Skip to content

Commit

Permalink
feat: access control trie
Browse files Browse the repository at this point in the history
  • Loading branch information
Ferenc Sárai authored and aranyia committed Jul 9, 2024
1 parent 92de285 commit 49a7ef4
Show file tree
Hide file tree
Showing 92 changed files with 4,987 additions and 2,830 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/beekeeper.yml
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,6 @@ jobs:
- name: Test manifest
id: manifest
run: timeout ${TIMEOUT} beekeeper check --cluster-name local-dns --checks=ci-manifest
- name: Test authenticate
id: authenticate
run: timeout ${TIMEOUT} bash -c 'until beekeeper check --cluster-name local-dns --checks ci-authenticate; do echo "waiting for auth..."; sleep .3; done'
- name: Test postage stamps
id: postage-stamps
run: timeout ${TIMEOUT} beekeeper check --cluster-name local-dns --checks ci-postage
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
if: steps.checkdocs.outputs.build_docs == 'true'
uses: acud/openapi-dockerized@v1
with:
build-roots: 'openapi/Swarm.yaml openapi/SwarmDebug.yaml'
build-roots: 'openapi/Swarm.yaml'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.DO_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DO_AWS_SECRET_ACCESS_KEY }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,9 @@ jobs:
with:
cache: false
go-version-file: go.mod
- name: Commit linting
if: github.ref != 'refs/heads/master'
uses: wagoid/commitlint-github-action@v5
# - name: Commit linting
# if: github.ref != 'refs/heads/master'
# uses: wagoid/commitlint-github-action@v5
- name: GolangCI-Lint
uses: golangci/golangci-lint-action@v4
with:
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,9 @@ jobs:
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Set the API and debug API versions
- name: Set the API version
run: |
echo "BEE_API_VERSION=$(grep '^ version:' openapi/Swarm.yaml | awk '{print $2}')" >> $GITHUB_ENV
echo "BEE_DEBUG_API_VERSION=$(grep '^ version:' openapi/SwarmDebug.yaml | awk '{print $2}')" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
Expand All @@ -50,4 +49,3 @@ jobs:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
BEE_API_VERSION: ${{ env.BEE_API_VERSION }}
BEE_DEBUG_API_VERSION: ${{ env.BEE_DEBUG_API_VERSION }}
5 changes: 0 additions & 5 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ builds:
- -X github.com/ethersphere/bee/v2.commitHash={{ .ShortCommit }}
- -X github.com/ethersphere/bee/v2.commitTime={{ .CommitTimestamp }}
- -X github.com/ethersphere/bee/v2/pkg/api.Version={{ .Env.BEE_API_VERSION }}
- -X github.com/ethersphere/bee/v2/pkg/debugapi.Version={{ .Env.BEE_DEBUG_API_VERSION }}
env:
- CGO_ENABLED=0
goos:
Expand All @@ -43,7 +42,6 @@ builds:
- -X github.com/ethersphere/bee/v2.commitHash={{ .ShortCommit }}
- -X github.com/ethersphere/bee/v2.commitTime={{ .CommitTimestamp }}
- -X github.com/ethersphere/bee/v2/pkg/api.Version={{ .Env.BEE_API_VERSION }}
- -X github.com/ethersphere/bee/v2/pkg/debugapi.Version={{ .Env.BEE_DEBUG_API_VERSION }}
env:
- CGO_ENABLED=0
goos:
Expand All @@ -69,7 +67,6 @@ builds:
- -X github.com/ethersphere/bee/v2.commitHash={{ .ShortCommit }}
- -X github.com/ethersphere/bee/v2.commitTime={{ .CommitTimestamp }}
- -X github.com/ethersphere/bee/v2/pkg/api.Version={{ .Env.BEE_API_VERSION }}
- -X github.com/ethersphere/bee/v2/pkg/debugapi.Version={{ .Env.BEE_DEBUG_API_VERSION }}
env:
- CGO_ENABLED=0
goos:
Expand All @@ -89,7 +86,6 @@ builds:
- -X github.com/ethersphere/bee/v2.commitHash={{ .ShortCommit }}
- -X github.com/ethersphere/bee/v2.commitTime={{ .CommitTimestamp }}
- -X github.com/ethersphere/bee/v2/pkg/api.Version={{ .Env.BEE_API_VERSION }}
- -X github.com/ethersphere/bee/v2/pkg/debugapi.Version={{ .Env.BEE_DEBUG_API_VERSION }}
env:
- CGO_ENABLED=0
goos:
Expand All @@ -108,7 +104,6 @@ builds:
- -X github.com/ethersphere/bee/v2.commitHash={{ .ShortCommit }}
- -X github.com/ethersphere/bee/v2.commitTime={{ .CommitTimestamp }}
- -X github.com/ethersphere/bee/v2/pkg/api.Version={{ .Env.BEE_API_VERSION }}
- -X github.com/ethersphere/bee/v2/pkg/debugapi.Version={{ .Env.BEE_DEBUG_API_VERSION }}
env:
- CGO_ENABLED=0
goos:
Expand Down
4 changes: 2 additions & 2 deletions CODING.md
Original file line number Diff line number Diff line change
Expand Up @@ -206,9 +206,9 @@ A value of `all` will enable the highest verbosity of V-level.

Examples:

`curl -XPUT http://localhost:1635/loggers/bm9kZS8q/none` - will disable all loggers; `bm9kZS8q` is base64 encoded `node/*` regular expression.
`curl -XPUT http://localhost:1633/loggers/bm9kZS8q/none` - will disable all loggers; `bm9kZS8q` is base64 encoded `node/*` regular expression.

`curl -XPUT http://localhost:1635/loggers/bm9kZS9hcGlbMV1bXT4-ODI0NjM0OTMzMjU2/error` - will set the verbosity of the logger with the subsystem `node/api[1][]>>824634933256` to `error`.
`curl -XPUT http://localhost:1633/loggers/bm9kZS9hcGlbMV1bXT4-ODI0NjM0OTMzMjU2/error` - will set the verbosity of the logger with the subsystem `node/api[1][]>>824634933256` to `error`.

## Commit Messages

Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ These are work items that are good if you're contributing to the codebase for th

- Performance optimizations

The best way to propose any optimizations would be to provide the relevant data to describe the problem and then also the same data after the optimizations are done. Keep in mind, Bee nodes work in a distributed system, so changes that would seem good locally may not hold in some cases. The Bee client in debug mode can show you metrics as well as pprof information. This can be used to demonstrate the optimizations.
The best way to propose any optimizations would be to provide the relevant data to describe the problem and then also the same data after the optimizations are done. Keep in mind, Bee nodes work in a distributed system, so changes that would seem good locally may not hold in some cases. The Bee client can show you metrics as well as pprof information. This can be used to demonstrate the optimizations.

- Concurrency related optimizations

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.21 AS build
FROM golang:1.22 AS build

WORKDIR /src
# enable modules caching in separate layer
Expand All @@ -24,7 +24,7 @@ RUN mkdir -p /home/bee/.bee && chown 999:999 /home/bee/.bee

COPY --from=build /src/dist/bee /usr/local/bin/bee

EXPOSE 1633 1634 1635
EXPOSE 1633 1634
USER bee
WORKDIR /home/bee
VOLUME /home/bee/.bee
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ RUN addgroup --system bee --gid 998; \

COPY bee /bee

EXPOSE 1633 1634 1635
EXPOSE 1633 1634
USER bee
WORKDIR /home/bee

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.goreleaser
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUN mkdir -p /home/bee/.bee && chown 999:999 /home/bee/.bee

COPY bee /usr/local/bin/bee

EXPOSE 1633 1634 1635
EXPOSE 1633 1634
USER bee
WORKDIR /home/bee
VOLUME /home/bee/.bee
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.scratch
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs
COPY --from=0 /etc/passwd /etc/passwd
COPY --from=0 /home /home

EXPOSE 1633 1634 1635
EXPOSE 1633 1634
USER bee
WORKDIR /home/bee
VOLUME /home/bee/.bee
Expand Down
2 changes: 0 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ REACHABILITY_OVERRIDE_PUBLIC ?= false
BATCHFACTOR_OVERRIDE_PUBLIC ?= 5

BEE_API_VERSION ?= "$(shell grep '^ version:' openapi/Swarm.yaml | awk '{print $$2}')"
BEE_DEBUG_API_VERSION ?= "$(shell grep '^ version:' openapi/SwarmDebug.yaml | awk '{print $$2}')"

VERSION ?= "$(shell git describe --tags --abbrev=0 | cut -c2-)"
COMMIT_HASH ?= "$(shell git describe --long --dirty --always --match "" || true)"
Expand All @@ -24,7 +23,6 @@ LDFLAGS ?= -s -w \
-X github.com/ethersphere/bee/v2.commitHash="$(COMMIT_HASH)" \
-X github.com/ethersphere/bee/v2.commitTime="$(COMMIT_TIME)" \
-X github.com/ethersphere/bee/v2/pkg/api.Version="$(BEE_API_VERSION)" \
-X github.com/ethersphere/bee/v2/pkg/api.DebugVersion="$(BEE_DEBUG_API_VERSION)" \
-X github.com/ethersphere/bee/v2/pkg/p2p/libp2p.reachabilityOverridePublic="$(REACHABILITY_OVERRIDE_PUBLIC)" \
-X github.com/ethersphere/bee/v2/pkg/postage/listener.batchFactorOverridePublic="$(BATCHFACTOR_OVERRIDE_PUBLIC)"

Expand Down
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
[![codecov](https://codecov.io/gh/ethersphere/bee/branch/master/graph/badge.svg?token=63RNRLO3RU)](https://codecov.io/gh/ethersphere/bee)
[![Go Report Card](https://goreportcard.com/badge/github.com/ethersphere/bee)](https://goreportcard.com/report/github.com/ethersphere/bee)
[![API OpenAPI Specs](https://img.shields.io/badge/openapi-api-blue)](https://docs.ethswarm.org/api/)
[![Debug API OpenAPI Specs](https://img.shields.io/badge/openapi-debugapi-lightblue)](https://docs.ethswarm.org/debug-api/)
![Docker Pulls](https://img.shields.io/docker/pulls/ethersphere/bee)
![GitHub all releases](https://img.shields.io/github/downloads/ethersphere/bee/total)
![GitHub](https://img.shields.io/github/license/ethersphere/bee)
Expand All @@ -27,7 +26,7 @@ There are two versioning schemes used in Bee that you should be aware of. The ma
strict Semantic Versioning. Bee hosts different peer-to-peer wire protocol implementations and individual protocol breaking changes would necessitate a bump in the major part of the version. Breaking changes are expected with bumps of the minor version component. New (backward-compatible) features and bug fixes are expected with a bump of the patch component. Major version bumps are reserved for significant changes in Swarm's incentive structure.


The second set of versions that are important are the Bee's API versions (denoted in our [Bee](https://github.com/ethersphere/bee/blob/master/openapi/Swarm.yaml) and [Bee Debug](https://github.com/ethersphere/bee/blob/master/openapi/SwarmDebug.yaml) OpenAPI specifications). These versions **do follow**
The second is the Bee's API version (denoted in our [Bee](https://github.com/ethersphere/bee/blob/master/openapi/Swarm.yaml) OpenAPI specifications). This version **follows**
Semantic Versioning and hence you should follow these for breaking changes.

## Contributing
Expand Down
73 changes: 0 additions & 73 deletions cmd/bee/cmd/bcrypt.go

This file was deleted.

14 changes: 0 additions & 14 deletions cmd/bee/cmd/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,6 @@ const (
optionNameP2PAddr = "p2p-addr"
optionNameNATAddr = "nat-addr"
optionNameP2PWSEnable = "p2p-ws-enable"
optionNameDebugAPIEnable = "debug-api-enable"
optionNameDebugAPIAddr = "debug-api-addr"
optionNameBootnodes = "bootnode"
optionNameNetworkID = "network-id"
optionWelcomeMessage = "welcome-message"
Expand Down Expand Up @@ -78,9 +76,6 @@ const (
optionNameStaticNodes = "static-nodes"
optionNameAllowPrivateCIDRs = "allow-private-cidrs"
optionNameSleepAfter = "sleep-after"
optionNameRestrictedAPI = "restricted"
optionNameTokenEncryptionKey = "token-encryption-key"
optionNameAdminPasswordHash = "admin-password"
optionNameUsePostageSnapshot = "use-postage-snapshot"
optionNameStorageIncentivesEnable = "storage-incentives-enable"
optionNameStateStoreCacheCapacity = "statestore-cache-capacity"
Expand Down Expand Up @@ -144,10 +139,6 @@ func newCommand(opts ...option) (c *command, err error) {
return nil, err
}

if err := c.initHasherCmd(); err != nil {
return nil, err
}

if err := c.initInitCmd(); err != nil {
return nil, err
}
Expand Down Expand Up @@ -256,8 +247,6 @@ func (c *command) setAllFlags(cmd *cobra.Command) {
cmd.Flags().String(optionNameNATAddr, "", "NAT exposed address")
cmd.Flags().Bool(optionNameP2PWSEnable, false, "enable P2P WebSocket transport")
cmd.Flags().StringSlice(optionNameBootnodes, []string{""}, "initial nodes to connect to")
cmd.Flags().Bool(optionNameDebugAPIEnable, false, "enable debug HTTP API")
cmd.Flags().String(optionNameDebugAPIAddr, ":1635", "debug HTTP API listen address")
cmd.Flags().Uint64(optionNameNetworkID, chaincfg.Mainnet.NetworkID, "ID of the Swarm network")
cmd.Flags().StringSlice(optionCORSAllowedOrigins, []string{}, "origins with CORS headers enabled")
cmd.Flags().Bool(optionNameTracingEnabled, false, "enable tracing")
Expand Down Expand Up @@ -297,9 +286,6 @@ func (c *command) setAllFlags(cmd *cobra.Command) {
cmd.Flags().Bool(optionNamePProfMutex, false, "enable pprof mutex profile")
cmd.Flags().StringSlice(optionNameStaticNodes, []string{}, "protect nodes from getting kicked out on bootnode")
cmd.Flags().Bool(optionNameAllowPrivateCIDRs, false, "allow to advertise private CIDRs to the public network")
cmd.Flags().Bool(optionNameRestrictedAPI, false, "enable permission check on the http APIs")
cmd.Flags().String(optionNameTokenEncryptionKey, "", "admin username to get the security token")
cmd.Flags().String(optionNameAdminPasswordHash, "", "bcrypt hash of the admin password to get the security token")
cmd.Flags().Bool(optionNameUsePostageSnapshot, false, "bootstrap node using postage snapshot from the network")
cmd.Flags().Bool(optionNameStorageIncentivesEnable, true, "enable storage incentives feature")
cmd.Flags().Uint64(optionNameStateStoreCacheCapacity, 100_000, "lru memory caching capacity in number of statestore entries")
Expand Down
17 changes: 6 additions & 11 deletions cmd/bee/cmd/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/rpc"
"github.com/ethersphere/bee/v2"
"github.com/ethersphere/bee/v2/pkg/accesscontrol"
chaincfg "github.com/ethersphere/bee/v2/pkg/config"
"github.com/ethersphere/bee/v2/pkg/crypto"
"github.com/ethersphere/bee/v2/pkg/crypto/clef"
Expand Down Expand Up @@ -73,7 +74,6 @@ func (c *command) initStartCmd() (err error) {

fmt.Print(beeWelcomeMessage)
fmt.Printf("\n\nversion: %v - planned to be supported until %v, please follow https://ethswarm.org/\n\n", bee.Version, endSupportDate())
fmt.Printf("DEPRECATION NOTICE:\nThe Debug API is deprecated and will be removed in the next release, version [2.2.0].\nPlease update your integrations to use the main Bee API to avoid service disruptions.\n\n")
logger.Info("bee version", "version", bee.Version)

go startTimeBomb(logger)
Expand Down Expand Up @@ -214,11 +214,6 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
}
}

debugAPIAddr := c.config.GetString(optionNameDebugAPIAddr)
if !c.config.GetBool(optionNameDebugAPIEnable) {
debugAPIAddr = ""
}

signerConfig, err := c.configureSigner(cmd, logger)
if err != nil {
return nil, err
Expand Down Expand Up @@ -293,15 +288,14 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
neighborhoodSuggester = c.config.GetString(optionNameNeighborhoodSuggester)
}

b, err := node.NewBee(ctx, c.config.GetString(optionNameP2PAddr), signerConfig.publicKey, signerConfig.signer, networkID, logger, signerConfig.libp2pPrivateKey, signerConfig.pssPrivateKey, &node.Options{
b, err := node.NewBee(ctx, c.config.GetString(optionNameP2PAddr), signerConfig.publicKey, signerConfig.signer, networkID, logger, signerConfig.libp2pPrivateKey, signerConfig.pssPrivateKey, signerConfig.session, &node.Options{
DataDir: c.config.GetString(optionNameDataDir),
CacheCapacity: c.config.GetUint64(optionNameCacheCapacity),
DBOpenFilesLimit: c.config.GetUint64(optionNameDBOpenFilesLimit),
DBBlockCacheCapacity: c.config.GetUint64(optionNameDBBlockCacheCapacity),
DBWriteBufferSize: c.config.GetUint64(optionNameDBWriteBufferSize),
DBDisableSeeksCompaction: c.config.GetBool(optionNameDBDisableSeeksCompaction),
APIAddr: c.config.GetString(optionNameAPIAddr),
DebugAPIAddr: debugAPIAddr,
Addr: c.config.GetString(optionNameP2PAddr),
NATAddr: c.config.GetString(optionNameNATAddr),
EnableWS: c.config.GetBool(optionNameP2PWSEnable),
Expand Down Expand Up @@ -338,9 +332,6 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
MutexProfile: c.config.GetBool(optionNamePProfMutex),
StaticNodes: staticNodes,
AllowPrivateCIDRs: c.config.GetBool(optionNameAllowPrivateCIDRs),
Restricted: c.config.GetBool(optionNameRestrictedAPI),
TokenEncryptionKey: c.config.GetString(optionNameTokenEncryptionKey),
AdminPasswordHash: c.config.GetString(optionNameAdminPasswordHash),
UsePostageSnapshot: c.config.GetBool(optionNameUsePostageSnapshot),
EnableStorageIncentives: c.config.GetBool(optionNameStorageIncentivesEnable),
StatestoreCacheCapacity: c.config.GetUint64(optionNameStateStoreCacheCapacity),
Expand Down Expand Up @@ -373,6 +364,7 @@ type signerConfig struct {
publicKey *ecdsa.PublicKey
libp2pPrivateKey *ecdsa.PrivateKey
pssPrivateKey *ecdsa.PrivateKey
session accesscontrol.Session
}

func waitForClef(logger log.Logger, maxRetries uint64, endpoint string) (externalSigner *external.ExternalSigner, err error) {
Expand Down Expand Up @@ -403,6 +395,7 @@ func (c *command) configureSigner(cmd *cobra.Command, logger log.Logger) (config
var signer crypto.Signer
var password string
var publicKey *ecdsa.PublicKey
var session accesscontrol.Session
if p := c.config.GetString(optionNamePassword); p != "" {
password = p
} else if pf := c.config.GetString(optionNamePasswordFile); pf != "" {
Expand Down Expand Up @@ -475,6 +468,7 @@ func (c *command) configureSigner(cmd *cobra.Command, logger log.Logger) (config
}
signer = crypto.NewDefaultSigner(swarmPrivateKey)
publicKey = &swarmPrivateKey.PublicKey
session = accesscontrol.NewDefaultSession(swarmPrivateKey)
}

logger.Info("swarm public key", "public_key", hex.EncodeToString(crypto.EncodeSecp256k1PublicKey(publicKey)))
Expand Down Expand Up @@ -513,6 +507,7 @@ func (c *command) configureSigner(cmd *cobra.Command, logger log.Logger) (config
publicKey: publicKey,
libp2pPrivateKey: libp2pPrivateKey,
pssPrivateKey: pssPrivateKey,
session: session,
}, nil
}

Expand Down
Loading

0 comments on commit 49a7ef4

Please sign in to comment.