mirror of
https://github.com/oxen-io/lokinet
synced 2023-12-14 06:53:00 +01:00
Encrypted pubkey for listening ports:
- created option to add encrypted listeners with paired pubkeys in unordered_map, plus access verification - pubkeys stored in unordered set, changed lambda for listen_curve - pubkeys are comma-delimited and paired with bind address in config file
This commit is contained in:
parent
7fb36782dc
commit
802ad46df1
|
@ -2,6 +2,7 @@
|
|||
#include "definition.hpp"
|
||||
#include "ini.hpp"
|
||||
|
||||
#include <oxenmq/address.h>
|
||||
#include <llarp/constants/files.hpp>
|
||||
#include <llarp/constants/platform.hpp>
|
||||
#include <llarp/constants/version.hpp>
|
||||
|
@ -1152,10 +1153,45 @@ namespace llarp
|
|||
"Recommend localhost-only for security purposes.",
|
||||
});
|
||||
|
||||
conf.defineOption<std::string>("api", "authkey", Deprecated);
|
||||
conf.defineOption<std::string>(
|
||||
"api",
|
||||
"bind_curve",
|
||||
Default{""},
|
||||
MultiValue,
|
||||
[this](std::string arg) mutable {
|
||||
if (arg.empty())
|
||||
return;
|
||||
|
||||
// TODO: this was from pre-refactor:
|
||||
// TODO: add pubkey to whitelist
|
||||
auto pipe = arg.find("|");
|
||||
|
||||
if (pipe == arg.npos)
|
||||
throw std::invalid_argument(
|
||||
"Addresses and whitelisted pubkeys must be pipe-delimited key:value pairs");
|
||||
|
||||
auto key = arg.substr(0, pipe), values = arg.substr(pipe + 1, arg.npos);
|
||||
|
||||
if (not starts_with(key, "tcp://"))
|
||||
key = "tcp://" + key;
|
||||
|
||||
auto pubkeys = split(values, ",", true);
|
||||
|
||||
for (auto& pk : pubkeys)
|
||||
m_rpcEncryptedAddresses[oxenmq::address{key}].emplace(pk);
|
||||
},
|
||||
Comment{
|
||||
"Specify encrypted listener addresses and comma-delimited public keys to be accepted ",
|
||||
"by exposed encrypted listener. Keys must be attached to a listener address.",
|
||||
"",
|
||||
"Example: ",
|
||||
" bind_curve=tcp://0.0.0.0:1234|pubkeyA,pubkeyB",
|
||||
" bind_curve=tcp://0.0.0.0:5678|pubkeyC,pubkeyD",
|
||||
"",
|
||||
"In the given example above, port 1234 is only accessible by whitelisted ",
|
||||
"pubkeys A and B, while 5678 is accessible by C and D.",
|
||||
"",
|
||||
"Note: tcp addresses passed without \"tcp://\" prefix will have it prepended"});
|
||||
|
||||
conf.defineOption<std::string>("api", "authkey", Deprecated);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
#include "ini.hpp"
|
||||
#include "definition.hpp"
|
||||
|
||||
#include <oxenmq/auth.h>
|
||||
#include <chrono>
|
||||
|
||||
#include <llarp/bootstrap.hpp>
|
||||
#include <llarp/crypto/types.hpp>
|
||||
#include <llarp/router_contact.hpp>
|
||||
|
@ -26,6 +26,7 @@
|
|||
#include <utility>
|
||||
#include <vector>
|
||||
#include <unordered_set>
|
||||
#include <unordered_map>
|
||||
|
||||
#include <oxenmq/address.h>
|
||||
|
||||
|
@ -190,6 +191,7 @@ namespace llarp
|
|||
{
|
||||
bool m_enableRPCServer = false;
|
||||
std::vector<oxenmq::address> m_rpcBindAddresses;
|
||||
std::unordered_map<oxenmq::address, std::unordered_set<std::string>> m_rpcEncryptedAddresses;
|
||||
|
||||
void
|
||||
defineConfigOptions(ConfigDefinition& conf, const ConfigGenParameters& params);
|
||||
|
|
Loading…
Reference in a new issue