From a4be6185de7eb80980176541fbd28cb50ad786d9 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 17 Feb 2020 11:54:27 -0500 Subject: [PATCH] merge staging and do a little lint compliance --- lib/historyKeeper.js | 9 +++++++++ lib/hk-util.js | 6 +++--- lib/metadata.js | 41 +++++++++++++++++++++++++++++++++++++---- lib/rpc.js | 4 ++-- 4 files changed, 51 insertions(+), 9 deletions(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index bccfef38f..a77a95740 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -112,6 +112,15 @@ module.exports.create = function (config, cb) { }, channelOpen: function (Server, channelName, userId) { Env.channel_cache[channelName] = Env.channel_cache[channelName] || {}; + + + // XXX RESTRICT + // this event is emitted whenever a user joins a channel. + // if that channel is restricted then we should forcefully disconnect them. + // we won't know that it's restricted until we load its metadata. + // as long as metadata is in memory as long as anyone is sending messages to a channel + // then we won't broadcast messages to unauthorized users + Server.send(userId, [ 0, Env.id, diff --git a/lib/hk-util.js b/lib/hk-util.js index 3221d50a2..3c5fe887c 100644 --- a/lib/hk-util.js +++ b/lib/hk-util.js @@ -789,9 +789,9 @@ const handleGetFullHistory = function (Env, Server, seq, userId, parsed) { }; const directMessageCommands = { - GET_HISTORY: handleGetHistory, - GET_HISTORY_RANGE: handleGetHistoryRange, - GET_FULL_HISTORY: handleGetFullHistory, + GET_HISTORY: handleGetHistory, // XXX RESTRICT + GET_HISTORY_RANGE: handleGetHistoryRange, // XXX RESTRICT + GET_FULL_HISTORY: handleGetFullHistory, // XXX RESTRICT }; /* onDirectMessage diff --git a/lib/metadata.js b/lib/metadata.js index 92a5d7541..aa5b49517 100644 --- a/lib/metadata.js +++ b/lib/metadata.js @@ -21,16 +21,49 @@ var isValidOwner = function (owner) { // ["RESTRICT_ACCESS", [true], 1561623438989] // ["RESTRICT_ACCESS", [false], 1561623438989] -// commands.RESTRICT_ACCESS = function (meta, args) {}; +commands.RESTRICT_ACCESS = function (meta, args) { + if (!Array.isArray(args) || typeof(args[0]) !== 'boolean') { + throw new Error('INVALID_STATE'); + } + + var bool = args[0]; + + // reject the proposed command if there is no change in state + if (meta.restricted === bool) { return false; } + + // apply the new state + meta.restricted = args[0]; + + // if you're disabling access restrictions then you can assume + // then there is nothing more to do. Leave the existing list as-is + if (!bool) { return true; } + + // you're all set if an allow list already exists + if (Array.isArray(meta.allowed)) { return true; } + + // otherwise define it + meta.allowed = []; + + return true; +}; // ["ADD_ALLOWED", ["7eEqelGso3EBr5jHlei6av4r9w2B9XZiGGwA1EgZ-5I=", ...], 1561623438989] -// commands.ADD_ALLOWED = function (meta, args) {}; +commands.ADD_ALLOWED = function (meta, args) { + args = args; + throw new Error('NOT_IMPLEMENTED'); +}; // ["RM_ALLOWED", ["7eEqelGso3EBr5jHlei6av4r9w2B9XZiGGwA1EgZ-5I=", ...], 1561623438989] -// commands.RM_ALLOWED = function (meta, args) {}; +commands.RM_ALLOWED = function (meta, args) { + args = args; + throw new Error('NOT_IMPLEMENTED'); +}; // ["RESET_ALLOWED", ["7eEqelGso3EBr5jHlei6av4r9w2B9XZiGGwA1EgZ-5I=", ...], 1561623438989] -// commands.RESET_ALLOWED = function (meta, args) {}; +commands.RESET_ALLOWED = function (meta, args) { + args = args; + throw new Error('NOT_IMPLEMENTED'); +}; // ["ADD_OWNERS", ["7eEqelGso3EBr5jHlei6av4r9w2B9XZiGGwA1EgZ-5I="], 1561623438989] commands.ADD_OWNERS = function (meta, args) { diff --git a/lib/rpc.js b/lib/rpc.js index 875032b74..0d9c605f7 100644 --- a/lib/rpc.js +++ b/lib/rpc.js @@ -18,8 +18,8 @@ const UNAUTHENTICATED_CALLS = { GET_DELETED_PADS: Pinning.getDeletedPads, IS_CHANNEL_PINNED: Pinning.isChannelPinned, IS_NEW_CHANNEL: Channel.isNewChannel, - WRITE_PRIVATE_MESSAGE: Channel.writePrivateMessage, - GET_METADATA: Metadata.getMetadata, + WRITE_PRIVATE_MESSAGE: Channel.writePrivateMessage, // XXX RESTRICT + GET_METADATA: Metadata.getMetadata, // XXX RESTRICT }; var isUnauthenticateMessage = function (msg) {