routing: record validation into record/

This commit moves the record validation/verification from dht/ into the new record/ packaage. Validator object -- which is merely a map of ValidatorFuncs -- with a VerifyRecord cc @whyrusleeping
2025-07-01 19:24:14 +08:00 · 2015-01-17 03:52:40 -08:00
parent c01452e5ea
commit 56ae2fd0a8
6 changed files with 89 additions and 74 deletions
--- a/core/core.go
+++ b/core/core.go
@ -436,6 +436,6 @@ func constructPeerHost(ctx context.Context, cfg *config.Config, id peer.ID, ps p

 func constructDHTRouting(ctx context.Context, host p2phost.Host, ds datastore.ThreadSafeDatastore) (*dht.IpfsDHT, error) {
 	dhtRouting := dht.NewDHT(ctx, host, ds)
-	dhtRouting.Validators[IpnsValidatorTag] = namesys.ValidateIpnsRecord
+	dhtRouting.Validator[IpnsValidatorTag] = namesys.ValidateIpnsRecord
 	return dhtRouting, nil
 }
--- a/routing/dht/dht.go
+++ b/routing/dht/dht.go
@ -54,8 +54,7 @@ type IpfsDHT struct {
 	birth    time.Time  // When this peer started up
 	diaglock sync.Mutex // lock to make diagnostics work better

-	// record validator funcs
-	Validators map[string]ValidatorFunc
+	Validator record.Validator // record validator funcs

 	ctxgroup.ContextGroup
 }
@ -81,8 +80,8 @@ func NewDHT(ctx context.Context, h host.Host, dstore ds.ThreadSafeDatastore) *Ip
 	dht.routingTable = kb.NewRoutingTable(20, kb.ConvertPeerID(dht.self), time.Minute, dht.peerstore)
 	dht.birth = time.Now()

-	dht.Validators = make(map[string]ValidatorFunc)
-	dht.Validators["pk"] = ValidatePublicKeyRecord
+	dht.Validator = make(record.Validator)
+	dht.Validator["pk"] = record.ValidatePublicKeyRecord

 	if doPinging {
 		dht.Children().Add(1)
--- a/routing/dht/dht_test.go
+++ b/routing/dht/dht_test.go
@ -38,7 +38,7 @@ func setupDHT(ctx context.Context, t *testing.T) *IpfsDHT {
 	dss := dssync.MutexWrap(ds.NewMapDatastore())
 	d := NewDHT(ctx, h, dss)

-	d.Validators["v"] = func(u.Key, []byte) error {
+	d.Validator["v"] = func(u.Key, []byte) error {
 		return nil
 	}
 	return d
@ -142,8 +142,8 @@ func TestValueGetSet(t *testing.T) {
 	vf := func(u.Key, []byte) error {
 		return nil
 	}
-	dhtA.Validators["v"] = vf
-	dhtB.Validators["v"] = vf
+	dhtA.Validator["v"] = vf
+	dhtB.Validator["v"] = vf

 	connect(t, ctx, dhtA, dhtB)

--- a/routing/dht/records.go
+++ b/routing/dht/records.go
@ -1,33 +1,17 @@
 package dht

 import (
-	"bytes"
-	"errors"
 	"fmt"
-	"strings"

 	"github.com/jbenet/go-ipfs/Godeps/_workspace/src/code.google.com/p/go.net/context"

 	ci "github.com/jbenet/go-ipfs/p2p/crypto"
-	"github.com/jbenet/go-ipfs/p2p/peer"
+	peer "github.com/jbenet/go-ipfs/p2p/peer"
 	pb "github.com/jbenet/go-ipfs/routing/dht/pb"
-	record "github.com/jbenet/go-ipfs/routing/record"
 	u "github.com/jbenet/go-ipfs/util"
 	ctxutil "github.com/jbenet/go-ipfs/util/ctx"
 )

-// ValidatorFunc is a function that is called to validate a given
-// type of DHTRecord.
-type ValidatorFunc func(u.Key, []byte) error
-
-// ErrBadRecord is returned any time a dht record is found to be
-// incorrectly formatted or signed.
-var ErrBadRecord = errors.New("bad dht record")
-
-// ErrInvalidRecordType is returned if a DHTRecord keys prefix
-// is not found in the Validator map of the DHT.
-var ErrInvalidRecordType = errors.New("invalid record keytype")
-
 // KeyForPublicKey returns the key used to retrieve public keys
 // from the dht.
 func KeyForPublicKey(id peer.ID) u.Key {
@ -123,7 +107,7 @@ func (dht *IpfsDHT) verifyRecordLocally(r *pb.Record) error {
 		return fmt.Errorf("do not have public key for %s", p)
 	}

-	return dht.verifyRecord(r, pk)
+	return dht.Validator.VerifyRecord(r, pk)
 }

 // verifyRecordOnline verifies a record, searching the DHT for the public key
@ -140,52 +124,5 @@ func (dht *IpfsDHT) verifyRecordOnline(ctx context.Context, r *pb.Record) error
 		return err
 	}

-	return dht.verifyRecord(r, pk)
-}
-
-// TODO: make this an independent exported function.
-// it might be useful for users to have access to.
-func (dht *IpfsDHT) verifyRecord(r *pb.Record, pk ci.PubKey) error {
-	// First, validate the signature
-	blob := record.RecordBlobForSig(r)
-	ok, err := pk.Verify(blob, r.GetSignature())
-	if err != nil {
-		log.Error("Signature verify failed.")
-		return err
-	}
-	if !ok {
-		log.Error("dht found a forged record! (ignored)")
-		return ErrBadRecord
-	}
-
-	// Now, check validity func
-	parts := strings.Split(r.GetKey(), "/")
-	if len(parts) < 3 {
-		log.Infof("Record key does not have validator: %s", u.Key(r.GetKey()))
-		return nil
-	}
-
-	fnc, ok := dht.Validators[parts[1]]
-	if !ok {
-		log.Errorf("Unrecognized key prefix: %s", parts[1])
-		return ErrInvalidRecordType
-	}
-
-	return fnc(u.Key(r.GetKey()), r.GetValue())
-}
-
-// ValidatePublicKeyRecord implements ValidatorFunc and
-// verifies that the passed in record value is the PublicKey
-// that matches the passed in key.
-func ValidatePublicKeyRecord(k u.Key, val []byte) error {
-	keyparts := bytes.Split([]byte(k), []byte("/"))
-	if len(keyparts) < 3 {
-		return errors.New("invalid key")
-	}
-
-	pkh := u.Hash(val)
-	if !bytes.Equal(keyparts[2], pkh) {
-		return errors.New("public key does not match storage key")
-	}
-	return nil
+	return dht.Validator.VerifyRecord(r, pk)
 }
--- a/routing/record/record.go
+++ b/routing/record/record.go
@ -2,13 +2,17 @@ package record

 import (
 	"bytes"
+
 	"github.com/jbenet/go-ipfs/Godeps/_workspace/src/code.google.com/p/goprotobuf/proto"

 	ci "github.com/jbenet/go-ipfs/p2p/crypto"
 	pb "github.com/jbenet/go-ipfs/routing/dht/pb"
+	eventlog "github.com/jbenet/go-ipfs/thirdparty/eventlog"
 	u "github.com/jbenet/go-ipfs/util"
 )

+var log = eventlog.Logger("routing/record")
+
 // MakePutRecord creates and signs a dht record for the given key/value pair
 func MakePutRecord(sk ci.PrivKey, key u.Key, value []byte) (*pb.Record, error) {
 	record := new(pb.Record)
--- a/routing/record/validation.go
+++ b/routing/record/validation.go
@ -0,0 +1,75 @@
+package record
+
+import (
+	"bytes"
+	"errors"
+	"strings"
+
+	ci "github.com/jbenet/go-ipfs/p2p/crypto"
+	pb "github.com/jbenet/go-ipfs/routing/dht/pb"
+	u "github.com/jbenet/go-ipfs/util"
+)
+
+// ValidatorFunc is a function that is called to validate a given
+// type of DHTRecord.
+type ValidatorFunc func(u.Key, []byte) error
+
+// ErrBadRecord is returned any time a dht record is found to be
+// incorrectly formatted or signed.
+var ErrBadRecord = errors.New("bad dht record")
+
+// ErrInvalidRecordType is returned if a DHTRecord keys prefix
+// is not found in the Validator map of the DHT.
+var ErrInvalidRecordType = errors.New("invalid record keytype")
+
+// Validator is an object that helps ensure routing records are valid.
+// It is a collection of validator functions, each of which implements
+// its own notion of validity.
+type Validator map[string]ValidatorFunc
+
+// VerifyRecord checks a record and ensures it is still valid.
+// It runs needed validators
+func (v Validator) VerifyRecord(r *pb.Record, pk ci.PubKey) error {
+	// First, validate the signature
+	blob := RecordBlobForSig(r)
+	ok, err := pk.Verify(blob, r.GetSignature())
+	if err != nil {
+		log.Error("Signature verify failed.")
+		return err
+	}
+	if !ok {
+		log.Error("dht found a forged record! (ignored)")
+		return ErrBadRecord
+	}
+
+	// Now, check validity func
+	parts := strings.Split(r.GetKey(), "/")
+	if len(parts) < 3 {
+		log.Infof("Record key does not have validator: %s", u.Key(r.GetKey()))
+		return nil
+	}
+
+	fnc, ok := v[parts[1]]
+	if !ok {
+		log.Errorf("Unrecognized key prefix: %s", parts[1])
+		return ErrInvalidRecordType
+	}
+
+	return fnc(u.Key(r.GetKey()), r.GetValue())
+}
+
+// ValidatePublicKeyRecord implements ValidatorFunc and
+// verifies that the passed in record value is the PublicKey
+// that matches the passed in key.
+func ValidatePublicKeyRecord(k u.Key, val []byte) error {
+	keyparts := bytes.Split([]byte(k), []byte("/"))
+	if len(keyparts) < 3 {
+		return errors.New("invalid key")
+	}
+
+	pkh := u.Hash(val)
+	if !bytes.Equal(keyparts[2], pkh) {
+		return errors.New("public key does not match storage key")
+	}
+	return nil
+}