restrict poke access

2024-12-14 17:41:33 +03:00 · 2020-10-05 16:01:34 +03:00 · 2020-10-05 16:01:34 +03:00 · 9646e65d88
commit 9646e65d88
parent c4acde4431
3 changed files with 22 additions and 13 deletions
--- a/app/btc-bridge.hoon
+++ b/app/btc-bridge.hoon
@ -26,8 +26,9 @@
 ++  on-init
  ^-  (quip card _this)
  ~&  >  '%btc-bridge initialized successfully'
-  :-  ~[[%pass /btc-node-hook/[(scot %da now.bowl)] %agent [our.bowl %btc-node-hook] %watch /responses]]
-  this
+  :-  ~
+::  :-  ~[[%pass /btc-node-hook/[(scot %da now.bowl)] %agent [our.bowl %btc-node-hook] %watch /responses]]
+  this(status [%client connected=%.n host=~])
 ++  on-save
  ^-  vase
  !>(state)
@ -39,7 +40,8 @@
 ++  on-poke
  |=  [=mark =vase]
  ^-  (quip card _this)
-  ::  TODO only allow poke if we are a host (in status)
+  ::  Only allow poke from our ship, unless we're a host
+  ?>  ?|((team:title our.bowl src.bowl) ?=(%host -.status))
  =^  cards  state
    ?+  mark  (on-poke:def mark vase)
        %btc-bridge-command
@ -71,6 +73,18 @@
 ++  handle-command
  |=  comm=command
  ^-  (quip card _state)
-  ~&  >>>  comm
-  `state
+  ?-  -.comm
+      %connect-as-host
+      ::  TODO send a subscription to the node hook; update status in on-agent when ack'd
+    `state
+      %connect-as-client
+      ::  TODO send a subscription to the btc-bridge host
+      ::  update status in on-agent when ack'd by BTC-BRIDGE
+    `state
+      %allow-clients
+    ?+  -.status  ~&(>>> 'Only a %host can add clients' `state)
+        %host
+      `state(clients.status (~(uni in clients.status) users.comm))
+    ==
+  ==
 --
--- a/gen/btc-bridge/command.hoon
+++ b/gen/btc-bridge/command.hoon
@ -12,8 +12,3 @@
    ==
 :-  %btc-bridge-command
 comm
-::?+    -.comm  ~|([%unsupported-command -.comm] !!)
-::    %connect-as-host  comm
-::    %connect-as-client  comm
-::    %allow-clients  comm
-::==
--- a/sur/btc-bridge.hoon
+++ b/sur/btc-bridge.hoon
@ -2,8 +2,8 @@
 |%
 +$  credentials  [rpc-url=@t rpc-user=@t rpc-password=@t]
 +$  status
-  $:  [%host connected=? clients=(set ship)]
-      [%client connected=? host=ship]
+  $%  [%host connected=? clients=(set ship)]
+      [%client connected=? host=(unit ship)]
  ==
 +$  action
  $%  [%check-status ~]
@ -14,6 +14,6 @@
 +$  command
  $%  [%connect-as-host =credentials]
      [%connect-as-client host=ship]
-      [%allow-clients clients=(set ship)]
+      [%allow-clients users=(set ship)]
  ==
 --