feat(security): added whitelists, blacklists and TLS protocol

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "share"
-version = "0.0.16"
+version = "0.0.17"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

README.md

@@ -136,15 +136,16 @@ Contributions of any kind are welcome! See the [contributing guide](contributing
 # Roadmap
 
 ### Utilities
-- [ ] Configuration File: Enables users to pass in a config file as an argument instead of listing all parameters manually.
+- [x] Configuration File: Enables users to pass in a config file as an argument instead of listing all parameters manually.
   - [x] Default path to save items(messgaes, secrets and files).
   - [x] Replace secrets or update them
   - [x] When files with the same name are received, discard, keep, inform, or update them
-  - [ ] Add a whitelist of IPs to allow connection from
+  - [x] Add a whitelist of IPs to allow connection from
 - [ ] Publish `share` to crates.io to enable users to `cargo install secure-share`
 ### Security
 - [ ] Signed Certificates from Let's Encrypt.
-- [ ] Whitelists and Blacklists
+- [x] TLS
+- [x] Whitelists and Blacklists
 
 ### Protocols
 - [ ] Support QUIC. Use QUIC as default and fall back to TCP

config.yml

@@ -15,5 +15,7 @@ message: #Optional during receive
 - test message
 file: #Optional during receive
 - "./dev_build.sh"
-debug: 0 #Compulsory. 0 is for off and 1 and above for on
-
+debug: 1 #Compulsory. 0 is for off and 1 and above for on
+blacklists:
+- 127.0.0.1
+- 34.138.139.178

npm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@onboardbase/secure-share",
-  "version": "0.0.16",
+  "version": "0.0.17",
   "description": "Share anything with teammates across machines via CLI",
   "scripts": {
     "test": "jest",

src/config.rs

@@ -1,5 +1,7 @@
 use std::{
+    collections::HashSet,
     fs::{self, OpenOptions},
+    net::Ipv4Addr,
     path::{Path, PathBuf},
 };
 
@@ -17,6 +19,8 @@ pub struct Config {
     port: i32,
     debug: u8,
     save_path: PathBuf,
+    whitelists: Option<HashSet<Ipv4Addr>>,
+    blacklists: Option<HashSet<Ipv4Addr>>,
 }
 
 impl Config {
@@ -44,6 +48,8 @@ impl Config {
             port: opts.port.unwrap_or(0),
             debug: opts.debug,
             save_path: Config::create_default_path()?,
+            whitelists: None,
+            blacklists: None,
         };
         Ok(config)
     }
@@ -105,4 +111,12 @@ impl Config {
     pub fn save_path(&self) -> PathBuf {
         self.save_path.clone()
     }
+
+    pub fn whitelists(&self) -> Option<HashSet<Ipv4Addr>> {
+        self.whitelists.clone()
+    }
+
+    pub fn blacklists(&self) -> Option<HashSet<Ipv4Addr>> {
+        self.blacklists.clone()
+    }
 }

src/handlers/mod.rs

@@ -0,0 +1 @@
+pub mod security;

src/handlers/security.rs

@@ -0,0 +1,60 @@
+use libp2p::{
+    identify::{Event, Info},
+    multiaddr::Protocol,
+};
+
+use crate::config::Config;
+
+pub fn is_ip_whitelisted(event: &Event, config: &Config) -> bool {
+    if let Some(whitelists) = config.whitelists() {
+        match event {
+            Event::Received {
+                info: Info { listen_addrs, .. },
+                ..
+            } => {
+                let addresses = listen_addrs
+                    .iter()
+                    .map(|addr| {
+                        let components = addr.iter().collect::<Vec<_>>();
+                        components[0].clone()
+                    })
+                    .collect::<Vec<_>>();
+
+                addresses.iter().all(|addr| match addr {
+                    Protocol::Ip4(ip_addr) => whitelists.contains(ip_addr),
+                    _ => false,
+                })
+            }
+            _ => true,
+        }
+    } else {
+        true
+    }
+}
+
+pub fn is_ip_blacklisted(event: &Event, config: &Config) -> bool {
+    if let Some(blacklists) = config.blacklists() {
+        match event {
+            Event::Received {
+                info: Info { listen_addrs, .. },
+                ..
+            } => {
+                let addresses = listen_addrs
+                    .iter()
+                    .map(|addr| {
+                        let components = addr.iter().collect::<Vec<_>>();
+                        components[0].clone()
+                    })
+                    .collect::<Vec<_>>();
+
+                addresses.iter().any(|addr| match addr {
+                    Protocol::Ip4(ip_addr) => blacklists.contains(ip_addr),
+                    _ => false,
+                })
+            }
+            _ => false,
+        }
+    } else {
+        false
+    }
+}

src/item/mod.rs

@@ -36,6 +36,7 @@ pub struct ItemResponse {
     pub status: Status,
     pub no_of_success: usize,
     pub no_of_fails: usize,
+    pub err: Option<String>,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize)]

src/main.rs

@@ -1,18 +1,20 @@
 use clap::Parser;
 use config::Config;
 use libp2p::PeerId;
+use network::punch;
 use std::{process::exit, str::FromStr};
 use tracing::error;
 
 mod config;
-mod hole_puncher;
+mod handlers;
 mod item;
 mod logger;
+mod network;
 
 #[derive(Parser, Debug)]
 #[command(name = "share")]
 #[command(author = "Onboardbase. <onboardbase.com>")]
-#[command(version = "0.0.16")]
+#[command(version = "0.0.17")]
 #[command(about = "Share anything with teammates across machines via CLI.", long_about = None)]
 pub struct Cli {
     /// Separated list of secrets to share. Key-Value pair is seperated by a comma. "my_key,my_value"
@@ -81,7 +83,7 @@ async fn main() {
     logger::log(&config).unwrap();
 
     let code = {
-        match hole_puncher::punch(mode, remote_peer_id, config) {
+        match punch(mode, remote_peer_id, config) {
             Ok(_) => 1,
             Err(err) => {
                 error!("{:#?}", err.to_string());