feat: update sdn for network connect authorizing (#73)

8xFF · Oct 9, 2024 · 4229b3f · 4229b3f
1 parent c3c6ce2
commit 4229b3f
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -8,7 +8,7 @@ members = [
 ]
 
 [workspace.dependencies]
-p2p = { package = "atm0s-small-p2p", git = "https://github.com/8xFF/atm0s-small-p2p.git", rev = "14e963e0b26dad9b6e57d9cd74bf5c976cf1a762" }
+p2p = { package = "atm0s-small-p2p", git = "https://github.com/8xFF/atm0s-small-p2p.git", rev = "ba1a842d6959f1ef9c60b58162c96866510881d4" }
 protocol = { path = "crates/protocol", package = "atm0s-reverse-proxy-protocol", version = "0.2.1" }
 protocol-ed25519 = { path = "crates/protocol_ed25519", package = "atm0s-reverse-proxy-protocol-ed25519", version = "0.1.3" }
 

diff --git a/bin/relayer/src/lib.rs b/bin/relayer/src/lib.rs
@@ -8,7 +8,7 @@ use agent::{
 use anyhow::anyhow;
 use p2p::{
     alias_service::{AliasService, AliasServiceRequester},
-    ErrorExt, P2pNetwork, P2pNetworkConfig, P2pService, P2pServiceEvent, P2pServiceRequester, PeerAddress, PeerId,
+    ErrorExt, HandshakeProtocol, P2pNetwork, P2pNetworkConfig, P2pService, P2pServiceEvent, P2pServiceRequester, PeerAddress, PeerId,
 };
 use protocol::{
     cluster::{write_object, AgentTunnelRequest},
@@ -50,7 +50,7 @@ pub trait TunnelServiceHandle {
     fn on_cluster_event(&mut self, _ctx: &TunnelServiceCtx, _event: P2pServiceEvent);
 }
 
-pub struct QuicRelayerConfig<TSH> {
+pub struct QuicRelayerConfig<SECURE, TSH> {
     pub agent_listener: SocketAddr,
     pub proxy_http_listener: SocketAddr,
     pub proxy_tls_listener: SocketAddr,
@@ -66,6 +66,7 @@ pub struct QuicRelayerConfig<TSH> {
     pub sdn_key: PrivatePkcs8KeyDer<'static>,
     pub sdn_cert: CertificateDer<'static>,
     pub sdn_advertise_address: Option<SocketAddr>,
+    pub sdn_secure: SECURE,
 
     pub tunnel_service_handle: TSH,
 }
@@ -76,15 +77,15 @@ pub enum QuicRelayerEvent {
     Continue,
 }
 
-pub struct QuicRelayer<VALIDATE, REQ, TSH> {
+pub struct QuicRelayer<SECURE, VALIDATE, REQ, TSH> {
     agent_quic: AgentQuicListener<VALIDATE, REQ>,
     agent_tcp: AgentTcpListener<VALIDATE, REQ>,
     http_proxy: ProxyTcpListener<HttpDestinationDetector>,
     tls_proxy: ProxyTcpListener<TlsDestinationDetector>,
     rtsp_proxy: ProxyTcpListener<RtspDestinationDetector>,
     rtsps_proxy: ProxyTcpListener<TlsDestinationDetector>,
 
-    sdn: P2pNetwork,
+    sdn: P2pNetwork<SECURE>,
 
     sdn_alias_requester: AliasServiceRequester,
     // This service is for proxy from internet to agent
@@ -98,13 +99,14 @@ pub struct QuicRelayer<VALIDATE, REQ, TSH> {
     agent_tcp_sessions: HashMap<AgentId, HashMap<AgentSessionId, AgentSession<TunnelTcpStream>>>,
 }
 
-impl<VALIDATE, REQ, TSH> QuicRelayer<VALIDATE, REQ, TSH>
+impl<SECURE, VALIDATE, REQ, TSH> QuicRelayer<SECURE, VALIDATE, REQ, TSH>
 where
+    SECURE: HandshakeProtocol,
     VALIDATE: ClusterValidator<REQ>,
     REQ: DeserializeOwned + Send + Sync + 'static,
     TSH: TunnelServiceHandle + Send + Sync + 'static,
 {
-    pub async fn new(mut cfg: QuicRelayerConfig<TSH>, validate: VALIDATE) -> anyhow::Result<Self> {
+    pub async fn new(mut cfg: QuicRelayerConfig<SECURE, TSH>, validate: VALIDATE) -> anyhow::Result<Self> {
         let mut sdn = P2pNetwork::new(P2pNetworkConfig {
             peer_id: cfg.sdn_peer_id,
             listen_addr: cfg.sdn_listener,
@@ -113,6 +115,7 @@ where
             cert: cfg.sdn_cert,
             tick_ms: 1000,
             seeds: cfg.sdn_seeds,
+            secure: cfg.sdn_secure,
         })
         .await?;
 
@@ -166,7 +169,7 @@ where
         }
     }
 
-    pub fn p2p(&mut self) -> &mut P2pNetwork {
+    pub fn p2p(&mut self) -> &mut P2pNetwork<SECURE> {
         &mut self.sdn
     }
 

diff --git a/bin/relayer/src/main.rs b/bin/relayer/src/main.rs
@@ -2,6 +2,7 @@ use std::net::SocketAddr;
 
 use atm0s_reverse_proxy_relayer::{QuicRelayer, QuicRelayerConfig, TunnelServiceHandle};
 use clap::Parser;
+use p2p::SharedKeyHandshake;
 use protocol::{DEFAULT_CLUSTER_CERT, DEFAULT_CLUSTER_KEY, DEFAULT_TUNNEL_CERT, DEFAULT_TUNNEL_KEY};
 use protocol_ed25519::ClusterValidatorImpl;
 use rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
@@ -37,6 +38,10 @@ struct Args {
     #[arg(env, long)]
     sdn_advertise_address: Option<SocketAddr>,
 
+    /// Shared key for validate network connection
+    #[arg(env, long, default_value = "insecure")]
+    sdn_secure_key: String,
+
     /// TCP port for serving HTTP connection
     #[arg(env, long, default_value = "0.0.0.0:80")]
     proxy_http_listener: SocketAddr,
@@ -86,6 +91,7 @@ async fn main() {
         sdn_key: default_cluster_key,
         sdn_cert: default_cluster_cert,
         sdn_seeds: args.sdn_seeds.into_iter().map(|a| a.parse().expect("should parse to PeerAddress")).collect::<Vec<_>>(),
+        sdn_secure: SharedKeyHandshake::from(args.sdn_secure_key.as_str()),
         sdn_advertise_address: args.sdn_advertise_address,
         tunnel_service_handle: DummyTunnelHandle,
     };