lotus/node/modules/core.go

package modules

import (
	"context"
	"crypto/rand"
	"errors"
	"io"
	"io/ioutil"
	"path/filepath"

	"github.com/gbrlsnchs/jwt/v3"
	logging "github.com/ipfs/go-log/v2"
	"github.com/libp2p/go-libp2p-core/peerstore"
	record "github.com/libp2p/go-libp2p-record"
	"golang.org/x/xerrors"

	"github.com/filecoin-project/go-jsonrpc/auth"

	"github.com/filecoin-project/lotus/api/apistruct"
	"github.com/filecoin-project/lotus/build"
	"github.com/filecoin-project/lotus/chain/types"
	"github.com/filecoin-project/lotus/journal"
	"github.com/filecoin-project/lotus/lib/addrutil"
	"github.com/filecoin-project/lotus/node/modules/dtypes"
	"github.com/filecoin-project/lotus/node/repo"
)

var log = logging.Logger("modules")

type Genesis func() (*types.BlockHeader, error)

// RecordValidator provides namesys compatible routing record validator
func RecordValidator(ps peerstore.Peerstore) record.Validator {
	return record.NamespacedValidator{
		"pk": record.PublicKeyValidator{},
	}
}

const JWTSecretName = "auth-jwt-private"  //nolint:gosec
const KTJwtHmacSecret = "jwt-hmac-secret" //nolint:gosec

type JwtPayload struct {
	Allow []auth.Permission
}

func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*dtypes.APIAlg, error) {
	key, err := keystore.Get(JWTSecretName)

	if errors.Is(err, types.ErrKeyInfoNotFound) {
		log.Warn("Generating new API secret")

		sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))
		if err != nil {
			return nil, err
		}

		key = types.KeyInfo{
			Type:       KTJwtHmacSecret,
			PrivateKey: sk,
		}

		if err := keystore.Put(JWTSecretName, key); err != nil {
			return nil, xerrors.Errorf("writing API secret: %w", err)
		}

		// TODO: make this configurable
		p := JwtPayload{
			Allow: apistruct.AllPermissions,
		}

		cliToken, err := jwt.Sign(&p, jwt.NewHS256(key.PrivateKey))
		if err != nil {
			return nil, err
		}

		if err := lr.SetAPIToken(cliToken); err != nil {
			return nil, err
		}
	} else if err != nil {
		return nil, xerrors.Errorf("could not get JWT Token: %w", err)
	}

	return (*dtypes.APIAlg)(jwt.NewHS256(key.PrivateKey)), nil
}

func ConfigBootstrap(peers []string) func() (dtypes.BootstrapPeers, error) {
	return func() (dtypes.BootstrapPeers, error) {
		return addrutil.ParseAddresses(context.TODO(), peers)
	}
}

func BuiltinBootstrap() (dtypes.BootstrapPeers, error) {
	return build.BuiltinBootstrap()
}

func DrandBootstrap(d dtypes.DrandConfig) (dtypes.DrandBootstrap, error) {
	addrs, err := addrutil.ParseAddresses(context.TODO(), d.Relays)
	if err != nil {
		log.Errorf("reoslving drand relays addresses: %+v", err)
		return nil, nil
	}
	return addrs, nil
}

func SetupJournal(lr repo.LockedRepo) error {
	return journal.InitializeSystemJournal(filepath.Join(lr.Path(), "journal"))
}
Initial structure License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-06-25 11:42:17 +00:00			`package modules`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00
			`import (`
Periodic bootstrap 2019-10-11 00:31:06 +00:00			`"context"`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`"crypto/rand"`
Expose JWT permission error Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-02-12 20:25:29 +00:00			`"errors"`
Swtich to xerrors License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-22 16:20:56 +00:00			`"io"`
			`"io/ioutil"`
implement a persistent journal for lotus node operations 2020-06-22 22:38:36 +00:00			`"path/filepath"`
Swtich to xerrors License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-22 16:20:56 +00:00
Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`"github.com/gbrlsnchs/jwt/v3"`
			`logging "github.com/ipfs/go-log/v2"`
			`"github.com/libp2p/go-libp2p-core/peerstore"`
			`record "github.com/libp2p/go-libp2p-record"`
			`"golang.org/x/xerrors"`

			`"github.com/filecoin-project/go-jsonrpc/auth"`
Expose JWT permission error Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-02-12 20:25:29 +00:00
Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`"github.com/filecoin-project/lotus/api/apistruct"`
Cleanup imports after rename License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-10-18 04:47:41 +00:00			`"github.com/filecoin-project/lotus/build"`
peer manager: Handle bootstrap in peermgr 2019-10-23 11:11:18 +00:00			`"github.com/filecoin-project/lotus/chain/types"`
implement a persistent journal for lotus node operations 2020-06-22 22:38:36 +00:00			`"github.com/filecoin-project/lotus/journal"`
Cleanup imports after rename License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-10-18 04:47:41 +00:00			`"github.com/filecoin-project/lotus/lib/addrutil"`
peer manager: Handle bootstrap in peermgr 2019-10-23 11:11:18 +00:00			`"github.com/filecoin-project/lotus/node/modules/dtypes"`
			`"github.com/filecoin-project/lotus/node/repo"`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`)`

hello: Move from f2 2019-07-03 17:39:07 +00:00			`var log = logging.Logger("modules")`

Refactor out more types into types package, and pull genesis block code into gen package 2019-07-25 22:15:03 +00:00			`type Genesis func() (*types.BlockHeader, error)`
Construct enough to run hello 2019-07-08 13:36:43 +00:00
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`// RecordValidator provides namesys compatible routing record validator`
			`func RecordValidator(ps peerstore.Peerstore) record.Validator {`
			`return record.NamespacedValidator{`
go fmt License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 20:00:22 +00:00			`"pk": record.PublicKeyValidator{},`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`}`
			`}`
Construct enough to run hello 2019-07-08 13:36:43 +00:00
Lint everything We were ignoring quite a few error cases, and had one case where we weren't actually updating state where we wanted to. Unfortunately, if the linter doesn't pass, nobody has any reason to actually check lint failures in CI. There are three remaining XXXs marked in the code for lint. 2020-08-20 04:49:10 +00:00			`const JWTSecretName = "auth-jwt-private" //nolint:gosec`
			`const KTJwtHmacSecret = "jwt-hmac-secret" //nolint:gosec`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00
lotus-shed: add simple jwt creation support 2020-08-19 19:18:36 +00:00			`type JwtPayload struct {`
Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`Allow []auth.Permission`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`}`

Register miner address from storageminer process 2019-08-20 17:19:24 +00:00			`func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*dtypes.APIAlg, error) {`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`key, err := keystore.Get(JWTSecretName)`
Expose JWT permission error Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-02-12 20:25:29 +00:00
			`if errors.Is(err, types.ErrKeyInfoNotFound) {`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`log.Warn("Generating new API secret")`

			`sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))`
			`if err != nil {`
			`return nil, err`
			`}`

			`key = types.KeyInfo{`
lotus-shed: add simple jwt creation support 2020-08-19 19:18:36 +00:00			`Type: KTJwtHmacSecret,`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`PrivateKey: sk,`
			`}`

			`if err := keystore.Put(JWTSecretName, key); err != nil {`
			`return nil, xerrors.Errorf("writing API secret: %w", err)`
			`}`

			`// TODO: make this configurable`
lotus-shed: add simple jwt creation support 2020-08-19 19:18:36 +00:00			`p := JwtPayload{`
Move api struct to a seprate pkg 2019-12-09 17:08:32 +00:00			`Allow: apistruct.AllPermissions,`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`}`

			`cliToken, err := jwt.Sign(&p, jwt.NewHS256(key.PrivateKey))`
			`if err != nil {`
			`return nil, err`
			`}`

			`if err := lr.SetAPIToken(cliToken); err != nil {`
			`return nil, err`
			`}`
Expose JWT permission error Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-02-12 20:25:29 +00:00			`} else if err != nil {`
			`return nil, xerrors.Errorf("could not get JWT Token: %w", err)`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`}`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00
Register miner address from storageminer process 2019-08-20 17:19:24 +00:00			`return (*dtypes.APIAlg)(jwt.NewHS256(key.PrivateKey)), nil`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`}`
Periodic bootstrap 2019-10-11 00:31:06 +00:00
config: Allow overriding bootstrap peers 2019-10-11 03:16:12 +00:00			`func ConfigBootstrap(peers []string) func() (dtypes.BootstrapPeers, error) {`
			`return func() (dtypes.BootstrapPeers, error) {`
			`return addrutil.ParseAddresses(context.TODO(), peers)`
			`}`
			`}`

			`func BuiltinBootstrap() (dtypes.BootstrapPeers, error) {`
			`return build.BuiltinBootstrap()`
			`}`
Assign positive scores to drand bootstrappers Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-06-08 09:31:33 +00:00
Cleanup DrandBootstrap Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-07-22 21:46:36 +00:00			`func DrandBootstrap(d dtypes.DrandConfig) (dtypes.DrandBootstrap, error) {`
Don't fail if could not resolved drand dnsaddr Resolves https://github.com/filecoin-project/lotus/issues/3335 Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-08-27 15:50:16 +00:00			`addrs, err := addrutil.ParseAddresses(context.TODO(), d.Relays)`
			`if err != nil {`
			`log.Errorf("reoslving drand relays addresses: %+v", err)`
			`return nil, nil`
			`}`
			`return addrs, nil`
Assign positive scores to drand bootstrappers Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2020-06-08 09:31:33 +00:00			`}`
implement a persistent journal for lotus node operations 2020-06-22 22:38:36 +00:00
			`func SetupJournal(lr repo.LockedRepo) error {`
			`return journal.InitializeSystemJournal(filepath.Join(lr.Path(), "journal"))`
			`}`