Skip to content

Commit

Permalink
rejects client messages if client not in session
Browse files Browse the repository at this point in the history 
updates the multisig broker server to reject data submissions from clients that
haven't joined the session

does not return session status if client not in session

sends an error message for 'NON_SESSION_CLIENT'

consolidates session validation logic to reduce repeated code
  • Loading branch information
@hughy
hughy committed Oct 18, 2024
1 parent e9bec69 commit bc233b0
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 86 deletions.
1 change: 1 addition & 0 deletions ironfish-cli/src/multisigBroker/errors.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ export const MultisigBrokerErrorCodes = {
INVALID_DKG_SESSION_ID: 3,
INVALID_SIGNING_SESSION_ID: 4,
IDENTITY_NOT_ALLOWED: 5,
NON_SESSION_CLIENT: 6,
}

export class MessageMalformedError extends Error {
Expand Down
147 changes: 61 additions & 86 deletions ironfish-cli/src/multisigBroker/server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -603,24 +603,8 @@ export class MultisigServer {
return
}

const session = this.sessions.get(message.sessionId)
const session = this.validateDkgMessageSession(client, message)
if (!session) {
this.sendErrorMessage(
client,
message.id,
`Session not found: ${message.sessionId}`,
MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND,
)
return
}

if (!isDkgSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a dkg session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID,
)
return
}

Expand All @@ -646,24 +630,8 @@ export class MultisigServer {
return
}

const session = this.sessions.get(message.sessionId)
const session = this.validateDkgMessageSession(client, message)
if (!session) {
this.sendErrorMessage(
client,
message.id,
`Session not found: ${message.sessionId}`,
MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND,
)
return
}

if (!isDkgSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a dkg session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID,
)
return
}

Expand All @@ -689,24 +657,8 @@ export class MultisigServer {
return
}

const session = this.sessions.get(message.sessionId)
const session = this.validateDkgMessageSession(client, message)
if (!session) {
this.sendErrorMessage(
client,
message.id,
`Session not found: ${message.sessionId}`,
MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND,
)
return
}

if (!isDkgSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a dkg session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID,
)
return
}

Expand All @@ -723,24 +675,8 @@ export class MultisigServer {
return
}

const session = this.sessions.get(message.sessionId)
const session = this.validateSigningMessageSession(client, message)
if (!session) {
this.sendErrorMessage(
client,
message.id,
`Session not found: ${message.sessionId}`,
MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND,
)
return
}

if (!isSigningSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a signing session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_SIGNING_SESSION_ID,
)
return
}

Expand All @@ -766,24 +702,8 @@ export class MultisigServer {
return
}

const session = this.sessions.get(message.sessionId)
const session = this.validateSigningMessageSession(client, message)
if (!session) {
this.sendErrorMessage(
client,
message.id,
`Session not found: ${message.sessionId}`,
MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND,
)
return
}

if (!isSigningSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a signing session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_SIGNING_SESSION_ID,
)
return
}

Expand All @@ -809,6 +729,18 @@ export class MultisigServer {
return
}

const session = this.validateSigningMessageSession(client, message)
if (!session) {
return
}

this.send(client.socket, 'sign.status', message.sessionId, session.status)
}

validateMessageSession(
client: MultisigServerClient,
message: MultisigBrokerMessage,
): MultisigSession | undefined {
const session = this.sessions.get(message.sessionId)
if (!session) {
this.sendErrorMessage(
Expand All @@ -820,6 +752,49 @@ export class MultisigServer {
return
}

if (!session.clientIds.has(client.id)) {
this.sendErrorMessage(
client,
message.id,
`Client is not a member of session ${message.sessionId}`,
MultisigBrokerErrorCodes.NON_SESSION_CLIENT,
)
return
}

return session
}

validateDkgMessageSession(
client: MultisigServerClient,
message: MultisigBrokerMessage,
): DkgSession | undefined {
const session = this.validateMessageSession(client, message)
if (!session) {
return
}

if (!isDkgSession(session)) {
this.sendErrorMessage(
client,
message.id,
`Session is not a dkg session: ${message.sessionId}`,
MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID,
)
return
}
return session
}

validateSigningMessageSession(
client: MultisigServerClient,
message: MultisigBrokerMessage,
): SigningSession | undefined {
const session = this.validateMessageSession(client, message)
if (!session) {
return
}

if (!isSigningSession(session)) {
this.sendErrorMessage(
client,
Expand All @@ -830,7 +805,7 @@ export class MultisigServer {
return
}

this.send(client.socket, 'sign.status', message.sessionId, session.status)
return session
}
}

Expand Down

0 comments on commit bc233b0

Please sign in to comment.