Refactor RDP proxy handling and update related tests

2026-05-17 20:38:35 +03:00
parent 8e9402580f
commit d551e57fd5
172 changed files with 22117 additions and 2509 deletions
@@ -1,6 +1,7 @@
 package mesh

 import (
+	"encoding/json"
 	"sort"
 	"strings"
 	"time"
@@ -53,9 +54,11 @@ type PeerCacheEntry struct {
 	BestReachability   string                  `json:"best_reachability,omitempty"`
 	BestConnectivity   string                  `json:"best_connectivity,omitempty"`
 	BestNATType        string                  `json:"best_nat_type,omitempty"`
+	BestRegion         string                  `json:"best_region,omitempty"`
 	BestPolicyTags     []string                `json:"best_policy_tags,omitempty"`
 	BestCandidateScore int                     `json:"best_candidate_score,omitempty"`
 	BestScoreReasons   []string                `json:"best_score_reasons,omitempty"`
+	BestPeerCertSHA256 string                  `json:"best_peer_cert_sha256,omitempty"`
 	EndpointCandidates []PeerEndpointCandidate `json:"endpoint_candidates,omitempty"`
 	RendezvousLeaseID  string                  `json:"rendezvous_lease_id,omitempty"`
 	RelayNodeID        string                  `json:"relay_node_id,omitempty"`
@@ -132,9 +135,11 @@ func NewPeerCache(cfg PeerCacheConfig) *PeerCache {
 			entry.BestReachability = scored[0].Candidate.Reachability
 			entry.BestConnectivity = scored[0].Candidate.ConnectivityMode
 			entry.BestNATType = scored[0].Candidate.NATType
+			entry.BestRegion = scored[0].Candidate.Region
 			entry.BestPolicyTags = append([]string{}, scored[0].Candidate.PolicyTags...)
 			entry.BestCandidateScore = scored[0].Score
 			entry.BestScoreReasons = append([]string{}, scored[0].Reasons...)
+			entry.BestPeerCertSHA256 = candidatePeerCertSHA256(scored[0].Candidate)
 			entry.bestScore = scored[0].Score
 			if strings.TrimSpace(scored[0].Candidate.Address) != "" {
 				entry.Endpoint = strings.TrimSpace(scored[0].Candidate.Address)
@@ -188,6 +193,7 @@ func NewPeerCache(cfg PeerCacheConfig) *PeerCache {
 		if lease.PeerNodeID != cfg.Local.NodeID {
 			entry := peerCacheEntry(entries, lease.PeerNodeID)
 			useLeaseEndpoint := shouldUseRendezvousEndpoint(*entry)
+			localRelay := lease.RelayNodeID == cfg.Local.NodeID
 			entry.RendezvousLeaseID = lease.LeaseID
 			entry.RelayNodeID = lease.RelayNodeID
 			entry.RelayEndpoint = strings.TrimRight(strings.TrimSpace(lease.RelayEndpoint), "/")
@@ -195,12 +201,21 @@ func NewPeerCache(cfg PeerCacheConfig) *PeerCache {
 			entry.CandidateCount = maxInt(entry.CandidateCount, 1)
 			entry.ConnectivityModes = mergeStrings(entry.ConnectivityModes, []string{firstNonEmpty(lease.ConnectivityMode, "relay_required"), "relay_control"})
 			if useLeaseEndpoint {
-				entry.BestTransport = firstNonEmpty(lease.Transport, "relay_control")
+				if localRelay {
+					entry.BestTransport = "reverse_quic"
+				} else {
+					entry.BestTransport = firstNonEmpty(lease.Transport, "relay_quic")
+				}
 				entry.BestReachability = "relay"
 				entry.BestConnectivity = firstNonEmpty(lease.ConnectivityMode, "relay_required")
-				entry.Endpoint = entry.RelayEndpoint
-				entry.BestCandidateID = lease.LeaseID
-				entry.BestCandidateAddr = entry.RelayEndpoint
+				if !localRelay {
+					entry.Endpoint = entry.RelayEndpoint
+					entry.BestCandidateID = lease.LeaseID
+					entry.BestCandidateAddr = entry.RelayEndpoint
+					entry.BestPeerCertSHA256 = rendezvousLeasePeerCertSHA256(lease)
+				} else if strings.TrimSpace(entry.Endpoint) == "" {
+					entry.Endpoint = firstNonEmpty(entry.BestCandidateAddr, entry.RelayEndpoint)
+				}
 				entry.bestScore = maxInt(entry.bestScore, 500)
 			}
 		}
@@ -262,6 +277,20 @@ func NewPeerCache(cfg PeerCacheConfig) *PeerCache {
 	}}
 }

+func rendezvousLeasePeerCertSHA256(lease PeerRendezvousLease) string {
+	var metadata struct {
+		PeerCertSHA256 string `json:"peer_cert_sha256,omitempty"`
+		TLSCertSHA256  string `json:"tls_cert_sha256,omitempty"`
+	}
+	if len(lease.Metadata) == 0 {
+		return ""
+	}
+	if err := json.Unmarshal(lease.Metadata, &metadata); err != nil {
+		return ""
+	}
+	return firstNonEmpty(strings.TrimSpace(metadata.PeerCertSHA256), strings.TrimSpace(metadata.TLSCertSHA256))
+}
+
 func (c *PeerCache) Snapshot() PeerCacheSnapshot {
 	if c == nil {
 		return PeerCacheSnapshot{}