Deprecate `localpart@domain` component addressing (#1540)

Wojciech Kapcia (Tigase) opened 9 months ago

to-do (based on Andrzej's comment below):

review all places where amp is used for addressing and adjust them
review other/all components
adjust routing mechanism in MessageRouter to skip looking for components at localpart@domain (that should speed up routing).

Original issue:

[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : 1. Packet will be processed by: amp@ip-172-31-22-51.us-west-2.compute.internal, from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : My packet: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : processing packet = from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:039] [WARNING ] [              in_7-amp ] AmpComponent.processPacket()     : Not an AMP packet! from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null

Activities

Andrzej Wójcik (Tigase) commented 9 months ago

Did someone created account amp@sure.im?
Wojciech Kapcia (Tigase) commented 9 months ago

Hmm... it looks like that - there was another packet with captcha that was explicitly addressed to amp@sure.im.

I think we should have "forbidden" addresses that would take into consideration configured components addressess.
Andrzej Wójcik (Tigase) commented 9 months ago

Yes, however, I think that the main cause was usage of localpart@domain for internal components. If we would use ie. amp.sure.im that would solve this issue and wouldn't allow it to happen - there wouldn't be anything to block. Most of the components are using "domain-only" jids as their address but some still use localpart@domain format.
Wojciech Kapcia (Tigase) commented 9 months ago
So basically adjust:

@ConfigField(desc = "AMP component JID", alias = AMP_JID_PROP_KEY) private JID ampJID = JID.jidInstanceNS("amp@" + defHost);

?

Should we rename this issue into: "make all components use domain for addressing" that would entail reviewing all components?
Andrzej Wójcik (Tigase) commented 9 months ago

I think that we would need to review all places where amp is used for addressing and adjust them (also changing the line you mentioned) and then review other/all components. I think this would be a better approach and with that we could adjust routing mechanism in MessageRouter to skip looking for components at localpart@domain (that should speed up routing).

Wojciech Kapcia (Tigase) changed title 9 months ago

Previous Value	Current Value
Not an AMP packet for PEP/tune packets	Deprecate `localpart@domain` component addressing

Wojciech Kapcia (Tigase) changed fields 9 months ago
Name Previous Value Current Value
Version
empty
tigase-server-9.0.0, tigase-server-8.5.0
Wojciech Kapcia (Tigase) added to iteration "tigase-server-9.0.0" 9 months ago
Wojciech Kapcia (Tigase) added to iteration "tigase-server-8.5.0" 9 months ago
Wojciech Kapcia (Tigase) commented 9 months ago
adjusted subject

added to-do list

slated for 8.5.0 (changing AMP addressing, marking as deprecated API) and 9.0.0 (removal localhost@domain addressing)
Login to comment

Name	Previous Value	Current Value
Version	empty	tigase-server-9.0.0, tigase-server-8.5.0

Type	Bug
Priority	Normal
Assignee	Andrzej Wójcik (Tigase)
Version	tigase-server-9.0.0, tigase-server-8.5.0
Sprints	n/a
Customer	n/a

Iterations

tigase-server-8.5.0 Open
tigase-server-9.0.0 Open

Issue Votes (0)

Watchers (3)

Reference

tigase/_server/server-core#1540