Merge branch 'main' into dependabot/npm_and_yarn/node-datachannel-0.23.0

Author: achingbrain

.release-please-manifest.json

@@ -1 +1 @@
-{"packages/auto-tls":"0.0.0","packages/connection-encrypter-plaintext":"2.0.11","packages/connection-encrypter-tls":"2.0.11","packages/crypto":"5.0.7","packages/interface":"2.2.1","packages/interface-compliance-tests":"6.1.11","packages/interface-internal":"2.1.1","packages/kad-dht":"14.1.3","packages/keychain":"5.0.10","packages/libp2p":"2.3.1","packages/logger":"5.1.4","packages/metrics-devtools":"1.1.10","packages/metrics-prometheus":"4.2.7","packages/metrics-simple":"1.2.7","packages/multistream-select":"6.0.9","packages/peer-collections":"6.0.12","packages/peer-discovery-bootstrap":"11.0.13","packages/peer-discovery-mdns":"11.0.13","packages/peer-id":"5.0.8","packages/peer-record":"8.0.12","packages/peer-store":"11.0.12","packages/pnet":"2.0.13","packages/protocol-autonat":"2.0.12","packages/protocol-dcutr":"2.0.12","packages/protocol-echo":"2.1.3","packages/protocol-fetch":"2.0.12","packages/protocol-identify":"3.0.12","packages/protocol-perf":"4.0.13","packages/protocol-ping":"2.0.12","packages/pubsub":"10.0.12","packages/pubsub-floodsub":"10.1.11","packages/record":"4.0.4","packages/stream-multiplexer-mplex":"11.0.13","packages/transport-circuit-relay-v2":"3.1.3","packages/transport-memory":"1.0.1","packages/transport-tcp":"10.0.13","packages/transport-webrtc":"5.0.19","packages/transport-websockets":"9.0.13","packages/transport-webtransport":"5.0.18","packages/upnp-nat":"2.0.12","packages/utils":"6.2.1"}
+{"packages/auto-tls":"1.0.1","packages/connection-encrypter-plaintext":"2.0.12","packages/connection-encrypter-tls":"2.0.12","packages/crypto":"5.0.8","packages/interface":"2.3.0","packages/interface-compliance-tests":"6.2.1","packages/interface-internal":"2.2.1","packages/kad-dht":"14.1.5","packages/keychain":"5.0.11","packages/libp2p":"2.4.1","packages/logger":"5.1.5","packages/metrics-devtools":"1.1.12","packages/metrics-prometheus":"4.2.9","packages/metrics-simple":"1.2.8","packages/multistream-select":"6.0.10","packages/peer-collections":"6.0.13","packages/peer-discovery-bootstrap":"11.0.15","packages/peer-discovery-mdns":"11.0.15","packages/peer-id":"5.0.9","packages/peer-record":"8.0.13","packages/peer-store":"11.0.13","packages/pnet":"2.0.15","packages/protocol-autonat":"2.0.14","packages/protocol-dcutr":"2.0.14","packages/protocol-echo":"2.1.5","packages/protocol-fetch":"2.0.14","packages/protocol-identify":"3.0.14","packages/protocol-perf":"4.0.15","packages/protocol-ping":"2.0.14","packages/pubsub":"10.0.14","packages/pubsub-floodsub":"10.1.13","packages/record":"4.0.4","packages/stream-multiplexer-mplex":"11.0.15","packages/transport-circuit-relay-v2":"3.1.5","packages/transport-memory":"1.0.2","packages/transport-tcp":"10.0.14","packages/transport-webrtc":"5.0.21","packages/transport-websockets":"9.1.0","packages/transport-webtransport":"5.0.20","packages/upnp-nat":"3.0.2","packages/utils":"6.3.0"}

packages/auto-tls/CHANGELOG.md

@@ -0,0 +1,38 @@
+# Changelog
+
+## [1.0.1](https://github.com/libp2p/js-libp2p/compare/auto-tls-v1.0.0...auto-tls-v1.0.1) (2024-12-10)
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @libp2p/interface-internal bumped from ^2.2.0 to ^2.2.1
+
+## 1.0.0 (2024-12-09)
+
+
+### Features
+
+* add auto-confirm option to auto-tls ([#2875](https://github.com/libp2p/js-libp2p/issues/2875)) ([2625cc3](https://github.com/libp2p/js-libp2p/commit/2625cc323b77ed4843d200a3b7022f80eba2e8f8))
+* add auto-tls service ([#2798](https://github.com/libp2p/js-libp2p/issues/2798)) ([d866eb5](https://github.com/libp2p/js-libp2p/commit/d866eb5bb8269485364c233119331ca073ff1343))
+
+
+### Bug Fixes
+
+* add retries to certificate provisioning ([#2841](https://github.com/libp2p/js-libp2p/issues/2841)) ([98b4304](https://github.com/libp2p/js-libp2p/commit/98b43045cb4786defc74e21c637489109377ea35))
+* require external confirmation of public addresses ([#2867](https://github.com/libp2p/js-libp2p/issues/2867)) ([d19974d](https://github.com/libp2p/js-libp2p/commit/d19974d93a1015acfca95c2155dbcffc5fd6a6c0))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @libp2p/crypto bumped from ^5.0.7 to ^5.0.8
+    * @libp2p/interface bumped from ^2.2.1 to ^2.3.0
+    * @libp2p/interface-internal bumped from ^2.1.1 to ^2.2.0
+    * @libp2p/keychain bumped from ^5.0.10 to ^5.0.11
+    * @libp2p/utils bumped from ^6.2.1 to ^6.3.0
+  * devDependencies
+    * @libp2p/logger bumped from ^5.1.4 to ^5.1.5
+    * @libp2p/peer-id bumped from ^5.0.8 to ^5.0.9

packages/auto-tls/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/auto-tls",
-  "version": "0.0.0",
+  "version": "1.0.1",
   "description": "Automatically acquire a <peerId>.libp2p.direct TLS certificate",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/auto-tls#readme",
@@ -47,12 +47,12 @@
   },
   "dependencies": {
     "@chainsafe/is-ip": "^2.0.2",
-    "@libp2p/crypto": "^5.0.7",
+    "@libp2p/crypto": "^5.0.8",
     "@libp2p/http-fetch": "^2.1.0",
-    "@libp2p/interface": "^2.2.1",
-    "@libp2p/interface-internal": "^2.1.1",
-    "@libp2p/keychain": "^5.0.10",
-    "@libp2p/utils": "^6.2.1",
+    "@libp2p/interface": "^2.3.0",
+    "@libp2p/interface-internal": "^2.2.1",
+    "@libp2p/keychain": "^5.0.11",
+    "@libp2p/utils": "^6.3.0",
     "@multiformats/multiaddr": "^12.3.3",
     "@multiformats/multiaddr-matcher": "^1.6.0",
     "@peculiar/x509": "^1.12.3",
@@ -64,8 +64,8 @@
     "uint8arrays": "^5.1.0"
   },
   "devDependencies": {
-    "@libp2p/logger": "^5.1.4",
-    "@libp2p/peer-id": "^5.0.8",
+    "@libp2p/logger": "^5.1.5",
+    "@libp2p/peer-id": "^5.0.9",
     "aegir": "^45.0.5",
     "datastore-core": "^10.0.2",
     "p-event": "^6.0.1",

packages/auto-tls/src/auto-tls.ts

@@ -10,7 +10,7 @@ import { base36 } from 'multiformats/bases/base36'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
-import { DEFAULT_ACCOUNT_PRIVATE_KEY_BITS, DEFAULT_ACCOUNT_PRIVATE_KEY_NAME, DEFAULT_ACME_DIRECTORY, DEFAULT_CERTIFICATE_DATASTORE_KEY, DEFAULT_CERTIFICATE_PRIVATE_KEY_BITS, DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME, DEFAULT_FORGE_DOMAIN, DEFAULT_FORGE_ENDPOINT, DEFAULT_PROVISION_DELAY, DEFAULT_PROVISION_REQUEST_TIMEOUT, DEFAULT_PROVISION_TIMEOUT, DEFAULT_RENEWAL_THRESHOLD } from './constants.js'
+import { DEFAULT_ACCOUNT_PRIVATE_KEY_BITS, DEFAULT_ACCOUNT_PRIVATE_KEY_NAME, DEFAULT_ACME_DIRECTORY, DEFAULT_AUTO_CONFIRM_ADDRESS, DEFAULT_CERTIFICATE_DATASTORE_KEY, DEFAULT_CERTIFICATE_PRIVATE_KEY_BITS, DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME, DEFAULT_FORGE_DOMAIN, DEFAULT_FORGE_ENDPOINT, DEFAULT_PROVISION_DELAY, DEFAULT_PROVISION_REQUEST_TIMEOUT, DEFAULT_PROVISION_TIMEOUT, DEFAULT_RENEWAL_THRESHOLD } from './constants.js'
 import { DomainMapper } from './domain-mapper.js'
 import { createCsr, importFromPem, loadOrCreateKey, supportedAddressesFilter } from './utils.js'
 import type { AutoTLSComponents, AutoTLSInit, AutoTLS as AutoTLSInterface } from './index.js'
@@ -60,9 +60,10 @@ export class AutoTLS implements AutoTLSInterface {
   private readonly email
   private readonly domain
   private readonly domainMapper: DomainMapper
+  private readonly autoConfirmAddress: boolean
 
   constructor (components: AutoTLSComponents, init: AutoTLSInit = {}) {
-    this.log = components.logger.forComponent('libp2p:certificate-manager')
+    this.log = components.logger.forComponent('libp2p:auto-tls')
     this.addressManager = components.addressManager
     this.privateKey = components.privateKey
     this.peerId = components.peerId
@@ -80,6 +81,7 @@ export class AutoTLS implements AutoTLSInterface {
     this.certificatePrivateKeyName = init.certificatePrivateKeyName ?? DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME
     this.certificatePrivateKeyBits = init.certificatePrivateKeyBits ?? DEFAULT_CERTIFICATE_PRIVATE_KEY_BITS
     this.certificateDatastoreKey = init.certificateDatastoreKey ?? DEFAULT_CERTIFICATE_DATASTORE_KEY
+    this.autoConfirmAddress = init.autoConfirmAddress ?? DEFAULT_AUTO_CONFIRM_ADDRESS
     this.clientAuth = new ClientAuth(this.privateKey)
     this.started = false
     this.fetching = false
@@ -100,10 +102,16 @@ export class AutoTLS implements AutoTLSInterface {
   ]
 
   get [serviceDependencies] (): string[] {
-    return [
+    const dependencies = [
       '@libp2p/identify',
       '@libp2p/keychain'
     ]
+
+    if (!this.autoConfirmAddress) {
+      dependencies.push('@libp2p/autonat')
+    }
+
+    return dependencies
   }
 
   async start (): Promise<void> {
@@ -346,8 +354,8 @@ export class AutoTLS implements AutoTLSInterface {
         'Content-Type': 'application/json'
       },
       body: JSON.stringify({
-        value: keyAuthorization,
-        addresses
+        Value: keyAuthorization,
+        Addresses: addresses
       }),
       ...options
     })

packages/auto-tls/src/constants.ts

@@ -2,11 +2,12 @@ export const DEFAULT_FORGE_ENDPOINT = 'https://registration.libp2p.direct'
 export const DEFAULT_FORGE_DOMAIN = 'libp2p.direct'
 export const DEFAULT_ACME_DIRECTORY = 'https://acme-v02.api.letsencrypt.org/directory'
 export const DEFAULT_PROVISION_TIMEOUT = 120_000
-export const DEFAULT_PROVISION_REQUEST_TIMEOUT = 10_000
+export const DEFAULT_PROVISION_REQUEST_TIMEOUT = 60_000
 export const DEFAULT_PROVISION_DELAY = 5_000
 export const DEFAULT_RENEWAL_THRESHOLD = 86_400_000
 export const DEFAULT_ACCOUNT_PRIVATE_KEY_NAME = 'auto-tls-acme-account-private-key'
 export const DEFAULT_ACCOUNT_PRIVATE_KEY_BITS = 2048
 export const DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME = 'auto-tls-certificate-private-key'
 export const DEFAULT_CERTIFICATE_PRIVATE_KEY_BITS = 2048
 export const DEFAULT_CERTIFICATE_DATASTORE_KEY = '/libp2p/auto-tls/certificate'
+export const DEFAULT_AUTO_CONFIRM_ADDRESS = false

packages/auto-tls/src/domain-mapper.ts

@@ -1,8 +1,11 @@
 import { isIPv4, isIPv6 } from '@chainsafe/is-ip'
+import { multiaddr } from '@multiformats/multiaddr'
 import { getPublicIps } from './utils.js'
 import type { ComponentLogger, Libp2pEvents, Logger, TypedEventTarget } from '@libp2p/interface'
 import type { AddressManager } from '@libp2p/interface-internal'
 
+const MAX_DATE = 8_640_000_000_000_000
+
 export interface DomainMapperComponents {
   logger: ComponentLogger
   events: TypedEventTarget<Libp2pEvents>
@@ -11,6 +14,7 @@ export interface DomainMapperComponents {
 
 export interface DomainMapperInit {
   domain: string
+  autoConfirmAddress?: boolean
 }
 
 export class DomainMapper {
@@ -19,13 +23,15 @@ export class DomainMapper {
   private readonly events: TypedEventTarget<Libp2pEvents>
   private readonly mappedAddresses: Set<string>
   private readonly domain: string
+  private readonly autoConfirmAddress: boolean
   private hasCertificate: boolean
 
   constructor (components: DomainMapperComponents, init: DomainMapperInit) {
-    this.log = components.logger.forComponent('libp2p:certificate-manager:domain-mapper')
+    this.log = components.logger.forComponent('libp2p:auto-tls:domain-mapper')
     this.addressManager = components.addressManager
     this.events = components.events
     this.domain = init.domain
+    this.autoConfirmAddress = init.autoConfirmAddress ?? false
 
     this.mappedAddresses = new Set()
     this.hasCertificate = false
@@ -58,7 +64,10 @@ export class DomainMapper {
   }
 
   updateMappings (): void {
-    const publicIps = getPublicIps(this.addressManager.getAddresses())
+    const publicIps = getPublicIps(
+      this.addressManager.getAddressesWithMetadata()
+        .map(({ multiaddr }) => multiaddr)
+    )
 
     // did our public IPs change?
     const addedIp4 = []
@@ -113,13 +122,29 @@ export class DomainMapper {
       this.log.trace('mapping IP %s to domain %s', ip, domain)
       this.addressManager.addDNSMapping(domain, [ip])
       this.mappedAddresses.add(ip)
+
+      if (this.autoConfirmAddress) {
+        const ma = multiaddr(`/dns4/${domain}`)
+        this.log('auto-confirming IP address %a', ma)
+        this.addressManager.confirmObservedAddr(ma, {
+          ttl: MAX_DATE - Date.now()
+        })
+      }
     })
 
     addedIp6.forEach(ip => {
       const domain = this.toDomain(ip, 6)
       this.log.trace('mapping IP %s to domain %s', ip, domain)
       this.addressManager.addDNSMapping(domain, [ip])
       this.mappedAddresses.add(ip)
+
+      if (this.autoConfirmAddress) {
+        const ma = multiaddr(`/dns6/${domain}`)
+        this.log('auto-confirming IP address %a', ma)
+        this.addressManager.confirmObservedAddr(ma, {
+          ttl: MAX_DATE - Date.now()
+        })
+      }
     })
   }
 

packages/auto-tls/src/index.ts

@@ -112,7 +112,7 @@ export interface AutoTLSInit {
    * How long asking the forge endpoint to answer a DNS challenge can take
    * before we retry
    *
-   * @default 10_000
+   * @default 60_000
    */
   provisionRequestTimeout?: number
 
@@ -168,6 +168,17 @@ export interface AutoTLSInit {
    * @default 2048
    */
   certificatePrivateKeyBits?: number
+
+  /**
+   * Any mapped addresses are added to the observed address list. These
+   * addresses require additional verification by the `@libp2p/autonat` protocol
+   * or similar before they are trusted.
+   *
+   * To skip this verification and trust them immediately pass `true` here
+   *
+   * @default false
+   */
+  autoConfirmAddress?: boolean
 }
 
 export interface AutoTLS {