Is there an ability to add some authorization layer for all underlying streams/protocols? As I see in the code (index.js, upgrader.js) there is a protector (connProtector) module followed by encryption module (connEncryption) and then it applies muxers (streamMuxers). I want to pass JWT/SSL certificate/whatever else check between connEncryption and streamMuxers to make authorization once per connection. Is there a solution for it or it requires pull-request?
There currently isn’t any middleware layer between crypto and setting up the muxer. This could be done as part of protocol handler setup, but the solution would depend on what you’re trying to do. Are you trying to set up a private network that you can auth into, or just protect certain protocols like an authed api?
Are you trying to set up a private network that you can auth into, or just protect certain protocols like an authed api?
I want to do what TLS does: wrap any underlying protocol with a single authorisantion layer and then pass control to the application/protocol layer. TLS/SSL allows to encrypt but also to authorize user with SSL certificate, but this ability isn’t in wide use due to centralized naature of SSL certs. I want to make all my underlying protocols to receive authorization once per connection using DID payloads and then receive internal user information.
I’m doing a hub which can handle any protocol HTTP, JSONRPC, gRPC and I want to make it use unified authorization. I can wrap each protocol in something like this
/my-auth/1.0/http/1.1 and use streams. But it will allow incoming connection to open streams before authorization what I want to avoid.
There currently isn’t any middleware layer between crypto and setting up the muxer.
Yeah, I saw it. I can do it with implementing custom muxer with an authorization middleware for that.
But It seems reasonable to separate this and put into Upgrader due to LibP2P is a universal network library I think it would be correct to match the OSI model and separate this layers.