Skip to content

Commit

Permalink
feat: enable auth server in pproxy server
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ma233
Ma233 committed Aug 16, 2024
1 parent cd247de commit c710a80
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 8 deletions.
2 changes: 2 additions & 0 deletions src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ pub enum Error {
Libp2pSwarmCreateError(String),
#[error("Libp2p transport error: {0}")]
Libp2pTransportError(#[from] libp2p::core::transport::TransportError<std::io::Error>),
#[error("Reqwest error: {0}")]
ReqwestError(#[from] reqwest::Error),
#[error("Protocol not support: {0}")]
ProtocolNotSupport(String),
#[error("Unexpected response type")]
Expand Down
15 changes: 14 additions & 1 deletion src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ use libp2p::PeerId;
use libp2p::Swarm;
use tokio::sync::mpsc;

use crate::auth::AuthClient;
use crate::command::proto::AddPeerRequest;
use crate::command::proto::AddPeerResponse;
use crate::command::proto::ConnectRelayRequest;
Expand All @@ -29,7 +30,7 @@ use crate::tunnel::Tunnel;
use crate::tunnel::TunnelServer;
use crate::types::*;

pub mod auth;
mod auth;
pub mod command;
pub mod error;
mod p2p;
Expand Down Expand Up @@ -91,6 +92,7 @@ pub struct PProxy {
outbound_ready_notifiers: HashMap<request_response::OutboundRequestId, CommandNotifier>,
inbound_tunnels: HashMap<(PeerId, TunnelId), Tunnel>,
tunnel_txs: HashMap<(PeerId, TunnelId), mpsc::Sender<Vec<u8>>>,
auth_client: Option<AuthClient>,
}

pub struct PProxyHandle {
Expand All @@ -104,10 +106,13 @@ impl PProxy {
keypair: Keypair,
listen_addr: SocketAddr,
proxy_addr: Option<SocketAddr>,
auth_server_endpoint: Option<reqwest::Url>,
) -> Result<(Self, PProxyHandle)> {
let (command_tx, command_rx) = mpsc::channel(DEFAULT_CHANNEL_SIZE);
let swarm = crate::p2p::new_swarm(keypair, listen_addr)
.map_err(|e| Error::Libp2pSwarmCreateError(e.to_string()))?;
let auth_client =
auth_server_endpoint.map(|endpoint| AuthClient::new(*swarm.local_peer_id(), endpoint));

Ok((
Self {
Expand All @@ -118,6 +123,7 @@ impl PProxy {
outbound_ready_notifiers: HashMap::new(),
inbound_tunnels: HashMap::new(),
tunnel_txs: HashMap::new(),
auth_client,
},
PProxyHandle {
command_tx,
Expand Down Expand Up @@ -181,6 +187,13 @@ impl PProxy {
request_response::Message::Request {
request, channel, ..
} => {
if let Some(auth_client) = &mut self.auth_client {
if !auth_client.is_valid(&peer.to_string()).await? {
// TODO: Manage tunnel lifecycle
return Err(Error::Tunnel(error::TunnelError::ConnectionClosed));
}
}

match request.command() {
proto::TunnelCommand::Connect => {
tracing::info!("received connect command from peer: {:?}", peer);
Expand Down
26 changes: 19 additions & 7 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ use dephy_pproxy::command::PProxyCommander;
use dephy_pproxy::PProxy;
use libp2p::identity;
use libp2p::Multiaddr;
use reqwest::Url;
use tonic::transport::Server;

fn parse_args() -> Command {
Expand All @@ -34,22 +35,29 @@ fn parse_args() -> Command {
.num_args(1)
.default_value("127.0.0.1:10010")
.action(ArgAction::Set)
.help("Server address"),
.help("Server address. Will serve a pproxy server on this address"),
)
.arg(
Arg::new("COMMANDER_SERVER_ADDR")
.long("commander-server-addr")
.num_args(1)
.default_value("127.0.0.1:10086")
.action(ArgAction::Set)
.help("Commander server address"),
.help("Commander server address. Will serve a commander server on this address"),
)
.arg(
Arg::new("PROXY_ADDR")
.long("proxy-addr")
.num_args(1)
.action(ArgAction::Set)
.help("Will reverse proxy this address if set"),
.help("Will reverse proxy this address via tunnel protocol if set"),
)
.arg(
Arg::new("AUTH_SERVER_ENDPOINT")
.long("auth-server-endpoint")
.num_args(1)
.action(ArgAction::Set)
.help("Authentication server endpoint is used to verify if one peer can access another. If not set, all access is allowed."),
);

let create_tunnel_server = Command::new("create_tunnel_server")
Expand All @@ -60,7 +68,7 @@ fn parse_args() -> Command {
.num_args(1)
.default_value("127.0.0.1:10086")
.action(ArgAction::Set)
.help("Commander server address"),
.help("Commander server address. Use it to control the existed pproxy server."),
)
.arg(
Arg::new("TUNNEL_SERVER_ADDR")
Expand All @@ -75,7 +83,7 @@ fn parse_args() -> Command {
.num_args(1)
.action(ArgAction::Set)
.required(true)
.help("The multiaddr of the remote peer"),
.help("The multiaddr of remote peer"),
);

let connect_relay = Command::new("connect_relay")
Expand All @@ -86,15 +94,15 @@ fn parse_args() -> Command {
.num_args(1)
.default_value("127.0.0.1:10086")
.action(ArgAction::Set)
.help("Commander server address"),
.help("Commander server address. Use it to control the existed pproxy server."),
)
.arg(
Arg::new("RELAY_MULTIADDR")
.long("relay-multiaddr")
.num_args(1)
.action(ArgAction::Set)
.required(true)
.help("Relay server multiaddr"),
.help("The multiaddr of relay server"),
);

app = app
Expand Down Expand Up @@ -131,6 +139,9 @@ async fn serve(args: &ArgMatches) {
let proxy_addr = args
.get_one::<String>("PROXY_ADDR")
.map(|addr| addr.parse().expect("Invalid proxy address"));
let auth_server_endpoint = args
.get_one::<String>("AUTH_SERVER_ENDPOINT")
.map(|endpoint| Url::parse(endpoint).expect("Invalid authentication server endpoint"));

println!("server_addr: {}", server_addr);
println!("commander_server_addr: {}", commander_server_addr);
Expand All @@ -139,6 +150,7 @@ async fn serve(args: &ArgMatches) {
identity::ed25519::Keypair::from(key).into(),
server_addr,
proxy_addr,
auth_server_endpoint,
)
.expect("Create pproxy failed");

Expand Down

0 comments on commit c710a80

Please sign in to comment.