Skip to content

Shu/zero intrusion refactor#3

Draft
shu-unifra wants to merge 22 commits intofeat/zero-intrusion-refactorfrom
shu/zero-intrusion-refactor
Draft

Shu/zero intrusion refactor#3
shu-unifra wants to merge 22 commits intofeat/zero-intrusion-refactorfrom
shu/zero-intrusion-refactor

Conversation

@shu-unifra
Copy link

Description

Fixes # (issue)

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

1. Add APISIX Dashboard configuration (test-env/dashboard_conf/conf.yaml)
2. Remove duplicate unifra-ws-jsonrpc-proxy plugin entry in apisix-config.yaml
3. Update docker-compose.yml for test environment
4. Update whitelist configuration

fix test-env apisix config
- fix(unifra-ctx-var): lower priority to 2400
- fix(unifra-limit-cu): set priority to 1011
- fix(unifra-limit-monthly-cu): set priority to 1010
- docs: update architecture and plugin docs with new priorities
- conf: update plugin list in config files
- Added comprehensive section on WebSocket MITM architecture, threading model, and execution flow.

- Removed temporary user_id debug logs from ws-jsonrpc-proxy plugin.
Cache plugin metadata per WS connection and reuse parsed JSON for logging.

Enforce per-second limit before monthly quota; add timeout cleanup and Redis select checks.

Adjust rate-limit headers/logging and tighten whitelist error handling.

Update dashboard plugin schema export.
- Removed 'quota_key_var' and 'quota_var' from unifra-limit-monthly-cu.lua
- Removed 'key_var' and 'limit_var' from unifra-limit-cu.lua
- Enforced standardized variable names: quota_key, monthly_quota, seconds_quota
- Updated rate limiting logic to prioritize quota_key for shared limits
- Added concurrency control for WebSocket connections via Redis.
- Implemented push notification billing with event-specific CU costs (newHeads, logs, etc.).
- Introduced subscription mapping to track event types for push billing and logging.
- Applied metadata-only Kafka logging policy for subscription-related traffic to reduce volume.
- Added documentation for WebSocket billing strategy and updated architecture/plugin docs.
- Added unit tests for push notification pricing logic and improved error handling.
- unifra-calculate-cu: expose 'total_cu_cost' and 'cu_costs' for Kafka logging
- unifra-calculate-cu: remove batch summary row appending strategy to simplify array logic
- unifra-jsonrpc-var: expose 'jsonrpc_id' context variable for request correlation
- infra: pin clickhouse version to 22.10.7.13-alpine
After the HTTP 101 WebSocket upgrade response has been sent, calling
return 200 in the access phase triggers:
  'attempt to set ngx.status after sending out response headers'

Use bare return instead since the response headers are already sent.
- Adjust push_notification CU costs in cu-pricing.yaml:
  - default: 10 -> 5
  - newHeads: 10 -> 5
  - logs: 20 -> 10
  - newPendingTransactions: 50 -> 20
- Add subscription_type field to WebSocket Kafka logs in unifra-ws-jsonrpc-proxy.lua.
- Move event_type variable scope to ensure it's captured in push notification logs.
- Update log_jsonrpc to include subscription_type in the final log entry for ClickHouse analysis.
Previously, the WS plugin extracted the network name from the Host header
subdomain (e.g., "staging-xlayer-mainnet" from staging-xlayer-mainnet.unifra.io),
which differed from the route-configured network name ("xlayer-mainnet"),
causing "unsupported network" errors in the whitelist check.

Changes:
- unifra-jsonrpc-var: move network extraction before WebSocket early return
  so ctx.var.unifra_network is always set for all request types
- unifra-ws-jsonrpc-proxy: prefer ctx.var.unifra_network (set by route config)
  over conf.network and extract_network(host) in all 5 locations
- whitelist: add staging- prefix stripping fallback as additional safety net
… chains

Replace hardcoded eth_subscribe/unsubscribe/subscription with suffix-based pattern matching to support cfx_subscribe and other chains.
       - cfx_subscribe
      - cfx_unsubscribe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant