querysub 0.312.0 → 0.314.0

package/src/-a-archives/archivesPrivateFileSystem.ts

@@ -0,0 +1,299 @@
+import { measureFnc } from "socket-function/src/profiling/measure";
+import { blue } from "socket-function/src/formatting/logColors";
+import { Archives } from "./archives";
+import { cache, lazy } from "socket-function/src/caching";
+import { delay } from "socket-function/src/batching";
+import { isDefined } from "../misc";
+
+let getRootDirectory = lazy(async () => {
+    await navigator.storage.persist();
+    return navigator.storage.getDirectory();
+});
+
+class ArchivesPrivateFileSystem {
+    public LAG = 0;
+    private rootDir: string;
+
+    private logging = false;
+    public enableLogging() {
+        this.logging = true;
+    }
+    private log(text: string) {
+        if (!this.logging) return;
+        console.log(text);
+    }
+
+    constructor(rootDir: string) {
+        this.rootDir = rootDir;
+        // Ensure rootDir ends with "/" for consistency
+        if (!this.rootDir.endsWith("/")) {
+            this.rootDir = this.rootDir + "/";
+        }
+    }
+
+    public getDebugName() {
+        return "privateFS/" + this.rootDir;
+    }
+
+    private async getOrCreateDirectory(path: string): Promise<FileSystemDirectoryHandle> {
+        const root = await getRootDirectory();
+        const pathParts = (this.rootDir + path).split("/").filter(part => part.length > 0);
+
+        let currentDir = root;
+        for (const part of pathParts) {
+            currentDir = await currentDir.getDirectoryHandle(part, { create: true });
+        }
+        return currentDir;
+    }
+
+    private async ensureDirsExist(path: string) {
+        const pathParts = path.split("/");
+        // Create directories up to the parent of the file (don't include the file itself)
+        if (pathParts.length > 1) {
+            const dirPath = pathParts.slice(0, -1).join("/");
+            await this.getOrCreateDirectory(dirPath);
+        }
+    }
+
+    @measureFnc
+    public async set(fileName: string, data: Buffer): Promise<void> {
+        this.log(blue(`Setting file ${fileName} = ${data.length} bytes`));
+
+        await this.ensureDirsExist(fileName);
+
+        const pathParts = fileName.split("/");
+        const filename = pathParts[pathParts.length - 1];
+        const dirPath = pathParts.length > 1 ? pathParts.slice(0, -1).join("/") : "";
+
+        const directory = await this.getOrCreateDirectory(dirPath);
+        const fileHandle = await directory.getFileHandle(filename, { create: true });
+        const writable = await fileHandle.createWritable();
+        await writable.write(data);
+        await writable.close();
+    }
+
+    @measureFnc
+    public async del(fileName: string): Promise<void> {
+        this.log(blue(`Deleting file ${fileName}`));
+
+        const pathParts = fileName.split("/");
+        const filename = pathParts[pathParts.length - 1];
+        const dirPath = pathParts.length > 1 ? pathParts.slice(0, -1).join("/") : "";
+
+        try {
+            const directory = await this.getOrCreateDirectory(dirPath);
+            await directory.removeEntry(filename);
+        } catch (e: any) {
+            // File might not exist, which is fine for delete operations
+            if (e.name !== "NotFoundError") {
+                throw e;
+            }
+        }
+    }
+
+    public async setLargeFile(config: { path: string; getNextData(): Promise<Buffer | undefined>; }): Promise<void> {
+        let { path } = config;
+        await this.ensureDirsExist(path);
+
+        const pathParts = path.split("/");
+        const filename = pathParts[pathParts.length - 1];
+        const dirPath = pathParts.length > 1 ? pathParts.slice(0, -1).join("/") : "";
+
+        const directory = await this.getOrCreateDirectory(dirPath);
+        const fileHandle = await directory.getFileHandle(filename, { create: true });
+        const writable = await fileHandle.createWritable();
+
+        try {
+            while (true) {
+                let data = await config.getNextData();
+                if (!data?.length) break;
+                await writable.write(data);
+            }
+        } finally {
+            await writable.close();
+        }
+    }
+
+    @measureFnc
+    public async get(fileName: string, config?: { range?: { start: number; end: number; }; retryCount?: number }): Promise<Buffer | undefined> {
+        this.log(blue(`Start read file ${fileName}`));
+
+        const pathParts = fileName.split("/");
+        const filename = pathParts[pathParts.length - 1];
+        const dirPath = pathParts.length > 1 ? pathParts.slice(0, -1).join("/") : "";
+
+        try {
+            const directory = await this.getOrCreateDirectory(dirPath);
+            const fileHandle = await directory.getFileHandle(filename, { create: false });
+            const file = await fileHandle.getFile();
+
+            if (config?.range) {
+                const start = config.range.start;
+                const end = config.range.end;
+                const slice = file.slice(start, end);
+                const arrayBuffer = await slice.arrayBuffer();
+                return Buffer.from(arrayBuffer);
+            } else {
+                const arrayBuffer = await file.arrayBuffer();
+                return Buffer.from(arrayBuffer);
+            }
+        } catch (e: any) {
+            if (e.name === "NotFoundError") {
+                return undefined;
+            }
+            throw e;
+        }
+    }
+
+    @measureFnc
+    public async find(prefix: string, config?: { shallow?: boolean; type: "files" | "folders" }): Promise<string[]> {
+        this.log(blue(`findFileNames ${prefix}`));
+
+        let fileNames: string[] = [];
+        let folderNames: string[] = [];
+
+        async function readDir(directory: FileSystemDirectoryHandle, currentPath: string) {
+            for await (const [name, handle] of directory) {
+                const fullPath = currentPath + (currentPath ? "/" : "") + name;
+
+                if (handle.kind === "directory") {
+                    folderNames.push(fullPath);
+                    if (!config?.shallow) {
+                        await readDir(handle, fullPath);
+                    }
+                } else {
+                    fileNames.push(fullPath);
+                }
+            }
+        }
+
+        try {
+            // Start from the root directory of our namespace
+            const rootDirectory = await this.getOrCreateDirectory("");
+            await readDir(rootDirectory, "");
+
+            let results = config?.type === "folders" ? folderNames : fileNames;
+            results = results.filter(name => name.startsWith(prefix));
+
+            if (config?.shallow) {
+                let targetDepth = prefix.split("/").length;
+                results = results.filter(name => name.split("/").length === targetDepth);
+            }
+
+            return results;
+        } catch (e: any) {
+            if (e.name === "NotFoundError") {
+                return [];
+            }
+            throw e;
+        }
+    }
+
+    @measureFnc
+    public async findInfo(prefix: string, config?: { shallow?: boolean; type: "files" | "folders" }): Promise<{ path: string; createTime: number; size: number; }[]> {
+        let files = await this.find(prefix, config);
+        return (await Promise.all(files.map(async file => {
+            try {
+                const info = await this.getInfo(file);
+                if (!info) return undefined;
+                return { path: file, createTime: info.writeTime, size: info.size };
+            } catch {
+                return undefined;
+            }
+        }))).filter(isDefined);
+    }
+
+    @measureFnc
+    public async getInfo(pathInput: string): Promise<{
+        writeTime: number;
+        size: number;
+    } | undefined> {
+        const pathParts = pathInput.split("/");
+        const filename = pathParts[pathParts.length - 1];
+        const dirPath = pathParts.length > 1 ? pathParts.slice(0, -1).join("/") : "";
+
+        try {
+            const directory = await this.getOrCreateDirectory(dirPath);
+            const fileHandle = await directory.getFileHandle(filename, { create: false });
+            const file = await fileHandle.getFile();
+
+            return {
+                writeTime: file.lastModified,
+                size: file.size,
+            };
+        } catch (e: any) {
+            if (e.name === "NotFoundError") {
+                return undefined;
+            }
+            throw e;
+        }
+    }
+
+    public async assertPathValid(path: string) {
+        // Private file system has fewer restrictions than regular file system
+        // Most characters are allowed, so we just check for obviously problematic patterns
+        if (path.includes("..")) {
+            throw new Error(`Invalid path contains '..': ${path}`);
+        }
+        if (path.startsWith("/")) {
+            throw new Error(`Invalid path starts with '/': ${path}`);
+        }
+    }
+
+    @measureFnc
+    public async move(config: {
+        path: string;
+        target: Archives;
+        targetPath: string;
+    }) {
+        let { path, target, targetPath } = config;
+
+        // Unwrap any nested archives
+        while (true) {
+            let targetUnwrapped = target.getBaseArchives?.();
+            if (!targetUnwrapped) break;
+            target = targetUnwrapped.archives;
+            targetPath = targetUnwrapped.parentPath + targetPath;
+        }
+
+        // For moves, we can optimize if both source and target are private file system
+        if (target instanceof ArchivesPrivateFileSystem) {
+            // Private File System API doesn't have a native move operation
+            // So we fall back to copy + delete
+            await this.copy({ path, target, targetPath });
+            await this.del(path);
+        } else {
+            // Moving to a different archive type - copy then delete
+            let data = await this.get(path);
+            if (!data) throw new Error(`File not found to move: ${path}`);
+            await target.set(targetPath, data);
+            await this.del(path);
+        }
+    }
+
+    @measureFnc
+    public async copy(config: {
+        path: string;
+        target: Archives;
+        targetPath: string;
+    }) {
+        let { path, target, targetPath } = config;
+
+        // Unwrap any nested archives
+        while (true) {
+            let targetUnwrapped = target.getBaseArchives?.();
+            if (!targetUnwrapped) break;
+            target = targetUnwrapped.archives;
+            targetPath = targetUnwrapped.parentPath + targetPath;
+        }
+
+        // Get the data and set it in the target
+        let data = await this.get(path);
+        if (!data) throw new Error(`File not found to copy: ${path}`);
+        await target.set(targetPath, data);
+    }
+}
+
+export const getArchivesPrivateFileSystem = cache((rootDir: string): Archives => {
+    return new ArchivesPrivateFileSystem(rootDir);
+});

package/src/-a-auth/certs.ts

@@ -27,7 +27,7 @@ const timeInDay = 1000 * 60 * 60 * 24;
 
 export const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
 
-export const identityStorageKey = "machineCA_6";
+export const identityStorageKey = "machineCA_9";
 export type IdentityStorageType = { domain: string; certB64: string; keyB64: string };
 
 let identityCACached = createKeyStore<IdentityStorageType>(identityStorageKey);
@@ -69,9 +69,14 @@ export function createX509(
         const commonNameAttrs = [{ name: "commonName", value: domain }];
         certObj.setSubject(commonNameAttrs);
 
+
+        let machineId: string;
         if (issuer === "self") {
             certObj.setIssuer(commonNameAttrs);
+            machineId = getDomainPartFromPublicKey(keyPair.publicKey);
         } else {
+            let certParsed = parseCert(issuer.cert.toString());
+            machineId = getDomainPartFromPublicKey(certParsed.publicKey);
             certObj.setIssuer(forge.pki.certificateFromPem(issuer.cert.toString()).subject.attributes);
         }
 
@@ -83,6 +88,18 @@ export function createX509(
 
         let localHostDomain = "127-0-0-1." + domain.split(".").slice(-2).join(".");
 
+        //todonext
+        // Wait, why is one of our alt names not the machine URL that includes the machine hash? Oh, I guess it can't be because we don't know the hash until we create the cert, but we kind of do. Or we can at least. 
+        // I guess the real question is why was this not an issue before? Were we adding it before and then we stopped adding it? Were we adding the thread certificate before to trust?
+        // I think it's fine to change this behavior, although it is kind of annoying to get the public key here (I think we have to derive it from the private key. What a nightmare.
+        // Maybe we had just an issue where we weren't correctly verifying the certificate? No, but that doesn't make any sense because Node.js is verifying the certificate. 
+        //todonext
+        // Our trust store hasn't changed, it's just our machine ID that's changed. And even if it has changed, that's fine. But anyway, we should check our trust store to see what the old certificate looked like. 
+        //todonext;
+        // Huh, the certificates did used to have the machine ID in them. And actually the domain I'm looking at, I'm pretty sure we were adding, that doesn't make any sense, the thread IDs? I don't know, maybe it was just totally borked before, maybe explain some of the issues we were having. It could be why sometimes startup failed. Maybe what happened was it only works if... When a node starts, it tells all other nodes that it changed the trust cache. And in that way, if they start in order, even though they keep breaking the trust cache by clobbering the machine CA certificate, We end up with all the certificates.
+        // I do really like the Node.js error. It's extremely specific. It even gives us the full cert alt names. Very good error. Without this error it would be extremely difficult to debug this. 
+
+
         extensions.push(...[
             { name: "keyUsage", keyCertSign: isCA, digitalSignature: true, nonRepudiation: true, keyEncipherment: true, dataEncipherment: true },
             { name: "subjectKeyIdentifier" },
@@ -92,6 +109,7 @@ export function createX509(
                     { type: 2, value: domain },
                     { type: 2, value: "*." + domain },
                     { type: 2, value: localHostDomain },
+                    { type: 2, value: `*.${machineId}.${domain}` },
                     // NOTE: No longer allow 127.0.0.1, to make this more secure. We might enable this
                     //  behavior behind a flag, for development.
                     //{ type: 7, ip: "127.0.0.1" }
@@ -123,10 +141,19 @@ export function createX509(
         });
 
         return measureBlock(function toPems() {
+            let cert = Buffer.from(forge.pki.certificateToPem(certObj));
+            let key = Buffer.from(privateKeyToPem(keyPair.privateKey));
+            if (issuer === "self") {
+                let certParsed = parseCert(cert);
+                let publicKeyPart = getDomainPartFromPublicKey(certParsed.publicKey);
+                if (publicKeyPart !== machineId) {
+                    throw new Error(`PublicKey inside of certificate was different than expected. This means our altNames will be incorrect. Expected ${machineId}, got ${publicKeyPart}`);
+                }
+            }
             return {
                 domain,
-                cert: Buffer.from(forge.pki.certificateToPem(certObj)),
-                key: Buffer.from(privateKeyToPem(keyPair.privateKey)),
+                cert,
+                key,
             };
         });
     });
@@ -207,7 +234,8 @@ function getDomainPartFromPublicKey(publicKey: { publicKeyBytes: Buffer } | forg
     } else {
         bytes = Buffer.from(new Uint32Array((publicKey as any).n.data).buffer);
     }
-    return "b" + sha265.sha256(Buffer.from(bytes)).slice(0, 16).replaceAll("+", "-").replaceAll("/", "_");
+    // This used to prepend "b", but... why? It is annoying as it made hashes look more similar than they should. Random is much better.
+    return sha265.sha256(Buffer.from(bytes)).slice(0, 16).replaceAll("+", "-").replaceAll("/", "_");
 }
 
 export function validateCACert(cert: string | Buffer) {
@@ -219,16 +247,13 @@ export function validateCACert(cert: string | Buffer) {
     let domainParts = subject.split(".").reverse();
 
     let rootDomainParsed = [domainParts.shift(), domainParts.shift()].reverse().join(".");
-    if (rootDomainParsed !== getDomain()) {
-        // This is important, as our trust store contains more then just OUR certificates,
-        //  so if we allow any domains then real domains can impersonate anyone! It has to
-        //  be one OUR domain to be trusted!
-        throw new Error(`Certificate root domain should be ${getDomain()}, but is ${rootDomainParsed}`);
-    }
-    // TODO: Maybe just skip if it isn't a hash string?
-    if (domainParts[0] === "noproxy") {
-        domainParts.shift();
-    }
+    // NOTE: This doesn't seem to be required. All the validation is doing is making sure the hashes match up, just for identification, not for trust (trust happens in NetworkTrust2, which trusts if the identity is in the archives). And to be extra sure, SocketFunction only allows connections (in either direction) if it's a real certificate, or we explicitly trusted it. SO, if it's a random domain, it won't be trusted (unless we trust that domain), but it SHOULD be identified!
+    // if (rootDomainParsed !== getDomain()) {
+    //     // This is important, as our trust store contains more then just OUR certificates,
+    //     //  so if we allow any domains then real domains can impersonate anyone! It has to
+    //     //  be one OUR domain to be trusted!
+    //     throw new Error(`Certificate root domain should be ${getDomain()}, but is ${rootDomainParsed}`);
+    // }
 
     let certExpectedPublicKeyPart = (domainParts.shift() || "").split("-").slice(-1)[0];
     let certActualPublicKeyPart = getDomainPartFromPublicKey(certParsed.publicKey);
@@ -266,13 +291,10 @@ export function validateCertificate(cert: Buffer | string, issuerCert: Buffer |
     let domainParts = subject.split(".").reverse();
 
     let rootDomainParsed = [domainParts.shift(), domainParts.shift()].reverse().join(".");
-    if (rootDomainParsed !== getDomain()) {
-        throw new Error(`Certificate root domain should be ${getDomain()}, but is ${rootDomainParsed}`);
-    }
-    // TODO: Maybe just skip if it isn't a hash string?
-    if (domainParts[0] === "noproxy") {
-        domainParts.shift();
-    }
+    // NOTE: This doesn't seem to be required. All the validation is doing is making sure the hashes match up, just for identification, not for trust (trust happens in NetworkTrust2, which trusts if the identity is in the archives). And to be extra sure, SocketFunction only allows connections (in either direction) if it's a real certificate, or we explicitly trusted it. SO, if it's a random domain, it won't be trusted (unless we trust that domain), but it SHOULD be identified!
+    // if (rootDomainParsed !== getDomain()) {
+    //     throw new Error(`Certificate root domain should be ${getDomain()}, but is ${rootDomainParsed}`);
+    // }
 
     let issuerCertParsed = parseCert(issuerCert);
 
@@ -431,8 +453,8 @@ export function createCertFromCA(config: {
     });
 }
 
-export function getMachineId(domainName: string) {
-    return domainName.split(".").slice(-3).join(".");
+export function getMachineId(domainNameOrNodeId: string) {
+    return decodeNodeIdAssert(domainNameOrNodeId, "allowMissingThreadId").machineId;
 }
 
 export type NodeIdParts = {
@@ -441,7 +463,7 @@ export type NodeIdParts = {
     domain: string;
     port: number;
 };
-export function decodeNodeId(nodeId: string): NodeIdParts | undefined {
+export function decodeNodeId(nodeId: string, allowMissingThreadId?: "allowMissingThreadId"): NodeIdParts | undefined {
     let locationObj = getNodeIdLocation(nodeId);
     if (!locationObj) {
         return undefined;
@@ -455,7 +477,8 @@ export function decodeNodeId(nodeId: string): NodeIdParts | undefined {
             port: locationObj.port,
         };
     }
-    if (parts.length < 4) {
+    let isValid = parts.length >= 4 || allowMissingThreadId && parts.length === 3;
+    if (!isValid) {
         return undefined;
     }
     return {
@@ -465,8 +488,8 @@ export function decodeNodeId(nodeId: string): NodeIdParts | undefined {
         port: locationObj.port,
     };
 }
-export function decodeNodeIdAssert(nodeId: string): NodeIdParts {
-    let result = decodeNodeId(nodeId);
+export function decodeNodeIdAssert(nodeId: string, allowMissingThreadId?: "allowMissingThreadId"): NodeIdParts {
+    let result = decodeNodeId(nodeId, allowMissingThreadId);
     if (!result) {
         throw new Error(`Invalid nodeId: ${nodeId}`);
     }
@@ -488,9 +511,13 @@ export function getIdentityCA() {
     return identityCA();
 }
 
-export function getOwnMachineId() {
-    return getMachineId(getIdentityCA().domain);
-}
+export const getOwnMachineId = lazy(() => {
+    return getMachineId("threadId." + getIdentityCA().domain);
+});
+export const getOwnThreadId = lazy(() => {
+    let threadKeyCert = getThreadKeyCert();
+    return decodeNodeIdAssert(threadKeyCert.domain).threadId;
+});
 
 /** Part of the machineId comes from the publicKey, so we can use it to verify */
 export function verifyMachineIdForPublicKey(config: {
@@ -499,7 +526,7 @@ export function verifyMachineIdForPublicKey(config: {
 }): boolean {
     let { machineId, publicKey } = config;
     let domainPart = getDomainPartFromPublicKey(publicKey);
-    return machineId.split(".").at(-3) === domainPart;
+    return machineId === domainPart;
 }
 
 // NOTE: We don't have a cache per CA, as... the CA should be set first

package/src/-b-authorities/cdnAuthority.ts

@@ -29,7 +29,7 @@ export async function hostArchives(config: {
     }
 
     let archiveT = archives as ArchivesBackblaze;
-    let baseURL = await archiveT.getDownloadURL("");
+    let baseURL = await archiveT.getURL!("");
     // Remove the trailing slash if it exists
     if (baseURL.endsWith("/")) {
         baseURL = baseURL.slice(0, -1);
@@ -43,7 +43,7 @@ export async function hostArchives(config: {
         if (path.startsWith("/")) {
             path = path.slice(1);
         }
-        let targetPath = await archiveT.getDownloadURL(parentPath + path);
+        let targetPath = await archiveT.getURL!(parentPath + path);
         let url = new URL(targetPath);
         url.hostname = subdomain + "." + domain;
         return url.toString();

package/src/-b-authorities/dnsAuthority.ts

@@ -10,6 +10,7 @@ import debugbreak from "debugbreak";
 import { isClient } from "../config2";
 import { getArchives } from "../-a-archives/archives";
 import { cloudflareCall, cloudflareGETCall, cloudflarePOSTCall, getCloudflareCreds } from "./cloudflareHelpers";
+import { magenta } from "socket-function/src/formatting/logColors";
 
 const DNS_TTLSeconds = {
     "TXT": 60,
@@ -87,14 +88,14 @@ export async function setRecord(type: string, key: string, value: string, proxie
     //  says "an identical record already exists", even though it doesn't, we changed the proxied value...
     if (prevValues.some(x => x.content === value)) return;
 
-    console.log(`Removing previous records of ${type} for ${key} ${JSON.stringify(prevValues.map(x => x.content))}`);
+    console.log(magenta(`Removing previous records of ${type} for ${key} ${JSON.stringify(prevValues.map(x => x.content))}`));
     let didDeletions = false;
     for (let value of prevValues) {
         didDeletions = true;
         await cloudflareCall(`/zones/${zoneId}/dns_records/${value.id}`, Buffer.from([]), "DELETE");
     }
 
-    console.log(`Setting ${type} record for ${key} to ${value} (previously had ${JSON.stringify(prevValues.map(x => x.content))})`);
+    console.log(magenta(`Setting ${type} record for ${key} to ${value} (previously had ${JSON.stringify(prevValues.map(x => x.content))})`));
     const ttl = DNS_TTLSeconds[type as "A"] || 60;
     await cloudflarePOSTCall(`/zones/${zoneId}/dns_records`, {
         type: type,

package/src/-c-identity/IdentityController.ts

@@ -148,10 +148,11 @@ class IdentityControllerBase {
         }
 
         let pubKey = getPublicIdentifier(payload.cert);
+        let machineId = getMachineId(getCommonName(payload.certIssuer));
 
         callerInfo.set(caller, {
             cert: { certPEM: payload.cert, issuerPEM: payload.certIssuer },
-            machineId: getCommonName(payload.certIssuer),
+            machineId,
             reconnectNodeId,
             pubKey,
             pubKeyShort: getShortNumber(pubKey),
@@ -197,7 +198,7 @@ const changeIdentityOnce = cacheWeak(async function changeIdentityOnce(connectio
 });
 SocketFunction.addGlobalClientHook(async function identityHook(context) {
     if (context.call.classGuid === IdentityController._classGuid) return;
-    // If we are talking to a client they should already know who we are (they established the connection!)
+    // This is for US to tell them our identity. And if they established the connection the identity will come from their original connection url (that they used to connect to us), and they validated it either being a real certificate, or they added the cert from the trusted backblaze bucket. If it just from a real certificate it means we identified them, but they might not have network trust. But that's fine, as IdentityController is JUST for identification, and if it's a real certificate we know who they are! (Which doesn't mean we trust them).
     if (isClientNodeId(context.call.nodeId)) {
         return;
     }

package/src/-d-trust/NetworkTrust2.ts

@@ -1,5 +1,5 @@
 import { measureWrap } from "socket-function/src/profiling/measure";
-import { getCommonName, getIdentityCA, getMachineId, getOwnMachineId } from "../-a-auth/certs";
+import { getIdentityCA, getMachineId, getOwnMachineId } from "../-a-auth/certs";
 import { getArchives } from "../-a-archives/archives";
 import { isNode, throttleFunction, timeInSecond } from "socket-function/src/misc";
 import { SocketFunctionHook } from "socket-function/SocketFunctionTypes";
@@ -14,12 +14,13 @@ import { devDebugbreak, getDomain, isDevDebugbreak, isPublic, isRecovery } from
 import { formatTime } from "socket-function/src/formatting/format";
 import { runInSerial } from "socket-function/src/batching";
 import { Querysub } from "../4-querysub/QuerysubController";
+import { magenta } from "socket-function/src/formatting/logColors";
 
 // Cache the untrust list, to prevent bugs from causing too many backend reads (while also allowing
 //  bad servers which make request before their trust is verified from staying broken).
 const UNTRUST_CACHE_TIME = 30 * timeInSecond;
 
-const archives = lazy(() => getArchives("trust/"));
+const archives = lazy(() => getArchives("trust2/"));
 
 export const requiresNetworkTrustHook: SocketFunctionHook = async config => {
     // HACK: On the clientside we strip the domain process and machine id, so we can no longer determine
@@ -39,10 +40,11 @@ export const requiresNetworkTrustHook: SocketFunctionHook = async config => {
     if (getNodeIdIP(caller.nodeId) === "127.0.0.1" && isRecovery()) {
         return;
     }
-    let machineId = IdentityController_getMachineId(SocketFunction.getCaller());
+    let machineId = IdentityController_getMachineId(caller);
     let trusted = await isTrusted(machineId);
     if (!trusted) {
         devDebugbreak();
+        let machineId = IdentityController_getMachineId(caller);
         throw new Error(`Calling machine is not trusted. Caller ${machineId} is not trusted by ${SocketFunction.mountedNodeId} to make call ${config.call.classGuid}.${config.call.functionName}. To gain trust add backblaze permissions (see hasBackblazePermissions) or set --nonetwork.`);
     }
 };
@@ -78,6 +80,7 @@ const isTrustedBase = runInSerial(measureWrap(async function isTrustedBase(machi
         lastArchivesTrusted = trustedMachineIds.slice();
         for (let trustedMachineId of trustedMachineIds) {
             trustedCache.add(trustedMachineId);
+            // NOTE: We don't load trust certs here, as we need to load them on demand in case the trust changes after our initial startup.
         }
     } else {
         // Checking a single entry is a lot faster (as find is slow)
@@ -88,14 +91,10 @@ const isTrustedBase = runInSerial(measureWrap(async function isTrustedBase(machi
     }
     // Always trust ourself
     trustedCache.add(getOwnMachineId());
-    // IF developing, trust localhost. This allows us to develop without port forwards,
-    //  on our services, which INCREASES security, and prevents dev machines from being
-    //  connected to by attackers (as dev machines might reveal unfinished content, or even
-    //  have security vulnerabilities).
-    //  - Don't trust this on public, as in theory an attacker MIGHT be able to connect
-    //      from localhost (but not have disk read/write access)? Maybe...
+
+    // NOTE: The only happens in the case WE connected to it (ex, "127-0-0-1.querysubtest.com:15358"). It can't look like this if it connected to us, in which case the nodeId will be "client:...", being mostly random, and created by us (UNTIL they prove they have another id). So... I'm not even sure the isPublic check is required? We only connect to nodes we discover through node discovery, which requires backblaze write permissions. But I guess it's fine to be extra careful about it...
     if (!isPublic()) {
-        trustedCache.add("127-0-0-1." + getDomain());
+        trustedCache.add("127-0-0-1");
     }
 
     if (!trustedCache.has(machineId)) {
@@ -121,15 +120,14 @@ const loadServerCert = cache(async (machineId: string) => {
         console.warn(`Could not find certificate in archives for ${machineId}`);
         return;
     }
+    console.log(magenta(`Loading certificate for ${machineId}`));
     trustCertificate(certFile);
 });
 
-const ensureWeAreTrusted = lazy(measureWrap(async () => {
+export const ensureWeAreTrusted = lazy(measureWrap(async () => {
     let machineKeyCert = getIdentityCA();
-    let machineId = getCommonName(machineKeyCert.cert);
-
-    await isTrusted(machineId);
-    if (!lastArchivesTrusted?.includes(machineId)) {
+    let machineId = getOwnMachineId();
+    if (!await archives().get(machineId)) {
         await archives().set(machineId, machineKeyCert.cert);
     }
 }));
@@ -168,6 +166,7 @@ const TrustedController = SocketFunction.register(
 if (isNode()) {
     // We have to be trusted if we make calls to a trusted endpoint, OR our mounting
     //  (really only if we are mounting a trusted endpoint, but we don't actually know that)
+    // ONLY done on received calls, not on calls we made. If we make a call we assume that the server we called is known to us through a trusted route, and therefore, trusted.
     requiresNetworkTrustHook.clientHook = async config => {
         await ensureWeAreTrusted();
     };
@@ -175,10 +174,9 @@ if (isNode()) {
     // Load the remote certificate, in the almost certain case it isn't a real certificate, and is just internal
     SocketFunction.addGlobalClientHook(async config => {
         await measureWrap(async function checkTrust() {
-            await Promise.all([
-                ensureWeAreTrusted(),
-                loadTrustCerts(config.call.nodeId)
-            ]);
+            // IMPORTANT! We SHOULDN'T need to add our machineId before we connect, as we only check machineId on received calls, so we only need to set it before we make a call (so by the time anyone receives a call, they trust us!)
+            await ensureWeAreTrusted();
+            await loadTrustCerts(config.call.nodeId);
         })();
     });
 }