Embed the multiple validator types to keep the function definitions i…

…n the exported functions
netbirdio · Sep 10, 2024 · 157b18b · 157b18b
1 parent 2a9c174
commit 157b18b
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 14 deletions.
diff --git a/relay/auth/allow/allow_all.go b/relay/auth/allow/allow_all.go
@@ -8,3 +8,7 @@ type Auth struct {
 func (a *Auth) Validate(any) error {
  return nil
 }
+
+func (a *Auth) ValidateHelloMsgType(any) error {
+ return nil
+}
diff --git a/relay/auth/validator.go b/relay/auth/validator.go
@@ -1,6 +1,35 @@
 package auth
 
+import (
+ "time"
+
+ auth "github.com/netbirdio/netbird/relay/auth/hmac"
+ authv2 "github.com/netbirdio/netbird/relay/auth/hmac/v2"
+)
+
 // Validator is an interface that defines the Validate method.
 type Validator interface {
  Validate(any) error
+ // Deprecated: Use Validate instead.
+ ValidateHelloMsgType(any) error
+}
+
+type TimedHMACValidator struct {
+ authenticatorV2 *authv2.Validator
+ authenticator *auth.TimedHMACValidator
+}
+
+func NewTimedHMACValidator(secret []byte, duration time.Duration) *TimedHMACValidator {
+ return &TimedHMACValidator{
+ authenticatorV2: authv2.NewValidator(secret),
+ authenticator: auth.NewTimedHMACValidator(string(secret[:]), duration),
+ }
+}
+
+func (a *TimedHMACValidator) Validate(credentials any) error {
+ return a.authenticatorV2.Validate(credentials)
+}
+
+func (a *TimedHMACValidator) ValidateHelloMsgType(credentials any) error {
+ return a.authenticator.Validate(credentials)
 }
diff --git a/relay/cmd/root.go b/relay/cmd/root.go
@@ -17,8 +17,7 @@ import (
  "github.com/spf13/cobra"
 
  "github.com/netbirdio/netbird/encryption"
- auth "github.com/netbirdio/netbird/relay/auth/hmac"
- authv2 "github.com/netbirdio/netbird/relay/auth/hmac/v2"
+ "github.com/netbirdio/netbird/relay/auth"
  "github.com/netbirdio/netbird/relay/server"
  "github.com/netbirdio/netbird/signal/metrics"
  "github.com/netbirdio/netbird/util"
@@ -142,10 +141,9 @@ func execute(cmd *cobra.Command, args []string) error {
  srvListenerCfg.TLSConfig = tlsConfig
 
  hashedSecret := sha256.Sum256([]byte(cobraConfig.AuthSecret))
- authenticator := auth.NewTimedHMACValidator(string(hashedSecret[:]), 24*time.Hour)
- authenticatorV2 := authv2.NewValidator(hashedSecret[:])
+ authenticator := auth.NewTimedHMACValidator(hashedSecret[:], 24*time.Hour)
 
- srv, err := server.NewServer(metricsServer.Meter, cobraConfig.ExposedAddress, tlsSupport, authenticator, authenticatorV2)
+ srv, err := server.NewServer(metricsServer.Meter, cobraConfig.ExposedAddress, tlsSupport, authenticator)
  if err != nil {
  log.Debugf("failed to create relay server: %v", err)
  return fmt.Errorf("failed to create relay server: %v", err)

diff --git a/relay/server/relay.go b/relay/server/relay.go
@@ -23,7 +23,6 @@ type Relay struct {
  metrics *metrics.Metrics
  metricsCancel context.CancelFunc
  validator auth.Validator
- validatorV2 auth.Validator
 
  store *Store
  instanceURL string
@@ -43,13 +42,11 @@ type Relay struct {
 // instance URL depends on this value.
 // validator: An instance of auth.Validator from the auth package. It is used to validate the authentication of the
 // peers.
-// validatorV2: An instance of authv2.Validator from the auth/hmac/v2 package. It is used to validate the authentication
-// of the peers for the auth message.
 //
 // Returns:
 // A pointer to a Relay instance and an error. If the Relay instance is successfully created, the error is nil.
 // Otherwise, the error contains the details of what went wrong.
-func NewRelay(meter metric.Meter, exposedAddress string, tlsSupport bool, validator auth.Validator, validatorV2 auth.Validator) (*Relay, error) {
+func NewRelay(meter metric.Meter, exposedAddress string, tlsSupport bool, validator auth.Validator) (*Relay, error) {
  ctx, metricsCancel := context.WithCancel(context.Background())
  m, err := metrics.NewMetrics(ctx, meter)
  if err != nil {
@@ -61,7 +58,6 @@ func NewRelay(meter metric.Meter, exposedAddress string, tlsSupport bool, valida
  metrics: m,
  metricsCancel: metricsCancel,
  validator: validator,
- validatorV2: validatorV2,
  store: NewStore(),
  }
 
@@ -209,7 +205,7 @@ func (r *Relay) handleHelloMsg(buf []byte, remoteAddr net.Addr) ([]byte, []byte,
  return nil, nil, fmt.Errorf("unmarshal auth message: %w", err)
  }
 
- if err := r.validator.Validate(authMsg.AdditionalData); err != nil {
+ if err := r.validator.ValidateHelloMsgType(authMsg.AdditionalData); err != nil {
  return nil, nil, fmt.Errorf("validate %s (%s): %w", peerID, remoteAddr, err)
  }
 
@@ -234,7 +230,7 @@ func (r *Relay) handleAuthMsg(buf []byte, addr net.Addr) ([]byte, []byte, error)
 
  peerID := messages.HashIDToString(rawPeerID)
 
- if err := r.validatorV2.Validate(authPayload); err != nil {
+ if err := r.validator.Validate(authPayload); err != nil {
  return nil, nil, fmt.Errorf("validate %s (%s): %w", peerID, addr, err)
  }
 

diff --git a/relay/server/server.go b/relay/server/server.go
@@ -33,8 +33,8 @@ type Server struct {
 // exposedAddress: this address will be used as the instance URL. It should be a domain:port format.
 // tlsSupport: if true, the server will support TLS
 // authValidator: the auth validator to use for the server
-func NewServer(meter metric.Meter, exposedAddress string, tlsSupport bool, authValidator auth.Validator, authValidatorV2 auth.Validator) (*Server, error) {
- relay, err := NewRelay(meter, exposedAddress, tlsSupport, authValidator, authValidatorV2)
+func NewServer(meter metric.Meter, exposedAddress string, tlsSupport bool, authValidator auth.Validator) (*Server, error) {
+ relay, err := NewRelay(meter, exposedAddress, tlsSupport, authValidator)
  if err != nil {
  return nil, err
  }