From 14f8b0c8daa9a2dfde78b0ed88e5ded4adcbe110 Mon Sep 17 00:00:00 2001
From: Alan Shaw <alan@tableflip.io>
Date: Thu, 22 Feb 2018 12:54:59 +0000
Subject: [PATCH] temporarily disables access to MFS functions on window.ipfs

---
 add-on/src/lib/ipfs-proxy/pre-acl.js | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/add-on/src/lib/ipfs-proxy/pre-acl.js b/add-on/src/lib/ipfs-proxy/pre-acl.js
index 6ecfcc2b6..8bd372b95 100644
--- a/add-on/src/lib/ipfs-proxy/pre-acl.js
+++ b/add-on/src/lib/ipfs-proxy/pre-acl.js
@@ -2,6 +2,20 @@
 // All other IPFS functions require authorization.
 const ACL_WHITELIST = Object.freeze(require('./acl-whitelist.json'))
 
+// TEMPORARY blacklist of MFS functions that are automatically denied access
+// https://github.com/ipfs-shipyard/ipfs-companion/issues/330#issuecomment-367651787
+const MFS_BLACKLIST = Object.freeze([
+  'files.cp',
+  'files.mkdir',
+  'files.stat',
+  'files.rm',
+  'files.read',
+  'files.write',
+  'files.mv',
+  'files.flush',
+  'files.ls'
+])
+
 // Creates a "pre" function that is called prior to calling a real function
 // on the IPFS instance. It will throw if access is denied, and ask the user if
 // no access decision has been made yet.
@@ -10,6 +24,10 @@ function createPreAcl (getState, accessControl, getScope, permission, requestAcc
     // Check if all access to the IPFS node is disabled
     if (!getState().ipfsProxy) throw new Error('User disabled access to IPFS')
 
+    if (MFS_BLACKLIST.includes(permission)) {
+      throw new Error('MFS functions are temporarily disabled')
+    }
+
     // No need to verify access if permission is on the whitelist
     if (ACL_WHITELIST.includes(permission)) return args