fix(core-p2p): terminate connection when not authorized (ArkEcosystem…

…#2945) fix(core-p2p): terminate connection when not authorized Co-authored-by: null <35549818+alessiodf@users.noreply.github.com>
blockpool-io · Sep 19, 2019 · 0dce189 · 0dce189
2 parents f4e46d4 + f73bd8b
commit 0dce189
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 8 deletions.
diff --git a/__tests__/integration/core-p2p/socket-server/peer.test.ts b/__tests__/integration/core-p2p/socket-server/peer.test.ts
@@ -243,7 +243,7 @@ describe("Peer socket endpoint", () => {
 
             await expect(
                 emit(
-                    "p2p.internal.eventNameIsTooLongSoShouldCloseTheConnectionWithCode4413AsItTheEventNameExceedsTheMaximumPermittedLengthSizeOf128Characters",
+                    "p2p.peer.eventNameIsTooLongSoShouldCloseTheConnectionWithCode4413AsItTheEventNameExceedsTheMaximumPermittedLengthSizeOf128Characters",
                     {
                         headers,
                     },
@@ -271,6 +271,16 @@ describe("Peer socket endpoint", () => {
             ).rejects.toHaveProperty("name", "BadConnectionError");
         });
 
+        it("should close the connection if an external connection accesses an internal endpoint", async () => {
+            await delay(1000);
+
+            await expect(
+                emit("p2p.internal.acceptNewPeer", {
+                    headers,
+                }),
+            ).rejects.toHaveProperty("name", "BadConnectionError");
+        });
+
         it("should close the connection and prevent reconnection if blocked", async () => {
             await delay(1000);
 

diff --git a/__tests__/unit/core-p2p/socket-server/worker.test.ts b/__tests__/unit/core-p2p/socket-server/worker.test.ts
@@ -5,6 +5,9 @@ import { Worker } from "../../../../packages/core-p2p/src/socket-server/worker";
 
 const worker = new Worker();
 
+// @ts-ignore
+worker.scServer.wsServer = { on: () => undefined };
+
 describe("Worker", () => {
     describe("run", () => {
         it("should init the worker", async () => {

diff --git a/packages/core-p2p/src/enums.ts b/packages/core-p2p/src/enums.ts
@@ -26,7 +26,6 @@ export enum SocketErrors {
     WrongEndpoint = "CoreWrongEndpointError",
     AppNotReady = "CoreAppNotReadyError",
     HeadersRequired = "CoreHeadersRequiredError",
-    ForgerNotAuthorized = "CoreForgerNotAuthorizedError",
     Unknown = "CoreUnknownError",
     Validation = "CoreValidationError",
     RateLimitExceeded = "CoreRateLimitExceededError",

diff --git a/packages/core-p2p/src/socket-server/worker.ts b/packages/core-p2p/src/socket-server/worker.ts
@@ -158,12 +158,8 @@ export class Worker extends SCWorker {
                 });
 
                 if (!data.authorized) {
-                    return next(
-                        this.createError(
-                            SocketErrors.ForgerNotAuthorized,
-                            "Not authorized: internal endpoint is only available for whitelisted forger",
-                        ),
-                    );
+                    req.socket.terminate();
+                    return;
                 }
             } else if (version === "peer") {
                 this.sendToMasterAsync("p2p.internal.acceptNewPeer", {