web3-proxy/web3_proxy/src/frontend/mod.rs

//! `frontend` contains HTTP and websocket endpoints for use by users and admins.

pub mod authorization;
pub mod errors;
// TODO: these are only public so docs are generated. What's a better way to do this?
pub mod rpc_proxy_http;
pub mod rpc_proxy_ws;
pub mod status;
pub mod users;

use crate::app::Web3ProxyApp;
use axum::{
    routing::{get, post, put},
    Extension, Router,
};
use http::header::AUTHORIZATION;
use log::info;
use moka::future::Cache;
use std::net::SocketAddr;
use std::sync::Arc;
use std::{iter::once, time::Duration};
use tower_http::cors::CorsLayer;
use tower_http::sensitive_headers::SetSensitiveRequestHeadersLayer;

#[derive(Clone, Hash, PartialEq, Eq)]
pub enum FrontendResponseCaches {
    Status,
}

// TODO: what should this cache's value be?
pub type FrontendResponseCache =
    Cache<FrontendResponseCaches, Arc<serde_json::Value>, hashbrown::hash_map::DefaultHashBuilder>;
pub type FrontendHealthCache = Cache<(), bool, hashbrown::hash_map::DefaultHashBuilder>;

/// Start the frontend server.
pub async fn serve(port: u16, proxy_app: Arc<Web3ProxyApp>) -> anyhow::Result<()> {
    // setup caches for whatever the frontend needs
    // TODO: a moka cache is probably way overkill for this.
    // no need for max items. only expire because of time to live
    let response_cache: FrontendResponseCache = Cache::builder()
        .time_to_live(Duration::from_secs(2))
        .build_with_hasher(hashbrown::hash_map::DefaultHashBuilder::default());

    let health_cache: FrontendHealthCache = Cache::builder()
        .time_to_live(Duration::from_millis(100))
        .build_with_hasher(hashbrown::hash_map::DefaultHashBuilder::default());

    // TODO: read config for if fastest/versus should be available publicly. default off

    // build our axum Router
    let app = Router::new()
        // TODO: i think these routes could be done a lot better
        //
        // HTTP RPC (POST)
        //
        // public
        .route("/", post(rpc_proxy_http::proxy_web3_rpc))
        // authenticated with and without trailing slash
        .route(
            "/rpc/:rpc_key/",
            post(rpc_proxy_http::proxy_web3_rpc_with_key),
        )
        .route(
            "/rpc/:rpc_key",
            post(rpc_proxy_http::proxy_web3_rpc_with_key),
        )
        // public fastest with and without trailing slash
        .route("/fastest/", post(rpc_proxy_http::fastest_proxy_web3_rpc))
        .route("/fastest", post(rpc_proxy_http::fastest_proxy_web3_rpc))
        // authenticated fastest with and without trailing slash
        .route(
            "/fastest/:rpc_key/",
            post(rpc_proxy_http::fastest_proxy_web3_rpc_with_key),
        )
        .route(
            "/fastest/:rpc_key",
            post(rpc_proxy_http::fastest_proxy_web3_rpc_with_key),
        )
        // public versus
        .route("/versus/", post(rpc_proxy_http::versus_proxy_web3_rpc))
        .route("/versus", post(rpc_proxy_http::versus_proxy_web3_rpc))
        // authenticated versus with and without trailing slash
        .route(
            "/versus/:rpc_key/",
            post(rpc_proxy_http::versus_proxy_web3_rpc_with_key),
        )
        .route(
            "/versus/:rpc_key",
            post(rpc_proxy_http::versus_proxy_web3_rpc_with_key),
        )
        //
        // Websocket RPC (GET)
        // If not an RPC, this will redirect to configurable urls
        //
        // public
        .route("/", get(rpc_proxy_ws::websocket_handler))
        // authenticated with and without trailing slash
        .route(
            "/rpc/:rpc_key/",
            get(rpc_proxy_ws::websocket_handler_with_key),
        )
        .route(
            "/rpc/:rpc_key",
            get(rpc_proxy_ws::websocket_handler_with_key),
        )
        // public fastest with and without trailing slash
        .route("/fastest/", get(rpc_proxy_ws::fastest_websocket_handler))
        .route("/fastest", get(rpc_proxy_ws::fastest_websocket_handler))
        // authenticated fastest with and without trailing slash
        .route(
            "/fastest/:rpc_key/",
            get(rpc_proxy_ws::fastest_websocket_handler_with_key),
        )
        .route(
            "/fastest/:rpc_key",
            get(rpc_proxy_ws::fastest_websocket_handler_with_key),
        )
        // public versus
        .route(
            "/versus/",
            get(rpc_proxy_ws::versus_websocket_handler_with_key),
        )
        .route(
            "/versus",
            get(rpc_proxy_ws::versus_websocket_handler_with_key),
        )
        // authenticated versus with and without trailing slash
        .route(
            "/versus/:rpc_key/",
            get(rpc_proxy_ws::versus_websocket_handler_with_key),
        )
        .route(
            "/versus/:rpc_key",
            get(rpc_proxy_ws::versus_websocket_handler_with_key),
        )
        //
        // System things
        //
        .route("/health", get(status::health))
        .route("/status", get(status::status))
        //
        // User stuff
        //
        .route("/user/login/:user_address", get(users::user_login_get))
        .route(
            "/user/login/:user_address/:message_eip",
            get(users::user_login_get),
        )
        .route("/user/login", post(users::user_login_post))
        .route("/user", get(users::user_get))
        .route("/user", post(users::user_post))
        .route("/user/balance", get(users::user_balance_get))
        .route("/user/balance/:txid", post(users::user_balance_post))
        .route("/user/keys", get(users::rpc_keys_get))
        .route("/user/keys", post(users::rpc_keys_management))
        .route("/user/keys", put(users::rpc_keys_management))
        .route("/user/revert_logs", get(users::user_revert_logs_get))
        .route(
            "/user/stats/aggregate",
            get(users::user_stats_aggregated_get),
        )
        .route(
            "/user/stats/aggregated",
            get(users::user_stats_aggregated_get),
        )
        .route("/user/stats/detailed", get(users::user_stats_detailed_get))
        .route("/user/logout", post(users::user_logout_post))
        //
        // Axum layers
        // layers are ordered bottom up
        // the last layer is first for requests and last for responses
        //
        // Mark the `Authorization` request header as sensitive so it doesn't show in logs
        .layer(SetSensitiveRequestHeadersLayer::new(once(AUTHORIZATION)))
        // handle cors
        .layer(CorsLayer::very_permissive())
        // application state
        .layer(Extension(proxy_app.clone()))
        // frontend caches
        .layer(Extension(response_cache))
        .layer(Extension(health_cache))
        // 404 for any unknown routes
        .fallback(errors::handler_404);

    // run our app with hyper
    // TODO: allow only listening on localhost? top_config.app.host.parse()?
    let addr = SocketAddr::from(([0, 0, 0, 0], port));
    info!("listening on port {}", port);

    // TODO: into_make_service is enough if we always run behind a proxy. make into_make_service_with_connect_info optional?
    /*
    It sequentially looks for an IP in:
      - x-forwarded-for header (de-facto standard)
      - x-real-ip header
      - forwarded header (new standard)
      - axum::extract::ConnectInfo (if not behind proxy)
    */
    let service = app.into_make_service_with_connect_info::<SocketAddr>();
    // let service = app.into_make_service();

    // `axum::Server` is a re-export of `hyper::Server`
    axum::Server::bind(&addr)
        // TODO: option to use with_connect_info. we want it in dev, but not when running behind a proxy, but not
        .serve(service)
        .await
        .map_err(Into::into)
}
more docs 2022-10-18 00:47:58 +03:00			//! `frontend` contains HTTP and websocket endpoints for use by users and admins.

pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`pub mod authorization;`
dry stats 2022-11-04 07:32:09 +03:00			`pub mod errors;`
more docs 2022-10-18 00:47:58 +03:00			`// TODO: these are only public so docs are generated. What's a better way to do this?`
			`pub mod rpc_proxy_http;`
			`pub mod rpc_proxy_ws;`
			`pub mod status;`
			`pub mod users;`
connection pooling 2022-07-07 06:22:09 +03:00
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`use crate::app::Web3ProxyApp;`
split frontend code up 2022-06-05 22:58:47 +03:00			`use axum::{`
put or post for user key management 2022-10-31 23:51:06 +03:00			`routing::{get, post, put},`
split frontend code up 2022-06-05 22:58:47 +03:00			`Extension, Router,`
			`};`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`use http::header::AUTHORIZATION;`
cut out tracing for now 2022-11-12 11:24:32 +03:00			`use log::info;`
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`use moka::future::Cache;`
sorting on total difficulty doesnt work with geth websocket 2022-08-07 23:44:56 +03:00			`use std::net::SocketAddr;`
split frontend code up 2022-06-05 22:58:47 +03:00			`use std::sync::Arc;`
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`use std::{iter::once, time::Duration};`
very permissive cors policy 2022-09-25 07:26:13 +03:00			`use tower_http::cors::CorsLayer;`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`use tower_http::sensitive_headers::SetSensitiveRequestHeadersLayer;`
lint 2022-06-15 04:02:26 +03:00
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`#[derive(Clone, Hash, PartialEq, Eq)]`
			`pub enum FrontendResponseCaches {`
			`Status,`
			`}`

			`// TODO: what should this cache's value be?`
			`pub type FrontendResponseCache =`
			`Cache<FrontendResponseCaches, Arc<serde_json::Value>, hashbrown::hash_map::DefaultHashBuilder>;`
cache /health and cache /status for longer 2023-02-03 00:58:04 +03:00			`pub type FrontendHealthCache = Cache<(), bool, hashbrown::hash_map::DefaultHashBuilder>;`
tower-request-id 2022-08-16 03:33:26 +03:00
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`/// Start the frontend server.`
cut out tracing for now 2022-11-12 11:24:32 +03:00			`pub async fn serve(port: u16, proxy_app: Arc<Web3ProxyApp>) -> anyhow::Result<()> {`
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`// setup caches for whatever the frontend needs`
			`// TODO: a moka cache is probably way overkill for this.`
			`// no need for max items. only expire because of time to live`
			`let response_cache: FrontendResponseCache = Cache::builder()`
cache /health and cache /status for longer 2023-02-03 00:58:04 +03:00			`.time_to_live(Duration::from_secs(2))`
			`.build_with_hasher(hashbrown::hash_map::DefaultHashBuilder::default());`

			`let health_cache: FrontendHealthCache = Cache::builder()`
			`.time_to_live(Duration::from_millis(100))`
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`.build_with_hasher(hashbrown::hash_map::DefaultHashBuilder::default());`

quick health check script that logs to sentry 2023-01-18 00:34:33 +03:00			`// TODO: read config for if fastest/versus should be available publicly. default off`

it compiles 2022-08-21 11:18:57 +03:00			`// build our axum Router`
split frontend code up 2022-06-05 22:58:47 +03:00			`let app = Router::new()`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`// TODO: i think these routes could be done a lot better`
			`//`
			`// HTTP RPC (POST)`
			`//`
			`// public`
have / work for the public rpc 2022-10-22 00:12:05 +03:00			`.route("/", post(rpc_proxy_http::proxy_web3_rpc))`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`// authenticated with and without trailing slash`
			`.route(`
			`"/rpc/:rpc_key/",`
			`post(rpc_proxy_http::proxy_web3_rpc_with_key),`
			`)`
Revert "cargo upgrade and use trailing slash route extra" This reverts commit 5bfba3a87afbf4157c2b0bd36273e3dcc4075578. 2023-01-07 02:58:52 +03:00			`.route(`
rename api_key to rpc_key 2022-10-27 03:12:42 +03:00			`"/rpc/:rpc_key",`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`post(rpc_proxy_http::proxy_web3_rpc_with_key),`
			`)`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`// public fastest with and without trailing slash`
			`.route("/fastest/", post(rpc_proxy_http::fastest_proxy_web3_rpc))`
			`.route("/fastest", post(rpc_proxy_http::fastest_proxy_web3_rpc))`
			`// authenticated fastest with and without trailing slash`
			`.route(`
			`"/fastest/:rpc_key/",`
			`post(rpc_proxy_http::fastest_proxy_web3_rpc_with_key),`
			`)`
			`.route(`
			`"/fastest/:rpc_key",`
			`post(rpc_proxy_http::fastest_proxy_web3_rpc_with_key),`
			`)`
			`// public versus`
			`.route("/versus/", post(rpc_proxy_http::versus_proxy_web3_rpc))`
			`.route("/versus", post(rpc_proxy_http::versus_proxy_web3_rpc))`
			`// authenticated versus with and without trailing slash`
			`.route(`
			`"/versus/:rpc_key/",`
			`post(rpc_proxy_http::versus_proxy_web3_rpc_with_key),`
			`)`
			`.route(`
			`"/versus/:rpc_key",`
			`post(rpc_proxy_http::versus_proxy_web3_rpc_with_key),`
			`)`
			`//`
			`// Websocket RPC (GET)`
			`// If not an RPC, this will redirect to configurable urls`
			`//`
			`// public`
			`.route("/", get(rpc_proxy_ws::websocket_handler))`
			`// authenticated with and without trailing slash`
Revert "cargo upgrade and use trailing slash route extra" This reverts commit 5bfba3a87afbf4157c2b0bd36273e3dcc4075578. 2023-01-07 02:58:52 +03:00			`.route(`
			`"/rpc/:rpc_key/",`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`get(rpc_proxy_ws::websocket_handler_with_key),`
Revert "cargo upgrade and use trailing slash route extra" This reverts commit 5bfba3a87afbf4157c2b0bd36273e3dcc4075578. 2023-01-07 02:58:52 +03:00			`)`
			`.route(`
rename api_key to rpc_key 2022-10-27 03:12:42 +03:00			`"/rpc/:rpc_key",`
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`get(rpc_proxy_ws::websocket_handler_with_key),`
			`)`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`// public fastest with and without trailing slash`
			`.route("/fastest/", get(rpc_proxy_ws::fastest_websocket_handler))`
			`.route("/fastest", get(rpc_proxy_ws::fastest_websocket_handler))`
			`// authenticated fastest with and without trailing slash`
Revert "cargo upgrade and use trailing slash route extra" This reverts commit 5bfba3a87afbf4157c2b0bd36273e3dcc4075578. 2023-01-07 02:58:52 +03:00			`.route(`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`"/fastest/:rpc_key/",`
			`get(rpc_proxy_ws::fastest_websocket_handler_with_key),`
			`)`
			`.route(`
			`"/fastest/:rpc_key",`
			`get(rpc_proxy_ws::fastest_websocket_handler_with_key),`
			`)`
			`// public versus`
			`.route(`
			`"/versus/",`
			`get(rpc_proxy_ws::versus_websocket_handler_with_key),`
Revert "cargo upgrade and use trailing slash route extra" This reverts commit 5bfba3a87afbf4157c2b0bd36273e3dcc4075578. 2023-01-07 02:58:52 +03:00			`)`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`.route(`
			`"/versus",`
			`get(rpc_proxy_ws::versus_websocket_handler_with_key),`
			`)`
			`// authenticated versus with and without trailing slash`
			`.route(`
			`"/versus/:rpc_key/",`
			`get(rpc_proxy_ws::versus_websocket_handler_with_key),`
			`)`
			`.route(`
			`"/versus/:rpc_key",`
			`get(rpc_proxy_ws::versus_websocket_handler_with_key),`
			`)`
			`//`
			`// System things`
			`//`
not everything needs to be under /rpc 2022-09-25 19:37:45 +03:00			`.route("/health", get(status::health))`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`.route("/status", get(status::status))`
			`//`
			`// User stuff`
			`//`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/login/:user_address", get(users::user_login_get))`
add logout endpoint and prefix with /rpc 2022-09-24 00:46:27 +03:00			`.route(`
not everything needs to be under /rpc 2022-09-25 19:37:45 +03:00			`"/user/login/:user_address/:message_eip",`
more docs 2022-10-18 00:47:58 +03:00			`get(users::user_login_get),`
add logout endpoint and prefix with /rpc 2022-09-24 00:46:27 +03:00			`)`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/login", post(users::user_login_post))`
more user endpoints 2022-10-26 00:10:05 +03:00			`.route("/user", get(users::user_get))`
			`.route("/user", post(users::user_post))`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/balance", get(users::user_balance_get))`
			`.route("/user/balance/:txid", post(users::user_balance_post))`
rename api_key to rpc_key 2022-10-27 03:12:42 +03:00			`.route("/user/keys", get(users::rpc_keys_get))`
put or post for user key management 2022-10-31 23:51:06 +03:00			`.route("/user/keys", post(users::rpc_keys_management))`
			`.route("/user/keys", put(users::rpc_keys_management))`
DRYer user queries 2022-10-20 09:17:20 +03:00			`.route("/user/revert_logs", get(users::user_revert_logs_get))`
aggregate stats endpoint 2022-10-19 03:56:57 +03:00			`.route(`
			`"/user/stats/aggregate",`
consistent case 2022-12-12 22:00:15 +03:00			`get(users::user_stats_aggregated_get),`
			`)`
			`.route(`
			`"/user/stats/aggregated",`
			`get(users::user_stats_aggregated_get),`
aggregate stats endpoint 2022-10-19 03:56:57 +03:00			`)`
more stats 2022-10-20 02:02:34 +03:00			`.route("/user/stats/detailed", get(users::user_stats_detailed_get))`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/logout", post(users::user_logout_post))`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`//`
			`// Axum layers`
it compiles 2022-08-21 11:18:57 +03:00			`// layers are ordered bottom up`
			`// the last layer is first for requests and last for responses`
add stub try_proxy_connection 2023-01-17 09:54:40 +03:00			`//`
add sensitive-headers 2022-09-25 19:35:01 +03:00			// Mark the `Authorization` request header as sensitive so it doesn't show in logs
			`.layer(SetSensitiveRequestHeadersLayer::new(once(AUTHORIZATION)))`
very permissive cors policy 2022-09-25 07:26:13 +03:00			`// handle cors`
			`.layer(CorsLayer::very_permissive())`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`// application state`
wait on background threads 2022-10-21 01:51:56 +03:00			`.layer(Extension(proxy_app.clone()))`
cache status page for 1 second 2022-11-16 23:17:33 +03:00			`// frontend caches`
			`.layer(Extension(response_cache))`
cache /health and cache /status for longer 2023-02-03 00:58:04 +03:00			`.layer(Extension(health_cache))`
flatten the app 2022-08-07 22:35:24 +03:00			`// 404 for any unknown routes`
move pending logins to the database 2022-12-14 05:13:23 +03:00			`.fallback(errors::handler_404);`
split frontend code up 2022-06-05 22:58:47 +03:00
			`// run our app with hyper`
tower-request-id 2022-08-16 03:33:26 +03:00			`// TODO: allow only listening on localhost? top_config.app.host.parse()?`
split frontend code up 2022-06-05 22:58:47 +03:00			`let addr = SocketAddr::from(([0, 0, 0, 0], port));`
use uuid earlier 2022-08-06 04:17:25 +03:00			`info!("listening on port {}", port);`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00
wip 2022-08-26 20:26:17 +03:00			`// TODO: into_make_service is enough if we always run behind a proxy. make into_make_service_with_connect_info optional?`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00			`/*`
			`It sequentially looks for an IP in:`
			`- x-forwarded-for header (de-facto standard)`
			`- x-real-ip header`
			`- forwarded header (new standard)`
			`- axum::extract::ConnectInfo (if not behind proxy)`
			`*/`
			`let service = app.into_make_service_with_connect_info::<SocketAddr>();`
			`// let service = app.into_make_service();`

serve prometheus stats and use unsigned ints for ids 2022-08-13 00:00:26 +03:00			// `axum::Server` is a re-export of `hyper::Server`
split frontend code up 2022-06-05 22:58:47 +03:00			`axum::Server::bind(&addr)`
better results and errors 2022-08-07 09:48:57 +03:00			`// TODO: option to use with_connect_info. we want it in dev, but not when running behind a proxy, but not`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00			`.serve(service)`
split frontend code up 2022-06-05 22:58:47 +03:00			`.await`
			`.map_err(Into::into)`
			`}`