feat: check cids in denylist before providing

[olizilla]

• cap the max number of cids we'll accept in a single message.
  • We're seeing 20k spikes in our bitswap-pending-entries metrics per node, so I'm putting in a hard cap of 500 wanted cids per message that we'll process. The caller can ask again if they need more. This also means i can put a sensible cap on how many cids the denylist service should handle in a batch.
• check batches of cids against our denylist api.
• cache entries that are on the denylist; they are rarely removed.
• use cache to avoid asking about items we already know, and as a fallback if denylist service cannot be reached.
• add bitswap-denied counter metric to see how many CIDs we skip due to being on the denylist

see: batch endpoint for denylist api – storacha/reads#166
see: set DENYLIST_URL in env - elastic-ipfs/bitswap-peer-deployment#99

License: MIT

[olizilla]

these cids are never pulled out of the cache... so items that do get removed from a badbits list won't get updated here... but our bitswap peer nodes tend to get restarted every day, so i'm not going to do extra work here... if this PR magically makes our pods less crashy, then we can review this.

[vasco-santos]

could this comment be also added in the code file? I feel it would be nice to have context there, and maybe an issue created

[olizilla]

10 because this code already depends on it at that version but previously didn't declare that dep, so would use a random one of 3 different major versions that are in the dep tree. Version 11+ doesn't work with the test helpers due to https://github.com/multiformats/js-multiformats/blob/4a36fb7ee49edb4300267b90301ef0e4300cbc46/src/cid.js#L305

[alanshaw]

Just incase you ever update a previously cahced item to false...

Suggested change

	return entries.filter(entry => entry.cancel || !denylist.has(entry.cid.toString()))
	return entries.filter(entry => entry.cancel || !denylist.get(entry.cid.toString()))

[olizilla]

using get here to update the last used time. In this LRU impl has tests do not update that.

[olizilla]

ah, confusing. denylist here is the set of CIDs returned from the denylist api, that represents the CIDs that should not be served. Is a Set not a Map

elsewhere we have denylistCache which is an LRU, and requires us to store a value for a our CID key, and that has a Map-like api, but we must call .get to update the last used time. I will tweak the names to make clearer.

[vasco-santos]

should this be added to the .env.sample?
We also need to get this set in the deployment

[vasco-santos]

could this comment be also added in the code file? I feel it would be nice to have context there, and maybe an issue created

[olizilla]

@vasco-santos @alanshaw this PR changed a little since you last looked so please take a look if you have a moment.

• added bitswap-denied counter metric to track how many CIDs we ignore due to being on the denylist
• made the logic in deny.js more readable, particularly around the nuances of how we use the cached info vs the current denylist we get back from the api
• simplified the cache keys to just use cid strings. trades off catching alt cid formulations at the cache layer for simplicity and not having to cid.parse every item in the response list to dig out the multihash.