Make the usage of the registration bot configurable

[vqhuy]

Which do you prefer:

• Set LocalAddress to an empty string to disable the registration bot
• Or, have a IsUseBot field in ServerConfig?

[masomel]

Set LocalAddress to an empty string to disable the registration bot

This approach seems a little safer to me.

[arlolra]

Proposal: How about we allow a list of addresses to bind to in the config.toml? Something like,

[[addresses]]
address = "0.0.0.0:3000"
cert = "server.pem"
key = "server.key"

[[addresses]]
address = "0.0.0.0:6000"

[[addresses]]
address = "/tmp/coniks.sock"
allow_registration = true

[masomel]

How about we allow a list of addresses to bind to in the config.toml?

A few questions: How does the server know which address to choose for which type of connection (bot vs. client, testing vs deployment, etc.)? It also seems like the second address in the list is an unencrypted connection (as opposed to the first one with TLS settings) -- do we want to have a non-TLS option? What does the allow_registration = true entry in the third address mean, is this an alternative to a useBot entry in the configuration/what would allow_registration = false mean?

[arlolra]

How does the server know which address to choose for which type of connection (bot vs. client, testing vs deployment, etc.)?

Currently, the keyserver doesn't know anything about bots; it just listens on two addresses, with differing permission. The only change here is really to make that configurable, instead of hardcoded.

What does the allow_registration = true entry in the third address mean

I figured the safest default would be to disallow registration on all addresses, and for the unix socket you'd explicitly enable it.

It also seems like the second address in the list is an unencrypted connection (as opposed to the first one with TLS settings) -- do we want to have a non-TLS option?

Maybe not.

[vqhuy]

Does "disallow registration on all addresses" mean "all addresses can accept any request except registration"? Otherwise this totally makes sense to me.

[arlolra]

Yup. All the other request are of the "read" type. Registration is the only "write". If you want to think about it like that. So, by default, addresses are "read-only".

[masomel]

All the other request are of the "read" type. Registration is the only "write". If you want to think about it like that.

Fair point, I agree that this is a good way to think about it.

[vqhuy]

I gave it a shot in 88103d43a14cf9d19046df90da823025dae32b84.

[arlolra]

Nice work.

[arlolra]

tcp:// ?

[arlolra]

Maybe just change testutil.PublicConnection to include the protocol?

[vqhuy]

I think the latest is here: https://github.com/coniks-sys/coniks-go/pull/130/files#diff-d24d2023b15c72fdfbc6fec8561dcf0dR55 Sorry, my mistake.

Maybe just change testutil.PublicConnection to include the protocol?

Yes, it should be a constant instead.

[arlolra]

unix:// ?

[arlolra]

Do you think it's worth logging a warning if none of the addresses permit registration?

[vqhuy]

Yes, it makes sense. Added in 0f78e49ac4b22a8051818f30f103e7e74f2abf28. Thanks!

[arlolra]

LGTM

[arlolra]

Alright, good to merge.

[vqhuy]

Yes, wait me for one sec.

[masomel]

@c633 Maybe this is a silly question, how does one configure the server to use/not use the registration bot? It seems like the server default (i.e. in cmd/init.go) is still to use the bot. Or does this have to be configured manually after init?

[arlolra]

Maybe a better framing is to say that the default configuration is to only allow local registrations, and if you want to deviate, you need to manually edit. We leave the bot out of the picture.

[masomel]

Maybe a better framing is to say that the default configuration is to only allow local registrations, and if you want to deviate, you need to manually edit.

That works I guess (a flag for init may be more convenient, though I realize that may be difficult to implement). This isn't stated in the README or anywhere yet. Will have to add that.

[vqhuy]

Will have to add that.

Thanks!