logos-messaging/logos-delivery
1
0
Fork 0
mirror of https://github.com/logos-messaging/logos-delivery.git synced 2026-06-06 22:19:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
logos-delivery/waku/node/waku_switch.nim
Prem Chaitanya Prathi d8bbef0c5b
feat(mix): bump libp2p stack to v2.0.0 + adopt stateless RLN spam protection 
Combines five dep-and-build changes that all flow from the libp2p v2.0.0
upgrade and the move to the extracted libp2p_mix / mix-rln plugin stack:

waku.nimble:
  * libp2p: ff8d51857 -> c43199378 (release/v2.0.0 tip; sha-pinned until
    vacp2p cuts a v2.0.0 tag).
  * Drop the bare `zlib < 0.2` cap — no longer needed by the upgraded
    libp2p.
  * websock: bare ">= 0.4.0" — replaces the d4cd68b URL+SHA workaround
    that pinned through a libp2p commit-specific websock SHA.
  * nim-json-rpc: switch to chaitanyaprem/nim-json-rpc#f05fad25 — relaxes
    websock cap to allow >=0.4.0. TODO: revert to status-im/nim-json-rpc
    once status-im/nim-json-rpc#277 merges and a tag is cut.
  * lsquic: bare ">= 0.4.1" (drops URL form).
  * Add mix-rln-spam-protection-plugin pin (23b278b4) and nim-libp2p-mix
    pin (50c4ab4f — PR #14 HEAD); the plugin pins the same libp2p_mix
    SHA so the diamond dep collapses to a single source.

waku/factory/waku.nim:
  * Explicit HPService.setup(switch) / AutonatService.setup(switch)
    calls. libp2p v2.0.0's Service lifecycle refactor (libp2p#2462)
    removed switch.start's auto-setup loop, so any caller that assigns
    directly to switch.services (we do) is responsible for calling
    setup() themselves. Without it, AutonatService.addressMapper stays
    nil and peerInfo.expandAddrs SIGSEGVs during start(). Wrapped in
    try/except for ServiceSetupError so a setup failure surfaces as a
    logged error rather than a crash.

Build / scripts:
  * scripts/build_rln_mix.sh removed and Makefile simplified — librln
    is now a single shared archive built from zerokit's `stateless`
    features (no separate librln_mix archive).
  * simulations/mixnet/build_setup.sh + setup_credentials.nim updated
    to use librln_v2.0.2.a directly and run RLN keystore setup before
    nodes start.

Validated:
  * Cold local-cache nimble setup --localdeps -y.
  * wakunode2 and chat2mix link cleanly.
  * Mixnet roundtrip sim: [PASS] bob received message from alice.
  * RLN proof generation + verification on every in-path mix node:
    5 gen_called == 5 verified, 0 SPAM_PROOF_* errors.
2026-06-04 16:54:44 +05:30

124 lines
4.2 KiB
Nim
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Waku Switch utils.
{.push raises: [].}
import
std/options,
chronos,
chronicles,
eth/keys,
libp2p/crypto/crypto,
libp2p/crypto/rng as libp2p_rng,
libp2p/protocols/pubsub/gossipsub,
libp2p/protocols/rendezvous,
libp2p/protocols/connectivity/relay/relay,
libp2p/nameresolving/nameresolver,
libp2p/builders,
libp2p/switch,
libp2p/transports/[transport, tcptransport, wstransport]
# override nim-libp2p default value (which is also 1)
const MaxConnectionsPerPeer* = 1
# libp2p 1.15.3 ships a built-in `withWsTransport` matching this name, so
# the plain-WS wrapper that used to live here is now redundant. Callers
# that did `b.withWsTransport()` resolve to libp2p's overload (zero args =
# no TLS, no flags). Callers passing `tlsPrivateKey=`/`tlsCertificate=`
# also use libp2p's built-in.
# nim-libp2p#2329 made libp2p's MaxConnections const private (renamed to
# DefaultMaxConnections); redeclare here to keep waku's cap explicit.
const MaxConnections* = 50
proc getSecureKey(path: string): TLSPrivateKey {.raises: [Defect, IOError].} =
trace "Key path is.", path = path
let stringkey: string = readFile(path)
try:
let key = TLSPrivateKey.init(stringkey)
return key
except TLSStreamProtocolError as exc:
info "exception raised from getSecureKey", err = exc.msg
proc getSecureCert(path: string): TLSCertificate {.raises: [Defect, IOError].} =
trace "Certificate path is.", path = path
let stringCert: string = readFile(path)
try:
let cert = TLSCertificate.init(stringCert)
return cert
except TLSStreamProtocolError as exc:
info "exception raised from getSecureCert", err = exc.msg
proc withWssTransport*(
b: SwitchBuilder, secureKeyPath: string, secureCertPath: string
): SwitchBuilder {.raises: [Defect, IOError].} =
let key: TLSPrivateKey = getSecureKey(secureKeyPath)
let cert: TLSCertificate = getSecureCert(secureCertPath)
b.withWsTransport(
tlsPrivateKey = key,
tlsCertificate = cert,
{TLSFlags.NoVerifyHost, TLSFlags.NoVerifyServerName}, # THIS IS INSECURE, NO?
)
proc newWakuSwitch*(
privKey = none(crypto.PrivateKey),
address = MultiAddress.init("/ip4/127.0.0.1/tcp/0").tryGet(),
wsAddress = none(MultiAddress),
secureManagers: openarray[SecureProtocol] = [SecureProtocol.Noise],
transportFlags: set[ServerFlags] = {},
rng: libp2p_rng.Rng,
inTimeout: Duration = 5.minutes,
outTimeout: Duration = 5.minutes,
maxConnections = MaxConnections,
maxIn = -1,
maxOut = -1,
maxConnsPerPeer = MaxConnectionsPerPeer,
nameResolver: NameResolver = nil,
sendSignedPeerRecord = false,
wssEnabled: bool = false,
secureKeyPath: string = "",
secureCertPath: string = "",
agentString = none(string), # defaults to nim-libp2p version
peerStoreCapacity = none(int), # defaults to 1.25 maxConnections
rendezvous: Opt[RendezVousConfig] = Opt.none(RendezVousConfig),
circuitRelay: Relay,
): Switch {.raises: [Defect, IOError, LPError].} =
var b = SwitchBuilder.new().withRng(rng).withMaxConnections(maxConnections)
# libp2p 1.15.3 asserts both maxIn and maxOut > 0; only opt into independent
# in/out caps when the caller actually supplied them. Otherwise the single
# `withMaxConnections` cap from above remains in effect.
if maxIn > 0 and maxOut > 0:
b = b.withMaxInOut(maxIn, maxOut)
b = b
.withMaxConnsPerPeer(maxConnsPerPeer)
.withYamux()
.withMplex(inTimeout, outTimeout)
.withNoise()
.withTcpTransport(transportFlags)
.withNameResolver(nameResolver)
.withSignedPeerRecord(sendSignedPeerRecord)
.withCircuitRelay(circuitRelay)
.withAutonat()
if peerStoreCapacity.isSome():
b = b.withPeerStore(peerStoreCapacity.get())
else:
let defaultPeerStoreCapacity = int(maxConnections) * 5
b = b.withPeerStore(defaultPeerStoreCapacity)
if agentString.isSome():
b = b.withAgentVersion(agentString.get())
if privKey.isSome():
b = b.withPrivateKey(privKey.get())
if wsAddress.isSome():
b = b.withAddresses(@[wsAddress.get(), address])
if wssEnabled:
b = b.withWssTransport(secureKeyPath, secureCertPath)
else:
b = b.withWsTransport()
else:
b = b.withAddress(address)
if rendezvous.isSome():
b = b.withRendezVous(rendezvous.get())
b.build()
Reference in New Issue View Git Blame Copy Permalink