Allow access for public topics

picosh · Nov 20, 2024 · c9d7ac3 · c9d7ac3
1 parent 48dfb5b
commit c9d7ac3
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 21 deletions.
diff --git a/pipe/api.go b/pipe/api.go
@@ -20,7 +20,7 @@ import (
 )
 
 var (
-	cleanRegex = regexp.MustCompile(`[^0-9a-zA-Z,]`)
+	cleanRegex = regexp.MustCompile(`[^0-9a-zA-Z,/]`)
 	sshClient  *pipe.Client
 )
 
@@ -90,7 +90,7 @@ func handleSub(pubsub bool) http.HandlerFunc {
 			params += " -k"
 		}
 
-		id := uuid.New().String()
+		id := uuid.NewString()
 
 		p, err := sshClient.AddSession(id, fmt.Sprintf("sub %s %s", params, topic), 0, -1, -1)
 		if err != nil {
@@ -141,9 +141,6 @@ func handlePub(pubsub bool) http.HandlerFunc {
 			logger.Info("adding access list", "topic", topic, "info", clientInfo, "access", accessList)
 			cleanList := cleanRegex.ReplaceAllString(accessList, "")
 			params += fmt.Sprintf(" -a=%s", cleanList)
-			params = params[3:]
-
-			topic = fmt.Sprintf("web-%s", topic)
 		}
 
 		var wg sync.WaitGroup
@@ -163,7 +160,7 @@ func handlePub(pubsub bool) http.HandlerFunc {
 			params += " -e"
 		}
 
-		id := uuid.New().String()
+		id := uuid.NewString()
 
 		p, err := sshClient.AddSession(id, fmt.Sprintf("pub %s %s", params, topic), 0, -1, -1)
 		if err != nil {

diff --git a/pipe/cli.go b/pipe/cli.go
@@ -364,12 +364,13 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					if *public {
 						name = toPublicTopic(topic)
 						msgFlag = "-p "
+						withoutUser = name
 					} else {
 						withoutUser = topic
 					}
 				}
 
-				if len(accessList) > 0 && !*public {
+				if len(accessList) > 0 {
 					_, loaded := handler.Access.LoadOrStore(name, accessList)
 					if !loaded {
 						defer func() {
@@ -378,6 +379,17 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					}
 				}
 
+				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && ok {
+					if checkAccess(accessList, userName, sesh) {
+						name = withoutUser
+					} else if !*public {
+						name = toTopic(userName, withoutUser)
+					} else {
+						topic = uuid.NewString()
+						name = toPublicTopic(topic)
+					}
+				}
+
 				if !*clean {
 					wish.Printf(
 						sesh,
@@ -388,12 +400,6 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					)
 				}
 
-				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && !*public && ok {
-					if checkAccess(accessList, userName, sesh) {
-						name = withoutUser
-					}
-				}
-
 				var pubCtx context.Context = pipeCtx
 
 				if *block {
@@ -546,14 +552,20 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					name = toTopic(userName, topic)
 					if *public {
 						name = toPublicTopic(topic)
+						withoutUser = name
 					} else {
 						withoutUser = topic
 					}
 				}
 
-				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && !*public && ok {
+				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && ok {
 					if checkAccess(accessList, userName, sesh) {
 						name = withoutUser
+					} else if !*public {
+						name = toTopic(userName, withoutUser)
+					} else {
+						wish.Errorln(sesh, "access denied")
+						return
 					}
 				}
 
@@ -617,12 +629,13 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					if *public {
 						name = toPublicTopic(topic)
 						flagMsg = "-p "
+						withoutUser = name
 					} else {
 						withoutUser = topic
 					}
 				}
 
-				if len(accessList) > 0 && !*public {
+				if len(accessList) > 0 {
 					_, loaded := handler.Access.LoadOrStore(name, accessList)
 					if !loaded {
 						defer func() {
@@ -631,6 +644,17 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					}
 				}
 
+				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && ok {
+					if checkAccess(accessList, userName, sesh) {
+						name = withoutUser
+					} else if !*public {
+						name = toTopic(userName, withoutUser)
+					} else {
+						topic = uuid.NewString()
+						name = toPublicTopic(topic)
+					}
+				}
+
 				if isCreator && !*clean {
 					wish.Printf(
 						sesh,
@@ -641,12 +665,6 @@ func WishMiddleware(handler *CliHandler) wish.Middleware {
 					)
 				}
 
-				if accessList, ok := handler.Access.Load(withoutUser); !isAdmin && !*public && ok {
-					if checkAccess(accessList, userName, sesh) {
-						name = withoutUser
-					}
-				}
-
 				readErr, writeErr := pubsub.Pipe(
 					pipeCtx,
 					clientID,