From fa9fd2ae013e39bc604d68d1e516a652b5c66916 Mon Sep 17 00:00:00 2001
From: Mark Qvist <mark@unsigned.io>
Date: Sat, 1 Nov 2025 13:10:28 +0100
Subject: [PATCH] Added remote status and control by allow-list for lxmd

---
 LXMF/LXMRouter.py      | 28 ++++++++++++++++++++--------
 LXMF/Utilities/lxmd.py | 24 +++++++++++++++++++-----
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/LXMF/LXMRouter.py b/LXMF/LXMRouter.py
index f25c8f0..4f033b7 100644
--- a/LXMF/LXMRouter.py
+++ b/LXMF/LXMRouter.py
@@ -101,6 +101,7 @@ class LXMRouter:
         self.prioritised_list      = []
         self.ignored_list          = []
         self.allowed_list          = []
+        self.control_allowed_list  = []
         self.auth_required         = False
         self.retain_synced_on_node = False
 
@@ -450,6 +451,16 @@ class LXMRouter:
         else:
             raise ValueError("Disallowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
 
+    def allow_control(self, identity_hash=None):
+        if isinstance(identity_hash, bytes) and len(identity_hash) == RNS.Identity.TRUNCATED_HASHLENGTH//8:
+            if not identity_hash in self.control_allowed_list: self.control_allowed_list.append(identity_hash)
+        else: raise ValueError("Allowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
+
+    def disallow_control(self, identity_hash=None):
+        if isinstance(identity_hash, bytes) and len(identity_hash) == RNS.Identity.TRUNCATED_HASHLENGTH//8:
+            if identity_hash in self.control_allowed_list: self.control_allowed_list.pop(identity_hash)
+        else: raise ValueError("Disallowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
+
     def prioritise(self, destination_hash=None):
         if isinstance(destination_hash, bytes) and len(destination_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8:
             if not destination_hash in self.prioritised_list:
@@ -628,9 +639,10 @@ class LXMRouter:
             self.propagation_destination.register_request_handler(LXMPeer.OFFER_REQUEST_PATH, self.offer_request, allow = RNS.Destination.ALLOW_ALL)
             self.propagation_destination.register_request_handler(LXMPeer.MESSAGE_GET_PATH, self.message_get_request, allow = RNS.Destination.ALLOW_ALL)
 
-            self.control_destination = RNS.Destination(self.identity, RNS.Destination.IN, RNS.Destination.SINGLE, APP_NAME, "propagation", "control")
-            self.control_destination.register_request_handler(LXMRouter.STATS_GET_PATH, self.stats_get_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=[self.identity.hash])
-            self.control_destination.register_request_handler(LXMRouter.SYNC_REQUEST_PATH, self.peer_sync_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=[self.identity.hash])
+            self.control_allowed_list = [self.identity.hash]
+            self.control_destination  = RNS.Destination(self.identity, RNS.Destination.IN, RNS.Destination.SINGLE, APP_NAME, "propagation", "control")
+            self.control_destination.register_request_handler(LXMRouter.STATS_GET_PATH, self.stats_get_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=self.control_allowed_list)
+            self.control_destination.register_request_handler(LXMRouter.SYNC_REQUEST_PATH, self.peer_sync_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=self.control_allowed_list)
 
             if self.message_storage_limit != None:
                 limit_str = ", limit is "+RNS.prettysize(self.message_storage_limit)
@@ -807,13 +819,13 @@ class LXMRouter:
             return node_stats
 
     def stats_get_request(self, path, data, request_id, remote_identity, requested_at):
-        if   remote_identity == None:                    return LXMPeer.ERROR_NO_IDENTITY
-        elif remote_identity.hash != self.identity.hash: return LXMPeer.ERROR_NO_ACCESS
-        else:                                            return self.compile_stats()
+        if   remote_identity == None:                               return LXMPeer.ERROR_NO_IDENTITY
+        elif remote_identity.hash not in self.control_allowed_list: return LXMPeer.ERROR_NO_ACCESS
+        else:                                                       return self.compile_stats()
 
     def peer_sync_request(self, path, data, request_id, remote_identity, requested_at):
-        if   remote_identity == None:                    return LXMPeer.ERROR_NO_IDENTITY
-        elif remote_identity.hash != self.identity.hash: return LXMPeer.ERROR_NO_ACCESS
+        if   remote_identity == None:                               return LXMPeer.ERROR_NO_IDENTITY
+        elif remote_identity.hash not in self.control_allowed_list: return LXMPeer.ERROR_NO_ACCESS
         else:
             if type(data)  != bytes:                                return LXMPeer.ERROR_INVALID_DATA
             elif len(data) != RNS.Identity.TRUNCATED_HASHLENGTH//8: return LXMPeer.ERROR_INVALID_DATA
diff --git a/LXMF/Utilities/lxmd.py b/LXMF/Utilities/lxmd.py
index b4599df..1d95fd7 100644
--- a/LXMF/Utilities/lxmd.py
+++ b/LXMF/Utilities/lxmd.py
@@ -187,6 +187,11 @@ def apply_config():
             active_configuration["prioritised_lxmf_destinations"] = lxmd_config["propagation"].as_list("prioritise_destinations")
         else:
             active_configuration["prioritised_lxmf_destinations"] = []
+        
+        if "propagation" in lxmd_config and "control_allowed" in lxmd_config["propagation"]:
+            active_configuration["control_allowed_identities"] = lxmd_config["propagation"].as_list("control_allowed")
+        else:
+            active_configuration["control_allowed_identities"] = []
 
         if "propagation" in lxmd_config and "static_peers" in lxmd_config["propagation"]:
             static_peers = lxmd_config["propagation"].as_list("static_peers")
@@ -410,13 +415,16 @@ def program_setup(configdir = None, rnsconfigdir = None, run_pn = False, on_inbo
         for dest_str in active_configuration["prioritised_lxmf_destinations"]:
             try:
                 dest_hash = bytes.fromhex(dest_str)
-                if len(dest_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8:
-                    message_router.prioritise(dest_hash)
-
-            except Exception as e:
-                RNS.log("Cannot prioritise "+str(dest_str)+", it is not a valid destination hash", RNS.LOG_ERROR)
+                if len(dest_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: message_router.prioritise(dest_hash)
+            except Exception as e: RNS.log("Cannot prioritise "+str(dest_str)+", it is not a valid destination hash", RNS.LOG_ERROR)
 
         message_router.enable_propagation()
+        
+        for ident_str in active_configuration["control_allowed_identities"]:
+            try:
+                identity_hash = bytes.fromhex(ident_str)
+                if len(identity_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: message_router.allow_control(identity_hash)
+            except Exception as e: RNS.log(f"Cannot allow control from {ident_str}, it is not a valid identity hash", RNS.LOG_ERROR)
 
         RNS.log("LXMF Propagation Node started on "+RNS.prettyhexrep(message_router.propagation_destination.hash))
 
@@ -834,6 +842,12 @@ __default_lxmd_config__ = """# This is an example LXM Daemon config file.
 
 enable_node = no
 
+# You can specify identity hashes for remotes
+# that are allowed to control and query status
+# for this propagation node.
+
+# control_allowed = 7d7e542829b40f32364499b27438dba8, 437229f8e29598b2282b88bad5e44698
+
 # An optional name for this node, included
 # in announces.