15 #ifndef hifi_DomainGatekeeper_h
16 #define hifi_DomainGatekeeper_h
18 #include <unordered_map>
19 #include <unordered_set>
21 #include <QtCore/QObject>
22 #include <QtNetwork/QNetworkReply>
23 #include <QtCore/QSharedPointer>
25 #include <DomainHandler.h>
29 #include <UUIDHasher.h>
31 #include "NodeConnectionData.h"
32 #include "PendingAssignedNodeData.h"
34 const QString DOMAIN_GROUP_CHAR =
"@";
38 class DomainGatekeeper :
public QObject {
41 DomainGatekeeper(DomainServer* server);
43 void addPendingAssignedNode(
const QUuid& nodeUUID,
const QUuid& assignmentUUID,
const QString& nodeVersion);
44 QUuid assignmentUUIDForPendingAssignment(
const QUuid& tempUUID);
46 void cleanupICEPeerForNode(
const QUuid& nodeID);
48 Node::LocalID findOrCreateLocalID(
const QUuid& uuid);
50 static void sendProtocolMismatchConnectionDenial(
const SockAddr& senderSockAddr);
52 void processConnectRequestPacket(QSharedPointer<ReceivedMessage> message);
53 void processICEPingPacket(QSharedPointer<ReceivedMessage> message);
54 void processICEPingReplyPacket(QSharedPointer<ReceivedMessage> message);
55 void processICEPeerInformationPacket(QSharedPointer<ReceivedMessage> message);
57 void publicKeyJSONCallback(QNetworkReply* requestReply);
58 void publicKeyJSONErrorCallback(QNetworkReply* requestReply);
60 void getIsGroupMemberJSONCallback(QNetworkReply* requestReply);
61 void getIsGroupMemberErrorCallback(QNetworkReply* requestReply);
63 void getDomainOwnerFriendsListJSONCallback(QNetworkReply* requestReply);
64 void getDomainOwnerFriendsListErrorCallback(QNetworkReply* requestReply);
66 void refreshGroupsCache();
69 void killNode(SharedNodePointer node);
70 void connectedNode(SharedNodePointer node, quint64 requestReceiveTime);
73 void updateNodePermissions();
76 void handlePeerPingTimeout();
79 void requestDomainUserFinished();
82 SharedNodePointer processAssignmentConnectRequest(
const NodeConnectionData& nodeConnection,
83 const PendingAssignedNodeData& pendingAssignment);
84 SharedNodePointer processAgentConnectRequest(
const NodeConnectionData& nodeConnection,
85 const QString& username,
86 const QByteArray& usernameSignature,
87 const QString& domainUsername,
88 const QString& domainAccessToken,
89 const QString& domainRefreshToken);
90 SharedNodePointer addVerifiedNodeFromConnectRequest(
const NodeConnectionData& nodeConnection);
92 bool verifyUserSignature(
const QString& username,
const QByteArray& usernameSignature,
93 const SockAddr& senderSockAddr);
95 bool needToVerifyDomainUserIdentity(
const QString& username,
const QString& accessToken,
const QString& refreshToken);
96 bool verifyDomainUserIdentity(
const QString& username,
const QString& accessToken,
const QString& refreshToken,
97 const SockAddr& senderSockAddr);
99 bool isWithinMaxCapacity();
101 bool shouldAllowConnectionFromNode(
const QString& username,
const QByteArray& usernameSignature,
102 const SockAddr& senderSockAddr);
104 void sendConnectionTokenPacket(
const QString& username,
const SockAddr& senderSockAddr);
105 static void sendConnectionDeniedPacket(
const QString& reason,
const SockAddr& senderSockAddr,
106 DomainHandler::ConnectionRefusedReason reasonCode = DomainHandler::ConnectionRefusedReason::Unknown,
107 QString extraInfo = QString());
109 void pingPunchForConnectingPeer(
const SharedNetworkPeer& peer);
111 void requestUserPublicKey(
const QString& username,
bool isOptimistic =
false);
113 DomainServer* _server;
115 std::unordered_map<QUuid, PendingAssignedNodeData> _pendingAssignedNodes;
117 QHash<QUuid, SharedNetworkPeer> _icePeers;
119 using ConnectingNodeID = QUuid;
120 using ICEPeerID = QUuid;
121 QHash<ConnectingNodeID, ICEPeerID> _nodeToICEPeerIDs;
123 QHash<QString, QUuid> _connectionTokenHash;
131 using KeyFlagPair = QPair<QByteArray, bool>;
133 QHash<QString, KeyFlagPair> _userPublicKeys;
134 QHash<QString, bool> _inFlightPublicKeyRequests;
135 QSet<QString> _domainOwnerFriends;
136 QSet<QString> _inFlightGroupMembershipsRequests;
138 NodePermissions setPermissionsForUser(
bool isLocalUser, QString verifiedUsername, QString verifiedDomainUsername,
139 const QHostAddress& senderAddress,
const QString& hardwareAddress,
140 const QUuid& machineFingerprint);
142 void getGroupMemberships(
const QString& username);
144 void getDomainOwnerFriendsList();
147 void initLocalIDManagement();
148 using UUIDToLocalID = std::unordered_map<QUuid, Node::LocalID> ;
149 using LocalIDs = std::unordered_set<Node::LocalID>;
151 UUIDToLocalID _uuidToLocalID;
152 Node::LocalID _currentLocalID;
153 Node::LocalID _idIncrement;
156 bool domainHasLogin();
157 void requestDomainUser(
const QString& username,
const QString& accessToken,
const QString& refreshToken);
159 typedef QHash<QString, QPair<QString, QString>> DomainUserIdentities;
160 DomainUserIdentities _inFlightDomainUserIdentityRequests;
161 DomainUserIdentities _verifiedDomainUserIdentities;
163 QHash<QString, QStringList> _domainGroupMemberships;