open
https://gitlab.synchro.net/main/sbbs/-/issues/831
## First idea
Tickfix needs a minimum of security for published areas.
Currently all configured areas are available so that all links can connect through the "filefix@node" robot.
The desired thing is that each link can see certain areas according to its permission
My idea is that it is similar to the ECHOLIST that sbbsecho actualy handles
Something very simple like a text file that lists the FileEcho TAG one per line
{width=628 height=515}
Then in each link you can add the list of KEYS that it has permission to
{width=710 height=532}
example sbbsecho.ini:
```
; fileechos definitions
[filelist:/sbbs/fido/FILELIST.FIDOPUBLIC]
Keys = FIDOPUBLIC
[filelist:/sbbs/fido/FILELIST.FIDOZ4ADMINS]
Keys = FIDOADMINS
[filelist:/sbbs/fido/FILELIST.ZUDAKA]
Keys = ZUDAKAFILES
;node examples:
[node:4:902/26.10@fidonet]
Name = Fido Point test
[...]
Keys = FIDO,FIDOESP,FIDOBR
Status = Normal
LocalAddress = 4:902/26
FileKeys = FIDOPUBLIC
[node:4:902/30@fidonet]
Name = some fido node sysop
[...]
Keys = FIDO,FIDOESP,FIDOBR
Status = Normal
LocalAddress = 4:902/26
FileKeys = FIDOPUBLIC,FIDOADMINS
[node:15:123/4@zudaka]
Name = Zudaka node
[...]
Keys = ZDECHOS
Status = Normal
LocalAddress = 4:902/26
FileKeys = ZUDAKAFILES
```
This prevents the problem of links not receiving file areas from any other networks, example:
{width=540 height=464}
Also when a link asks for the list of areas, you can only see and connect to the ones you have available according to the new "FileKeys" option.
## alternative implementation
sbbsecho should only store the FileKeys (multiple possible values) for each link (no filelist definition):
```
[node:4:902/30@fidonet]
Name = some fido node sysop
[...]
Keys = FIDO,FIDOESP,FIDOBR
Status = Normal
LocalAddress = 4:902/26
FileKeys = FIDOPUBLIC,FIDOADMINS
[node:4:902/10.123@fidonet]
Name = some fido point
[...]
Keys = FIDO,FIDOESP,FIDOBR
Status = Normal
LocalAddress = 4:902/26
FileKeys = FIDOPUBLIC
[node:4:902/666@fidonet]
Name = some super power sysop
[...]
Keys = FIDO,FIDOESP,FIDOBR
Status = Normal
LocalAddress = 4:902/26
FileKeys = ALL_FILE_ECHOS
[node:15:123/4@zudaka]
Name = Zudaka node
[...]
Keys = ZDECHOS
Status = Normal
LocalAddress = 4:902/26
FileKeys = ZUDAKAFILES
```
and inside tickit.ini for each area add a Keys option that can have an list of keys, for example:
```
[Z4NODE]
Dir=fidoz4node
SourceAddress=4:902/26@fidonet
AKAMatching=true
ForceReplace=true
links=4:902/26.3,4:930/1,4:902/26.17
Keys=FIDOPUBLIC,ALL_FILE_ECHOS
[Z4DAILY]
Dir=fidoz4daily
SourceAddress=4:902/26@fidonet
AKAMatching=true
ForceReplace=true
links=4:902/26.3,2:280/464,4:930/1,4:902/26.17
Keys=FIDOPUBLIC,ALL_FILE_ECHOS
[ZSEGS]
Dir=fidozsegs
SourceAddress=4:902/26@fidonet
AKAMatching=true
ForceReplace=true
links=1:/234/5, 2:345/6, 3:456/7
Keys=FIDOADMINS,ALL_FILE_ECHOS
[ZD_INFO]
Dir=zd_info
SourceAddress=15:1/1@zudaka
Uploader=Ragnarok
links=2:280/464,4:930/1
Keys=ZUDAKAFILES,ALL_FILE_ECHOS
[ZD_NODE]
links=15:1/2,2:280/464,4:930/1
Dir=zd_node
SourceAddress=15:1/1@zudaka
Uploader=Ragnarok
ForceReplace=true
Handler=tickit/nodelist_handler.js
HandlerArg={"domain":"zudaka", "match":"zudaka.z*", "nlmatch":"zudaka.*"} Keys=ZUDAKAFILES,ALL_FILE_ECHOS
```
The expected result would be the following:
| Node | can view and connect to |
| ------ | ------ |
| 4:902/30 | Z4NODE,Z4DAILY,ZSEGS |
| 4:902/10.123 | Z4NODE,Z4DAILY |
| 4:902/666 | Z4NODE,Z4DAILY,ZSEGS, ZD_INFO, ZD_NODE |
| 15:123/4 | ZD_INFO, ZD_NODE |
I think this second option is more valid because the sbbsecho code would be minimally touched (just handling a new key/value per link) and nothing more
The rest of the logic would be implemented on tickfix according to the FileKeys of the link:
1) the return of the possible list of areas is restricted
2) verification to add an area to the link, that you have permissions to do so.
Saludos!
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
