@libp2p/webrtc 5.0.26-d8f003e6e → 5.0.27-2e35b6055

package/src/private-to-public/listener.ts

@@ -0,0 +1,233 @@
+import { networkInterfaces } from 'node:os'
+import { isIPv4, isIPv6 } from '@chainsafe/is-ip'
+import { TypedEventEmitter } from '@libp2p/interface'
+import { multiaddr, protocols } from '@multiformats/multiaddr'
+import { IP4 } from '@multiformats/multiaddr-matcher'
+import { Crypto } from '@peculiar/webcrypto'
+import getPort from 'get-port'
+import pWaitFor from 'p-wait-for'
+import { connect } from './utils/connect.js'
+import { generateTransportCertificate } from './utils/generate-certificates.js'
+import { createDialerRTCPeerConnection } from './utils/get-rtcpeerconnection.js'
+import { stunListener } from './utils/stun-listener.js'
+import type { DataChannelOptions, TransportCertificate } from '../index.js'
+import type { DirectRTCPeerConnection } from './utils/get-rtcpeerconnection.js'
+import type { StunServer } from './utils/stun-listener.js'
+import type { PeerId, ListenerEvents, Listener, Upgrader, ComponentLogger, Logger, CounterGroup, Metrics, PrivateKey } from '@libp2p/interface'
+import type { Multiaddr } from '@multiformats/multiaddr'
+
+const crypto = new Crypto()
+
+/**
+ * The time to wait, in milliseconds, for the data channel handshake to complete
+ */
+const HANDSHAKE_TIMEOUT_MS = 10_000
+
+export interface WebRTCDirectListenerComponents {
+  peerId: PeerId
+  privateKey: PrivateKey
+  logger: ComponentLogger
+  metrics?: Metrics
+}
+
+export interface WebRTCDirectListenerInit {
+  upgrader: Upgrader
+  certificates?: TransportCertificate[]
+  maxInboundStreams?: number
+  dataChannel?: DataChannelOptions
+  rtcConfiguration?: RTCConfiguration | (() => RTCConfiguration | Promise<RTCConfiguration>)
+  useLibjuice?: boolean
+}
+
+export interface WebRTCListenerMetrics {
+  listenerEvents: CounterGroup
+}
+
+const UDP_PROTOCOL = protocols('udp')
+const IP4_PROTOCOL = protocols('ip4')
+const IP6_PROTOCOL = protocols('ip6')
+
+export class WebRTCDirectListener extends TypedEventEmitter<ListenerEvents> implements Listener {
+  private server?: StunServer
+  private readonly multiaddrs: Multiaddr[]
+  private certificate?: TransportCertificate
+  private readonly connections: Map<string, DirectRTCPeerConnection>
+  private readonly log: Logger
+  private readonly init: WebRTCDirectListenerInit
+  private readonly components: WebRTCDirectListenerComponents
+  private readonly metrics?: WebRTCListenerMetrics
+
+  constructor (components: WebRTCDirectListenerComponents, init: WebRTCDirectListenerInit) {
+    super()
+
+    this.init = init
+    this.components = components
+    this.multiaddrs = []
+    this.connections = new Map()
+    this.log = components.logger.forComponent('libp2p:webrtc-direct:listener')
+    this.certificate = init.certificates?.[0]
+
+    if (components.metrics != null) {
+      this.metrics = {
+        listenerEvents: components.metrics.registerCounterGroup('libp2p_webrtc-direct_listener_events_total', {
+          label: 'event',
+          help: 'Total count of WebRTC-direct listen events by type'
+        })
+      }
+    }
+  }
+
+  async listen (ma: Multiaddr): Promise<void> {
+    const parts = ma.stringTuples()
+    const ipVersion = IP4.matches(ma) ? 4 : 6
+    const host = parts
+      .filter(([code]) => code === IP4_PROTOCOL.code)
+      .pop()?.[1] ?? parts
+      .filter(([code]) => code === IP6_PROTOCOL.code)
+      .pop()?.[1]
+
+    if (host == null) {
+      throw new Error('IP4/6 host must be specified in webrtc-direct mulitaddr')
+    }
+    let port = parseInt(parts
+      .filter(([code, value]) => code === UDP_PROTOCOL.code)
+      .pop()?.[1] ?? '')
+
+    if (isNaN(port)) {
+      throw new Error('UDP port must be specified in webrtc-direct mulitaddr')
+    }
+
+    if (port === 0 && this.init.useLibjuice !== false) {
+      // libjuice doesn't map 0 to a random free port so we have to do it
+      // ourselves
+      port = await getPort()
+    }
+
+    this.server = await stunListener(host, port, ipVersion, this.log, (ufrag, remoteHost, remotePort) => {
+      this.incomingConnection(ufrag, remoteHost, remotePort)
+        .catch(err => {
+          this.log.error('error processing incoming STUN request', err)
+        })
+    }, {
+      useLibjuice: this.init.useLibjuice
+    })
+
+    let certificate = this.certificate
+
+    if (certificate == null) {
+      const keyPair = await crypto.subtle.generateKey({
+        name: 'ECDSA',
+        namedCurve: 'P-256'
+      }, true, ['sign', 'verify'])
+
+      certificate = this.certificate = await generateTransportCertificate(keyPair, {
+        days: 365
+      })
+    }
+
+    const address = this.server.address()
+
+    getNetworkAddresses(address.address, address.port, ipVersion).forEach((ma) => {
+      this.multiaddrs.push(multiaddr(`${ma}/webrtc-direct/certhash/${certificate.certhash}`))
+    })
+
+    this.safeDispatchEvent('listening')
+  }
+
+  private async incomingConnection (ufrag: string, remoteHost: string, remotePort: number): Promise<void> {
+    const key = `${remoteHost}:${remotePort}:${ufrag}`
+    let peerConnection = this.connections.get(key)
+
+    if (peerConnection != null) {
+      this.log.trace('already got peer connection for %s', key)
+      return
+    }
+
+    this.log('create peer connection for %s', key)
+
+    // https://github.com/libp2p/specs/blob/master/webrtc/webrtc-direct.md#browser-to-public-server
+    peerConnection = await createDialerRTCPeerConnection('server', ufrag, this.init.rtcConfiguration, this.certificate)
+
+    this.connections.set(key, peerConnection)
+
+    peerConnection.addEventListener('connectionstatechange', () => {
+      switch (peerConnection.connectionState) {
+        case 'failed':
+        case 'disconnected':
+        case 'closed':
+          this.connections.delete(key)
+          break
+        default:
+          break
+      }
+    })
+
+    try {
+      await connect(peerConnection, ufrag, {
+        role: 'server',
+        log: this.log,
+        logger: this.components.logger,
+        metrics: this.components.metrics,
+        events: this.metrics?.listenerEvents,
+        signal: AbortSignal.timeout(HANDSHAKE_TIMEOUT_MS),
+        remoteAddr: multiaddr(`/ip${isIPv4(remoteHost) ? 4 : 6}/${remoteHost}/udp/${remotePort}`),
+        dataChannel: this.init.dataChannel,
+        upgrader: this.init.upgrader,
+        peerId: this.components.peerId,
+        privateKey: this.components.privateKey
+      })
+    } catch (err) {
+      peerConnection.close()
+      throw err
+    }
+  }
+
+  getAddrs (): Multiaddr[] {
+    return this.multiaddrs
+  }
+
+  async close (): Promise<void> {
+    for (const connection of this.connections.values()) {
+      connection.close()
+    }
+
+    await this.server?.close()
+
+    // RTCPeerConnections will be removed from the connections map when their
+    // connection state changes to 'closed'/'disconnected'/'failed
+    await pWaitFor(() => {
+      return this.connections.size === 0
+    })
+
+    this.safeDispatchEvent('close')
+  }
+}
+
+function getNetworkAddresses (host: string, port: number, version: 4 | 6): string[] {
+  if (host === '0.0.0.0' || host === '::1') {
+    // return all ip4 interfaces
+    return Object.entries(networkInterfaces())
+      .flatMap(([_, addresses]) => addresses)
+      .map(address => address?.address)
+      .filter(address => {
+        if (address == null) {
+          return false
+        }
+
+        if (version === 4) {
+          return isIPv4(address)
+        }
+
+        if (version === 6) {
+          return isIPv6(address)
+        }
+
+        return false
+      })
+      .map(address => `/ip${version}/${address}/udp/${port}`)
+  }
+
+  return [
+    `/ip${version}/${host}/udp/${port}`
+  ]
+}

package/src/private-to-public/transport.ts

@@ -1,22 +1,16 @@
-import { noise } from '@chainsafe/libp2p-noise'
-import { transportSymbol, serviceCapabilities, InvalidParametersError } from '@libp2p/interface'
+import { serviceCapabilities, transportSymbol } from '@libp2p/interface'
 import { peerIdFromString } from '@libp2p/peer-id'
 import { protocols } from '@multiformats/multiaddr'
 import { WebRTCDirect } from '@multiformats/multiaddr-matcher'
-import * as Digest from 'multiformats/hashes/digest'
-import { concat } from 'uint8arrays/concat'
-import { fromString as uint8arrayFromString } from 'uint8arrays/from-string'
-import { DataChannelError, UnimplementedError } from '../error.js'
-import { WebRTCMultiaddrConnection } from '../maconn.js'
-import { DataChannelMuxerFactory } from '../muxer.js'
-import { createStream } from '../stream.js'
-import { getRtcConfiguration, isFirefox } from '../util.js'
-import { RTCPeerConnection } from '../webrtc/index.js'
-import * as sdp from './sdp.js'
-import { genUfrag } from './util.js'
-import type { WebRTCDialOptions } from './options.js'
-import type { DataChannelOptions } from '../index.js'
-import type { CreateListenerOptions, Transport, Listener, ComponentLogger, Logger, Connection, CounterGroup, Metrics, PeerId, PrivateKey } from '@libp2p/interface'
+import { raceSignal } from 'race-signal'
+import { genUfrag } from '../util.js'
+import { WebRTCDirectListener } from './listener.js'
+import { connect } from './utils/connect.js'
+import { createDialerRTCPeerConnection } from './utils/get-rtcpeerconnection.js'
+import type { DataChannelOptions, TransportCertificate } from '../index.js'
+import type { WebRTCDialEvents } from '../private-to-private/transport.js'
+import type { CreateListenerOptions, Transport, Listener, ComponentLogger, Logger, Connection, CounterGroup, Metrics, PeerId, DialTransportOptions, PrivateKey } from '@libp2p/interface'
+import type { TransportManager } from '@libp2p/interface-internal'
 import type { Multiaddr } from '@multiformats/multiaddr'
 
 /**
@@ -46,6 +40,7 @@ export interface WebRTCDirectTransportComponents {
   privateKey: PrivateKey
   metrics?: Metrics
   logger: ComponentLogger
+  transportManager: TransportManager
 }
 
 export interface WebRTCMetrics {
@@ -55,6 +50,8 @@ export interface WebRTCMetrics {
 export interface WebRTCTransportDirectInit {
   rtcConfiguration?: RTCConfiguration | (() => RTCConfiguration | Promise<RTCConfiguration>)
   dataChannel?: DataChannelOptions
+  certificates?: TransportCertificate[]
+  useLibjuice?: boolean
 }
 
 export class WebRTCDirectTransport implements Transport {
@@ -62,10 +59,12 @@ export class WebRTCDirectTransport implements Transport {
   private readonly metrics?: WebRTCMetrics
   private readonly components: WebRTCDirectTransportComponents
   private readonly init: WebRTCTransportDirectInit
+
   constructor (components: WebRTCDirectTransportComponents, init: WebRTCTransportDirectInit = {}) {
     this.log = components.logger.forComponent('libp2p:webrtc-direct')
     this.components = components
     this.init = init
+
     if (components.metrics != null) {
       this.metrics = {
         dialerEvents: components.metrics.registerCounterGroup('libp2p_webrtc-direct_dialer_events_total', {
@@ -87,7 +86,8 @@ export class WebRTCDirectTransport implements Transport {
   /**
    * Dial a given multiaddr
    */
-  async dial (ma: Multiaddr, options: WebRTCDialOptions): Promise<Connection> {
+  async dial (ma: Multiaddr, options: DialTransportOptions<WebRTCDialEvents>): Promise<Connection> {
+    options?.signal?.throwIfAborted()
     const rawConn = await this._connect(ma, options)
     this.log('dialing address: %a', ma)
     return rawConn
@@ -97,7 +97,10 @@ export class WebRTCDirectTransport implements Transport {
    * Create transport listeners no supported by browsers
    */
   createListener (options: CreateListenerOptions): Listener {
-    throw new UnimplementedError('WebRTCTransport.createListener')
+    return new WebRTCDirectListener(this.components, {
+      ...this.init,
+      ...options
+    })
   }
 
   /**
@@ -117,182 +120,36 @@ export class WebRTCDirectTransport implements Transport {
   /**
    * Connect to a peer using a multiaddr
    */
-  async _connect (ma: Multiaddr, options: WebRTCDialOptions): Promise<Connection> {
-    const controller = new AbortController()
-    const signal = controller.signal
-
-    let remotePeer: PeerId | undefined
+  async _connect (ma: Multiaddr, options: DialTransportOptions<WebRTCDialEvents>): Promise<Connection> {
+    let theirPeerId: PeerId | undefined
     const remotePeerString = ma.getPeerId()
     if (remotePeerString != null) {
-      remotePeer = peerIdFromString(remotePeerString)
+      theirPeerId = peerIdFromString(remotePeerString)
     }
 
-    const remoteCerthash = sdp.decodeCerthash(sdp.certhash(ma))
+    const ufrag = genUfrag()
 
-    // ECDSA is preferred over RSA here. From our testing we find that P-256 elliptic
-    // curve is supported by Pion, webrtc-rs, as well as Chromium (P-228 and P-384
-    // was not supported in Chromium). We use the same hash function as found in the
-    // multiaddr if it is supported.
-    const certificate = await RTCPeerConnection.generateCertificate({
-      name: 'ECDSA',
-      namedCurve: 'P-256',
-      hash: sdp.toSupportedHashFunction(remoteCerthash.code)
-    } as any)
-
-    const peerConnection = new RTCPeerConnection({
-      ...(await getRtcConfiguration(this.init.rtcConfiguration)),
-      certificates: [certificate]
-    })
+    // https://github.com/libp2p/specs/blob/master/webrtc/webrtc-direct.md#browser-to-public-server
+    const peerConnection = await createDialerRTCPeerConnection('client', ufrag, typeof this.init.rtcConfiguration === 'function' ? await this.init.rtcConfiguration() : this.init.rtcConfiguration ?? {})
 
     try {
-      // create data channel for running the noise handshake. Once the data channel is opened,
-      // the remote will initiate the noise handshake. This is used to confirm the identity of
-      // the peer.
-      const dataChannelOpenPromise = new Promise<RTCDataChannel>((resolve, reject) => {
-        const handshakeDataChannel = peerConnection.createDataChannel('', { negotiated: true, id: 0 })
-        const handshakeTimeout = setTimeout(() => {
-          const error = `Data channel was never opened: state: ${handshakeDataChannel.readyState}`
-          this.log.error(error)
-          this.metrics?.dialerEvents.increment({ open_error: true })
-          reject(new DataChannelError('data', error))
-        }, HANDSHAKE_TIMEOUT_MS)
-
-        handshakeDataChannel.onopen = (_) => {
-          clearTimeout(handshakeTimeout)
-          resolve(handshakeDataChannel)
-        }
-
-        // ref: https://developer.mozilla.org/en-US/docs/Web/API/RTCDataChannel/error_event
-        handshakeDataChannel.onerror = (event: Event) => {
-          clearTimeout(handshakeTimeout)
-          const errorTarget = event.target?.toString() ?? 'not specified'
-          const error = `Error opening a data channel for handshaking: ${errorTarget}`
-          this.log.error(error)
-          // NOTE: We use unknown error here but this could potentially be considered a reset by some standards.
-          this.metrics?.dialerEvents.increment({ unknown_error: true })
-          reject(new DataChannelError('data', error))
-        }
-      })
-
-      const ufrag = 'libp2p+webrtc+v1/' + genUfrag(32)
-
-      // Create offer and munge sdp with ufrag == pwd. This allows the remote to
-      // respond to STUN messages without performing an actual SDP exchange.
-      // This is because it can infer the passwd field by reading the USERNAME
-      // attribute of the STUN message.
-      const offerSdp = await peerConnection.createOffer()
-      const mungedOfferSdp = sdp.munge(offerSdp, ufrag)
-      await peerConnection.setLocalDescription(mungedOfferSdp)
-
-      // construct answer sdp from multiaddr and ufrag
-      const answerSdp = sdp.fromMultiAddr(ma, ufrag)
-      await peerConnection.setRemoteDescription(answerSdp)
-
-      // wait for peerconnection.onopen to fire, or for the datachannel to open
-      const handshakeDataChannel = await dataChannelOpenPromise
-
-      // Do noise handshake.
-      // Set the Noise Prologue to libp2p-webrtc-noise:<FINGERPRINTS> before starting the actual Noise handshake.
-      // <FINGERPRINTS> is the concatenation of the of the two TLS fingerprints of A and B in their multihash byte representation, sorted in ascending order.
-      const fingerprintsPrologue = this.generateNoisePrologue(peerConnection, remoteCerthash.code, ma)
-
-      // Since we use the default crypto interface and do not use a static key or early data,
-      // we pass in undefined for these parameters.
-      const connectionEncrypter = noise({ prologueBytes: fingerprintsPrologue })(this.components)
-
-      const wrappedChannel = createStream({
-        channel: handshakeDataChannel,
-        direction: 'inbound',
+      return await raceSignal(connect(peerConnection, ufrag, {
+        role: 'client',
+        log: this.log,
         logger: this.components.logger,
-        ...(this.init.dataChannel ?? {})
-      })
-      const wrappedDuplex = {
-        ...wrappedChannel,
-        sink: wrappedChannel.sink.bind(wrappedChannel),
-        source: (async function * () {
-          for await (const list of wrappedChannel.source) {
-            for (const buf of list) {
-              yield buf
-            }
-          }
-        }())
-      }
-
-      // Creating the connection before completion of the noise
-      // handshake ensures that the stream opening callback is set up
-      const maConn = new WebRTCMultiaddrConnection(this.components, {
-        peerConnection,
+        metrics: this.components.metrics,
+        events: this.metrics?.dialerEvents,
+        signal: options.signal ?? AbortSignal.timeout(HANDSHAKE_TIMEOUT_MS),
         remoteAddr: ma,
-        timeline: {
-          open: Date.now()
-        },
-        metrics: this.metrics?.dialerEvents
-      })
-
-      const eventListeningName = isFirefox ? 'iceconnectionstatechange' : 'connectionstatechange'
-
-      peerConnection.addEventListener(eventListeningName, () => {
-        switch (peerConnection.connectionState) {
-          case 'failed':
-          case 'disconnected':
-          case 'closed':
-            maConn.close().catch((err) => {
-              this.log.error('error closing connection', err)
-            }).finally(() => {
-              // Remove the event listener once the connection is closed
-              controller.abort()
-            })
-            break
-          default:
-            break
-        }
-      }, { signal })
-
-      // Track opened peer connection
-      this.metrics?.dialerEvents.increment({ peer_connection: true })
-
-      const muxerFactory = new DataChannelMuxerFactory(this.components, {
-        peerConnection,
-        metrics: this.metrics?.dialerEvents,
-        dataChannelOptions: this.init.dataChannel
-      })
-
-      // For outbound connections, the remote is expected to start the noise handshake.
-      // Therefore, we need to secure an inbound noise connection from the remote.
-      await connectionEncrypter.secureInbound(wrappedDuplex, {
-        signal,
-        remotePeer
-      })
-
-      return await options.upgrader.upgradeOutbound(maConn, { skipProtection: true, skipEncryption: true, muxerFactory })
+        dataChannel: this.init.dataChannel,
+        upgrader: options.upgrader,
+        peerId: this.components.peerId,
+        remotePeerId: theirPeerId,
+        privateKey: this.components.privateKey
+      }), options.signal)
     } catch (err) {
       peerConnection.close()
       throw err
     }
   }
-
-  /**
-   * Generate a noise prologue from the peer connection's certificate.
-   * noise prologue = bytes('libp2p-webrtc-noise:') + noise-responder fingerprint + noise-initiator fingerprint
-   */
-  private generateNoisePrologue (pc: RTCPeerConnection, hashCode: number, ma: Multiaddr): Uint8Array {
-    if (pc.getConfiguration().certificates?.length === 0) {
-      throw new InvalidParametersError('no local certificate')
-    }
-
-    const localFingerprint = sdp.getLocalFingerprint(pc, {
-      log: this.log
-    })
-    if (localFingerprint == null) {
-      throw new InvalidParametersError('no local fingerprint found')
-    }
-
-    const localFpString = localFingerprint.trim().toLowerCase().replaceAll(':', '')
-    const localFpArray = uint8arrayFromString(localFpString, 'hex')
-    const local = Digest.create(hashCode, localFpArray)
-    const remote: Uint8Array = sdp.mbdecoder.decode(sdp.certhash(ma))
-    const prefix = uint8arrayFromString('libp2p-webrtc-noise:')
-
-    return concat([prefix, local.bytes, remote])
-  }
 }