Commit Graph

7454 Commits

Author SHA1 Message Date
fang
02a2d116fe
Merge branch 'next/kelvin/412' into m/eyre-mirage 2023-05-18 23:15:55 +02:00
fang
8579b6c952
eyre: eauth, cross-ship authentication
aka "mirage" aka "eyre oauth"

With Eyre now supporting both local identity authentication, and fake
guest identities, the logical next step is to support authentication
with real non-local identities. Here, we implement that, building on top
of the groundwork laid by #6561.

The primary change is adding a %real case to Eyre's $identity type, and
implementing an http<->ames<->ames handshaking protocol into Eyre for
negotiating approval of login attempts made by unauthenticated HTTP
clients.

The authentication flow, where a "visitor" logs into a "~host" as their
own "~client" identity can be described in brief as follows:
1) Visitor makes an HTTP request saying they are ~client.
2) ~host tells ~client, over Ames, about its own public-facing hostname.
3) ~client responds with its own public-facing hostname.
4) ~host forwards the visitor to ~client's eauth page.
5) Visitor, there already logged in as ~client, approves the login
   attempt.
6) ~client shares a secret with ~host over Ames, and forwards the
   visitor to ~host's eauth page, including the secret in the request.
7) ~host sees that the secrets received over Ames and HTTP match, and
   gives the visitor a new session token, identifying them as ~client.

The negotiating of hostnames/URLs via Ames is crucial to keeping this
handshake sequence secure.

Discovering a ship's public-facing hostname happens when successful
local logins are made by reading out the Host header from the request.
Users may hard-code a value to override this.

Each eauth login attempt comes with a unique nonce. Both the host and
client track the lifetime of these. The corresponding Ames flow (which
goes from ~host -> ~client) is corked when the login attempt gets
aborted, or its associated session expires.

The logout functionality has been updated to let clients ask to be
logged out of sessions on other ships.
2023-05-18 23:13:15 +02:00
Joe Bryan
15440d3dda ames: add %rift to %stir 2023-05-17 16:51:12 -04:00
fang
4019cfba79
Merge pull request #6561 from urbit/m/the-open-eyre
eyre: session identities for all
2023-05-17 13:03:14 +02:00
Philip Monk
8cba74630f ames: bugfixes 2023-05-16 23:05:17 -07:00
Ted Blackman
07797dc792
Merge pull request #6591 from urbit/jb/clay-cast
clay: shortcircuit identity casts
2023-05-16 18:22:18 -04:00
Joe Bryan
40c52743e1 Merge branch 'develop' into next/kelvin/412 2023-05-16 18:07:46 -04:00
Joe Bryan
bbd43cc7d4 clay: clarify +compose-cast trace messages 2023-05-16 16:42:13 -04:00
Joe Bryan
401776545c clay: shortcircuit identity casts 2023-05-16 15:59:04 -04:00
Joe Bryan
c84cf7359b clay: adds trace level 4 for mark conversion details 2023-05-16 15:58:55 -04:00
fang
637992475b
eyre: refactor guest name generation
Concatenating before we truncate, instead of truncating the entropy by
itself, is slightly simpler.

Because this slightly changes the naming algorithm, we must update the
eyre tests to match.
2023-05-16 21:46:48 +02:00
Daryl Richter
8ef86629ec clarify +vats usage in +vat deprecation msg 2023-05-16 14:40:08 -04:00
Ted Blackman
0760248300
Merge pull request #6555 from urbit/story-fix
Fix story (commit message system).
2023-05-16 11:30:57 -04:00
Ted Blackman
0113f8a01d
Merge pull request #6586 from urbit/i/6584/rift-life-gen
gen: add +ames-keys generator
2023-05-16 11:22:05 -04:00
Philip Monk
48b10dcdc7 clay: add fast-path for permissions check 2023-05-15 16:15:52 -07:00
yosoyubik
6135349d85 gen: don't crash if alien 2023-05-12 10:27:30 +02:00
yosoyubik
f224d5be60 gen: add +ames-keys generator 2023-05-12 09:20:43 +02:00
Pyry Kovanen
65fd1cc179
Merge pull request #6581 from urbit/master
Merge ames on-take-wake fix from master to develop
2023-05-10 19:01:03 +03:00
yosoyubik
42c22bf4f3 ames: on-take-wake no-op if not path for keen 2023-05-10 17:18:31 +02:00
~wicrum-wicrun
f0360e69a2
Merge pull request #6578 from urbit/master
Merge clay null tako fix from master back to develop
2023-05-10 16:53:08 +02:00
Joe Bryan
50239414ee clay: allow reads at the null tako 2023-05-10 09:51:14 -04:00
Pyry Kovanen
90b9292cc6
Merge pull request #6573 from urbit/master
Merge master into develop with the gall suspend fix
2023-05-10 16:01:57 +03:00
yosoyubik
3219ce5cb7 gall: don't throw away agent when suspending it 2023-05-10 13:51:58 +02:00
Pyry Kovanen
5777f91b36
Merge pull request #6569 from urbit/master
Merge master back to develop after urbit-os-v2.139
2023-05-09 22:43:44 +03:00
fang
b7e8b9cbfe
clay: the commit must actually be known
+read-at-tako was checking for the zero tako, but had the conditional
inverted. Here, we correct the conditional, and fold the
+may-read check into the whole.
2023-05-09 20:59:51 +02:00
Ted Blackman
fe91cdd357 Merge pull request #6566 from urbit/wicrum/live-before-abed
gall: always check that an agent isn't nuked before initializing `+ap`
2023-05-09 18:50:26 +03:00
~wicrum-wicrun
6d984e764e gall: return [~ ~] when scrying a nuked or nonexistant agent 2023-05-09 17:29:04 +02:00
~wicrum-wicrun
55fc624f72 gall: check the union tag instead of the dude 2023-05-09 17:21:21 +02:00
~wicrum-wicrun
4660380dac gall: remove sigpam 2023-05-09 17:17:03 +02:00
~wicrum-wicrun
af4bf28ac7 gall: always check that an agent isn't nuke before initializing +ap 2023-05-09 17:14:19 +02:00
Pyry Kovanen
f0e4e7f980 spider: uncomment spurious comment line 2023-05-09 18:13:31 +03:00
~wicrum-wicrun
ded78a6ab1 gall: don't try to notify nuked agents about breaches 2023-05-09 18:13:09 +03:00
~wicrum-wicrun
d65bcc248e gall: don't try to notify nuked agents about breaches 2023-05-09 16:40:18 +02:00
fang
449eeb6d7f
eyre: make sure guest identity cannot be ours
If there turned out to be some way for requesters to control the
entropy, this might lead to privilege escalation on comets.
2023-05-09 15:31:47 +02:00
fang
d4b99b402f
dbug: ensure eyre identity columns are aligned
Longer vs shorter identity names would cause misalignment.
2023-05-09 15:22:49 +02:00
fang
466fc0b63b
eyre: pass session-id+identity into auth handling
This lets it also clean up guest sessions created just for the login
request, and lets us display the current guest identity on the login
page.
2023-05-09 15:10:14 +02:00
yosoyubik
b154c62fdc ames, tests: remove extraneous comments 2023-05-09 11:43:54 +02:00
fang
61ca0324ac
eyre: start session expiry only "once"
This condition got incorrectly inverted during 0fee4ce. Of course, the
logic here is still subtly incorrect: if a session gets deleted before
the timer fires, then we set a second one. Unfortunately, we are now
here to fix the bug right now.
2023-05-08 19:00:10 +02:00
Pyry Kovanen
ac9c779e2d
spider: uncomment spurious comment line 2023-05-08 19:08:12 +03:00
yosoyubik
f53fee723a ames: defer mutual calls between |pump and |sink
|pump and |sink call into each other in three places
related to nacks and naxplanations (sending a nack,
notifying the |pump of a naxplanation, or dropping a
nack from the |sink). This intra calls are making implicit
updates to more parts of the state than the core should
manage. To avoid that we emit a move to %arvo, encoded
as an %ames plea, to handle that in the next event.
2023-05-08 15:28:13 +02:00
fang
f1c839717e
dbug: handle new eyre identities, fancier logout
Include and render identities associated with requests, channels, and
login sessions. Provide the ability to kick identities and their
sessions, logging them out.
2023-05-05 23:46:30 +02:00
fang
744dea2267
various: stop asserting =(src our):bowl for http
It is no longer guaranteed that the src.bowl for incoming HTTP-related
events is equal to our.bowl. Instead, it will reflect the identity
associated with the request, our or otherwise.

When serving publicly-accessible endpoints, the assertion never made
much sense, but with recent changes actively prevents guests from
accessing the endpoints. Here, we correct all such cases.
2023-05-05 23:41:05 +02:00
fang
d15de3b48c
eyre: update %name, add %host endpoint
%name now returns the identity of the session associated with the
request. %host will always return the @p of the ship *handling* the
request.

The latter becomes especially important for guest sessions, who can only
interact with agents on the local ship, but will still need to specify
who that ship is.
2023-05-05 23:38:40 +02:00
fang
b387235597
eyre: enable host to log out any other session
Now that sessions with non-local identities can exist, the host/local
identity should be empowered to forcefully log off any session it hosts.

Additionally, we augment the logout logic with redirect functionality:
it now respects the "redirect" query parameter in the same way the login
page does. Still defaults to redirecting to the login page.
2023-05-05 23:33:37 +02:00
fang
b6e8cd616f
eyre: give 400 for invalid channel requests
We previously had no mechanism for giving error responses, if a client
submitted an invalid request into a channel. Guest access makes this
important, because guests cannot interact with remote ships. Attempting
to do so will cause a gall crash.

Here, we add error handling logic to channel request processing. We
catch the invalid cases described above and invalidate the entire batch
of channel requests if they occur. We make sure to drop the moves and
revert the state we changed, and give a 400 to the client that
informally describes the problem(s).
2023-05-05 22:08:18 +02:00
fang
0fee4ce50b
eyre: guest ids for unauthenticated requests
aka "the open eyre" aka "universal basic identity"

Urbit already supports presence on the clearnet, but fails to expose any
of its interactive affordances to unauthenticated users. Here, we
improve this situation by granting "guest identity" @ps to every
unauthenticated HTTP request, and extending the channels functionality
to them.

Sessions no longer represent only the local identity. Instead, each
session has either the local identity, or a fake guest identity
associated with it.

Every request that does not provide a session key/cookie gets assigned
a fresh one with a guest identity on the spot. As a result, every
single request has an identity associated with it.

The identity of a request gets propagated into userspace, if the request
ends up there.
For normal HTTP requests, this means the src.bowl gets set to that
identity for both the watch and poke of the request. For backwards
compatibility, the authenticated flag on the request noun gets set at
normal: only true if the request came from the local identity.
For channel requests, this means the src.bowl gets set to that identity
for any pokes and watches it sends, and it can only send those to agents
running on the local ship.

The scry endpoint remains unchanged in its behavior: only available to
the local identity.

Notable implementation detail changes in this diff include:
- Factored all gall interactions out into +deal-as.
- Sessions no longer represent exclusively the local identity. This
matters a lot to +give-session-tokens, %code-changed, and logout
handling.
- Session management got factored out into explicit +start-session and
+close-session arms.
2023-05-05 21:59:17 +02:00
Josh Lehman
a6024e33a9
Merge pull request #6553 from urbit/m/eyre-crud-500
eyre: when a %request causes a crud, serve 500
2023-05-05 08:51:28 -07:00
yosoyubik
6213e0bbb3 ames: move +bind-duct to peer-core 2023-05-05 13:06:17 +02:00
yosoyubik
df47808047 Merge branch 'develop' into i/6103/abet-pure 2023-05-05 09:53:01 +02:00
Sigilante
0762b90daa
Update story-remove.hoon 2023-05-04 16:25:39 -05:00
Sigilante
03da1cb4f9
Update story-write.hoon 2023-05-04 16:22:44 -05:00
Sigilante
6389776fc1
Update story-init.hoon 2023-05-04 16:17:50 -05:00
Ted Blackman
65b069a1d9 zuse: kelvin 412 2023-05-04 11:42:41 -04:00
fang
08ad367cd8
eyre: when a %request causes a crud, serve 500
Previously, if an incoming request caused a crash, we would just drop it
on the floor. We should at least have the decency to serve the client a
quick 500 and let them get on with their day.

We make sure not to touch state here. The connection is guaranteed-fresh
because of the task's semantics, and we're handling it in-line in one go.

Notably we only give a simple "crud!" for the body, instead of the full
error trace. We don't know whether the request is authenticated or not
(and who knows if checking was the cause of the crash!), and the crud
might leak sensitive details about the ship it occurred on. For the
owner, the trace still gets printed into the terminal.
2023-05-04 17:42:36 +02:00
Ted Blackman
24467176f6
Merge pull request #6550 from urbit/jb/clay-quiet
clay: remove %take-foreign slog
2023-05-04 11:38:55 -04:00
Ted Blackman
de58756736
Merge pull request #6548 from urbit/philip/pending
clay: on update, remove all previous pending updates
2023-05-04 11:38:22 -04:00
Ted Blackman
100333cd5a
Merge pull request #6549 from urbit/jb/eyre-safe
eyre: handle agent errors safely
2023-05-03 19:16:10 -04:00
Joe Bryan
48ec5b2693 clay: remove %take-foreign slog 2023-05-03 18:48:30 -04:00
Joe Bryan
c42f1d2663 eyre: corrects connection lifecycle comment 2023-05-03 18:40:22 -04:00
Joe Bryan
c349d154b6 eyre: optimizes responses, removes redundant connection state updates 2023-05-03 18:39:19 -04:00
Joe Bryan
007a32c47a eyre: remove redundant connection retrieval 2023-05-03 18:25:48 -04:00
Joe Bryan
7fb2f613d4 eyre: no-op on agent-error when missing connection state 2023-05-03 18:25:10 -04:00
Philip Monk
9d7b196024 clay: on update, remove all previous pending updates
Fixes #6537, see discussion there for alternatives.
2023-05-03 13:03:53 -07:00
Joe Bryan
7f2257e581 clay: virtualize parsing to workaround runaway memoization 2023-05-02 17:16:22 -04:00
Ted Blackman
51e85291c1
Merge pull request #6542 from urbit/wicrum/wan-mop
lull,ames: use `mop` instead of `pha` in `.wan.keens`
2023-05-02 11:55:38 -04:00
~wicrum-wicrun
451a84d467 jael: fake ships always have rift=0 2023-05-02 17:36:22 +02:00
Ted Blackman
09fb89bd5b
Merge pull request #6509 from urbit/jon/doccords-lustar-tistar
turn off doccord parsing for +*, =*
2023-05-02 11:23:15 -04:00
~wicrum-wicrun
c1e14bdbf5 ames: use +pry:mop and +del:mop instead of virtualizing 2023-05-02 17:07:14 +02:00
~wicrum-wicrun
c03c3dc13b ames: migration uses +tap:deq instead of +dip-left:deq 2023-05-02 17:01:53 +02:00
Ted Blackman
1c69528565
Merge pull request #6538 from bacwyls/bwyl/read-s-subs-413-patch
clay: fix read-s subs for 413
2023-05-02 10:42:29 -04:00
Joe Bryan
1c26d431f5 hoon: threads doccords flags through +vang, compatibly 2023-05-02 10:34:33 -04:00
Joe Bryan
4a92c7d7d4 Revert "hoon: add doc parsing flag to +vang"
This reverts commit 94ba944188.
2023-05-02 10:31:42 -04:00
~wicrum-wicrun
ecaf70bc00 ames,lull,zuse: move +pha and +deq into ames to not pollute kelvin code 2023-05-02 16:26:59 +02:00
~wicrum-wicrun
ded0b75914 ames,lull: .wan.keen uses fragment as mop key 2023-05-02 16:25:51 +02:00
~wicrum-wicrun
d7a2c53df8 lull,ames: use mop instead of pha in .wan.keens 2023-05-02 15:17:25 +02:00
bacwyls
4a1aae5c48 clay: fix read-s subs for 413
=case was added as an argument to read-s to support %cs subs
it was accidentally removed as an argument during a merge,
breaking %cs subs by causing it to always crash in a
comparison between case and [%da now], because case resolved
to the mold rather than a value. this commit restores
intended functionality.
2023-05-01 18:32:49 -05:00
Joe Bryan
9c59c970e3 vats: fixes +vat 2023-05-01 16:30:21 -04:00
Ted Blackman
b632316fba
Merge pull request #6532 from urbit/jb/vats-perf
vats: force multiline rendering, improve performance
2023-05-01 11:38:30 -04:00
Jonathan Paprocki
e718423135 hoon: remove swap +vang for (doc |) in +loll 2023-05-01 11:37:27 -04:00
Ted Blackman
c3d461d6de
Merge pull request #6515 from urbit/i/6504/fine-next-steps
fine: next steps
2023-05-01 11:32:52 -04:00
Marcus
96398a7b54 clay: add requests permission checks 2023-04-30 19:56:16 -03:00
Joe Bryan
b7bf1e68ca vats: sort alphabetically within constraints (%base first, %kids last) 2023-04-29 10:13:50 -04:00
Joe Bryan
92a1f50a49 vats: refactor generator 2023-04-29 10:05:56 -04:00
Joe Bryan
d732e5a91a vats: hack to always render multi-line tanks 2023-04-29 10:03:15 -04:00
John Franklin
dd02444876 +vats: sort %base and %kids (sometimes) 2023-04-29 04:04:30 -05:00
~wicrum-wicrun
b804ab3a23 gall: hold on to .ken.yoke through uninstalls 2023-04-28 19:19:42 +02:00
Philip Monk
013f294cde clay: correctly save cache after goad
The refactor from aeon to tako is from May 2022, but unmerged until
March 2023.  In the meantime, I added another usage of aeon-flow in July
2022, which was converted to aeon-flow in March 2023, but the argument
itself was unchanged.  This meant we didn't save the cache after +goad.
2023-04-27 17:09:33 -07:00
~wicrum-wicrun
5819ee3ddd Revert "gall,lull: add outstanding %keens to the $bowl"
This reverts commit 11f53d680a.
2023-04-27 19:22:41 +02:00
~wicrum-wicrun
11f53d680a gall,lull: add outstanding %keens to the $bowl 2023-04-27 19:20:54 +02:00
~wicrum-wicrun
f3d7863527 gall: %yawn on uninstall 2023-04-27 19:20:54 +02:00
yosoyubik
4728ee68c6 Revert "Revert "ames: make +abet pure""
This reverts commit d214fad1bd.

https://github.com/urbit/urbit/pull/6403 got closed, probably due to its
previous inclusion in the Remote Scry PR, so we reopen it (as a draft).
2023-04-27 14:42:34 +02:00
yosoyubik
7f7c1cb6aa spider: fix extraneous debugging code 2023-04-27 13:59:35 +02:00
yosoyubik
cfc1a58559 spider: fix tracking remote-scry requests
Prevously we were tracking remote scry requests using a map, assuming
that every thread would do just one remote scry request. This is not
right. A thread that did multiple +keen:strandio was treated as
if just the last call existed, overwritten previous entries in the map.

Now we track remote scries using a jug that accounts for multiple %keen
tasks per thread.

The logic for sending %yawns to %ames has been updated for the following
scenarios:

- +thread-fail will always send a %yawn task
- +thread-done doesn't send %yawn tasks
  - unless a running thread is stopped
- if %spider is reloaded:
  - %yawn tasks will be sent for any running or starting thread

/lib/strandio also removes +take-tune from +keen,  decoupling
sending %tasks and receiving %signs. This allows for clients
to request multiple paths at future cases, without blocking.
2023-04-27 13:55:06 +02:00
yosoyubik
b98b71e368 Merge branch 'i/6504/spider' into i/6504/fine-next-steps 2023-04-27 06:50:59 +02:00
Jonathan Paprocki
45431dbc89 hoon: remove +lien
its not actually being used anywhere, i just wrote it to balance out
having a "hoon without docs" arm. but i guess this just adds needless bloat
2023-04-26 22:03:04 -04:00
Joe Bryan
bbe14ce747 arvo: fix %gall meta-namespace reads (missed in merge) 2023-04-26 20:28:32 -04:00
~wicrum-wicrun
6715f5eb37 gall: track outstanding %keens and send %yawn on nuke 2023-04-27 00:36:54 +02:00
Hunter Miller
06af50a9b9 eyre: fixing errant whitespace 2023-04-26 17:00:46 +03:00
Hunter Miller
215a35640c eyre: if logged in and accessing login page, redirect 2023-04-26 17:00:46 +03:00
yosoyubik
cbbd6d2c58 strandio,-keen: use (fixed) take-tune 2023-04-26 09:50:23 +02:00
Jonathan Paprocki
f6c780a7e7 hoon: second hoon for =* has docs
the issue with compiling not working is with doccords on the deferred
expression, not everything that follows (which would turn off doccords
for anything past =*)
2023-04-26 01:13:24 -04:00
Jonathan Paprocki
971db7effe doccords: parsing off for =*, +*
see #6307

this turns doccord parsing off for =* and +*, which was not intended to
be allowed for the first release, but it ended up not compiling if
postfix doccords were put on either of these.

the right way to fix this is to actually implement doccord parsing for
=* and +*, but at least turning them off seems to fix the compile error here.
2023-04-25 15:42:08 -04:00
Jonathan Paprocki
94ba944188 hoon: add doc parsing flag to +vang
+vang is for setting +vast params, but was missing the parameter for
doc. this adds it and changes the callsites to vang around %base to
reflect this
2023-04-25 14:59:15 -04:00
~wicrum-wicrun
9b636eb188
Merge pull request #6399 from urbit/next/kelvin/413
413k
2023-04-25 17:46:31 +02:00
Ted Blackman
625b63614e
Merge pull request #6406 from urbit/i/5788/remote-scry
Add Remote Scry Protocol
2023-04-25 11:06:04 -04:00
Joe Bryan
517df2aebd ames: fix fine error printf 2023-04-25 10:14:42 -04:00
Joe Bryan
fa3ad0117f arvo: decrements kelvin 2023-04-25 09:29:32 -04:00
yosoyubik
c79ef21893 clay: remove scrying sigpam 2023-04-25 05:31:03 +02:00
Joe Bryan
80a9dc91e2 test: fixes gall nonce scry 2023-04-24 16:39:15 -04:00
Joe Bryan
5dfc8e3c5d arvo: restructures |mass, switches to %x //whey 2023-04-24 16:21:41 -04:00
~wicrum-wicrun
05304146a7 gall,eyre,dojo,azimuth,dbug: gall claims the [%$ *] namespace 2023-04-24 21:53:52 +02:00
Joe Bryan
65b997096d lull: corrects $hunk comment 2023-04-24 13:20:06 -04:00
Joe Bryan
628525a549 lull: removes +welt 2023-04-24 13:14:34 -04:00
~wicrum-wicrun
2bca6fd3e1 ted/keen: use $spar 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
673803fe0b ames: use $spar 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
c525fea1b0 lull: add $spar for [=ship =path] in ames 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
dafa1cc030 lull,ames: reference +mop in $packet-pump-size 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
db0afd056e lull,zuse: move +deq to zuse 2023-04-24 19:10:05 +02:00
Joe Bryan
ba3a5b22e8 lull: removes case:clay (duplicated from arvo) 2023-04-24 13:08:25 -04:00
Joe Bryan
393457fcc6 clay: remove more dead %warp-index code
building on c2f7f75492
2023-04-24 13:07:41 -04:00
Joe Bryan
c1f80e2865 clay: remove stack traces, blank lines 2023-04-24 13:07:40 -04:00
yosoyubik
66a7b7b1c2 ames: make fi-send take a blob 2023-04-24 18:54:36 +02:00
yosoyubik
d43e684bae ames: rename @uxmeow as $yowl 2023-04-24 18:54:36 +02:00
Joe Bryan
8f43d9674d ames: removes stale comments, dead code 2023-04-24 12:53:29 -04:00
Joe Bryan
cf8a887b80 arvo: rebinds and uses $omen 2023-04-24 12:52:33 -04:00
Joe Bryan
2ece07f096 ames: %fine requests are always for public data 2023-04-24 12:36:53 -04:00
yosoyubik
5d575212bf ames: fix -keen thread 2023-04-24 18:28:44 +02:00
pkova
5868c29c3b eyre: combine unreleased loads for ~2023.4.19 and ~2023.4.11 2023-04-24 18:54:22 +03:00
yosoyubik
714d0b13f1 ames: remove sigpam 2023-04-24 17:00:41 +02:00
~wicrum-wicrun
641326ad36 ames,lull: remove .siz from $meow 2023-04-24 16:23:09 +02:00
pkova
3792ba5cc7 Merge branch 'next/kelvin/413' of https://github.com/urbit/urbit into pkova/fix-eyre-clog 2023-04-24 13:43:36 +03:00
pkova
a1fd3a6792 lull, eyre: actually send events on clogged channel reconnect 2023-04-24 13:38:14 +03:00
yosoyubik
bf0a4a3327 ames: fix upgrade from state 4&5 2023-04-24 11:44:24 +02:00
yosoyubik
fc22926ed6 tests: fix rift/life in ames/fine tests 2023-04-23 09:40:57 +02:00
Joe Bryan
d2d1412c3a ames: replace (empty) signatures with tag byte in fine requests (wail) 2023-04-23 01:09:53 -04:00
Ted Blackman
84cd948f30 Merge branch 'next/kelvin/413' into i/5788/remote-scry 2023-04-22 14:33:20 -04:00
Ted Blackman
6e793dfe39 Merge branch 'develop' into next/kelvin/413 2023-04-22 14:33:01 -04:00
yosoyubik
599eb6231b ames: rename etch-keen to etch-wail 2023-04-22 20:26:08 +02:00
Ted Blackman
c2f7f75492 clay: remove dead %warp-index scry codepath 2023-04-22 14:24:12 -04:00
Ted Blackman
8f0c0c04fd clay: fix state-12 upgrade 2023-04-22 13:24:15 -04:00
Ted Blackman
f3655a8662 ames: re-enable life&rift check on fine requests 2023-04-22 11:30:17 -04:00
Ted Blackman
8ba7b3ae95 clay: $+ more types in +load 2023-04-22 10:47:33 -04:00
yosoyubik
5bbd727f18 Merge branch 'develop' into i/5788/remote-scry 2023-04-22 16:07:44 +02:00
yosoyubik
64a1680e2c ames: don't crash if waking up on a strange wire
This was a regression introduced in 8e54f7fcc3
the previous behavior was not to crash so we
restore it here
2023-04-22 13:47:15 +02:00
yosoyubik
d259656e29 lull: clean up remote scry namespace missmatches
(note: first pass, subject to change)
2023-04-22 10:57:49 +02:00
silnem2
d363f01080 kiln: add +poke-suspend-many and rewrite +poke-suspend 2023-04-21 15:12:38 -06:00
yosoyubik
2bcfd7599a ames: fix %fine tests to account for updated %tune 2023-04-21 17:54:01 +02:00
silnem2
dbc40b3959 gen: rewrite |suspend to use %kiln-suspend-many mark 2023-04-21 09:02:39 -06:00
Joe Bryan
2dca5e714b lull: removes %miss 2023-04-21 10:54:33 -04:00
Joe Bryan
4d84131464 ames: refactors %tune, supercedes %miss 2023-04-21 10:43:30 -04:00
Joe Bryan
15279e5267 arvo: add jet hints for profiling 2023-04-20 22:38:31 -04:00
Joe Bryan
a9267bb493 clay: label old state structures 2023-04-20 22:38:31 -04:00
Joe Bryan
013aee8dfd clay: add casts to +stay 2023-04-20 22:38:10 -04:00
Ted Blackman
bac96d751e clay: fix state version number 2023-04-20 22:36:03 -04:00
~wicrum-wicrun
6746687ade ames: print fine errors instead of propagating 2023-04-20 22:32:16 +02:00
~wicrum-wicrun
b92e4c4238 ames: get dat from etched body 2023-04-20 18:52:01 +02:00
~wicrum-wicrun
953e6f5861 ames: set signature in fine requests to all zeroes 2023-04-20 18:12:29 +02:00
silnem2
9b8ea6bc8c gen: rewrite +vat and add deprecation notice 2023-04-20 03:37:48 -06:00
yosoyubik
3fb596a8d3 dbug: update for latest remote scry state 2023-04-20 09:54:36 +02:00
silnem2
ccc23b3552
Merge branch 'urbit:develop' into vats-again 2023-04-19 21:28:19 -06:00
Ted Blackman
5661bfed74
Merge pull request #6467 from urbit/dr/clean-up-test-thread
ted/test.hoon: repair vestigial select-by-prefix feature
2023-04-19 11:35:58 -04:00
yosoyubik
bee09fe5e1 ames: in %larva +load always set cached-state 2023-04-19 16:23:01 +02:00
yosoyubik
873de61269 ames: give %miss to all listeners on %keen cancel
%spider will send a %yawn task to ames if a thread fails
or stops. if the thread is done, it will delete the scry
from its state without notifying %ames
2023-04-19 11:03:11 +02:00
Joe Bryan
51effc6be9 ames: add (disabled) rift/life verification 2023-04-19 00:50:13 -04:00
Joe Bryan
846276f85a ames: refactors $sign and $note 2023-04-19 00:50:13 -04:00
Joe Bryan
80a1cf626c ames: cleanup comments/whitespace 2023-04-18 10:34:47 -04:00
Joe Bryan
6a2c8a7635 dbug: cleanup comments, remove unused +orm 2023-04-18 10:34:34 -04:00
Joe Bryan
33ffd5136c base: removes userspace lib/deq (also in %lull) 2023-04-18 10:28:51 -04:00
Joe Bryan
5cbbc5be12 lull: cleanup ames interface and comments 2023-04-18 10:25:49 -04:00
Joe Bryan
c864f95598 ames: drop %pine 2023-04-18 10:25:45 -04:00
yosoyubik
e0c0470a6e tests: fix %fine response signature validation 2023-04-18 09:12:35 +02:00
yosoyubik
5c838a42a7 ames: use fi-emit for %fine gifts 2023-04-18 05:31:23 +02:00
Joe Bryan
790a0de292 ames: fix move clobbering in +fi-done 2023-04-17 18:29:44 -04:00
Joe Bryan
2cb0a06976 ames: fix build, bypassing alias 2023-04-17 16:08:01 -04:00
yosoyubik
03b3d0b3f4 tests: fix /tests/sys/fine 2023-04-17 16:41:53 +02:00
yosoyubik
296815e097 ames: remove keen-id from remote scry state
TODO: udpate /~debug frontend
2023-04-17 16:22:57 +02:00
yosoyubik
c062d7c2b0 ames: handle error for hearing fine responses
WIP the error is not propagated to the listeners (TODO error gift?)
2023-04-17 15:06:28 +02:00
yosoyubik
eee2b1aabf gen: fix -pine 2023-04-17 14:24:21 +02:00
yosoyubik
0987cddd7e ames: add /fine/ducts/[path] scry endpoint 2023-04-17 14:22:20 +02:00
yosoyubik
1d91bb5e33 ames: first pass a %fine unit tests 2023-04-17 14:15:35 +02:00
Ted Blackman
9ce37f0d71
Merge pull request #6483 from urbit/pkova/fix-ames-load
ames: properly migrate old %snub tasks
2023-04-14 14:20:22 -04:00
Josh Lehman
1d1a81b90e
Merge pull request #6471 from urbit/pkova/fix-eyre-unacked
eyre: do not clear unacked events in +on-get-request
2023-04-14 11:14:29 -07:00
pkova
24f7f3549f ames: properly migrate old %snub tasks 2023-04-14 20:41:57 +03:00
yosoyubik
69a5c5e6df ames: factor out is-corked logic into a gate 2023-04-14 09:12:16 +02:00
Ted Blackman
f3d2df087a
Merge pull request #6463 from ashelkovnykov/json-new
zuse: changes in preparation for JSON jets
2023-04-13 11:58:55 -04:00
Joe Bryan
f8305dee4b Merge branch 'develop' into next/kelvin/413 2023-04-13 11:21:18 -04:00
silnem2
f2880ecc91 gen: rewrite +vats and add optional list of desks 2023-04-13 09:15:03 -06:00
silnem2
6a0f66b836 kiln: update +poke-suspend to use a list of desks 2023-04-13 08:40:14 -06:00
silnem2
36fb1303d3 gen: update |suspend to take a list of desks 2023-04-13 08:39:28 -06:00
silnem2
9cc1bec92d gen: remove +vat 2023-04-13 08:38:29 -06:00
yosoyubik
898ed99863 ames: no-op on naxplanation acks for corked bones 2023-04-13 08:53:01 +02:00
fang
171142fd31
eyre: use jam mime type for PUT mode detection
Making this consistent with the mime type used for GET requests.
2023-04-12 19:19:13 +02:00
fang
d32527ba19
eyre: further refactor +load logic
Co-authored by: joemfb <joemfb@gmail.com>
2023-04-12 18:53:44 +02:00
fang
132299f278
eyre, mar: use x-urb-jam mime type for jams 2023-04-12 18:42:35 +02:00
pkova
fa40fd7f35 eyre: do not clear unacked events in +on-get-request 2023-04-12 19:36:26 +03:00
~wicrum-wicrun
97c8e3833d ames: emit %miss on failed signature verification 2023-04-12 15:04:59 +02:00
yosoyubik
4c2bc332e0 Merge branch 'develop' into i/6451/reset-naxplanations 2023-04-12 06:49:57 +02:00
Alex Shelkovnykov
30044fbc1e Add jet hints 2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
e61d84d57b Replace +en:json:html code with cord version
Encode JSON to cord instead of tape. Code copied from @joemfb 's
version.
2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
ac1a0ffdee Change JSON parser arms to match |base16:html 2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
28ed583d29 Fix bug in .en-json:html (missing escaped char)
The backspace character was not being escaped like other invisible
characters.
2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
3537ef56c3 Fix JSON parser decoding for UTF8
JSON supports Unicode as both UTF8 sequences and escaped UTF16. UTF8 is
encoded as between 2 and 4 bytes, the first byte of which governs the
length. The JSON parser was previously accepting any non-ASCII bytes as
UTF8 in any order.

See:
- https://www.crockford.com/mckeeman.html
- https://www.json.org/json-en.html
- https://en.wikipedia.org/wiki/UTF-8#Encoding
2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
1472dadf4d Add validation functions for UTF8 2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
3d93e9f527 Fix JSON parser decoding for escaped unicode
JSON supports Unicode as both UTF8 sequences and escaped UTF16. Unicode
points U+10000 to U+10FFFF are encoded as two consecutive escaped UTF16
units known as a surrogate pair. The JSON decoder was previously
treating surrogate pairs as two individual escaped UTF16 units. In
addition, the JSON standard allows hexadecimal letters to be either
uppercase or lowercase, which the parser was not respecting.

See:
- https://www.crockford.com/mckeeman.html
- https://www.json.org/json-en.html
- https://en.wikipedia.org/wiki/UTF-16#Code_points_from_U+010000_to_U+10FFFF

Git issue: #1776
2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
e4ddd6994c Fix JSON parser decoding for ASCII in strings
The JSON standard rejects all un-escaped, un-printable characters EXCEPT
for the delete character (ID 127, i.e. 0x7F).

See: https://www.crockford.com/mckeeman.html
Via: https://www.json.org/json-en.html
2023-04-11 14:59:15 -06:00
Alex Shelkovnykov
2580dfbce3 Fix JSON parser decoding for numbers
\#1775
2023-04-11 14:59:15 -06:00
dr-frmr
0f4be5245e
ted/test.hoon: repair vestigial select-by-prefix feature 2023-04-11 15:55:13 -04:00
fang
4b68139c40
Merge branch 'next/kelvin/413' into x/json-bgon 2023-04-11 21:54:43 +02:00
Ted Blackman
365a1d5af9
Merge pull request #6447 from urbit/jb/drip-hurl
behn: propagate errors in deferred moves
2023-04-11 11:28:20 -04:00
yosoyubik
4840b2aed2 ames: simplify reset timer 2023-04-11 14:24:05 +02:00
yosoyubik
48a60d602c ames: reset timer for naxplanation on corked bones 2023-04-09 08:13:21 +02:00
yosoyubik
98a5ab9035 ames: fix handling of fine tasks for aliens 2023-04-08 06:34:10 +02:00
yosoyubik
538b0e920e Merge branch 'develop' into i/5788/remote-scry 2023-04-07 19:24:08 +02:00
yosoyubik
8744b1f4db ames: revert min tro to ~m2 2023-04-07 19:10:26 +02:00
Josh Lehman
af3ad860e7
Merge pull request #6454 from urbit/ted/arvo-bout
arvo: print module compilation times
2023-04-07 08:38:08 -07:00
Ted Blackman
b273f3091b arvo: print module compilation times 2023-04-06 23:52:53 -04:00
Joe Bryan
d2eda084ac
Merge branch 'develop' into ted/ames-ping-2 2023-04-06 15:07:38 -04:00
Ted Blackman
eddbe86d69 ames: fix syntax error 2023-04-06 11:58:34 -04:00
yosoyubik
ad69bc5e50 aqua: make compile for remote scry
(note: untested)
2023-04-06 16:28:18 +02:00
fang
e300fa2d6b
dill: exclude wrapped-task from most +call traces
Instead of including wrapped-task as-is in most call traces, we now only
include it in traces for crashing (harden task) calls. For everything
else, we include only the tag of the resulting $task.

Closes #6444.
2023-04-06 15:58:12 +02:00
yosoyubik
cf10ab4cc1 ames: fix +stale-flows 2023-04-06 14:17:02 +02:00
yosoyubik
2da5431ec2 ames: add minimal verbosity for |fine
This can be set with |ames-verb %fin. We might want to extend this
with a more granular logging system, probably similar to current ames
2023-04-06 13:44:45 +02:00
yosoyubik
9f45741a9a ames: use +update-qos:pe in fine core 2023-04-06 13:44:45 +02:00
yosoyubik
1c2b7667b1 ames: use |fi for remote scry |fine core 2023-04-06 13:44:45 +02:00
~wicrum-wicrun
5e248a2640 lull: properly register +on jet 2023-04-05 20:53:10 +02:00
~wicrum-wicrun
645f5e473a gall: only %x, %t and %z reserve [%$ *], for backwards compatibility 2023-04-05 20:51:04 +02:00
Ted Blackman
056ff35b89 app/ping: lower timeout to ~s25 2023-04-05 12:04:14 -04:00
Ted Blackman
66678acd3e ames: ping faster to sponsors 2023-04-05 11:59:06 -04:00
~wicrum-wicrun
db2ac2fa65 ames: update gall scries to use %x instead of %a 2023-04-05 16:23:38 +02:00
~wicrum-wicrun
447bfea9f8 lull: remove duplicate mop arms after merge 2023-04-05 16:23:12 +02:00
~wicrum-wicrun
f0cc9c34cd Merge branch 'ted/gall-user-scry' into i/5788/remote-scry 2023-04-05 15:00:24 +02:00
~wicrum-wicrun
93c1497431 gall: claim the [%$ *] namespace and relinquish the rest 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
9890e5b8da Revert "gall: add permissions to scry paths"
This reverts commit 6e542d4afe.
2023-04-05 14:59:59 +02:00
~wicrum-wicrun
45617df540 gall: add permissions to scry paths 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
8cd29cb8e7 gall: block when scrying into the future 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
cf6bbb87a0 gall: smear @da if binding to a path earlier than its latest binding 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
4b82b7b8d3 gall: return a cage instead of a cage of a page at %a scry 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
4f77f84e72 lull,gall: store $page instead of $noun in scry bindings 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
09be62ed8f lull,gall: add scry bindings to bowl 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
2071029ea2 lull,zuse: move +mop to lull 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
e6bd652366 gall: support %a scry at any date 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
93afa55167 gall: store date with each scry binding 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
94a4eca649 gall: support %t scry 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
8544c571bf gall: support %z scry 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
e8ae1ae86f gall: save highwater mark when nuking 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
9c560ece05 block when appropriate on %w scry 2023-04-05 14:59:59 +02:00
~wicrum-wicrun
9659e1c16b gall: block at %a scry if date isn't now 2023-04-05 14:59:58 +02:00
~wicrum-wicrun
ad7cf21d01 gall,lull: don't include $case in %grow 2023-04-05 14:59:58 +02:00
~wicrum-wicrun
42b5615f65 gall: simplify $neet definition 2023-04-05 14:59:58 +02:00
~wicrum-wicrun
7137f0de03 gall: implement %w scry 2023-04-05 14:59:58 +02:00