Skip to content

feat: don't send core keys or haves to peers without capabilities#390

Draft
gmaclennan wants to merge 1 commit intomainfrom
feat/core-ownership-capabilities-update-events
Draft

feat: don't send core keys or haves to peers without capabilities#390
gmaclennan wants to merge 1 commit intomainfrom
feat/core-ownership-capabilities-update-events

Conversation

@gmaclennan
Copy link
Member

@gmaclennan gmaclennan commented Nov 27, 2023

This changes how core keys are shared and when "pre-have" messages are shared. "pre-haves" are information about which blocks (data records) a peer has, and they are used to show the user before sync starts how much data there is to sync, but we don't want to leak this data to unauthorized clients.

Currently any peer with the project key can receive keys for all cores in the project, and receive the haves for all cores in the project.

This PR makes the following changes:

  • Only auth core keys are sent to connected peers
  • All auth core keys are "pushed" (rather than previously they were requested ("pulled") when the peer tried to replicate that core.
  • Other core keys are added from core ownership records, but only once we verify that the peer has previously been invited to the project (keys are sent even if they have since been removed from the project, because it can still be useful to have their data)
  • Pre-have messages are only sent to peers that have sync capability for a particular namespace.

@gmaclennan gmaclennan self-assigned this Nov 27, 2023
@gmaclennan gmaclennan linked an issue Nov 27, 2023 that may be closed by this pull request
Avoid leaking core keys and pre-have messages to devices with the project key, but without project access #268
Open
6 tasks
Base automatically changed from fix/await-indexing to main November 28, 2023 12:54
@gmaclennan gmaclennan force-pushed the feat/core-ownership-capabilities-update-events branch 2 times, most recently from 20154f7 to 77aeeff Compare November 29, 2023 02:33
@gmaclennan gmaclennan force-pushed the feat/core-ownership-capabilities-update-events branch from 0b6362a to 0f4a0d6 Compare November 30, 2023 06:15
gmaclennan
gmaclennan commented Aug 8, 2024
View reviewed changes
src/core-manager/index.js
})
this.#projectExtension.send(message, peer)
/**
* Sends auth core keys to the given peer, skipping any keys that we know the
Copy link
Member Author

@gmaclennan gmaclennan Aug 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this skips any keys yet, which is fine, probably a perf optimization for later.

EvanHahn added a commit that referenced this pull request Aug 16, 2024
@EvanHahn @gmaclennan
chore: only write auth writer core once in CoreOwnership
977ef77 
We want to call a function once the auth writer core emits its `ready`
event. Using `once` lets us clean up the listener once it fires, rather
than leaving it around.

Extracted from [#390].

[#390]: #390

Co-Authored-By: Gregor MacLennan <gmaclennan@digital-democracy.org>
@EvanHahn EvanHahn mentioned this pull request Aug 16, 2024
Merged
EvanHahn added a commit that referenced this pull request Aug 23, 2024
@EvanHahn @gmaclennan
chore: only write auth writer core once in CoreOwnership (#755)
4e19cbc 
We want to call a function once the auth writer core emits its `ready`
event. Using `once` lets us clean up the listener once it fires, rather
than leaving it around.

Extracted from [#390].

[#390]: #390

Co-authored-by: Gregor MacLennan <gmaclennan@digital-democracy.org>
@RangerMauve
Copy link
Contributor

RangerMauve commented Jul 2, 2025

Is this issue still relevant?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@gmaclennan gmaclennan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Avoid leaking core keys and pre-have messages to devices with the project key, but without project access

2 participants

@gmaclennan @RangerMauve