lotus/node/modules/core.go

package modules

import (
	"crypto/rand"
	"io"
	"io/ioutil"

	"github.com/gbrlsnchs/jwt/v3"
	logging "github.com/ipfs/go-log"
	"github.com/libp2p/go-libp2p-core/peerstore"
	record "github.com/libp2p/go-libp2p-record"
	"golang.org/x/xerrors"

	"github.com/filecoin-project/go-lotus/api"
	"github.com/filecoin-project/go-lotus/chain/types"
	"github.com/filecoin-project/go-lotus/node/repo"
)

var log = logging.Logger("modules")

type Genesis func() (*types.BlockHeader, error)

// RecordValidator provides namesys compatible routing record validator
func RecordValidator(ps peerstore.Peerstore) record.Validator {
	return record.NamespacedValidator{
		"pk": record.PublicKeyValidator{},
	}
}

const JWTSecretName = "auth-jwt-private"

type APIAlg jwt.HMACSHA

type jwtPayload struct {
	Allow []string
}

func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*APIAlg, error) {
	key, err := keystore.Get(JWTSecretName)
	if err != nil {
		log.Warn("Generating new API secret")

		sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))
		if err != nil {
			return nil, err
		}

		key = types.KeyInfo{
			Type:       "jwt-hmac-secret",
			PrivateKey: sk,
		}

		if err := keystore.Put(JWTSecretName, key); err != nil {
			return nil, xerrors.Errorf("writing API secret: %w", err)
		}

		// TODO: make this configurable
		p := jwtPayload{
			Allow: api.AllPermissions,
		}

		cliToken, err := jwt.Sign(&p, jwt.NewHS256(key.PrivateKey))
		if err != nil {
			return nil, err
		}

		if err := lr.SetAPIToken(cliToken); err != nil {
			return nil, err
		}
	}

	return (*APIAlg)(jwt.NewHS256(key.PrivateKey)), nil
}
Initial structure License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-06-25 11:42:17 +00:00			`package modules`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00
			`import (`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`"crypto/rand"`
			`"io"`
			`"io/ioutil"`
Fix imports and range reference warnings License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-08 15:14:36 +00:00
Couple lint fixes 2019-07-24 01:16:17 +00:00			`"github.com/gbrlsnchs/jwt/v3"`
hello: Move from f2 2019-07-03 17:39:07 +00:00			`logging "github.com/ipfs/go-log"`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`"github.com/libp2p/go-libp2p-core/peerstore"`
			`record "github.com/libp2p/go-libp2p-record"`
Couple lint fixes 2019-07-24 01:16:17 +00:00			`"golang.org/x/xerrors"`
Fix imports and range reference warnings License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-08 15:14:36 +00:00
Couple lint fixes 2019-07-24 01:16:17 +00:00			`"github.com/filecoin-project/go-lotus/api"`
Move KeyStore into separate module License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-18 16:10:53 +00:00			`"github.com/filecoin-project/go-lotus/chain/types"`
Wire up memrepo 2019-07-10 15:38:35 +00:00			`"github.com/filecoin-project/go-lotus/node/repo"`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`)`

hello: Move from f2 2019-07-03 17:39:07 +00:00			`var log = logging.Logger("modules")`

Refactor out more types into types package, and pull genesis block code into gen package 2019-07-25 22:15:03 +00:00			`type Genesis func() (*types.BlockHeader, error)`
Construct enough to run hello 2019-07-08 13:36:43 +00:00
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`// RecordValidator provides namesys compatible routing record validator`
			`func RecordValidator(ps peerstore.Peerstore) record.Validator {`
			`return record.NamespacedValidator{`
go fmt License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 20:00:22 +00:00			`"pk": record.PublicKeyValidator{},`
Build libp2p node License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch> 2019-07-01 10:18:00 +00:00			`}`
			`}`
Construct enough to run hello 2019-07-08 13:36:43 +00:00
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`const JWTSecretName = "auth-jwt-private"`

			`type APIAlg jwt.HMACSHA`

Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`type jwtPayload struct {`
			`Allow []string`
			`}`

			`func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*APIAlg, error) {`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`key, err := keystore.Get(JWTSecretName)`
			`if err != nil {`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00			`log.Warn("Generating new API secret")`

			`sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))`
			`if err != nil {`
			`return nil, err`
			`}`

			`key = types.KeyInfo{`
			`Type: "jwt-hmac-secret",`
			`PrivateKey: sk,`
			`}`

			`if err := keystore.Put(JWTSecretName, key); err != nil {`
			`return nil, xerrors.Errorf("writing API secret: %w", err)`
			`}`

			`// TODO: make this configurable`
			`p := jwtPayload{`
			`Allow: api.AllPermissions,`
			`}`

			`cliToken, err := jwt.Sign(&p, jwt.NewHS256(key.PrivateKey))`
			`if err != nil {`
			`return nil, err`
			`}`

			`if err := lr.SetAPIToken(cliToken); err != nil {`
			`return nil, err`
			`}`
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`}`
Fix secret loading in tests 2019-07-23 20:37:06 +00:00
auth: Load JWT secret once 2019-07-23 20:23:44 +00:00			`return (*APIAlg)(jwt.NewHS256(key.PrivateKey)), nil`
			`}`