Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to blacklist certain keys #38

Open
awlx opened this issue Apr 29, 2021 · 4 comments
Open

Add ability to blacklist certain keys #38

awlx opened this issue Apr 29, 2021 · 4 comments

Comments

@awlx
Copy link
Member

awlx commented Apr 29, 2021

Add a (temporary) blacklist feature to the daemon. This is needed in case some abusive client wants to connect. Then we just reject the Wireguard key and don't send it to MQTT.

@rucarrol-goog
Copy link
Contributor

  • How do you want to identify the client (name? key?)?
  • Where do you want to block them? In the flask app?
  • Should the config be runtime, or hard coded into the config file (or both?) ?

I'm guessing easiest thing to do is create a new API for an in-memory list of keys/clients you want to block, and check this list before calling MQTT: https://github.com/freifunkMUC/wgkex/blob/main/wgkex/broker/app.py#L77

@awlx
Copy link
Member Author

awlx commented Sep 16, 2021

My idea was to read a blacklist.yaml from the broker and reject all keys which are in there. So those aren't even sent to MQTT, as you said :).

It would be cool if the file is occassionally checked for changes and reloaded to memory. But also just a static file which is read on start of the broker is fine.

My prefered format would be:

- Key1
  reason: "Abuse"
- Key2

But reason is optional and we put this in the answer to the client.

@rucarrol-goog
Copy link
Contributor

Then I think solving this first is the correct thing to do: #39

@rucarrol-goog
Copy link
Contributor

I created a first draft to block keys on the client side in #76 .

I'll go about looking at trying to get keys back out of the worker to the broker so we avoid duplication.

@GoliathLabs GoliathLabs added this to NOC Jul 26, 2023
@DasSkelett DasSkelett moved this to Todo in NOC Feb 14, 2024
@DasSkelett DasSkelett removed the status in NOC Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: No status
Development

No branches or pull requests

2 participants