spec: Add penalize notifications. #537
Conversation
spec/community.mediawiki
Outdated
| | accountid || string || hex encoding of the client's account ID | ||
| |- |
There was a problem hiding this comment.
A connected websocket connection is specific to an account, so the accountid field is superfluous.
There was a problem hiding this comment.
My thinking was that the signature would be meaningless after the fact unless the accountid was included. While you could prove that a ban was dealt out from a particular server, you couldn't prove to whom it was directed. Although for simply verifying the server and communicating, it is not needed. I will take it out since there may never be need for the ban receiver to prove they were banned.
There was a problem hiding this comment.
I guess someone could reuse one of these messages though, if it didn't have the to whom. The signature will check out, only the timestamp will be old. Can that in any way be used as an attack vector? OK because wss is safe?
There was a problem hiding this comment.
My thinking was that the signature would be meaningless after the fact unless the accountid was included.
That's a good point. We can leave it for now and decide on later updates what's needed for the new system.
JoeGruffins
force-pushed
the
penaltynotification
branch
2 times, most recently
from
0829803
to
e9aa238
Compare
spec/comm.mediawiki
Outdated
|
|
||
| <code>result</code> | ||
| {| | ||
| ! field !! type !! description | ||
| |- | ||
| | matches || [object] || list of [[orders.mediawiki/#Match_negotiation|Match objects]] | ||
| |- | ||
| | penalty || object || the client's most recent [[community.mediawiki/#Rules_of_Community_Conduct|broken rule]]. omitted if in good standing |
There was a problem hiding this comment.
If this is going to be an object, the object will need to be defined. Can you define the object separately and just reference it here and in the penalty notification?
There was a problem hiding this comment.
Is this how you mean?
There was a problem hiding this comment.
Yes, but the sig would not be a field in the object. It would stay as a field in the penalty payload.
JoeGruffins
force-pushed
the
penaltynotification
branch
from
e9aa238
to
93c66fe
Compare
| | details || string || a message describing the penalization | ||
| |- | ||
| | sig || string || hex-encoded server's signature of the serialized penalization data | ||
| |} |
There was a problem hiding this comment.
You'll need to describe the serialization.
There was a problem hiding this comment.
As in how many bytes per field and the order?
There was a problem hiding this comment.
I found a few different patterns, but will just adding the size of the fields be sufficient in this case? Should there be a separate Penalty serialization?
There was a problem hiding this comment.
I'd personally prefer a serialization for the Penalty object. For the penalty payload you wouldn't need a whole serialization description table, because you could just say sig || string || hex-encoded signature of the serialized Penalty object.
I found a few different patterns, but will just adding the size of the fields be sufficient in this case?
In this case, since all of the fields of the Penalty object are included in the serialization, you could try to combine them into one. I think the only place that's done so far is for the order prefix description, and I have mixed feelings on how well it works. The descriptions needed for serialization is often quite different than a description suited for the JSON field, so you'll need to combine the information carefully to avoid confusion.
JoeGruffins
force-pushed
the
penaltynotification
branch
from
7fdf345
to
1c84159
Compare
|
The test failure happened because I pushed a commit with an unintentional change. I rebased after that but the tests did not re-test and the failure remained. |
part of #444
It was discussed that the notification be tried on reconnect, and to add it to connect, but I thought just adding it to the connect response would be enough/better.
Also:
I think can be hard coded into the client, since it will be true for all bans
Can be viewed here