Git-Mirrors/LXMF
1
0
Fork 0
mirror of https://github.com/markqvist/LXMF.git synced 2025-11-24 09:23:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added remote status and control by allow-list for lxmd

Browse source
This commit is contained in:
Mark Qvist 2025-11-01 13:10:28 +01:00
parent 0cebd5886d
commit fa9fd2ae01
2 changed files with 39 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

28
LXMF/LXMRouter.py
View file

@ -101,6 +101,7 @@ class LXMRouter:
self.prioritised_list = [] self.prioritised_list = []
self.ignored_list = [] self.ignored_list = []
self.allowed_list = [] self.allowed_list = []
self.control_allowed_list = []
self.auth_required = False self.auth_required = False
self.retain_synced_on_node = False self.retain_synced_on_node = False
@ -450,6 +451,16 @@ class LXMRouter:
else: else:
raise ValueError("Disallowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes") raise ValueError("Disallowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
def allow_control(self, identity_hash=None):
if isinstance(identity_hash, bytes) and len(identity_hash) == RNS.Identity.TRUNCATED_HASHLENGTH//8:
if not identity_hash in self.control_allowed_list: self.control_allowed_list.append(identity_hash)
else: raise ValueError("Allowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
def disallow_control(self, identity_hash=None):
if isinstance(identity_hash, bytes) and len(identity_hash) == RNS.Identity.TRUNCATED_HASHLENGTH//8:
if identity_hash in self.control_allowed_list: self.control_allowed_list.pop(identity_hash)
else: raise ValueError("Disallowed identity hash must be "+str(RNS.Identity.TRUNCATED_HASHLENGTH//8)+" bytes")
def prioritise(self, destination_hash=None): def prioritise(self, destination_hash=None):
if isinstance(destination_hash, bytes) and len(destination_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: if isinstance(destination_hash, bytes) and len(destination_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8:
if not destination_hash in self.prioritised_list: if not destination_hash in self.prioritised_list:
@ -628,9 +639,10 @@ class LXMRouter:
self.propagation_destination.register_request_handler(LXMPeer.OFFER_REQUEST_PATH, self.offer_request, allow = RNS.Destination.ALLOW_ALL) self.propagation_destination.register_request_handler(LXMPeer.OFFER_REQUEST_PATH, self.offer_request, allow = RNS.Destination.ALLOW_ALL)
self.propagation_destination.register_request_handler(LXMPeer.MESSAGE_GET_PATH, self.message_get_request, allow = RNS.Destination.ALLOW_ALL) self.propagation_destination.register_request_handler(LXMPeer.MESSAGE_GET_PATH, self.message_get_request, allow = RNS.Destination.ALLOW_ALL)
self.control_destination = RNS.Destination(self.identity, RNS.Destination.IN, RNS.Destination.SINGLE, APP_NAME, "propagation", "control") self.control_allowed_list = [self.identity.hash]
self.control_destination.register_request_handler(LXMRouter.STATS_GET_PATH, self.stats_get_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=[self.identity.hash]) self.control_destination = RNS.Destination(self.identity, RNS.Destination.IN, RNS.Destination.SINGLE, APP_NAME, "propagation", "control")
self.control_destination.register_request_handler(LXMRouter.SYNC_REQUEST_PATH, self.peer_sync_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=[self.identity.hash]) self.control_destination.register_request_handler(LXMRouter.STATS_GET_PATH, self.stats_get_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=self.control_allowed_list)
self.control_destination.register_request_handler(LXMRouter.SYNC_REQUEST_PATH, self.peer_sync_request, allow = RNS.Destination.ALLOW_LIST, allowed_list=self.control_allowed_list)
if self.message_storage_limit != None: if self.message_storage_limit != None:
limit_str = ", limit is "+RNS.prettysize(self.message_storage_limit) limit_str = ", limit is "+RNS.prettysize(self.message_storage_limit)
@ -807,13 +819,13 @@ class LXMRouter:
return node_stats return node_stats
def stats_get_request(self, path, data, request_id, remote_identity, requested_at): def stats_get_request(self, path, data, request_id, remote_identity, requested_at):
if remote_identity == None: return LXMPeer.ERROR_NO_IDENTITY if remote_identity == None: return LXMPeer.ERROR_NO_IDENTITY
elif remote_identity.hash != self.identity.hash: return LXMPeer.ERROR_NO_ACCESS elif remote_identity.hash not in self.control_allowed_list: return LXMPeer.ERROR_NO_ACCESS
else: return self.compile_stats() else: return self.compile_stats()
def peer_sync_request(self, path, data, request_id, remote_identity, requested_at): def peer_sync_request(self, path, data, request_id, remote_identity, requested_at):
if remote_identity == None: return LXMPeer.ERROR_NO_IDENTITY if remote_identity == None: return LXMPeer.ERROR_NO_IDENTITY
elif remote_identity.hash != self.identity.hash: return LXMPeer.ERROR_NO_ACCESS elif remote_identity.hash not in self.control_allowed_list: return LXMPeer.ERROR_NO_ACCESS
else: else:
if type(data) != bytes: return LXMPeer.ERROR_INVALID_DATA if type(data) != bytes: return LXMPeer.ERROR_INVALID_DATA
elif len(data) != RNS.Identity.TRUNCATED_HASHLENGTH//8: return LXMPeer.ERROR_INVALID_DATA elif len(data) != RNS.Identity.TRUNCATED_HASHLENGTH//8: return LXMPeer.ERROR_INVALID_DATA

24
LXMF/Utilities/lxmd.py
View file

@ -187,6 +187,11 @@ def apply_config():
active_configuration["prioritised_lxmf_destinations"] = lxmd_config["propagation"].as_list("prioritise_destinations") active_configuration["prioritised_lxmf_destinations"] = lxmd_config["propagation"].as_list("prioritise_destinations")
else: else:
active_configuration["prioritised_lxmf_destinations"] = [] active_configuration["prioritised_lxmf_destinations"] = []
if "propagation" in lxmd_config and "control_allowed" in lxmd_config["propagation"]:
active_configuration["control_allowed_identities"] = lxmd_config["propagation"].as_list("control_allowed")
else:
active_configuration["control_allowed_identities"] = []
if "propagation" in lxmd_config and "static_peers" in lxmd_config["propagation"]: if "propagation" in lxmd_config and "static_peers" in lxmd_config["propagation"]:
static_peers = lxmd_config["propagation"].as_list("static_peers") static_peers = lxmd_config["propagation"].as_list("static_peers")
@ -410,13 +415,16 @@ def program_setup(configdir = None, rnsconfigdir = None, run_pn = False, on_inbo
for dest_str in active_configuration["prioritised_lxmf_destinations"]: for dest_str in active_configuration["prioritised_lxmf_destinations"]:
try: try:
dest_hash = bytes.fromhex(dest_str) dest_hash = bytes.fromhex(dest_str)
if len(dest_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: if len(dest_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: message_router.prioritise(dest_hash)
message_router.prioritise(dest_hash) except Exception as e: RNS.log("Cannot prioritise "+str(dest_str)+", it is not a valid destination hash", RNS.LOG_ERROR)
except Exception as e:
RNS.log("Cannot prioritise "+str(dest_str)+", it is not a valid destination hash", RNS.LOG_ERROR)
message_router.enable_propagation() message_router.enable_propagation()
for ident_str in active_configuration["control_allowed_identities"]:
try:
identity_hash = bytes.fromhex(ident_str)
if len(identity_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8: message_router.allow_control(identity_hash)
except Exception as e: RNS.log(f"Cannot allow control from {ident_str}, it is not a valid identity hash", RNS.LOG_ERROR)
RNS.log("LXMF Propagation Node started on "+RNS.prettyhexrep(message_router.propagation_destination.hash)) RNS.log("LXMF Propagation Node started on "+RNS.prettyhexrep(message_router.propagation_destination.hash))
@ -834,6 +842,12 @@ __default_lxmd_config__ = """# This is an example LXM Daemon config file.
enable_node = no enable_node = no
# You can specify identity hashes for remotes
# that are allowed to control and query status
# for this propagation node.
# control_allowed = 7d7e542829b40f32364499b27438dba8, 437229f8e29598b2282b88bad5e44698
# An optional name for this node, included # An optional name for this node, included
# in announces. # in announces.