Skip to content

Commit d19974d

Browse files
achingbrainachingbrain
authored
fix: require external confirmation of public addresses (#2867)
Requires autonat to confirm external IP addresses and domain names before the node will announce them.
1 parent 6ab85ea commit d19974d

File tree

23 files changed

+1613
-1130
lines changed

23 files changed

+1613
-1130
lines changed

packages/auto-tls/src/domain-mapper.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,10 @@ export class DomainMapper {
5858
}
5959

6060
updateMappings (): void {
61-
const publicIps = getPublicIps(this.addressManager.getAddresses())
61+
const publicIps = getPublicIps(
62+
this.addressManager.getAddressesWithMetadata()
63+
.map(({ multiaddr }) => multiaddr)
64+
)
6265

6366
// did our public IPs change?
6467
const addedIp4 = []

packages/auto-tls/test/domain-mapper.spec.ts

Lines changed: 104 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -42,13 +42,32 @@ describe('domain-mapper', () => {
4242
const ip4 = '81.12.12.9'
4343
const ip6 = '2001:4860:4860::8889'
4444

45-
components.addressManager.getAddresses.returns([
46-
multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
47-
multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
48-
multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
49-
multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
50-
multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
51-
])
45+
components.addressManager.getAddressesWithMetadata.returns([{
46+
multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
47+
verified: true,
48+
expires: Infinity,
49+
type: 'transport'
50+
}, {
51+
multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
52+
verified: true,
53+
expires: Infinity,
54+
type: 'transport'
55+
}, {
56+
multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
57+
verified: true,
58+
expires: Infinity,
59+
type: 'transport'
60+
}, {
61+
multiaddr: multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
62+
verified: true,
63+
expires: Infinity,
64+
type: 'ip-mapping'
65+
}, {
66+
multiaddr: multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
67+
verified: true,
68+
expires: Infinity,
69+
type: 'ip-mapping'
70+
}])
5271

5372
components.events.safeDispatchEvent('certificate:provision', {
5473
detail: {
@@ -69,13 +88,32 @@ describe('domain-mapper', () => {
6988
const ip4v1 = '81.12.12.9'
7089
const ip6v1 = '2001:4860:4860::8889'
7190

72-
components.addressManager.getAddresses.returns([
73-
multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
74-
multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
75-
multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
76-
multiaddr(`/ip4/${ip4v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
77-
multiaddr(`/ip6/${ip6v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
78-
])
91+
components.addressManager.getAddressesWithMetadata.returns([{
92+
multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
93+
verified: true,
94+
expires: Infinity,
95+
type: 'transport'
96+
}, {
97+
multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
98+
verified: true,
99+
expires: Infinity,
100+
type: 'transport'
101+
}, {
102+
multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
103+
verified: true,
104+
expires: Infinity,
105+
type: 'transport'
106+
}, {
107+
multiaddr: multiaddr(`/ip4/${ip4v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
108+
verified: true,
109+
expires: Infinity,
110+
type: 'ip-mapping'
111+
}, {
112+
multiaddr: multiaddr(`/ip6/${ip6v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
113+
verified: true,
114+
expires: Infinity,
115+
type: 'ip-mapping'
116+
}])
79117

80118
components.events.safeDispatchEvent('certificate:provision', {
81119
detail: {
@@ -94,13 +132,32 @@ describe('domain-mapper', () => {
94132
const ip4v2 = '81.12.12.10'
95133
const ip6v2 = '2001:4860:4860::8890'
96134

97-
components.addressManager.getAddresses.returns([
98-
multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
99-
multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
100-
multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
101-
multiaddr(`/ip4/${ip4v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
102-
multiaddr(`/ip6/${ip6v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
103-
])
135+
components.addressManager.getAddressesWithMetadata.returns([{
136+
multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
137+
verified: true,
138+
expires: Infinity,
139+
type: 'transport'
140+
}, {
141+
multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
142+
verified: true,
143+
expires: Infinity,
144+
type: 'transport'
145+
}, {
146+
multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
147+
verified: true,
148+
expires: Infinity,
149+
type: 'transport'
150+
}, {
151+
multiaddr: multiaddr(`/ip4/${ip4v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
152+
verified: true,
153+
expires: Infinity,
154+
type: 'ip-mapping'
155+
}, {
156+
multiaddr: multiaddr(`/ip6/${ip6v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
157+
verified: true,
158+
expires: Infinity,
159+
type: 'ip-mapping'
160+
}])
104161

105162
components.events.safeDispatchEvent('self:peer:update', {
106163
detail: stubInterface<Peer>()
@@ -121,13 +178,32 @@ describe('domain-mapper', () => {
121178
const ip4 = '81.12.12.9'
122179
const ip6 = '2001:4860:4860::8889'
123180

124-
components.addressManager.getAddresses.returns([
125-
multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
126-
multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
127-
multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
128-
multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
129-
multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
130-
])
181+
components.addressManager.getAddressesWithMetadata.returns([{
182+
multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
183+
verified: true,
184+
expires: Infinity,
185+
type: 'transport'
186+
}, {
187+
multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
188+
verified: true,
189+
expires: Infinity,
190+
type: 'transport'
191+
}, {
192+
multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
193+
verified: true,
194+
expires: Infinity,
195+
type: 'transport'
196+
}, {
197+
multiaddr: multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
198+
verified: true,
199+
expires: Infinity,
200+
type: 'ip-mapping'
201+
}, {
202+
multiaddr: multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
203+
verified: true,
204+
expires: Infinity,
205+
type: 'ip-mapping'
206+
}])
131207

132208
components.events.safeDispatchEvent('self:peer:update', {
133209
detail: stubInterface<Peer>()

packages/auto-tls/test/index.spec.ts

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import { DEFAULT_CERTIFICATE_DATASTORE_KEY, DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME
1616
import { importFromPem } from '../src/utils.js'
1717
import { CERT, CERT_FOR_OTHER_KEY, EXPIRED_CERT, INVALID_CERT, PRIVATE_KEY_PEM } from './fixtures/cert.js'
1818
import type { ComponentLogger, Libp2pEvents, Peer, PeerId, PrivateKey, RSAPrivateKey, TypedEventTarget } from '@libp2p/interface'
19-
import type { AddressManager } from '@libp2p/interface-internal'
19+
import type { AddressManager, NodeAddress } from '@libp2p/interface-internal'
2020
import type { Keychain } from '@libp2p/keychain'
2121
import type { StubbedInstance } from 'sinon-ts'
2222

@@ -49,12 +49,26 @@ describe('auto-tls', () => {
4949
datastore: new MemoryDatastore()
5050
}
5151

52-
// mixture of LAN and public addresses
53-
components.addressManager.getAddresses.returns([
54-
multiaddr(`/ip4/127.0.0.1/tcp/1235/p2p/${components.peerId}`),
55-
multiaddr(`/ip4/192.168.0.100/tcp/1235/p2p/${components.peerId}`),
56-
multiaddr(`/ip4/82.32.57.46/tcp/2345/p2p/${components.peerId}`)
57-
])
52+
// a mixture of LAN and public addresses
53+
const addresses: NodeAddress[] = [{
54+
multiaddr: multiaddr(`/ip4/127.0.0.1/tcp/1235/p2p/${components.peerId}`),
55+
verified: true,
56+
expires: Infinity,
57+
type: 'transport'
58+
}, {
59+
multiaddr: multiaddr(`/ip4/192.168.0.100/tcp/1235/p2p/${components.peerId}`),
60+
verified: true,
61+
expires: Infinity,
62+
type: 'transport'
63+
}, {
64+
multiaddr: multiaddr(`/ip4/82.32.57.46/tcp/2345/p2p/${components.peerId}`),
65+
verified: true,
66+
expires: Infinity,
67+
type: 'ip-mapping'
68+
}]
69+
70+
components.addressManager.getAddressesWithMetadata.returns(addresses)
71+
components.addressManager.getAddresses.returns(addresses.map(({ multiaddr }) => multiaddr))
5872
})
5973

6074
afterEach(async () => {

packages/integration-tests/test/addresses.spec.ts

Lines changed: 0 additions & 159 deletions
This file was deleted.

0 commit comments

Comments
 (0)