fix acl relay issue#127
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the relay Access Control List (ACL) in cmd/sam-hub/main.go to check the destination peer's authentication status instead of the source peer's, and introduces new unit tests in cmd/sam-hub/relay_acl_test.go. The feedback highlights a security concern where checking only the destination peer allows unauthenticated source peers to connect, bypassing security controls. It is recommended to require authentication for both the source and destination peers, and to update the unit tests to reflect this dual-authentication requirement.
|
|
||
| func (a *relayACL) AllowConnect(src peer.ID, srcAddr multiaddr.Multiaddr, dest peer.ID) bool { | ||
| _, ok := a.hub.authenticatedPeers.Load(src) | ||
| _, ok := a.hub.authenticatedPeers.Load(dest) |
There was a problem hiding this comment.
Checking only the destination (dest) peer for authentication allows any unauthenticated peer (src) to connect to authenticated peers via the relay. This bypasses the hub's authentication and authorization controls for the initiating peer. To maintain a secure, zero-trust mesh, the relay should verify that both the source and destination peers are authenticated.
_, srcOk := a.hub.authenticatedPeers.Load(src)
_, destOk := a.hub.authenticatedPeers.Load(dest)
ok := srcOk && destOk| // Dest is authenticated, src is not -> should succeed | ||
| hub.authenticatedPeers.Delete(srcPeer) | ||
| hub.authenticatedPeers.Store(destPeer, true) | ||
| if !acl.AllowConnect(srcPeer, srcAddr, destPeer) { | ||
| t.Errorf("Expected AllowConnect to return true when dest is authenticated") | ||
| } |
There was a problem hiding this comment.
Update the test assertions to verify that connections are only allowed when both the source and destination peers are authenticated.
| // Dest is authenticated, src is not -> should succeed | |
| hub.authenticatedPeers.Delete(srcPeer) | |
| hub.authenticatedPeers.Store(destPeer, true) | |
| if !acl.AllowConnect(srcPeer, srcAddr, destPeer) { | |
| t.Errorf("Expected AllowConnect to return true when dest is authenticated") | |
| } | |
| // Dest is authenticated, src is not -> should fail | |
| hub.authenticatedPeers.Delete(srcPeer) | |
| hub.authenticatedPeers.Store(destPeer, true) | |
| if acl.AllowConnect(srcPeer, srcAddr, destPeer) { | |
| t.Errorf("Expected AllowConnect to return false when src is not authenticated, even if dest is") | |
| } | |
| // Both are authenticated -> should succeed | |
| hub.authenticatedPeers.Store(srcPeer, true) | |
| if !acl.AllowConnect(srcPeer, srcAddr, destPeer) { | |
| t.Errorf("Expected AllowConnect to return true when both src and dest are authenticated") | |
| } |
1 participant
No description provided.