Add timeattack detector

mtglib/init.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net"
 	"net/http"
+	"time"
 )
 
 var (
@@ -46,6 +47,10 @@ type EventStream interface {
 	Shutdown()
 }
 
+type TimeAttackDetector interface {
+	Valid(time.Time) error
+}
+
 type Logger interface {
 	Named(name string) Logger
 

mtglib/proxy.go

@@ -17,12 +17,13 @@ type Proxy struct {
 	streamWaitGroup sync.WaitGroup
 	workerPool      *ants.PoolWithFunc
 
-	secret          Secret
-	network         Network
-	antiReplayCache AntiReplayCache
-	ipBlocklist     IPBlocklist
-	eventStream     EventStream
-	logger          Logger
+	secret             Secret
+	network            Network
+	timeAttackDetector TimeAttackDetector
+	antiReplayCache    AntiReplayCache
+	ipBlocklist        IPBlocklist
+	eventStream        EventStream
+	logger             Logger
 }
 
 func (p *Proxy) ServeConn(conn net.Conn) {

mtglib/proxy_opts.go

@@ -3,12 +3,13 @@ package mtglib
 import "time"
 
 type ProxyOpts struct {
-	Secret          Secret
-	Network         Network
-	AntiReplayCache AntiReplayCache
-	IPBlocklist     IPBlocklist
-	EventStream     EventStream
-	Logger          Logger
+	Secret             Secret
+	Network            Network
+	AntiReplayCache    AntiReplayCache
+	TimeAttackDetector TimeAttackDetector
+	IPBlocklist        IPBlocklist
+	EventStream        EventStream
+	Logger             Logger
 
 	BufferSize  uint
 	Concurrency uint

timeattack/detector.go

@@ -0,0 +1,36 @@
+package timeattack
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/9seconds/mtg/v2/mtglib"
+)
+
+type detector struct {
+	time.Duration
+}
+
+func (d detector) Valid(then time.Time) error {
+	now := time.Now()
+
+	diff := now.Sub(then)
+	if diff < 0 {
+		diff = -diff
+	}
+
+	if diff > d.Duration {
+		return fmt.Errorf("time is invalid. now=%d, then=%d, diff=%v",
+			now.Unix(),
+			then.Unix(),
+			diff)
+	}
+
+	return nil
+}
+
+func NewDetector(duration time.Duration) mtglib.TimeAttackDetector {
+	return detector{
+		Duration: duration,
+	}
+}

timeattack/detector_test.go

@@ -0,0 +1,28 @@
+package timeattack_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/9seconds/mtg/v2/timeattack"
+	"github.com/stretchr/testify/suite"
+)
+
+type DetectorTestSuite struct {
+	suite.Suite
+}
+
+func (suite *DetectorTestSuite) TestOp() {
+	d := timeattack.NewDetector(time.Second)
+
+	suite.NoError(d.Valid(time.Now()))
+	suite.NoError(d.Valid(time.Now().Add(100 * time.Millisecond)))
+	suite.NoError(d.Valid(time.Now().Add(-100 * time.Millisecond)))
+	suite.Error(d.Valid(time.Now().Add(time.Hour)))
+	suite.Error(d.Valid(time.Now().Add(-time.Hour)))
+}
+
+func TestDetector(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, &DetectorTestSuite{})
+}

timeattack/noop.go

@@ -0,0 +1,15 @@
+package timeattack
+
+import (
+	"time"
+
+	"github.com/9seconds/mtg/v2/mtglib"
+)
+
+type noop struct{}
+
+func (n noop) Valid(_ time.Time) error { return nil }
+
+func NewNoop() mtglib.TimeAttackDetector {
+	return noop{}
+}

timeattack/noop_test.go

@@ -0,0 +1,26 @@
+package timeattack_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/9seconds/mtg/v2/timeattack"
+	"github.com/stretchr/testify/suite"
+)
+
+type NoopTestSuite struct {
+	suite.Suite
+}
+
+func (suite *NoopTestSuite) TestOp() {
+	d := timeattack.NewNoop()
+
+	suite.NoError(d.Valid(time.Now()))
+	suite.NoError(d.Valid(time.Now().Add(time.Hour)))
+	suite.NoError(d.Valid(time.Now().Add(-time.Hour)))
+}
+
+func TestNoop(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, &NoopTestSuite{})
+}