Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add tap v2 receipt parser #558

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
216 changes: 152 additions & 64 deletions Cargo.lock

Large diffs are not rendered by default.

7 changes: 4 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,15 @@ uuid = { version = "1.11.0", features = ["v7"] }
tracing = { version = "0.1.40", default-features = false }
bigdecimal = "0.4.3"
build-info = "0.0.39"
tap_core = { git = "https://github.com/semiotic-ai/timeline-aggregation-protocol", rev = "1c6e29f", default-features = false }
tap_aggregator = { git = "https://github.com/semiotic-ai/timeline-aggregation-protocol", rev = "1c6e29f", default-features = false }
tap_core = { git = "https://github.com/semiotic-ai/timeline-aggregation-protocol", rev = "3c56018", default-features = false }
tap_core_v2 = { git = "https://github.com/semiotic-ai/timeline-aggregation-protocol", rev = "1dada3e", package = "tap_core" }
tap_aggregator = { git = "https://github.com/semiotic-ai/timeline-aggregation-protocol", rev = "3c56018", default-features = false }
tracing-subscriber = { version = "0.3", features = [
"json",
"env-filter",
"ansi",
], default-features = false }
thegraph-core = { version = "0.9.6", features = [
thegraph-core = { git = "https://github.com/edgeandnode/toolshed", rev= "d710e05", features = [
"attestation",
"alloy-eip712",
"alloy-sol-types",
Expand Down
1 change: 1 addition & 0 deletions crates/service/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ async-graphql-axum = "7.0.11"
base64.workspace = true
graphql = { git = "https://github.com/edgeandnode/toolshed", tag = "graphql-v0.3.0" }
tap_core.workspace = true
tap_core_v2.workspace = true
uuid.workspace = true
typed-builder.workspace = true
tower_governor = { version = "0.5.0", features = ["axum"] }
Expand Down
15 changes: 13 additions & 2 deletions crates/service/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,11 @@ pub enum IndexerServiceError {
SerializationError(#[from] serde_json::Error),

#[error("Issues with provided receipt: {0}")]
TapCoreError(#[from] tap_core::Error),
TapCoreErrorV1(#[from] tap_core::Error),

#[error("Issues with provided receipt: {0}")]
TapCoreErrorV2(#[from] tap_core_v2::Error),

#[error("There was an error while accessing escrow account: {0}")]
EscrowAccount(#[from] EscrowAccountsError),
}
Expand All @@ -37,11 +41,18 @@ impl StatusCodeExt for IndexerServiceError {
fn status_code(&self) -> StatusCode {
use IndexerServiceError as E;
match &self {
E::TapCoreError(ref error) => match error {
E::TapCoreErrorV1(ref error) => match error {
TapError::SignatureError(_)
| TapError::ReceiptError(ReceiptError::CheckFailure(_)) => StatusCode::BAD_REQUEST,
_ => StatusCode::INTERNAL_SERVER_ERROR,
},
E::TapCoreErrorV2(ref error) => match error {
tap_core_v2::Error::SignatureError(_)
| tap_core_v2::Error::ReceiptError(
tap_core_v2::receipt::ReceiptError::CheckFailure(_),
) => StatusCode::BAD_REQUEST,
_ => StatusCode::INTERNAL_SERVER_ERROR,
},
E::EscrowAccount(_) | E::ReceiptNotFound => StatusCode::PAYMENT_REQUIRED,
E::DeploymentIdNotFound => StatusCode::INTERNAL_SERVER_ERROR,
E::AxumError(_) | E::SerializationError(_) => StatusCode::BAD_GATEWAY,
Expand Down
15 changes: 10 additions & 5 deletions crates/service/src/middleware/auth.rs
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
// Copyright 2023-, Edge & Node, GraphOps, and Semiotic Labs.
// SPDX-License-Identifier: Apache-2.0

mod async_validate;
mod bearer;
mod or;
mod tap;
mod tap_v1;
mod tap_v2;

#[cfg(test)]
pub use async_validate::wrap;
pub use bearer::Bearer;
pub use or::OrExt;
pub use tap::tap_receipt_authorize;
pub use tap_v1::tap_receipt_authorize as tap_receipt_authorize_v1;
pub use tap_v2::tap_receipt_authorize as tap_receipt_authorize_v2;

#[cfg(test)]
mod tests {
Expand All @@ -28,15 +33,15 @@ mod tests {

use crate::{
middleware::auth::{self, Bearer, OrExt},
tap::IndexerTapContext,
tap::IndexerTapContextV1,
};

const BEARER_TOKEN: &str = "test";

async fn service(
pgpool: PgPool,
) -> impl Service<Request<Body>, Response = Response<Body>, Error = impl std::fmt::Debug> {
let context = IndexerTapContext::new(pgpool.clone(), TAP_EIP712_DOMAIN.clone()).await;
let context = IndexerTapContextV1::new(pgpool.clone(), TAP_EIP712_DOMAIN.clone()).await;
let tap_manager = Arc::new(Manager::new(
TAP_EIP712_DOMAIN.clone(),
context,
Expand All @@ -54,7 +59,7 @@ mod tests {
.unwrap(),
));
let free_query = Bearer::new(BEARER_TOKEN);
let tap_auth = auth::tap_receipt_authorize(tap_manager, metric);
let tap_auth = auth::tap_receipt_authorize_v1(tap_manager, metric);
let authorize_requests = free_query.or(tap_auth);

let authorization_middleware = AsyncRequireAuthorizationLayer::new(authorize_requests);
Expand Down
66 changes: 66 additions & 0 deletions crates/service/src/middleware/auth/async_validate.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
use std::future::Future;

use axum::{
body::Body,
http::{request::Parts, Request, Response},
};
use tower_http::auth::AsyncAuthorizeRequest;

pub trait AsyncAuthorizeRequestExt {
/// The body type used for responses to unauthorized requests.
type ResponseBody;

/// Authorize the request.
///
/// If the future resolves to `Ok(request)` then the request is allowed through, otherwise not.
fn authorize(
&self,
request: &mut Parts,
) -> impl Future<Output = Result<(), Response<Self::ResponseBody>>> + Send;
}

//) -> impl AsyncAuthorizeRequest<
// B,
// RequestBody = B,
// ResponseBody = Body,
// Future = impl Future<Output = Result<Request<B>, Response<Body>>> + Send,
//> + Clone
// + Send
//where
// T: ReceiptStore + Sync + Send + 'static,
// B: Send,

pub fn wrap<B>(
my_fn: impl AsyncAuthorizeRequestExt<ResponseBody = Body> + Clone + Send,
) -> impl AsyncAuthorizeRequest<
B,
RequestBody = B,
ResponseBody = Body,
Future = impl Future<Output = Result<Request<B>, Response<Body>>> + Send,
> + Clone
+ Send
where
B: Send,
{
move |request: Request<B>| {
let my_fn = my_fn.clone();
async move {
let (mut parts, body) = request.into_parts();
my_fn.authorize(&mut parts).await?;
let request = Request::from_parts(parts, body);
Ok(request)
}
}
}

impl<F, Fut, ResBody> AsyncAuthorizeRequestExt for F
where
F: Fn(&mut Parts) -> Fut + Send + Sync,
Fut: Future<Output = Result<(), Response<ResBody>>> + Send,
{
type ResponseBody = ResBody;

async fn authorize(&self, request: &mut Parts) -> Result<(), Response<ResBody>> {
self(request).await
}
}
11 changes: 6 additions & 5 deletions crates/service/src/middleware/auth/bearer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@

use std::{fmt, marker::PhantomData};

use axum::http::{HeaderValue, Request, Response};
use axum::http::{request::Parts, HeaderValue, Response};
use reqwest::{header, StatusCode};
use tower_http::validate_request::ValidateRequest;

use super::async_validate::AsyncAuthorizeRequestExt;

pub struct Bearer<ResBody> {
header_value: HeaderValue,
Expand Down Expand Up @@ -48,14 +49,14 @@ impl<ResBody> fmt::Debug for Bearer<ResBody> {
}
}

impl<B, ResBody> ValidateRequest<B> for Bearer<ResBody>
impl<ResBody> AsyncAuthorizeRequestExt for Bearer<ResBody>
where
ResBody: Default,
{
type ResponseBody = ResBody;

fn validate(&mut self, request: &mut Request<B>) -> Result<(), Response<Self::ResponseBody>> {
match request.headers().get(header::AUTHORIZATION) {
async fn authorize(&self, request: &mut Parts) -> Result<(), Response<ResBody>> {
match request.headers.get(header::AUTHORIZATION) {
Some(actual) if actual == self.header_value => Ok(()),
_ => {
let mut res = Response::new(ResBody::default());
Expand Down
107 changes: 34 additions & 73 deletions crates/service/src/middleware/auth/or.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,25 @@
//! executes a ValidateRequest returning the request if it succeeds
//! or else, executes the future and return it

use std::{future::Future, marker::PhantomData, pin::Pin, task::Poll};
use std::marker::PhantomData;

use axum::http::{Request, Response};
use pin_project::pin_project;
use tower_http::{auth::AsyncAuthorizeRequest, validate_request::ValidateRequest};
use axum::http::{request::Parts, Request, Response};
use thegraph_core::alloy::transports::BoxFuture;
use tower_http::auth::AsyncAuthorizeRequest;

use super::async_validate::AsyncAuthorizeRequestExt;

/// Extension that allows using a simple .or() function and return an Or struct
pub trait OrExt<T, B, Resp>: Sized {
fn or(self, other: T) -> Or<Self, T, B, Resp>;
}

impl<T, A, B, Resp, Fut> OrExt<A, B, Resp> for T
impl<T, A, B, Resp> OrExt<A, B, Resp> for T
where
B: 'static + Send,
Resp: 'static + Send,
T: ValidateRequest<B, ResponseBody = Resp>,
A: AsyncAuthorizeRequest<B, RequestBody = B, ResponseBody = Resp, Future = Fut>
+ Clone
+ 'static
+ Send,
Fut: Future<Output = Result<Request<B>, Response<Resp>>> + Send,
T: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send,
A: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send,
{
fn or(self, other: A) -> Or<Self, A, B, Resp> {
Or(self, other, PhantomData)
Expand All @@ -50,79 +48,42 @@ where
}
}

impl<T, E, Req, Resp, Fut> AsyncAuthorizeRequest<Req> for Or<T, E, Req, Resp>
impl<T, E, B, Resp> AsyncAuthorizeRequestExt for Or<T, E, B, Resp>
where
Req: 'static + Send,
Resp: 'static + Send,
T: ValidateRequest<Req, ResponseBody = Resp>,
E: AsyncAuthorizeRequest<Req, RequestBody = Req, ResponseBody = Resp, Future = Fut>
+ Clone
+ 'static
+ Send,
Fut: Future<Output = Result<Request<Req>, Response<Resp>>> + Send,
T: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send + Sync,
E: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send + Sync,
{
type RequestBody = Req;
type ResponseBody = Resp;

type Future = OrFuture<Fut, Req, Resp>;

fn authorize(&mut self, mut request: axum::http::Request<Req>) -> Self::Future {
let mut this = self.1.clone();
if self.0.validate(&mut request).is_ok() {
return OrFuture::with_result(Ok(request));
}
OrFuture::with_future(this.authorize(request))
}
}

#[pin_project::pin_project(project = KindProj)]
pub enum Kind<Fut, Req, Resp> {
QueryResult {
#[pin]
fut: Fut,
},
ReturnResult {
validation_result: Option<Result<Request<Req>, Response<Resp>>>,
},
}

#[pin_project]
pub struct OrFuture<Fut, Req, Resp> {
#[pin]
kind: Kind<Fut, Req, Resp>,
}

impl<Fut, Req, Resp> OrFuture<Fut, Req, Resp> {
fn with_result(validation_result: Result<Request<Req>, Response<Resp>>) -> Self {
let validation_result = Some(validation_result);
Self {
kind: Kind::ReturnResult { validation_result },
}
}

fn with_future(fut: Fut) -> Self {
Self {
kind: Kind::QueryResult { fut },
async fn authorize(&self, parts: &mut Parts) -> Result<(), Response<Resp>> {
if self.0.authorize(parts).await.is_err() {
self.1.authorize(parts).await?;
}
Ok(())
}
}

impl<Fut, Req, Resp> Future for OrFuture<Fut, Req, Resp>
impl<T, E, Req, Resp> AsyncAuthorizeRequest<Req> for Or<T, E, Req, Resp>
where
Fut: Future<Output = Result<Request<Req>, Response<Resp>>>,
Req: 'static + Send,
Resp: 'static + Send,
T: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send,
E: AsyncAuthorizeRequestExt<ResponseBody = Resp> + Clone + 'static + Send,
{
type Output = Result<Request<Req>, Response<Resp>>;
type RequestBody = Req;
type ResponseBody = Resp;

fn poll(
self: Pin<&mut Self>,
cx: &mut std::task::Context<'_>,
) -> std::task::Poll<Self::Output> {
let this = self.project();
match this.kind.project() {
KindProj::QueryResult { fut } => fut.poll(cx),
KindProj::ReturnResult { validation_result } => {
Poll::Ready(validation_result.take().expect("cannot poll twice"))
type Future = BoxFuture<'static, Result<Request<Req>, Response<Resp>>>;

fn authorize(&mut self, req: axum::http::Request<Req>) -> Self::Future {
let this = self.clone();
Box::pin(async move {
let (mut parts, body) = req.into_parts();
if this.0.authorize(&mut parts).await.is_err() {
this.1.authorize(&mut parts).await?;
}
}
let req = Request::from_parts(parts, body);
Ok(req)
})
}
}
Loading