Conversation
|
@mik2k2 Thank you for doing all of this work, you've clearly put a lot of effort into it. :) I'll take a closer look a bit later, but some answers for your questions:
Yea, it's quite huge. Would be nice to keep the command add sections relatively small, so it would be great if you could pull it apart into some helpers that live adjacently somewhere.
I think it's fine as it is. Let's keep the PRs as small as possible, we can always add more later but it's always an uphill battle for me to ask you to remove things. :)
Good question! Let's err on the side of less for now, can always add more later.
Yea this part is tricky. This is partly why I avoid add/remove and instead overload durations for remove. IMO fingerprints should be supported. We can detect if it's a fingerprint or a pubkey. Fingerprints start with Aside: I've been thinking of renaming the whole feature to |
|
Thank you for looking at my work. The "problem" with keys/fingerprints (regarding
Allowing fingerprints is probably easier, but it's not trivial. Should just the command name change to allowlist, just the code I've touched, or all the code? |
|
You're right, we'll need to convert the Whitelist set to contain fingerprints rather than pubkeys first. We can add fingerprint support in a later PR. :) It would be a backwards-compatible change. Long-term I'd love to change all of the user-facing stuff to use allowlist rather than whitelist, but I think it'd be fine to just have this command be /allowlist for now. |
…he handler function
|
Thank you for continuing to work on this. :) Please ping when it's ready to review! |
…ork) This reverts commit 664dbb0.
…le; add a reverify test
|
@shazow I think it's mostly done now. Two remaining questions I have:
|
Sounds good but not blocking. Feel free to add that if you want, or we can add it in the future. :)
That's fine. :) Someday should refactor the loader to read from an |
shazow
left a comment
shazow
left a comment
There was a problem hiding this comment.
Some suggestions, but overall I think this is a very valuable change and we should merge/deploy soon. :) Thank you for your work!!
host.go
Outdated
| msgs = append(msgs, fmt.Sprintf("The following connected users are on the allowlist: %v", whitelistedUsers)) | ||
| } | ||
| if len(whitelistedKeys) != 0 { | ||
| msgs = append(msgs, fmt.Sprintf("The following keys of not connected users are on the allowlist: %v", whitelistedKeys)) |
There was a problem hiding this comment.
| msgs = append(msgs, fmt.Sprintf("The following keys of not connected users are on the allowlist: %v", whitelistedKeys)) | |
| msgs = append(msgs, fmt.Sprintf("Connected user keys not included on the allowlist: %v", whitelistedKeys)) |
There was a problem hiding this comment.
This is actually different: These are keys with inAllowlist && !userConnected. (I read your suggestion as !inAllowlist && userConncted)
There was a problem hiding this comment.
If we switch the loops, we can get connected unlisted users instead (we can also get both, but that means a bit more bookkeeping). What do you prefer?
|
I changed the messages and did a complete whitelist -> allowlist rename. As options to the executable we now accept both, with a warning printed on --whitelist (which you might want to phrase differently?). |
shazow
left a comment
shazow
left a comment
There was a problem hiding this comment.
A couple of minor phrasing suggestions but overall looks good! Let me know when you're ready to merge. :)
|
I just have one final question: on |
|
Hm. I think we want the set in the allowlist, and (optionally) their connected status. Honestly I might tweak that code a bit after merging and playing with it. :) |
|
OK, then I'm fine with merging.
|
|
@mik2k2 Would you mind please updating the test so that the build passes before I merge? :) |
|
Oh, sorry. |
|
@mik2k2 Thank you for working on this!! |
3 participants
closes #270
also closes #256
user-facing changes
Ops have a new /whitelist command to modify the whitelist. Help text:
Essentially #270 commands plus reload, reverify (which might have been implicit in on?) and status.
This whitelist is enabled by default at startup if a file is specified (previous behaviour: whitelist enabled == people in the whitelist set). This means that you will see the whitelist enabled when it wasn't before iff you specify a whitelist file without keys.
inside changes
Files (op and whitelist) are now loaded from
auth.goinstead of fromcmd/ssh-chat/cmd.go. Apart from moving, I also put more of the loading code in the same place.The whitelist mode is saved as a
bool, instead of being determined by the whitelist set.Obviously, there is a new command,
/whitelist. The handler uses three inner functions for convenience:sendMsgadds a string to a slice that is sent at the end. This makes sure the lines arrive in order.forConnectedUsersexecutes a function for every connected user. Used for "import", "reverify" and "status"forPubkeyUserexecutes a function for every public key specified as argument to the command. A key may be specified either asssh-whatever base64==(with the space, i.e. as two arguments) or as username of a connected user with public key. Used for "add" and "remove".open questions
In addition to these major questions, there are also some TODO comments in the code. Most of them are changes/additions I don't consider necessary. If there isn't anything you'd like to have in them, I'll just silently remove them in one of my next commits.