Closed telamon closed 5 years ago
Exciting! I'm not sure if I'll have time to review this before the new year, though I'm looking forward to going over it. :tada:
@noffle no worries. this is probably my last contribution for 2018 as well 🎉🎊
Added one more commit that removes all code related to the signed exchange, restoring multifeed back to the state of minimalism, should be less code to review now. A copy of the signature based exchange can be found here: https://github.com/telamon/multifeed/tree/feature/signed-exchange-backup
Great PR! These are great features & code reorg :tada:
woah!!!!!!!!!!!!!!!!!!!! 🔥 🔥 📯
good job @telamon & @noffle !!! this is really big ^_^
Hey! Here's a patch that somehow required more words than necessary to describe, apologies.
Summary
It's entirely backwards compatible in storage so all previously created&stored multifeeds can be safely upgraded. (I haven't touched the storage handling routines)
Protocol changes
But
PROTOCOL_VERSION
bumped to2.0.0
because replication was heavily refactored.The header exchange was rewritten to use hyperprotcol-extension messaging. Meaning that the multifeed header exchange now uses the 'fake feed' key for encrypting the communication and as a positive side effect we also benefit from hyperprotocol's built-in multiplexing. The effective result is that we now have a secure active sidechannel that allows the transport of custom protocol messages even if they are split up into multiple chunks. Also provides us with the opportunity to exchange messages/feeds after the first initial manifest-exchange. (Realtime feed-key exchange during live replication, no need to force reconnection between peers to share new feeds)
TODO: Update README.md with encourangement for setting the 'fake' public key.
Currently set using:
multifeed(hypercore, storage, {key: ENCRYPTION_KEY})
(private key can still be safely discarded, but I would discourage the use of the hardcoded pubkey as it exposes feed-exchange to non-participating third parties.) Maybe even radically change the constructor to requiremultifeed(hypercore, protoKey, storage, opts)
Lowlevel key-exchange API
I've implemented a what I hope to be 'fair & secure' standard policy that can be exposed to higher level applications for fine-grained control.
Replication now follows theese sets of rules:
Given multifeed A and multifeed B.
That should prevent your node from ever sharing something it does not offer and receiving something it did not ask for.
Unconfigured 'default' behaviour works the same as before: Have: All local feeds Want: All remote feeds
Highlevel exchange API
This is we're I could use some help, because if you're looking at the patch you're probably going think "what the hell is
_restrictedMode
?"I started this quest by trying to implement a personal-feed exhange policy which enables selective replication by signature generated from a pre-shared secret, in an attempt to overcome the limitation of one writable-feed per device even if both devices are my own.
Use-cases: personal storage, multi-device profile, public read but invite-only write cabal. You get the picture.
And well along the way of refactoring I actually finished a working implementation and immediately regret polluting multifeed with this 'hardcoded' policy. (It's disabled by default has no impact on storage or replication unless activated, the
test/signed-exchange.js
describes it's behaviour)So for lack of better knowledge I maybe propose to expose the feed selection api using the middleware pattern:
That way I'd be able to move out the personal-feed-policy into a separate reusable multifeed-plugin.