Add environment variables for multiaddrs blacklist (#381)

* Add env variable for web apps config denyMultiaddrs

* Add watcher config option for blacklisted multiaddrs

* Update package versions

* Use provided domain for relay multiaddr in peer config

* Change delimeter while replacing deny multiaddrs list

---------

Co-authored-by: prathamesh0 <prathamesh.musale0@gmail.com>
Former-commit-id: b678a3ecb4
This commit is contained in:
Nabarun Gogoi 2023-05-05 13:32:19 +05:30 committed by GitHub
parent b1b1464205
commit 8add4671c0
17 changed files with 42 additions and 14 deletions

View File

@ -13,6 +13,7 @@ services:
CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT} CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL} CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL}
CERC_RELAY_NODES: ${CERC_RELAY_NODES} CERC_RELAY_NODES: ${CERC_RELAY_NODES}
CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
CERC_BUILD_DIR: "@cerc-io/mobymask-ui/build" CERC_BUILD_DIR: "@cerc-io/mobymask-ui/build"
working_dir: /scripts working_dir: /scripts
command: ["sh", "mobymask-app-start.sh"] command: ["sh", "mobymask-app-start.sh"]
@ -44,6 +45,7 @@ services:
CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT} CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL} CERC_APP_WATCHER_URL: ${CERC_APP_WATCHER_URL}
CERC_RELAY_NODES: ${CERC_RELAY_NODES} CERC_RELAY_NODES: ${CERC_RELAY_NODES}
CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
CERC_BUILD_DIR: "@cerc-io/mobymask-ui-lxdao/build" CERC_BUILD_DIR: "@cerc-io/mobymask-ui-lxdao/build"
working_dir: /scripts working_dir: /scripts
command: ["sh", "mobymask-app-start.sh"] command: ["sh", "mobymask-app-start.sh"]

View File

@ -10,6 +10,7 @@ services:
environment: environment:
CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG} CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
CERC_RELAY_NODES: ${CERC_RELAY_NODES} CERC_RELAY_NODES: ${CERC_RELAY_NODES}
CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
command: ["sh", "test-app-start.sh"] command: ["sh", "test-app-start.sh"]
volumes: volumes:
- ../config/wait-for-it.sh:/scripts/wait-for-it.sh - ../config/wait-for-it.sh:/scripts/wait-for-it.sh

View File

@ -83,6 +83,7 @@ services:
CERC_L1_ACCOUNTS_CSV_URL: ${CERC_L1_ACCOUNTS_CSV_URL} CERC_L1_ACCOUNTS_CSV_URL: ${CERC_L1_ACCOUNTS_CSV_URL}
CERC_PRIVATE_KEY_PEER: ${CERC_PRIVATE_KEY_PEER} CERC_PRIVATE_KEY_PEER: ${CERC_PRIVATE_KEY_PEER}
CERC_RELAY_PEERS: ${CERC_RELAY_PEERS} CERC_RELAY_PEERS: ${CERC_RELAY_PEERS}
CERC_DENY_MULTIADDRS: ${CERC_DENY_MULTIADDRS}
CERC_RELAY_ANNOUNCE_DOMAIN: ${CERC_RELAY_ANNOUNCE_DOMAIN} CERC_RELAY_ANNOUNCE_DOMAIN: ${CERC_RELAY_ANNOUNCE_DOMAIN}
CERC_ENABLE_PEER_L2_TXS: ${CERC_ENABLE_PEER_L2_TXS} CERC_ENABLE_PEER_L2_TXS: ${CERC_ENABLE_PEER_L2_TXS}
CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT} CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}

View File

@ -7,6 +7,7 @@ fi
CERC_CHAIN_ID="${CERC_CHAIN_ID:-${DEFAULT_CERC_CHAIN_ID}}" CERC_CHAIN_ID="${CERC_CHAIN_ID:-${DEFAULT_CERC_CHAIN_ID}}"
CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}" CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}"
CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}" CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}"
CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
CERC_APP_WATCHER_URL="${CERC_APP_WATCHER_URL:-${DEFAULT_CERC_APP_WATCHER_URL}}" CERC_APP_WATCHER_URL="${CERC_APP_WATCHER_URL:-${DEFAULT_CERC_APP_WATCHER_URL}}"
# If not set (or []), check the mounted volume for relay peer id # If not set (or []), check the mounted volume for relay peer id
@ -37,5 +38,6 @@ yq -n ".address = env(CERC_DEPLOYED_CONTRACT)" > /config/config.yml
yq ".watcherUrl = env(CERC_APP_WATCHER_URL)" -i /config/config.yml yq ".watcherUrl = env(CERC_APP_WATCHER_URL)" -i /config/config.yml
yq ".chainId = env(CERC_CHAIN_ID)" -i /config/config.yml yq ".chainId = env(CERC_CHAIN_ID)" -i /config/config.yml
yq ".relayNodes = strenv(CERC_RELAY_NODES)" -i /config/config.yml yq ".relayNodes = strenv(CERC_RELAY_NODES)" -i /config/config.yml
yq ".denyMultiaddrs = strenv(CERC_DENY_MULTIADDRS)" -i /config/config.yml
/scripts/start-serving-app.sh /scripts/start-serving-app.sh

View File

@ -24,3 +24,6 @@ DEFAULT_CERC_CHAIN_ID=42069
# Set of relay nodes to be used by web-apps # Set of relay nodes to be used by web-apps
DEFAULT_CERC_RELAY_NODES=[] DEFAULT_CERC_RELAY_NODES=[]
# Set of multiaddrs to be avoided while dialling
DEFAULT_CERC_DENY_MULTIADDRS=[]

View File

@ -8,13 +8,20 @@ CERC_L2_GETH_RPC="${CERC_L2_GETH_RPC:-${DEFAULT_CERC_L2_GETH_RPC}}"
CERC_L1_ACCOUNTS_CSV_URL="${CERC_L1_ACCOUNTS_CSV_URL:-${DEFAULT_CERC_L1_ACCOUNTS_CSV_URL}}" CERC_L1_ACCOUNTS_CSV_URL="${CERC_L1_ACCOUNTS_CSV_URL:-${DEFAULT_CERC_L1_ACCOUNTS_CSV_URL}}"
CERC_RELAY_PEERS="${CERC_RELAY_PEERS:-${DEFAULT_CERC_RELAY_PEERS}}" CERC_RELAY_PEERS="${CERC_RELAY_PEERS:-${DEFAULT_CERC_RELAY_PEERS}}"
CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
CERC_RELAY_ANNOUNCE_DOMAIN="${CERC_RELAY_ANNOUNCE_DOMAIN:-${DEFAULT_CERC_RELAY_ANNOUNCE_DOMAIN}}" CERC_RELAY_ANNOUNCE_DOMAIN="${CERC_RELAY_ANNOUNCE_DOMAIN:-${DEFAULT_CERC_RELAY_ANNOUNCE_DOMAIN}}"
CERC_ENABLE_PEER_L2_TXS="${CERC_ENABLE_PEER_L2_TXS:-${DEFAULT_CERC_ENABLE_PEER_L2_TXS}}" CERC_ENABLE_PEER_L2_TXS="${CERC_ENABLE_PEER_L2_TXS:-${DEFAULT_CERC_ENABLE_PEER_L2_TXS}}"
CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}" CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}"
echo "Using L2 RPC endpoint ${CERC_L2_GETH_RPC}" echo "Using L2 RPC endpoint ${CERC_L2_GETH_RPC}"
# Use public domain for relay multiaddr in peer config if specified
# Otherwise, use the docker container's host IP
if [ -n "$CERC_RELAY_ANNOUNCE_DOMAIN" ]; then
CERC_RELAY_MULTIADDR="/dns4/${CERC_RELAY_ANNOUNCE_DOMAIN}/tcp/443/wss/p2p/$(jq -r '.id' /app/peers/relay-id.json)"
else
CERC_RELAY_MULTIADDR="/dns4/mobymask-watcher-server/tcp/9090/ws/p2p/$(jq -r '.id' /app/peers/relay-id.json)" CERC_RELAY_MULTIADDR="/dns4/mobymask-watcher-server/tcp/9090/ws/p2p/$(jq -r '.id' /app/peers/relay-id.json)"
fi
# Use contract address from environment variable or set from config.json in mounted volume # Use contract address from environment variable or set from config.json in mounted volume
if [ -n "$CERC_DEPLOYED_CONTRACT" ]; then if [ -n "$CERC_DEPLOYED_CONTRACT" ]; then
@ -42,6 +49,7 @@ fi
WATCHER_CONFIG_TEMPLATE=$(cat environments/watcher-config-template.toml) WATCHER_CONFIG_TEMPLATE=$(cat environments/watcher-config-template.toml)
WATCHER_CONFIG=$(echo "$WATCHER_CONFIG_TEMPLATE" | \ WATCHER_CONFIG=$(echo "$WATCHER_CONFIG_TEMPLATE" | \
sed -E "s|REPLACE_WITH_CERC_RELAY_PEERS|${CERC_RELAY_PEERS}|g; \ sed -E "s|REPLACE_WITH_CERC_RELAY_PEERS|${CERC_RELAY_PEERS}|g; \
s|REPLACE_WITH_CERC_DENY_MULTIADDRS|${CERC_DENY_MULTIADDRS}|g; \
s/REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN/${CERC_RELAY_ANNOUNCE_DOMAIN}/g; \ s/REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN/${CERC_RELAY_ANNOUNCE_DOMAIN}/g; \
s|REPLACE_WITH_CERC_RELAY_MULTIADDR|${CERC_RELAY_MULTIADDR}|g; \ s|REPLACE_WITH_CERC_RELAY_MULTIADDR|${CERC_RELAY_MULTIADDR}|g; \
s/REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS/${CERC_ENABLE_PEER_L2_TXS}/g; \ s/REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS/${CERC_ENABLE_PEER_L2_TXS}/g; \

View File

@ -1,6 +1,7 @@
{ {
"relayNodes": [], "relayNodes": [],
"peer": { "peer": {
"denyMultiaddrs": [],
"enableDebugInfo": true "enableDebugInfo": true
} }
} }

View File

@ -5,6 +5,7 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
fi fi
CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}" CERC_RELAY_NODES="${CERC_RELAY_NODES:-${DEFAULT_CERC_RELAY_NODES}}"
CERC_DENY_MULTIADDRS="${CERC_DENY_MULTIADDRS:-${DEFAULT_CERC_DENY_MULTIADDRS}}"
# If not set (or []), check the mounted volume for relay peer id # If not set (or []), check the mounted volume for relay peer id
if [ -z "$CERC_RELAY_NODES" ] || [ "$CERC_RELAY_NODES" = "[]" ]; then if [ -z "$CERC_RELAY_NODES" ] || [ "$CERC_RELAY_NODES" = "[]" ]; then
@ -16,5 +17,6 @@ echo "Using CERC_RELAY_NODES $CERC_RELAY_NODES"
# Use yq to create config.yml with environment variables # Use yq to create config.yml with environment variables
yq -n ".relayNodes = strenv(CERC_RELAY_NODES)" > /config/config.yml yq -n ".relayNodes = strenv(CERC_RELAY_NODES)" > /config/config.yml
yq ".denyMultiaddrs = strenv(CERC_DENY_MULTIADDRS)" -i /config/config.yml
/scripts/start-serving-app.sh /scripts/start-serving-app.sh

View File

@ -27,6 +27,7 @@
host = "0.0.0.0" host = "0.0.0.0"
port = 9090 port = 9090
relayPeers = REPLACE_WITH_CERC_RELAY_PEERS relayPeers = REPLACE_WITH_CERC_RELAY_PEERS
denyMultiaddrs = REPLACE_WITH_CERC_DENY_MULTIADDRS
peerIdFile = './peers/relay-id.json' peerIdFile = './peers/relay-id.json'
announce = 'REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN' announce = 'REPLACE_WITH_CERC_RELAY_ANNOUNCE_DOMAIN'
enableDebugInfo = true enableDebugInfo = true
@ -34,6 +35,7 @@
[server.p2p.peer] [server.p2p.peer]
relayMultiaddr = 'REPLACE_WITH_CERC_RELAY_MULTIADDR' relayMultiaddr = 'REPLACE_WITH_CERC_RELAY_MULTIADDR'
pubSubTopic = 'mobymask' pubSubTopic = 'mobymask'
denyMultiaddrs = REPLACE_WITH_CERC_DENY_MULTIADDRS
peerIdFile = './peers/peer-id.json' peerIdFile = './peers/peer-id.json'
enableDebugInfo = true enableDebugInfo = true
enableL2Txs = REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS enableL2Txs = REPLACE_WITH_CERC_ENABLE_PEER_L2_TXS

View File

@ -50,9 +50,9 @@ RUN yarn global add http-server
# Globally install both versions of the payload web app package # Globally install both versions of the payload web app package
# Install old version of MobyMask web app # Install old version of MobyMask web app
RUN yarn global add @cerc-io/mobymask-ui@0.1.3 RUN yarn global add @cerc-io/mobymask-ui@0.1.4
# Install the LXDAO version of MobyMask web app # Install the LXDAO version of MobyMask web app
RUN yarn global add @cerc-io/mobymask-ui-lxdao@npm:@cerc-io/mobymask-ui@0.1.3-lxdao-0.1.1 RUN yarn global add @cerc-io/mobymask-ui-lxdao@npm:@cerc-io/mobymask-ui@0.1.4-lxdao-0.1.1
# Expose port for http # Expose port for http
EXPOSE 80 EXPOSE 80

View File

@ -33,7 +33,7 @@ do
echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}" echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}"
# TODO: Pass keys to be replaced without double quotes # TODO: Pass keys to be replaced without double quotes
if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|chainId)$ ]]; then if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|chainId|denyMultiaddrs)$ ]]; then
find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} + find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} +
else else
# Note: we do not escape our strings, on the expectation they do not container the '#' char. # Note: we do not escape our strings, on the expectation they do not container the '#' char.

View File

@ -21,7 +21,7 @@ RUN mkdir -p /config
RUN yarn global add http-server RUN yarn global add http-server
# Globally install the payload web app package # Globally install the payload web app package
RUN yarn global add @cerc-io/test-app@0.2.33 RUN yarn global add @cerc-io/test-app@0.2.34
# Expose port for http # Expose port for http
EXPOSE 80 EXPOSE 80

View File

@ -33,7 +33,7 @@ do
echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}" echo "Substituting: ${template_string_to_replace} = ${template_value_to_substitute}"
# TODO: Pass keys to be replaced without double quotes # TODO: Pass keys to be replaced without double quotes
if [[ "$template_string_to_replace" == "${config_prefix}_relayNodes" ]]; then if [[ "$template_string_to_replace" =~ ^${config_prefix}_(relayNodes|denyMultiaddrs)$ ]]; then
find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} + find ${webapp_files_dir} -type f -exec sed -i 's#"'"${template_string_to_replace}"'"#'"${template_value_to_substitute}"'#g' {} +
else else
# Note: we do not escape our strings, on the expectation they do not container the '#' char. # Note: we do not escape our strings, on the expectation they do not container the '#' char.

View File

@ -23,11 +23,11 @@ Checkout to the required versions and branches in repos
```bash ```bash
# watcher-ts # watcher-ts
cd ~/cerc/watcher-ts cd ~/cerc/watcher-ts
git checkout v0.2.39 git checkout v0.2.41
# mobymask-v2-watcher-ts # mobymask-v2-watcher-ts
cd ~/cerc/mobymask-v2-watcher-ts cd ~/cerc/mobymask-v2-watcher-ts
git checkout v0.1.0 git checkout v0.1.1
# MobyMask # MobyMask
cd ~/cerc/MobyMask cd ~/cerc/MobyMask

View File

@ -19,11 +19,11 @@ Checkout to the required versions and branches in repos:
```bash ```bash
# watcher-ts # watcher-ts
cd ~/cerc/watcher-ts cd ~/cerc/watcher-ts
git checkout v0.2.39 git checkout v0.2.41
# mobymask-v2-watcher-ts # mobymask-v2-watcher-ts
cd ~/cerc/mobymask-v2-watcher-ts cd ~/cerc/mobymask-v2-watcher-ts
git checkout v0.1.0 git checkout v0.1.1
# MobyMask # MobyMask
cd ~/cerc/MobyMask cd ~/cerc/MobyMask
@ -67,11 +67,14 @@ Create and update an env file to be used in the next step ([defaults](../../conf
# (used for generating a root invite link after deploying the contract) # (used for generating a root invite link after deploying the contract)
CERC_MOBYMASK_APP_BASE_URI="http://127.0.0.1:3002/#" CERC_MOBYMASK_APP_BASE_URI="http://127.0.0.1:3002/#"
# (Optional) Domain to be used in the relay node's announce address
CERC_RELAY_ANNOUNCE_DOMAIN=
# (Optional) Set of relay peers to connect to from the relay node # (Optional) Set of relay peers to connect to from the relay node
CERC_RELAY_PEERS=[] CERC_RELAY_PEERS=[]
# (Optional) Domain to be used in the relay node's announce address # (Optional) Set of multiaddrs to be avoided while dialling
CERC_RELAY_ANNOUNCE_DOMAIN= CERC_DENY_MULTIADDRS=[]
# Set to false for disabling watcher peer to send txs to L2 # Set to false for disabling watcher peer to send txs to L2
CERC_ENABLE_PEER_L2_TXS=true CERC_ENABLE_PEER_L2_TXS=true

View File

@ -35,11 +35,11 @@ Checkout to the required versions and branches in repos:
```bash ```bash
# watcher-ts # watcher-ts
cd ~/cerc/watcher-ts cd ~/cerc/watcher-ts
git checkout v0.2.39 git checkout v0.2.41
# mobymask-v2-watcher-ts # mobymask-v2-watcher-ts
cd ~/cerc/mobymask-v2-watcher-ts cd ~/cerc/mobymask-v2-watcher-ts
git checkout v0.1.0 git checkout v0.1.1
# MobyMask # MobyMask
cd ~/cerc/MobyMask cd ~/cerc/MobyMask

View File

@ -26,6 +26,9 @@ Create and update an env file to be used in the next step ([defaults](../../conf
# Eg. CERC_RELAY_NODES=["/dns4/example.com/tcp/443/wss/p2p/12D3KooWGHmDDCc93XUWL16FMcTPCGu2zFaMkf67k8HZ4gdQbRDr"] # Eg. CERC_RELAY_NODES=["/dns4/example.com/tcp/443/wss/p2p/12D3KooWGHmDDCc93XUWL16FMcTPCGu2zFaMkf67k8HZ4gdQbRDr"]
CERC_RELAY_NODES=[] CERC_RELAY_NODES=[]
# Set of multiaddrs to be avoided while dialling
CERC_DENY_MULTIADDRS=[]
# Also add if running MobyMask app: # Also add if running MobyMask app:
# Watcher endpoint used by the app for GQL queries # Watcher endpoint used by the app for GQL queries