support i2p host forwarding

Author: sevenbitbyte

package.json

@@ -61,6 +61,7 @@
     "@dataparty/bouncer-db": "1.0.1",
     "@dataparty/crypto": "datapartyjs/dataparty-crypto#parcel-build",
     "@dataparty/tasker": "^0.0.2",
+    "@diva.exchange/i2p-sam": "^4.1.8",
     "@hapi/joi": "^17.1.1",
     "@zeit/ncc": "^0.22.3",
     "ajv": "6.9.1",

src/service/endpoint-context.js

@@ -44,7 +44,7 @@ class EndpointContext {
 
   setSession(session){
     this.session = session
-    this.debug('session.id' + session.id)
+    this.debug('session' + session)
   }
 
   setOauthCloud(oauth_cloud){

src/service/endpoints/service-identity.js

@@ -26,7 +26,10 @@ module.exports = class ServiceIdentity extends IEndpoint {
         validate: Joi.object().keys({
           id: Joi.string(),
           key: {
-            type: Joi.string().valid('ecdsa'),
+            type: Joi.alternatives().try(
+              Joi.string().valid('ecdsa'),
+              Joi.string().valid('nacl')
+            ),
             public: Joi.object().keys({
               box: Joi.string(),
               sign: Joi.string()

src/service/middleware/pre/decrypt.js

@@ -51,7 +51,7 @@ module.exports = class Decrypt extends IMiddleware {
 
 
     context.setSenderKey({
-      type: 'ecdsa',
+      type: 'nacl',
       public: publicKeys
     })
 

src/service/service-host-websocket.js

@@ -4,16 +4,16 @@ const debug = require('debug')('dataparty.service.host-websocket')
 const ws = require('ws')
 const WebSocketServer = ws.WebSocketServer
 
-const WATCHDOG_INTERVAL = 30000
+const WATCHDOG_INTERVAL = 5*60*1000
 
 const Comms = require('../comms')
 const PeerParty = require('../party/peer/peer-party')
 
 class ServiceHostWebsocket{
 
-  constructor({trust_proxy, port, path, runner, wsSettings}){
+  constructor({trust_proxy, port, upgradePath, runner, wsSettings}){
     this.port = port
-    this.path = path || '/ws'
+    this.upgradePath = upgradePath
     this.runner = runner
     this.trust_proxy = trust_proxy
     this.wsSettings = wsSettings || {}
@@ -49,7 +49,7 @@ class ServiceHostWebsocket{
 
     debug('handleUpgrade', request.headers.host, request.url)
 
-    if(request.url == this.path){
+    if(request.url == this.upgradePath){
       this.doUpgrade(request, socket, head)
     } else {
       socket.destroy()
@@ -96,6 +96,7 @@ class ServiceHostWebsocket{
 
     conn.on('close',()=>{
       debug('connection closed', conn.ip)
+      conn.isAlive = false
     })
 
     debug('creating peer party')

src/service/service-host.js

@@ -1,6 +1,5 @@
 const CORS = require('cors')
 const {URL} = require('url')
-const net = require('net')
 const http = require('http')
 const https = require('https')
 const morgan = require('morgan')
@@ -24,8 +23,13 @@ class ServiceHost {
     cors = {},
     trust_proxy = false,
     listenUri = 'http://0.0.0.0:4001',
+    i2pEnabled = false,
+    i2pSamHost = '127.0.0.1',
+    i2pSamPort = 4444,
+    i2pKey = null,
     wsEnabled = true,
     wsPort = null,
+    wsUpgradePath = '/ws',
     runner
   }={}){
     this.apiApp = express()
@@ -55,12 +59,30 @@ class ServiceHost {
       this.wsServer = new ServiceHostWebsocket({
         trust_proxy,
         port: wsPort,
+        upgradePath: wsUpgradePath,
         runner: this.runner
       })
     }
 
-    this.started = false
+    if(i2pEnabled){
+      this.i2pEnabled = true
+
+      this.i2p = null
+      this.i2pSettings = {
+        sam: {
+          host: i2pSamHost,
+          portTCP: i2pSamPort,
+          publicKey: reach(i2pKey, 'publicKey'),
+          privateKey: reach(i2pKey, 'privateKey')
+        },
+        forward: {
+          host: this.apiServerUri.host,
+          port: this.apiServerUri.port
+        }
+      }
+    }
 
+    this.started = false
   }
 
   async start(){
@@ -118,6 +140,18 @@ class ServiceHost {
       debug('starting websocket')
       this.wsServer.start(this.apiServer)
     }
+
+    if(this.i2pEnabled){
+      debug('starting i2p forward')
+      const SAM = require('@diva.exchange/i2p-sam')
+
+      this.i2p = await i2p.createForward(this.i2pSettings)
+      this.i2pUri = this.i2p.getPublicKeys()
+      this.i2pSettings.privateKey = null  // clear no longer needed
+
+
+      debug('i2p address - ', this.i2pUri)
+    }
   }
 
   async stop(){

src/venue/endpoints/allocate-nacl-session.js

@@ -0,0 +1,61 @@
+const Joi = require('@hapi/joi')
+const Hoek = require('@hapi/hoek')
+const {Message, Routines} = require('@dataparty/crypto')
+const debug = require('debug')('venue.middleware.pre.decrypt')
+
+const IMiddleware = require('../../../service/imiddleware')
+
+module.exports = class DecryptNaCl extends IMiddleware {
+
+  static get Name(){
+    return 'decrypt-nacl'
+  }
+
+  static get Type(){
+    return 'pre'
+  }
+
+  static get Description(){
+    return 'Decrypt inbound data'
+  }
+
+  static get ConfigSchema(){
+    return Joi.boolean()
+  }
+
+  static async start(party){
+    
+  }
+
+  static async run(context, {Config}){
+
+    if (!Config){ return }
+
+    if(!context.input || !context.input.enc){
+      throw new Error('insecure message')
+    }
+
+    context.debug('input', context.input, typeof context.input)
+  
+
+    const msg = new Message(context.input)
+    context.debug('privateIdentity', context.party.privateIdentity.id)
+
+    const publicKeys = Routines.extractPublicKeys(msg.enc)
+
+    context.debug('sender', publicKeys)
+    context.debug(typeof context.party.privateIdentity.key.private.box)
+    context.debug(context.input.enc)
+
+    const jsonContent = await msg.decrypt(context.party.privateIdentity)
+    
+
+    context.setSenderKey({
+      type: 'nacl',
+      public: publicKeys
+    })
+
+    //context.setInputSession(Hoek.reach(jsonContent, 'session'))
+    context.setInput(Hoek.reach(jsonContent, 'data'))
+  }
+}

src/venue/middleware/pre/decrypt-nacl.js

@@ -0,0 +1,65 @@
+const Joi = require('@hapi/joi')
+const Hoek = require('@hapi/hoek')
+const {Message, Routines} = require('@dataparty/crypto')
+const debug = require('debug')('venue.middleware.pre.decrypt')
+
+const IMiddleware = require('../../../service/imiddleware')
+
+module.exports = class DecryptNaCl extends IMiddleware {
+
+  static get Name(){
+    return 'decrypt-nacl'
+  }
+
+  static get Type(){
+    return 'pre'
+  }
+
+  static get Description(){
+    return 'Decrypt inbound data'
+  }
+
+  static get ConfigSchema(){
+    return Joi.boolean()
+  }
+
+  static async start(party){
+    
+  }
+
+  static async run(context, {Config}){
+
+    if (!Config){ return }
+
+    if(!context.input || !context.input.enc){
+      throw new Error('insecure message')
+    }
+
+    context.debug('input', context.input, typeof context.input)
+  
+
+    const msg = new Message(context.input)
+    context.debug('privateIdentity', context.party.privateIdentity.id)
+
+    const publicKeys = Routines.extractPublicKeys(msg.enc)
+
+    context.debug('sender', publicKeys)
+    context.debug(typeof context.party.privateIdentity.key.private.box)
+    context.debug(context.input.enc)
+
+    //! check if sender is a known session
+    //  if known, context.setSenderKey & context.setActor( User )
+    //  verify (sender>user)+(user>sender) trusts
+
+    const jsonContent = await msg.decrypt(context.party.privateIdentity)
+    
+
+    context.setSenderKey({
+      type: 'nacl',
+      public: publicKeys
+    })
+
+    //context.setInputSession(Hoek.reach(jsonContent, 'session'))
+    context.setInput(Hoek.reach(jsonContent, 'data'))
+  }
+}

src/venue/middleware/pre/session-nacl.js

@@ -1,5 +1,5 @@
 
 {
   created: Date,
-  user: User
+  identity
 }