Merge pull request #3355 from tloncorp/hm/fix-role-deletions-ddos

groups: fix role deletion DDOS
tloncorp · Mar 27, 2024 · 823db5b · 823db5b
2 parents 48fee20 + f456eb5
commit 823db5b
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 45 deletions.
diff --git a/desk/app/channels.hoon b/desk/app/channels.hoon
@@ -767,7 +767,7 @@
   ::
   ++  ca-has-sub
     ^-  ?
-    (~(has by wex.bowl) [ca-sub-wire ship.nest dap.bowl])
+    (~(has by wex.bowl) [ca-sub-wire ship.nest server])
   ::
   ++  ca-safe-sub
     |=  delay=?
@@ -1864,6 +1864,17 @@
   ::
   ++  ca-recheck
     |=  sects=(set sect:g)
+    =/  =flag:g  group.perm.perm.channel
+    =/  groups-prefix  /(scot %p our.bowl)/groups/(scot %da now.bowl)
+    =/  exists-path  (weld groups-prefix /exists/(scot %p p.flag)/[q.flag])
+    =+  .^(exists=? %gx exists-path)
+    ?.  exists  ca-core
+    =/  =path
+      %+  weld
+        groups-prefix
+      /groups/(scot %p p.flag)/[q.flag]/v1/group-ui
+    =+  .^(group=group-ui:g %gx path)
+    ?.  (~(has by channels.group) nest)  ca-core
     ::  if our read permissions restored, re-subscribe
     ?:  (can-read:ca-perms our.bowl)  (ca-safe-sub |)
     ca-core

diff --git a/desk/app/groups.hoon b/desk/app/groups.hoon
@@ -106,7 +106,6 @@
       %noun
     ?+  q.vase  !!
       %reset-all-perms  reset-all-perms
-      %verify-cabals  verify-cabals
     ==
   ::
       %reset-group-perms
@@ -250,41 +249,6 @@
     [%pass wire %agent dock %poke cage]
   core
 ::
-++  verify-cabals  (roll ~(tap by groups) verify-group-cabals)
-++  verify-group-cabals
-  |=  [[=flag:g [* =group:g]] core=_cor]
-  =.  core
-    ::  repair members as needed
-    ::
-    %+  roll
-      ~(tap by fleet.group)
-    |=  [[s=ship =vessel:fleet:g] cre=_core]
-    =/  diff  (~(dif in sects.vessel) ~(key by cabals.group))
-    ?:  =(~(wyt in diff) 0)  cre
-    =/  action  [flag now.bowl %fleet (~(gas in *(set ship)) ~[s]) %del-sects diff]
-    cre(cards [[%pass /groups/role %agent [our.bowl dap.bowl] %poke [act:mar:g !>(action)]] cards.cre])
-  %+  roll
-    ~(tap by channels.group)
-  |=  [[=nest:g =channel:g] cr=_core]
-  =.  cr
-    ::  repair readers as needed
-    ::
-    =/  readers  (~(dif in readers.channel) ~(key by cabals.group))
-    ?.  (gth ~(wyt in readers) 0)  cr
-    =/  action  [flag now.bowl %channel nest %del-sects readers]
-    cr(cards [[%pass /groups/role %agent [our.bowl dap.bowl] %poke [act:mar:g !>(action)]] cards.cr])
-  ::  repair writers as needed
-  ::
-  =+  .^(has=? %gu (channel-scry nest))
-  ?.  has  cr
-  =+  .^([writers=(set sect:g) *] %gx (welp (channel-scry nest) /perm/noun))
-  =/  diff  (~(dif in writers) ~(key by cabals.group))
-  ?.  (gth ~(wyt in diff) 0)  cr
-  ?.  ?=(?(%chat %heap %diary) p.nest)  cr
-  =/  cmd=c-channels:d  [%channel nest %del-writers diff]
-  =/  cage  [%channel-command !>(cmd)]
-  cr(cards [[%pass /groups/role %agent [p.q.nest %channels-server] %poke cage] cards.cr])
-::
 ::  +load: load next state
 ++  load
   |=  =vase
@@ -299,7 +263,6 @@
       %3
     =.  state  old
     =.  cor  restore-missing-subs
-    =.  cor  (emit %pass /groups/role %agent [our.bowl dap.bowl] %poke noun+!>(%verify-cabals))
     =.  cor  (watch-contact |)
     ?:  =(okay:g cool)  cor
     =.  cor  (emil (drop load:epos))
@@ -1496,8 +1459,35 @@
     ::
         %del
       =.  cabals.group  (~(del by cabals.group) sect)
-      =.  cor  (verify-group-cabals [flag ~ group] cor)
-      go-core
+      =/  old-sect=(set sect:g)  (sy sect ~)
+      =.  fleet.group
+        ::  remove from members as needed
+        ::
+        %-  ~(urn by fleet.group)
+        |=  [* =vessel:fleet:g]
+        vessel(sects (~(dif in sects.vessel) old-sect))
+      =/  channels  ~(tap by channels.group)
+      |-
+      ?~  channels  go-core
+      =*  next  $(channels t.channels)
+      =/  [=nest:g =channel:g]  i.channels
+      ::  repair readers as needed
+      ::
+      =.  go-core  (go-channel-del-sects nest old-sect)
+      ::  repair writers as needed
+      ::
+      =+  .^(has=? %gu (channel-scry nest))
+      ::  missing channel
+      ?.  has  next
+      ::  unsupported channel
+      ?.  ?=(?(%chat %heap %diary) p.nest)  next
+      ::  not host
+      ?:  !=(our.bowl p.q.nest)  next
+      =/  cmd=c-channels:d  [%channel nest %del-writers old-sect]
+      =/  cage  [%channel-command !>(cmd)]
+      =/  dock  [p.q.nest %channels-server]
+      =.  cor  (emit %pass /groups/role %agent dock %poke cage)
+      next
     ==
   ::
   ++  go-fleet-update
@@ -1645,6 +1635,7 @@
         vessel(sects (~(dif in sects.vessel) sects.diff))
       go-core
     ==
+  ::
   ++  go-channel-update
     |=  [ch=nest:g =diff:channel:g]
     ^+  go-core
@@ -1684,11 +1675,7 @@
       go-core
     ::
         %del-sects
-      =/  =channel:g  (got:by-ch ch)
-      =.  readers.channel  (~(dif in readers.channel) sects.diff)
-      =.  channels.group  (put:by-ch ch channel)
-      ::  TODO: revoke?
-      go-core
+      (go-channel-del-sects ch sects.diff)
     ::
         %zone
       ?.  (has:by-ch ch)  go-core
@@ -1711,6 +1698,14 @@
       =.  channels.group  (put:by-ch ch channel)
       go-core
     ==
+  ::
+  ++  go-channel-del-sects
+    |=  [ch=nest:g sects=(set sect:g)]
+    =/  =channel:g  (~(got by channels.group) ch)
+    =.  readers.channel  (~(dif in readers.channel) sects)
+    =.  channels.group  (~(put by channels.group) ch channel)
+    go-core
+  ::
   ++  go-bump-zone
     |=  [ch=nest:g =channel:g]
     =/  =zone:g  zone.channel