Commit Graph

2620 Commits

Author SHA1 Message Date
fang
0fee4ce50b
eyre: guest ids for unauthenticated requests
aka "the open eyre" aka "universal basic identity"

Urbit already supports presence on the clearnet, but fails to expose any
of its interactive affordances to unauthenticated users. Here, we
improve this situation by granting "guest identity" @ps to every
unauthenticated HTTP request, and extending the channels functionality
to them.

Sessions no longer represent only the local identity. Instead, each
session has either the local identity, or a fake guest identity
associated with it.

Every request that does not provide a session key/cookie gets assigned
a fresh one with a guest identity on the spot. As a result, every
single request has an identity associated with it.

The identity of a request gets propagated into userspace, if the request
ends up there.
For normal HTTP requests, this means the src.bowl gets set to that
identity for both the watch and poke of the request. For backwards
compatibility, the authenticated flag on the request noun gets set at
normal: only true if the request came from the local identity.
For channel requests, this means the src.bowl gets set to that identity
for any pokes and watches it sends, and it can only send those to agents
running on the local ship.

The scry endpoint remains unchanged in its behavior: only available to
the local identity.

Notable implementation detail changes in this diff include:
- Factored all gall interactions out into +deal-as.
- Sessions no longer represent exclusively the local identity. This
matters a lot to +give-session-tokens, %code-changed, and logout
handling.
- Session management got factored out into explicit +start-session and
+close-session arms.
2023-05-05 21:59:17 +02:00
Josh Lehman
a6024e33a9
Merge pull request #6553 from urbit/m/eyre-crud-500
eyre: when a %request causes a crud, serve 500
2023-05-05 08:51:28 -07:00
Ted Blackman
65b069a1d9 zuse: kelvin 412 2023-05-04 11:42:41 -04:00
fang
08ad367cd8
eyre: when a %request causes a crud, serve 500
Previously, if an incoming request caused a crash, we would just drop it
on the floor. We should at least have the decency to serve the client a
quick 500 and let them get on with their day.

We make sure not to touch state here. The connection is guaranteed-fresh
because of the task's semantics, and we're handling it in-line in one go.

Notably we only give a simple "crud!" for the body, instead of the full
error trace. We don't know whether the request is authenticated or not
(and who knows if checking was the cause of the crash!), and the crud
might leak sensitive details about the ship it occurred on. For the
owner, the trace still gets printed into the terminal.
2023-05-04 17:42:36 +02:00
Ted Blackman
24467176f6
Merge pull request #6550 from urbit/jb/clay-quiet
clay: remove %take-foreign slog
2023-05-04 11:38:55 -04:00
Ted Blackman
de58756736
Merge pull request #6548 from urbit/philip/pending
clay: on update, remove all previous pending updates
2023-05-04 11:38:22 -04:00
Ted Blackman
100333cd5a
Merge pull request #6549 from urbit/jb/eyre-safe
eyre: handle agent errors safely
2023-05-03 19:16:10 -04:00
Joe Bryan
48ec5b2693 clay: remove %take-foreign slog 2023-05-03 18:48:30 -04:00
Joe Bryan
c42f1d2663 eyre: corrects connection lifecycle comment 2023-05-03 18:40:22 -04:00
Joe Bryan
c349d154b6 eyre: optimizes responses, removes redundant connection state updates 2023-05-03 18:39:19 -04:00
Joe Bryan
007a32c47a eyre: remove redundant connection retrieval 2023-05-03 18:25:48 -04:00
Joe Bryan
7fb2f613d4 eyre: no-op on agent-error when missing connection state 2023-05-03 18:25:10 -04:00
Philip Monk
9d7b196024 clay: on update, remove all previous pending updates
Fixes #6537, see discussion there for alternatives.
2023-05-03 13:03:53 -07:00
Joe Bryan
7f2257e581 clay: virtualize parsing to workaround runaway memoization 2023-05-02 17:16:22 -04:00
Ted Blackman
51e85291c1
Merge pull request #6542 from urbit/wicrum/wan-mop
lull,ames: use `mop` instead of `pha` in `.wan.keens`
2023-05-02 11:55:38 -04:00
~wicrum-wicrun
451a84d467 jael: fake ships always have rift=0 2023-05-02 17:36:22 +02:00
Ted Blackman
09fb89bd5b
Merge pull request #6509 from urbit/jon/doccords-lustar-tistar
turn off doccord parsing for +*, =*
2023-05-02 11:23:15 -04:00
~wicrum-wicrun
c1e14bdbf5 ames: use +pry:mop and +del:mop instead of virtualizing 2023-05-02 17:07:14 +02:00
~wicrum-wicrun
c03c3dc13b ames: migration uses +tap:deq instead of +dip-left:deq 2023-05-02 17:01:53 +02:00
Ted Blackman
1c69528565
Merge pull request #6538 from bacwyls/bwyl/read-s-subs-413-patch
clay: fix read-s subs for 413
2023-05-02 10:42:29 -04:00
Joe Bryan
1c26d431f5 hoon: threads doccords flags through +vang, compatibly 2023-05-02 10:34:33 -04:00
Joe Bryan
4a92c7d7d4 Revert "hoon: add doc parsing flag to +vang"
This reverts commit 94ba944188.
2023-05-02 10:31:42 -04:00
~wicrum-wicrun
ecaf70bc00 ames,lull,zuse: move +pha and +deq into ames to not pollute kelvin code 2023-05-02 16:26:59 +02:00
~wicrum-wicrun
ded0b75914 ames,lull: .wan.keen uses fragment as mop key 2023-05-02 16:25:51 +02:00
~wicrum-wicrun
d7a2c53df8 lull,ames: use mop instead of pha in .wan.keens 2023-05-02 15:17:25 +02:00
bacwyls
4a1aae5c48 clay: fix read-s subs for 413
=case was added as an argument to read-s to support %cs subs
it was accidentally removed as an argument during a merge,
breaking %cs subs by causing it to always crash in a
comparison between case and [%da now], because case resolved
to the mold rather than a value. this commit restores
intended functionality.
2023-05-01 18:32:49 -05:00
Jonathan Paprocki
e718423135 hoon: remove swap +vang for (doc |) in +loll 2023-05-01 11:37:27 -04:00
Ted Blackman
c3d461d6de
Merge pull request #6515 from urbit/i/6504/fine-next-steps
fine: next steps
2023-05-01 11:32:52 -04:00
~wicrum-wicrun
b804ab3a23 gall: hold on to .ken.yoke through uninstalls 2023-04-28 19:19:42 +02:00
Philip Monk
013f294cde clay: correctly save cache after goad
The refactor from aeon to tako is from May 2022, but unmerged until
March 2023.  In the meantime, I added another usage of aeon-flow in July
2022, which was converted to aeon-flow in March 2023, but the argument
itself was unchanged.  This meant we didn't save the cache after +goad.
2023-04-27 17:09:33 -07:00
~wicrum-wicrun
5819ee3ddd Revert "gall,lull: add outstanding %keens to the $bowl"
This reverts commit 11f53d680a.
2023-04-27 19:22:41 +02:00
~wicrum-wicrun
11f53d680a gall,lull: add outstanding %keens to the $bowl 2023-04-27 19:20:54 +02:00
~wicrum-wicrun
f3d7863527 gall: %yawn on uninstall 2023-04-27 19:20:54 +02:00
Jonathan Paprocki
45431dbc89 hoon: remove +lien
its not actually being used anywhere, i just wrote it to balance out
having a "hoon without docs" arm. but i guess this just adds needless bloat
2023-04-26 22:03:04 -04:00
Joe Bryan
bbe14ce747 arvo: fix %gall meta-namespace reads (missed in merge) 2023-04-26 20:28:32 -04:00
~wicrum-wicrun
6715f5eb37 gall: track outstanding %keens and send %yawn on nuke 2023-04-27 00:36:54 +02:00
Hunter Miller
06af50a9b9 eyre: fixing errant whitespace 2023-04-26 17:00:46 +03:00
Hunter Miller
215a35640c eyre: if logged in and accessing login page, redirect 2023-04-26 17:00:46 +03:00
Jonathan Paprocki
f6c780a7e7 hoon: second hoon for =* has docs
the issue with compiling not working is with doccords on the deferred
expression, not everything that follows (which would turn off doccords
for anything past =*)
2023-04-26 01:13:24 -04:00
Jonathan Paprocki
971db7effe doccords: parsing off for =*, +*
see #6307

this turns doccord parsing off for =* and +*, which was not intended to
be allowed for the first release, but it ended up not compiling if
postfix doccords were put on either of these.

the right way to fix this is to actually implement doccord parsing for
=* and +*, but at least turning them off seems to fix the compile error here.
2023-04-25 15:42:08 -04:00
Jonathan Paprocki
94ba944188 hoon: add doc parsing flag to +vang
+vang is for setting +vast params, but was missing the parameter for
doc. this adds it and changes the callsites to vang around %base to
reflect this
2023-04-25 14:59:15 -04:00
Ted Blackman
625b63614e
Merge pull request #6406 from urbit/i/5788/remote-scry
Add Remote Scry Protocol
2023-04-25 11:06:04 -04:00
Joe Bryan
517df2aebd ames: fix fine error printf 2023-04-25 10:14:42 -04:00
Joe Bryan
fa3ad0117f arvo: decrements kelvin 2023-04-25 09:29:32 -04:00
yosoyubik
c79ef21893 clay: remove scrying sigpam 2023-04-25 05:31:03 +02:00
Joe Bryan
5dfc8e3c5d arvo: restructures |mass, switches to %x //whey 2023-04-24 16:21:41 -04:00
~wicrum-wicrun
05304146a7 gall,eyre,dojo,azimuth,dbug: gall claims the [%$ *] namespace 2023-04-24 21:53:52 +02:00
Joe Bryan
65b997096d lull: corrects $hunk comment 2023-04-24 13:20:06 -04:00
Joe Bryan
628525a549 lull: removes +welt 2023-04-24 13:14:34 -04:00
~wicrum-wicrun
673803fe0b ames: use $spar 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
c525fea1b0 lull: add $spar for [=ship =path] in ames 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
dafa1cc030 lull,ames: reference +mop in $packet-pump-size 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
db0afd056e lull,zuse: move +deq to zuse 2023-04-24 19:10:05 +02:00
Joe Bryan
ba3a5b22e8 lull: removes case:clay (duplicated from arvo) 2023-04-24 13:08:25 -04:00
Joe Bryan
393457fcc6 clay: remove more dead %warp-index code
building on c2f7f75492
2023-04-24 13:07:41 -04:00
Joe Bryan
c1f80e2865 clay: remove stack traces, blank lines 2023-04-24 13:07:40 -04:00
yosoyubik
66a7b7b1c2 ames: make fi-send take a blob 2023-04-24 18:54:36 +02:00
yosoyubik
d43e684bae ames: rename @uxmeow as $yowl 2023-04-24 18:54:36 +02:00
Joe Bryan
8f43d9674d ames: removes stale comments, dead code 2023-04-24 12:53:29 -04:00
Joe Bryan
cf8a887b80 arvo: rebinds and uses $omen 2023-04-24 12:52:33 -04:00
Joe Bryan
2ece07f096 ames: %fine requests are always for public data 2023-04-24 12:36:53 -04:00
pkova
5868c29c3b eyre: combine unreleased loads for ~2023.4.19 and ~2023.4.11 2023-04-24 18:54:22 +03:00
yosoyubik
714d0b13f1 ames: remove sigpam 2023-04-24 17:00:41 +02:00
~wicrum-wicrun
641326ad36 ames,lull: remove .siz from $meow 2023-04-24 16:23:09 +02:00
pkova
3792ba5cc7 Merge branch 'next/kelvin/413' of https://github.com/urbit/urbit into pkova/fix-eyre-clog 2023-04-24 13:43:36 +03:00
pkova
a1fd3a6792 lull, eyre: actually send events on clogged channel reconnect 2023-04-24 13:38:14 +03:00
yosoyubik
bf0a4a3327 ames: fix upgrade from state 4&5 2023-04-24 11:44:24 +02:00
Joe Bryan
d2d1412c3a ames: replace (empty) signatures with tag byte in fine requests (wail) 2023-04-23 01:09:53 -04:00
Ted Blackman
84cd948f30 Merge branch 'next/kelvin/413' into i/5788/remote-scry 2023-04-22 14:33:20 -04:00
Ted Blackman
6e793dfe39 Merge branch 'develop' into next/kelvin/413 2023-04-22 14:33:01 -04:00
yosoyubik
599eb6231b ames: rename etch-keen to etch-wail 2023-04-22 20:26:08 +02:00
Ted Blackman
c2f7f75492 clay: remove dead %warp-index scry codepath 2023-04-22 14:24:12 -04:00
Ted Blackman
8f0c0c04fd clay: fix state-12 upgrade 2023-04-22 13:24:15 -04:00
Ted Blackman
f3655a8662 ames: re-enable life&rift check on fine requests 2023-04-22 11:30:17 -04:00
Ted Blackman
8ba7b3ae95 clay: $+ more types in +load 2023-04-22 10:47:33 -04:00
yosoyubik
5bbd727f18 Merge branch 'develop' into i/5788/remote-scry 2023-04-22 16:07:44 +02:00
yosoyubik
64a1680e2c ames: don't crash if waking up on a strange wire
This was a regression introduced in 8e54f7fcc3
the previous behavior was not to crash so we
restore it here
2023-04-22 13:47:15 +02:00
yosoyubik
d259656e29 lull: clean up remote scry namespace missmatches
(note: first pass, subject to change)
2023-04-22 10:57:49 +02:00
yosoyubik
2bcfd7599a ames: fix %fine tests to account for updated %tune 2023-04-21 17:54:01 +02:00
Joe Bryan
2dca5e714b lull: removes %miss 2023-04-21 10:54:33 -04:00
Joe Bryan
4d84131464 ames: refactors %tune, supercedes %miss 2023-04-21 10:43:30 -04:00
Joe Bryan
15279e5267 arvo: add jet hints for profiling 2023-04-20 22:38:31 -04:00
Joe Bryan
a9267bb493 clay: label old state structures 2023-04-20 22:38:31 -04:00
Joe Bryan
013aee8dfd clay: add casts to +stay 2023-04-20 22:38:10 -04:00
Ted Blackman
bac96d751e clay: fix state version number 2023-04-20 22:36:03 -04:00
~wicrum-wicrun
6746687ade ames: print fine errors instead of propagating 2023-04-20 22:32:16 +02:00
~wicrum-wicrun
b92e4c4238 ames: get dat from etched body 2023-04-20 18:52:01 +02:00
~wicrum-wicrun
953e6f5861 ames: set signature in fine requests to all zeroes 2023-04-20 18:12:29 +02:00
yosoyubik
bee09fe5e1 ames: in %larva +load always set cached-state 2023-04-19 16:23:01 +02:00
yosoyubik
873de61269 ames: give %miss to all listeners on %keen cancel
%spider will send a %yawn task to ames if a thread fails
or stops. if the thread is done, it will delete the scry
from its state without notifying %ames
2023-04-19 11:03:11 +02:00
Joe Bryan
51effc6be9 ames: add (disabled) rift/life verification 2023-04-19 00:50:13 -04:00
Joe Bryan
846276f85a ames: refactors $sign and $note 2023-04-19 00:50:13 -04:00
Joe Bryan
80a1cf626c ames: cleanup comments/whitespace 2023-04-18 10:34:47 -04:00
Joe Bryan
5cbbc5be12 lull: cleanup ames interface and comments 2023-04-18 10:25:49 -04:00
Joe Bryan
c864f95598 ames: drop %pine 2023-04-18 10:25:45 -04:00
yosoyubik
5c838a42a7 ames: use fi-emit for %fine gifts 2023-04-18 05:31:23 +02:00
Joe Bryan
790a0de292 ames: fix move clobbering in +fi-done 2023-04-17 18:29:44 -04:00
Joe Bryan
2cb0a06976 ames: fix build, bypassing alias 2023-04-17 16:08:01 -04:00
yosoyubik
03b3d0b3f4 tests: fix /tests/sys/fine 2023-04-17 16:41:53 +02:00
yosoyubik
296815e097 ames: remove keen-id from remote scry state
TODO: udpate /~debug frontend
2023-04-17 16:22:57 +02:00