check status of peers in kdf network (#25)

* require kdf connection string in the config file

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* add {serializer, deserializer} wrappers for `RpcClient`

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* implement expirable hashmap

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* implement peer status check logic into the middleware

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* check if KDF is available on app initialization

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update kdf rpc module

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* allow dead-code for various `expirable_map` functions

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* move `peer_connection_healthcheck` priority

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update execution flow docs

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update drawio document file

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* Update README.md

* keep `RpcSocketPayload` private

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update README

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* Update README.md

* extend configuration interface with `peer_healthcheck_caching_secs`

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update README

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* sync the upstream changes

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* update proxy_signature

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* sync upstream expirable map impl

Signed-off-by: onur-ozkan <work@onurozkan.dev>

* exclude nightly pipeline from runner

Signed-off-by: onur-ozkan <work@onurozkan.dev>

---------

Signed-off-by: onur-ozkan <work@onurozkan.dev>

Author: onur-ozkan

.github/workflows/pipelines.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -35,7 +35,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -58,7 +58,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -82,7 +82,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 
@@ -103,7 +103,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        rust: [nightly, beta, stable]
+        rust: [beta, stable]
     steps:
       - uses: actions/checkout@v2
 

Cargo.lock

@@ -20,6 +20,7 @@ log = "0.4.17"
 once_cell = "1.12.0"
 url = { version = "2.2.2", features = ["serde"] }
 redis = { version = "0.21.5", default-features = false, features = ["tokio-comp"] }
+rustc-hash = "1.1.0"
 serde = "1.0.137"
 serde_json = { version = "1.0.81", features = ["preserve_order", "raw_value"] }
 sha3 = "0.9"
@@ -28,7 +29,7 @@ tokio = { version = "1.12.0", default-features = false, features = ["macros", "r
 tokio-tungstenite = { version = "0.20.0", features = ["native-tls"] }
 # From our sources
 libp2p = { git = "https://github.com/KomodoPlatform/rust-libp2p.git", tag = "k-0.52.4", default-features = false, features = ["identify"] }
-proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", rev = "9ebc006" }
+proxy_signature = { git = "https://github.com/KomodoPlatform/komodo-defi-framework", branch = "dev" }
 
 [target.x86_64-unknown-linux-gnu.dependencies]
 jemallocator = "0.5.0"

Cargo.toml

@@ -1,3 +1,7 @@
+# Komodo Defi Proxy
+
+Decentralized P2P applications have some limitations by their nature and one of them is the use application/API keys. If an API key is used in the application, any user could retrieve it by simply debugging the app. Some of the blockchain services we use in [komodo-defi-framework](https://github.com/KomodoPlatform/komodo-defi-framework) are paid services and we want to prevent abuse, such as users copying the API key for personal use. To address this problem, we created this project, komodo-defi-proxy. It takes the request, handles the API key, forwards the request to the actual service, and returns the result without modifying the original request. This keeps our secret application keys secure and hidden from end users.
+
 ### Dev Requirements
 
 Creating rsa key pairs
@@ -16,12 +20,14 @@ Create the configuration file for app runtime.
   "pubkey_path": "/path_to_publick_key.pem",
   "privkey_path": "/path_to_private_key.pem",
   "redis_connection_string": "redis://localhost",
+  "kdf_rpc_client": "http://127.0.0.1:7783",
+  "kdf_rpc_password": "testpass",
   "token_expiration_time": 300,
   "proxy_routes": [
     {
       "inbound_route": "/dev",
       "outbound_route": "http://localhost:8000",
-      "proxy_type": "quicknode",
+      "proxy_type": "quicknode", # available types are: "quicknode", "moralis", "block_pi"
       "authorized": false,
       "allowed_rpc_methods": [
         "eth_blockNumber",
@@ -36,20 +42,18 @@ Create the configuration file for app runtime.
     "rp_15_min": 200,
     "rp_30_min": 350,
     "rp_60_min": 575
-  }
+  },
+  "peer_healthcheck_caching_secs": 10
 }
 ```
 
 Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_PATH`.
 
-***Important Note:*** The environment where the application will be deployed, the timezone MUST be as UTC. Also, make sure redis is version `6.*`
-
-### Architecture (TODO: OUTDATED)
-
-![arch2](https://github.com/KomodoPlatform/komodo-defi-proxy/assets/39852038/be7fe7ae-2f2a-4f68-afa8-ce4938c570a7)
+***Important Note:*** Make sure redis is version `7.*`
 
+### Architecture
 
-**Execution flow (TODO: OUTDATED):**
+![2024-09-09_14-09](https://github.com/user-attachments/assets/2775d73e-8003-4bfe-89e1-2c64da9e3004)
 
 1) Client sends the request.
 
@@ -58,29 +62,17 @@ Expose configuration file's path as an environment variable in `AUTH_APP_CONFIG_
 3) If the incoming request comes from the same network, step 4 will be by-passed.
 
 4) Request Handling in the Middleware:
+  - **Status Checker**:
+    - **Blocked**: Return `403 Forbidden`.
+    - **Allowed**: Process continues with the rate limiter.
+    - **Trusted**: Bypass rate limiter and proof of funding.
 
-   **For Quicknode:**
-   - **Status Checker**:
-     - **Blocked**: Return `403 Forbidden` immediately.
-     - **Allowed**: Process continues with the rate limiter.
-     - **Trusted**: Bypass rate limiter and proof of funding.
+  - **Peer Status Checker**:
+    - The requesting peer must be active in the KDF network. Validate this by executing the `peer_connection_healthcheck` KDF RPC. If the peer is not connected to the network, return `401 Unauthorized`.
 
-   - **Rate Limiter**:
-     - First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
-     - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.
-
-   - **Proof of Funding**:
-     - Return `406 Not Acceptable` if the wallet has a 0 balance. Otherwise, assume the request is valid and process it as usual.
-
-   **For Moralis:**
-   - **Status Checker**:
-     - **Blocked**: Return `403 Forbidden` immediately.
-     - **Allowed**: Process continues with the rate limiter.
-     - **Trusted**: Bypass the rate limiter.
-
-   - **Rate Limiter**:
-     - First, verify the signed message. If not valid, return `401 Unauthorized` immediately.
-     - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests, return an error `406 Not Acceptable` indicating that the wallet address must wait for some time before making more requests.
+  - **Rate Limiter**:
+    - First, verify the signed message. If not valid, return `401 Unauthorized`.
+    - If valid, calculate the request count with the time interval specified in the application configuration. If the wallet address has sent too many requests than the expected amount, process continues with the proof of funding. If not, bypass the proof of funding.
 
 5) Find target route by requested endpoint.
 
@@ -102,7 +94,7 @@ curl -v --url "'$mm2_address'" -s --data '{
 	"params": {
 		"ticker": "ETH",
 		"nodes": [
-			{"url": "'$atomicdex_gui_auth_address'", "gui_auth": true }
+			{"url": "'$atomicdex_gui_auth_address'", "komodo_proxy": true }
 		],
 		"swap_contract_address": "0x24ABE4c71FC658C91313b6552cd40cD808b3Ea80",
 		"erc20_tokens_requests": [
@@ -140,4 +132,4 @@ If you want to test features locally, you can run Docker containers using Docker
 4. **Stop the Containers**:
    ```sh
    docker compose down
-   ```
+   ```

README.md

@@ -1,6 +1,8 @@
 {
   "port": 6150,
   "redis_connection_string": "redis://redis:6379",
+  "kdf_rpc_client": "http://127.0.0.1:7783",
+  "kdf_rpc_password": "testpass",
   "pubkey_path": "/usr/src/komodo-defi-proxy/assets/.pubkey_test",
   "privkey_path": "/usr/src/komodo-defi-proxy/assets/.privkey_test",
   "token_expiration_time": 300,