Support private net with pre-shared key

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Support private network secured by pre-shared key [#635](https://github.com/p2panda/aquadoggo/pull/635) 
+
 ### Changed
 
 - Update `libp2p` to version `0.53.2` and apply API changes [#631](https://github.com/p2panda/aquadoggo/pull/631)

aquadoggo/Cargo.toml

@@ -33,6 +33,7 @@ deadqueue = { version = "0.2.3", default-features = false, features = [
     "unlimited",
 ] }
 dynamic-graphql = "0.7.3"
+either = "1.12.0"
 futures = "0.3.23"
 hex = "0.4.3"
 http = "0.2.9"
@@ -42,12 +43,14 @@ libp2p = { version = "0.53.2", features = [
     "macros",
     "mdns",
     "noise",
+    "pnet",
+    "quic",
     "relay",
     "rendezvous",
     "serde",
+    "tcp",
     "tokio",
     "yamux",
-    "quic",
 ] }
 lipmaa-link = "0.2.2"
 log = "0.4.19"

aquadoggo/src/api/config_file.rs

@@ -6,12 +6,12 @@ use std::str::FromStr;
 use std::sync::OnceLock;
 
 use anyhow::{anyhow, Result};
-use libp2p::PeerId;
+use libp2p::{pnet::PreSharedKey, PeerId};
 use p2panda_rs::schema::SchemaId;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use tempfile::TempDir;
 
-use crate::{AllowList, Configuration, NetworkConfiguration};
+use crate::{AllowList, Configuration, NetworkConfiguration, Transport};
 
 const WILDCARD: &str = "*";
 
@@ -21,7 +21,7 @@ const DEFAULT_MAX_DATABASE_CONNECTIONS: u32 = 32;
 
 const DEFAULT_HTTP_PORT: u16 = 2020;
 
-const DEFAULT_QUIC_PORT: u16 = 2022;
+const DEFAULT_NODE_PORT: u16 = 2022;
 
 const DEFAULT_WORKER_POOL_SIZE: u32 = 16;
 
@@ -41,8 +41,8 @@ fn default_http_port() -> u16 {
     DEFAULT_HTTP_PORT
 }
 
-fn default_quic_port() -> u16 {
-    DEFAULT_QUIC_PORT
+fn default_node_port() -> u16 {
+    DEFAULT_NODE_PORT
 }
 
 fn default_database_url() -> String {
@@ -116,9 +116,22 @@ pub struct ConfigFile {
     #[serde(default = "default_http_port")]
     pub http_port: u16,
 
-    /// QUIC port for node-node communication and data replication. Defaults to 2022.
-    #[serde(default = "default_quic_port")]
-    pub quic_port: u16,
+    /// Protocol (TCP/QUIC) used for node-node communication and data replication. Defaults to QUIC.
+    #[serde(default)]
+    pub transport: Transport,
+
+    /// TCP / QUIC port for node-node communication and data replication. Defaults to 2022.
+    #[serde(default = "default_node_port")]
+    pub node_port: u16,
+
+    /// Pre-shared key formatted as a 64 digit hexadecimal string.
+    ///
+    /// When provided a private network will be made with only peers knowing the psk being able
+    /// to form connections.
+    ///
+    /// WARNING: Private networks are only supported when using TCP for the transport layer.
+    #[serde(default)]
+    pub psk: Option<String>,
 
     /// Path to folder where blobs (large binary files) are persisted. Defaults to a temporary
     /// directory.
@@ -214,12 +227,14 @@ pub struct ConfigFile {
 impl Default for ConfigFile {
     fn default() -> Self {
         Self {
+            transport: Transport::default(),
+            psk: None,
             log_level: default_log_level(),
             allow_schema_ids: UncheckedAllowList::default(),
             database_url: default_database_url(),
             database_max_connections: default_max_database_connections(),
             http_port: default_http_port(),
-            quic_port: default_quic_port(),
+            node_port: default_node_port(),
             blobs_base_path: None,
             mdns: default_mdns(),
             private_key: None,
@@ -293,6 +308,14 @@ impl TryFrom<ConfigFile> for Configuration {
             .map(From::from)
             .collect();
 
+        // `PreSharedKey` expects to parse key string from a multi-line string in the following format.
+        let psk = if let Some(psk) = value.psk {
+            let formatted_psk = format!("/key/swarm/psk/1.0.0/\n/base16/\n{}", psk);
+            Some(PreSharedKey::from_str(&formatted_psk)?)
+        } else {
+            None
+        };
+
         Ok(Configuration {
             allow_schema_ids,
             database_url: value.database_url,
@@ -301,7 +324,9 @@ impl TryFrom<ConfigFile> for Configuration {
             blobs_base_path,
             worker_pool_size: value.worker_pool_size,
             network: NetworkConfiguration {
-                quic_port: value.quic_port,
+                transport: value.transport,
+                psk,
+                port: value.node_port,
                 mdns: value.mdns,
                 direct_node_addresses,
                 allow_peer_ids,

aquadoggo/src/lib.rs

@@ -36,7 +36,7 @@ use log::{info, log_enabled, Level};
 
 pub use crate::api::{ConfigFile, LockFile};
 pub use crate::config::{AllowList, Configuration};
-pub use crate::network::NetworkConfiguration;
+pub use crate::network::{NetworkConfiguration, Transport};
 pub use node::Node;
 
 /// Init env_logger before the test suite runs to handle logging outputs.