console/userinfo: stub userinfo endpoint

This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e
2022-12-12 11:33:58 +00:00 · 2022-12-12 11:33:58 +00:00 · e598c2b3b1
commit e598c2b3b1
parent dcb16d83dd
6 changed files with 189 additions and 0 deletions
--- a/private/testplanet/satellite.go
+++ b/private/testplanet/satellite.go
@ -39,6 +39,7 @@ import (
 	"storj.io/storj/satellite/compensation"
 	"storj.io/storj/satellite/console"
 	"storj.io/storj/satellite/console/consoleweb"
 	"storj.io/storj/satellite/console/userinfo"
 	"storj.io/storj/satellite/contact"
 	"storj.io/storj/satellite/gc/bloomfilter"
 	"storj.io/storj/satellite/gc/sender"
@ -113,6 +114,10 @@ type Satellite struct {
 		SegmentLoop *segmentloop.Service
 	}
 	Userinfo struct {
 		Endpoint *userinfo.Endpoint
 	}
 	Metabase struct {
 		DB          *metabase.DB
 		SegmentLoop *segmentloop.Service
@ -616,6 +621,8 @@ func createNewSystem(name string, log *zap.Logger, config satellite.Config, peer
 	system.Metainfo.Endpoint = api.Metainfo.Endpoint
 	// system.Metainfo.SegmentLoop = peer.Metainfo.SegmentLoop
 	system.Userinfo.Endpoint = api.Userinfo.Endpoint
 	system.Metabase.DB = api.Metainfo.Metabase
 	system.Metabase.SegmentLoop = peer.Metainfo.SegmentLoop
--- a/satellite/api.go
+++ b/satellite/api.go
@ -35,6 +35,7 @@ import (
 	"storj.io/storj/satellite/console/consoleauth"
 	"storj.io/storj/satellite/console/consoleweb"
 	"storj.io/storj/satellite/console/restkeys"
 	"storj.io/storj/satellite/console/userinfo"
 	"storj.io/storj/satellite/contact"
 	"storj.io/storj/satellite/gracefulexit"
 	"storj.io/storj/satellite/inspector"
@ -107,6 +108,10 @@ type API struct {
 		Endpoint      *metainfo.Endpoint
 	}
 	Userinfo struct {
 		Endpoint *userinfo.Endpoint
 	}
 	Inspector struct {
 		Endpoint *inspector.Endpoint
 	}
--- a/satellite/console/userinfo/endpoint.go
+++ b/satellite/console/userinfo/endpoint.go
@ -0,0 +1,99 @@
 // Copyright (C) 2022 Storj Labs, Inc.
 // See LICENSE for copying information.
 package userinfo
 import (
 	"context"
 	"github.com/spacemonkeygo/monkit/v3"
 	"github.com/zeebo/errs"
 	"go.uber.org/zap"
 	"storj.io/common/identity"
 	"storj.io/common/pb"
 	"storj.io/common/rpc/rpcpeer"
 	"storj.io/common/rpc/rpcstatus"
 	"storj.io/common/storj"
 	"storj.io/storj/satellite/console"
 )
 var (
 	mon = monkit.Package()
 	// Error is an error class for userinfo endpoint errors.
 	Error = errs.Class("userinfo_endpoint")
 )
 // Config holds Endpoint's configuration.
 type Config struct {
 	AllowedPeers storj.NodeURLs `help:"A comma delimited list of peers (IDs/addresses) allowed to use this endpoint."`
 }
 // Endpoint userinfo endpoint.
 type Endpoint struct {
 	pb.DRPCUserInfoUnimplementedServer
 	log          *zap.Logger
 	users        console.Users
 	apiKeys      console.APIKeys
 	projects     console.Projects
 	config       Config
 	allowedPeers map[storj.NodeID]storj.NodeURL
 }
 // NewEndpoint creates a new userinfo endpoint instance.
 func NewEndpoint(log *zap.Logger, users console.Users, apiKeys console.APIKeys, projects console.Projects, config Config) (*Endpoint, error) {
 	if len(config.AllowedPeers) == 0 {
 		return nil, Error.New("allowed peer list parameter '--allowed-peer-list' is required")
 	}
 	// put peers into a map for faster retrieval by NodeID.
 	allowedPeers := make(map[storj.NodeID]storj.NodeURL)
 	for _, peer := range config.AllowedPeers {
 		allowedPeers[peer.ID] = peer
 	}
 	return &Endpoint{
 		log:          log,
 		users:        users,
 		apiKeys:      apiKeys,
 		projects:     projects,
 		config:       config,
 		allowedPeers: allowedPeers,
 	}, nil
 }
 // Close closes resources.
 func (e *Endpoint) Close() error { return nil }
 // Get returns relevant info about the current user.
 func (e *Endpoint) Get(ctx context.Context, _ *pb.GetUserInfoRequest) (response *pb.GetUserInfoResponse, err error) {
 	defer mon.Task()(&ctx)(&err)
 	peer, err := rpcpeer.FromContext(ctx)
 	if err != nil {
 		return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())
 	}
 	peerID, err := identity.PeerIdentityFromPeer(peer)
 	if err != nil {
 		return nil, rpcstatus.Error(rpcstatus.Unauthenticated, err.Error())
 	}
 	if err = e.verifyPeer(peerID.ID); err != nil {
 		return nil, rpcstatus.Error(rpcstatus.Unauthenticated, err.Error())
 	}
 	// TODO: implement get user info
 	return nil, nil
 }
 // verifyPeer verifies that a peer is allowed.
 func (e *Endpoint) verifyPeer(id storj.NodeID) error {
 	_, ok := e.allowedPeers[id]
 	if !ok {
 		return Error.New("peer %q is untrusted", id)
 	}
 	return nil
 }
--- a/satellite/console/userinfo/endpoint_test.go
+++ b/satellite/console/userinfo/endpoint_test.go
@ -0,0 +1,72 @@
 // Copyright (C) 2022 Storj Labs, Inc.
 // See LICENSE for copying information.
 package userinfo_test
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"testing"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 	"storj.io/common/identity/testidentity"
 	"storj.io/common/pb"
 	"storj.io/common/rpc/rpcpeer"
 	"storj.io/common/storj"
 	"storj.io/common/testcontext"
 	"storj.io/storj/private/testplanet"
 	"storj.io/storj/satellite"
 )
 func TestEndpointGet_UnTrusted(t *testing.T) {
 	t.Skip("disable until UserInfo is added to API. See issue #5363")
 	// trusted identity
 	ident, err := testidentity.NewTestIdentity(context.TODO())
 	require.NoError(t, err)
 	testplanet.Run(t, testplanet.Config{
 		SatelliteCount: 1,
 		Reconfigure: testplanet.Reconfigure{
 			Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
 				url, err := storj.ParseNodeURL(ident.ID.String() + "@")
 				require.NoError(t, err)
 				config.Userinfo.AllowedPeers = storj.NodeURLs{url}
 			},
 		},
 	},
 		func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
 			sat := planet.Satellites[0]
 			state := tls.ConnectionState{
 				PeerCertificates: []*x509.Certificate{ident.Leaf, ident.CA},
 			}
 			peerCtx := rpcpeer.NewContext(ctx, &rpcpeer.Peer{
 				Addr:  sat.API.Console.Listener.Addr(),
 				State: state,
 			})
 			_, err = sat.Userinfo.Endpoint.Get(peerCtx, &pb.GetUserInfoRequest{})
 			// a trusted peer should be able to get Userinfo
 			require.NoError(t, err)
 			// untrusted identity
 			badIdent, err := testidentity.NewTestIdentity(ctx)
 			require.NoError(t, err)
 			state = tls.ConnectionState{
 				PeerCertificates: []*x509.Certificate{badIdent.Leaf, badIdent.CA},
 			}
 			peerCtx = rpcpeer.NewContext(ctx, &rpcpeer.Peer{
 				Addr:  sat.API.Console.Listener.Addr(),
 				State: state,
 			})
 			_, err = sat.Userinfo.Endpoint.Get(peerCtx, &pb.GetUserInfoRequest{})
 			// an untrusted peer shouldn't be able to get Userinfo
 			require.Error(t, err)
 			require.EqualError(t, err, fmt.Sprintf("userinfo_endpoint: peer %q is untrusted", badIdent.ID))
 		})
 }
--- a/satellite/peer.go
+++ b/satellite/peer.go
@ -36,6 +36,7 @@ import (
 	"storj.io/storj/satellite/console/consoleweb"
 	"storj.io/storj/satellite/console/emailreminders"
 	"storj.io/storj/satellite/console/restkeys"
 	"storj.io/storj/satellite/console/userinfo"
 	"storj.io/storj/satellite/contact"
 	"storj.io/storj/satellite/gc/bloomfilter"
 	"storj.io/storj/satellite/gc/sender"
@ -153,6 +154,8 @@ type Config struct {
 	Metainfo metainfo.Config
 	Orders   orders.Config
 	Userinfo userinfo.Config
 	Reputation reputation.Config
 	Checker  checker.Config
--- a/scripts/testdata/satellite-config.yaml.lock
+++ b/scripts/testdata/satellite-config.yaml.lock
@ -1063,6 +1063,9 @@ server.private-address: 127.0.0.1:7778
 # how frequent to sample traces
 # tracing.sample: 0
 # A comma delimited list of peers (IDs/addresses) allowed to use this endpoint.
 # userinfo.allowed-peers: ""
 # Interval to check the version
 # version.check-interval: 15m0s