Commit Graph

7638 Commits

Author SHA1 Message Date
Joe Bryan
7773caf9f8
Merge pull request #6423 from urbit/dr/jar-add-tap-uni
hoon: add +zip to jar engine
2023-06-19 13:17:44 -04:00
Joe Bryan
e0b35b0a1a
Merge pull request #6676 from urbit/tinnus/fix-ap-peek-mark-typo
gall: fix typo in +ap-peek causing redundant mark conversion
2023-06-19 13:15:50 -04:00
Ted Blackman
c81c259dd9
Merge pull request #6674 from midden-fabler/dojo-no-complete-dead-dudes
dojo: don't +complete-gen-poke-to-app for dead dudes
2023-06-19 13:15:02 -04:00
Ted Blackman
1a15f0b129
Merge pull request #6671 from midden-fabler/dojo-hist
dojo: preserve input history after crash
2023-06-19 13:11:05 -04:00
midden-fabler
9a8cc4ea9f
Merge branch 'develop' into dojo-hist 2023-06-18 00:20:07 -04:00
midden-fabler
71ea6aed6a dojo: hist cit -> sign 2023-06-17 21:08:59 -04:00
midden-fabler
d655df429b dojo: hist - cleanup 2023-06-17 20:40:25 -04:00
midden-fabler
8a6609b951 dojo: handle failure gracefully 2023-06-17 20:10:37 -04:00
Alex Shelkovnykov
9509254a2d hoon: remove rut:by, duplicate of urn:by 2023-06-17 13:37:26 -04:00
Alex Shelkovnykov
fe34f55a04 hoon: refactor unnecessary parameter to bif:by 2023-06-17 13:30:18 -04:00
Tinnus Napbus
85b1b4901a gall: fix typo in +ap-peek causing redundant mark conversion 2023-06-17 20:59:24 +12:00
midden-fabler
0fd592a25d hood: remove deprecated generators 2023-06-17 01:26:10 -04:00
midden-fabler
b590bf9000 dojo: don't +complete-gen-poke-to-app for dead dudes 2023-06-16 23:40:45 -04:00
fang
02046effb1
dbug: update for recent eyre changes 2023-06-16 22:49:14 +02:00
fang
d8a03d094b
eyre: include local id in the eauth confirm page
We probably want something slightly fancier, like a banner or something,
that also shows up on the login page (and perhaps other "system" pages),
but for now this should suffice.
2023-06-16 21:22:37 +02:00
Amadeo Bellotti
510673e134 forgot ) 2023-06-16 12:02:32 -04:00
Amadeo Bellotti
5864a80153 modified lick to be cleaner and added an exisistance scry 2023-06-16 09:58:05 -04:00
yosoyubik
f0c02880cc Merge branch 'develop' into yu/fix-drop-nack-state 2023-06-16 10:02:28 +02:00
Philip Monk
74ed6daa02 fine: use %q, and don't interpret null as tombstoned 2023-06-15 18:44:05 -07:00
midden-fabler
e888da2cc6 dojo: history - only pass id 2023-06-15 15:43:37 -04:00
midden-fabler
135af5eaf5 dojo: further simplify history preservation 2023-06-15 11:43:57 -04:00
pkova
9d33bb7fd1 eyre: keep json to mime tube warm in handle-scry 2023-06-15 18:30:51 +03:00
midden-fabler
bf4195eb0c dojo: simplify history 2023-06-15 05:01:47 -04:00
midden-fabler
bd2ba9cb64 dojo: preserve input history after crash 2023-06-15 02:41:01 -04:00
Philip Monk
238a36de1d fine: actively fetch rift for moons 2023-06-14 23:28:37 -07:00
Philip Monk
f68f3dc833 fine: use progressive insertion sort instead of quicksort to assemble fragments 2023-06-14 21:46:29 -07:00
Joe Bryan
df5cdeafad vats: correct deprecated %cd scry 2023-06-14 16:23:03 -04:00
Pyry Kovanen
04598f8e0b
Merge pull request #6660 from midden-fabler/dojo-complete-ted-heps
dojo: complete teds in dirs
2023-06-14 15:21:44 +03:00
Philip Monk
a30cb42038 clay: remove !: 2023-06-13 23:14:02 -07:00
Philip Monk
4a8c0b2d6c fine: fix pathological congestion control case with large windows 2023-06-13 23:06:51 -07:00
Philip Monk
18e34bdab6 fine: loosen path restrictions 2023-06-13 23:06:20 -07:00
Philip Monk
3c3f59a2ac ames: rewrite +fi-on-ack to not use +dip 2023-06-13 22:13:38 -07:00
Philip Monk
fc3d9741df fine: fix various 2023-06-13 16:18:37 -07:00
midden-fabler
8c2e451e3f dojo: complete ted remove barket 2023-06-13 18:51:42 -04:00
dr-frmr
14fca80054
scow %uv instead of %ux to match desk hashes 2023-06-13 14:46:32 -04:00
Philip Monk
db708560cd clay: add debug command to retry remote scry 2023-06-13 00:05:09 -07:00
midden-fabler
a6189648f4 dojo: complete teds in dirs 2023-06-13 02:02:36 -04:00
dr-frmr
a98fcc4dd7
arvo: print vane hashes as @ux instead of @p 2023-06-12 20:17:04 -04:00
dr-frmr
e9c6273757
jar: tap -> zip 2023-06-12 19:33:11 -04:00
dr-frmr
0c9b9b26b2
arvo: make vane hash prints parse as @ux instead of @p 2023-06-12 16:20:34 -04:00
Quodss
be0e8c0a50
strip faces of subjects in ++curr, ++cury, ++corl 2023-06-12 19:24:39 +02:00
Ted Blackman
6153f8c7e3
Merge pull request #6609 from urbit/yu/remove-num-live
ames: remove num-live from pump-metrics
2023-06-12 11:50:15 -04:00
yosoyubik
d54b3645cb gen: restore sorting flows by nonce
This was removed when the logic for re-subscriptions was taken from %ames
into the generator. Sorting allows us to keep the current (last) subscription
as the last in the list, and in this case we check if it received an ack for
a naxplanation—see https://github.com/urbit/urbit/issues/6065#issuecomment-1322011137—
in which case it's safe to be corked.
2023-06-12 16:04:46 +02:00
Pyry Kovanen
dabc9ea631
Merge pull request #6654 from midden-fabler/dojo-complete-naked-ted
dojo: add complete-naked-ted
2023-06-12 16:38:27 +03:00
Pyry Kovanen
77d1ab4acc
Merge pull request #6653 from midden-fabler/dojo-sort-complete-aor
dojo: sort complete options aor
2023-06-12 15:38:59 +03:00
Pyry Kovanen
9b264546de
Merge pull request #6652 from midden-fabler/dojo-complete-naked-poke
dojo: complete-naked-poke for all agents
2023-06-12 15:33:23 +03:00
Pyry Kovanen
2169652df3
Merge pull request #6636 from niblyx-malnus/develop
spider: provide a tang http response when a thread called via http crashes
2023-06-12 14:58:22 +03:00
Quodss
46ec863734
fix ++curr
Fixes sample of a wet gate produced by ++curr
2023-06-12 11:19:27 +02:00
midden-fabler
95ceed2088 dojo: add complete-naked-ted 2023-06-11 01:32:31 -04:00
midden-fabler
2385268f60 dojo: sort complete options aor 2023-06-11 00:23:09 -04:00
midden-fabler
35f1b47890 dojo: complete-naked-poke remove redundant cy check 2023-06-10 13:27:49 -04:00
midden-fabler
36e63a795f dojo: complete-naked-poke for live dudes 2023-06-10 13:08:23 -04:00
midden-fabler
6d43e73d3e dojo: complete-naked-poke for all agents 2023-06-09 21:29:15 -04:00
niblyx-malnus
9fa0b17ed0
as-octt:mimes:html -> as-octs:mimes:html and en-json:html -> en:json:html 2023-06-09 13:45:39 -04:00
dr-frmr
e1786c7009
hoon: remove +uni from +ja, keep +tap 2023-06-09 11:30:14 -04:00
Josh Lehman
82aae2f9e3
Merge pull request #6630 from urbit/jb/insane
hoon: fixes (sane %t) for multi-byte glyphs
2023-06-09 08:17:16 -07:00
fang
ef89cf2410
eyre: rework eauth to be client-initiated
Instead of doing formal network traffic on the host-side whenever a
login attempt gets initiated, we now do it no earlier than when we're on
the client-side. This has the important property that network traffic
can only be initiated by authenticated HTTP requests. The previous
implementation, where hosts sent pleas when an unauthenticated HTTP
client said then wanted to log in, was vulnerable to abuse.

So now, formally, the eauth flow starts at the client's confirmation
screen. There is an optional step preceding this, where an attempt is
started on the host (and data is still stored for this), but to get the
redirect target, the host uses remote scry to get the eauth URL out of
the client ship.

Hosts now also give attempt-specific return URLs, useful in case they
are accessible (or even serving different content) from different
hostnames.
2023-06-09 15:46:04 +02:00
Pyry Kovanen
0de6601f93
Merge pull request #6638 from midden-fabler/dojo-gen-tab-complete
dojo: gen tab complete for non-base desks
2023-06-09 13:41:23 +03:00
midden-fabler
c3211c2f3d handle non-running agents on base 2023-06-08 12:51:53 -04:00
Josh Lehman
c0cb7d810a
Merge pull request #6592 from urbit/ea/add-subaxis-test
hoon: add pin and awl arms to test and trim subaxes
2023-06-08 08:30:09 -07:00
Josh Lehman
86565e81c8
Merge pull request #6480 from urbit/i/6401/clay-permission-check
clay: add requests permission checks
2023-06-08 08:28:54 -07:00
yosoyubik
af4c099ee5 gen: update +stale-flows 2023-06-08 14:04:13 +02:00
yosoyubik
623e0eafb2 Merge branch 'next/kelvin/412' into yu/enable-close-flows 2023-06-08 06:40:39 +02:00
yosoyubik
405f3d21ac Merge branch 'next/kelvin/412' into yu/fix-drop-nack-state 2023-06-08 06:38:31 +02:00
yosoyubik
9851771564 ames: account for / in pre-nonce %watches 2023-06-07 19:25:35 +02:00
yosoyubik
68db0b4e03 ames: move +on-kroc logic to |close-flows
+on-kroc was cluttered with ad-hoc logic to indentify stale flows from
failed resubscriptions that were not properly %corked. Here we move
that logic to a generator that, if not in dry mode, will call %ames with a
(list  [ship bone]) to %cork them.

Another option would be to move the logic in the generator to a state
update in ames, which will trigger possibly thousands of %ames messages
to be sent, on every ship that runs the state migration—these flows are
not causing a problem that neds to be addressed, and only take extra
space.

If we decide that this needs to be run by everyone, one solution could be
to set up a timer (maybe taking advantage of the fact that ships don't get
the OTA a the same time) that will eventually poke %hood with a
%helm-ames-kroc task.
2023-06-07 15:55:50 +02:00
Tinnus Napbus
7c3a1c4d7c Merge branch 'next/kelvin/412' into tinnus/local-provenance 2023-06-07 20:38:05 +12:00
niblyx-malnus
1818790e35
Send 500 response with tang. 2023-06-06 13:01:43 -04:00
Ted Blackman
fc5598718b Merge branch 'develop' into next/kelvin/412 2023-06-06 12:50:11 -04:00
Ted Blackman
078b3a171d
Merge pull request #6629 from urbit/pkova/runtime-version
base: add %runtime-version
2023-06-06 11:40:42 -04:00
pkova
de3dd34826 base: make %runtime-version a thread 2023-06-06 15:46:44 +03:00
pkova
dd979600e2 base: restore deleted vere mark 2023-06-06 15:45:41 +03:00
yosoyubik
d5bc16ee3e ames: don't crash if sndr/rcvr lifes mismatch 2023-06-05 11:06:22 +02:00
yosoyubik
2c854d1285 ames: remove space leak for outbound naxplanations
Companion to https://github.com/urbit/urbit/pull/6607, where the space leak was fixed
2023-06-05 10:01:44 +02:00
yosoyubik
65b83a3318 Merge branch 'develop' into yu/remove-num-live 2023-06-05 09:47:39 +02:00
midden-fabler
e90c26dba6 handle bogus agents 2023-06-04 02:44:04 -04:00
midden-fabler
83e60a3c44 dojo: gen tab complete for non-base desks 2023-06-03 21:18:02 -04:00
niblyx-malnus
4d1c45d76e
fix thread-clean order and provide tang response as a json in +thread-http-fail
(1) In `+thread-fail`, `+thread-clean` is called before `+thread-http-fail` and `+cancel-scry` meaning neither of the latter two actually. `serving` has been replaced with `(~(del by serving.state) tid)` in the state and therefore we cannot `(~(get by serving.state) tid)` in `+thread-http-fail` or `+cancel-scry`.

(2) In `+thread-http-fail` return an informative tang as json instead of an empty 500 http response when the failure results from an internal crash.
2023-06-02 13:05:16 -04:00
yosoyubik
6696f587be Merge branch 'next/kelvin/412' into i/6103/abet-pure 2023-06-01 17:46:36 +02:00
yosoyubik
8b518f4bfe Merge branch 'develop' into next/kelvin/412 2023-06-01 17:39:42 +02:00
Joe Bryan
8bb1873041 hoon: fixes +sane style 2023-05-31 14:34:11 -04:00
Joe Bryan
e71d9d6631 hoon: fixes (sane %t) for multi-byte glyphs 2023-05-31 14:33:35 -04:00
pkova
c85aca347c base: add %runtime-version 2023-05-31 16:36:27 +03:00
Tinnus Napbus
0105be6459 Merge branch 'develop' into tinnus/local-provenance 2023-05-31 12:52:53 +12:00
dr-frmr
4454ba388b
Merge branch 'next/hoon/138' into dr/jar-add-tap-uni 2023-05-30 15:30:49 -04:00
Tinnus Napbus
8ed74ac717 gall: new type which is /w providence 2023-05-30 22:28:19 +12:00
yosoyubik
96e3bdcf11 Merge branch 'develop' into i/6103/abet-pure 2023-05-30 10:38:39 +02:00
yosoyubik
d3489cc8db ames: generalize $deep tasks
currently all $deep tasks are focused on a particular ship but future
 ones might not, so we move $ship to each individual task
2023-05-30 10:33:13 +02:00
yosoyubik
7ce74f36c6 ames: add %deep task to handle deferred calls
note: %ames tests have not been updated to account for this change
2023-05-30 10:33:13 +02:00
Joe Bryan
d4b900bf3f
Merge pull request #6612 from urbit/i/6611/lose-boon
ames: correctly %lose a %boon we crashed on
2023-05-26 11:19:57 -04:00
Ted Blackman
7d9df71d5e
Merge pull request #6613 from urbit/i/6608/skip-corks
ames: skip corks if pending acks for naxplanations
2023-05-26 10:51:33 -04:00
Ted Blackman
d234b3205f
Merge pull request #6607 from urbit/yu/fix-drop-nack
ames: don't no-op if getting %ack on nack bone
2023-05-26 10:19:31 -04:00
yosoyubik
6528c62b1f Merge branch 'develop' into i/6608/skip-corks 2023-05-26 10:17:19 +02:00
yosoyubik
1e74e8d19a ames: simplify pending-acks conditional 2023-05-26 10:09:44 +02:00
yosoyubik
c427637910 Merge branch 'next/kelvin/412' into yu/remove-num-live 2023-05-25 14:24:01 +02:00
Ted Blackman
13ae086837
Merge pull request #6617 from urbit/jb/fine-misordered
fine: handle misordered responses
2023-05-24 17:19:33 -04:00
mopfel-winrux
40fbf3b262
Merge branch 'next/kelvin/412' into lick 2023-05-24 14:56:19 -04:00
Matthew LeVan
864a6c6a09
Merge pull request #6618 from urbit/develop
merge `develop` into `next/kelvin/412`
2023-05-24 14:37:37 -04:00
Joe Bryan
fee0f604cc fine: sort response fragments before deserializing 2023-05-24 13:01:29 -04:00
Joe Bryan
b0d2db25b5 fine: narrows error message scope on bad responses 2023-05-24 13:00:48 -04:00
Joe Bryan
ee8e2e997c tests: fixes +ames-scry-hunk in ames/gall test helper 2023-05-24 12:48:03 -04:00
Amadeo Bellotti
bbe8066494 cleanup?" 2023-05-24 12:23:35 -04:00
mopfel-winrux
0ecb87430a
Merge branch 'urbit:develop' into lick 2023-05-24 12:15:31 -04:00
Amadeo Bellotti
7394e62145 modified gall to prepend agent name to port path 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
4a38f9ca5b XX for spin 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
3b1c415d21 deleted a wrong line 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
47f43df3b9 cleaned up and renamed some stuff. added scry endpoints 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
7e1ddbcca1 changed name from term to path 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
5a0de97958 added disconnect soak during born 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
46c86c01de modified duct to return data 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
15424c9200 modified api and compiled 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
82880f4311 changed spew to spit: 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
60c9d07034 modified api 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
d09e9a8013 switch to lick 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
d0cd351acb changed to lick 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
ff4194c24c removed unnecessary ted file 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
16233f7360 modified API to use units and such 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
cde0b50d26 removed some old code 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
3cb5249d50 added inital scry stuff for loch devices 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
7bcc6bd8c4 loch mods 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
08540c8257 fixed api and added rote path 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
323ad41a96 cleaned up interface 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
6a8cea04b3 modified flow for read red, and turn 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
c643db1e14 modified some stuff to return a card to vere 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
cd7dbfd3d3 loch has some state change 2023-05-24 12:13:44 -04:00
Amadeo Bellotti
791782fafa added %read and %writ cards 2023-05-24 12:13:43 -04:00
Amadeo Bellotti
653725da98 boiler plate for loch 2023-05-24 12:13:43 -04:00
Joe Bryan
cb280d9eb4 Merge branch 'next/hoon/138' into m/wuthax 2023-05-24 11:51:53 -04:00
Joe Bryan
4a23809063 hoon: embrace the combinatorial explosion 2023-05-24 11:47:56 -04:00
pkova
48adc133e4 mar: add vere mark 2023-05-24 18:37:54 +03:00
Ted Blackman
b5ff3be787
Merge pull request #6460 from urbit/i/6448
hoon: allow `%.` in spec mode
2023-05-24 11:36:23 -04:00
Ted Blackman
00775beba4 hoon: 138k 2023-05-24 11:34:11 -04:00
fang
2b9d603951
ames: turn all pending %boons into %losts
This was the behavior prior to d8e11b6, except that we now correctly include
the new %boon in the transformation also.
2023-05-24 14:07:29 +02:00
yosoyubik
f6101569f5 ames: skip corks if pending acks for naxplanations 2023-05-24 12:35:38 +02:00
fang
5441692a1f
eyre: up priority on unexpected eauth traces
These are more "warning" or "error" as opposed to informational like all
the other ones at level 2.
2023-05-23 22:44:10 +02:00
fang
73ca5ea95d
eyre: make sure we always url-encode the redirect
Just for consistency, just in case.
2023-05-23 22:38:56 +02:00
fang
c133704866
eyre: move incoming eauth expiry logic into +eauth
+expiry:client:eauth, to be precise. This is a slightly cleaner
factoring.
2023-05-23 22:37:05 +02:00
fang
60eaf8a979
eyre: handle %lost and goof error cases correctly
We weren't handling these at all. Now we make them enter the same
codepath that %done nacks go into: deleting the attempt and maybe
telling the user if we can.

Note that Eyre will not receive %lost for %boons it crashes on until
2023-05-23 22:29:08 +02:00
fang
d8e11b68c2
ames: correctly %lose a %boon we crashed on
Previously, if we noticed %boon handling had caused a crash, we would
transform any existing %boons into %losts, but still emit a new %boon
for the message we ostensibly crashed on.

Now, we make sure to just directly send a %lost if sending the %boon
caused a crash. We drop the existing-moves transformation entirely,
assuming it to vestigial.
2023-05-23 22:10:17 +02:00
fang
02e8120298
eyre: factor +eauth-error-page out of event core
This will make it easier to access for tests. The change to its
interface is also nice: in pretty much all scenarios in which we call
it, we already know whether we have redirect deets available to us, so
just provide those as arguments instead of having the function
re-derive.
2023-05-23 19:58:11 +02:00
Ted Blackman
89681e25b4
Merge branch 'next/kelvin/412' into yu/remove-num-live 2023-05-23 11:50:40 -04:00
Ted Blackman
579c3259ad merge develop into next/kelvin/412 2023-05-23 11:49:24 -04:00
yosoyubik
3554ab895d ames: remove num-live from pump-metrics 2023-05-23 06:48:15 +02:00
fang
87be9c9bef
eyre: add task for setting manual eauth base url 2023-05-22 21:08:11 +02:00
fang
f1ab9574e6
eyre: better styling for the eauth confirm page
Brief prompt describing the login attempt's target, properly styled
buttons.

Pulls the CSS code for login pages out into its own arm for cleaner
sharing.
2023-05-22 19:48:28 +02:00
yosoyubik
e440a443e5 ames: don't no-op if getting %ack on nack bone 2023-05-22 17:53:20 +02:00
yosoyubik
1921fd277c ames: add comment 2023-05-22 17:38:31 +02:00
Josh Lehman
799c49f873
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 08:37:32 -07:00
Tinnus Napbus
2ba8e45fd2 tests: fix tests for provenance 2023-05-23 01:55:55 +12:00
Tinnus Napbus
de51f74dc2 gall: implement local provenance 2023-05-23 01:12:09 +12:00
yosoyubik
89da6d433b ames: fix incorrect handling of acks in |pack 2023-05-22 15:05:18 +02:00
jose
7df931b375
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 13:23:02 +02:00
yosoyubik
a765954cee ames: don't get ship-state in +enqueue-alien-todo
ship-state is retrieved in +send-blob only for sponsors of the ship
2023-05-22 12:49:00 +02:00
yosoyubik
7d153ba99a ames: fix no-op if getting %ack on nack-trace bone 2023-05-22 12:14:53 +02:00
yosoyubik
66b92800e3 ames: don't retrieve ship-state in +send-blob 2023-05-22 11:41:32 +02:00
yosoyubik
b427f1c321 ames: early abet in |fi after route update
Continuation of https://github.com/urbit/urbit/pull/6593
2023-05-22 10:58:50 +02:00
fang
7d4f9d1b57
eyre: properly redirect unauthed eauth confirms
We had naively changed the status code to a 403 "forbidden" response,
which is technically correct, but the "Location" header isn't respected
for that status code, leaving the user with a blank page instead of a
login prompt.
2023-05-19 22:53:02 +02:00
fang
0762c7a127
eyre: only accept eauth approvals from ourselves
Instead of accepting POST requests from anyone who asks.
2023-05-19 19:23:24 +02:00
fang
3347e84811
eyre: rename authentication-state to auth
Only in the $server-state type, the lull typename remains unchanged (for
now). "authentication-state" is just such a mouthful!
2023-05-19 11:32:07 +02:00
fang
dd41df7d7c
tests: make eyre tests build & succeed again 2023-05-19 11:09:11 +02:00
fang
33c3474ae5
eyre: improve eauth login page ux
We improve the styling on the login mode switching "tabs", ensure
elements shared between the two modes are visually aligned, do loose
input validation on the name field, and simply don't render the eauth
option at all if the local ship does not yet have an +eauth-url.
2023-05-19 10:35:23 +02:00
fang
816706892c
dbug: support eyre eauth state & functionality 2023-05-18 23:40:16 +02:00
fang
02a2d116fe
Merge branch 'next/kelvin/412' into m/eyre-mirage 2023-05-18 23:15:55 +02:00
fang
8579b6c952
eyre: eauth, cross-ship authentication
aka "mirage" aka "eyre oauth"

With Eyre now supporting both local identity authentication, and fake
guest identities, the logical next step is to support authentication
with real non-local identities. Here, we implement that, building on top
of the groundwork laid by #6561.

The primary change is adding a %real case to Eyre's $identity type, and
implementing an http<->ames<->ames handshaking protocol into Eyre for
negotiating approval of login attempts made by unauthenticated HTTP
clients.

The authentication flow, where a "visitor" logs into a "~host" as their
own "~client" identity can be described in brief as follows:
1) Visitor makes an HTTP request saying they are ~client.
2) ~host tells ~client, over Ames, about its own public-facing hostname.
3) ~client responds with its own public-facing hostname.
4) ~host forwards the visitor to ~client's eauth page.
5) Visitor, there already logged in as ~client, approves the login
   attempt.
6) ~client shares a secret with ~host over Ames, and forwards the
   visitor to ~host's eauth page, including the secret in the request.
7) ~host sees that the secrets received over Ames and HTTP match, and
   gives the visitor a new session token, identifying them as ~client.

The negotiating of hostnames/URLs via Ames is crucial to keeping this
handshake sequence secure.

Discovering a ship's public-facing hostname happens when successful
local logins are made by reading out the Host header from the request.
Users may hard-code a value to override this.

Each eauth login attempt comes with a unique nonce. Both the host and
client track the lifetime of these. The corresponding Ames flow (which
goes from ~host -> ~client) is corked when the login attempt gets
aborted, or its associated session expires.

The logout functionality has been updated to let clients ask to be
logged out of sessions on other ships.
2023-05-18 23:13:15 +02:00
Joe Bryan
15440d3dda ames: add %rift to %stir 2023-05-17 16:51:12 -04:00
fang
4019cfba79
Merge pull request #6561 from urbit/m/the-open-eyre
eyre: session identities for all
2023-05-17 13:03:14 +02:00
Philip Monk
8cba74630f ames: bugfixes 2023-05-16 23:05:17 -07:00
Edward Amsden
5606bb32f1 hoon: make +pin total over non-zero atoms 2023-05-16 19:32:09 -05:00
Edward Amsden
a19a41198a hoon: +awl -> +hub 2023-05-16 19:07:36 -05:00
Edward Amsden
e020d06cd4 hoon: address review comments for pin and awl 2023-05-16 18:51:07 -05:00
Edward Amsden
6b4b652f31 Merge remote-tracking branch 'origin/develop' into ea/add-subaxis-test 2023-05-16 18:10:56 -05:00
Edward Amsden
cce2b5c9ed hoon: add pin and awl arms to test and trim subaxes 2023-05-16 18:09:09 -05:00
Ted Blackman
07797dc792
Merge pull request #6591 from urbit/jb/clay-cast
clay: shortcircuit identity casts
2023-05-16 18:22:18 -04:00
Joe Bryan
40c52743e1 Merge branch 'develop' into next/kelvin/412 2023-05-16 18:07:46 -04:00
Joe Bryan
bbd43cc7d4 clay: clarify +compose-cast trace messages 2023-05-16 16:42:13 -04:00
Joe Bryan
401776545c clay: shortcircuit identity casts 2023-05-16 15:59:04 -04:00
Joe Bryan
c84cf7359b clay: adds trace level 4 for mark conversion details 2023-05-16 15:58:55 -04:00
fang
637992475b
eyre: refactor guest name generation
Concatenating before we truncate, instead of truncating the entropy by
itself, is slightly simpler.

Because this slightly changes the naming algorithm, we must update the
eyre tests to match.
2023-05-16 21:46:48 +02:00
Daryl Richter
8ef86629ec clarify +vats usage in +vat deprecation msg 2023-05-16 14:40:08 -04:00
Ted Blackman
0760248300
Merge pull request #6555 from urbit/story-fix
Fix story (commit message system).
2023-05-16 11:30:57 -04:00
Ted Blackman
0113f8a01d
Merge pull request #6586 from urbit/i/6584/rift-life-gen
gen: add +ames-keys generator
2023-05-16 11:22:05 -04:00
Philip Monk
48b10dcdc7 clay: add fast-path for permissions check 2023-05-15 16:15:52 -07:00
yosoyubik
6135349d85 gen: don't crash if alien 2023-05-12 10:27:30 +02:00
yosoyubik
f224d5be60 gen: add +ames-keys generator 2023-05-12 09:20:43 +02:00
Pyry Kovanen
65fd1cc179
Merge pull request #6581 from urbit/master
Merge ames on-take-wake fix from master to develop
2023-05-10 19:01:03 +03:00
yosoyubik
42c22bf4f3 ames: on-take-wake no-op if not path for keen 2023-05-10 17:18:31 +02:00
~wicrum-wicrun
f0360e69a2
Merge pull request #6578 from urbit/master
Merge clay null tako fix from master back to develop
2023-05-10 16:53:08 +02:00
Joe Bryan
50239414ee clay: allow reads at the null tako 2023-05-10 09:51:14 -04:00
Pyry Kovanen
90b9292cc6
Merge pull request #6573 from urbit/master
Merge master into develop with the gall suspend fix
2023-05-10 16:01:57 +03:00
yosoyubik
3219ce5cb7 gall: don't throw away agent when suspending it 2023-05-10 13:51:58 +02:00
Pyry Kovanen
5777f91b36
Merge pull request #6569 from urbit/master
Merge master back to develop after urbit-os-v2.139
2023-05-09 22:43:44 +03:00
fang
b7e8b9cbfe
clay: the commit must actually be known
+read-at-tako was checking for the zero tako, but had the conditional
inverted. Here, we correct the conditional, and fold the
+may-read check into the whole.
2023-05-09 20:59:51 +02:00
Ted Blackman
fe91cdd357 Merge pull request #6566 from urbit/wicrum/live-before-abed
gall: always check that an agent isn't nuked before initializing `+ap`
2023-05-09 18:50:26 +03:00
~wicrum-wicrun
6d984e764e gall: return [~ ~] when scrying a nuked or nonexistant agent 2023-05-09 17:29:04 +02:00
~wicrum-wicrun
55fc624f72 gall: check the union tag instead of the dude 2023-05-09 17:21:21 +02:00
~wicrum-wicrun
4660380dac gall: remove sigpam 2023-05-09 17:17:03 +02:00
~wicrum-wicrun
af4bf28ac7 gall: always check that an agent isn't nuke before initializing +ap 2023-05-09 17:14:19 +02:00
Pyry Kovanen
f0e4e7f980 spider: uncomment spurious comment line 2023-05-09 18:13:31 +03:00
~wicrum-wicrun
ded78a6ab1 gall: don't try to notify nuked agents about breaches 2023-05-09 18:13:09 +03:00
~wicrum-wicrun
d65bcc248e gall: don't try to notify nuked agents about breaches 2023-05-09 16:40:18 +02:00
fang
449eeb6d7f
eyre: make sure guest identity cannot be ours
If there turned out to be some way for requesters to control the
entropy, this might lead to privilege escalation on comets.
2023-05-09 15:31:47 +02:00
fang
d4b99b402f
dbug: ensure eyre identity columns are aligned
Longer vs shorter identity names would cause misalignment.
2023-05-09 15:22:49 +02:00
fang
466fc0b63b
eyre: pass session-id+identity into auth handling
This lets it also clean up guest sessions created just for the login
request, and lets us display the current guest identity on the login
page.
2023-05-09 15:10:14 +02:00
yosoyubik
b154c62fdc ames, tests: remove extraneous comments 2023-05-09 11:43:54 +02:00
fang
61ca0324ac
eyre: start session expiry only "once"
This condition got incorrectly inverted during 0fee4ce. Of course, the
logic here is still subtly incorrect: if a session gets deleted before
the timer fires, then we set a second one. Unfortunately, we are now
here to fix the bug right now.
2023-05-08 19:00:10 +02:00
Pyry Kovanen
ac9c779e2d
spider: uncomment spurious comment line 2023-05-08 19:08:12 +03:00
yosoyubik
f53fee723a ames: defer mutual calls between |pump and |sink
|pump and |sink call into each other in three places
related to nacks and naxplanations (sending a nack,
notifying the |pump of a naxplanation, or dropping a
nack from the |sink). This intra calls are making implicit
updates to more parts of the state than the core should
manage. To avoid that we emit a move to %arvo, encoded
as an %ames plea, to handle that in the next event.
2023-05-08 15:28:13 +02:00
fang
f1c839717e
dbug: handle new eyre identities, fancier logout
Include and render identities associated with requests, channels, and
login sessions. Provide the ability to kick identities and their
sessions, logging them out.
2023-05-05 23:46:30 +02:00
fang
744dea2267
various: stop asserting =(src our):bowl for http
It is no longer guaranteed that the src.bowl for incoming HTTP-related
events is equal to our.bowl. Instead, it will reflect the identity
associated with the request, our or otherwise.

When serving publicly-accessible endpoints, the assertion never made
much sense, but with recent changes actively prevents guests from
accessing the endpoints. Here, we correct all such cases.
2023-05-05 23:41:05 +02:00
fang
d15de3b48c
eyre: update %name, add %host endpoint
%name now returns the identity of the session associated with the
request. %host will always return the @p of the ship *handling* the
request.

The latter becomes especially important for guest sessions, who can only
interact with agents on the local ship, but will still need to specify
who that ship is.
2023-05-05 23:38:40 +02:00
fang
b387235597
eyre: enable host to log out any other session
Now that sessions with non-local identities can exist, the host/local
identity should be empowered to forcefully log off any session it hosts.

Additionally, we augment the logout logic with redirect functionality:
it now respects the "redirect" query parameter in the same way the login
page does. Still defaults to redirecting to the login page.
2023-05-05 23:33:37 +02:00
fang
b6e8cd616f
eyre: give 400 for invalid channel requests
We previously had no mechanism for giving error responses, if a client
submitted an invalid request into a channel. Guest access makes this
important, because guests cannot interact with remote ships. Attempting
to do so will cause a gall crash.

Here, we add error handling logic to channel request processing. We
catch the invalid cases described above and invalidate the entire batch
of channel requests if they occur. We make sure to drop the moves and
revert the state we changed, and give a 400 to the client that
informally describes the problem(s).
2023-05-05 22:08:18 +02:00
fang
0fee4ce50b
eyre: guest ids for unauthenticated requests
aka "the open eyre" aka "universal basic identity"

Urbit already supports presence on the clearnet, but fails to expose any
of its interactive affordances to unauthenticated users. Here, we
improve this situation by granting "guest identity" @ps to every
unauthenticated HTTP request, and extending the channels functionality
to them.

Sessions no longer represent only the local identity. Instead, each
session has either the local identity, or a fake guest identity
associated with it.

Every request that does not provide a session key/cookie gets assigned
a fresh one with a guest identity on the spot. As a result, every
single request has an identity associated with it.

The identity of a request gets propagated into userspace, if the request
ends up there.
For normal HTTP requests, this means the src.bowl gets set to that
identity for both the watch and poke of the request. For backwards
compatibility, the authenticated flag on the request noun gets set at
normal: only true if the request came from the local identity.
For channel requests, this means the src.bowl gets set to that identity
for any pokes and watches it sends, and it can only send those to agents
running on the local ship.

The scry endpoint remains unchanged in its behavior: only available to
the local identity.

Notable implementation detail changes in this diff include:
- Factored all gall interactions out into +deal-as.
- Sessions no longer represent exclusively the local identity. This
matters a lot to +give-session-tokens, %code-changed, and logout
handling.
- Session management got factored out into explicit +start-session and
+close-session arms.
2023-05-05 21:59:17 +02:00
Josh Lehman
a6024e33a9
Merge pull request #6553 from urbit/m/eyre-crud-500
eyre: when a %request causes a crud, serve 500
2023-05-05 08:51:28 -07:00
yosoyubik
6213e0bbb3 ames: move +bind-duct to peer-core 2023-05-05 13:06:17 +02:00
yosoyubik
df47808047 Merge branch 'develop' into i/6103/abet-pure 2023-05-05 09:53:01 +02:00
Sigilante
0762b90daa
Update story-remove.hoon 2023-05-04 16:25:39 -05:00
Sigilante
03da1cb4f9
Update story-write.hoon 2023-05-04 16:22:44 -05:00
Sigilante
6389776fc1
Update story-init.hoon 2023-05-04 16:17:50 -05:00
Ted Blackman
65b069a1d9 zuse: kelvin 412 2023-05-04 11:42:41 -04:00
fang
08ad367cd8
eyre: when a %request causes a crud, serve 500
Previously, if an incoming request caused a crash, we would just drop it
on the floor. We should at least have the decency to serve the client a
quick 500 and let them get on with their day.

We make sure not to touch state here. The connection is guaranteed-fresh
because of the task's semantics, and we're handling it in-line in one go.

Notably we only give a simple "crud!" for the body, instead of the full
error trace. We don't know whether the request is authenticated or not
(and who knows if checking was the cause of the crash!), and the crud
might leak sensitive details about the ship it occurred on. For the
owner, the trace still gets printed into the terminal.
2023-05-04 17:42:36 +02:00
Ted Blackman
24467176f6
Merge pull request #6550 from urbit/jb/clay-quiet
clay: remove %take-foreign slog
2023-05-04 11:38:55 -04:00
Ted Blackman
de58756736
Merge pull request #6548 from urbit/philip/pending
clay: on update, remove all previous pending updates
2023-05-04 11:38:22 -04:00
Ted Blackman
100333cd5a
Merge pull request #6549 from urbit/jb/eyre-safe
eyre: handle agent errors safely
2023-05-03 19:16:10 -04:00
Joe Bryan
48ec5b2693 clay: remove %take-foreign slog 2023-05-03 18:48:30 -04:00
Joe Bryan
c42f1d2663 eyre: corrects connection lifecycle comment 2023-05-03 18:40:22 -04:00
Joe Bryan
c349d154b6 eyre: optimizes responses, removes redundant connection state updates 2023-05-03 18:39:19 -04:00
Joe Bryan
007a32c47a eyre: remove redundant connection retrieval 2023-05-03 18:25:48 -04:00
Joe Bryan
7fb2f613d4 eyre: no-op on agent-error when missing connection state 2023-05-03 18:25:10 -04:00
Philip Monk
9d7b196024 clay: on update, remove all previous pending updates
Fixes #6537, see discussion there for alternatives.
2023-05-03 13:03:53 -07:00
Joe Bryan
7f2257e581 clay: virtualize parsing to workaround runaway memoization 2023-05-02 17:16:22 -04:00
Ted Blackman
51e85291c1
Merge pull request #6542 from urbit/wicrum/wan-mop
lull,ames: use `mop` instead of `pha` in `.wan.keens`
2023-05-02 11:55:38 -04:00
~wicrum-wicrun
451a84d467 jael: fake ships always have rift=0 2023-05-02 17:36:22 +02:00
Ted Blackman
09fb89bd5b
Merge pull request #6509 from urbit/jon/doccords-lustar-tistar
turn off doccord parsing for +*, =*
2023-05-02 11:23:15 -04:00
~wicrum-wicrun
c1e14bdbf5 ames: use +pry:mop and +del:mop instead of virtualizing 2023-05-02 17:07:14 +02:00
~wicrum-wicrun
c03c3dc13b ames: migration uses +tap:deq instead of +dip-left:deq 2023-05-02 17:01:53 +02:00
Ted Blackman
1c69528565
Merge pull request #6538 from bacwyls/bwyl/read-s-subs-413-patch
clay: fix read-s subs for 413
2023-05-02 10:42:29 -04:00
Joe Bryan
1c26d431f5 hoon: threads doccords flags through +vang, compatibly 2023-05-02 10:34:33 -04:00
Joe Bryan
4a92c7d7d4 Revert "hoon: add doc parsing flag to +vang"
This reverts commit 94ba944188.
2023-05-02 10:31:42 -04:00
~wicrum-wicrun
ecaf70bc00 ames,lull,zuse: move +pha and +deq into ames to not pollute kelvin code 2023-05-02 16:26:59 +02:00
~wicrum-wicrun
ded0b75914 ames,lull: .wan.keen uses fragment as mop key 2023-05-02 16:25:51 +02:00
~wicrum-wicrun
d7a2c53df8 lull,ames: use mop instead of pha in .wan.keens 2023-05-02 15:17:25 +02:00
bacwyls
4a1aae5c48 clay: fix read-s subs for 413
=case was added as an argument to read-s to support %cs subs
it was accidentally removed as an argument during a merge,
breaking %cs subs by causing it to always crash in a
comparison between case and [%da now], because case resolved
to the mold rather than a value. this commit restores
intended functionality.
2023-05-01 18:32:49 -05:00
Joe Bryan
9c59c970e3 vats: fixes +vat 2023-05-01 16:30:21 -04:00
Ted Blackman
b632316fba
Merge pull request #6532 from urbit/jb/vats-perf
vats: force multiline rendering, improve performance
2023-05-01 11:38:30 -04:00
Jonathan Paprocki
e718423135 hoon: remove swap +vang for (doc |) in +loll 2023-05-01 11:37:27 -04:00
Ted Blackman
c3d461d6de
Merge pull request #6515 from urbit/i/6504/fine-next-steps
fine: next steps
2023-05-01 11:32:52 -04:00
Marcus
96398a7b54 clay: add requests permission checks 2023-04-30 19:56:16 -03:00
Joe Bryan
b7bf1e68ca vats: sort alphabetically within constraints (%base first, %kids last) 2023-04-29 10:13:50 -04:00
Joe Bryan
92a1f50a49 vats: refactor generator 2023-04-29 10:05:56 -04:00