⚙️ Add wip/experimental peerguard and peergater

Peerguard and peergater are two components that work together to gate peers and add them to a trusted zone. This allows to isolate nodes from the p2p network and avoid to rotate network tokens in case of leaks. For the moment an ECDSA auth provider is implemented as sample purpose, documentation will follow up on how to use them and how to write them up.
2025-10-12 20:20:16 +08:00 · 2022-04-22 00:37:25 +02:00
parent c01e83f9df
commit 8826daf815
16 changed files with 966 additions and 24 deletions
--- a/api/api.go
+++ b/api/api.go
@@ -66,6 +66,7 @@ const (
 	DNSURL        = "/api/dns"
 	MetricsURL    = "/api/metrics"
 	PeerstoreURL  = "/api/peerstore"
+	PeerGateURL   = "/api/peergate"
 )

 func API(ctx context.Context, l string, defaultInterval, timeout time.Duration, e *node.Node, bwc metrics.Reporter, debugMode bool) error {
@@ -115,6 +116,24 @@ func API(ctx context.Context, l string, defaultInterval, timeout time.Duration,
 		return c.JSON(http.StatusOK, list)
 	})

+	if e.PeerGater() != nil {
+		ec.PUT(fmt.Sprintf("%s/:state", PeerGateURL), func(c echo.Context) error {
+			state := c.Param("state")
+
+			switch state {
+			case "enable":
+				e.PeerGater().Enable()
+			case "disable":
+				e.PeerGater().Disable()
+			}
+			return c.JSON(http.StatusOK, e.PeerGater().Enabled())
+		})
+
+		ec.GET(PeerGateURL, func(c echo.Context) error {
+			return c.JSON(http.StatusOK, e.PeerGater().Enabled())
+		})
+	}
+
 	ec.GET(SummaryURL, func(c echo.Context) error {
 		files := len(ledger.CurrentData()[protocol.FilesLedgerKey])
 		machines := len(ledger.CurrentData()[protocol.MachinesLedgerKey])