fix: require external confirmation of public addresses (#2867)

Requires autonat to confirm external IP addresses and domain names before the node will announce them.
libp2p · Dec 4, 2024 · d19974d · d19974d
1 parent 6ab85ea
commit d19974d
Show file tree

Hide file tree

Showing 23 changed files with 1,613 additions and 1,130 deletions.
diff --git a/packages/auto-tls/src/domain-mapper.ts b/packages/auto-tls/src/domain-mapper.ts
@@ -58,7 +58,10 @@ export class DomainMapper {
   }
 
   updateMappings (): void {
-    const publicIps = getPublicIps(this.addressManager.getAddresses())
+    const publicIps = getPublicIps(
+      this.addressManager.getAddressesWithMetadata()
+        .map(({ multiaddr }) => multiaddr)
+    )
 
     // did our public IPs change?
     const addedIp4 = []

diff --git a/packages/auto-tls/test/domain-mapper.spec.ts b/packages/auto-tls/test/domain-mapper.spec.ts
@@ -42,13 +42,32 @@ describe('domain-mapper', () => {
     const ip4 = '81.12.12.9'
     const ip6 = '2001:4860:4860::8889'
 
-    components.addressManager.getAddresses.returns([
-      multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
-      multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
-    ])
+    components.addressManager.getAddressesWithMetadata.returns([{
+      multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }, {
+      multiaddr: multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }])
 
     components.events.safeDispatchEvent('certificate:provision', {
       detail: {
@@ -69,13 +88,32 @@ describe('domain-mapper', () => {
     const ip4v1 = '81.12.12.9'
     const ip6v1 = '2001:4860:4860::8889'
 
-    components.addressManager.getAddresses.returns([
-      multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr(`/ip4/${ip4v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
-      multiaddr(`/ip6/${ip6v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
-    ])
+    components.addressManager.getAddressesWithMetadata.returns([{
+      multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/${ip4v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }, {
+      multiaddr: multiaddr(`/ip6/${ip6v1}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }])
 
     components.events.safeDispatchEvent('certificate:provision', {
       detail: {
@@ -94,13 +132,32 @@ describe('domain-mapper', () => {
     const ip4v2 = '81.12.12.10'
     const ip6v2 = '2001:4860:4860::8890'
 
-    components.addressManager.getAddresses.returns([
-      multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr(`/ip4/${ip4v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
-      multiaddr(`/ip6/${ip6v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
-    ])
+    components.addressManager.getAddressesWithMetadata.returns([{
+      multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/${ip4v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }, {
+      multiaddr: multiaddr(`/ip6/${ip6v2}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }])
 
     components.events.safeDispatchEvent('self:peer:update', {
       detail: stubInterface<Peer>()
@@ -121,13 +178,32 @@ describe('domain-mapper', () => {
     const ip4 = '81.12.12.9'
     const ip6 = '2001:4860:4860::8889'
 
-    components.addressManager.getAddresses.returns([
-      multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
-      multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
-      multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`)
-    ])
+    components.addressManager.getAddressesWithMetadata.returns([{
+      multiaddr: multiaddr('/ip4/127.0.0.1/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/ip4/192.168.1.234/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr('/dns4/example.com/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN'),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/${ip4}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }, {
+      multiaddr: multiaddr(`/ip6/${ip6}/tcp/1234/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }])
 
     components.events.safeDispatchEvent('self:peer:update', {
       detail: stubInterface<Peer>()

diff --git a/packages/auto-tls/test/index.spec.ts b/packages/auto-tls/test/index.spec.ts
@@ -16,7 +16,7 @@ import { DEFAULT_CERTIFICATE_DATASTORE_KEY, DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME
 import { importFromPem } from '../src/utils.js'
 import { CERT, CERT_FOR_OTHER_KEY, EXPIRED_CERT, INVALID_CERT, PRIVATE_KEY_PEM } from './fixtures/cert.js'
 import type { ComponentLogger, Libp2pEvents, Peer, PeerId, PrivateKey, RSAPrivateKey, TypedEventTarget } from '@libp2p/interface'
-import type { AddressManager } from '@libp2p/interface-internal'
+import type { AddressManager, NodeAddress } from '@libp2p/interface-internal'
 import type { Keychain } from '@libp2p/keychain'
 import type { StubbedInstance } from 'sinon-ts'
 
@@ -49,12 +49,26 @@ describe('auto-tls', () => {
       datastore: new MemoryDatastore()
     }
 
-    // mixture of LAN and public addresses
-    components.addressManager.getAddresses.returns([
-      multiaddr(`/ip4/127.0.0.1/tcp/1235/p2p/${components.peerId}`),
-      multiaddr(`/ip4/192.168.0.100/tcp/1235/p2p/${components.peerId}`),
-      multiaddr(`/ip4/82.32.57.46/tcp/2345/p2p/${components.peerId}`)
-    ])
+    // a mixture of LAN and public addresses
+    const addresses: NodeAddress[] = [{
+      multiaddr: multiaddr(`/ip4/127.0.0.1/tcp/1235/p2p/${components.peerId}`),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/192.168.0.100/tcp/1235/p2p/${components.peerId}`),
+      verified: true,
+      expires: Infinity,
+      type: 'transport'
+    }, {
+      multiaddr: multiaddr(`/ip4/82.32.57.46/tcp/2345/p2p/${components.peerId}`),
+      verified: true,
+      expires: Infinity,
+      type: 'ip-mapping'
+    }]
+
+    components.addressManager.getAddressesWithMetadata.returns(addresses)
+    components.addressManager.getAddresses.returns(addresses.map(({ multiaddr }) => multiaddr))
   })
 
   afterEach(async () => {

diff --git a/packages/integration-tests/test/addresses.spec.ts b/packages/integration-tests/test/addresses.spec.ts