Closed gabriel-vasile closed 2 years ago
Please attach the server-side and client-side logs.
user A:
tinode | 2022/03/29 07:57:34 ws: session started nWImM_nmdyg 172.21.0.1:45504 1
tinode | 2022/03/29 07:57:34 in: '{"hi":{"id":"101521","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='nWImM_nmdyg' uid=''
tinode | 2022/03/29 07:57:34 in: '{"login":{"id":"101522","scheme":"sch","secret":"secre<...>' sid='nWImM_nmdyg' uid=''
tinode | 2022/03/29 07:57:39 in: '{"sub":{"id":"101523","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode | 2022/03/29 07:57:39 in: '{"sub":{"id":"101524","topic":"grpglXHsm2f9tc","get":{"what":"sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode | 2022/03/29 07:57:41 in: '{"sub":{"id":"101525","topic":"fnd","get":{"what":"sub"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode | 2022/03/29 07:57:59 in: '{"leave":{"id":"101527","topic":"grpglXHsm2f9tc"}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode | 2022/03/29 07:57:59 in: '{"sub":{"id":"101528","topic":"new101526","set":{"desc":{"public":{"fn":"test sub with acc mode","note":"␡"}}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
user B:
tinode | 2022/03/29 08:00:09 ws: session started TCCIa40zvs8 172.21.0.1:45592 2
tinode | 2022/03/29 08:00:09 in: '{"hi":{"id":"112854","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='TCCIa40zvs8' uid=''
tinode | 2022/03/29 08:00:09 in: '{"login":{"id":"112855","scheme":"sch","secret":"secre<...>' sid='TCCIa40zvs8' uid=''
tinode | 2022/03/29 08:00:14 in: '{"sub":{"id":"112856","topic":"me","get":{"what":"sub desc data"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:14 in: '{"sub":{"id":"112857","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:14 in: '{"set":{"id":"112858","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics=grpglXHsm2f9tc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:14 in: '{"get":{"id":"112859","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:14 in: '{"leave":{"id":"112860","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:23 in: '{"sub":{"id":"112861","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:23 in: '{"set":{"id":"112862","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics="}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:23 in: '{"get":{"id":"112863","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:23 in: '{"leave":{"id":"112864","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:28 in: '{"sub":{"id":"112865","topic":"grphyQeaKeBSso","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode | 2022/03/29 08:00:28 topic[grphyQeaKeBSso] subscription failed subscription rejected due to permissions, sid=TCCIa40zvs8
Again, to reproduce, just sub to group and ask for any access mode other than the default access mode.
I cannot reproduce:
[02:29:49.021] out: {"sub":{"id":"102361","topic":"grpGOZmMsRbMWQ","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}
[02:29:49.035] in: {"ctrl":{"id":"102361","topic":"grpGOZmMsRbMWQ","params":{"acs":{"mode":"JRP","given":"JRWPS","want":"JRP"}},"code":200,"text":"ok","ts":"2022-03-31T02:29:49.022Z"}}
I suspect your previously subscribed to this topic.
asLvl is 0 here when user B subs:
You are probably using your own gRPC client.
I did some more tests and I'm not sure if i found another issue or it is the same. It seems to have something to do with gRPC plugins.
To reproduce the problem:
create a gRPC plugin which returns pbx.RespCode_REPLACE
and the original, unaltered client msg. As I understand from doc comments, this plugin should have no effect on the functionality of the server.
package dummy_plg
import (
"context"
"net"
"github.com/tinode/chat/pbx"
"google.golang.org/grpc"
)
func main() {
lis, err := net.Listen("tcp", ":40051")
if err != nil {
panic(err)
}
s := grpc.NewServer()
pbx.RegisterPluginServer(s, handler{})
if err := s.Serve(lis); err != nil {
panic(err)
}
}
type handler struct {
pbx.UnimplementedPluginServer
}
func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}
tinode.conf
"plugins": [
{
"enabled": true,
"name": "dummy_plg",
"timeout": 200000,
"filters": {
"fire_hose": "pub,sub,get,set"
},
"failure_code": 0,
"failure_text": null,
"service_addr": "tcp://localhost:40051"
}
],
expected: everything works as if the plugin was not there
got: tinode | 2022/04/01 09:58:56 s.dispatch: authentication required AsOyMHwbiMk
server logs:
tinode | 2022/04/01 10:06:37 ws: session started hag0AaSGAeE 172.27.0.1:52878 1
tinode | 2022/04/01 10:06:37 in: '{"hi":{"id":"116803","ver":"0.18.3","ua":"tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='hag0AaSGAeE' uid=''
tinode | 2022/04/01 10:06:37 in: '{"login":{"id":"116804","scheme":"basic","secret":"secret' sid='hag0AaSGAeE' uid=''
tinode | 2022/04/01 10:06:41 in: '{"sub":{"id":"116805","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='hag0AaSGAeE' uid='FfD0YCfLURI'
tinode | 2022/04/01 10:06:41 s.dispatch: authentication required hag0AaSGAeE
To fix the problem with authentication required
and get to the original reported problem subscription failed subscription rejected due to permissions
, inside plugin FireHose
method I can add this:
func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
if r.Msg.Extra == nil {
r.Msg.Extra = &pbx.ClientExtra{}
}
r.Msg.Extra.OnBehalfOf = r.Sess.UserId
return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}
I believe https://github.com/tinode/chat/commit/1fc9699c2c42c5f3c618f23e8f3f2a74fced0cb4 should fix it. Please verify.
Seems fixed, thanks.
to reproduce:
{"sub":{"id":"122019","topic":"grpglXHsm2f9tc","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}
expected: user B joins the group successfully and has access mode JRP got:
topic[grpglXHsm2f9tc] subscription failed subscription rejected due to permissions
asLvl
is 0 here when user B subs: https://github.com/tinode/chat/blob/65efc3eb2b2b3589217a4640863eb417136ad738/server/topic.go#L1363