Allow Rendevouz to require some sort of authentication to register

[jakerumbles]

In the network I'm helping build, we have a use case where when a node tries to register under a namespace with the rendevouz server, we want to run some custom checks before approving the namespace registration and giving the node access to discover the peers under the namespace. If they fail the check, then they are not registered under the namespace and they will not be able to discover the peers under the namespace. I'm thinking of potentially opening a branch and working on this, unless this is already possible (but I can't find that functionality anywhere).

I'm thinking something like this

Ok(DroseraNetworkBehaviour {
    gossipsub,
    rendezvous_server: rendezvous::server::Behaviour::new(
        rendezvous::server::Config::default()
            .with_min_ttl(min_register_ttl)
            .with_max_ttl(max_register_ttl)
            .with_authorization_check(|| {
                if condition {
                    Ok(())
                } else {
                    Err("Unauthorized")
                }
            }),
    ),
    rendezvous_client: rendezvous::client::Behaviour::new(key.clone()),
    ping: ping::Behaviour::new(
        ping::Config::new().with_interval(Duration::from_secs(5)),
    ),
})

This way one can pass any logic to return a Result giving further tuning capabilities when using rendevouz. Our primary motivation here is reducing opportunities for DoS attacks and the like. Harder to do if you don't know addresses of nodes. This way we can only allow nodes to register that can pass a test that only an honest node could.

What do you think?

[drHuangMHT]

I believe you can design a wrapper behaviour that does authentication for you during protocol negotiation phase, and reject the handshake for the inner behaviour or reject the entire connection altogether when authentication failed.
Behaviours are highly composable, you can draw some inspiration from swarm::behaviour::Toggle and libp2p-allow-block-list.

[jakerumbles]

Thanks for the idea @drHuangMHT! I will explore this further. I had had some similar thoughts about just cloning rendevouz and adding on top of it, but this is extra interesting.

[drHuangMHT]

In either case the compatibility with the "reference" implementation will be broken. However it seems that libp2p allows changes in protocols when the connection is established and protocols negotiated already. Basically the peer will check if there are changes in protocols on remote peer peroidically, though the library doesn't seem to provide any public entrypoint to this.