node-filter 1.12.0

Tetsy Smart Contract based Node Filter, Manage Permissions of Network Connections
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

// Copyright 2015-2020 Parity Technologies (UK) Ltd.
// This file is part of Tetsy Vapory.

// Tetsy Vapory is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// Tetsy Vapory is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with Tetsy Vapory.  If not, see <http://www.gnu.org/licenses/>.

//! Smart contract based node filter.

extern crate client_traits;
extern crate common_types;
extern crate vapabi;
extern crate vapcore;
extern crate vapcore_network as network;
extern crate vapcore_network_devp2p as devp2p;
extern crate vapory_types;
extern crate lru_cache;
extern crate parking_lot;

#[macro_use]
extern crate vapabi_contract;
#[cfg(test)]
extern crate vapcore_io as io;
#[cfg(test)]
extern crate tetsy_kvdb_memorydb;
#[cfg(test)]
extern crate tempdir;
#[cfg(test)]
extern crate spec;
#[macro_use]
extern crate log;

use std::collections::{HashMap, VecDeque};
use std::sync::Weak;

use common_types::{
	ids::BlockId,
	chain_notify::NewBlocks,
};
use client_traits::{BlockChainClient, ChainNotify};
use vapory_types::{H256, Address};
use vapabi::FunctionOutputDecoder;
use network::{ConnectionFilter, ConnectionDirection};
use devp2p::NodeId;
use devp2p::MAX_NODES_IN_TABLE;
use parking_lot::RwLock;

use_contract!(peer_set, "res/peer_set.json");

/// Connection filter that uses a contract to manage permissions.
pub struct NodeFilter {
	client: Weak<dyn BlockChainClient>,
	contract_address: Address,
	cache: RwLock<Cache>
}

struct Cache {
	cache: HashMap<NodeId, bool>,
	order: VecDeque<NodeId>
}

// Increase cache size due to possible reserved peers, which do not count in the node table size
pub const CACHE_SIZE: usize = MAX_NODES_IN_TABLE + 1024;

impl NodeFilter {
	/// Create a new instance. Accepts a contract address.
	pub fn new(client: Weak<dyn BlockChainClient>, contract_address: Address) -> NodeFilter {
		NodeFilter {
			client,
			contract_address,
			cache: RwLock::new(Cache{
				cache: HashMap::with_capacity(CACHE_SIZE),
				order: VecDeque::with_capacity(CACHE_SIZE)
			})
		}
	}
}

impl ConnectionFilter for NodeFilter {
	fn connection_allowed(&self, own_id: &NodeId, connecting_id: &NodeId, _direction: ConnectionDirection) -> bool {
		let client = match self.client.upgrade() {
			Some(client) => client,
			None => return false,
		};

		if let Some(allowed) = self.cache.read().cache.get(connecting_id) {
			return *allowed;
		}

		let address = self.contract_address;
		let own_low = H256::from_slice(&own_id[0..32]);
		let own_high = H256::from_slice(&own_id[32..64]);
		let id_low = H256::from_slice(&connecting_id[0..32]);
		let id_high = H256::from_slice(&connecting_id[32..64]);

		let (data, decoder) = peer_set::functions::connection_allowed::call(own_low, own_high, id_low, id_high);
		let allowed = client.call_contract(BlockId::Latest, address, data)
			.and_then(|value| decoder.decode(&value).map_err(|e| e.to_string()))
			.unwrap_or_else(|e| {
				debug!("Error callling peer set contract: {:?}", e);
				false
			});
		let mut cache = self.cache.write();
		if cache.cache.len() == CACHE_SIZE {
			let popped = cache.order.pop_front().expect("the cache is full so there's at least one item we can pop; qed");
			cache.cache.remove(&popped);
		};
		if cache.cache.insert(*connecting_id, allowed).is_none() {
			cache.order.push_back(*connecting_id);
		}
		allowed
	}
}

impl ChainNotify for NodeFilter {
	fn new_blocks(&self, _new_blocks: NewBlocks)	{
		let mut cache = self.cache.write();
		cache.cache.clear();
		cache.order.clear();
	}
}

#[cfg(test)]
mod test {
	use std::sync::{Arc, Weak};

	use client_traits::BlockChainClient;
	use spec::Spec;
	use vapcore::client::{Client, ClientConfig};
	use vapcore::miner::Miner;
	use vapcore::test_helpers;
	use network::{ConnectionDirection, ConnectionFilter, NodeId};
	use io::IoChannel;
	use super::NodeFilter;
	use tempdir::TempDir;
	use vapory_types::Address;
	use std::str::FromStr;

	/// Contract code: https://gist.github.com/arkpar/467dbcc73cbb85b0997a7a10ffa0695f
	#[test]
	fn node_filter() {
		let contract_addr = Address::from_str("0000000000000000000000000000000000000005").unwrap();
		let data = include_bytes!("../res/node_filter.json");
		let tempdir = TempDir::new("").unwrap();
		let spec = Spec::load(&tempdir.path(), &data[..]).unwrap();
		let client_db = test_helpers::new_db();

		let client = Client::new(
			ClientConfig::default(),
			&spec,
			client_db,
			Arc::new(Miner::new_for_tests(&spec, None)),
			IoChannel::disconnected(),
		).unwrap();
		let filter = NodeFilter::new(Arc::downgrade(&client) as Weak<dyn BlockChainClient>, contract_addr);
		let self1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002").unwrap();
		let self2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003").unwrap();
		let node1 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000012").unwrap();
		let node2 = NodeId::from_str("00000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000022").unwrap();
		let nodex = NodeId::from_str("77000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();

		assert!(filter.connection_allowed(&self1, &node1, ConnectionDirection::Inbound));
		assert!(filter.connection_allowed(&self1, &nodex, ConnectionDirection::Inbound));
		assert!(filter.connection_allowed(&self2, &node1, ConnectionDirection::Inbound));
		assert!(filter.connection_allowed(&self2, &node2, ConnectionDirection::Inbound));
	}
}