web3-proxy/web3_proxy/src/frontend/rpc_proxy_http.rs

//! Take a user's HTTP JSON-RPC requests and either respond from local data or proxy the request to a backend rpc server.

use super::authorization::{bearer_is_authorized, ip_is_authorized, key_is_authorized};
use super::errors::FrontendResult;
use crate::{app::Web3ProxyApp, jsonrpc::JsonRpcRequestEnum};
use axum::extract::Path;
use axum::headers::authorization::Bearer;
use axum::headers::{Authorization, Origin, Referer, UserAgent};
use axum::TypedHeader;
use axum::{response::IntoResponse, Extension, Json};
use axum_client_ip::ClientIp;
use std::sync::Arc;
use tracing::{error_span, Instrument};

/// POST /rpc -- Public entrypoint for HTTP JSON-RPC requests. Web3 wallets use this.
/// Defaults to rate limiting by IP address, but can also read the Authorization header for a bearer token.
/// If possible, please use a WebSocket instead.
pub async fn proxy_web3_rpc(
    Extension(app): Extension<Arc<Web3ProxyApp>>,
    bearer: Option<TypedHeader<Authorization<Bearer>>>,
    ClientIp(ip): ClientIp,
    Json(payload): Json<JsonRpcRequestEnum>,
    origin: Option<TypedHeader<Origin>>,
    referer: Option<TypedHeader<Referer>>,
    user_agent: Option<TypedHeader<UserAgent>>,
) -> FrontendResult {
    let request_span = error_span!("request", %ip, ?referer, ?user_agent);

    let (authorized_request, _semaphore) = if let Some(TypedHeader(Authorization(bearer))) = bearer
    {
        let origin = origin.map(|x| x.0);
        let referer = referer.map(|x| x.0);
        let user_agent = user_agent.map(|x| x.0);

        bearer_is_authorized(&app, bearer, ip, origin, referer, user_agent)
            .instrument(request_span.clone())
            .await?
    } else {
        ip_is_authorized(&app, ip)
            .instrument(request_span.clone())
            .await?
    };

    let request_span = error_span!("request", ?authorized_request);

    let authorized_request = Arc::new(authorized_request);

    // TODO: spawn earlier?
    let f = tokio::spawn(async move {
        app.proxy_web3_rpc(authorized_request, payload)
            .instrument(request_span)
            .await
    });

    let response = f.await.expect("joinhandle should always work")?;

    Ok(Json(&response).into_response())
}

/// Authenticated entrypoint for HTTP JSON-RPC requests. Web3 wallets use this.
/// Rate limit and billing based on the api key in the url.
/// Can optionally authorized based on origin, referer, or user agent.
/// If possible, please use a WebSocket instead.
pub async fn proxy_web3_rpc_with_key(
    Extension(app): Extension<Arc<Web3ProxyApp>>,
    ClientIp(ip): ClientIp,
    Json(payload): Json<JsonRpcRequestEnum>,
    origin: Option<TypedHeader<Origin>>,
    referer: Option<TypedHeader<Referer>>,
    user_agent: Option<TypedHeader<UserAgent>>,
    Path(user_key): Path<String>,
) -> FrontendResult {
    let user_key = user_key.parse()?;

    let request_span = error_span!("request", %ip, ?referer, ?user_agent);

    let (authorized_request, _semaphore) = key_is_authorized(
        &app,
        user_key,
        ip,
        origin.map(|x| x.0),
        referer.map(|x| x.0),
        user_agent.map(|x| x.0),
    )
    .instrument(request_span.clone())
    .await?;

    let request_span = error_span!("request", ?authorized_request);

    let authorized_request = Arc::new(authorized_request);

    // the request can take a while, so we spawn so that we can start serving another request
    // TODO: spawn even earlier?
    let f = tokio::spawn(async move {
        app.proxy_web3_rpc(authorized_request, payload)
            .instrument(request_span)
            .await
    });

    let response = f.await.expect("JoinHandle should always work")?;

    Ok(Json(&response).into_response())
}
more docs 2022-10-18 00:47:58 +03:00			`//! Take a user's HTTP JSON-RPC requests and either respond from local data or proxy the request to a backend rpc server.`

aggregate users or everybody on the same endpoint 2022-10-20 01:20:34 +03:00			`use super::authorization::{bearer_is_authorized, ip_is_authorized, key_is_authorized};`
delete unused code after the rate limit refactor 2022-08-21 12:44:53 +03:00			`use super::errors::FrontendResult;`
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`use crate::{app::Web3ProxyApp, jsonrpc::JsonRpcRequestEnum};`
create a struct for authenticated requests that we need for per-key stats 2022-09-22 22:57:21 +03:00			`use axum::extract::Path;`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`use axum::headers::authorization::Bearer;`
			`use axum::headers::{Authorization, Origin, Referer, UserAgent};`
better metrics and spawn 2022-09-09 00:01:36 +03:00			`use axum::TypedHeader;`
dry cache code 2022-09-07 06:54:16 +03:00			`use axum::{response::IntoResponse, Extension, Json};`
connection pooling 2022-07-07 06:22:09 +03:00			`use axum_client_ip::ClientIp;`
split frontend code up 2022-06-05 22:58:47 +03:00			`use std::sync::Arc;`
create a struct for authenticated requests that we need for per-key stats 2022-09-22 22:57:21 +03:00			`use tracing::{error_span, Instrument};`
split frontend code up 2022-06-05 22:58:47 +03:00
more docs 2022-10-18 00:47:58 +03:00			`/// POST /rpc -- Public entrypoint for HTTP JSON-RPC requests. Web3 wallets use this.`
			`/// Defaults to rate limiting by IP address, but can also read the Authorization header for a bearer token.`
			`/// If possible, please use a WebSocket instead.`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`pub async fn proxy_web3_rpc(`
connection pooling 2022-07-07 06:22:09 +03:00			`Extension(app): Extension<Arc<Web3ProxyApp>>,`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`bearer: Option<TypedHeader<Authorization<Bearer>>>,`
connection pooling 2022-07-07 06:22:09 +03:00			`ClientIp(ip): ClientIp,`
better metrics and spawn 2022-09-09 00:01:36 +03:00			`Json(payload): Json<JsonRpcRequestEnum>,`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`origin: Option<TypedHeader<Origin>>,`
better metrics and spawn 2022-09-09 00:01:36 +03:00			`referer: Option<TypedHeader<Referer>>,`
			`user_agent: Option<TypedHeader<UserAgent>>,`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00			`) -> FrontendResult {`
wip 2022-09-22 02:50:55 +03:00			`let request_span = error_span!("request", %ip, ?referer, ?user_agent);`
instrument with spans and allow skipping jsonrpc 2022-08-16 07:56:01 +03:00
start adding semaphores 2022-09-27 05:01:45 +03:00			`let (authorized_request, _semaphore) = if let Some(TypedHeader(Authorization(bearer))) = bearer`
			`{`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`let origin = origin.map(\|x\| x.0);`
			`let referer = referer.map(\|x\| x.0);`
			`let user_agent = user_agent.map(\|x\| x.0);`

			`bearer_is_authorized(&app, bearer, ip, origin, referer, user_agent)`
			`.instrument(request_span.clone())`
			`.await?`
			`} else {`
			`ip_is_authorized(&app, ip)`
			`.instrument(request_span.clone())`
			`.await?`
			`};`
pass user_id through to more places. maybe we should pass a label around instead? 2022-08-13 01:12:46 +03:00
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`let request_span = error_span!("request", ?authorized_request);`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`let authorized_request = Arc::new(authorized_request);`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00
more docs 2022-10-18 00:47:58 +03:00			`// TODO: spawn earlier?`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`let f = tokio::spawn(async move {`
add per-user rpc accounting 2022-10-10 07:15:07 +03:00			`app.proxy_web3_rpc(authorized_request, payload)`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`.instrument(request_span)`
			`.await`
			`});`
tower-request-id 2022-08-16 03:33:26 +03:00
unwrap less 2022-09-30 07:18:18 +03:00			`let response = f.await.expect("joinhandle should always work")?;`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00
dry cache code 2022-09-07 06:54:16 +03:00			`Ok(Json(&response).into_response())`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`}`
connection pooling 2022-07-07 06:22:09 +03:00
more docs 2022-10-18 00:47:58 +03:00			`/// Authenticated entrypoint for HTTP JSON-RPC requests. Web3 wallets use this.`
			`/// Rate limit and billing based on the api key in the url.`
			`/// Can optionally authorized based on origin, referer, or user agent.`
			`/// If possible, please use a WebSocket instead.`
check for bearer token on /rpc 2022-09-24 07:31:06 +03:00			`pub async fn proxy_web3_rpc_with_key(`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`Extension(app): Extension<Arc<Web3ProxyApp>>,`
wip 2022-09-22 02:50:55 +03:00			`ClientIp(ip): ClientIp,`
better metrics and spawn 2022-09-09 00:01:36 +03:00			`Json(payload): Json<JsonRpcRequestEnum>,`
ip, origin, referer, and user agent checks 2022-09-23 08:22:33 +03:00			`origin: Option<TypedHeader<Origin>>,`
wip 2022-09-22 02:50:55 +03:00			`referer: Option<TypedHeader<Referer>>,`
better metrics and spawn 2022-09-09 00:01:36 +03:00			`user_agent: Option<TypedHeader<UserAgent>>,`
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`Path(user_key): Path<String>,`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00			`) -> FrontendResult {`
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`let user_key = user_key.parse()?;`

create a struct for authenticated requests that we need for per-key stats 2022-09-22 22:57:21 +03:00			`let request_span = error_span!("request", %ip, ?referer, ?user_agent);`
better metrics and spawn 2022-09-09 00:01:36 +03:00
start adding semaphores 2022-09-27 05:01:45 +03:00			`let (authorized_request, _semaphore) = key_is_authorized(`
create a struct for authenticated requests that we need for per-key stats 2022-09-22 22:57:21 +03:00			`&app,`
			`user_key,`
			`ip,`
ip, origin, referer, and user agent checks 2022-09-23 08:22:33 +03:00			`origin.map(\|x\| x.0),`
create a struct for authenticated requests that we need for per-key stats 2022-09-22 22:57:21 +03:00			`referer.map(\|x\| x.0),`
			`user_agent.map(\|x\| x.0),`
			`)`
			`.instrument(request_span.clone())`
			`.await?;`

ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`let request_span = error_span!("request", ?authorized_request);`
instrument with spans and allow skipping jsonrpc 2022-08-16 07:56:01 +03:00
ULID or UUID. Prefer ULID 2022-09-24 08:53:45 +03:00			`let authorized_request = Arc::new(authorized_request);`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00
more docs 2022-10-18 00:47:58 +03:00			`// the request can take a while, so we spawn so that we can start serving another request`
			`// TODO: spawn even earlier?`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`let f = tokio::spawn(async move {`
add per-user rpc accounting 2022-10-10 07:15:07 +03:00			`app.proxy_web3_rpc(authorized_request, payload)`
pass authorized_request through a bunch of places 2022-09-22 23:27:14 +03:00			`.instrument(request_span)`
			`.await`
			`});`
instrument with spans and allow skipping jsonrpc 2022-08-16 07:56:01 +03:00
unwrap less 2022-09-30 07:18:18 +03:00			`let response = f.await.expect("JoinHandle should always work")?;`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00
dry cache code 2022-09-07 06:54:16 +03:00			`Ok(Json(&response).into_response())`
split frontend code up 2022-06-05 22:58:47 +03:00			`}`