feat: moved QUICServer into NodeConnectionManager

* Related #527 [ci skip]
MatrixAI · Oct 4, 2023 · ed92634 · ed92634
1 parent 2d2d5e1
commit ed92634
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 182 deletions.
diff --git a/src/PolykeyAgent.ts b/src/PolykeyAgent.ts
@@ -55,6 +55,7 @@ type NetworkConfig = {
   clientHost?: string;
   clientPort?: number;
   // Websocket server config
+  maxReadableStreamBytes?: number;
   maxIdleTimeout?: number;
   pingIntervalTime?: number;
   pingTimeoutTimeTime?: number;
@@ -95,7 +96,8 @@ class PolykeyAgent {
     keyRingConfig = {},
     certManagerConfig = {},
     networkConfig = {},
-    quicConfig = {},
+    quicServerConfig = {},
+    quicClientConfig = {},
     nodeConnectionManagerConfig = {},
     seedNodes = {},
     workers,
@@ -147,7 +149,8 @@ class PolykeyAgent {
       connectionHolePunchIntervalTime?: number;
     };
     networkConfig?: NetworkConfig;
-    quicConfig?: PolykeyQUICConfig;
+    quicServerConfig?: PolykeyQUICConfig;
+    quicClientConfig?: PolykeyQUICConfig;
     seedNodes?: SeedNodes;
     workers?: number;
     status?: Status;
@@ -195,9 +198,14 @@ class PolykeyAgent {
       ...config.defaults.networkConfig,
       ...utils.filterEmptyObject(networkConfig),
     };
-    const quicConfig_ = {
-      ...config.defaults.quicConfig,
-      ...utils.filterEmptyObject(quicConfig),
+    const quicServerConfig_ = {
+      ...config.defaults.quicServerConfig,
+      ...utils.filterEmptyObject(quicServerConfig),
+    };
+    // TODO: rename
+    const quicClientConfig_ = {
+      ...config.defaults.quicClientConfig,
+      ...utils.filterEmptyObject(quicClientConfig),
     };
     await utils.mkdirExists(fs, nodePath);
     const statusPath = path.join(nodePath, config.defaults.statusBase);
@@ -393,7 +401,7 @@ class PolykeyAgent {
           nodeGraph,
           seedNodes,
           quicSocket,
-          quicConfig: quicConfig_,
+          quicConfig: quicClientConfig_,
           ...nodeConnectionManagerConfig_,
           tlsConfig,
           crypto,
@@ -495,9 +503,11 @@ class PolykeyAgent {
         (await WebSocketServer.createWebSocketServer({
           connectionCallback: (rpcStream) =>
             rpcServerClient!.handleStream(rpcStream),
+          fs,
           host: networkConfig_.clientHost,
           port: networkConfig_.clientPort,
           tlsConfig,
+          maxReadableStreamBytes: networkConfig_.maxReadableStreamBytes,
           maxIdleTimeout: networkConfig_.maxIdleTimeout,
           pingIntervalTime: networkConfig_.pingIntervalTime,
           pingTimeoutTimeTime: networkConfig_.pingTimeoutTimeTime,
@@ -739,7 +749,10 @@ class PolykeyAgent {
             keyPrivatePem: keysUtils.privateKeyToPEM(data.keyPair.privateKey),
             certChainPem: await this.certManager.getCertPEMsChainPEM(),
           };
-          this.webSocketServerClient.setTlsConfig(tlsConfig);
+          // FIXME: Can we even support updating TLS config anymore?
+          //  We would need to shut down the Websocket server and re-create it with the new config.
+          //  Right now graceful shutdown is not supported.
+          // this.grpcServerClient.setTLSConfig(tlsConfig);
           this.nodeConnectionManager.updateTlsConfig(tlsConfig);
           this.logger.info(`${KeyRing.name} change propagated`);
         },

diff --git a/src/bootstrap/utils.ts b/src/bootstrap/utils.ts
@@ -14,7 +14,7 @@ import { Sigchain } from '../sigchain';
 import { ACL } from '../acl';
 import { GestaltGraph } from '../gestalts';
 import { KeyRing } from '../keys';
-import { NodeGraph, NodeManager } from '../nodes';
+import { NodeConnectionManager, NodeGraph, NodeManager } from '../nodes';
 import { VaultManager } from '../vaults';
 import { NotificationsManager } from '../notifications';
 import { mkdirExists } from '../utils';
@@ -153,11 +153,21 @@ async function bootstrapState({
       logger,
       lazy: true,
     });
+    const nodeConnectionManager = new NodeConnectionManager({
+      // No streams are created
+      handleStream: () => {},
+      keyRing,
+      nodeGraph,
+      quicClientConfig: {} as any, // No connections are attempted
+      crypto: {} as any, // No connections are attempted
+      quicSocket: {} as any, // No connections are attempted
+      logger: logger.getChild(NodeConnectionManager.name),
+    });
     const nodeManager = new NodeManager({
       db,
       keyRing,
       nodeGraph,
-      nodeConnectionManager: {} as any, // No connections are attempted
+      nodeConnectionManager,
       sigchain,
       taskManager,
       gestaltGraph,
@@ -167,7 +177,7 @@ async function bootstrapState({
       await NotificationsManager.createNotificationsManager({
         acl,
         db,
-        nodeConnectionManager: {} as any, // No connections are attempted
+        nodeConnectionManager,
         nodeManager,
         keyRing,
         logger: logger.getChild(NotificationsManager.name),
@@ -178,7 +188,7 @@ async function bootstrapState({
       db,
       gestaltGraph,
       keyRing,
-      nodeConnectionManager: {} as any, // No connections are attempted
+      nodeConnectionManager,
       vaultsPath,
       notificationsManager,
       logger: logger.getChild(VaultManager.name),

diff --git a/src/nodes/NodeConnection.ts b/src/nodes/NodeConnection.ts
@@ -2,7 +2,7 @@ import type { ContextTimed } from '@matrixai/contexts';
 import type { PromiseCancellable } from '@matrixai/async-cancellable';
 import type { NodeId, QuicConfig } from './types';
 import type { Host, Hostname, Port, TLSConfig } from '../network/types';
-import type { Certificate, CertificatePEM } from '../keys/types';
+import type { CertificatePEM } from '../keys/types';
 import type { ClientManifest, RPCStream } from '../rpc/types';
 import type {
   QUICSocket,
@@ -22,7 +22,6 @@ import RPCClient from '../rpc/RPCClient';
 import * as networkUtils from '../network/utils';
 import * as rpcUtils from '../rpc/utils';
 import * as keysUtils from '../keys/utils';
-import * as nodesUtils from '../nodes/utils';
 import { never } from '../utils';
 
 /**
@@ -184,7 +183,6 @@ class NodeConnection<M extends ClientManifest> extends EventTarget {
     if (certChain == null) never();
     const nodeId = keysUtils.certNodeId(certChain[0]);
     if (nodeId == null) never();
-    const newLogger = logger.getParent() ?? new Logger(this.name);
     const nodeConnection = new this<M>({
       validatedNodeId,
       nodeId,
@@ -197,11 +195,7 @@ class NodeConnection<M extends ClientManifest> extends EventTarget {
       quicClient,
       quicConnection,
       rpcClient,
-      logger: newLogger.getChild(
-        `${this.name} [${nodesUtils.encodeNodeId(nodeId)}@${
-          quicConnection.remoteHost
-        }:${quicConnection.remotePort}]`,
-      ),
+      logger,
     });
     quicClient.addEventListener(
       'clientDestroy',
@@ -217,20 +211,25 @@ class NodeConnection<M extends ClientManifest> extends EventTarget {
 
   static async createNodeConnectionReverse<M extends ClientManifest>({
     handleStream,
-    certChain,
-    nodeId,
     quicConnection,
     manifest,
     logger = new Logger(this.name),
   }: {
     handleStream: (stream: RPCStream<Uint8Array, Uint8Array>) => void;
-    certChain: Array<Certificate>;
-    nodeId: NodeId;
     quicConnection: QUICConnection;
     manifest: M;
     logger?: Logger;
   }): Promise<NodeConnection<M>> {
     logger.info(`Creating ${this.name}`);
+    // No specific error here, validation is handled by the QUICServer
+    const certChain = quicConnection.getRemoteCertsChain().map((pem) => {
+      const cert = keysUtils.certFromPEM(pem as CertificatePEM);
+      if (cert == null) never();
+      return cert;
+    });
+    if (certChain == null) never();
+    const nodeId = keysUtils.certNodeId(certChain[0]);
+    if (nodeId == null) never();
     // Creating RPCClient
     const rpcClient = await RPCClient.createRPCClient<M>({
       manifest,