feat: add namespace blocking functionality for JWT authentication

domdomegg · domdomegg · commit ad07a274b2cc · 2025-08-27T12:15:27.000Z
Implements a denylist mechanism to block specific namespaces from publishing packages. Admins with global permissions bypass the blocking logic. This addresses namespace abuse prevention requirements. Fixes #98 🏠 Remote-Dev: homespace
diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go
@@ -43,9 +43,10 @@ type TokenResponse struct {
 
 // JWTManager handles JWT token operations
 type JWTManager struct {
-	privateKey    ed25519.PrivateKey
-	publicKey     ed25519.PublicKey
-	tokenDuration time.Duration
+	privateKey        ed25519.PrivateKey
+	publicKey         ed25519.PublicKey
+	tokenDuration     time.Duration
+	BlockedNamespaces []string
 }
 
 func NewJWTManager(cfg *config.Config) *JWTManager {
@@ -63,15 +64,40 @@ func NewJWTManager(cfg *config.Config) *JWTManager {
 	privateKey := ed25519.NewKeyFromSeed(seed)
 	publicKey := privateKey.Public().(ed25519.PublicKey)
 
+	blockedNamespaces := []string{
+		// Add blocked namespaces here, e.g.:
+		// "io.github.spammer",
+		// "com.evil-domain",
+	}
+
 	return &JWTManager{
-		privateKey:    privateKey,
-		publicKey:     publicKey,
-		tokenDuration: 5 * time.Minute, // 5-minute tokens as per requirements
+		privateKey:        privateKey,
+		publicKey:         publicKey,
+		tokenDuration:     5 * time.Minute, // 5-minute tokens as per requirements
+		BlockedNamespaces: blockedNamespaces,
 	}
 }
 
 // GenerateToken generates a new Registry JWT token
 func (j *JWTManager) GenerateTokenResponse(_ context.Context, claims JWTClaims) (*TokenResponse, error) {
+	// Check whether they have global permissions (used by admins)
+	hasGlobalPermissions := false
+	for _, perm := range claims.Permissions {
+		if perm.ResourcePattern == "*" {
+			hasGlobalPermissions = true
+			break
+		}
+	}
+
+	// Check permissions against denylist, provided they are not an admin
+	if !hasGlobalPermissions {
+		for _, blockedNamespace := range j.BlockedNamespaces {
+			if j.HasPermission(blockedNamespace+"/test", PermissionActionPublish, claims.Permissions) {
+				return nil, fmt.Errorf("your namespace is blocked. raise an issue at https://github.com/modelcontextprotocol/registry/ if you think this is a mistake")
+			}
+		}
+	}
+
 	if claims.IssuedAt == nil {
 		claims.IssuedAt = jwt.NewNumericDate(time.Now())
 	}
diff --git a/internal/auth/jwt_test.go b/internal/auth/jwt_test.go
@@ -283,3 +283,103 @@ func TestNewJWTManager_InvalidKeySize(t *testing.T) {
 		auth.NewJWTManager(cfg)
 	})
 }
+
+func TestJWTManager_BlockedNamespaces(t *testing.T) {
+	// Generate a proper Ed25519 seed for testing
+	testSeed := make([]byte, ed25519.SeedSize)
+	_, err := rand.Read(testSeed)
+	require.NoError(t, err)
+
+	cfg := &config.Config{
+		JWTPrivateKey: hex.EncodeToString(testSeed),
+	}
+
+	ctx := context.Background()
+
+	t.Run("blocked namespace should deny token", func(t *testing.T) {
+		jwtManager := auth.NewJWTManager(cfg)
+		// Add a blocked namespace for testing
+		jwtManager.BlockedNamespaces = []string{"io.github.spammer"}
+		
+		claims := auth.JWTClaims{
+			AuthMethod:        model.AuthMethodGitHubAT,
+			AuthMethodSubject: "spammer",
+			Permissions: []auth.Permission{
+				{
+					Action:          auth.PermissionActionPublish,
+					ResourcePattern: "io.github.spammer/*",
+				},
+			},
+		}
+
+		tokenResponse, err := jwtManager.GenerateTokenResponse(ctx, claims)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "your namespace is blocked")
+		assert.Nil(t, tokenResponse)
+	})
+
+	t.Run("non-blocked namespace should allow token", func(t *testing.T) {
+		jwtManager := auth.NewJWTManager(cfg)
+		jwtManager.BlockedNamespaces = []string{"io.github.spammer"}
+		
+		claims := auth.JWTClaims{
+			AuthMethod:        model.AuthMethodGitHubAT,
+			AuthMethodSubject: "gooduser",
+			Permissions: []auth.Permission{
+				{
+					Action:          auth.PermissionActionPublish,
+					ResourcePattern: "io.github.gooduser/*",
+				},
+			},
+		}
+
+		tokenResponse, err := jwtManager.GenerateTokenResponse(ctx, claims)
+		require.NoError(t, err)
+		assert.NotEmpty(t, tokenResponse.RegistryToken)
+	})
+
+	t.Run("multiple permissions with one blocked should deny token", func(t *testing.T) {
+		jwtManager := auth.NewJWTManager(cfg)
+		jwtManager.BlockedNamespaces = []string{"io.github.badorg"}
+		
+		claims := auth.JWTClaims{
+			AuthMethod:        model.AuthMethodGitHubAT,
+			AuthMethodSubject: "user",
+			Permissions: []auth.Permission{
+				{
+					Action:          auth.PermissionActionPublish,
+					ResourcePattern: "io.github.user/*", // allowed
+				},
+				{
+					Action:          auth.PermissionActionPublish,
+					ResourcePattern: "io.github.badorg/*", // blocked
+				},
+			},
+		}
+
+		tokenResponse, err := jwtManager.GenerateTokenResponse(ctx, claims)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "your namespace is blocked")
+		assert.Nil(t, tokenResponse)
+	})
+
+	t.Run("global admin permissions should bypass denylist", func(t *testing.T) {
+		jwtManager := auth.NewJWTManager(cfg)
+		jwtManager.BlockedNamespaces = []string{"io.github.spammer"}
+		
+		claims := auth.JWTClaims{
+			AuthMethod:        model.AuthMethodNone,
+			AuthMethodSubject: "admin",
+			Permissions: []auth.Permission{
+				{
+					Action:          auth.PermissionActionPublish,
+					ResourcePattern: "*", // global permission should bypass blocking
+				},
+			},
+		}
+
+		tokenResponse, err := jwtManager.GenerateTokenResponse(ctx, claims)
+		require.NoError(t, err)
+		assert.NotEmpty(t, tokenResponse.RegistryToken)
+	})
+}
