Giter VIP home page Giter VIP logo

Comments (2)

wunter8 avatar wunter8 commented on June 10, 2024

The docs recommend that people create an access rule that allows anonymous writes to "up*" topics, so that you can use the matrix gateway and other UnifiedPush services, while still having auth-default-access: deny-all

from ntfy.

aerusso avatar aerusso commented on June 10, 2024

Now that I'm thinking more, it would probably be best to create some token that is unique to the UP topic and subscribing user, and pass that as the authentication token (instead of one specific to only the user). Then, at topic write-time, the service can check to see if the user is still subscribed to the UP topic, and deny/allow based on that. This would naturally expire stale authorizations.

This would require changes to both the authorization pathway in the go server, and proper calculation of those credentials:

  1. A new service provided to authenticated users that returns an encoding of (a) their username and (b) the hash of (their username, a server-wide secret string, and the UP topic name).
  2. The mobile apps should, at UP subscribe time, query the server for this token, appropriately embed it in the UP subscriber URL, and then pass it to the client app.
  3. The authentication chain in the server should check for this kind of token in URLs, and (a) confirm the hashes match, and (b) confirm the user is actually subscribed to the named topic.

Then, anyone with that secret token will be able to post to that topic name as long as the user is subscribed to it. Only constant additional state is required to be tracked by any parties. Similarly, only constant time is required to validate this. Unsubscribing and resubscribing the service will generate a new UP topic name, making the old token worthless (unless the up topic name happens to be reused by the same username, which is unlikely). As long as the server is updated to provide (1) and (3) first (which can be done without breaking backwards-compatibility), clients can gradually roll out support for (2), gracefully improving service. We could simultaneously change the up prefix at this point, and keep the unconditional write-access to that for a while until everyone has transitioned.

Would patches that implement this be welcome? (Unfortunately, it would be a while before I could get to this. In particular I am probably going to try to debug #1035 first)

from ntfy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.