web3-proxy/web3_proxy/src/frontend/mod.rs

//! `frontend` contains HTTP and websocket endpoints for use by users and admins.

pub mod authorization;
mod errors;
// TODO: these are only public so docs are generated. What's a better way to do this?
pub mod rpc_proxy_http;
pub mod rpc_proxy_ws;
pub mod status;
pub mod users;

use crate::app::Web3ProxyApp;
use axum::{
    body::Body,
    handler::Handler,
    routing::{get, post},
    Extension, Router,
};
use http::header::AUTHORIZATION;
use http::Request;
use std::iter::once;
use std::net::SocketAddr;
use std::sync::Arc;
use tower_http::cors::CorsLayer;
use tower_http::sensitive_headers::SetSensitiveRequestHeadersLayer;
use tower_http::trace::TraceLayer;
use tower_request_id::{RequestId, RequestIdLayer};
use tracing::{error_span, info};

/// Start the frontend server.
pub async fn serve(port: u16, proxy_app: Arc<Web3ProxyApp>) -> anyhow::Result<()> {
    // create a tracing span for each request with a random request id and the method
    // GET: websocket or static pages
    // POST: http rpc or login
    let request_tracing_layer =
        TraceLayer::new_for_http().make_span_with(|request: &Request<Body>| {
            // We get the request id from the extensions
            let request_id = request
                .extensions()
                .get::<RequestId>()
                .map(ToString::to_string)
                .unwrap_or_else(|| "unknown".into());
            // And then we put it along with other information into the `request` span
            error_span!(
                "http_request",
                id = %request_id,
                // TODO: do we want these?
                method = %request.method(),
                // uri = %request.uri(),
            )
        });

    // build our axum Router
    let app = Router::new()
        // routes should be ordered most to least common
        .route("/rpc", post(rpc_proxy_http::proxy_web3_rpc))
        .route("/rpc", get(rpc_proxy_ws::websocket_handler))
        .route(
            "/rpc/:user_key",
            post(rpc_proxy_http::proxy_web3_rpc_with_key),
        )
        .route(
            "/rpc/:user_key",
            get(rpc_proxy_ws::websocket_handler_with_key),
        )
        .route("/health", get(status::health))
        .route("/user/login/:user_address", get(users::user_login_get))
        .route(
            "/user/login/:user_address/:message_eip",
            get(users::user_login_get),
        )
        .route("/user/login", post(users::user_login_post))
        .route("/user/balance", get(users::user_balance_get))
        .route("/user/balance/:txid", post(users::user_balance_post))
        .route("/user/profile", get(users::user_profile_get))
        .route("/user/profile", post(users::user_profile_post))
        .route("/user/revert_logs", get(users::user_revert_logs_get))
        .route(
            "/user/stats/aggregate",
            get(users::user_stats_aggregate_get),
        )
        .route("/user/stats/detailed", get(users::user_stats_detailed_get))
        .route("/user/logout", post(users::user_logout_post))
        .route("/status", get(status::status))
        // TODO: make this optional or remove it since it is available on another port
        .route("/prometheus", get(status::prometheus))
        // layers are ordered bottom up
        // the last layer is first for requests and last for responses
        // Mark the `Authorization` request header as sensitive so it doesn't show in logs
        .layer(SetSensitiveRequestHeadersLayer::new(once(AUTHORIZATION)))
        // add the request id to our tracing logs
        .layer(request_tracing_layer)
        // handle cors
        .layer(CorsLayer::very_permissive())
        // create a unique id for each request
        .layer(RequestIdLayer)
        // application state
        .layer(Extension(proxy_app.clone()))
        // 404 for any unknown routes
        .fallback(errors::handler_404.into_service());

    // run our app with hyper
    // TODO: allow only listening on localhost? top_config.app.host.parse()?
    let addr = SocketAddr::from(([0, 0, 0, 0], port));
    info!("listening on port {}", port);

    // TODO: into_make_service is enough if we always run behind a proxy. make into_make_service_with_connect_info optional?
    /*
    It sequentially looks for an IP in:
      - x-forwarded-for header (de-facto standard)
      - x-real-ip header
      - forwarded header (new standard)
      - axum::extract::ConnectInfo (if not behind proxy)
    */
    let service = app.into_make_service_with_connect_info::<SocketAddr>();
    // let service = app.into_make_service();

    // `axum::Server` is a re-export of `hyper::Server`
    axum::Server::bind(&addr)
        // TODO: option to use with_connect_info. we want it in dev, but not when running behind a proxy, but not
        .serve(service)
        .await
        .map_err(Into::into)
}
more docs 2022-10-18 00:47:58 +03:00			//! `frontend` contains HTTP and websocket endpoints for use by users and admins.

pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`pub mod authorization;`
split frontend code up 2022-06-05 22:58:47 +03:00			`mod errors;`
more docs 2022-10-18 00:47:58 +03:00			`// TODO: these are only public so docs are generated. What's a better way to do this?`
			`pub mod rpc_proxy_http;`
			`pub mod rpc_proxy_ws;`
			`pub mod status;`
			`pub mod users;`
connection pooling 2022-07-07 06:22:09 +03:00
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`use crate::app::Web3ProxyApp;`
split frontend code up 2022-06-05 22:58:47 +03:00			`use axum::{`
tower-request-id 2022-08-16 03:33:26 +03:00			`body::Body,`
split frontend code up 2022-06-05 22:58:47 +03:00			`handler::Handler,`
			`routing::{get, post},`
			`Extension, Router,`
			`};`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`use http::header::AUTHORIZATION;`
			`use http::Request;`
			`use std::iter::once;`
sorting on total difficulty doesnt work with geth websocket 2022-08-07 23:44:56 +03:00			`use std::net::SocketAddr;`
split frontend code up 2022-06-05 22:58:47 +03:00			`use std::sync::Arc;`
very permissive cors policy 2022-09-25 07:26:13 +03:00			`use tower_http::cors::CorsLayer;`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`use tower_http::sensitive_headers::SetSensitiveRequestHeadersLayer;`
tower-request-id 2022-08-16 03:33:26 +03:00			`use tower_http::trace::TraceLayer;`
			`use tower_request_id::{RequestId, RequestIdLayer};`
			`use tracing::{error_span, info};`
lint 2022-06-15 04:02:26 +03:00
more docs 2022-10-18 00:47:58 +03:00			`/// Start the frontend server.`
polish small things while reading through the code 2022-08-10 09:22:49 +03:00			`pub async fn serve(port: u16, proxy_app: Arc<Web3ProxyApp>) -> anyhow::Result<()> {`
multiple ways to sign 2022-08-19 23:18:12 +03:00			`// create a tracing span for each request with a random request id and the method`
			`// GET: websocket or static pages`
			`// POST: http rpc or login`
tower-request-id 2022-08-16 03:33:26 +03:00			`let request_tracing_layer =`
			`TraceLayer::new_for_http().make_span_with(\|request: &Request<Body>\| {`
			`// We get the request id from the extensions`
			`let request_id = request`
			`.extensions()`
			`.get::<RequestId>()`
			`.map(ToString::to_string)`
			`.unwrap_or_else(\|\| "unknown".into());`
			// And then we put it along with other information into the `request` span
			`error_span!(`
			`"http_request",`
			`id = %request_id,`
			`// TODO: do we want these?`
			`method = %request.method(),`
			`// uri = %request.uri(),`
			`)`
			`});`

it compiles 2022-08-21 11:18:57 +03:00			`// build our axum Router`
split frontend code up 2022-06-05 22:58:47 +03:00			`let app = Router::new()`
more docs 2022-10-18 00:47:58 +03:00			`// routes should be ordered most to least common`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`.route("/rpc", post(rpc_proxy_http::proxy_web3_rpc))`
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`.route("/rpc", get(rpc_proxy_ws::websocket_handler))`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`.route(`
			`"/rpc/:user_key",`
			`post(rpc_proxy_http::proxy_web3_rpc_with_key),`
			`)`
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`.route(`
			`"/rpc/:user_key",`
			`get(rpc_proxy_ws::websocket_handler_with_key),`
			`)`
not everything needs to be under /rpc 2022-09-25 19:37:45 +03:00			`.route("/health", get(status::health))`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/login/:user_address", get(users::user_login_get))`
add logout endpoint and prefix with /rpc 2022-09-24 00:46:27 +03:00			`.route(`
not everything needs to be under /rpc 2022-09-25 19:37:45 +03:00			`"/user/login/:user_address/:message_eip",`
more docs 2022-10-18 00:47:58 +03:00			`get(users::user_login_get),`
add logout endpoint and prefix with /rpc 2022-09-24 00:46:27 +03:00			`)`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/login", post(users::user_login_post))`
			`.route("/user/balance", get(users::user_balance_get))`
			`.route("/user/balance/:txid", post(users::user_balance_post))`
			`.route("/user/profile", get(users::user_profile_get))`
			`.route("/user/profile", post(users::user_profile_post))`
DRYer user queries 2022-10-20 09:17:20 +03:00			`.route("/user/revert_logs", get(users::user_revert_logs_get))`
aggregate stats endpoint 2022-10-19 03:56:57 +03:00			`.route(`
			`"/user/stats/aggregate",`
			`get(users::user_stats_aggregate_get),`
			`)`
more stats 2022-10-20 02:02:34 +03:00			`.route("/user/stats/detailed", get(users::user_stats_detailed_get))`
more docs 2022-10-18 00:47:58 +03:00			`.route("/user/logout", post(users::user_logout_post))`
			`.route("/status", get(status::status))`
			`// TODO: make this optional or remove it since it is available on another port`
			`.route("/prometheus", get(status::prometheus))`
it compiles 2022-08-21 11:18:57 +03:00			`// layers are ordered bottom up`
			`// the last layer is first for requests and last for responses`
add sensitive-headers 2022-09-25 19:35:01 +03:00			// Mark the `Authorization` request header as sensitive so it doesn't show in logs
			`.layer(SetSensitiveRequestHeadersLayer::new(once(AUTHORIZATION)))`
it compiles 2022-08-21 11:18:57 +03:00			`// add the request id to our tracing logs`
tower-request-id 2022-08-16 03:33:26 +03:00			`.layer(request_tracing_layer)`
very permissive cors policy 2022-09-25 07:26:13 +03:00			`// handle cors`
			`.layer(CorsLayer::very_permissive())`
it compiles 2022-08-21 11:18:57 +03:00			`// create a unique id for each request`
tower-request-id 2022-08-16 03:33:26 +03:00			`.layer(RequestIdLayer)`
add sensitive-headers 2022-09-25 19:35:01 +03:00			`// application state`
wait on background threads 2022-10-21 01:51:56 +03:00			`.layer(Extension(proxy_app.clone()))`
flatten the app 2022-08-07 22:35:24 +03:00			`// 404 for any unknown routes`
			`.fallback(errors::handler_404.into_service());`
split frontend code up 2022-06-05 22:58:47 +03:00
			`// run our app with hyper`
tower-request-id 2022-08-16 03:33:26 +03:00			`// TODO: allow only listening on localhost? top_config.app.host.parse()?`
split frontend code up 2022-06-05 22:58:47 +03:00			`let addr = SocketAddr::from(([0, 0, 0, 0], port));`
use uuid earlier 2022-08-06 04:17:25 +03:00			`info!("listening on port {}", port);`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00
wip 2022-08-26 20:26:17 +03:00			`// TODO: into_make_service is enough if we always run behind a proxy. make into_make_service_with_connect_info optional?`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00			`/*`
			`It sequentially looks for an IP in:`
			`- x-forwarded-for header (de-facto standard)`
			`- x-real-ip header`
			`- forwarded header (new standard)`
			`- axum::extract::ConnectInfo (if not behind proxy)`
			`*/`
			`let service = app.into_make_service_with_connect_info::<SocketAddr>();`
			`// let service = app.into_make_service();`

serve prometheus stats and use unsigned ints for ids 2022-08-13 00:00:26 +03:00			// `axum::Server` is a re-export of `hyper::Server`
split frontend code up 2022-06-05 22:58:47 +03:00			`axum::Server::bind(&addr)`
better results and errors 2022-08-07 09:48:57 +03:00			`// TODO: option to use with_connect_info. we want it in dev, but not when running behind a proxy, but not`
make it work inside and outside docker 2022-08-11 05:57:01 +03:00			`.serve(service)`
split frontend code up 2022-06-05 22:58:47 +03:00			`.await`
			`.map_err(Into::into)`
			`}`