From b678a3ecb4b318ce26a39fd42f3ed160fd55041e Mon Sep 17 00:00:00 2001
From: Nabarun Gogoi <nabarun@deepstacksoft.com>
Date: Fri, 5 May 2023 13:32:19 +0530
Subject: [PATCH] Add environment variables for multiaddrs blacklist (#381)

* Add env variable for web apps config denyMultiaddrs

* Add watcher config option for blacklisted multiaddrs

* Update package versions

* Use provided domain for relay multiaddr in peer config

* Change delimeter while replacing deny multiaddrs list

---------

Co-authored-by: prathamesh0 <prathamesh.musale0@gmail.com>
---
 app/data/compose/docker-compose-mobymask-app.yml      |  2 ++
 app/data/compose/docker-compose-peer-test-app.yml     |  1 +
 .../compose/docker-compose-watcher-mobymask-v2.yml    |  1 +
 .../config/watcher-mobymask-v2/mobymask-app-start.sh  |  2 ++
 .../config/watcher-mobymask-v2/mobymask-params.env    |  3 +++
 app/data/config/watcher-mobymask-v2/start-server.sh   | 10 +++++++++-
 .../config/watcher-mobymask-v2/test-app-config.json   |  1 +
 app/data/config/watcher-mobymask-v2/test-app-start.sh |  2 ++
 .../watcher-mobymask-v2/watcher-config-template.toml  |  2 ++
 app/data/container-build/cerc-mobymask-ui/Dockerfile  |  4 ++--
 .../cerc-mobymask-ui/apply-webapp-config.sh           |  2 +-
 app/data/container-build/cerc-react-peer/Dockerfile   |  2 +-
 .../cerc-react-peer/apply-webapp-config.sh            |  2 +-
 app/data/stacks/mobymask-v2/README.md                 |  4 ++--
 app/data/stacks/mobymask-v2/mobymask-only.md          | 11 +++++++----
 .../stacks/mobymask-v2/watcher-p2p-network/watcher.md |  4 ++--
 app/data/stacks/mobymask-v2/web-apps.md               |  3 +++
 17 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/app/data/compose/docker-compose-mobymask-app.yml b/app/data/compose/docker-compose-mobymask-app.yml
index d43e6b44..7d41264a 100644
--- a/app/data/compose/docker-compose-mobymask-app.yml
+++ b/app/data/compose/docker-compose-mobymask-app.yml
@@ -13,6 +13,7 @@ services:
       CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
       CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL}
       CERC_RELAY_NODES: ${CERC_RELAY_NODES}
+      CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
       CERC_BUILD_DIR: "@cerc-io/mobymask-ui/build"
     working_dir: /scripts
     command: ["sh", "mobymask-app-start.sh"]
@@ -44,6 +45,7 @@ services:
       CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
       CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL}
       CERC_RELAY_NODES: ${CERC_RELAY_NODES}
+      CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
       CERC_BUILD_DIR: "@cerc-io/mobymask-ui-lxdao/build"
     working_dir: /scripts
     command: ["sh", "mobymask-app-start.sh"]
diff --git a/app/data/compose/docker-compose-peer-test-app.yml b/app/data/compose/docker-compose-peer-test-app.yml
index f2a22675..f1f5e475 100644
--- a/app/data/compose/docker-compose-peer-test-app.yml
+++ b/app/data/compose/docker-compose-peer-test-app.yml
@@ -10,6 +10,7 @@ services:
     environment:
       CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
       CERC_RELAY_NODES: ${CERC_RELAY_NODES}
+      CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
     command: ["sh", "test-app-start.sh"]
     volumes:
       - ../config/wait-for-it.sh:/scripts/wait-for-it.sh
diff --git a/app/data/compose/docker-compose-watcher-mobymask-v2.yml b/app/data/compose/docker-compose-watcher-mobymask-v2.yml
index 36c5f3f9..0c743670 100644
--- a/app/data/compose/docker-compose-watcher-mobymask-v2.yml
+++ b/app/data/compose/docker-compose-watcher-mobymask-v2.yml
@@ -83,6 +83,7 @@ services:
       CERC_L1_ACCOUNTS_CSV_URL: ${CERC_L1_ACCOUNTS_CSV_URL}
       CERC_PRIVATE_KEY_PEER: ${CERC_PRIVATE_KEY_PEER}
       CERC_RELAY_PEERS: ${CERC_RELAY_PEERS}
+      CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
       CERC_RELAY_ANNOUNCE_DOMAIN: ${CERC_RELAY_ANNOUNCE_DOMAIN}
       CERC_ENABLE_PEER_L2_TXS: ${CERC_ENABLE_PEER_L2_TXS}
       CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
diff --git a/app/data/config/watcher-mobymask-v2/mobymask-app-start.sh b/app/data/config/watcher-mobymask-v2/mobymask-app-start.sh
index 9f343340..6eeb5c1a 100755
--- a/app/data/config/watcher-mobymask-v2/mobymask-app-start.sh
+++ b/app/data/config/watcher-mobymask-v2/mobymask-app-start.sh
@@ -7,6 +7,7 @@ fi
 CERC_CHAIN_ID="${CERC_CHAIN_ID:-${DEFAULT_CERC_CHAIN_ID}}"
 CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}"
 CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}"
+CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
 CERC_APP_WATCHER_URL="${CERC_APP_WATCHER_URL:-${DEFAULT_CERC_APP_WATCHER_URL}}"
 
 # If not set (or []), check the mounted volume for relay peer id
@@ -37,5 +38,6 @@ yq -n ".address = env(CERC_DEPLOYED_CONTRACT)" > /config/config.yml
 yq ".watcherUrl = env(CERC_APP_WATCHER_URL)" -i /config/config.yml
 yq ".chainId = env(CERC_CHAIN_ID)" -i /config/config.yml
 yq ".relayNodes = strenv(CERC_RELAY_NODES)" -i /config/config.yml
+yq ".denyMultiaddrs = strenv(CERC_DENY_MULTIADDRS)" -i /config/config.yml
 
 /scripts/start-serving-app.sh
diff --git a/app/data/config/watcher-mobymask-v2/mobymask-params.env b/app/data/config/watcher-mobymask-v2/mobymask-params.env
index 6d1bf063..39d55016 100644
--- a/app/data/config/watcher-mobymask-v2/mobymask-params.env
+++ b/app/data/config/watcher-mobymask-v2/mobymask-params.env
@@ -24,3 +24,6 @@ DEFAULT_CERC_CHAIN_ID=42069
 
 # Set of relay nodes to be used by web-apps
 DEFAULT_CERC_RELAY_NODES=[]
+
+# Set of multiaddrs to be avoided while dialling
+DEFAULT_CERC_DENY_MULTIADDRS=[]
diff --git a/app/data/config/watcher-mobymask-v2/start-server.sh b/app/data/config/watcher-mobymask-v2/start-server.sh
index b46a7c14..eab8bac2 100755
--- a/app/data/config/watcher-mobymask-v2/start-server.sh
+++ b/app/data/config/watcher-mobymask-v2/start-server.sh
@@ -8,13 +8,20 @@ CERC_L2_GETH_RPC="${CERC_L2_GETH_RPC:-${DEFAULT_CERC_L2_GETH_RPC}}"
 CERC_L1_ACCOUNTS_CSV_URL="${CERC_L1_ACCOUNTS_CSV_URL:-${DEFAULT_CERC_L1_ACCOUNTS_CSV_URL}}"
 
 CERC_RELAY_PEERS="${CERC_RELAY_PEERS:-${DEFAULT_CERC_RELAY_PEERS}}"
+CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
 CERC_RELAY_ANNOUNCE_DOMAIN="${CERC_RELAY_ANNOUNCE_DOMAIN:-${DEFAULT_CERC_RELAY_ANNOUNCE_DOMAIN}}"
 CERC_ENABLE_PEER_L2_TXS="${CERC_ENABLE_PEER_L2_TXS:-${DEFAULT_CERC_ENABLE_PEER_L2_TXS}}"
 CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}"
 
 echo "Using L2 RPC endpoint ${CERC_L2_GETH_RPC}"
 
-CERC_RELAY_MULTIADDR="/dns4/mobymask-watcher-server/tcp/9090/ws/p2p/$(jq -r '.id' /app/peers/relay-id.json)"
+# Use public domain for relay multiaddr in peer config if specified
+# Otherwise, use the docker container's host IP
+if [ -n "$CERC_RELAY_ANNOUNCE_DOMAIN" ]; then
+  CERC_RELAY_MULTIADDR="/dns4/${CERC_RELAY_ANNOUNCE_DOMAIN}/tcp/443/wss/p2p/$(jq -r '.id' /app/peers/relay-id.json)"
+else
+  CERC_RELAY_MULTIADDR="/dns4/mobymask-watcher-server/tcp/9090/ws/p2p/$(jq -r '.id' /app/peers/relay-id.json)"
+fi
 
 # Use contract address from environment variable or set from config.json in mounted volume
 if [ -n "$CERC_DEPLOYED_CONTRACT" ]; then
@@ -42,6 +49,7 @@ fi
 WATCHER_CONFIG_TEMPLATE=$(cat environments/watcher-config-template.toml)
 WATCHER_CONFIG=$(echo "$WATCHER_CONFIG_TEMPLATE" | \
   sed -E "s|REPLACE_WITH_CERC_RELAY_PEERS|${CERC_RELAY_PEERS}|g; \
+          s|REPLACE_WITH_CERC_DENY_MULTIADDRS|${CERC_DENY_MULTIADDRS}|g; \
           s/REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN/${CERC_RELAY_ANNOUNCE_DOMAIN}/g; \
           s|REPLACE_WITH_CERC_RELAY_MULTIADDR|${CERC_RELAY_MULTIADDR}|g; \
           s/REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS/${CERC_ENABLE_PEER_L2_TXS}/g; \
diff --git a/app/data/config/watcher-mobymask-v2/test-app-config.json b/app/data/config/watcher-mobymask-v2/test-app-config.json
index cce15fd8..a0baf9c6 100644
--- a/app/data/config/watcher-mobymask-v2/test-app-config.json
+++ b/app/data/config/watcher-mobymask-v2/test-app-config.json
@@ -1,6 +1,7 @@
 {
   "relayNodes": [],
   "peer": {
+    "denyMultiaddrs": [],
     "enableDebugInfo": true
   }
 }
diff --git a/app/data/config/watcher-mobymask-v2/test-app-start.sh b/app/data/config/watcher-mobymask-v2/test-app-start.sh
index 42e4397d..aeeb02d3 100755
--- a/app/data/config/watcher-mobymask-v2/test-app-start.sh
+++ b/app/data/config/watcher-mobymask-v2/test-app-start.sh
@@ -5,6 +5,7 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
 fi
 
 CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}"
+CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
 
 # If not set (or []), check the mounted volume for relay peer id
 if [ -z "$CERC_RELAY_NODES" ] || [ "$CERC_RELAY_NODES" = "[]" ]; then
@@ -16,5 +17,6 @@ echo "Using CERC_RELAY_NODES $CERC_RELAY_NODES"
 
 # Use yq to create config.yml with environment variables
 yq -n ".relayNodes = strenv(CERC_RELAY_NODES)" > /config/config.yml
+yq ".denyMultiaddrs = strenv(CERC_DENY_MULTIADDRS)" -i /config/config.yml
 
 /scripts/start-serving-app.sh
diff --git a/app/data/config/watcher-mobymask-v2/watcher-config-template.toml b/app/data/config/watcher-mobymask-v2/watcher-config-template.toml
index e6ce0750..5a2c7ce4 100644
--- a/app/data/config/watcher-mobymask-v2/watcher-config-template.toml
+++ b/app/data/config/watcher-mobymask-v2/watcher-config-template.toml
@@ -27,6 +27,7 @@
       host = "0.0.0.0"
       port = 9090
       relayPeers = REPLACE_WITH_CERC_RELAY_PEERS
+      denyMultiaddrs = REPLACE_WITH_CERC_DENY_MULTIADDRS
       peerIdFile = './peers/relay-id.json'
       announce = 'REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN'
       enableDebugInfo = true
@@ -34,6 +35,7 @@
     [server.p2p.peer]
       relayMultiaddr = 'REPLACE_WITH_CERC_RELAY_MULTIADDR'
       pubSubTopic = 'mobymask'
+      denyMultiaddrs = REPLACE_WITH_CERC_DENY_MULTIADDRS
       peerIdFile = './peers/peer-id.json'
       enableDebugInfo = true
       enableL2Txs = REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS
diff --git a/app/data/container-build/cerc-mobymask-ui/Dockerfile b/app/data/container-build/cerc-mobymask-ui/Dockerfile
index 651d718f..9d4868d2 100644
--- a/app/data/container-build/cerc-mobymask-ui/Dockerfile
+++ b/app/data/container-build/cerc-mobymask-ui/Dockerfile
@@ -50,9 +50,9 @@ RUN yarn global add http-server
 
 # Globally install both versions of the payload web app package
 # Install old version of MobyMask web app
-RUN yarn global add @cerc-io/mobymask-ui@0.1.3
+RUN yarn global add @cerc-io/mobymask-ui@0.1.4
 # Install the LXDAO version of MobyMask web app
-RUN yarn global add @cerc-io/mobymask-ui-lxdao@npm:@cerc-io/mobymask-ui@0.1.3-lxdao-0.1.1
+RUN yarn global add @cerc-io/mobymask-ui-lxdao@npm:@cerc-io/mobymask-ui@0.1.4-lxdao-0.1.1
 
 # Expose port for http
 EXPOSE 80
diff --git a/app/data/container-build/cerc-mobymask-ui/apply-webapp-config.sh b/app/data/container-build/cerc-mobymask-ui/apply-webapp-config.sh
index 9f32cd23..2779b3a1 100755
--- a/app/data/container-build/cerc-mobymask-ui/apply-webapp-config.sh
+++ b/app/data/container-build/cerc-mobymask-ui/apply-webapp-config.sh
@@ -33,7 +33,7 @@ do
     echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}"
 
     # TODO: Pass keys to be replaced without double quotes
-    if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|chainId)$ ]]; then
+    if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|chainId|denyMultiaddrs)$ ]]; then
         find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} +
     else
         # Note: we do not escape our strings, on the expectation they do not container the '#' char.
diff --git a/app/data/container-build/cerc-react-peer/Dockerfile b/app/data/container-build/cerc-react-peer/Dockerfile
index 191f986b..50670e03 100644
--- a/app/data/container-build/cerc-react-peer/Dockerfile
+++ b/app/data/container-build/cerc-react-peer/Dockerfile
@@ -21,7 +21,7 @@ RUN mkdir -p /config
 RUN yarn global add http-server
 
 # Globally install the payload web app package
-RUN yarn global add @cerc-io/test-app@0.2.33
+RUN yarn global add @cerc-io/test-app@0.2.34
 
 # Expose port for http
 EXPOSE 80
diff --git a/app/data/container-build/cerc-react-peer/apply-webapp-config.sh b/app/data/container-build/cerc-react-peer/apply-webapp-config.sh
index a7f0a28e..59dee869 100755
--- a/app/data/container-build/cerc-react-peer/apply-webapp-config.sh
+++ b/app/data/container-build/cerc-react-peer/apply-webapp-config.sh
@@ -33,7 +33,7 @@ do
     echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}"
 
     # TODO: Pass keys to be replaced without double quotes
-    if [[ "$template_string_to_replace" == "${config_prefix}_relayNodes" ]]; then
+    if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|denyMultiaddrs)$ ]]; then
         find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} +
     else
         # Note: we do not escape our strings, on the expectation they do not container the '#' char.
diff --git a/app/data/stacks/mobymask-v2/README.md b/app/data/stacks/mobymask-v2/README.md
index 32fdbf60..880b6a35 100644
--- a/app/data/stacks/mobymask-v2/README.md
+++ b/app/data/stacks/mobymask-v2/README.md
@@ -23,11 +23,11 @@ Checkout to the required versions and branches in repos
 ```bash
 # watcher-ts
 cd ~/cerc/watcher-ts
-git checkout v0.2.39
+git checkout v0.2.41
 
 # mobymask-v2-watcher-ts
 cd ~/cerc/mobymask-v2-watcher-ts
-git checkout v0.1.0
+git checkout v0.1.1
 
 # MobyMask
 cd ~/cerc/MobyMask
diff --git a/app/data/stacks/mobymask-v2/mobymask-only.md b/app/data/stacks/mobymask-v2/mobymask-only.md
index 4cfb4ecf..01ce0754 100644
--- a/app/data/stacks/mobymask-v2/mobymask-only.md
+++ b/app/data/stacks/mobymask-v2/mobymask-only.md
@@ -19,11 +19,11 @@ Checkout to the required versions and branches in repos:
 ```bash
 # watcher-ts
 cd ~/cerc/watcher-ts
-git checkout v0.2.39
+git checkout v0.2.41
 
 # mobymask-v2-watcher-ts
 cd ~/cerc/mobymask-v2-watcher-ts
-git checkout v0.1.0
+git checkout v0.1.1
 
 # MobyMask
 cd ~/cerc/MobyMask
@@ -67,11 +67,14 @@ Create and update an env file to be used in the next step ([defaults](../../conf
   # (used for generating a root invite link after deploying the contract)
   CERC_MOBYMASK_APP_BASE_URI="http://127.0.0.1:3002/#"
 
+  # (Optional) Domain to be used in the relay node's announce address
+  CERC_RELAY_ANNOUNCE_DOMAIN=
+
   # (Optional) Set of relay peers to connect to from the relay node
   CERC_RELAY_PEERS=[]
 
-  # (Optional) Domain to be used in the relay node's announce address
-  CERC_RELAY_ANNOUNCE_DOMAIN=
+  # (Optional) Set of multiaddrs to be avoided while dialling
+  CERC_DENY_MULTIADDRS=[]
 
   # Set to false for disabling watcher peer to send txs to L2
   CERC_ENABLE_PEER_L2_TXS=true
diff --git a/app/data/stacks/mobymask-v2/watcher-p2p-network/watcher.md b/app/data/stacks/mobymask-v2/watcher-p2p-network/watcher.md
index 74d95b92..4641726e 100644
--- a/app/data/stacks/mobymask-v2/watcher-p2p-network/watcher.md
+++ b/app/data/stacks/mobymask-v2/watcher-p2p-network/watcher.md
@@ -35,11 +35,11 @@ Checkout to the required versions and branches in repos:
   ```bash
   # watcher-ts
   cd ~/cerc/watcher-ts
-  git checkout v0.2.39
+  git checkout v0.2.41
 
   # mobymask-v2-watcher-ts
   cd ~/cerc/mobymask-v2-watcher-ts
-  git checkout v0.1.0
+  git checkout v0.1.1
 
   # MobyMask
   cd ~/cerc/MobyMask
diff --git a/app/data/stacks/mobymask-v2/web-apps.md b/app/data/stacks/mobymask-v2/web-apps.md
index 2eb037f6..d1570c93 100644
--- a/app/data/stacks/mobymask-v2/web-apps.md
+++ b/app/data/stacks/mobymask-v2/web-apps.md
@@ -26,6 +26,9 @@ Create and update an env file to be used in the next step ([defaults](../../conf
   # Eg. CERC_RELAY_NODES=["/dns4/example.com/tcp/443/wss/p2p/12D3KooWGHmDDCc93XUWL16FMcTPCGu2zFaMkf67k8HZ4gdQbRDr"]
   CERC_RELAY_NODES=[]
 
+  # Set of multiaddrs to be avoided while dialling
+  CERC_DENY_MULTIADDRS=[]
+
   # Also add if running MobyMask app:
 
   # Watcher endpoint used by the app for GQL queries