@zkp2p/reclaim-witness-sdk/lib/server/handlers/createTunnel.js

<div> <div> <img src="https://raw.githubusercontent.com/reclaimprotocol/.github/main/assets/banners/Attestor-Core.png" /> </div> </div>

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.createTunnel = void 0;
const make_tcp_tunnel_1 = require("../../server/tunnels/make-tcp-tunnel");
const apm_1 = require("../../server/utils/apm");
const dns_1 = require("../../server/utils/dns");
const utils_1 = require("../../utils");
const createTunnel = async ({ id, ...opts }, { tx, logger, client }) => {
    var _a, _b, _c;
    if (client.tunnels[id]) {
        throw utils_1.AttestorError.badRequest(`Tunnel "${id}" already exists`);
    }
    const allowedHosts = (_c = (_b = (_a = client.metadata) === null || _a === void 0 ? void 0 : _a.auth) === null || _b === void 0 ? void 0 : _b.data) === null || _c === void 0 ? void 0 : _c.hostWhitelist;
    if ((allowedHosts === null || allowedHosts === void 0 ? void 0 : allowedHosts.length) && !allowedHosts.includes(opts.host)) {
        throw utils_1.AttestorError.badRequest(`Host "${opts.host}" not allowed by auth request`);
    }
    let cancelBgp;
    const apm = (0, apm_1.getApm)();
    const sessionTx = apm === null || apm === void 0 ? void 0 : apm.startTransaction('tunnelConnection', { childOf: tx });
    sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setLabel('tunnelId', id.toString());
    sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setLabel('hostPort', `${opts.host}:${opts.port}`);
    sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setLabel('geoLocation', opts.geoLocation);
    try {
        const tunnel = await (0, make_tcp_tunnel_1.makeTcpTunnel)({
            ...opts,
            logger,
            onMessage(message) {
                if (!client.isOpen) {
                    logger.warn('client is closed, dropping message');
                    return;
                }
                void client.sendMessage({
                    tunnelMessage: {
                        tunnelId: id,
                        message
                    }
                });
            },
            onClose(err) {
                cancelBgp === null || cancelBgp === void 0 ? void 0 : cancelBgp();
                if (err) {
                    apm === null || apm === void 0 ? void 0 : apm.captureError(err, { parent: sessionTx });
                    sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setOutcome('failure');
                }
                else {
                    sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setOutcome('success');
                }
                sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.end();
                if (!client.isOpen) {
                    return;
                }
                client.sendMessage({
                    tunnelDisconnectEvent: {
                        tunnelId: id,
                        error: err
                            ? utils_1.AttestorError
                                .fromError(err)
                                .toProto()
                            : undefined
                    }
                })
                    .catch(err => {
                    logger.error({ err }, 'failed to send tunnel disconnect event');
                });
            },
        });
        try {
            await checkForBgp(tunnel);
        }
        catch (err) {
            logger.warn({ err, host: opts.host }, 'failed to start BGP overlap check');
        }
        client.tunnels[id] = tunnel;
        return {};
    }
    catch (err) {
        apm === null || apm === void 0 ? void 0 : apm.captureError(err, { parent: sessionTx });
        sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.setOutcome('failure');
        sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.end();
        cancelBgp === null || cancelBgp === void 0 ? void 0 : cancelBgp();
        throw err;
    }
    async function checkForBgp(tunnel) {
        if (!client.bgpListener) {
            return;
        }
        // listen to all IPs for the host -- in case any of them
        // has a BGP announcement overlap, we'll close the tunnel
        // so the user can retry
        const ips = await (0, dns_1.resolveHostnames)(opts.host);
        cancelBgp = client.bgpListener.onOverlap(ips, (info) => {
            logger.warn({ info, host: opts.host }, 'BGP announcement overlap detected');
            // track how many times we've seen a BGP overlap
            sessionTx === null || sessionTx === void 0 ? void 0 : sessionTx.addLabels({ bgpOverlap: true, ...info });
            void (tunnel === null || tunnel === void 0 ? void 0 : tunnel.close(new utils_1.AttestorError('ERROR_BGP_ANNOUNCEMENT_OVERLAP', `BGP announcement overlap detected for ${opts.host}`)));
        });
        logger.debug({ ips }, 'checking for BGP overlap');
    }
};
exports.createTunnel = createTunnel;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JlYXRlVHVubmVsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlcnZlci9oYW5kbGVycy9jcmVhdGVUdW5uZWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsd0VBQWtFO0FBQ2xFLDhDQUE2QztBQUM3Qyw4Q0FBdUQ7QUFFdkQscUNBQXlDO0FBRWxDLE1BQU0sWUFBWSxHQUErQixLQUFLLEVBQzVELEVBQUUsRUFBRSxFQUFFLEdBQUcsSUFBSSxFQUFFLEVBQ2YsRUFBRSxFQUFFLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxFQUNyQixFQUFFOztJQUNILElBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0scUJBQWEsQ0FBQyxVQUFVLENBQUMsV0FBVyxFQUFFLGtCQUFrQixDQUFDLENBQUE7SUFDaEUsQ0FBQztJQUVELE1BQU0sWUFBWSxHQUFHLE1BQUEsTUFBQSxNQUFBLE1BQU0sQ0FBQyxRQUFRLDBDQUFFLElBQUksMENBQUUsSUFBSSwwQ0FBRSxhQUFhLENBQUE7SUFDL0QsSUFBRyxDQUFBLFlBQVksYUFBWixZQUFZLHVCQUFaLFlBQVksQ0FBRSxNQUFNLEtBQUksQ0FBQyxZQUFZLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzlELE1BQU0scUJBQWEsQ0FBQyxVQUFVLENBQzdCLFNBQVMsSUFBSSxDQUFDLElBQUksK0JBQStCLENBQ2pELENBQUE7SUFDRixDQUFDO0lBRUQsSUFBSSxTQUFtQyxDQUFBO0lBRXZDLE1BQU0sR0FBRyxHQUFHLElBQUEsWUFBTSxHQUFFLENBQUE7SUFDcEIsTUFBTSxTQUFTLEdBQUcsR0FBRyxhQUFILEdBQUcsdUJBQUgsR0FBRyxDQUFFLGdCQUFnQixDQUFDLGtCQUFrQixFQUFFLEVBQUUsT0FBTyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUE7SUFDNUUsU0FBUyxhQUFULFNBQVMsdUJBQVQsU0FBUyxDQUFFLFFBQVEsQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUE7SUFDOUMsU0FBUyxhQUFULFNBQVMsdUJBQVQsU0FBUyxDQUFFLFFBQVEsQ0FBQyxVQUFVLEVBQUUsR0FBRyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFBO0lBQzVELFNBQVMsYUFBVCxTQUFTLHVCQUFULFNBQVMsQ0FBRSxRQUFRLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQTtJQUVwRCxJQUFJLENBQUM7UUFDSixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUEsK0JBQWEsRUFBQztZQUNsQyxHQUFHLElBQUk7WUFDUCxNQUFNO1lBQ04sU0FBUyxDQUFDLE9BQU87Z0JBQ2hCLElBQUcsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQ25CLE1BQU0sQ0FBQyxJQUFJLENBQUMsb0NBQW9DLENBQUMsQ0FBQTtvQkFDakQsT0FBTTtnQkFDUCxDQUFDO2dCQUVELEtBQUssTUFBTSxDQUFDLFdBQVcsQ0FBQztvQkFDdkIsYUFBYSxFQUFFO3dCQUNkLFFBQVEsRUFBRSxFQUFFO3dCQUNaLE9BQU87cUJBQ1A7aUJBQ0QsQ0FBQyxDQUFBO1lBQ0gsQ0FBQztZQUNELE9BQU8sQ0FBQyxHQUFHO2dCQUNWLFNBQVMsYUFBVCxTQUFTLHVCQUFULFNBQVMsRUFBSSxDQUFBO2dCQUViLElBQUcsR0FBRyxFQUFFLENBQUM7b0JBQ1IsR0FBRyxhQUFILEdBQUcsdUJBQUgsR0FBRyxDQUFFLFlBQVksQ0FBQyxHQUFHLEVBQUUsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQTtvQkFDN0MsU0FBUyxhQUFULFNBQVMsdUJBQVQsU0FBUyxDQUFFLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQTtnQkFDakMsQ0FBQztxQkFBTSxDQUFDO29CQUNQLFNBQVMsYUFBVCxTQUFTLHVCQUFULFNBQVMsQ0FBRSxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUE7Z0JBQ2pDLENBQUM7Z0JBRUQsU0FBUyxhQUFULFNBQVMsdUJBQVQsU0FBUyxDQUFFLEdBQUcsRUFBRSxDQUFBO2dCQUVoQixJQUFHLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO29CQUNuQixPQUFNO2dCQUNQLENBQUM7Z0JBRUQsTUFBTSxDQUFDLFdBQVcsQ0FBQztvQkFDbEIscUJBQXFCLEVBQUU7d0JBQ3RCLFFBQVEsRUFBRSxFQUFFO3dCQUNaLEtBQUssRUFBRSxHQUFHOzRCQUNULENBQUMsQ0FBQyxxQkFBYTtpQ0FDYixTQUFTLENBQUMsR0FBRyxDQUFDO2lDQUNkLE9BQU8sRUFBRTs0QkFDWCxDQUFDLENBQUMsU0FBUztxQkFDWjtpQkFDRCxDQUFDO3FCQUNBLEtBQUssQ0FBQyxHQUFHLENBQUMsRUFBRTtvQkFDWixNQUFNLENBQUMsS0FBSyxDQUNYLEVBQUUsR0FBRyxFQUFFLEVBQ1Asd0NBQXdDLENBQ3hDLENBQUE7Z0JBQ0YsQ0FBQyxDQUFDLENBQUE7WUFDSixDQUFDO1NBQ0QsQ0FBQyxDQUFBO1FBRUYsSUFBSSxDQUFDO1lBQ0osTUFBTSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDMUIsQ0FBQztRQUFDLE9BQU0sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsSUFBSSxDQUNWLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQ3hCLG1DQUFtQyxDQUNuQyxDQUFBO1FBQ0YsQ0FBQztRQUVELE1BQU0sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLEdBQUcsTUFBTSxDQUFBO1FBRTNCLE9BQU8sRUFBRSxDQUFBO0lBQ1YsQ0FBQztJQUFDLE9BQU0sR0FBRyxFQUFFLENBQUM7UUFDYixHQUFHLGFBQUgsR0FBRyx1QkFBSCxHQUFHLENBQUUsWUFBWSxDQUFDLEdBQUcsRUFBRSxFQUFFLE1BQU0sRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFBO1FBQzdDLFNBQVMsYUFBVCxTQUFTLHVCQUFULFNBQVMsQ0FBRSxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDaEMsU0FBUyxhQUFULFNBQVMsdUJBQVQsU0FBUyxDQUFFLEdBQUcsRUFBRSxDQUFBO1FBQ2hCLFNBQVMsYUFBVCxTQUFTLHVCQUFULFNBQVMsRUFBSSxDQUFBO1FBRWIsTUFBTSxHQUFHLENBQUE7SUFDVixDQUFDO0lBRUQsS0FBSyxVQUFVLFdBQVcsQ0FBQyxNQUF1QjtRQUNqRCxJQUFHLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3hCLE9BQU07UUFDUCxDQUFDO1FBRUQsd0RBQXdEO1FBQ3hELHlEQUF5RDtRQUN6RCx3QkFBd0I7UUFDeEIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFBLHNCQUFnQixFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQTtRQUM3QyxTQUFTLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsR0FBRyxFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUU7WUFDdEQsTUFBTSxDQUFDLElBQUksQ0FDVixFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUN6QixtQ0FBbUMsQ0FDbkMsQ0FBQTtZQUNELGdEQUFnRDtZQUNoRCxTQUFTLGFBQVQsU0FBUyx1QkFBVCxTQUFTLENBQUUsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDLENBQUE7WUFFbkQsS0FBSyxDQUFBLE1BQU0sYUFBTixNQUFNLHVCQUFOLE1BQU0sQ0FBRSxLQUFLLENBQ2pCLElBQUkscUJBQWEsQ0FDaEIsZ0NBQWdDLEVBQ2hDLHlDQUF5QyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQ3BELENBQ0QsQ0FBQSxDQUFBO1FBQ0YsQ0FBQyxDQUFDLENBQUE7UUFFRixNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsR0FBRyxFQUFFLEVBQUUsMEJBQTBCLENBQUMsQ0FBQTtJQUNsRCxDQUFDO0FBQ0YsQ0FBQyxDQUFBO0FBM0hZLFFBQUEsWUFBWSxnQkEySHhCIn0=