anyproto/any-sync
1
0
Fork 0
mirror of https://github.com/anyproto/any-sync.git synced 2025-06-08 05:57:03 +09:00
Code Activity

secure service: config for identity check

Browse source
This commit is contained in:
Sergey Cherepanov 2024-12-10 17:23:51 +01:00
parent 7f969a891f
commit c6f5b3491c
No known key found for this signature in database
GPG key ID: 87F8EDE8FBDF637C
2 changed files with 38 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

30
net/secureservice/config.go Normal file
View file

@ -0,0 +1,30 @@
package secureservice
import "context"
type ctxKey int
const (
allowAccountCheck ctxKey = iota
)
type configGetter interface {
GetSecureService() Config
}
type Config struct {
RequireClientAuth bool `yaml:"requireClientAuth"`
}
// CtxAllowAccountCheck upgrades the context to allow identity check on handshake
func CtxAllowAccountCheck(ctx context.Context) context.Context {
return context.WithValue(ctx, allowAccountCheck, true)
}
// CtxIsAccountCheckAllowed checks if the "allowAccountCheck" flag is set to true in the provided context.
func CtxIsAccountCheckAllowed(ctx context.Context) bool {
if v, ok := ctx.Value(allowAccountCheck).(bool); ok {
return v
}
return false
}

10
net/secureservice/secureservice.go
View file

@ -72,6 +72,12 @@ func (s *secureService) Init(a *app.App) (err error) {
s.compatibleVersions = compatibleVersions s.compatibleVersions = compatibleVersions
} }
account := a.MustComponent(commonaccount.CName).(commonaccount.Service) account := a.MustComponent(commonaccount.CName).(commonaccount.Service)
var conf Config
if cg, ok := a.Component("config").(configGetter); ok {
conf = cg.GetSecureService()
}
peerKey, err := account.Account().PeerKey.Raw() peerKey, err := account.Account().PeerKey.Raw()
if err != nil { if err != nil {
return return
@ -86,7 +92,7 @@ func (s *secureService) Init(a *app.App) (err error) {
s.inboundChecker = s.noVerifyChecker s.inboundChecker = s.noVerifyChecker
confTypes := s.nodeconf.NodeTypes(account.Account().PeerId) confTypes := s.nodeconf.NodeTypes(account.Account().PeerId)
if len(confTypes) > 0 { if conf.RequireClientAuth || len(confTypes) > 0 {
// require identity verification if we are node // require identity verification if we are node
s.inboundChecker = s.peerSignVerifier s.inboundChecker = s.peerSignVerifier
} }
@ -137,7 +143,7 @@ func (s *secureService) SecureOutbound(ctx context.Context, conn net.Conn) (cctx
func (s *secureService) HandshakeOutbound(ctx context.Context, conn io.ReadWriteCloser, peerId string) (cctx context.Context, err error) { func (s *secureService) HandshakeOutbound(ctx context.Context, conn io.ReadWriteCloser, peerId string) (cctx context.Context, err error) {
confTypes := s.nodeconf.NodeTypes(peerId) confTypes := s.nodeconf.NodeTypes(peerId)
var checker handshake.CredentialChecker var checker handshake.CredentialChecker
if len(confTypes) > 0 { if CtxIsAccountCheckAllowed(ctx) || len(confTypes) > 0 {
checker = s.peerSignVerifier checker = s.peerSignVerifier
} else { } else {
checker = s.noVerifyChecker checker = s.noVerifyChecker