node whitelist option via jsonrpc

pull/72/head
Jeff Becker 6 years ago
parent c1377851a6
commit 67eadff143
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05

@ -41,9 +41,12 @@ namespace llarp
Start(const std::string& remote);
/// test if a router is valid
bool
VerifyRouter(const llarp::PubKey& pk);
/// do per second tick
void
VerifyRouter(llarp::PubKey pkey,
std::function< void(llarp::PubKey, bool) > handler);
Tick(llarp_time_t now);
private:
CallerImpl* m_Impl;

@ -30,7 +30,7 @@ namespace abyss
/// return true on successful handling
/// return false on errors while handling
virtual bool
HandleResponse(const RPC_Response& response) = 0;
HandleResponse(RPC_Response response) = 0;
/// populate http request headers
virtual void

@ -29,7 +29,7 @@ struct DemoCall : public abyss::http::IRPCClientHandler
}
bool
HandleResponse(const abyss::http::RPC_Response& resp) override
HandleResponse(abyss::http::RPC_Response resp) override
{
std::string body;
abyss::json::ToString(resp, body);

@ -125,7 +125,7 @@ namespace abyss
case json::IParser::eNeedData:
return true;
case json::IParser::eDone:
handler->HandleResponse(m_Response);
handler->HandleResponse(std::move(m_Response));
Close();
return true;
case json::IParser::eParseError:

@ -36,6 +36,7 @@ namespace llarp
services = find_section(top, "services", section_t{});
system = find_section(top, "system", section_t{});
api = find_section(top, "api", section_t{});
lokid = find_section(top, "lokid", section_t{});
return true;
}
return false;
@ -135,11 +136,7 @@ llarp_generic_ensure_config(std::ofstream &f, std::string basepath)
f << "# authkey=insertpubkey1here" << std::endl;
f << "# authkey=insertpubkey2here" << std::endl;
f << "# authkey=insertpubkey3here" << std::endl;
#ifdef _WIN32
f << "bind=127.0.0.1:1190" << std::endl;
#else
f << "bind=unix:" << basepath << "api.socket" << std::endl;
#endif
f << std::endl << std::endl;
f << "# system settings for priviledges and such" << std::endl;
@ -165,6 +162,7 @@ llarp_generic_ensure_config(std::ofstream &f, std::string basepath)
// Make auto-config smarter
// will this break reproducibility rules?
// (probably)
#ifdef __linux__
f << "bind=127.3.2.1:53" << std::endl;
#else
@ -187,6 +185,11 @@ llarp_generic_ensure_config(std::ofstream &f, std::string basepath)
void
llarp_ensure_router_config(std::ofstream &f, std::string basepath)
{
f << "# lokid settings (disabled by default)" << std::endl;
f << "[lokid]" << std::endl;
f << "enabled=false" << std::endl;
f << "jsonrpc=127.0.0.1:22023" << std::endl;
f << std::endl;
f << "# network settings " << std::endl;
f << "[network]" << std::endl;
f << "profiles=" << basepath << "profiles.dat" << std::endl;

@ -20,6 +20,7 @@ namespace llarp
section_t services;
section_t system;
section_t api;
section_t lokid;
bool
Load(const char *fname);

@ -869,12 +869,12 @@ namespace llarp
BaseSession::EnterState(State st)
{
state = st;
Alive();
if(st == eSessionReady)
{
parent->MapAddr(remoteRC.pubkey, this);
Router()->HandleLinkSessionEstablished(remoteRC);
Router()->HandleLinkSessionEstablished(remoteRC, parent);
}
Alive();
}
bool

@ -121,9 +121,10 @@ llarp_router_try_connect(struct llarp_router *router,
}
void
llarp_router::HandleLinkSessionEstablished(llarp::RouterContact rc)
llarp_router::HandleLinkSessionEstablished(llarp::RouterContact rc,
llarp::ILinkLayer *link)
{
async_verify_RC(rc);
async_verify_RC(rc, link);
}
llarp_router::llarp_router()
@ -240,9 +241,15 @@ llarp_router::HandleDHTLookupForSendTo(
{
if(results.size())
{
llarp_nodedb_put_rc(nodedb, results[0]);
llarp_router_try_connect(this, results[0], 10);
async_verify_RC(results[0]);
if(whitelistRouters && lokinetRouters.find(remote) == lokinetRouters.end())
{
return;
}
if(results[0].Verify(&crypto))
{
llarp_nodedb_put_rc(nodedb, results[0]);
llarp_router_try_connect(this, results[0], 10);
}
}
else
{
@ -374,7 +381,6 @@ llarp_router::on_verify_server_rc(llarp_async_verify_rc *job)
llarp::PubKey pk(job->rc.pubkey);
if(!job->valid)
{
llarp::LogWarn("invalid server RC");
if(ctx->establish_job)
{
// was an outbound attempt
@ -473,9 +479,11 @@ llarp_router::HandleDHTLookupForTryEstablishTo(
}
for(const auto &result : results)
{
if(whitelistRouters
&& lokinetRouters.find(result.pubkey) == lokinetRouters.end())
continue;
llarp_nodedb_put_rc(nodedb, result);
llarp_router_try_connect(this, result, 10);
async_verify_RC(result);
}
}
@ -537,6 +545,8 @@ llarp_router::Tick()
}
paths.TickPaths(now);
exitContext.Tick(now);
if(rpcCaller)
rpcCaller->Tick(now);
}
void
@ -654,7 +664,8 @@ llarp_router::GetRandomConnectedRouter(llarp::RouterContact &result) const
}
void
llarp_router::async_verify_RC(const llarp::RouterContact &rc)
llarp_router::async_verify_RC(const llarp::RouterContact &rc,
llarp::ILinkLayer *link)
{
llarp_async_verify_rc *job = new llarp_async_verify_rc();
llarp::async_verify_context *ctx = new llarp::async_verify_context();
@ -679,25 +690,18 @@ llarp_router::async_verify_RC(const llarp::RouterContact &rc)
job->hook = &llarp_router::on_verify_server_rc;
else
job->hook = &llarp_router::on_verify_client_rc;
if(rpcCaller && rc.IsPublicRouter())
{
rpcCaller->VerifyRouter(rc.pubkey, [job](llarp::PubKey pk, bool valid) {
if(valid)
{
llarp::LogDebug("lokid says ", pk, " is valid");
llarp_nodedb_async_verify(job);
}
else
{
llarp::LogDebug("lokid says ", pk, " is NOT valid");
job->hook(job);
}
});
}
else
if(rc.IsPublicRouter() && whitelistRouters)
{
llarp_nodedb_async_verify(job);
if(lokinetRouters.find(rc.pubkey) == lokinetRouters.end())
{
llarp::LogInfo(rc.pubkey, " is NOT a valid service node, rejecting");
link->CloseSessionTo(rc.pubkey);
job->valid = false;
job->hook(job);
return;
}
}
llarp_nodedb_async_verify(job);
}
void
@ -1283,6 +1287,17 @@ namespace llarp
llarp::LogWarn("failed to load hidden service config for ", key);
}
}
else if(StrEq(section, "lokid"))
{
if(StrEq(key, "enabled"))
{
self->whitelistRouters = IsTrueValue(val);
}
if(StrEq(key, "jsonrpc"))
{
self->lokidRPCAddr = val;
}
}
else if(StrEq(section, "dns"))
{
if(StrEq(key, "upstream"))

@ -170,7 +170,8 @@ struct llarp_router
llarp_router();
~llarp_router();
void HandleLinkSessionEstablished(llarp::RouterContact);
void
HandleLinkSessionEstablished(llarp::RouterContact, llarp::ILinkLayer *);
bool
HandleRecvLinkMessageBuffer(llarp::ILinkSession *from, llarp_buffer_t msg);
@ -304,7 +305,7 @@ struct llarp_router
GetRandomConnectedRouter(llarp::RouterContact &result) const;
void
async_verify_RC(const llarp::RouterContact &rc);
async_verify_RC(const llarp::RouterContact &rc, llarp::ILinkLayer *link);
void
HandleDHTLookupForSendTo(llarp::RouterID remote,

@ -21,11 +21,31 @@ namespace llarp
{
}
virtual bool
HandleJSONResult(const ::abyss::json::Value& val) = 0;
bool
HandleResponse(::abyss::http::RPC_Response response)
{
if(!response.IsObject())
{
return HandleJSONResult({});
}
const auto itr = response.FindMember("result");
if(itr == response.MemberEnd())
{
return HandleJSONResult({});
}
if(itr->value.IsObject())
return HandleJSONResult(itr->value);
return false;
}
void
PopulateReqHeaders(abyss::http::Headers_t& hdr)
{
(void)hdr;
// TODO: add http auth
// TODO: add http auth (?)
}
};
@ -45,11 +65,38 @@ namespace llarp
}
bool
HandleResponse(const ::abyss::http::RPC_Response& response)
HandleJSONResult(const ::abyss::json::Value& result) override
{
(void)response;
// TODO: get keys from response
PubkeyList_t keys;
if(!result.IsObject())
{
handler({}, false);
return false;
}
const auto itr = result.FindMember("keys");
if(itr == result.MemberEnd())
{
handler({}, false);
return false;
}
if(!itr->value.IsArray())
{
handler({}, false);
return false;
}
auto key_itr = itr->value.Begin();
while(key_itr != itr->value.End())
{
if(key_itr->IsString())
{
keys.emplace_back();
if(!HexDecode(key_itr->GetString(), keys.back(), PUBKEYSIZE))
{
keys.pop_back();
}
}
++key_itr;
}
handler(keys, true);
return true;
}
@ -73,9 +120,8 @@ namespace llarp
}
void
Tick()
Tick(llarp_time_t now)
{
llarp_time_t now = router->Now();
if(now >= m_NextKeyUpdate)
{
AsyncUpdatePubkeyList();
@ -90,7 +136,7 @@ namespace llarp
llarp::LogInfo("Updating service node list");
::abyss::json::Value params;
params.SetObject();
QueueRPC("get_all_service_node_keys", std::move(params),
QueueRPC("/get_all_service_node_keys", std::move(params),
std::bind(&CallerImpl::NewAsyncUpdatePubkeyListConn, this,
std::placeholders::_1));
}
@ -110,21 +156,6 @@ namespace llarp
std::placeholders::_1, std::placeholders::_2));
}
void
VerifyRouter(llarp::PubKey pk,
std::function< void(llarp::PubKey, bool) > handler)
{
if(router->whitelistRouters)
{
auto itr = router->lokinetRouters.find(pk);
handler(pk, itr != router->lokinetRouters.end());
}
else
{
handler(pk, true);
}
}
void
HandleServiceNodeListUpdated(const PubkeyList_t& list, bool updated)
{
@ -132,7 +163,7 @@ namespace llarp
{
router->lokinetRouters.clear();
for(const auto& pk : list)
router->lokinetRouters.emplace(
router->lokinetRouters.insert(
std::make_pair(pk, std::numeric_limits< llarp_time_t >::max()));
llarp::LogInfo("updated service node list, we have ",
router->lokinetRouters.size(), " authorized routers");
@ -301,16 +332,9 @@ namespace llarp
}
void
Tick()
{
}
void
VerifyRouter(llarp::PubKey pk,
std::function< void(llarp::PubKey, bool) > result)
Tick(llarp_time_t now)
{
// always allow routers when not using libabyss
result(pk, true);
(void)now;
}
};
@ -332,10 +356,9 @@ namespace llarp
}
void
Caller::VerifyRouter(llarp::PubKey pk,
std::function< void(llarp::PubKey, bool) > handler)
Caller::Tick(llarp_time_t now)
{
m_Impl->VerifyRouter(pk, handler);
m_Impl->Tick(now);
}
Server::Server(llarp_router* r) : m_Impl(new ServerImpl(r))

@ -102,8 +102,7 @@ struct ClientHandler : public abyss::http::IRPCClientHandler
}
bool
HandleResponse(__attribute__((unused))
const abyss::http::RPC_Response& response)
HandleResponse(__attribute__((unused)) abyss::http::RPC_Response response)
{
test->Stop();
return true;

Loading…
Cancel
Save