Block joining backbone network, validate max_members bounds

Reject join_network on backbone (netID=0). Validate max_members
accepts only integers 0-10000, rejecting fractional, negative, and
overflow values. Add tests for both.

Author: teovl

pkg/registry/server.go

@@ -1858,6 +1858,10 @@ func (s *Server) handleJoinNetwork(msg map[string]interface{}) (map[string]inter
 	netID := jsonUint16(msg, "network_id")
 	token, _ := msg["token"].(string)
 
+	if netID == 0 {
+		return nil, fmt.Errorf("cannot join the backbone network")
+	}
+
 	// Auth: signature (daemon) or admin token (console)
 	s.mu.RLock()
 	node, ok := s.nodes[nodeID]
@@ -3270,8 +3274,8 @@ func (s *Server) handleSetNetworkPolicy(msg map[string]interface{}) (map[string]
 	policy := network.Policy
 
 	if v, ok := msg["max_members"].(float64); ok {
-		if v < 0 {
-			return nil, fmt.Errorf("max_members must be >= 0")
+		if v < 0 || v > 10000 || v != float64(int(v)) {
+			return nil, fmt.Errorf("invalid max_members (must be integer 0-10000)")
 		}
 		newMax := int(v)
 		if newMax > 0 && len(network.Members) > newMax {

tests/enterprise_gate_test.go

@@ -3787,3 +3787,85 @@ func TestNetworkRenameValidation(t *testing.T) {
 
 	t.Log("network rename validation works correctly")
 }
+
+// TestJoinBackboneRejected verifies that joining the backbone network (ID 0) is rejected.
+func TestJoinBackboneRejected(t *testing.T) {
+	t.Parallel()
+	rc, _, cleanup := startTestRegistryWithAdmin(t)
+	defer cleanup()
+
+	nodeID, _ := registerTestNode(t, rc)
+
+	_, err := rc.JoinNetwork(nodeID, 0, "", 0, TestAdminToken)
+	if err == nil {
+		t.Fatal("expected error when joining backbone network")
+	}
+	if !strings.Contains(err.Error(), "cannot") {
+		t.Errorf("unexpected error: %v", err)
+	}
+	t.Logf("backbone join correctly rejected: %v", err)
+}
+
+// TestMaxMembersValidation verifies that max_members rejects overflow, fractional, and out-of-range values.
+func TestMaxMembersValidation(t *testing.T) {
+	t.Parallel()
+	rc, _, cleanup := startTestRegistryWithAdmin(t)
+	defer cleanup()
+
+	ownerID, ownerIdentity := registerTestNode(t, rc)
+	setClientSigner(rc, ownerIdentity)
+
+	resp, err := rc.CreateNetwork(ownerID, "maxmem-test", "open", "", TestAdminToken, true)
+	if err != nil {
+		t.Fatalf("create network: %v", err)
+	}
+	netID := uint16(resp["network_id"].(float64))
+
+	// Fractional max_members should fail
+	_, err = rc.SetNetworkPolicy(netID, map[string]interface{}{
+		"max_members": 5.5,
+	}, TestAdminToken)
+	if err == nil {
+		t.Error("expected error for fractional max_members")
+	} else {
+		t.Logf("fractional max_members rejected: %v", err)
+	}
+
+	// Negative max_members should fail
+	_, err = rc.SetNetworkPolicy(netID, map[string]interface{}{
+		"max_members": float64(-1),
+	}, TestAdminToken)
+	if err == nil {
+		t.Error("expected error for negative max_members")
+	} else {
+		t.Logf("negative max_members rejected: %v", err)
+	}
+
+	// Overflow max_members (>10000) should fail
+	_, err = rc.SetNetworkPolicy(netID, map[string]interface{}{
+		"max_members": float64(10001),
+	}, TestAdminToken)
+	if err == nil {
+		t.Error("expected error for overflow max_members")
+	} else {
+		t.Logf("overflow max_members rejected: %v", err)
+	}
+
+	// Valid max_members should succeed
+	_, err = rc.SetNetworkPolicy(netID, map[string]interface{}{
+		"max_members": float64(100),
+	}, TestAdminToken)
+	if err != nil {
+		t.Fatalf("valid max_members should succeed: %v", err)
+	}
+
+	// Zero max_members (unlimited) should succeed
+	_, err = rc.SetNetworkPolicy(netID, map[string]interface{}{
+		"max_members": float64(0),
+	}, TestAdminToken)
+	if err != nil {
+		t.Fatalf("zero max_members (unlimited) should succeed: %v", err)
+	}
+
+	t.Log("max_members validation works correctly")
+}