Merge pull request #804 from MatrixAI/feature-eng-373-prevent-rpc-calls-for-unauthenticated-nodeconnections

Implementing network authentication and segregation logic to the nodes domain

Author: tegefaulkes

src/PolykeyAgent.ts

@@ -386,6 +386,14 @@ class PolykeyAgent {
           optionsDefaulted.nodes.connectionInitialMaxStreamsBidi,
         rpcParserBufferSize: optionsDefaulted.nodes.rpcParserBufferSize,
         rpcCallTimeoutTime: optionsDefaulted.nodes.rpcCallTimeoutTime,
+        authenticateNetworkForwardCallback:
+          nodesUtils.nodesAuthenticateConnectionForwardBasicPublicFactory(
+            optionsDefaulted.network,
+          ),
+        authenticateNetworkReverseCallback:
+          nodesUtils.nodesAuthenticateConnectionReverseBasicPublicFactory(
+            optionsDefaulted.network,
+          ),
         logger: logger.getChild(NodeConnectionManager.name),
       });
       nodeManager = new NodeManager({

src/client/ClientService.ts

@@ -34,8 +34,9 @@ class ClientService {
     const conn = evt.detail;
     const streamHandler = (evt: wsEvents.EventWebSocketConnectionStream) => {
       const stream = evt.detail;
+      // If the RPCServer is stopping or stopped then we want to reject new streams outright
       if (!this.rpcServer[running] || this.rpcServer[status] === 'stopping') {
-        stream.cancel(Error('TMP RPCServer not running'));
+        stream.cancel(new errors.ErrorClientServiceNotRunning());
         return;
       }
       this.rpcServer.handleStream(stream);