mirror of
https://github.com/mudler/edgevpn.git
synced 2025-09-26 21:01:44 +08:00
f5ea51d82e
As EdgeVPN can be used as library and it turns out to be quite useful, change license for follow up versions to Apache so can be used as a library easilier.
103 lines
2.5 KiB
Go
103 lines
2.5 KiB
Go
/*
|
|
Copyright © 2021-2022 Ettore Di Giacinto <mudler@mocaccino.org>
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package trustzone
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/libp2p/go-libp2p/core/peer"
|
|
"github.com/mudler/edgevpn/pkg/blockchain"
|
|
"github.com/mudler/edgevpn/pkg/node"
|
|
"github.com/mudler/edgevpn/pkg/protocol"
|
|
)
|
|
|
|
type PeerGater struct {
|
|
sync.Mutex
|
|
trustDB []peer.ID
|
|
enabled, relaxed bool
|
|
}
|
|
|
|
// NewPeerGater returns a new peergater
|
|
// In relaxed mode won't gate until the trustDB contains some auth data.
|
|
func NewPeerGater(relaxed bool) *PeerGater {
|
|
return &PeerGater{enabled: true, relaxed: relaxed}
|
|
}
|
|
|
|
// Enabled returns true if the PeerGater is enabled
|
|
func (pg *PeerGater) Enabled() bool {
|
|
pg.Lock()
|
|
defer pg.Unlock()
|
|
return pg.enabled
|
|
}
|
|
|
|
// Disables turn off the peer gating mechanism
|
|
func (pg *PeerGater) Disable() {
|
|
pg.Lock()
|
|
defer pg.Unlock()
|
|
pg.enabled = false
|
|
}
|
|
|
|
// Enable turns on peer gating mechanism
|
|
func (pg *PeerGater) Enable() {
|
|
pg.Lock()
|
|
defer pg.Unlock()
|
|
pg.enabled = true
|
|
}
|
|
|
|
// Implements peergating interface
|
|
// resolves to peers in the trustDB. if peer is absent will return true
|
|
func (pg *PeerGater) Gate(n *node.Node, p peer.ID) bool {
|
|
pg.Lock()
|
|
defer pg.Unlock()
|
|
if !pg.enabled {
|
|
return false
|
|
}
|
|
|
|
if pg.relaxed && len(pg.trustDB) == 0 {
|
|
return false
|
|
}
|
|
|
|
for _, pp := range pg.trustDB {
|
|
if pp == p {
|
|
return false
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// UpdaterService is a service responsible to sync back trustDB from the ledger state.
|
|
// It is a network service which retrieves the senders ID listed in the Trusted Zone
|
|
// and fills it in the trustDB used to gate blockchain messages
|
|
func (pg *PeerGater) UpdaterService(duration time.Duration) node.NetworkService {
|
|
return func(ctx context.Context, c node.Config, n *node.Node, b *blockchain.Ledger) error {
|
|
b.Announce(ctx, duration, func() {
|
|
db := []peer.ID{}
|
|
tz, found := b.CurrentData()[protocol.TrustZoneKey]
|
|
if found {
|
|
for k, _ := range tz {
|
|
db = append(db, peer.ID(k))
|
|
}
|
|
}
|
|
pg.Lock()
|
|
pg.trustDB = db
|
|
pg.Unlock()
|
|
})
|
|
|
|
return nil
|
|
}
|
|
}
|