trust

package
v1.97.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 8, 2024 License: AGPL-3.0 Imports: 27 Imported by: 0

Documentation

Overview

Package trust handles rules for accepting and denying connections from satellites.

Index

Constants

This section is empty.

Variables

View Source
var (
	Error        = errs.Class("trust")
	ErrUntrusted = Error.New("satellite is untrusted")
)

Error is the default error class.

View Source
var (
	// ErrExclusion is an error class for exclusion related errors.
	ErrExclusion = errs.Class("exclusion")
)
View Source
var (
	// ErrFileSource is an error class for file source errors.
	ErrFileSource = errs.Class("file source")
)
View Source
var (
	// ErrHTTPSource is an error class for HTTP source errors.
	ErrHTTPSource = errs.Class("HTTP source")
)
View Source
var (
	// ErrSatelliteURL is an error class for satellite URL related errors.
	ErrSatelliteURL = errs.Class("invalid satellite URL")
)
View Source
var (
	// ErrStaticSource is an error class for static source errors.
	ErrStaticSource = errs.Class("static source")
)

Functions

func SaveCacheData added in v0.28.0

func SaveCacheData(path string, data *CacheData) error

SaveCacheData persists the cache data to the given path.

func URLMatchesHTTPSourceHost added in v0.27.0

func URLMatchesHTTPSourceHost(urlHost, sourceHost string) bool

URLMatchesHTTPSourceHost takes the Satellite URL host and the host of the HTTPSource URL and determines if the SatelliteURL matches or is in the same domain as the HTTPSource URL.

Types

type Cache added in v0.28.0

type Cache struct {
	// contains filtered or unexported fields
}

Cache caches source information about trusted satellites.

func LoadCache added in v0.28.0

func LoadCache(path string) (*Cache, error)

LoadCache loads a cache from a file on disk. If the file is not present, the cache is still loaded. If the file cannot be read for any other reason, the function will return an error. LoadCache ensures the containing directory exists.

func (*Cache) DeleteSatelliteEntry added in v1.88.2

func (cache *Cache) DeleteSatelliteEntry(satelliteID storj.NodeID) (deleted bool)

DeleteSatelliteEntry searches the cache for the provided satellite ID and removes it if found.

func (*Cache) Lookup added in v0.28.0

func (cache *Cache) Lookup(key string) (entries []Entry, ok bool)

Lookup takes a cache key and returns entries associated with that key. If the key is unset in the cache, false is returned for ok. Otherwise the entries are returned with ok returned as true.

func (*Cache) Path added in v0.28.0

func (cache *Cache) Path() string

Path returns the path on disk to the file containing the cache.

func (*Cache) Save added in v0.28.0

func (cache *Cache) Save(ctx context.Context) (err error)

Save persists the cache to disk.

func (*Cache) Set added in v0.28.0

func (cache *Cache) Set(key string, entries []Entry)

Set sets the entries in the cache for the provided key.

type CacheData added in v0.28.0

type CacheData struct {
	Entries map[string][]Entry `json:"entries"`
}

CacheData represents the data stored in the cache.

func LoadCacheData added in v0.28.0

func LoadCacheData(path string) (*CacheData, error)

LoadCacheData loads the cache data from the given path.

func NewCacheData added in v0.28.0

func NewCacheData() *CacheData

NewCacheData returns an new CacheData.

type Config added in v0.28.0

type Config struct {
	Sources         Sources       `help:"list of trust sources" devDefault:"" releaseDefault:"https://www.storj.io/dcs-satellites"`
	Exclusions      Exclusions    `help:"list of trust exclusions" devDefault:"" releaseDefault:""`
	RefreshInterval time.Duration `help:"how often the trust pool should be refreshed" default:"6h"`
	CachePath       string        `help:"file path where trust lists should be cached" default:"${CONFDIR}/trust-cache.json"`
}

Config is the trust configuration.

type Entry added in v0.27.0

type Entry struct {
	// SatelliteURL is the URL of the satellite
	SatelliteURL SatelliteURL

	// Authoritative indicates whether this entry came from an authoritative
	// source. This impacts how URLS are aggregated.
	Authoritative bool `json:"authoritative"`
}

Entry represents a trust entry.

type Exclusions added in v0.28.0

type Exclusions struct {
	Rules Rules
}

Exclusions is a list of excluding rules that implements pflag.Value.

func (*Exclusions) Set added in v0.28.0

func (exclusions *Exclusions) Set(value string) error

Set implements pflag.Value by parsing a comma separated list of exclusions.

func (*Exclusions) String added in v0.28.0

func (exclusions *Exclusions) String() string

String returns the string representation of the config.

func (Exclusions) Type added in v0.28.0

func (exclusions Exclusions) Type() string

Type returns the type of the pflag.Value.

type FileSource added in v0.27.0

type FileSource struct {
	// contains filtered or unexported fields
}

FileSource represents a trust source contained in a file on disk.

func NewFileSource added in v0.27.0

func NewFileSource(path string) *FileSource

NewFileSource creates a new FileSource that loads a trust list from the given path.

func (*FileSource) FetchEntries added in v0.27.0

func (source *FileSource) FetchEntries(ctx context.Context) (_ []Entry, err error)

FetchEntries implements the Source interface and returns entries from a the file source on disk. The entries returned are authoritative.

func (*FileSource) Static added in v0.27.0

func (source *FileSource) Static() bool

Static implements the Source interface. It returns true.

func (*FileSource) String added in v0.27.0

func (source *FileSource) String() string

String implements the Source interface and returns the FileSource URL.

type HTTPSource added in v0.27.0

type HTTPSource struct {
	// contains filtered or unexported fields
}

HTTPSource represents a trust source at a http:// or https:// URL.

func NewHTTPSource added in v0.27.0

func NewHTTPSource(httpURL string) (*HTTPSource, error)

NewHTTPSource constructs a new HTTPSource from a URL. The URL must be an http:// or https:// URL. The fragment cannot be set.

func (*HTTPSource) FetchEntries added in v0.27.0

func (source *HTTPSource) FetchEntries(ctx context.Context) (_ []Entry, err error)

FetchEntries implements the Source interface and returns entries parsed from the list retrieved over HTTP(S). The entries returned are only authoritative if the entry URL has a host that matches or is a subdomain of the source URL.

func (*HTTPSource) Static added in v0.27.0

func (source *HTTPSource) Static() bool

Static implements the Source interface. It returns false for this source.

func (*HTTPSource) String added in v0.27.0

func (source *HTTPSource) String() string

String implements the Source interface and returns the URL.

type HostExcluder added in v0.28.0

type HostExcluder struct {
	// contains filtered or unexported fields
}

HostExcluder excludes URLs that match a given host. If the host is a domain name then URLs in a subdomain of that domain are excluded as well.

func NewHostExcluder added in v0.28.0

func NewHostExcluder(host string) *HostExcluder

NewHostExcluder returns a new HostExcluder.

func (*HostExcluder) IsTrusted added in v0.28.0

func (excluder *HostExcluder) IsTrusted(url SatelliteURL) bool

IsTrusted returns true if the given Satellite is trusted and false otherwise.

func (*HostExcluder) String added in v0.28.0

func (excluder *HostExcluder) String() string

String returns a string representation of the excluder.

type IDExcluder added in v0.28.0

type IDExcluder struct {
	// contains filtered or unexported fields
}

IDExcluder excludes URLs matching a given URL.

func NewIDExcluder added in v0.28.0

func NewIDExcluder(id storj.NodeID) *IDExcluder

NewIDExcluder returns a new IDExcluder.

func (*IDExcluder) IsTrusted added in v0.28.0

func (excluder *IDExcluder) IsTrusted(url SatelliteURL) bool

IsTrusted returns true if the given Satellite is trusted and false otherwise.

func (*IDExcluder) String added in v0.28.0

func (excluder *IDExcluder) String() string

String returns a string representation of the excluder.

type IdentityResolver added in v0.28.0

type IdentityResolver interface {
	// ResolveIdentity returns the peer identity of the peer located at the Node URL
	ResolveIdentity(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error)
}

IdentityResolver resolves peer identities from a node URL.

func Dialer added in v0.28.0

func Dialer(dialer rpc.Dialer) IdentityResolver

Dialer implements an IdentityResolver using an RPC dialer.

type IdentityResolverFunc added in v0.28.0

type IdentityResolverFunc func(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error)

IdentityResolverFunc is a convenience type for implementing IdentityResolver using a function literal.

func (IdentityResolverFunc) ResolveIdentity added in v0.28.0

func (fn IdentityResolverFunc) ResolveIdentity(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error)

ResolveIdentity returns the peer identity of the peer located at the Node URL.

type List added in v0.28.0

type List struct {
	// contains filtered or unexported fields
}

List represents a dynamic trust list.

func NewList added in v0.28.0

func NewList(log *zap.Logger, sources []Source, rules Rules, cache *Cache) (*List, error)

NewList takes one or more sources, optional rules, and a cache and returns a new List.

func (*List) FetchURLs added in v0.28.0

func (list *List) FetchURLs(ctx context.Context) ([]storj.NodeURL, error)

FetchURLs returns a list of Node URLS for trusted Satellites. It queries all of the configured sources for trust entries. Entries from non-fixed sources are cached. If entries cannot be retrieved from a source, a cached copy is used, if available. Otherwise, if there are no cached entries available, the call will fail. The URLS are filtered before being returned.

type Pool

type Pool struct {
	// contains filtered or unexported fields
}

Pool implements different peer verifications.

architecture: Service

func NewPool

func NewPool(log *zap.Logger, resolver IdentityResolver, config Config, satellitesDB satellites.DB) (*Pool, error)

NewPool creates a new trust pool of the specified list of trusted satellites.

func (*Pool) DeleteSatellite added in v1.90.1

func (pool *Pool) DeleteSatellite(ctx context.Context, id storj.NodeID) error

DeleteSatellite deletes a satellite from the pool and marks it as untrusted in the database.

func (*Pool) GetNodeURL added in v1.6.1

func (pool *Pool) GetNodeURL(ctx context.Context, id storj.NodeID) (_ storj.NodeURL, err error)

GetNodeURL returns the node url of a satellite in the trusted list.

func (*Pool) GetSatellites added in v0.14.0

func (pool *Pool) GetSatellites(ctx context.Context) (satellites []storj.NodeID)

GetSatellites returns a slice containing all trusted satellites.

func (*Pool) GetSignee

func (pool *Pool) GetSignee(ctx context.Context, id storj.NodeID) (_ signing.Signee, err error)

GetSignee gets the corresponding signee for verifying signatures. It ignores passed in ctx cancellation to avoid miscaching between concurrent requests.

func (*Pool) IsTrusted added in v1.90.1

func (pool *Pool) IsTrusted(ctx context.Context, id storj.NodeID) bool

IsTrusted returns true if the satellite is trusted.

func (*Pool) Refresh added in v0.28.0

func (pool *Pool) Refresh(ctx context.Context) error

Refresh refreshes the set of trusted satellites in the pool. Concurrent callers will be synchronized so only one proceeds at a time.

func (*Pool) Run added in v0.28.0

func (pool *Pool) Run(ctx context.Context) error

Run periodically refreshes the pool. The initial refresh is intended to happen before run is call. Therefore Run does not refresh right away.

func (*Pool) VerifySatelliteID

func (pool *Pool) VerifySatelliteID(ctx context.Context, id storj.NodeID) (err error)

VerifySatelliteID checks whether id corresponds to a trusted satellite.

type Rule added in v0.28.0

type Rule interface {
	// IsTrusted returns true if the given Satellite is trusted and false otherwise
	IsTrusted(url SatelliteURL) bool

	// String returns a string representation of the rule
	String() string
}

Rule indicates whether or not a Satellite URL is trusted.

func NewExcluder added in v0.28.0

func NewExcluder(config string) (Rule, error)

NewExcluder takes a configuration string and returns an excluding Rule. Accepted forms are 1) a Satellite ID followed by '@', 2) a hostname or IP address, 3) a full Satellite URL.

type Rules added in v0.28.0

type Rules []Rule

Rules is a collection of rules.

func (Rules) IsTrusted added in v0.28.0

func (rules Rules) IsTrusted(url SatelliteURL) bool

IsTrusted returns true if the given Satellite is trusted and false otherwise.

type SatelliteURL added in v0.27.0

type SatelliteURL struct {
	ID   storj.NodeID `json:"id"`
	Host string       `json:"host"`
	Port int          `json:"port"`
}

SatelliteURL represents a Satellite URL.

func LoadSatelliteURLList added in v0.27.0

func LoadSatelliteURLList(ctx context.Context, path string) (_ []SatelliteURL, err error)

LoadSatelliteURLList loads a list of Satellite URLs from a path on disk.

func ParseSatelliteURL added in v0.27.0

func ParseSatelliteURL(s string) (SatelliteURL, error)

ParseSatelliteURL parses a Satellite URL. For the purposes of the trust list, the Satellite URL MUST contain both an ID and port designation.

func ParseSatelliteURLList added in v0.27.0

func ParseSatelliteURLList(ctx context.Context, r io.Reader) (urls []SatelliteURL, err error)

ParseSatelliteURLList parses a newline separated list of Satellite URLs. Empty lines or lines starting with '#' (comments) are ignored.

func (*SatelliteURL) Address added in v0.27.0

func (u *SatelliteURL) Address() string

Address returns the address (i.e. host:port) of the Satellite.

func (*SatelliteURL) NodeURL added in v0.27.0

func (u *SatelliteURL) NodeURL() storj.NodeURL

NodeURL returns a full Node URL to the Satellite.

func (*SatelliteURL) String added in v0.27.0

func (u *SatelliteURL) String() string

String returns a string representation of the Satellite URL.

type Source added in v0.27.0

type Source interface {
	// String is the string representation of the source. It is used as a key
	// into the cache.
	String() string

	// Static returns true if the source is static. Static sources are not cached.
	Static() bool

	// FetchEntries returns the list of trust entries from the source.
	FetchEntries(context.Context) ([]Entry, error)
}

Source is a trust source for trusted Satellites.

func NewSource added in v0.27.0

func NewSource(config string) (Source, error)

NewSource takes a configuration string returns a Source for that string.

type Sources added in v0.28.0

type Sources []Source

Sources is a list of sources that implements pflag.Value.

func (*Sources) Set added in v0.28.0

func (sources *Sources) Set(value string) error

Set implements pflag.Value by parsing a comma separated list of sources.

func (Sources) String added in v0.28.0

func (sources Sources) String() string

String returns the string representation of the config.

func (Sources) Type added in v0.28.0

func (sources Sources) Type() string

Type returns the type of the pflag.Value.

type StaticURLSource added in v0.28.0

type StaticURLSource struct {
	URL SatelliteURL
}

StaticURLSource is a trust source that returns an explicitly trusted URL.

func NewStaticURLSource added in v0.28.0

func NewStaticURLSource(satelliteURL string) (*StaticURLSource, error)

NewStaticURLSource takes an explicitly trusted URL and returns a new StaticURLSource.

func (*StaticURLSource) FetchEntries added in v0.28.0

func (source *StaticURLSource) FetchEntries(ctx context.Context) ([]Entry, error)

FetchEntries returns a trust entry for the explicitly trusted Satellite URL. The entry is authoritative.

func (*StaticURLSource) Static added in v0.28.0

func (source *StaticURLSource) Static() bool

Static implements the Source interface. It returns true.

func (*StaticURLSource) String added in v0.28.0

func (source *StaticURLSource) String() string

String implements the Source interface and returns the static trusted URL.

type URLExcluder added in v0.28.0

type URLExcluder struct {
	// contains filtered or unexported fields
}

URLExcluder excludes matching URLs.

func NewURLExcluder added in v0.28.0

func NewURLExcluder(url SatelliteURL) *URLExcluder

NewURLExcluder returns a new URLExcluder.

func (*URLExcluder) IsTrusted added in v0.28.0

func (excluder *URLExcluder) IsTrusted(url SatelliteURL) bool

IsTrusted returns true if the given Satellite is trusted and false otherwise.

func (*URLExcluder) String added in v0.28.0

func (excluder *URLExcluder) String() string

String returns a string representation of the excluder.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL