Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standardize message timestamp naming #419

Merged
merged 3 commits into from
Jul 3, 2023
Merged

Standardize message timestamp naming #419

merged 3 commits into from
Jul 3, 2023

Conversation

diehuxx
Copy link

@diehuxx diehuxx commented Jun 30, 2023

Taking approach 1 from #406.

Require all DWN message to have messageTimestamp
dateCreated is a method specific property, ie. in RecordsWrite.
Remove/rename all other variant of date related properties accordingly.

  • In RecordsWrite, RecordsDelete, and ProtocolsConfigure: dateModified -> messageTimestamp.
  • RecordsWrite retains the dateCreated field, which refers to the time that the record was created.
  • In RecordsRead: date -> messageTimestamp
  • EventsGet and MessagesGet do not have timestamps of any kind.
  • In all other DWN messages, dateCreated -> messageTimestamp

@thehenrytsai
Copy link
Contributor

@diehuxx, everything looks great, though I think we should also add timestamp for MessageGet and EventGet to prevent replay. What do you think? Obviously we'd need to add more checks, but that can be done in a future PR.

@diehuxx
Copy link
Author

diehuxx commented Jul 1, 2023

add timestamp for MessageGet and EventGet to prevent replay

I don't see any reason why not, but not sure if I understand the reason. What do you mean by replay? Also, does the timestamp have any significance if we aren't storing the MessagesGet or EventsGet messages and we aren't using the timestamp for filtering purposes?

@thehenrytsai
Copy link
Contributor

I don't see any reason why not, but not sure if I understand the reason. What do you mean by replay? Also, does the timestamp have any significance if we aren't storing the MessagesGet or EventsGet messages and we aren't using the timestamp for filtering purposes?

Imagine if a bad actor got hold of a legit (signed) MessageGet message. They can just send this message to a DWN to get the message back any time in the future (assuming no key rotation).

we aren't using the timestamp for filtering purposes?

Yeah... that's the "we'd need to add more checks, but that can be done in a future PR" part I was referring to, as in, check the timestamp against the current server time, if it's outside of the acceptable "server time drift" range, ignore. This applies to all fetch-type messages that we have including RecordsQuery and RecordsRead.

@diehuxx
Copy link
Author

diehuxx commented Jul 3, 2023

Imagine if a bad actor got hold of a legit (signed) MessageGet message. They can just send this message to a DWN to get the message back any time in the future (assuming no key rotation).

Ahhh okay I see. Thanks for the explanation :). Just pushed a commit adding timestamp to EventsGet and MessagesGet.

thehenrytsai
thehenrytsai previously approved these changes Jul 3, 2023
View reviewed changes
Copy link
Contributor

@thehenrytsai thehenrytsai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙏

@diehuxx diehuxx merged commit a08dcbe into main Jul 3, 2023
@thehenrytsai thehenrytsai deleted the diehuxx/standardize-timestamps branch July 3, 2023 23:05
@diehuxx diehuxx mentioned this pull request Jul 13, 2023
Closed
@frankhinek frankhinek mentioned this pull request Nov 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thehenrytsai thehenrytsai thehenrytsai approved these changes

@mistermoe mistermoe Awaiting requested review from mistermoe mistermoe is a code owner

@csuwildcat csuwildcat Awaiting requested review from csuwildcat csuwildcat is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@diehuxx @thehenrytsai