Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

check status of peers in kdf network #25

Merged
merged 20 commits into from
Oct 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest]
rust: [nightly, beta, stable]
rust: [beta, stable]
steps:
- uses: actions/checkout@v2

Expand All @@ -35,7 +35,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest]
rust: [nightly, beta, stable]
rust: [beta, stable]
steps:
- uses: actions/checkout@v2

Expand All @@ -58,7 +58,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest]
rust: [nightly, beta, stable]
rust: [beta, stable]
steps:
- uses: actions/checkout@v2

Expand All @@ -82,7 +82,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
rust: [nightly, beta, stable]
rust: [beta, stable]
steps:
- uses: actions/checkout@v2

Expand All @@ -103,7 +103,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
rust: [nightly, beta, stable]
rust: [beta, stable]
steps:
- uses: actions/checkout@v2

Expand Down
9 changes: 8 additions & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ log = "0.4.17"
once_cell = "1.12.0"
url = { version = "2.2.2", features = ["serde"] }
redis = { version = "0.21.5", default-features = false, features = ["tokio-comp"] }
rustc-hash = "1.1.0"
serde = "1.0.137"
serde_json = { version = "1.0.81", features = ["preserve_order", "raw_value"] }
sha3 = "0.9"
Expand All @@ -28,7 +29,7 @@ tokio = { version = "1.12.0", default-features = false, features = ["macros", "r
tokio-tungstenite = { version = "0.20.0", features = ["native-tls"] }
# From our sources
libp2p = { git = "https://github.com/KomodoPlatform/rust-libp2p.git", tag = "k-0.52.4", default-features = false, features = ["identify"] }
proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", rev = "9ebc006" }
proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", branch = "dev" }

[target.x86_64-unknown-linux-gnu.dependencies]
jemallocator = "0.5.0"
Expand Down
54 changes: 23 additions & 31 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Komodo Defi Proxy

Decentralized P2P applications have some limitations by their nature and one of them is the use application/API keys. If an API key is used in the application, any user could retrieve it by simply debugging the app. Some of the blockchain services we use in [komodo-defi-framework](https://github.com/KomodoPlatform/komodo-defi-framework) are paid services and we want to prevent abuse, such as users copying the API key for personal use. To address this problem, we created this project, komodo-defi-proxy. It takes the request, handles the API key, forwards the request to the actual service, and returns the result without modifying the original request. This keeps our secret application keys secure and hidden from end users.

### Dev Requirements

Creating rsa key pairs
Expand All @@ -16,12 +20,14 @@ Create the configuration file for app runtime.
"pubkey_path": "/path_to_publick_key.pem",
"privkey_path": "/path_to_private_key.pem",
"redis_connection_string": "redis://localhost",
"kdf_rpc_client": "http://127.0.0.1:7783",
"kdf_rpc_password": "testpass",
"token_expiration_time": 300,
"proxy_routes": [
{
"inbound_route": "/dev",
"outbound_route": "http://localhost:8000",
"proxy_type": "quicknode",
"proxy_type": "quicknode", # available types are: "quicknode", "moralis", "block_pi"
"authorized": false,
"allowed_rpc_methods": [
"eth_blockNumber",
Expand All @@ -36,20 +42,18 @@ Create the configuration file for app runtime.
"rp_15_min": 200,
"rp_30_min": 350,
"rp_60_min": 575
}
},
"peer_healthcheck_caching_secs": 10
}
```

Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_PATH`.

***Important Note:*** The environment where the application will be deployed, the timezone MUST be as UTC. Also, make sure redis is version `6.*`

### Architecture (TODO: OUTDATED)

![arch2](https://github.com/KomodoPlatform/komodo-defi-proxy/assets/39852038/be7fe7ae-2f2a-4f68-afa8-ce4938c570a7)
***Important Note:*** Make sure redis is version `7.*`

### Architecture
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you plz add some intro to the README about how this service is used?
Is it basically for KDF app to access backends (web3, quicknode etc providers)?
Will it be a network of proxies or each KDF peer will have its own proxy locally?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you plz add some intro to the README about how this service is used?

Sure.

Is it basically for KDF app to access backends (web3, quicknode etc providers)?

Yes, we use this to hide the keys for our paid services and protect them from misuse. You can take a look on https://gist.github.com/onur-ozkan/725f56c05a2eb01e0428f03191f8da86 for some more context.

Will it be a network of proxies or each KDF peer will have its own proxy locally?

No.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you plz add some intro to the README about how this service is used?

Done that.


**Execution flow (TODO: OUTDATED):**
![2024-09-09_14-09](https://github.com/user-attachments/assets/2775d73e-8003-4bfe-89e1-2c64da9e3004)

1) Client sends the request.

Expand All @@ -58,29 +62,17 @@ Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_
3) If the incoming request comes from the same network, step 4 will be by-passed.

4) Request Handling in the Middleware:
- **Status Checker**:
- **Blocked**: Return `403 Forbidden`.
- **Allowed**: Process continues with the rate limiter.
- **Trusted**: Bypass rate limiter and proof of funding.

**For Quicknode:**
- **Status Checker**:
- **Blocked**: Return `403 Forbidden` immediately.
- **Allowed**: Process continues with the rate limiter.
- **Trusted**: Bypass rate limiter and proof of funding.
- **Peer Status Checker**:
- The requesting peer must be active in the KDF network. Validate this by executing the `peer_connection_healthcheck` KDF RPC. If the peer is not connected to the network, return `401 Unauthorized`.

- **Rate Limiter**:
- First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
- If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.

- **Proof of Funding**:
- Return `406 Not Acceptable` if the wallet has a 0 balance. Otherwise, assume the request is valid and process it as usual.

**For Moralis:**
- **Status Checker**:
- **Blocked**: Return `403 Forbidden` immediately.
- **Allowed**: Process continues with the rate limiter.
- **Trusted**: Bypass the rate limiter.

- **Rate Limiter**:
- First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
- If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests, return an error `406 Not Acceptable` indicating that the wallet address must wait for some time before making more requests.
- **Rate Limiter**:
- First, verify the signed message. If not valid, return `401 Unauthorized`.
- If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.

5) Find target route by requested endpoint.

Expand All @@ -102,7 +94,7 @@ curl -v --url "'$mm2_address'" -s --data '{
"params": {
"ticker": "ETH",
"nodes": [
{"url": "'$atomicdex_gui_auth_address'", "gui_auth": true }
{"url": "'$atomicdex_gui_auth_address'", "komodo_proxy": true }
],
"swap_contract_address": "0x24ABE4c71FC658C91313b6552cd40cD808b3Ea80",
"erc20_tokens_requests": [
Expand Down Expand Up @@ -140,4 +132,4 @@ If you want to test features locally, you can run Docker containers using Docker
4. **Stop the Containers**:
```sh
docker compose down
```
```
2 changes: 2 additions & 0 deletions assets/.config_test
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{
"port": 6150,
"redis_connection_string": "redis://redis:6379",
"kdf_rpc_client": "http://127.0.0.1:7783",
"kdf_rpc_password": "testpass",
"pubkey_path": "/usr/src/komodo-defi-proxy/assets/.pubkey_test",
"privkey_path": "/usr/src/komodo-defi-proxy/assets/.privkey_test",
"token_expiration_time": 300,
Expand Down
Loading
Loading