Added support for loading keypair as file used in authentication in direct mode#118
Added support for loading keypair as file used in authentication in direct mode#118andreasbros wants to merge 2 commits intomxinden:masterfrom
Conversation
//CC @thomaseizinger since you might be excited to see your work being used. |
mxinden
left a comment
mxinden
left a comment
There was a problem hiding this comment.
Great to see libp2p-lookup used more widely and contributions flowing back. Thank you!
Overall I am in favor of this patch. I just have a couple of suggestions.
| let local_key = if let Some(path) = keypair_path { | ||
| let keys_serialized_58 = std::fs::read_to_string(path).expect("Invalid keypair file path").trim().to_string(); | ||
| Keypair::from_protobuf_encoding(&keys_serialized_58.from_base58().expect("Keypair file is not base58 encoded")) | ||
| .expect("Invalid keypair file") | ||
| } else { | ||
| Keypair::generate_ed25519() | ||
| }; |
There was a problem hiding this comment.
Do you have a preference on the file format? Asked differently, why did you choose base58?
If you don't have a strong preference, what do you think of following IPFS' format, which is followed by many other projects.
You can simply copy the code from here:
https://github.com/libp2p/rust-libp2p/blob/master/misc/keygen/src/config.rs
| /// Keypair used for authentication. | ||
| #[structopt(long)] | ||
| keypair_path: Option<PathBuf>, |
There was a problem hiding this comment.
Why only make this available to direct calls? Wouldn't the dht subcommand also benefit from this?
Asking ChatGPT, a simple approach would be a struct SharedOptions { keypair_path: Option<PathBuf> } that is then added to each subcommand via #[structopt(flatten)].
What do you think?
|
|
||
| # IntelliJ IDEA | ||
| .idea | ||
| *.iml |
There was a problem hiding this comment.
Please put this in your global .gitignore in your home directory.
| #### Lookup peer by [address][multiaddr] and keypair file | ||
|
|
||
| If your network nodes only allow certain PeerId's to connect, then you can provide your own keypair file (base58 encoded) to authenticate with the node. | ||
|
|
||
| ``` | ||
| $ libp2p-lookup direct --address /dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa --keypair-path ./path/to/keypair.base58 | ||
|
|
||
| Lookup for peer with id PeerId("QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa") succeeded. | ||
|
|
||
| Protocol version: "ipfs/0.1.0" | ||
| Agent version: "go-ipfs/0.8.0/48f94e2" | ||
| Observed address: "/ip4/2.200.106.157/tcp/56136" | ||
| Listen addresses: | ||
| - "/ip4/147.75.77.187/tcp/4001" | ||
| - "/ip6/2604:1380:0:c100::1/tcp/4001" | ||
| - "/ip4/147.75.77.187/udp/4001/quic" | ||
| - "/ip6/2604:1380:0:c100::1/udp/4001/quic" | ||
| Protocols: | ||
| - "/p2p/id/delta/1.0.0" | ||
| - "/ipfs/id/1.0.0" | ||
| - "/ipfs/id/push/1.0.0" | ||
| - "/ipfs/ping/1.0.0" | ||
| - "/libp2p/circuit/relay/0.1.0" | ||
| - "/ipfs/kad/1.0.0" | ||
| - "/ipfs/lan/kad/1.0.0" | ||
| - "/libp2p/autonat/1.0.0" | ||
| - "/ipfs/bitswap/1.2.0" | ||
| - "/ipfs/bitswap/1.1.0" | ||
| - "/ipfs/bitswap/1.0.0" | ||
| - "/ipfs/bitswap" | ||
| - "/x/" | ||
| ``` | ||
|
|
There was a problem hiding this comment.
I don't think this needs an entire new section. Instead I suggest adding a note to #### Lookup peer by [address][multiaddr] only.
Thanks @mxinden your suggestions make sense, will get them ready. |
2 participants
There is a need to have ability to load existing keypair file used for authentication with P2P nodes which only allow known PeerIds to connect (https://docs.rs/libp2p/latest/libp2p/allow_block_list/index.html#structs).
Proposed change adds additional parameter in "direct" mode to load keypair from given file path.
This only applies to direct mode connecting to a given node which requires authentication with "whitelisted" PeerId.
Currently it only supports base58 encoded files.
Example:
libp2p-lookup direct --address /dns/node-1/tcp/55123 --keypair-path ~/path/to/key.base58