sketch out some historyKeeper functionality related to access lists

5 years ago · eac3e4cbcd
parent d5e8fc35f7
commit eac3e4cbcd
2 changed files with 41 additions and 0 deletions
--- a/lib/historyKeeper.js
+++ b/lib/historyKeeper.js
@ -113,6 +113,10 @@ module.exports.create = function (config, cb) {
        channelOpen: function (Server, channelName, userId) {
            Env.channel_cache[channelName] = Env.channel_cache[channelName] || {};

+            //const metadata = Env.metadata_cache[channelName];
+            // chainpad-server@4.0.3 supports a removeFromChannel method
+            // Server.removeFromChannel(channelName, userId);
+            // this lets us kick users from restricted channels

            // XXX RESTRICT
            // this event is emitted whenever a user joins a channel.
--- a/lib/hk-util.js
+++ b/lib/hk-util.js
@ -75,6 +75,29 @@ const isMetadataMessage = function (parsed) {
    return Boolean(parsed && parsed.channel);
 };

+const isChannelRestricted = function (metadata) { // XXX RESTRICT
+    metadata = metadata;
+    return false;
+};
+
+const isUserAllowed = function (metadata, userId) { // XXX RESTRICT
+/*
+
+    at this point all we have is the user's netflux id.
+    the allow-list is encoded for 'unsafeKeys' (URL-unsafe base64 encoded public signing keys).
+
+    we need a lookup table: netfluxId => public keys with which this netflux session has authenticated.
+    from there we can check whether the user has authenticated for any of the allowed keys this session.
+
+    owners are implicitly allowed to view any file they own.
+    pending_owners too.
+    otherwise check metadata.allowed.
+
+*/
+    userId = userId;
+    return false;
+};
+
 // validateKeyStrings supplied by clients must decode to 32-byte Uint8Arrays
 const isValidValidateKeyString = function (key) {
    try {
@ -646,6 +669,16 @@ const handleGetHistory = function (Env, Server, seq, userId, parsed) {
            // And then check if the channel is expired. If it is, send the error and abort
            // FIXME this is hard to read because 'checkExpired' has side effects
            if (checkExpired(Env, Server, channelName)) { return void waitFor.abort(); }
+
+            // XXX RESTRICT
+            // once we've loaded the metadata we can check whether the channel is restricted
+            // and notify the user if they're not included in the list
+            if (isChannelRestricted(index.metadata) && isUserAllowed(index.metadata, userId)) {
+                // XXX RESTRICT send a message indicating that they need to authenticate
+                // for a list of private keys...
+                return void waitFor.abort();
+            }
+
            // always send metadata with GET_HISTORY requests
            Server.send(userId, [0, HISTORY_KEEPER_ID, 'MSG', userId, JSON.stringify(index.metadata)], w);
        }));
@ -817,6 +850,10 @@ HK.onDirectMessage = function (Env, Server, seq, userId, json) {
    // have to abort later (once we know the expiration time)
    if (checkExpired(Env, Server, parsed[1])) { return; }

+    // XXX RESTRICT
+    // metadata might already be in memory.
+    // rejecting unauthorized users here is an optimization
+
    // look up the appropriate command in the map of commands or fall back to RPC
    var command = directMessageCommands[parsed[0]] || handleRPC;