querysub 0.433.0 → 0.436.0

package/src/-d-trust/NetworkTrust2.ts

@@ -1,181 +1,181 @@
-import { measureWrap } from "socket-function/src/profiling/measure";
-import { getIdentityCA, getMachineId, getOwnMachineId } from "../-a-auth/certs";
-import { getArchives } from "../-a-archives/archives";
-import { isNode, throttleFunction, timeInHour, timeInSecond } from "socket-function/src/misc";
-import { SocketFunctionHook } from "socket-function/SocketFunctionTypes";
-import { SocketFunction } from "socket-function/SocketFunction";
-import { IdentityController_getMachineId } from "../-c-identity/IdentityController";
-import { cache, lazy } from "socket-function/src/caching";
-import { getNodeIdDomainMaybeUndefined, getNodeIdIP, getNodeIdLocation } from "socket-function/src/nodeCache";
-import { trustCertificate } from "socket-function/src/certStore";
-import { isClient, isServer } from "../config2";
-import debugbreak from "debugbreak";
-import { devDebugbreak, getDomain, isDevDebugbreak, isPublic, isRecovery } from "../config";
-import { formatTime } from "socket-function/src/formatting/format";
-import { runInSerial } from "socket-function/src/batching";
-import { Querysub } from "../4-querysub/QuerysubController";
-import { magenta } from "socket-function/src/formatting/logColors";
-
-// Cache the untrust list, to prevent bugs from causing too many backend reads (while also allowing
-//  bad servers which make request before their trust is verified from staying broken).
-const UNTRUST_CACHE_TIME = 30 * timeInSecond;
-const TRUSTED_CACHE_RESET_INTERVAL = timeInHour;
-
-const archives = lazy(() => getArchives("trust2/"));
-
-export const requiresNetworkTrustHook: SocketFunctionHook = async config => {
-    // HACK: On the clientside we strip the domain process and machine id, so we can no longer determine
-    //  who it is. So... we trust anyone. This isn't so bad, as:
-    //  1) They have to at least have an HTTPS certificate, which... most nodes should have?
-    //  2) We only really talk to nodes we discovery, and only network trusted nodes can register themselves,
-    //      so... they are probably already trusted.
-    //  ALSO, if in NodeJS, but acting as a client, we only connect to remote servers via
-    //      HTTPS, so we know we can trust them, as their certificates are verified.
-    //      - Also, if we are a client we don't really have any privileged data, except
-    //          the data we send servers, which we explicitly connect to.
-    // NOTE: This also exists in isTrusted.
-    if (isClient()) {
-        return;
-    }
-    let caller = SocketFunction.getCaller();
-    if (getNodeIdIP(caller.nodeId) === "127.0.0.1" && isRecovery()) {
-        return;
-    }
-    let machineId = IdentityController_getMachineId(caller);
-    let trusted = await isTrusted(machineId);
-    if (!trusted) {
-        devDebugbreak();
-        let machineId = IdentityController_getMachineId(caller);
-        throw new Error(`Calling machine is not trusted. Caller ${machineId} is not trusted by ${SocketFunction.mountedNodeId} to make call ${config.call.classGuid}.${config.call.functionName}. To gain trust add backblaze permissions (see hasBackblazePermissions) or set --nonetwork.`);
-    }
-};
-export const assertIsNetworkTrusted = requiresNetworkTrustHook;
-
-let lastArchivesTrusted: string[] | undefined;
-let trustedCache = new Set<string>();
-let untrustedCache = new Map<string, number>();
-export const isTrusted = measureWrap(async function isTrusted(machineId: string) {
-    // See the comment in requiresNetworkTrustHook for why clients have to trust all callers.
-    if (isClient()) return true;
-
-    await populateTrustedCache();
-
-    if (trustedCache.has(machineId)) {
-        return true;
-    }
-    let untrustedTime = untrustedCache.get(machineId);
-    if (untrustedTime !== undefined && untrustedTime > Date.now()) {
-        return false;
-    }
-
-    if (machineId.includes("..")) {
-        console.warn(`Invalid machineId in isTrust call: ${machineId}`);
-        return false;
-    }
-
-    // Checking a single entry is fast and if we don't trust them they'll be added to untrusted cache so it shouldn't slow things down by too much. 
-    let trusted = await archives().get(machineId);
-    if (trusted) {
-        trustedCache.add(machineId);
-    }
-
-    if (!trustedCache.has(machineId)) {
-        untrustedCache.set(machineId, Date.now() + UNTRUST_CACHE_TIME);
-        return false;
-    } else {
-        return true;
-    }
-});
-let populateTrustedCache = lazy(async () => {
-    let trustedMachineIds = await archives().find("");
-    lastArchivesTrusted = trustedMachineIds.slice();
-    for (let trustedMachineId of trustedMachineIds) {
-        trustedCache.add(trustedMachineId);
-    }
-    // Always trust ourself
-    trustedCache.add(getOwnMachineId());
-
-    // NOTE: This only happens to servers that we connect to. Also we only allow the machine ID to be this special ID in the case it's on our domain. And because we use HTTPS when connecting to domains, it means that it must be implicitly trusted if it has a certificate for our domain.
-    trustedCache.add("127-0-0-1");
-
-    setTimeout(() => {
-        trustedCache.clear();
-        populateTrustedCache.reset();
-    }, TRUSTED_CACHE_RESET_INTERVAL);
-});
-
-export async function isNodeTrusted(nodeId: string) {
-    let domainName = getNodeIdDomainMaybeUndefined(nodeId);
-    if (!domainName) return false;
-    let machineId = getMachineId(domainName);
-    return await isTrusted(machineId);
-}
-
-const loadServerCert = cache(async (machineId: string) => {
-    // This cert isn't stored in the archives, but... this is fine?
-    if (machineId === "127-0-0-1." + getDomain()) return;
-    let certFile = await archives().get(machineId);
-    if (!certFile) {
-        console.warn(`Could not find certificate in archives for ${machineId}`);
-        return;
-    }
-    console.log(magenta(`Loading certificate for ${machineId}`));
-    trustCertificate(certFile);
-});
-
-export const ensureWeAreTrusted = lazy(measureWrap(async () => {
-    let machineKeyCert = getIdentityCA();
-    let machineId = getOwnMachineId();
-    if (!await archives().get(machineId)) {
-        await archives().set(machineId, machineKeyCert.cert);
-    }
-}));
-
-async function loadTrustCerts(nodeId: string) {
-    let location = getNodeIdLocation(nodeId);
-    if (location) {
-        let machineId = getMachineId(location.address);
-        let isTrustedBool = await isTrusted(machineId);
-        if (isTrustedBool) {
-            await loadServerCert(machineId);
-        }
-    }
-};
-
-export const isTrustedByNode = cache(async function isTrustedByNode(nodeId: string) {
-    return await TrustedController.nodes[nodeId].isTrusted();
-});
-
-class IsTrustedControllerBase {
-    public async isTrusted() {
-        return await isTrusted(IdentityController_getMachineId(SocketFunction.getCaller()));
-    }
-}
-
-const TrustedController = SocketFunction.register(
-    "IsTrustedController-5d0b8a77-f5f7-4584-96f4-9cd88ce5d59a",
-    new IsTrustedControllerBase(),
-    () => ({
-        isTrusted: {},
-    })
-);
-
-
-
-if (isNode()) {
-    // We have to be trusted if we make calls to a trusted endpoint, OR our mounting
-    //  (really only if we are mounting a trusted endpoint, but we don't actually know that)
-    // ONLY done on received calls, not on calls we made. If we make a call we assume that the server we called is known to us through a trusted route, and therefore, trusted.
-    requiresNetworkTrustHook.clientHook = async config => {
-        await ensureWeAreTrusted();
-    };
-
-    // Load the remote certificate, in the almost certain case it isn't a real certificate, and is just internal
-    SocketFunction.addGlobalClientHook(async config => {
-        await measureWrap(async function checkTrust() {
-            // IMPORTANT! We SHOULDN'T need to add our machineId before we connect, as we only check machineId on received calls, so we only need to set it before we make a call (so by the time anyone receives a call, they trust us!)
-            await ensureWeAreTrusted();
-            await loadTrustCerts(config.call.nodeId);
-        })();
-    });
+import { measureWrap } from "socket-function/src/profiling/measure";
+import { getIdentityCA, getMachineId, getOwnMachineId } from "../-a-auth/certs";
+import { getArchives } from "../-a-archives/archives";
+import { isNode, throttleFunction, timeInHour, timeInSecond } from "socket-function/src/misc";
+import { SocketFunctionHook } from "socket-function/SocketFunctionTypes";
+import { SocketFunction } from "socket-function/SocketFunction";
+import { IdentityController_getMachineId } from "../-c-identity/IdentityController";
+import { cache, lazy } from "socket-function/src/caching";
+import { getNodeIdDomainMaybeUndefined, getNodeIdIP, getNodeIdLocation } from "socket-function/src/nodeCache";
+import { trustCertificate } from "socket-function/src/certStore";
+import { isClient, isServer } from "../config2";
+import debugbreak from "debugbreak";
+import { devDebugbreak, getDomain, isDevDebugbreak, isPublic, isRecovery } from "../config";
+import { formatTime } from "socket-function/src/formatting/format";
+import { runInSerial } from "socket-function/src/batching";
+import { Querysub } from "../4-querysub/QuerysubController";
+import { magenta } from "socket-function/src/formatting/logColors";
+
+// Cache the untrust list, to prevent bugs from causing too many backend reads (while also allowing
+//  bad servers which make request before their trust is verified from staying broken).
+const UNTRUST_CACHE_TIME = 30 * timeInSecond;
+const TRUSTED_CACHE_RESET_INTERVAL = timeInHour;
+
+const archives = lazy(() => getArchives("trust2/"));
+
+export const requiresNetworkTrustHook: SocketFunctionHook = async config => {
+    // HACK: On the clientside we strip the domain process and machine id, so we can no longer determine
+    //  who it is. So... we trust anyone. This isn't so bad, as:
+    //  1) They have to at least have an HTTPS certificate, which... most nodes should have?
+    //  2) We only really talk to nodes we discovery, and only network trusted nodes can register themselves,
+    //      so... they are probably already trusted.
+    //  ALSO, if in NodeJS, but acting as a client, we only connect to remote servers via
+    //      HTTPS, so we know we can trust them, as their certificates are verified.
+    //      - Also, if we are a client we don't really have any privileged data, except
+    //          the data we send servers, which we explicitly connect to.
+    // NOTE: This also exists in isTrusted.
+    if (isClient()) {
+        return;
+    }
+    let caller = SocketFunction.getCaller();
+    if (getNodeIdIP(caller.nodeId) === "127.0.0.1" && isRecovery()) {
+        return;
+    }
+    let machineId = IdentityController_getMachineId(caller);
+    let trusted = await isTrusted(machineId);
+    if (!trusted) {
+        devDebugbreak();
+        let machineId = IdentityController_getMachineId(caller);
+        throw new Error(`Calling machine is not trusted. Caller ${machineId} is not trusted by ${SocketFunction.mountedNodeId} to make call ${config.call.classGuid}.${config.call.functionName}. To gain trust add backblaze permissions (see hasBackblazePermissions) or set --nonetwork.`);
+    }
+};
+export const assertIsNetworkTrusted = requiresNetworkTrustHook;
+
+let lastArchivesTrusted: string[] | undefined;
+let trustedCache = new Set<string>();
+let untrustedCache = new Map<string, number>();
+export const isTrusted = measureWrap(async function isTrusted(machineId: string) {
+    // See the comment in requiresNetworkTrustHook for why clients have to trust all callers.
+    if (isClient()) return true;
+
+    await populateTrustedCache();
+
+    if (trustedCache.has(machineId)) {
+        return true;
+    }
+    let untrustedTime = untrustedCache.get(machineId);
+    if (untrustedTime !== undefined && untrustedTime > Date.now()) {
+        return false;
+    }
+
+    if (machineId.includes("..")) {
+        console.warn(`Invalid machineId in isTrust call: ${machineId}`);
+        return false;
+    }
+
+    // Checking a single entry is fast and if we don't trust them they'll be added to untrusted cache so it shouldn't slow things down by too much. 
+    let trusted = await archives().get(machineId);
+    if (trusted) {
+        trustedCache.add(machineId);
+    }
+
+    if (!trustedCache.has(machineId)) {
+        untrustedCache.set(machineId, Date.now() + UNTRUST_CACHE_TIME);
+        return false;
+    } else {
+        return true;
+    }
+});
+let populateTrustedCache = lazy(async () => {
+    let trustedMachineIds = await archives().find("");
+    lastArchivesTrusted = trustedMachineIds.slice();
+    for (let trustedMachineId of trustedMachineIds) {
+        trustedCache.add(trustedMachineId);
+    }
+    // Always trust ourself
+    trustedCache.add(getOwnMachineId());
+
+    // NOTE: This only happens to servers that we connect to. Also we only allow the machine ID to be this special ID in the case it's on our domain. And because we use HTTPS when connecting to domains, it means that it must be implicitly trusted if it has a certificate for our domain.
+    trustedCache.add("127-0-0-1");
+
+    setTimeout(() => {
+        trustedCache.clear();
+        populateTrustedCache.reset();
+    }, TRUSTED_CACHE_RESET_INTERVAL);
+});
+
+export async function isNodeTrusted(nodeId: string) {
+    let domainName = getNodeIdDomainMaybeUndefined(nodeId);
+    if (!domainName) return false;
+    let machineId = getMachineId(domainName);
+    return await isTrusted(machineId);
+}
+
+const loadServerCert = cache(async (machineId: string) => {
+    // This cert isn't stored in the archives, but... this is fine?
+    if (machineId === "127-0-0-1." + getDomain()) return;
+    let certFile = await archives().get(machineId);
+    if (!certFile) {
+        console.warn(`Could not find certificate in archives for ${machineId}`);
+        return;
+    }
+    console.log(magenta(`Loading certificate for ${machineId}`));
+    trustCertificate(certFile);
+});
+
+export const ensureWeAreTrusted = lazy(measureWrap(async () => {
+    let machineKeyCert = getIdentityCA();
+    let machineId = getOwnMachineId();
+    if (!await archives().get(machineId)) {
+        await archives().set(machineId, machineKeyCert.cert);
+    }
+}));
+
+async function loadTrustCerts(nodeId: string) {
+    let location = getNodeIdLocation(nodeId);
+    if (location) {
+        let machineId = getMachineId(location.address);
+        let isTrustedBool = await isTrusted(machineId);
+        if (isTrustedBool) {
+            await loadServerCert(machineId);
+        }
+    }
+};
+
+export const isTrustedByNode = cache(async function isTrustedByNode(nodeId: string) {
+    return await TrustedController.nodes[nodeId].isTrusted();
+});
+
+class IsTrustedControllerBase {
+    public async isTrusted() {
+        return await isTrusted(IdentityController_getMachineId(SocketFunction.getCaller()));
+    }
+}
+
+const TrustedController = SocketFunction.register(
+    "IsTrustedController-5d0b8a77-f5f7-4584-96f4-9cd88ce5d59a",
+    new IsTrustedControllerBase(),
+    () => ({
+        isTrusted: {},
+    })
+);
+
+
+
+if (isNode()) {
+    // We have to be trusted if we make calls to a trusted endpoint, OR our mounting
+    //  (really only if we are mounting a trusted endpoint, but we don't actually know that)
+    // ONLY done on received calls, not on calls we made. If we make a call we assume that the server we called is known to us through a trusted route, and therefore, trusted.
+    requiresNetworkTrustHook.clientHook = async config => {
+        await ensureWeAreTrusted();
+    };
+
+    // Load the remote certificate, in the almost certain case it isn't a real certificate, and is just internal
+    SocketFunction.addGlobalClientHook(async config => {
+        await measureWrap(async function checkTrust() {
+            // IMPORTANT! We SHOULDN'T need to add our machineId before we connect, as we only check machineId on received calls, so we only need to set it before we make a call (so by the time anyone receives a call, they trust us!)
+            await ensureWeAreTrusted();
+            await loadTrustCerts(config.call.nodeId);
+        })();
+    });
 }