secret-stack
secret-stack copied to clipboard
ssbc
permissions -- docs and test
Hi. I looked at all the tests and I couldn't find an example of permissions that use something aside from { anonymous: { allow: [ 'myMethod' ] } }.
How would you set permissions for who can call which method? From what I understand, the purpose of this module is to authenticate rpc connections. What do you learn about the caller after they have connected?
Thank you for the pointer, but the muxrpc readme -- https://github.com/ssb-js/muxrpc#permissions -- has made things more complicated for me… it shows a helper function that takes an object like
var perms = Perms({allow: ['auth']})
And the tests in this repo show
permissions: {
anonymous: { allow: ['hello'], deny: null }
},
What shape is the permissions argument to secret-stack supposed to be? is the 'anonymous' key special in the passed in object?
Part of this issue is that the permissions in muxrpc should be documented better also.
Starting to answer my own questions — 'anonymous' is a special key -- see here in the code:
https://github.com/ssb-js/secret-stack/blob/76d1432ac2db60ac14fa986eed84910dacd45ea6/src/core.ts#L239
unraveling the secret-stack
The connect function calls setupRPC, which calls Muxrpc with isClient set to true. So whichever secret-stack calls connect on an address is the client, and if we look here — https://github.com/ssb-js/secret-stack/blob/76d1432ac2db60ac14fa986eed84910dacd45ea6/src/core.ts#L233
you can see the permissions uses anonymous
const rpc = Muxrpc(
manifest,
manf ?? manifest,
api,
_id,
isClient
? permissions.anonymous
: isPermissions(stream.auth)
? stream.auth
: permissions.anonymous,
false
)
and the permissions object is passed into the function init. So a client starts with anonymous permissions. Then it must upgrade somehow?