Reset NoKeys when keys are added

2025-10-15 04:20:57 +08:00 · 2024-01-06 21:29:53 +03:00
parent 5668b759e5
commit db344c9469
2 changed files with 13 additions and 6 deletions
--- a/src/modules/acl/acl.go
+++ b/src/modules/acl/acl.go
@@ -341,7 +341,12 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
 		return nil
 	}
-	// 7. Check if keys are in IncludedKeys
+	// 7. Check if nokeys is true
 	if connection.User.NoKeys {
 		return errors.New("not authorised to access any keys")
 	}
 	// 8. Check if keys are in IncludedKeys
 	if len(keys) > 0 && !slices.ContainsFunc(keys, func(key string) bool {
 		return slices.ContainsFunc(connection.User.IncludedKeys, func(includedKeyGlob string) bool {
 			if acl.GlobPatterns[includedKeyGlob].Match(key) {
@@ -354,7 +359,7 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
 		return fmt.Errorf("not authorised to access the following keys %+v", notAllowed)
 	}
-	// 8. If @read is in the list of categories, check if keys are in IncludedReadKeys
+	// 9. If @read is in the list of categories, check if keys are in IncludedReadKeys
 	if len(keys) > 0 && slices.Contains(categories, utils.ReadCategory) && !slices.ContainsFunc(keys, func(key string) bool {
 		return slices.ContainsFunc(connection.User.IncludedReadKeys, func(readKeyGlob string) bool {
 			if acl.GlobPatterns[readKeyGlob].Match(key) {
@@ -367,7 +372,7 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
 		return fmt.Errorf("not authorised to access the following keys %+v", notAllowed)
 	}
-	// 9. If @write is in the list of categories, check if keys are in IncludedWriteKeys
+	// 10. If @write is in the list of categories, check if keys are in IncludedWriteKeys
 	if len(keys) > 0 && slices.Contains(categories, utils.WriteCategory) && !slices.ContainsFunc(keys, func(key string) bool {
 		return slices.ContainsFunc(connection.User.IncludedWriteKeys, func(writeKeyGlob string) bool {
 			if acl.GlobPatterns[writeKeyGlob].Match(key) {
@@ -403,10 +408,7 @@ func (acl *ACL) CompileGlobs() {
 	// Compile the globs that have not been compiled yet
 	for _, g := range allGlobs {
 		if acl.GlobPatterns[g] == nil {
 			fmt.Println("COMPILING GLOB ", g)
 			acl.GlobPatterns[g] = glob.MustCompile(g)
 		} else {
 			fmt.Println("GLOB ", g, "ALREADY COMPILED, SKIPPING...")
 		}
 	}
 }
--- a/src/modules/acl/user.go
+++ b/src/modules/acl/user.go
@@ -152,22 +152,27 @@ func (user *User) UpdateUser(cmd []string) error {
 			user.IncludedKeys = []string{"*"}
 			user.IncludedReadKeys = []string{"*"}
 			user.IncludedWriteKeys = []string{"*"}
 			user.NoKeys = false
 			continue
 		}
 		if len(str) > 1 && str[0] == '~' {
 			user.IncludedKeys = append(user.IncludedKeys, str[1:])
 			user.NoKeys = false
 			continue
 		}
 		if len(str) > 4 && strings.EqualFold(str[0:4], "%RW~") {
 			user.IncludedKeys = append(user.IncludedKeys, str[4:])
 			user.NoKeys = false
 			continue
 		}
 		if len(str) > 3 && strings.EqualFold(str[0:3], "%R~") {
 			user.IncludedReadKeys = append(user.IncludedReadKeys, str[3:])
 			user.NoKeys = false
 			continue
 		}
 		if len(str) > 3 && strings.EqualFold(str[0:3], "%W~") {
 			user.IncludedWriteKeys = append(user.IncludedWriteKeys, str[3:])
 			user.NoKeys = false
 			continue
 		}
 		// Parse channels