back round 1 view raw

knotserver: filter by known dids in processPublicKey #478

closed
opened by anirudh.fi targeting master from push-wzlvlnywrxrs
options
unified split
Changed files
+17 -4
knotserver
ingester.go
+17 -4
knotserver/ingester.go 
···

       
27

       
 

       



     

       
28

       
 

       
func (h *Handle) processPublicKey(ctx context.Context, did string, record tangled.PublicKey) error {


     

       
29

       
 

       
	l := log.FromContext(ctx)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
30

       
 

       
	pk := db.PublicKey{


     

       
31

       
 

       
		Did:       did,


     

       
32

       
 

       
		PublicKey: record,


     
···

       
99

       
 

       
	// presently: we only process PRs from collaborators for pipelines


     

       
100

       
 

       
	if !slices.Contains(allDids, did) {


     

       
101

       
 

       
		reason := "not a known did"


     

       
102

       
-

       
		l.Info("rejecting pull record", "reason", reason)


     

       
103

       
-

       
		return fmt.Errorf("rejected pull record: %s, %s", reason, did)


     

       
104

       
 

       
	}


     

       
105

       
 

       



     

       
106

       
 

       
	repoAt, err := syntax.ParseATURI(record.TargetRepo)


     
···

       
128

       
 

       



     

       
129

       
 

       
	if repo.Knot != h.c.Server.Hostname {


     

       
130

       
 

       
		reason := "not this knot"


     

       
131

       
-

       
		l.Info("rejecting pull record", "reason", reason)


     

       
132

       
-

       
		return fmt.Errorf("rejected pull record: %s", reason)


     

       
133

       
 

       
	}


     

       
134

       
 

       



     

       
135

       
 

       
	didSlashRepo, err := securejoin.SecureJoin(repo.Owner, repo.Name)


     
···

       
27

       
 

       



     

       
28

       
 

       
func (h *Handle) processPublicKey(ctx context.Context, did string, record tangled.PublicKey) error {


     

       
29

       
 

       
	l := log.FromContext(ctx)


     

       
30

       
+

       



     

       
31

       
+

       
	allDids, err := h.db.GetAllDids()


     

       
32

       
+

       
	if err != nil {


     

       
33

       
+

       
		return err


     

       
34

       
+

       
	}


     

       
35

       
+

       



     

       
36

       
+

       
	// only process public keys from known DIDs


     

       
37

       
+

       
	if !slices.Contains(allDids, did) {


     

       
38

       
+

       
		reason := "not a known did"


     

       
39

       
+

       
		l.Debug("rejecting public key record", "reason", reason, "did", did)


     

       
40

       
+

       
		return nil


     

       
41

       
+

       
	}


     

       
42

       
+

       



     

       
43

       
 

       
	pk := db.PublicKey{


     

       
44

       
 

       
		Did:       did,


     

       
45

       
 

       
		PublicKey: record,


     
···

       
112

       
 

       
	// presently: we only process PRs from collaborators for pipelines


     

       
113

       
 

       
	if !slices.Contains(allDids, did) {


     

       
114

       
 

       
		reason := "not a known did"


     

       
115

       
+

       
		l.Debug("rejecting pull record", "reason", reason)


     

       
116

       
+

       
		return nil


     

       
117

       
 

       
	}


     

       
118

       
 

       



     

       
119

       
 

       
	repoAt, err := syntax.ParseATURI(record.TargetRepo)


     
···

       
141

       
 

       



     

       
142

       
 

       
	if repo.Knot != h.c.Server.Hostname {


     

       
143

       
 

       
		reason := "not this knot"


     

       
144

       
+

       
		l.Debug("rejecting pull record", "reason", reason)


     

       
145

       
+

       
		return nil


     

       
146

       
 

       
	}


     

       
147

       
 

       



     

       
148

       
 

       
	didSlashRepo, err := securejoin.SecureJoin(repo.Owner, repo.Name)