permissions -- docs and test

[nichoth]

Hi. I looked at all the tests and I couldn't find an example of permissions that use something aside from { anonymous: { allow: [ 'myMethod' ] } }.

How would you set permissions for who can call which method? From what I understand, the purpose of this module is to authenticate rpc connections. What do you learn about the caller after they have connected?

[staltz]

See muxrpc, where the permission system comes from.

[nichoth]

Thank you for the pointer, but the muxrpc readme -- https://github.com/ssb-js/muxrpc#permissions -- has made things more complicated for me… it shows a helper function that takes an object like

var perms = Perms({allow: ['auth']})

And the tests in this repo show

permissions: {
    anonymous: { allow: ['hello'], deny: null }
},

What shape is the permissions argument to secret-stack supposed to be? is the 'anonymous' key special in the passed in object?

Part of this issue is that the permissions in muxrpc should be documented better also.

[nichoth]

Starting to answer my own questions — 'anonymous' is a special key -- see here in the code:

https://github.com/ssb-js/secret-stack/blob/76d1432ac2db60ac14fa986eed84910dacd45ea6/src/core.ts#L239

[nichoth]

unraveling the secret-stack

The connect function calls setupRPC, which calls Muxrpc with isClient set to true. So whichever secret-stack calls connect on an address is the client, and if we look here — https://github.com/ssb-js/secret-stack/blob/76d1432ac2db60ac14fa986eed84910dacd45ea6/src/core.ts#L233

you can see the permissions uses anonymous

 const rpc = Muxrpc(
        manifest,
        manf ?? manifest,
        api,
        _id,
        isClient
          ? permissions.anonymous
          : isPermissions(stream.auth)
            ? stream.auth
            : permissions.anonymous,
        false
      )

and the permissions object is passed into the function init. So a client starts with anonymous permissions. Then it must upgrade somehow?