remove unused variables
This commit is contained in:
parent
94c5b0479a
commit
6c9189ef76
@ -168,10 +168,10 @@ impl AuthorizedKey {
|
|||||||
origin: Option<Origin>,
|
origin: Option<Origin>,
|
||||||
referer: Option<Referer>,
|
referer: Option<Referer>,
|
||||||
user_agent: Option<UserAgent>,
|
user_agent: Option<UserAgent>,
|
||||||
user_data: UserKeyData,
|
user_key_data: UserKeyData,
|
||||||
) -> anyhow::Result<Self> {
|
) -> anyhow::Result<Self> {
|
||||||
// check ip
|
// check ip
|
||||||
match &user_data.allowed_ips {
|
match &user_key_data.allowed_ips {
|
||||||
None => {}
|
None => {}
|
||||||
Some(allowed_ips) => {
|
Some(allowed_ips) => {
|
||||||
if !allowed_ips.iter().any(|x| x.contains(&ip)) {
|
if !allowed_ips.iter().any(|x| x.contains(&ip)) {
|
||||||
@ -183,7 +183,7 @@ impl AuthorizedKey {
|
|||||||
// check origin
|
// check origin
|
||||||
// TODO: do this with the Origin type instead of a String?
|
// TODO: do this with the Origin type instead of a String?
|
||||||
let origin = origin.map(|x| x.to_string());
|
let origin = origin.map(|x| x.to_string());
|
||||||
match (&origin, &user_data.allowed_origins) {
|
match (&origin, &user_key_data.allowed_origins) {
|
||||||
(None, None) => {}
|
(None, None) => {}
|
||||||
(Some(_), None) => {}
|
(Some(_), None) => {}
|
||||||
(None, Some(_)) => return Err(anyhow::anyhow!("Origin required")),
|
(None, Some(_)) => return Err(anyhow::anyhow!("Origin required")),
|
||||||
@ -197,7 +197,7 @@ impl AuthorizedKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check referer
|
// check referer
|
||||||
match (referer, &user_data.allowed_referers) {
|
match (referer, &user_key_data.allowed_referers) {
|
||||||
(None, None) => {}
|
(None, None) => {}
|
||||||
(Some(_), None) => {}
|
(Some(_), None) => {}
|
||||||
(None, Some(_)) => return Err(anyhow::anyhow!("Referer required")),
|
(None, Some(_)) => return Err(anyhow::anyhow!("Referer required")),
|
||||||
@ -209,7 +209,7 @@ impl AuthorizedKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check user_agent
|
// check user_agent
|
||||||
match (user_agent, &user_data.allowed_user_agents) {
|
match (user_agent, &user_key_data.allowed_user_agents) {
|
||||||
(None, None) => {}
|
(None, None) => {}
|
||||||
(Some(_), None) => {}
|
(Some(_), None) => {}
|
||||||
(None, Some(_)) => return Err(anyhow::anyhow!("User agent required")),
|
(None, Some(_)) => return Err(anyhow::anyhow!("User agent required")),
|
||||||
@ -223,8 +223,8 @@ impl AuthorizedKey {
|
|||||||
Ok(Self {
|
Ok(Self {
|
||||||
ip,
|
ip,
|
||||||
origin,
|
origin,
|
||||||
user_key_id: user_data.user_key_id,
|
user_key_id: user_key_data.user_key_id,
|
||||||
log_revert_chance: user_data.log_revert_chance,
|
log_revert_chance: user_key_data.log_revert_chance,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -268,13 +268,10 @@ pub async fn login_is_authorized(
|
|||||||
Ok((AuthorizedRequest::Ip(ip), semaphore))
|
Ok((AuthorizedRequest::Ip(ip), semaphore))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: where should we use this?
|
||||||
pub async fn bearer_is_authorized(
|
pub async fn bearer_is_authorized(
|
||||||
app: &Web3ProxyApp,
|
app: &Web3ProxyApp,
|
||||||
bearer: Bearer,
|
bearer: Bearer,
|
||||||
ip: IpAddr,
|
|
||||||
origin: Option<Origin>,
|
|
||||||
referer: Option<Referer>,
|
|
||||||
user_agent: Option<UserAgent>,
|
|
||||||
) -> Result<(AuthorizedRequest, Option<OwnedSemaphorePermit>), FrontendErrorResponse> {
|
) -> Result<(AuthorizedRequest, Option<OwnedSemaphorePermit>), FrontendErrorResponse> {
|
||||||
let mut redis_conn = app.redis_conn().await.context("Getting redis connection")?;
|
let mut redis_conn = app.redis_conn().await.context("Getting redis connection")?;
|
||||||
|
|
||||||
@ -290,22 +287,13 @@ pub async fn bearer_is_authorized(
|
|||||||
let db_conn = app.db_conn().context("Getting database connection")?;
|
let db_conn = app.db_conn().context("Getting database connection")?;
|
||||||
|
|
||||||
// turn user key id into a user key
|
// turn user key id into a user key
|
||||||
let user_key_data = user::Entity::find_by_id(user_id)
|
let user_data = user::Entity::find_by_id(user_id)
|
||||||
.one(&db_conn)
|
.one(&db_conn)
|
||||||
.await
|
.await
|
||||||
.context("fetching user by id")?
|
.context("fetching user by id")?
|
||||||
.context("unknown user id")?;
|
.context("unknown user id")?;
|
||||||
|
|
||||||
todo!("rewrite this. key_is_authorized is wrong. we should check user ids instead")
|
todo!("rewrite this. key_is_authorized is wrong. we should check user ids instead")
|
||||||
// key_is_authorized(
|
|
||||||
// app,
|
|
||||||
// user_key_data.api_key.into(),
|
|
||||||
// ip,
|
|
||||||
// origin,
|
|
||||||
// referer,
|
|
||||||
// user_agent,
|
|
||||||
// )
|
|
||||||
// .await
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn ip_is_authorized(
|
pub async fn ip_is_authorized(
|
||||||
|
@ -13,9 +13,10 @@ use std::{error::Error, net::IpAddr};
|
|||||||
use tokio::time::Instant;
|
use tokio::time::Instant;
|
||||||
use tracing::warn;
|
use tracing::warn;
|
||||||
|
|
||||||
// TODO: take "IntoResult" instead?
|
// TODO: take "IntoResponse" instead of Response?
|
||||||
pub type FrontendResult = Result<Response, FrontendErrorResponse>;
|
pub type FrontendResult = Result<Response, FrontendErrorResponse>;
|
||||||
|
|
||||||
|
// TODO:
|
||||||
#[derive(From)]
|
#[derive(From)]
|
||||||
pub enum FrontendErrorResponse {
|
pub enum FrontendErrorResponse {
|
||||||
Anyhow(anyhow::Error),
|
Anyhow(anyhow::Error),
|
||||||
@ -25,6 +26,8 @@ pub enum FrontendErrorResponse {
|
|||||||
Database(DbErr),
|
Database(DbErr),
|
||||||
RateLimitedUser(UserKeyData, Option<Instant>),
|
RateLimitedUser(UserKeyData, Option<Instant>),
|
||||||
RateLimitedIp(IpAddr, Option<Instant>),
|
RateLimitedIp(IpAddr, Option<Instant>),
|
||||||
|
/// simple way to return an error message to the user and an anyhow to our logs
|
||||||
|
StatusCode(StatusCode, String, anyhow::Error),
|
||||||
UnknownKey,
|
UnknownKey,
|
||||||
NotFound,
|
NotFound,
|
||||||
}
|
}
|
||||||
@ -72,6 +75,17 @@ impl IntoResponse for FrontendErrorResponse {
|
|||||||
debug_assert_ne!(r.status(), StatusCode::OK);
|
debug_assert_ne!(r.status(), StatusCode::OK);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
Self::StatusCode(status_code, err_msg, err) => {
|
||||||
|
warn!(?status_code, ?err_msg, ?err);
|
||||||
|
(
|
||||||
|
status_code,
|
||||||
|
JsonRpcForwardedResponse::from_str(
|
||||||
|
&err_msg,
|
||||||
|
Some(status_code.as_u16().into()),
|
||||||
|
None,
|
||||||
|
),
|
||||||
|
)
|
||||||
|
}
|
||||||
Self::Database(err) => {
|
Self::Database(err) => {
|
||||||
warn!(?err, "database");
|
warn!(?err, "database");
|
||||||
(
|
(
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
//! Take a user's HTTP JSON-RPC requests and either respond from local data or proxy the request to a backend rpc server.
|
//! Take a user's HTTP JSON-RPC requests and either respond from local data or proxy the request to a backend rpc server.
|
||||||
|
|
||||||
use super::authorization::{bearer_is_authorized, ip_is_authorized, key_is_authorized};
|
use super::authorization::{ip_is_authorized, key_is_authorized};
|
||||||
use super::errors::FrontendResult;
|
use super::errors::FrontendResult;
|
||||||
use crate::{app::Web3ProxyApp, jsonrpc::JsonRpcRequestEnum};
|
use crate::{app::Web3ProxyApp, jsonrpc::JsonRpcRequestEnum};
|
||||||
use axum::extract::Path;
|
use axum::extract::Path;
|
||||||
use axum::headers::authorization::Bearer;
|
use axum::headers::{Origin, Referer, UserAgent};
|
||||||
use axum::headers::{Authorization, Origin, Referer, UserAgent};
|
|
||||||
use axum::TypedHeader;
|
use axum::TypedHeader;
|
||||||
use axum::{response::IntoResponse, Extension, Json};
|
use axum::{response::IntoResponse, Extension, Json};
|
||||||
use axum_client_ip::ClientIp;
|
use axum_client_ip::ClientIp;
|
||||||
@ -19,29 +18,13 @@ use tracing::{error_span, Instrument};
|
|||||||
#[debug_handler]
|
#[debug_handler]
|
||||||
pub async fn proxy_web3_rpc(
|
pub async fn proxy_web3_rpc(
|
||||||
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
||||||
bearer: Option<TypedHeader<Authorization<Bearer>>>,
|
|
||||||
ClientIp(ip): ClientIp,
|
ClientIp(ip): ClientIp,
|
||||||
Json(payload): Json<JsonRpcRequestEnum>,
|
Json(payload): Json<JsonRpcRequestEnum>,
|
||||||
origin: Option<TypedHeader<Origin>>,
|
|
||||||
referer: Option<TypedHeader<Referer>>,
|
|
||||||
user_agent: Option<TypedHeader<UserAgent>>,
|
|
||||||
) -> FrontendResult {
|
) -> FrontendResult {
|
||||||
let request_span = error_span!("request", %ip, ?referer, ?user_agent);
|
let request_span = error_span!("request", %ip);
|
||||||
|
|
||||||
let (authorized_request, _semaphore) = if let Some(TypedHeader(Authorization(bearer))) = bearer
|
let (authorized_request, _semaphore) =
|
||||||
{
|
ip_is_authorized(&app, ip).instrument(request_span).await?;
|
||||||
let origin = origin.map(|x| x.0);
|
|
||||||
let referer = referer.map(|x| x.0);
|
|
||||||
let user_agent = user_agent.map(|x| x.0);
|
|
||||||
|
|
||||||
bearer_is_authorized(&app, bearer, ip, origin, referer, user_agent)
|
|
||||||
.instrument(request_span.clone())
|
|
||||||
.await?
|
|
||||||
} else {
|
|
||||||
ip_is_authorized(&app, ip)
|
|
||||||
.instrument(request_span.clone())
|
|
||||||
.await?
|
|
||||||
};
|
|
||||||
|
|
||||||
let request_span = error_span!("request", ?authorized_request);
|
let request_span = error_span!("request", ?authorized_request);
|
||||||
|
|
||||||
|
@ -2,11 +2,9 @@
|
|||||||
//!
|
//!
|
||||||
//! WebSockets are the preferred method of receiving requests, but not all clients have good support.
|
//! WebSockets are the preferred method of receiving requests, but not all clients have good support.
|
||||||
|
|
||||||
use super::authorization::{
|
use super::authorization::{ip_is_authorized, key_is_authorized, AuthorizedRequest};
|
||||||
bearer_is_authorized, ip_is_authorized, key_is_authorized, AuthorizedRequest,
|
|
||||||
};
|
|
||||||
use super::errors::FrontendResult;
|
use super::errors::FrontendResult;
|
||||||
use axum::headers::{authorization::Bearer, Authorization, Origin, Referer, UserAgent};
|
use axum::headers::{Origin, Referer, UserAgent};
|
||||||
use axum::{
|
use axum::{
|
||||||
extract::ws::{Message, WebSocket, WebSocketUpgrade},
|
extract::ws::{Message, WebSocket, WebSocketUpgrade},
|
||||||
extract::Path,
|
extract::Path,
|
||||||
@ -36,30 +34,15 @@ use crate::{
|
|||||||
/// Defaults to rate limiting by IP address, but can also read the Authorization header for a bearer token.
|
/// Defaults to rate limiting by IP address, but can also read the Authorization header for a bearer token.
|
||||||
#[debug_handler]
|
#[debug_handler]
|
||||||
pub async fn websocket_handler(
|
pub async fn websocket_handler(
|
||||||
bearer: Option<TypedHeader<Authorization<Bearer>>>,
|
|
||||||
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
||||||
ClientIp(ip): ClientIp,
|
ClientIp(ip): ClientIp,
|
||||||
origin: Option<TypedHeader<Origin>>,
|
|
||||||
referer: Option<TypedHeader<Referer>>,
|
|
||||||
user_agent: Option<TypedHeader<UserAgent>>,
|
|
||||||
ws_upgrade: Option<WebSocketUpgrade>,
|
ws_upgrade: Option<WebSocketUpgrade>,
|
||||||
) -> FrontendResult {
|
) -> FrontendResult {
|
||||||
let request_span = error_span!("request", %ip, ?referer, ?user_agent);
|
// TODO: i don't like logging ips. move this to trace level?
|
||||||
|
let request_span = error_span!("request", %ip);
|
||||||
|
|
||||||
let (authorized_request, _semaphore) = if let Some(TypedHeader(Authorization(bearer))) = bearer
|
let (authorized_request, _semaphore) =
|
||||||
{
|
ip_is_authorized(&app, ip).instrument(request_span).await?;
|
||||||
let origin = origin.map(|x| x.0);
|
|
||||||
let referer = referer.map(|x| x.0);
|
|
||||||
let user_agent = user_agent.map(|x| x.0);
|
|
||||||
|
|
||||||
bearer_is_authorized(&app, bearer, ip, origin, referer, user_agent)
|
|
||||||
.instrument(request_span.clone())
|
|
||||||
.await?
|
|
||||||
} else {
|
|
||||||
ip_is_authorized(&app, ip)
|
|
||||||
.instrument(request_span.clone())
|
|
||||||
.await?
|
|
||||||
};
|
|
||||||
|
|
||||||
let request_span = error_span!("request", ?authorized_request);
|
let request_span = error_span!("request", ?authorized_request);
|
||||||
|
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
use super::authorization::{login_is_authorized, UserKey};
|
use super::authorization::{login_is_authorized, UserKey};
|
||||||
use super::errors::FrontendResult;
|
use super::errors::FrontendResult;
|
||||||
use crate::app::Web3ProxyApp;
|
use crate::app::Web3ProxyApp;
|
||||||
|
use crate::frontend::authorization::bearer_is_authorized;
|
||||||
use crate::user_queries::{get_aggregate_rpc_stats_from_params, get_detailed_stats};
|
use crate::user_queries::{get_aggregate_rpc_stats_from_params, get_detailed_stats};
|
||||||
use anyhow::Context;
|
use anyhow::Context;
|
||||||
use axum::{
|
use axum::{
|
||||||
@ -323,7 +324,10 @@ pub async fn user_login_post(
|
|||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
if let Err(err) = redis_conn.del::<_, u64>(&login_nonce_key).await {
|
if let Err(err) = redis_conn.del::<_, u64>(&login_nonce_key).await {
|
||||||
warn!("Failed to delete login_nonce_key: {}", login_nonce_key);
|
warn!(
|
||||||
|
"Failed to delete login_nonce_key {}: {}",
|
||||||
|
login_nonce_key, err
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(response)
|
Ok(response)
|
||||||
@ -402,9 +406,11 @@ pub async fn user_profile_post(
|
|||||||
/// TODO: this will change as we add better support for secondary users.
|
/// TODO: this will change as we add better support for secondary users.
|
||||||
#[debug_handler]
|
#[debug_handler]
|
||||||
pub async fn user_balance_get(
|
pub async fn user_balance_get(
|
||||||
TypedHeader(Authorization(bearer_token)): TypedHeader<Authorization<Bearer>>,
|
|
||||||
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
||||||
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> FrontendResult {
|
) -> FrontendResult {
|
||||||
|
let (authorized_request, _semaphore) = bearer_is_authorized(&app, bearer).await?;
|
||||||
|
|
||||||
todo!("user_balance_get");
|
todo!("user_balance_get");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -485,9 +491,6 @@ pub async fn user_stats_detailed_get(
|
|||||||
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
Extension(app): Extension<Arc<Web3ProxyApp>>,
|
||||||
Query(params): Query<HashMap<String, String>>,
|
Query(params): Query<HashMap<String, String>>,
|
||||||
) -> FrontendResult {
|
) -> FrontendResult {
|
||||||
let db_conn = app.db_conn().context("connecting to db")?;
|
|
||||||
let redis_conn = app.redis_conn().await.context("connecting to redis")?;
|
|
||||||
|
|
||||||
let x = get_detailed_stats(&app, bearer, params).await?;
|
let x = get_detailed_stats(&app, bearer, params).await?;
|
||||||
|
|
||||||
Ok(Json(x).into_response())
|
Ok(Json(x).into_response())
|
||||||
|
@ -423,8 +423,6 @@ pub async fn get_detailed_stats(
|
|||||||
(condition, q)
|
(condition, q)
|
||||||
};
|
};
|
||||||
|
|
||||||
let q = q.filter(condition);
|
|
||||||
|
|
||||||
let q = if query_window_seconds != 0 {
|
let q = if query_window_seconds != 0 {
|
||||||
/*
|
/*
|
||||||
let query_start_timestamp: u64 = query_start
|
let query_start_timestamp: u64 = query_start
|
||||||
@ -452,6 +450,8 @@ pub async fn get_detailed_stats(
|
|||||||
q
|
q
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let q = q.filter(condition);
|
||||||
|
|
||||||
// log query here. i think sea orm has a useful log level for this
|
// log query here. i think sea orm has a useful log level for this
|
||||||
|
|
||||||
// TODO: transform this into a nested hashmap instead of a giant table?
|
// TODO: transform this into a nested hashmap instead of a giant table?
|
||||||
|
Loading…
Reference in New Issue
Block a user