Radish alpha
h
heartwood
rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5
Radicle Heartwood Protocol & Stack
Radicle
Git
Patches 9c6e0171
node: check policy before visibility
Merged fintohaps opened 1 year ago

In the is_authorized helper, the logic checks the policy and the visibility of the repository.

If the policy is set to block, the function can return before getting the repository and the identity document. This improves the check, since the repository and identity document may be missing if the repository is blocked, so it would return a different error other than the expected unauthorized error.

Activity Changes +6 -1
1 file changed +6 -1 1d57778f f244d89e
modified radicle-node/src/worker.rs
@@ -280,9 +280,14 @@ impl Worker {


    fn is_authorized(&self, remote: NodeId, rid: RepoId) -> Result<(), UploadError> {

        let policy = self.policies.seed_policy(&rid)?.policy;
+ 
        // Check policy first, since if we're blocking then we likely don't have
+ 
        // the repository.
+ 
        if policy.is_block() {
+ 
            return Err(UploadError::Unauthorized(remote, rid));
+ 
        }

        let repo = self.storage.repository(rid)?;

        let doc = repo.identity_doc()?;
- 
        if !doc.is_visible_to(&remote) || policy.is_block() {
+ 
        if !doc.is_visible_to(&remote) {

            Err(UploadError::Unauthorized(remote, rid))

        } else {

            Ok(())