2018-03-16 12:23:38 +00:00
|
|
|
package client
|
|
|
|
|
|
|
|
|
|
import (
|
2018-03-20 18:35:42 +00:00
|
|
|
"context"
|
2018-03-16 12:23:38 +00:00
|
|
|
"crypto/tls"
|
|
|
|
|
"errors"
|
|
|
|
|
"net"
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
libp2p "github.com/libp2p/go-libp2p"
|
2019-06-14 10:41:11 +00:00
|
|
|
peer "github.com/libp2p/go-libp2p-core/peer"
|
|
|
|
|
peerstore "github.com/libp2p/go-libp2p-core/peerstore"
|
|
|
|
|
p2phttp "github.com/libp2p/go-libp2p-http"
|
2019-11-05 09:30:24 +00:00
|
|
|
secio "github.com/libp2p/go-libp2p-secio"
|
|
|
|
|
libp2ptls "github.com/libp2p/go-libp2p-tls"
|
2018-03-20 18:35:42 +00:00
|
|
|
madns "github.com/multiformats/go-multiaddr-dns"
|
2020-08-27 12:10:58 +00:00
|
|
|
manet "github.com/multiformats/go-multiaddr/net"
|
2019-11-30 02:36:58 +00:00
|
|
|
"github.com/tv42/httpunix"
|
2018-03-16 12:23:38 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// This is essentially a http.DefaultTransport. We should not mess
|
|
|
|
|
// with it since it's a global variable, and we don't know who else uses
|
|
|
|
|
// it, so we create our own.
|
|
|
|
|
// TODO: Allow more configuration options.
|
2018-08-30 23:14:06 +00:00
|
|
|
func (c *defaultClient) defaultTransport() {
|
2018-03-16 12:23:38 +00:00
|
|
|
c.transport = &http.Transport{
|
|
|
|
|
Proxy: http.ProxyFromEnvironment,
|
|
|
|
|
DialContext: (&net.Dialer{
|
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
|
KeepAlive: 30 * time.Second,
|
|
|
|
|
DualStack: true,
|
|
|
|
|
}).DialContext,
|
|
|
|
|
MaxIdleConns: 100,
|
|
|
|
|
IdleConnTimeout: 90 * time.Second,
|
|
|
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
|
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
|
|
|
}
|
|
|
|
|
c.net = "http"
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-30 23:14:06 +00:00
|
|
|
func (c *defaultClient) enableLibp2p() error {
|
2018-03-16 12:23:38 +00:00
|
|
|
c.defaultTransport()
|
|
|
|
|
|
2019-06-14 10:41:11 +00:00
|
|
|
pinfo, err := peer.AddrInfoFromP2pAddr(c.config.APIAddr)
|
2018-03-16 12:23:38 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
Fix #787: Connectivity fixes
Currently, unless doing Join() (--bootstrap), we do not connect to any peers on startup.
We however loaded up the peerstore file and Raft will automatically connect
older peers to figure out who is the leader etc. DHT bootstrap, after Raft
was working, did the rest.
For CRDTs we need to connect to people on a normal boot as otherwise, unless
bootstrapping, this does not happen, even if the peerstore contains known peers.
This introduces a number of changes:
* Move peerstore file management back inside the Cluster component, which was
already in charge of saving the peerstore file.
* We keep saving all "known addresses" but we load them with a non permanent
TTL, so that there will be clean up of peers we're not connected to for long.
* "Bootstrap" (connect) to a small number of peers during Cluster component creation.
* Bootstrap the DHT asap after this, so that other cluster components can
initialize with a working peer discovery mechanism.
* CRDT Trust() method will now:
* Protect the trusted Peer ID in the conn manager
* Give top priority in the PeerManager to that Peer (see below)
* Mark addresses as permanent in the Peerstore
The PeerManager now attaches priorities to peers when importing them and is
able to order them according to that priority. The result is that peers with
high priority are saved first in the peerstore file. When we load the peerstore
file, the first entries in it are given the highest priority.
This means that during startup we will connect to "trusted peers" first
(because they have been tagged with priority in the previous run and saved at
the top of the list). Once connected to a small number of peers, we let the
DHT bootstrap process in the background do the rest and discover the network.
All this makes the peerstore file a "bootstrap" list for CRDTs and we will attempt
to connect to peers on that list until some of those connections succeed.
2019-05-23 16:41:33 +00:00
|
|
|
if len(pinfo.Addrs) == 0 {
|
|
|
|
|
return errors.New("APIAddr only includes a Peer ID")
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-16 12:23:38 +00:00
|
|
|
if c.config.ProtectorKey != nil && len(c.config.ProtectorKey) > 0 {
|
|
|
|
|
if len(c.config.ProtectorKey) != 32 {
|
|
|
|
|
return errors.New("length of ProtectorKey should be 32")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-05 09:30:24 +00:00
|
|
|
h, err := libp2p.New(c.ctx,
|
2020-03-13 20:40:02 +00:00
|
|
|
libp2p.PrivateNetwork(c.config.ProtectorKey),
|
2019-11-05 11:47:06 +00:00
|
|
|
libp2p.Security(libp2ptls.ID, libp2ptls.New),
|
|
|
|
|
libp2p.Security(secio.ID, secio.New),
|
2020-03-13 20:40:02 +00:00
|
|
|
// TODO: quic does not support private networks
|
|
|
|
|
//libp2p.Transport(libp2pquic.NewTransport),
|
2019-11-05 11:47:06 +00:00
|
|
|
libp2p.DefaultTransports,
|
2019-11-05 09:30:24 +00:00
|
|
|
)
|
2018-03-16 12:23:38 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-09 01:01:19 +00:00
|
|
|
ctx, cancel := context.WithTimeout(c.ctx, ResolveTimeout)
|
2018-03-20 18:35:42 +00:00
|
|
|
defer cancel()
|
Fix #787: Connectivity fixes
Currently, unless doing Join() (--bootstrap), we do not connect to any peers on startup.
We however loaded up the peerstore file and Raft will automatically connect
older peers to figure out who is the leader etc. DHT bootstrap, after Raft
was working, did the rest.
For CRDTs we need to connect to people on a normal boot as otherwise, unless
bootstrapping, this does not happen, even if the peerstore contains known peers.
This introduces a number of changes:
* Move peerstore file management back inside the Cluster component, which was
already in charge of saving the peerstore file.
* We keep saving all "known addresses" but we load them with a non permanent
TTL, so that there will be clean up of peers we're not connected to for long.
* "Bootstrap" (connect) to a small number of peers during Cluster component creation.
* Bootstrap the DHT asap after this, so that other cluster components can
initialize with a working peer discovery mechanism.
* CRDT Trust() method will now:
* Protect the trusted Peer ID in the conn manager
* Give top priority in the PeerManager to that Peer (see below)
* Mark addresses as permanent in the Peerstore
The PeerManager now attaches priorities to peers when importing them and is
able to order them according to that priority. The result is that peers with
high priority are saved first in the peerstore file. When we load the peerstore
file, the first entries in it are given the highest priority.
This means that during startup we will connect to "trusted peers" first
(because they have been tagged with priority in the previous run and saved at
the top of the list). Once connected to a small number of peers, we let the
DHT bootstrap process in the background do the rest and discover the network.
All this makes the peerstore file a "bootstrap" list for CRDTs and we will attempt
to connect to peers on that list until some of those connections succeed.
2019-05-23 16:41:33 +00:00
|
|
|
resolvedAddrs, err := madns.Resolve(ctx, pinfo.Addrs[0])
|
2018-03-20 18:35:42 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
Fix #787: Connectivity fixes
Currently, unless doing Join() (--bootstrap), we do not connect to any peers on startup.
We however loaded up the peerstore file and Raft will automatically connect
older peers to figure out who is the leader etc. DHT bootstrap, after Raft
was working, did the rest.
For CRDTs we need to connect to people on a normal boot as otherwise, unless
bootstrapping, this does not happen, even if the peerstore contains known peers.
This introduces a number of changes:
* Move peerstore file management back inside the Cluster component, which was
already in charge of saving the peerstore file.
* We keep saving all "known addresses" but we load them with a non permanent
TTL, so that there will be clean up of peers we're not connected to for long.
* "Bootstrap" (connect) to a small number of peers during Cluster component creation.
* Bootstrap the DHT asap after this, so that other cluster components can
initialize with a working peer discovery mechanism.
* CRDT Trust() method will now:
* Protect the trusted Peer ID in the conn manager
* Give top priority in the PeerManager to that Peer (see below)
* Mark addresses as permanent in the Peerstore
The PeerManager now attaches priorities to peers when importing them and is
able to order them according to that priority. The result is that peers with
high priority are saved first in the peerstore file. When we load the peerstore
file, the first entries in it are given the highest priority.
This means that during startup we will connect to "trusted peers" first
(because they have been tagged with priority in the previous run and saved at
the top of the list). Once connected to a small number of peers, we let the
DHT bootstrap process in the background do the rest and discover the network.
All this makes the peerstore file a "bootstrap" list for CRDTs and we will attempt
to connect to peers on that list until some of those connections succeed.
2019-05-23 16:41:33 +00:00
|
|
|
h.Peerstore().AddAddrs(pinfo.ID, resolvedAddrs, peerstore.PermanentAddrTTL)
|
2018-03-16 12:23:38 +00:00
|
|
|
c.transport.RegisterProtocol("libp2p", p2phttp.NewTransport(h))
|
|
|
|
|
c.net = "libp2p"
|
|
|
|
|
c.p2p = h
|
2020-04-14 17:58:00 +00:00
|
|
|
c.hostname = peer.Encode(pinfo.ID)
|
2018-03-16 12:23:38 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-30 23:14:06 +00:00
|
|
|
func (c *defaultClient) enableTLS() error {
|
2018-03-16 12:23:38 +00:00
|
|
|
c.defaultTransport()
|
|
|
|
|
// based on https://github.com/denji/golang-tls
|
|
|
|
|
c.transport.TLSClientConfig = &tls.Config{
|
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
|
|
|
|
|
PreferServerCipherSuites: true,
|
|
|
|
|
CipherSuites: []uint16{
|
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
|
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
|
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
|
},
|
|
|
|
|
InsecureSkipVerify: c.config.NoVerifyCert,
|
|
|
|
|
}
|
|
|
|
|
c.net = "https"
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2019-11-30 02:36:58 +00:00
|
|
|
|
|
|
|
|
func (c *defaultClient) enableUnix() error {
|
|
|
|
|
c.defaultTransport()
|
|
|
|
|
unixTransport := &httpunix.Transport{
|
|
|
|
|
DialTimeout: time.Second,
|
|
|
|
|
}
|
|
|
|
|
_, addr, err := manet.DialArgs(c.config.APIAddr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
unixTransport.RegisterLocation("restapi", addr)
|
|
|
|
|
c.transport.RegisterProtocol(httpunix.Scheme, unixTransport)
|
|
|
|
|
c.net = httpunix.Scheme
|
|
|
|
|
c.hostname = "restapi"
|
|
|
|
|
return nil
|
|
|
|
|
}
|
