Shu/zero intrusion refactor#3
Draft
shu-unifra wants to merge 22 commits intofeat/zero-intrusion-refactorfrom
Draft
Shu/zero intrusion refactor#3shu-unifra wants to merge 22 commits intofeat/zero-intrusion-refactorfrom
shu-unifra wants to merge 22 commits intofeat/zero-intrusion-refactorfrom
Conversation
1. Add APISIX Dashboard configuration (test-env/dashboard_conf/conf.yaml) 2. Remove duplicate unifra-ws-jsonrpc-proxy plugin entry in apisix-config.yaml 3. Update docker-compose.yml for test environment 4. Update whitelist configuration fix test-env apisix config
- fix(unifra-ctx-var): lower priority to 2400 - fix(unifra-limit-cu): set priority to 1011 - fix(unifra-limit-monthly-cu): set priority to 1010 - docs: update architecture and plugin docs with new priorities - conf: update plugin list in config files
- Added comprehensive section on WebSocket MITM architecture, threading model, and execution flow. - Removed temporary user_id debug logs from ws-jsonrpc-proxy plugin.
Cache plugin metadata per WS connection and reuse parsed JSON for logging. Enforce per-second limit before monthly quota; add timeout cleanup and Redis select checks. Adjust rate-limit headers/logging and tighten whitelist error handling. Update dashboard plugin schema export.
- Removed 'quota_key_var' and 'quota_var' from unifra-limit-monthly-cu.lua - Removed 'key_var' and 'limit_var' from unifra-limit-cu.lua - Enforced standardized variable names: quota_key, monthly_quota, seconds_quota - Updated rate limiting logic to prioritize quota_key for shared limits
- Added concurrency control for WebSocket connections via Redis. - Implemented push notification billing with event-specific CU costs (newHeads, logs, etc.). - Introduced subscription mapping to track event types for push billing and logging. - Applied metadata-only Kafka logging policy for subscription-related traffic to reduce volume. - Added documentation for WebSocket billing strategy and updated architecture/plugin docs. - Added unit tests for push notification pricing logic and improved error handling.
- unifra-calculate-cu: expose 'total_cu_cost' and 'cu_costs' for Kafka logging - unifra-calculate-cu: remove batch summary row appending strategy to simplify array logic - unifra-jsonrpc-var: expose 'jsonrpc_id' context variable for request correlation - infra: pin clickhouse version to 22.10.7.13-alpine
After the HTTP 101 WebSocket upgrade response has been sent, calling return 200 in the access phase triggers: 'attempt to set ngx.status after sending out response headers' Use bare return instead since the response headers are already sent.
- Adjust push_notification CU costs in cu-pricing.yaml: - default: 10 -> 5 - newHeads: 10 -> 5 - logs: 20 -> 10 - newPendingTransactions: 50 -> 20 - Add subscription_type field to WebSocket Kafka logs in unifra-ws-jsonrpc-proxy.lua. - Move event_type variable scope to ensure it's captured in push notification logs. - Update log_jsonrpc to include subscription_type in the final log entry for ClickHouse analysis.
Previously, the WS plugin extracted the network name from the Host header
subdomain (e.g., "staging-xlayer-mainnet" from staging-xlayer-mainnet.unifra.io),
which differed from the route-configured network name ("xlayer-mainnet"),
causing "unsupported network" errors in the whitelist check.
Changes:
- unifra-jsonrpc-var: move network extraction before WebSocket early return
so ctx.var.unifra_network is always set for all request types
- unifra-ws-jsonrpc-proxy: prefer ctx.var.unifra_network (set by route config)
over conf.network and extract_network(host) in all 5 locations
- whitelist: add staging- prefix stripping fallback as additional safety net
… chains Replace hardcoded eth_subscribe/unsubscribe/subscription with suffix-based pattern matching to support cfx_subscribe and other chains.
- cfx_subscribe
- cfx_unsubscribe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes # (issue)
Checklist