feat: add support for webrtc and certhash (#261) #262
Conversation
src/convert.ts
Outdated
| @@ -148,6 +153,12 @@ function mh2bytes (hash: string) { | |||
| return uint8ArrayConcat([size, mh], size.length + mh.length) | |||
| } | |||
|
|
|||
| function mb2bytes(mbstr: string) { | |||
| let mb = MB.decode(mbstr) | |||
There was a problem hiding this comment.
do we need to handle the case where decoding the multibase fails?
There was a problem hiding this comment.
decode would throw in some failure cases
https://multiformats.github.io/js-multibase/#decode
https://github.com/multiformats/js-multibase/blob/dde00682ed1a2539677c1e2b17dc6a3c112c8e3a/src/base.js#L40-L47
That said I don't think multibase is aware of what kind of data it's decoding, so it should not be able to detect things like the field being truncated. I don't think the existing analogous multihash functions do validation of this kind in all cases either, though.
https://github.com/multiformats/js-multiaddr/blob/master/src/convert.ts#L140-L142
| function mb2bytes(mbstr: string) { | ||
| let mb = MB.decode(mbstr) | ||
| const size = Uint8Array.from(varint.encode(mb.length)) | ||
| return uint8ArrayConcat([size, mb], size.length + mb.length) |
There was a problem hiding this comment.
is there any verification required that the decoded multibase contains a valid multihash?
There was a problem hiding this comment.
I'm not sure there's an easy way to verify that. The existing multihash function does one validation I did not replicate here,
https://github.com/multiformats/js-multiaddr/blob/master/src/convert.ts#L158-L160
That it reports a size that is correct. I could (maybe should) do that. But to go beyond that I think we'd have to be aware of all the supported encryption schemes, correct?
There was a problem hiding this comment.
@achingbrain - thoughts on this?
There was a problem hiding this comment.
I think this is fine, otherwise as you say it would have to know about all the available hash algorithms.
This comment was marked as outdated.
This comment was marked as outdated.
|
Is there a known set of, or convention for the type of multibase encoding a given certhash will use? E.g. is it normally I ask because you've pulled in the deprecated The approach taken elsewhere is to allow a |
This comment was marked as resolved.
This comment was marked as resolved.
|
Not wrong at all, that sounds sensible. |
John-LittleBearLabs
force-pushed
the
jt/261-webrtc
branch
from
ad50712
to
cab5d25
Compare
src/default-certhash-codec.ts
Outdated
| const encodings: {[prefix: string]: BaseDecoder} = { | ||
| 'f': base16, | ||
| 'u': base64url, | ||
| 'z': base58btc, | ||
| }; |
There was a problem hiding this comment.
I am not familiar with the JS multiformats stack. I am surprised that this mapping needs to be defined. I would expect this to be a general multihash and not a certhash specific mapping is.
There was a problem hiding this comment.
You can compose a decoder from several other decoders, though the types are a little wonky.
I would expect this to be a general multihash
Do you mean not limited to the f, u or z prefixes? multiformats follows a pattern where you only include the codecs you need instead of the kitchen-sink approach.
You can, of course, compose your codec out of all available codecs.
There was a problem hiding this comment.
@mxinden I believe my first pass supported all the encodings for a "general multihash", and I may have read too much into @achingbrain 's criticism of that (that the dependency I was using was too large because it supported too much). That's why I limited what I'm bringing in by default and provided the mechanism for the caller to dependency-inject a broader codec if wished.
Will look into using or to compose decoders. And to be clear, we're saying we want to support all of them, to take the draft spec as currently written literally, regardless of who is using this library? Except, perhaps, encodings with '/' in their alphabet?
There was a problem hiding this comment.
I would expect this to be a general multihash
Do you mean not limited to the
f,uorzprefixes?multiformats follows a pattern where you only include the codecs you need instead of the kitchen-sink approach.
I was not referring to supporting all multihash variants, but instead to the fact that the mapping between identifier (e.g. f) and its multihash variant (here base16) needs to be written by the user. That seems error prone to me. I might just be missing something.
And to be clear, we're saying we want to support all of them, to take the draft spec as currently written literally, regardless of who is using this library? Except, perhaps, encodings with '/' in their alphabet?
That is how we implement it in Rust multiformats/rust-multiaddr#59 and Golang multiformats/go-multiaddr#176. That said, both encode with Base64Url. Thus I think it is fine to support only a minimal set of bases for now.
We might require users to use sha256. In the same vein, we could as well require users to use Base64Url for now. Thoughts?
There was a problem hiding this comment.
the mapping between identifier (e.g. f) and its multihash variant (here base16) needs to be written by the user.
It doesn't and if you see the new version of the code I dropped that.
Base64Url. Thus I think it is fine to support only a minimal set of bases for now.
I'll do whichever you like. Right now it's back to supporting "all" of them.
I put all in quotes because of the '/' issue. I didn't see an easy way to detect the alphabets from the dictionary provided by the multiformats library so I didn't filter them out. I would just guess that a base64-encoded certhash that happens to have a / in it, if placed in a Multiaddr, would cause problems at runtime.
There was a problem hiding this comment.
For the record libp2p/specs@7009f94 specifies the requirement of supporting sha256 and base64url. I don't have an opinion on whether js-multiaddr should support any other algorithms / encodings beyond that.
There was a problem hiding this comment.
Well-spotted. If the other side is only required to accept those two, then base58btc was a very poor choice of encoding for convertToString(). I'll fix that.
I think we can afford to leave the convertToBytes as supporting a bunch of 'em, since I'm not adding anything new to package.json to get it. But I'll certainly remove those others if advised to do so.
John-LittleBearLabs
requested review from
mxinden,
achingbrain and
ckousik
and removed request for
mxinden,
achingbrain and
ckousik
There was a problem hiding this comment.
This looks good to me from a WebRTC perspective. @achingbrain could you give this another review from the JS perspective?
(Not going to approve, as I don't think my review should be given much weight. I am fine with this being merged.)
achingbrain
changed the title
test/convert.spec.ts
Outdated
| let mb = 'f' + myCertFingerprint.value.replaceAll(':',''); | ||
| let bytes = convert.convertToBytes('certhash',mb); | ||
| let outcome = convert.convertToString(466, bytes); | ||
| //Although I sent hex encoding in, base58btc always comes out |
There was a problem hiding this comment.
Is this comment valid? Looks like base64url has come out.
There was a problem hiding this comment.
Good catch. The comment is out-of-date.
|
🎉 This PR is included in version 10.4.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
For use with the js implementation of the webrtc transport currently in development.
The most relevant point of info, from the draft spec: