From ed9a5e44b695a58b0b63a3c58dbf33bb71e97dfb Mon Sep 17 00:00:00 2001 From: Pavel Karpy Date: Fri, 11 Jun 2021 20:13:24 +0300 Subject: [PATCH] [#613] pkg/innerring: Add sanity check of GlobalTrust Add sanity checks of GlobalTrust value: check if "got manager" is real manager for peer with building managers for peer. Signed-off-by: Pavel Karpy --- pkg/innerring/innerring.go | 8 +++-- .../processors/reputation/process_put.go | 34 +++++++++++++++++-- .../processors/reputation/processor.go | 7 ++++ 3 files changed, 44 insertions(+), 5 deletions(-) diff --git a/pkg/innerring/innerring.go b/pkg/innerring/innerring.go index 2e12e4902..2305063fc 100644 --- a/pkg/innerring/innerring.go +++ b/pkg/innerring/innerring.go @@ -36,6 +36,7 @@ import ( audittask "github.com/nspcc-dev/neofs-node/pkg/services/audit/taskmanager" control "github.com/nspcc-dev/neofs-node/pkg/services/control/ir" controlsrv "github.com/nspcc-dev/neofs-node/pkg/services/control/ir/server" + reputationcommon "github.com/nspcc-dev/neofs-node/pkg/services/reputation/common" util2 "github.com/nspcc-dev/neofs-node/pkg/util" utilConfig "github.com/nspcc-dev/neofs-node/pkg/util/config" "github.com/nspcc-dev/neofs-node/pkg/util/precision" @@ -626,8 +627,6 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error return nil, err } - // todo: create reputation processor - // create mainnnet neofs processor neofsProcessor, err := neofs.New(&neofs.Params{ Log: log, @@ -682,6 +681,11 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error EpochState: server, AlphabetState: server, ReputationWrapper: repClient, + ManagerBuilder: reputationcommon.NewManagerBuilder( + reputationcommon.ManagersPrm{ + NetMapSource: nmClient, + }, + ), }) if err != nil { return nil, err diff --git a/pkg/innerring/processors/reputation/process_put.go b/pkg/innerring/processors/reputation/process_put.go index 9d76b9106..f71d1f805 100644 --- a/pkg/innerring/processors/reputation/process_put.go +++ b/pkg/innerring/processors/reputation/process_put.go @@ -1,14 +1,20 @@ package reputation import ( + "bytes" "encoding/hex" + "errors" + "fmt" - "github.com/nspcc-dev/neofs-api-go/pkg/reputation" + apireputation "github.com/nspcc-dev/neofs-api-go/pkg/reputation" "github.com/nspcc-dev/neofs-node/pkg/morph/client/reputation/wrapper" + "github.com/nspcc-dev/neofs-node/pkg/services/reputation" "go.uber.org/zap" ) -func (rp *Processor) processPut(epoch uint64, id reputation.PeerID, value reputation.GlobalTrust) { +var errWrongManager = errors.New("got manager that is incorrect for peer") + +func (rp *Processor) processPut(epoch uint64, id apireputation.PeerID, value apireputation.GlobalTrust) { if !rp.alphabetState.IsAlphabet() { rp.log.Info("non alphabet mode, ignore reputation put notification") return @@ -34,7 +40,14 @@ func (rp *Processor) processPut(epoch uint64, id reputation.PeerID, value reputa return } - // todo: do sanity checks of value + // check if manager is correct + if err := rp.checkManagers(epoch, *value.Manager(), id); err != nil { + rp.log.Info("ignore reputation value", + zap.String("reason", "wrong manager"), + zap.String("error", err.Error())) + + return + } args := wrapper.PutArgs{} args.SetEpoch(epoch) @@ -48,3 +61,18 @@ func (rp *Processor) processPut(epoch uint64, id reputation.PeerID, value reputa zap.String("error", err.Error())) } } + +func (rp *Processor) checkManagers(e uint64, mng apireputation.PeerID, peer apireputation.PeerID) error { + mm, err := rp.mngBuilder.BuildManagers(e, reputation.PeerIDFromBytes(peer.ToV2().GetPublicKey())) + if err != nil { + return fmt.Errorf("could not build managers: %w", err) + } + + for _, m := range mm { + if bytes.Equal(mng.ToV2().GetPublicKey(), m.PublicKey()) { + return nil + } + } + + return errWrongManager +} diff --git a/pkg/innerring/processors/reputation/processor.go b/pkg/innerring/processors/reputation/processor.go index ab30bc3b6..94a7dff37 100644 --- a/pkg/innerring/processors/reputation/processor.go +++ b/pkg/innerring/processors/reputation/processor.go @@ -8,6 +8,7 @@ import ( reputationWrapper "github.com/nspcc-dev/neofs-node/pkg/morph/client/reputation/wrapper" "github.com/nspcc-dev/neofs-node/pkg/morph/event" reputationEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/reputation" + "github.com/nspcc-dev/neofs-node/pkg/services/reputation/common" "github.com/panjf2000/ants/v2" "go.uber.org/zap" ) @@ -34,6 +35,8 @@ type ( alphabetState AlphabetState reputationWrp *reputationWrapper.ClientWrapper + + mngBuilder common.ManagerBuilder } // Params of the processor constructor. @@ -44,6 +47,7 @@ type ( EpochState EpochState AlphabetState AlphabetState ReputationWrapper *reputationWrapper.ClientWrapper + ManagerBuilder common.ManagerBuilder } ) @@ -62,6 +66,8 @@ func New(p *Params) (*Processor, error) { return nil, errors.New("ir/reputation: global state is not set") case p.ReputationWrapper == nil: return nil, errors.New("ir/reputation: reputation contract wrapper is not set") + case p.ManagerBuilder == nil: + return nil, errors.New("ir/reputation: manager builder is not set") } p.Log.Debug("reputation worker pool", zap.Int("size", p.PoolSize)) @@ -78,6 +84,7 @@ func New(p *Params) (*Processor, error) { epochState: p.EpochState, alphabetState: p.AlphabetState, reputationWrp: p.ReputationWrapper, + mngBuilder: p.ManagerBuilder, }, nil }