diff --git a/apps/wakunode2/app.nim b/apps/wakunode2/app.nim index b9f3cae5b2..9a74b4cc1c 100644 --- a/apps/wakunode2/app.nim +++ b/apps/wakunode2/app.nim @@ -547,19 +547,20 @@ proc setupProtocols(node: WakuNode, conf: WakuNodeConf, peerExchangeHandler = some(handlePeerExchange) if conf.relay: + let pubsubTopics = conf.topics.split(" ") try: - let pubsubTopics = conf.topics.split(" ") await mountRelay(node, pubsubTopics, peerExchangeHandler = peerExchangeHandler) except CatchableError: return err("failed to mount waku relay protocol: " & getCurrentExceptionMsg()) - # TODO: Get this from cli - var topicsPublicKeys = initTable[string, SkPublicKey]() # Add validation keys to protected topics - for topic, publicKey in topicsPublicKeys.pairs: - info "routing only signed traffic", topic=topic, publicKey=publicKey - node.wakuRelay.addSignedTopicValidator(Pubsubtopic(topic), publicKey) - + for topicKey in conf.protectedTopics: + if topicKey.topic notin pubsubTopics: + warn "protected topic not in subscribed pubsub topics, skipping adding validator", + protectedTopic=topicKey.topic, subscribedTopics=pubsubTopics + continue + notice "routing only signed traffic", protectedTopic=topicKey.topic, publicKey=topicKey.key + node.wakuRelay.addSignedTopicValidator(Pubsubtopic(topicKey.topic), topicKey.key) # Keepalive mounted on all nodes try: diff --git a/apps/wakunode2/config.nim b/apps/wakunode2/config.nim index 69d03a3ce8..fe513fea4d 100644 --- a/apps/wakunode2/config.nim +++ b/apps/wakunode2/config.nim @@ -11,7 +11,8 @@ import libp2p/crypto/crypto, libp2p/crypto/secp, libp2p/multiaddress, - nimcrypto/utils + nimcrypto/utils, + secp256k1 import ../../waku/common/confutils/envvar/defs as confEnvvarDefs, ../../waku/common/confutils/envvar/std/net as confEnvvarNet, @@ -25,6 +26,9 @@ export type ConfResult*[T] = Result[T, string] +type ProtectedTopic* = object + topic*: string + key*: secp256k1.SkPublicKey type WakuNodeConf* = object @@ -32,6 +36,12 @@ type desc: "Loads configuration from a TOML file (cmd-line parameters take precedence)" name: "config-file" }: Option[InputFile] + ## Application-level configuration + protectedTopics* {. + desc: "Topics and its public key to be used for message validation, topic:pubkey. Argument may be repeated." + defaultValue: newSeq[ProtectedTopic](0) + name: "protected-topic" .}: seq[ProtectedTopic] + ## Log configuration logLevel* {. @@ -457,6 +467,19 @@ proc parseCmdArg*(T: type crypto.PrivateKey, p: string): T = proc completeCmdArg*(T: type crypto.PrivateKey, val: string): seq[string] = return @[] +proc parseCmdArg*(T: type ProtectedTopic, p: string): T = + let elements = p.split(":") + if elements.len != 2: + raise newException(ConfigurationError, "Invalid format for protected topic expected topic:publickey") + + let publicKey = secp256k1.SkPublicKey.fromHex(elements[1]) + if publicKey.isErr: + raise newException(ConfigurationError, "Invalid public key") + + return ProtectedTopic(topic: elements[0], key: publicKey.get()) + +proc completeCmdArg*(T: type ProtectedTopic, val: string): seq[string] = + return @[] proc parseCmdArg*(T: type ValidIpAddress, p: string): T = try: @@ -533,6 +556,17 @@ proc readValue*(r: var EnvvarReader, value: var crypto.PrivateKey) {.raises: [Se except CatchableError: raise newException(SerializationError, getCurrentExceptionMsg()) +proc readValue*(r: var TomlReader, value: var ProtectedTopic) {.raises: [SerializationError].} = + try: + value = parseCmdArg(ProtectedTopic, r.readValue(string)) + except CatchableError: + raise newException(SerializationError, getCurrentExceptionMsg()) + +proc readValue*(r: var EnvvarReader, value: var ProtectedTopic) {.raises: [SerializationError].} = + try: + value = parseCmdArg(ProtectedTopic, r.readValue(string)) + except CatchableError: + raise newException(SerializationError, getCurrentExceptionMsg()) {.push warning[ProveInit]: off.}