snowstorm/config/

mod.rs

use crate::identity::Role;
pub use geohash::Coord;
use geohash::GeohashError;
pub use libp2p::identity::{Keypair, PublicKey};
use libp2p::multiaddr::Protocol;
pub use libp2p::Multiaddr;
use libp2p::PeerId;
use std::sync::Arc;
use std::{collections::HashSet, io::Error, net::Ipv4Addr};

pub mod serializable;
use crate::net::ProtectSocketFn;
use serializable::SerializableConfig;

#[derive(Debug, Clone)]
pub struct AddrInfo {
    pub peer_id: PeerId,
    pub multiaddrs: Vec<Multiaddr>,
}

#[derive(Debug, Default, Clone)]
pub struct Hop {
    pub addr_info: Vec<AddrInfo>,
    pub policy: String,
    pub user: String,
}

#[derive(Debug, Clone)]
pub struct RouteDescriptor {
    pub id: String,
    pub name: String,
    pub path: Vec<Hop>,
    pub ttl: i32,
    pub reference: Option<u32>,
}

#[derive(Debug, Clone)]
pub struct Config {
    /// Peer privacy level
    ///
    /// The lower the level, the more privacy is granted
    ///
    /// This parameter affects geohash precision and internal behaviour
    ///
    /// From 0 to 12
    /// If 0 is provided no location will be set
    pub privacy_level: isize,

    /// Peer geohashed location
    pub location: Option<String>,

    /// Peer behaviour roles
    pub roles: HashSet<Role>,

    /// First HOP peer multiaddresses
    pub entry_peers: Vec<Multiaddr>,

    /// Peer identity keypair
    pub keypair: Keypair,

    // List of multiaddresses to listen on
    pub listen_on: Vec<Multiaddr>,

    /// Discovery namespace
    pub namespace: String,

    /// Discovery TTL in seconds
    pub discovery_ttl: Option<u64>,

    /// Static Exits
    /// deprecated
    pub static_exits: Vec<Multiaddr>,

    /// Static routes
    pub static_routes: Vec<RouteDescriptor>,

    /// Socks Listen Address
    pub sserver_listen_addr: String,

    /// Socks Client Listen Address
    pub sclient_listen_addr: String,

    /// modify fdlimit
    pub fdlimit: bool,

    /// External addresses
    pub external_addrs: Vec<Multiaddr>,

    /// Outbound addresses
    pub outbound_addrs: Vec<Multiaddr>,

    /// Fly.io mode.
    pub is_fly_io: bool,

    // Optional func to protect sockets
    pub protect_socket_fn: Option<ProtectSocketFn>,

    // A Yukigo token authenticating the user.
    pub token: Option<String>,

    // Device uuid
    pub device_id: Option<String>,

    // Auth checks for a given route id
    // exit/volunteer mode only
    pub route_auth_enabled: bool,
}

impl Default for Config {
    fn default() -> Self {
        let address_tcp = Multiaddr::from(Ipv4Addr::UNSPECIFIED).with(Protocol::Tcp(0));

        let address_quic = Multiaddr::from(Ipv4Addr::UNSPECIFIED)
            .with(Protocol::Udp(0))
            .with(Protocol::QuicV1);

        let address_webrtc = Multiaddr::from(Ipv4Addr::UNSPECIFIED)
            .with(Protocol::Udp(0))
            .with(Protocol::WebRTCDirect);

        Config {
            privacy_level: 0,
            location: None,
            roles: HashSet::new(),
            keypair: Keypair::generate_ed25519(),
            entry_peers: Vec::new(),
            listen_on: vec![address_tcp, address_quic, address_webrtc],
            namespace: "snowstorm".to_string(),
            discovery_ttl: Some(60 * 60 * 12),
            static_exits: Vec::new(),
            static_routes: Vec::new(),
            // Mac and iOS network extension is not happy with listening on 0.0.0.0
            sserver_listen_addr: if cfg!(any(target_os = "macos", target_os = "ios")) { "127.0.0.1:0".to_string() } else  { "0.0.0.0:0".to_string() } ,
            sclient_listen_addr: "127.0.0.1:0".to_string(),
            fdlimit: true,
            external_addrs: Vec::new(),
            outbound_addrs: Vec::new(),
            is_fly_io: false,
            protect_socket_fn: None,
            token: None,
            device_id: None,
            route_auth_enabled: false,
        }
    }
}

impl Config {
    fn apply_privacy_level(&mut self) {
        if self.privacy_level <= 0 {
            self.location = None;
            self.privacy_level = 0;
            return;
        }

        if let Some(location) = &self.location {
            self.location = Some(location[..self.privacy_level as usize].to_string());
        }
    }

    pub fn has_entry(&self, id: &PeerId) -> bool {
        self.entry_peers.iter().any(|multiaddr| {
            multiaddr
                .iter()
                .any(|proto| matches!(proto, Protocol::P2p(peer_id) if peer_id == *id))
        })
    }

    pub fn has_static_exit(&self, id: &PeerId) -> bool {
        let has_exit = self.static_exits.iter().any(|multiaddr| {
            multiaddr
                .iter()
                .any(|proto| matches!(proto, Protocol::P2p(peer_id) if peer_id == *id))
        });

        if has_exit {
            return true;
        }

        let has_route = self.static_routes.iter().any(|route| {
            route.path.iter().any(|hop| {
                hop.addr_info
                    .iter()
                    .any(|addr_info| addr_info.peer_id == *id)
            })
        });

        return has_route;
    }

    pub fn with_role(&mut self, role: Role) {
        // TODO: maybe apply privacy level if mode is only client?
        self.roles.insert(role);
    }

    pub fn with_privacy_level(mut self, privacy_level: isize) -> Result<Self, Error> {
        if privacy_level > 12 {
            return Err(Error::new(
                std::io::ErrorKind::InvalidInput,
                "Privacy level must be between 0 and 12",
            ));
        }

        self.privacy_level = privacy_level;
        self.apply_privacy_level();

        Ok(self)
    }

    pub fn with_location(mut self, location: String) -> Self {
        self.location = Some(location);
        self.apply_privacy_level();
        self
    }

    pub fn with_coordinates(mut self, coord: geohash::Coord) -> Result<Self, GeohashError> {
        self.location = Some(geohash::encode(coord, self.privacy_level as usize)?);
        Ok(self)
    }

    pub fn with_first_hops(mut self, first_hops: Vec<Multiaddr>) -> Self {
        self.entry_peers = first_hops;
        self
    }

    pub fn with_first_hop(mut self, first_hop: Multiaddr) -> Self {
        self.entry_peers.push(first_hop);
        self
    }

    pub fn with_roles(mut self, roles: HashSet<Role>) -> Self {
        for role in roles {
            self.with_role(role);
        }

        self
    }

    pub fn with_keypair(mut self, keypair: Keypair) -> Self {
        self.keypair = keypair;
        self
    }

    pub fn with_sserver_listen_addr(mut self, listen_addr: String) -> Self {
        self.sserver_listen_addr = listen_addr;
        self
    }

    pub fn with_sclient_listen_addr(mut self, listen_addr: String) -> Self {
        self.sclient_listen_addr = listen_addr;
        self
    }

    pub fn with_external_addrs(mut self, external_addrs: Vec<Multiaddr>) -> Self {
        self.external_addrs = external_addrs;
        self
    }

    pub fn with_outbound_addrs(mut self, outbound_addrs: Vec<Multiaddr>) -> Self {
        self.outbound_addrs = outbound_addrs;
        if self.outbound_addrs.len() == 0 {
            return self;
        }

        // Fixup listen_on, because libp2p is stupid and only allows one
        // QUIC listener per AF, so the default `INADDR_ANY:0` listener
        // will take precidence, and it happens to be the address that
        // gets used for outgoing connections.
        let mut ln_addrs: Vec<Multiaddr> = Vec::new();
        for out_addr in &self.outbound_addrs {
            let is_ip4 = matches!(out_addr.iter().next(), Some(Protocol::Ip4(_)));

            let tcp_addr = out_addr.clone().with(Protocol::Tcp(0));
            let quic_addr = out_addr
                .clone()
                .with(Protocol::Udp(0))
                .with(Protocol::QuicV1);
            let webrtc_addr = out_addr
                .clone()
                .with(Protocol::Udp(0))
                .with(Protocol::WebRTCDirect);
            ln_addrs.push(tcp_addr);
            ln_addrs.push(quic_addr);
            if is_ip4 {
                // @timur: webrtc-direct dialing wasn't working for me with an existing ipv6 listener
                // we should probably look into why. In the meanwhile - just leaving ipv4 here.
                ln_addrs.push(webrtc_addr);
            }
        }

        self.listen_on = ln_addrs;
        self
    }

    pub fn with_fly_io(mut self, is_fly_io: bool) -> Self {
        self.is_fly_io = is_fly_io;
        self
    }

    pub fn with_protect_socket_fn(
        mut self,
        protect_socket_fn: Arc<dyn Fn(i32) -> () + Send + Sync>,
    ) -> Self {
        self.protect_socket_fn = Some(ProtectSocketFn(protect_socket_fn));
        self
    }

    pub fn with_token(mut self, token: String) -> Self {
        self.token = Some(token);
        self
    }

    pub fn with_route_auth_enabled(mut self, route_auth_enabled: bool) -> Self {
        self.route_auth_enabled = route_auth_enabled;
        self
    }

    pub fn seal(self) -> Result<Vec<u8>, Error> {
        let config = SerializableConfig::from(self);
        let data =
            serde_cbor::to_vec(&config).map_err(|e| Error::new(std::io::ErrorKind::Other, e))?;

        // TODO: encrypt data using passphrase

        Ok(data)
    }

    pub fn unseal(data: Vec<u8>) -> Result<Self, Error> {
        // TODO: decrypt data using passphrase

        let sc: SerializableConfig =
            serde_cbor::from_slice(&data).map_err(|e| Error::new(std::io::ErrorKind::Other, e))?;

        Ok(Config::from(sc))
    }
}