From bc233b02cf8888ab6fbc56e5beeb711d338c8ba5 Mon Sep 17 00:00:00 2001 From: Hugh Cunningham Date: Fri, 18 Oct 2024 15:54:41 -0700 Subject: [PATCH] rejects client messages if client not in session updates the multisig broker server to reject data submissions from clients that haven't joined the session does not return session status if client not in session sends an error message for 'NON_SESSION_CLIENT' consolidates session validation logic to reduce repeated code --- ironfish-cli/src/multisigBroker/errors.ts | 1 + ironfish-cli/src/multisigBroker/server.ts | 147 +++++++++------------- 2 files changed, 62 insertions(+), 86 deletions(-) diff --git a/ironfish-cli/src/multisigBroker/errors.ts b/ironfish-cli/src/multisigBroker/errors.ts index dfddc508cf..97c433b474 100644 --- a/ironfish-cli/src/multisigBroker/errors.ts +++ b/ironfish-cli/src/multisigBroker/errors.ts @@ -10,6 +10,7 @@ export const MultisigBrokerErrorCodes = { INVALID_DKG_SESSION_ID: 3, INVALID_SIGNING_SESSION_ID: 4, IDENTITY_NOT_ALLOWED: 5, + NON_SESSION_CLIENT: 6, } export class MessageMalformedError extends Error { diff --git a/ironfish-cli/src/multisigBroker/server.ts b/ironfish-cli/src/multisigBroker/server.ts index adf2970870..d5fdb00dc7 100644 --- a/ironfish-cli/src/multisigBroker/server.ts +++ b/ironfish-cli/src/multisigBroker/server.ts @@ -603,24 +603,8 @@ export class MultisigServer { return } - const session = this.sessions.get(message.sessionId) + const session = this.validateDkgMessageSession(client, message) if (!session) { - this.sendErrorMessage( - client, - message.id, - `Session not found: ${message.sessionId}`, - MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND, - ) - return - } - - if (!isDkgSession(session)) { - this.sendErrorMessage( - client, - message.id, - `Session is not a dkg session: ${message.sessionId}`, - MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID, - ) return } @@ -646,24 +630,8 @@ export class MultisigServer { return } - const session = this.sessions.get(message.sessionId) + const session = this.validateDkgMessageSession(client, message) if (!session) { - this.sendErrorMessage( - client, - message.id, - `Session not found: ${message.sessionId}`, - MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND, - ) - return - } - - if (!isDkgSession(session)) { - this.sendErrorMessage( - client, - message.id, - `Session is not a dkg session: ${message.sessionId}`, - MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID, - ) return } @@ -689,24 +657,8 @@ export class MultisigServer { return } - const session = this.sessions.get(message.sessionId) + const session = this.validateDkgMessageSession(client, message) if (!session) { - this.sendErrorMessage( - client, - message.id, - `Session not found: ${message.sessionId}`, - MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND, - ) - return - } - - if (!isDkgSession(session)) { - this.sendErrorMessage( - client, - message.id, - `Session is not a dkg session: ${message.sessionId}`, - MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID, - ) return } @@ -723,24 +675,8 @@ export class MultisigServer { return } - const session = this.sessions.get(message.sessionId) + const session = this.validateSigningMessageSession(client, message) if (!session) { - this.sendErrorMessage( - client, - message.id, - `Session not found: ${message.sessionId}`, - MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND, - ) - return - } - - if (!isSigningSession(session)) { - this.sendErrorMessage( - client, - message.id, - `Session is not a signing session: ${message.sessionId}`, - MultisigBrokerErrorCodes.INVALID_SIGNING_SESSION_ID, - ) return } @@ -766,24 +702,8 @@ export class MultisigServer { return } - const session = this.sessions.get(message.sessionId) + const session = this.validateSigningMessageSession(client, message) if (!session) { - this.sendErrorMessage( - client, - message.id, - `Session not found: ${message.sessionId}`, - MultisigBrokerErrorCodes.SESSION_ID_NOT_FOUND, - ) - return - } - - if (!isSigningSession(session)) { - this.sendErrorMessage( - client, - message.id, - `Session is not a signing session: ${message.sessionId}`, - MultisigBrokerErrorCodes.INVALID_SIGNING_SESSION_ID, - ) return } @@ -809,6 +729,18 @@ export class MultisigServer { return } + const session = this.validateSigningMessageSession(client, message) + if (!session) { + return + } + + this.send(client.socket, 'sign.status', message.sessionId, session.status) + } + + validateMessageSession( + client: MultisigServerClient, + message: MultisigBrokerMessage, + ): MultisigSession | undefined { const session = this.sessions.get(message.sessionId) if (!session) { this.sendErrorMessage( @@ -820,6 +752,49 @@ export class MultisigServer { return } + if (!session.clientIds.has(client.id)) { + this.sendErrorMessage( + client, + message.id, + `Client is not a member of session ${message.sessionId}`, + MultisigBrokerErrorCodes.NON_SESSION_CLIENT, + ) + return + } + + return session + } + + validateDkgMessageSession( + client: MultisigServerClient, + message: MultisigBrokerMessage, + ): DkgSession | undefined { + const session = this.validateMessageSession(client, message) + if (!session) { + return + } + + if (!isDkgSession(session)) { + this.sendErrorMessage( + client, + message.id, + `Session is not a dkg session: ${message.sessionId}`, + MultisigBrokerErrorCodes.INVALID_DKG_SESSION_ID, + ) + return + } + return session + } + + validateSigningMessageSession( + client: MultisigServerClient, + message: MultisigBrokerMessage, + ): SigningSession | undefined { + const session = this.validateMessageSession(client, message) + if (!session) { + return + } + if (!isSigningSession(session)) { this.sendErrorMessage( client, @@ -830,7 +805,7 @@ export class MultisigServer { return } - this.send(client.socket, 'sign.status', message.sessionId, session.status) + return session } }