diff --git a/TODO.md b/TODO.md index cb95de2..1690679 100644 --- a/TODO.md +++ b/TODO.md @@ -5,3 +5,13 @@ ## tailfile Replace the hpcloud/tail with + +## BUG configuration + +bool flags with default value set to "false" becomes "true" if false is set. + +## Logging + +Remove these error logs: + +`level=WARN msg="Thu Jan 9 12:14:24 2025, node: btdev1, error: readFolder: failed to open readFile from readFolder: open readfolder/msg2.yaml: no such file or directory\n"` diff --git a/errorkernel.go b/errorkernel.go index 51fc435..93b2b77 100644 --- a/errorkernel.go +++ b/errorkernel.go @@ -283,6 +283,7 @@ func (e *errorKernel) infoSend(proc process, msg Message, err error) { func (e *errorKernel) logError(err error) { if e.configuration.LogLevel == string(logError) { + fmt.Printf(" ,,,,,,,,,,,,,,,,,,,,,,,,, LOGGING ERROR: %v\n", err) slog.Error("error", err) } } diff --git a/node_auth.go b/node_auth.go index 48817ce..ef18ce8 100644 --- a/node_auth.go +++ b/node_auth.go @@ -405,8 +405,9 @@ func (n *nodeAuth) verifySignature(m Message) bool { FileAppend: {}, } - // If the method is not found in the map, we return that the signature - // was verified to true to allow the method to be executed. + // We only want to signature checking on the methods found + // in the map, we return that the signature was verified + // to true to allow the method to be executed. if _, ok := signatureCheckMap[m.Method]; !ok { er := fmt.Errorf("verifySignature: will not do signature check for method: %v", m.Method) n.errorKernel.logInfo(er) @@ -418,15 +419,22 @@ func (n *nodeAuth) verifySignature(m Message) bool { var ok bool err := func() error { + fmt.Printf(" ********************* DEBUG1 BEFORE LOCK: %v\n", m.Method) n.publicKeys.mu.Lock() + defer n.publicKeys.mu.Unlock() + fmt.Printf(" ********************* DEBUG2 LOCK: %v\n", m.Method) + pubKey := n.publicKeys.keysAndHash.Keys[m.FromNode] if len(pubKey) != 32 { err := fmt.Errorf("length of publicKey not equal to 32: %v", len(pubKey)) + fmt.Printf(" ********************* DEBUG3 LOCK: %v, ERROR: %v\n", m.Method, err) return err } + fmt.Printf(" ********************* DEBUG4 LOCK: %v\n", m.Method) + ok = ed25519.Verify(pubKey, []byte(argsStringified), m.ArgSignature) - n.publicKeys.mu.Unlock() + fmt.Printf(" ********************* DEBUG AFTER LOCK: %v\n", m.Method) return nil }() diff --git a/process.go b/process.go index ee4b23e..ba41803 100644 --- a/process.go +++ b/process.go @@ -490,20 +490,29 @@ func (p process) callHandler(message Message, thisNode string) { // Call the handler if ACL/signature checking returns true. go func() { conf := p.nodeAuth.configuration - doHandler := false var er error + fmt.Printf("*** --- DEBUG: from: %v, method: %v, EnableSignatureCheck=%v, EnableAclCheck=%v\n", message.FromNode, message.Method, conf.EnableSignatureCheck, conf.EnableAclCheck) + switch { // If no checking enabled we should just allow the message. case !conf.EnableSignatureCheck && !conf.EnableAclCheck: - doHandler = true + fmt.Printf(" *** DEBUG: NO CHECK OF SIG OR ACL FLAG ENABLED, EXECUTING HANDLER: %v\n", message.Method) + executeHandler(p, message, thisNode) + return // If only sig check enabled, and sig OK, we should allow the message. case conf.EnableSignatureCheck && !conf.EnableAclCheck: + fmt.Printf("--------------------DEBUG1-----------------------: %v\n", message.Method) sigOK := p.nodeAuth.verifySignature(message) + fmt.Printf("--------------------DEBUG2-----------------------: %v\n", message.Method) + fmt.Printf(" *** DEBUG: CHECK SIG TRUE: %v\n", message.Method) if sigOK { - doHandler = true + fmt.Printf(" *** DEBUG: CHECK SIG TRUE EVALUATED TO TRUE, EXECUTING HANDLER: %v\n", message.Method) + executeHandler(p, message, thisNode) + return } + fmt.Printf(" *** DEBUG: CHECK SIG TRUE EVALUATED TO FALSE: %v\n", message.Method) er = fmt.Errorf("callHandler: Only signature checking enabled, sigOK=%v, method %v", sigOK, message.Method) @@ -511,27 +520,27 @@ func (p process) callHandler(message Message, thisNode string) { case conf.EnableSignatureCheck && conf.EnableAclCheck: sigOK := p.nodeAuth.verifySignature(message) aclOK := p.nodeAuth.verifyAcl(message) + fmt.Printf(" *** DEBUG: CHECK SIG AND ACK TRUE: %v\n", message.Method) if sigOK && aclOK { - doHandler = true + fmt.Printf(" *** DEBUG: CHECK SIG AND ACK TRUE EVALUATED TO FALSE, EXECUTING HANDLER: %v\n", message.Method) + executeHandler(p, message, thisNode) + return } + fmt.Printf(" *** DEBUG: CHECK SIG AND ACK TRUE EVALUATED TO FALSE: %v\n", message.Method) er = fmt.Errorf("callHandler:both signature and acl checking enabled, sigOK=%v, aclOK=%v, method=%v", sigOK, aclOK, message.Method) default: er = fmt.Errorf("callHandler: None of the verify flags matched, not doing handler for message, method=%v", message.Method) + fmt.Printf(" *** DEBUG: WRONG CHECKING FLAGS FOR ACL OR SIG: %v\n", message.Method) } p.errorKernel.logDebug(er) - switch doHandler { - case true: - executeHandler(p, message, thisNode) - case false: - // ACL/Signature checking failed. - er := fmt.Errorf("error: subscriberHandler: ACL or Signature were verified not-OK, doing nothing") - p.errorKernel.errSend(p, message, er, logWarning) - fmt.Printf("\n *** DEBUG: %v\n\n", er) - } + er = fmt.Errorf("error: subscriberHandler: ACL or Signature were verified not-OK, doing nothing") + p.errorKernel.errSend(p, message, er, logWarning) + fmt.Printf("*** DEBUG: %v\n", er) + }() }