check status of peers in kdf network (#25)

* require kdf connection string in the config file Signed-off-by: onur-ozkan <[email protected]> * add {serializer, deserializer} wrappers for `RpcClient` Signed-off-by: onur-ozkan <[email protected]> * implement expirable hashmap Signed-off-by: onur-ozkan <[email protected]> * implement peer status check logic into the middleware Signed-off-by: onur-ozkan <[email protected]> * check if KDF is available on app initialization Signed-off-by: onur-ozkan <[email protected]> * update kdf rpc module Signed-off-by: onur-ozkan <[email protected]> * allow dead-code for various `expirable_map` functions Signed-off-by: onur-ozkan <[email protected]> * move `peer_connection_healthcheck` priority Signed-off-by: onur-ozkan <[email protected]> * update execution flow docs Signed-off-by: onur-ozkan <[email protected]> * update drawio document file Signed-off-by: onur-ozkan <[email protected]> * Update README.md * keep `RpcSocketPayload` private Signed-off-by: onur-ozkan <[email protected]> * update README Signed-off-by: onur-ozkan <[email protected]> * Update README.md * extend configuration interface with `peer_healthcheck_caching_secs` Signed-off-by: onur-ozkan <[email protected]> * update README Signed-off-by: onur-ozkan <[email protected]> * sync the upstream changes Signed-off-by: onur-ozkan <[email protected]> * update proxy_signature Signed-off-by: onur-ozkan <[email protected]> * sync upstream expirable map impl Signed-off-by: onur-ozkan <[email protected]> * exclude nightly pipeline from runner Signed-off-by: onur-ozkan <[email protected]> --------- Signed-off-by: onur-ozkan <[email protected]>
KomodoPlatform · Oct 7, 2024 · 3c191bb · 3c191bb
1 parent e382d29
commit 3c191bb
Show file tree

Hide file tree

Showing 13 changed files with 450 additions and 100 deletions.
diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml
@@ -14,7 +14,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -35,7 +35,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -58,7 +58,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -82,7 +82,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -103,7 +103,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,6 +20,7 @@ log = "0.4.17"
 once_cell = "1.12.0"
 url = { version = "2.2.2", features = ["serde"] }
 redis = { version = "0.21.5", default-features = false, features = ["tokio-comp"] }
+rustc-hash = "1.1.0"
 serde = "1.0.137"
 serde_json = { version = "1.0.81", features = ["preserve_order", "raw_value"] }
 sha3 = "0.9"
@@ -28,7 +29,7 @@ tokio = { version = "1.12.0", default-features = false, features = ["macros", "r
 tokio-tungstenite = { version = "0.20.0", features = ["native-tls"] }
 # From our sources
 libp2p = { git = "https://github.com/KomodoPlatform/rust-libp2p.git", tag = "k-0.52.4", default-features = false, features = ["identify"] }
-proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", rev = "9ebc006" }
+proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", branch = "dev" }
 
 [target.x86_64-unknown-linux-gnu.dependencies]
 jemallocator = "0.5.0"

diff --git a/README.md b/README.md
@@ -1,3 +1,7 @@
+# Komodo Defi Proxy
+
+Decentralized P2P applications have some limitations by their nature and one of them is the use application/API keys. If an API key is used in the application, any user could retrieve it by simply debugging the app. Some of the blockchain services we use in [komodo-defi-framework](https://github.com/KomodoPlatform/komodo-defi-framework) are paid services and we want to prevent abuse, such as users copying the API key for personal use. To address this problem, we created this project, komodo-defi-proxy. It takes the request, handles the API key, forwards the request to the actual service, and returns the result without modifying the original request. This keeps our secret application keys secure and hidden from end users.
+
 ### Dev Requirements
 
 Creating rsa key pairs
@@ -16,12 +20,14 @@ Create the configuration file for app runtime.
   "pubkey_path": "/path_to_publick_key.pem",
   "privkey_path": "/path_to_private_key.pem",
   "redis_connection_string": "redis://localhost",
+  "kdf_rpc_client": "http://127.0.0.1:7783",
+  "kdf_rpc_password": "testpass",
   "token_expiration_time": 300,
   "proxy_routes": [
     {
       "inbound_route": "/dev",
       "outbound_route": "http://localhost:8000",
-      "proxy_type": "quicknode",
+      "proxy_type": "quicknode", # available types are: "quicknode", "moralis", "block_pi"
       "authorized": false,
       "allowed_rpc_methods": [
         "eth_blockNumber",
@@ -36,20 +42,18 @@ Create the configuration file for app runtime.
     "rp_15_min": 200,
     "rp_30_min": 350,
     "rp_60_min": 575
-  }
+  },
+  "peer_healthcheck_caching_secs": 10
 }
 ```
 
 Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_PATH`.
 
-***Important Note:*** The environment where the application will be deployed, the timezone MUST be as UTC. Also, make sure redis is version `6.*`
-
-### Architecture (TODO: OUTDATED)
-
-![arch2](https://github.com/KomodoPlatform/komodo-defi-proxy/assets/39852038/be7fe7ae-2f2a-4f68-afa8-ce4938c570a7)
+***Important Note:*** Make sure redis is version `7.*`
 
+### Architecture
 
-**Execution flow (TODO: OUTDATED):**
+![2024-09-09_14-09](https://github.com/user-attachments/assets/2775d73e-8003-4bfe-89e1-2c64da9e3004)
 
 1) Client sends the request.
 
@@ -58,29 +62,17 @@ Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_
 3) If the incoming request comes from the same network, step 4 will be by-passed.
 
 4) Request Handling in the Middleware:
+  - **Status Checker**:
+    - **Blocked**: Return `403 Forbidden`.
+    - **Allowed**: Process continues with the rate limiter.
+    - **Trusted**: Bypass rate limiter and proof of funding.
 
-   **For Quicknode:**
-   - **Status Checker**:
-     - **Blocked**: Return `403 Forbidden` immediately.
-     - **Allowed**: Process continues with the rate limiter.
-     - **Trusted**: Bypass rate limiter and proof of funding.
+  - **Peer Status Checker**:
+    - The requesting peer must be active in the KDF network. Validate this by executing the `peer_connection_healthcheck` KDF RPC. If the peer is not connected to the network, return `401 Unauthorized`.
 
-   - **Rate Limiter**:
-     - First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
-     - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.
-
-   - **Proof of Funding**:
-     - Return `406 Not Acceptable` if the wallet has a 0 balance. Otherwise, assume the request is valid and process it as usual.
-
-   **For Moralis:**
-   - **Status Checker**:
-     - **Blocked**: Return `403 Forbidden` immediately.
-     - **Allowed**: Process continues with the rate limiter.
-     - **Trusted**: Bypass the rate limiter.
-
-   - **Rate Limiter**:
-     - First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
-     - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests, return an error `406 Not Acceptable` indicating that the wallet address must wait for some time before making more requests.
+  - **Rate Limiter**:
+    - First, verify the signed message. If not valid, return `401 Unauthorized`.
+    - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.
 
 5) Find target route by requested endpoint.
 
@@ -102,7 +94,7 @@ curl -v --url "'$mm2_address'" -s --data '{
 	"params": {
 		"ticker": "ETH",
 		"nodes": [
-			{"url": "'$atomicdex_gui_auth_address'", "gui_auth": true }
+			{"url": "'$atomicdex_gui_auth_address'", "komodo_proxy": true }
 		],
 		"swap_contract_address": "0x24ABE4c71FC658C91313b6552cd40cD808b3Ea80",
 		"erc20_tokens_requests": [
@@ -140,4 +132,4 @@ If you want to test features locally, you can run Docker containers using Docker
 4. **Stop the Containers**:
    ```sh
    docker compose down
-   ```
+   ```
diff --git a/assets/.config_test b/assets/.config_test
@@ -1,6 +1,8 @@
 {
   "port": 6150,
   "redis_connection_string": "redis://redis:6379",
+  "kdf_rpc_client": "http://127.0.0.1:7783",
+  "kdf_rpc_password": "testpass",
   "pubkey_path": "/usr/src/komodo-defi-proxy/assets/.pubkey_test",
   "privkey_path": "/usr/src/komodo-defi-proxy/assets/.privkey_test",
   "token_expiration_time": 300,