• wishlist: tickfix restricted areas

    From Fernando Toledo@VERT to GitLab issue in main/sbbs on Sunday, December 01, 2024 20:41:26
    open https://gitlab.synchro.net/main/sbbs/-/issues/831

    ## First idea

    Tickfix needs a minimum of security for published areas.

    Currently all configured areas are available so that all links can connect through the "filefix@node" robot.

    The desired thing is that each link can see certain areas according to its permission

    My idea is that it is similar to the ECHOLIST that sbbsecho actualy handles

    Something very simple like a text file that lists the FileEcho TAG one per line

    ![image](https://gitlab.synchro.net/main/sbbs/uploads/8507d80dcfbc46e44e819e56213f15bf/image.png){width=628 height=515}

    Then in each link you can add the list of KEYS that it has permission to

    ![image](https://gitlab.synchro.net/main/sbbs/uploads/0f505bc7bec03074442ac0005ab71552/image.png){width=710 height=532}

    example sbbsecho.ini:

    ```
    ; fileechos definitions
    [filelist:/sbbs/fido/FILELIST.FIDOPUBLIC]
    Keys = FIDOPUBLIC

    [filelist:/sbbs/fido/FILELIST.FIDOZ4ADMINS]
    Keys = FIDOADMINS

    [filelist:/sbbs/fido/FILELIST.ZUDAKA]
    Keys = ZUDAKAFILES

    ;node examples:

    [node:4:902/26.10@fidonet]
    Name = Fido Point test
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC


    [node:4:902/30@fidonet]
    Name = some fido node sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC,FIDOADMINS

    [node:15:123/4@zudaka]
    Name = Zudaka node
    [...]
    Keys = ZDECHOS
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ZUDAKAFILES

    ```

    This prevents the problem of links not receiving file areas from any other networks, example:

    ![image](https://gitlab.synchro.net/main/sbbs/uploads/aa2b3844e24c8e536c33c6ef0a3f01e8/image.png){width=540 height=464}

    Also when a link asks for the list of areas, you can only see and connect to the ones you have available according to the new "FileKeys" option.

    ## alternative implementation

    sbbsecho should only store the FileKeys (multiple possible values) for each link (no filelist definition):

    ```
    [node:4:902/30@fidonet]
    Name = some fido node sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC,FIDOADMINS

    [node:4:902/10.123@fidonet]
    Name = some fido point
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC


    [node:4:902/666@fidonet]
    Name = some super power sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ALL_FILE_ECHOS

    [node:15:123/4@zudaka]
    Name = Zudaka node
    [...]
    Keys = ZDECHOS
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ZUDAKAFILES

    ```

    and inside tickit.ini for each area add a Keys option that can have an list of keys, for example:

    ```
    [Z4NODE]
    Dir=fidoz4node
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=4:902/26.3,4:930/1,4:902/26.17
    Keys=FIDOPUBLIC,ALL_FILE_ECHOS

    [Z4DAILY]
    Dir=fidoz4daily
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=4:902/26.3,2:280/464,4:930/1,4:902/26.17
    Keys=FIDOPUBLIC,ALL_FILE_ECHOS

    [ZSEGS]
    Dir=fidozsegs
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=1:/234/5, 2:345/6, 3:456/7
    Keys=FIDOADMINS,ALL_FILE_ECHOS

    [ZD_INFO]
    Dir=zd_info
    SourceAddress=15:1/1@zudaka
    Uploader=Ragnarok
    links=2:280/464,4:930/1
    Keys=ZUDAKAFILES,ALL_FILE_ECHOS

    [ZD_NODE]
    links=15:1/2,2:280/464,4:930/1
    Dir=zd_node
    SourceAddress=15:1/1@zudaka
    Uploader=Ragnarok
    ForceReplace=true
    Handler=tickit/nodelist_handler.js
    HandlerArg={"domain":"zudaka", "match":"zudaka.z*", "nlmatch":"zudaka.*"} Keys=ZUDAKAFILES,ALL_FILE_ECHOS
    ```

    The expected result would be the following:
    | Node | can view and connect to |
    | ------ | ------ |
    | 4:902/30 | Z4NODE,Z4DAILY,ZSEGS |
    | 4:902/10.123 | Z4NODE,Z4DAILY |
    | 4:902/666 | Z4NODE,Z4DAILY,ZSEGS, ZD_INFO, ZD_NODE |
    | 15:123/4 | ZD_INFO, ZD_NODE |

    I think this second option is more valid because the sbbsecho code would be minimally touched (just handling a new key/value per link) and nothing more

    The rest of the logic would be implemented on tickfix according to the FileKeys of the link:
    1) the return of the possible list of areas is restricted
    2) verification to add an area to the link, that you have permissions to do so.

    Saludos!

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net