back round 1 view raw

knotserver: filter by known dids in processPublicKey #478

closed

opened by

anirudh.fi 4 months ago targeting master from push-wzlvlnywrxrs

Must've been removed by accident.

Signed-off-by: Anirudh Oppiliappan anirudh@tangled.sh

options

unified split

Changed files

+17 -4

knotserver

ingester.go

+17 -4

knotserver/ingester.go

···

       27
       27
        
       

     

       28
       28
        
       func (h *Handle) processPublicKey(ctx context.Context, did string, record tangled.PublicKey) error {

     

       29
       29
        
       	l := log.FromContext(ctx)

     

       30
       30
       +
       

     

       31
       31
       +
       	allDids, err := h.db.GetAllDids()

     

       32
       32
       +
       	if err != nil {

     

       33
       33
       +
       		return err

     

       34
       34
       +
       	}

     

       35
       35
       +
       

     

       36
       36
       +
       	// only process public keys from known DIDs

     

       37
       37
       +
       	if !slices.Contains(allDids, did) {

     

       38
       38
       +
       		reason := "not a known did"

     

       39
       39
       +
       		l.Debug("rejecting public key record", "reason", reason, "did", did)

     

       40
       40
       +
       		return nil

     

       41
       41
       +
       	}

     

       42
       42
       +
       

     

       30
       43
        
       	pk := db.PublicKey{

     

       31
       44
        
       		Did:       did,

     

       32
       45
        
       		PublicKey: record,

     
···

       99
       112
        
       	// presently: we only process PRs from collaborators for pipelines

     

       100
       113
        
       	if !slices.Contains(allDids, did) {

     

       101
       114
        
       		reason := "not a known did"

     

       102
       102
       -
       		l.Info("rejecting pull record", "reason", reason)

     

       103
       103
       -
       		return fmt.Errorf("rejected pull record: %s, %s", reason, did)

     

       115
       115
       +
       		l.Debug("rejecting pull record", "reason", reason)

     

       116
       116
       +
       		return nil

     

       104
       117
        
       	}

     

       105
       118
        
       

     

       106
       119
        
       	repoAt, err := syntax.ParseATURI(record.TargetRepo)

     
···

       128
       141
        
       

     

       129
       142
        
       	if repo.Knot != h.c.Server.Hostname {

     

       130
       143
        
       		reason := "not this knot"

     

       131
       131
       -
       		l.Info("rejecting pull record", "reason", reason)

     

       132
       132
       -
       		return fmt.Errorf("rejected pull record: %s", reason)

     

       144
       144
       +
       		l.Debug("rejecting pull record", "reason", reason)

     

       145
       145
       +
       		return nil

     

       133
       146
        
       	}

     

       134
       147
        
       

     

       135
       148
        
       	didSlashRepo, err := securejoin.SecureJoin(repo.Owner, repo.Name)