Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: don't send core keys or haves to peers without capabilities #390

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: don't send core keys or haves to peers without capabilities #390

wants to merge 1 commit into from

Conversation

gmaclennan
Copy link
Member

This changes how core keys are shared and when "pre-have" messages are shared. "pre-haves" are information about which blocks (data records) a peer has, and they are used to show the user before sync starts how much data there is to sync, but we don't want to leak this data to unauthorized clients.

Currently any peer with the project key can receive keys for all cores in the project, and receive the haves for all cores in the project.

This PR makes the following changes:

  • Only auth core keys are sent to connected peers
  • All auth core keys are "pushed" (rather than previously they were requested ("pulled") when the peer tried to replicate that core.
  • Other core keys are added from core ownership records, but only once we verify that the peer has previously been invited to the project (keys are sent even if they have since been removed from the project, because it can still be useful to have their data)
  • Pre-have messages are only sent to peers that have sync capability for a particular namespace.

@gmaclennan gmaclennan self-assigned this Nov 27, 2023
@gmaclennan gmaclennan linked an issue Nov 27, 2023 that may be closed by this pull request
Avoid leaking core keys and pre-have messages to devices with the project key, but without project access #268
Open
6 tasks
Base automatically changed from fix/await-indexing to main November 28, 2023 12:54
@gmaclennan gmaclennan force-pushed the feat/core-ownership-capabilities-update-events branch 2 times, most recently from 20154f7 to 77aeeff Compare November 29, 2023 02:33
@gmaclennan gmaclennan force-pushed the feat/core-ownership-capabilities-update-events branch from 0b6362a to 0f4a0d6 Compare November 30, 2023 06:15
gmaclennan
gmaclennan commented Aug 8, 2024
View reviewed changes
src/core-manager/index.js
})
this.#projectExtension.send(message, peer)
/**
* Sends auth core keys to the given peer, skipping any keys that we know the
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this skips any keys yet, which is fine, probably a perf optimization for later.

EvanHahn added a commit that referenced this pull request Aug 16, 2024
@EvanHahn @gmaclennan
chore: only write auth writer core once in CoreOwnership
977ef77 
We want to call a function once the auth writer core emits its `ready`
event. Using `once` lets us clean up the listener once it fires, rather
than leaving it around.

Extracted from [#390].

[#390]: #390

Co-Authored-By: Gregor MacLennan <[email protected]>
@EvanHahn EvanHahn mentioned this pull request Aug 16, 2024
Merged
EvanHahn added a commit that referenced this pull request Aug 23, 2024
@EvanHahn @gmaclennan
chore: only write auth writer core once in CoreOwnership (#755)
4e19cbc 
We want to call a function once the auth writer core emits its `ready`
event. Using `once` lets us clean up the listener once it fires, rather
than leaving it around.

Extracted from [#390].

[#390]: #390

Co-authored-by: Gregor MacLennan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gmaclennan gmaclennan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Avoid leaking core keys and pre-have messages to devices with the project key, but without project access
1 participant
@gmaclennan