Whitelist Procedure and Rooms

[joente]

Currently, users created with RUN, CHANGE, and JOIN privileges can only access predefined procedures and events. To enhance security, we propose introducing a whitelisting system for both rooms and procedures. This would allow granular control over user permissions, enabling more restrictive user roles.

For whitelisting rooms, implementing idea #392 would allow using names instead of room Id's.

[joente]

Purposed functions:

• whitelist_add(<user>, <list>, [name_or_regex]);
• whitelist_del(<user>, <list>, [name_or_regex]);

Where <list> is either "procedures" or "rooms".

Where name_or_regex is either a string according the names convention, or a regular expression. This way a user cannot by accident provide a string, thinking he/she is providing a regular expression (example: "/^test.*/" is not allowed, as this is a string and not the regular expression which is /^test.*/).

user_info(..) return value (part):

We can simply return the values. If the value starts with / it is a regular expression, otherwise it is a name. For more details we can use the new whitelist(..) function.

{
    "whitelists": {
        "procedures": [
            "example",
            "/^api_.*/"
        ]
    }
}

If no white list is active, return "whitelists": {}. This is preferred to "whitelists": nil as this is more inline with having only a procedures or rooms whitelist, and not both. If no whitelist for procedures exists, any procedure is accepted and the same for rooms.

An empty list results in that all procedures / rooms will be blocked.

A whitelist list can be completely removed using whitelist_del(<user>, <list>); (not providing a specific rule).

An empty whitelist list can be created by using whitelist_add(<user>, <list>); (not providing a specific rule).

Note that we do not provide a scope, I don't think a scope is required as access to a scope can already be arranged. By supporting explicit names and regular expressions we can create loosely bindings which I think is preferred as it allows for a regular expression selecting multiple procedures or rooms at once.

[joente]

Added documentation:

• https://docs.thingsdb.io/v1/thingsdb-api/whitelist_add/
• https://docs.thingsdb.io/v1/thingsdb-api/whitelist_del/

The latest build (v1.7.0-rc2) can be used for testing.