2021-10-08 12:39:31 +00:00
|
|
|
// SPDX-FileCopyrightText: 2021 The NGI Pointer Secure-Scuttlebutt Team of 2020/2021
|
|
|
|
|
//
|
2021-02-09 11:53:33 +00:00
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
|
2021-01-25 15:35:22 +00:00
|
|
|
package roomsrv
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net"
|
|
|
|
|
|
2022-11-07 09:18:13 +00:00
|
|
|
"github.com/ssbc/go-muxrpc/v2"
|
2021-01-25 15:35:22 +00:00
|
|
|
|
2022-11-07 09:18:13 +00:00
|
|
|
"github.com/ssbc/go-ssb-room/v2/internal/network"
|
|
|
|
|
"github.com/ssbc/go-ssb-room/v2/roomdb"
|
2021-01-25 15:35:22 +00:00
|
|
|
)
|
|
|
|
|
|
2021-03-16 08:10:44 +00:00
|
|
|
// opens the shs listener for TCP connections
|
2021-01-25 15:35:22 +00:00
|
|
|
func (s *Server) initNetwork() error {
|
|
|
|
|
// muxrpc handler creation and authoratization decider
|
|
|
|
|
mkHandler := func(conn net.Conn) (muxrpc.Handler, error) {
|
|
|
|
|
s.closedMu.Lock()
|
|
|
|
|
defer s.closedMu.Unlock()
|
|
|
|
|
|
|
|
|
|
remote, err := network.GetFeedRefFromAddr(conn.RemoteAddr())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("sbot: expected an address containing an shs-bs addr: %w", err)
|
|
|
|
|
}
|
2021-02-11 15:43:19 +00:00
|
|
|
|
2021-01-25 15:35:22 +00:00
|
|
|
if s.keyPair.Feed.Equal(remote) {
|
2021-03-11 17:40:33 +00:00
|
|
|
return &s.master, nil
|
2021-01-25 15:35:22 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-12 14:41:24 +00:00
|
|
|
pm, err := s.Config.GetPrivacyMode(s.rootCtx)
|
2021-03-24 09:58:32 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("running with unknown privacy mode")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if privacy mode is restricted, deny connections from non-members
|
|
|
|
|
if pm == roomdb.ModeRestricted {
|
2022-11-07 09:18:13 +00:00
|
|
|
if _, err := s.Members.GetByFeed(s.rootCtx, remote); err != nil {
|
2021-03-24 09:58:32 +00:00
|
|
|
return nil, fmt.Errorf("access restricted to members")
|
|
|
|
|
}
|
2021-01-25 15:35:22 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-07 08:53:57 +00:00
|
|
|
// if feed is in the deny list, deny their connection
|
2022-11-07 09:18:13 +00:00
|
|
|
if s.DeniedKeys.HasFeed(s.rootCtx, remote) {
|
2021-04-07 08:53:57 +00:00
|
|
|
return nil, fmt.Errorf("this key has been banned")
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-24 09:58:32 +00:00
|
|
|
// for community + open modes, allow all connections
|
|
|
|
|
return &s.public, nil
|
2021-01-25 15:35:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// tcp+shs
|
|
|
|
|
opts := network.Options{
|
|
|
|
|
Logger: s.logger,
|
|
|
|
|
Dialer: s.dialer,
|
|
|
|
|
ListenAddr: s.listenAddr,
|
|
|
|
|
KeyPair: s.keyPair,
|
|
|
|
|
AppKey: s.appKey[:],
|
|
|
|
|
MakeHandler: mkHandler,
|
|
|
|
|
ConnTracker: s.networkConnTracker,
|
|
|
|
|
BefreCryptoWrappers: s.preSecureWrappers,
|
|
|
|
|
AfterSecureWrappers: s.postSecureWrappers,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
s.Network, err = network.New(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to create network node: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
