1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

use crate::compat::boxed::Box;
use crate::compat::vec::Vec;
use crate::{async_trait, Address, OutgoingAccessControl, RelayMessage, Result};

/// An Access Control type that allows messages to the given onward address to go through
/// Note that onward and destination addresses are different in some cases
#[derive(Debug)]
pub struct AllowOnwardAddress(pub Address);

impl AllowOnwardAddress {
    /// Convenience constructor
    pub fn new(address: impl Into<Address>) -> Self {
        Self(address.into())
    }
}

#[async_trait]
impl OutgoingAccessControl for AllowOnwardAddress {
    async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool> {
        let onward_route = relay_msg.onward_route();

        // Check if next hop is equal to expected value. Further hops are not checked
        if &self.0 != onward_route.next()? {
            return crate::deny();
        }

        crate::allow()
    }
}

/// An Access Control type that allows messages to the given onward address to go through
/// Note that onward and destination addresses are different in some cases
#[derive(Debug)]
pub struct AllowOnwardAddresses(pub Vec<Address>);

#[async_trait]
impl OutgoingAccessControl for AllowOnwardAddresses {
    async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool> {
        let onward_route = relay_msg.onward_route();

        // Check if next hop is equal to expected value. Further hops are not checked
        if !self.0.contains(onward_route.next()?) {
            return crate::deny();
        }

        crate::allow()
    }
}

#[cfg(test)]
mod tests {
    use crate::{
        route, Address, AllowOnwardAddress, AllowOnwardAddresses, LocalMessage,
        OutgoingAccessControl, RelayMessage, Result, TransportMessage,
    };

    #[tokio::test]
    async fn test_1_address() -> Result<()> {
        let onward_address1 = Address::random_local();
        let onward_address2 = Address::random_local();
        let source_address = Address::random_local();

        let ac = AllowOnwardAddress(onward_address1.clone());

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address1.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address1.clone(), msg);

        assert!(ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address2.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address2.clone(), msg);

        assert!(!ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address1.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address2.clone(), msg);

        assert!(ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address2, route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address, onward_address1, msg);

        assert!(!ac.is_authorized(&msg).await?);

        Ok(())
    }

    #[tokio::test]
    async fn test_2_addresses() -> Result<()> {
        let onward_address1 = Address::random_local();
        let onward_address2 = Address::random_local();
        let onward_address3 = Address::random_local();
        let source_address = Address::random_local();

        let ac = AllowOnwardAddresses(vec![onward_address1.clone(), onward_address2.clone()]);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address1.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address1.clone(), msg);

        assert!(ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address2.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address2, msg);

        assert!(ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address3.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address3.clone(), msg);

        assert!(!ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address3.clone(), route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address.clone(), onward_address1.clone(), msg);

        assert!(!ac.is_authorized(&msg).await?);

        let msg = LocalMessage::new(
            TransportMessage::v1(onward_address1, route![], vec![]),
            vec![],
        );
        let msg = RelayMessage::new(source_address, onward_address3, msg);

        assert!(ac.is_authorized(&msg).await?);

        Ok(())
    }
}