd23..a5bca0dca 100644 --- a/lib/commands/metadata.js +++ b/lib/commands/metadata.js @@ -71,7 +71,7 @@ Data.setMetadata = function (Env, safeKey, data, cb, Server) { if (Meta.commands.indexOf(command) === -1) { return void cb('UNSUPPORTED_COMMAND'); } queueMetadata(channel, function (next) { - Data.getMetadata(Env, channel, function (err, metadata) { + Data.getMetadataRaw(Env, channel, function (err, metadata) { if (err) { cb(err); return void next(); @@ -133,34 +133,70 @@ Data.setMetadata = function (Env, safeKey, data, cb, Server) { return void next(); } - - // chainpad-server@4.0.3 supports a removeFromChannel method - // Server.removeFromChannel(channelName, userId); - // this lets us kick users from restricted channels - - // XXX RESTRICT - // if the metadata changes and includes an allowed list - // kick any current users from the channel - // if they aren't on it. - - // review Server.channelBroadcast as used for EEXPIRED - // send them to the user in question, from historyKeeper - + // send the message back to the person who changed it + // since we know they're allowed to see it cb(void 0, metadata); next(); const metadata_cache = Env.metadata_cache; const channel_cache = Env.channel_cache; + // update the cached metadata metadata_cache[channel] = metadata; + // as well as the metadata that's attached to the index... + // XXX determine if we actually need this... var index = Util.find(channel_cache, [channel, 'index']); if (index && typeof(index) === 'object') { index.metadata = metadata; } - Server.channelBroadcast(channel, JSON.stringify(metadata), Env.historyKeeper.id); + // it's easy to check if the channel is restricted + const isRestricted = metadata.restricted; + // and these values will be used in any case + const s_metadata = JSON.stringify(metadata); + const hk_id = Env.historyKeeper.id; + + if (!isRestricted) { + // pre-allow-list behaviour + // if it's not restricted, broadcast the new metadata to everyone + return void Server.channelBroadcast(channel, s_metadata, hk_id); + } + + // otherwise derive the list of users (unsafeKeys) that are allowed to stay + const allowed = HK.listAllowedUsers(metadata); + // anyone who is not allowed will get the same error message + const s_error = JSON.stringify({ + error: 'ERESTRICTED', + channel: channel, + }); + + // iterate over the channel's userlist + const toRemove = []; + Server.getChannelUserList(channel).forEach(function (userId) { + const session = HK.getNetfluxSession(Env, userId); + + // if the user is allowed to remain, send them the metadata + if (HK.isUserSessionAllowed(allowed, session)) { + return void Server.send(userId, [ + 0, + hk_id, + 'MSG', + userId, + s_metadata + ], function () {}); + } + // otherwise they are not in the list. + // send them an error and kick them out! + Server.send(userId, [ + 0, + hk_id, + 'MSG', + userId, + s_error + ], function () {}); + }); + + Server.removeFromChannel(channel, toRemove); }); }); }); }; - - diff --git a/package-lock.json b/package-lock.json index d4a119d75..c3e9c6905 100644 --- a/package-lock.json +++ b/package-lock.json @@ -113,9 +113,7 @@ } }, "chainpad-server": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/chainpad-server/-/chainpad-server-4.0.2.tgz", - "integrity": "sha512-9NrFsATd70uAdksxsCZBIJ/SiREmJ6QLYTNaeFLH/nJpeZ2b7wblVGABCj3JYWvngdEZ7Umc+afbWH8sUmtgeQ==", + "version": "4.0.3", "requires": { "nthen": "0.1.8", "pull-stream": "^3.6.9", diff --git a/package.json b/package.json index 81be1c7f8..43a28fdb2 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ }, "dependencies": { "chainpad-crypto": "^0.2.2", - "chainpad-server": "^4.0.0", + "chainpad-server": "^4.0.3", "express": "~4.16.0", "fs-extra": "^7.0.0", "get-folder-size": "^2.0.1",