feat: verify sigs and ref canAppend

3box · May 24, 2019 · e09d8a4 · e09d8a4
1 parent acc2337
commit e09d8a4
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 17 deletions.
diff --git a/src/access/moderator-access.js b/src/access/moderator-access.js
@@ -32,10 +32,9 @@ class ModeratorAccessController {
     const isMod = this.isMod(entryID)
     const noMods = this._write.includes('*')
     const validCapability = isValidCapability(capability)
+    const validSig = () => identityProvider.verifyIdentity(entry.identity)
 
-    // TODO need to still validate sigs with identity provider, extend from other, or implement here
-
-    if ((noMods || isMod) && validCapability) {
+    if ((noMods || isMod) && validCapability && validSig()) {
       if (capability === this._capabilityType.moderator) this._write.push(modAddId)
       return true
     }

diff --git a/src/access/thread-open-mod-access.js b/src/access/thread-open-mod-access.js
@@ -28,32 +28,33 @@ class ThreadAccessController {
   }
 
   async canAppend (entry, identityProvider) {
+    const trueIfValidSig = () => identityProvider.verifyIdentity(entry.identity)
+
     const op = entry.payload.op
     const mods = this.capabilities['mod']
-    const member = this.capabilities['member']
-
-    // TODO still need to verify sig with identity provider
+    const members = this.capabilities['member']
+    const isMod = members.includes(entry.identity.id)
+    const isMember = members.includes(entry.identity.id)
 
     if (op === 'ADD') {
       // Anyone can add entry if open thread
-      if (!this._members) { return true }
+      if (!this._members) return trueIfValidSig()
       // Not open thread, any member or mod can add to thread
-      if (members.includes(entry.identity.id)) { return true }
-      if (mods.includes(entry.identity.id)) { return true }
+      if (isMember || isMod) return trueIfValidSig()
     }
 
     if (op === 'DEL') {
       const hash = entry.payload.value
       const delEntry = await entryIPFS.fromMultihash(this._ipfs, hash)
 
       // An id can delete their own entries
-      if (delEntry.identity.id === entry.identity.id) { return true }
+      if (delEntry.identity.id === entry.identity.id) return trueIfValidSig()
 
       // Mods can't delete other mods entries
-      if (mods.includes(delEntry.identity.id)) { return false }
+      if (mods.includes(delEntry.identity.id)) return false
 
       // Mods can delete any other entries
-      if (mods.includes(entry.identity.id)) { return true }
+      if (isMod) return trueIfValidSig()
     }
 
     return false

diff --git a/src/space.js b/src/space.js
@@ -56,7 +56,8 @@ class Space {
    *
    * @param     {String}    name                    The name of the thread
    * @param     {Object}    opts                    Optional parameters
-   * @param     {Object}    opts.membersOnly        join a members only thread, which only members can post in
+   * @param     {Boolean}   opts.membersOnly        join a members only thread, which only members can post in
+   * @param     {String}    opts.rootMod            the rootMod, known as first moderator of a thread, by default user is moderator
    * @param     {Boolean}   opts.noAutoSub          Disable auto subscription to the thread when posting to it (default false)
    *
    * @return    {Thread}                            An instance of the thread class for the joined thread
@@ -65,7 +66,7 @@ class Space {
     console.warn('WARNING: Threads are still experimental, we recommend not relying on this feature for produciton yet.')
     if (this._activeThreads[name]) return this._activeThreads[name]
     const subscribeFn = opts.noAutoSub ? () => {} : this.subscribeThread.bind(this, name)
-    const thread = new Thread(this._orbitdb, namesTothreadName(this._name, name), this._3id, opts.membersOnly, subscribeFn, this._ensureConnected)
+    const thread = new Thread(this._orbitdb, namesTothreadName(this._name, name), this._3id, opts.membersOnly, opts.rootMod, subscribeFn, this._ensureConnected)
     await thread._load()
     this._activeThreads[name] = thread
     return thread

diff --git a/src/thread.js b/src/thread.js
@@ -2,14 +2,15 @@ class Thread {
   /**
    * Please use **space.joinThread** to get the instance of this class
    */
-  constructor (orbitdb, name, threeId, membersOnly, subscribe, ensureConnected) {
+  constructor (orbitdb, name, threeId, membersOnly, rootMod, subscribe, ensureConnected) {
     this._orbitdb = orbitdb
     this._name = name
     this._3id = threeId
     this._subscribe = subscribe
     this._ensureConnected = ensureConnected
     this._queuedNewPosts = []
     this._membersOnly = membersOnly
+    this._rootMod = rootMod || this._3id.getDid()
   }
 
   /**
@@ -145,8 +146,9 @@ class Thread {
       identity,
       accessController: {
         type: 'thread-access',
-        address: this._name,
-        members: this.membersOnly
+        threadName: this._name,
+        members: this.membersOnly,
+        rootMod: this.rootMod
       }
     })
     await this._db.load()