feat: configure protected topics via cli (#1696)

This commit is contained in:
Alvaro Revuelta 2023-05-02 11:45:50 +02:00 committed by GitHub
parent 2151042568
commit 16b4452390
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 8 deletions

View File

@ -547,19 +547,20 @@ proc setupProtocols(node: WakuNode, conf: WakuNodeConf,
peerExchangeHandler = some(handlePeerExchange)
if conf.relay:
let pubsubTopics = conf.topics.split(" ")
try:
let pubsubTopics = conf.topics.split(" ")
await mountRelay(node, pubsubTopics, peerExchangeHandler = peerExchangeHandler)
except CatchableError:
return err("failed to mount waku relay protocol: " & getCurrentExceptionMsg())
# TODO: Get this from cli
var topicsPublicKeys = initTable[string, SkPublicKey]()
# Add validation keys to protected topics
for topic, publicKey in topicsPublicKeys.pairs:
info "routing only signed traffic", topic=topic, publicKey=publicKey
node.wakuRelay.addSignedTopicValidator(Pubsubtopic(topic), publicKey)
for topicKey in conf.protectedTopics:
if topicKey.topic notin pubsubTopics:
warn "protected topic not in subscribed pubsub topics, skipping adding validator",
protectedTopic=topicKey.topic, subscribedTopics=pubsubTopics
continue
notice "routing only signed traffic", protectedTopic=topicKey.topic, publicKey=topicKey.key
node.wakuRelay.addSignedTopicValidator(Pubsubtopic(topicKey.topic), topicKey.key)
# Keepalive mounted on all nodes
try:

View File

@ -11,7 +11,8 @@ import
libp2p/crypto/crypto,
libp2p/crypto/secp,
libp2p/multiaddress,
nimcrypto/utils
nimcrypto/utils,
secp256k1
import
../../waku/common/confutils/envvar/defs as confEnvvarDefs,
../../waku/common/confutils/envvar/std/net as confEnvvarNet,
@ -25,6 +26,9 @@ export
type ConfResult*[T] = Result[T, string]
type ProtectedTopic* = object
topic*: string
key*: secp256k1.SkPublicKey
type
WakuNodeConf* = object
@ -32,6 +36,12 @@ type
desc: "Loads configuration from a TOML file (cmd-line parameters take precedence)"
name: "config-file" }: Option[InputFile]
## Application-level configuration
protectedTopics* {.
desc: "Topics and its public key to be used for message validation, topic:pubkey. Argument may be repeated."
defaultValue: newSeq[ProtectedTopic](0)
name: "protected-topic" .}: seq[ProtectedTopic]
## Log configuration
logLevel* {.
@ -457,6 +467,19 @@ proc parseCmdArg*(T: type crypto.PrivateKey, p: string): T =
proc completeCmdArg*(T: type crypto.PrivateKey, val: string): seq[string] =
return @[]
proc parseCmdArg*(T: type ProtectedTopic, p: string): T =
let elements = p.split(":")
if elements.len != 2:
raise newException(ConfigurationError, "Invalid format for protected topic expected topic:publickey")
let publicKey = secp256k1.SkPublicKey.fromHex(elements[1])
if publicKey.isErr:
raise newException(ConfigurationError, "Invalid public key")
return ProtectedTopic(topic: elements[0], key: publicKey.get())
proc completeCmdArg*(T: type ProtectedTopic, val: string): seq[string] =
return @[]
proc parseCmdArg*(T: type ValidIpAddress, p: string): T =
try:
@ -533,6 +556,17 @@ proc readValue*(r: var EnvvarReader, value: var crypto.PrivateKey) {.raises: [Se
except CatchableError:
raise newException(SerializationError, getCurrentExceptionMsg())
proc readValue*(r: var TomlReader, value: var ProtectedTopic) {.raises: [SerializationError].} =
try:
value = parseCmdArg(ProtectedTopic, r.readValue(string))
except CatchableError:
raise newException(SerializationError, getCurrentExceptionMsg())
proc readValue*(r: var EnvvarReader, value: var ProtectedTopic) {.raises: [SerializationError].} =
try:
value = parseCmdArg(ProtectedTopic, r.readValue(string))
except CatchableError:
raise newException(SerializationError, getCurrentExceptionMsg())
{.push warning[ProveInit]: off.}