feat: configure protected topics via cli

apps/wakunode2/config.nim

@@ -11,7 +11,8 @@ import
   libp2p/crypto/crypto,
   libp2p/crypto/secp,
   libp2p/multiaddress,
-  nimcrypto/utils
+  nimcrypto/utils,
+  secp256k1
 import
   ../../waku/common/confutils/envvar/defs as confEnvvarDefs,
   ../../waku/common/confutils/envvar/std/net as confEnvvarNet,
@@ -25,6 +26,9 @@ export
 
 
 type ConfResult*[T] = Result[T, string]
+type ProtectedTopic* = object
+  topic*: string
+  key*: secp256k1.SkPublicKey
 
 type
   WakuNodeConf* = object
@@ -202,6 +206,11 @@ type
       defaultValue: "/waku/2/default-waku/proto"
       name: "topics" .}: string
 
+    protectedTopics* {.
+      desc: "Topics and its public key to be used for message validation, topic:pubkey. Argument may be repeated."
+      defaultValue: newSeq[ProtectedTopic](0)
+      name: "protected-topic" .}: seq[ProtectedTopic]
+
     ## Store and message store config
 
     store* {.
@@ -457,6 +466,19 @@ proc parseCmdArg*(T: type crypto.PrivateKey, p: string): T =
 proc completeCmdArg*(T: type crypto.PrivateKey, val: string): seq[string] =
   return @[]
 
+proc parseCmdArg*(T: type ProtectedTopic, p: string): T =
+  let elements = p.split(":")
+  if elements.len != 2:
+    raise newException(ConfigurationError, "Invalid format for protected topic expected topic:publickey")
+
+  let publicKey = secp256k1.SkPublicKey.fromHex(elements[1])
+  if publicKey.isErr:
+    raise newException(ConfigurationError, "Invalid public key")
+
+  return ProtectedTopic(topic: elements[0], key: publicKey.get())
+
+proc completeCmdArg*(T: type ProtectedTopic, val: string): seq[string] =
+  return @[]
 
 proc parseCmdArg*(T: type ValidIpAddress, p: string): T =
   try:
@@ -533,6 +555,17 @@ proc readValue*(r: var EnvvarReader, value: var crypto.PrivateKey) {.raises: [Se
   except CatchableError:
     raise newException(SerializationError, getCurrentExceptionMsg())
 
+proc readValue*(r: var TomlReader, value: var ProtectedTopic) {.raises: [SerializationError].} =
+  try:
+    value = parseCmdArg(ProtectedTopic, r.readValue(string))
+  except CatchableError:
+    raise newException(SerializationError, getCurrentExceptionMsg())
+
+proc readValue*(r: var EnvvarReader, value: var ProtectedTopic) {.raises: [SerializationError].} =
+  try:
+    value = parseCmdArg(ProtectedTopic, r.readValue(string))
+  except CatchableError:
+    raise newException(SerializationError, getCurrentExceptionMsg())
 
 {.push warning[ProveInit]: off.}
 

apps/wakunode2/wakunode2.nim

@@ -432,18 +432,25 @@ proc setupProtocols(node: WakuNode, conf: WakuNodeConf,
     peerExchangeHandler = some(handlePeerExchange)
 
   if conf.relay:
+    let pubsubTopics = conf.topics.split(" ")
     try:
-      let pubsubTopics = conf.topics.split(" ")
       await mountRelay(node, pubsubTopics, peerExchangeHandler = peerExchangeHandler)
     except CatchableError:
       return err("failed to mount waku relay protocol: " & getCurrentExceptionMsg())
 
-    # TODO: Get this from cli
+    # Load each topics keys and its corresponding public key used for validation
     var topicsPublicKeys = initTable[string, SkPublicKey]()
+    for protectedTopic in conf.protectedTopics:
+      topicsPublicKeys[protectedTopic.topic] = protectedTopic.key
+
     # Add validation keys to protected topics
-    for topic, publicKey in topicsPublicKeys.pairs:
-      info "routing only signed traffic", topic=topic, publicKey=publicKey
-      node.wakuRelay.addSignedTopicValidator(Pubsubtopic(topic), publicKey)
+    for protectedTopic, publicKey in topicsPublicKeys.pairs:
+      if protectedTopic notin pubsubTopics:
+        warn "protected topic not in subscribed pubsub topics, skipping adding validator",
+              protectedTopic=protectedTopic, subscribedTopics=pubsubTopics
+        continue
+      notice "routing only signed traffic", protectedTopic=protectedTopic, publicKey=publicKey
+      node.wakuRelay.addSignedTopicValidator(Pubsubtopic(protectedTopic), publicKey)
 
 
   # Keepalive mounted on all nodes