[IMP] keyban now disconnect the client

This has the effect of unsubsribing the client from all channels. Once the key is banned, the key user cannot publish anymore. Now he can't receive anymore either. WON'T WORK -> As it won't disconnect other clients on different brokers. The ban is just an event that is propagated but doesn't trigger any function Too bad, as this would be more efficient than the alternative: check for a banned key before every send()
emitter-io · Aug 7, 2024 · b45713d · b45713d
1 parent 996fa4a
commit b45713d
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 3 deletions.
diff --git a/internal/broker/conn.go b/internal/broker/conn.go
@@ -60,6 +60,7 @@ type Conn struct {
 	connect  *event.Connection // The associated connection event.
 	username string            // The username provided by the client during MQTT connect.
 	links    map[string]string // The map of all pre-authorized links.
+	banned   bool              // Close() will behave differently if this flag is true. Note: can't modify Close's signature as it has to respect the one from the MQTT lib.
 }
 
 // NewConn creates a new connection.
@@ -88,6 +89,16 @@ func (s *Service) newConn(t net.Conn, readRate int) *Conn {
 	return c
 }
 
+// IsBanned checks if the connection is banned.
+func (c *Conn) IsBanned() bool {
+	return c.banned
+}
+
+// Ban bans the connection.
+func (c *Conn) Ban() {
+	c.banned = true
+}
+
 // ID returns the unique identifier of the subsriber.
 func (c *Conn) ID() string {
 	return c.guid
@@ -365,8 +376,10 @@ func (c *Conn) Close() error {
 		})
 	}
 
-	// Publish last will
-	c.service.pubsub.OnLastWill(c, c.connect)
+	if !c.IsBanned() {
+		// Publish last will
+		c.service.pubsub.OnLastWill(c, c.connect)
+	}
 
 	//logging.LogTarget("conn", "closed", c.guid)
 	return c.socket.Close()

diff --git a/internal/service/fake/fakes.go b/internal/service/fake/fakes.go
@@ -169,6 +169,14 @@ func (f *Conn) initialize() {
 	}
 }
 
+func (f *Conn) Ban() {
+
+}
+
+func (f *Conn) IsBanned() bool {
+	return false
+}
+
 // Close provides a fake implementation.
 func (f *Conn) Close() error {
 	return nil

diff --git a/internal/service/interfaces.go b/internal/service/interfaces.go
@@ -49,7 +49,7 @@ type Surveyee interface {
 	OnSurvey(string, []byte) ([]byte, bool)
 }
 
-//Surveyor issues the surveys.
+// Surveyor issues the surveys.
 type Surveyor interface {
 	Query(string, []byte) (message.Awaiter, error)
 }
@@ -66,6 +66,8 @@ type Conn interface {
 	Links() map[string]string
 	GetLink([]byte) []byte
 	AddLink(string, *security.Channel)
+	Ban()
+	IsBanned() bool
 }
 
 // Replicator replicates an event withih the cluster

diff --git a/internal/service/keyban/keyban.go b/internal/service/keyban/keyban.go
@@ -71,6 +71,8 @@ func (s *Service) OnRequest(c service.Conn, payload []byte) (service.Response, b
 	bannedKey := event.Ban(message.Target)
 	switch {
 	case message.Banned && !s.cluster.Contains(&bannedKey):
+		c.Ban()
+		c.Close()
 		s.cluster.Notify(&bannedKey, true)
 	case !message.Banned && s.cluster.Contains(&bannedKey):
 		s.cluster.Notify(&bannedKey, false)