From cf855c6e11fa5beeffda61be774fbceda47992ed Mon Sep 17 00:00:00 2001 From: Darksome Date: Mon, 10 Jul 2023 19:16:05 +0400 Subject: [PATCH] feat: make Verify API opt-in & secure attestation with CSRF tokens --- .env.example | 2 - Cargo.lock | 645 +++++++++++++++++++++++++++++--- Cargo.toml | 5 +- integration/integration.test.ts | 33 +- src/http_server/mod.rs | 46 +-- src/lib.rs | 46 ++- src/main.rs | 17 +- src/project_registry/cloud.rs | 6 +- terraform/ecs/main.tf | 1 - terraform/ecs/variables.tf | 5 - terraform/main.tf | 1 - terraform/variables.tf | 5 - terraform/vars/dev.tfvars | 1 - terraform/vars/prod.tfvars | 1 - terraform/vars/staging.tfvars | 1 - 15 files changed, 660 insertions(+), 155 deletions(-) diff --git a/.env.example b/.env.example index 96ef61c..d1e970b 100644 --- a/.env.example +++ b/.env.example @@ -18,5 +18,3 @@ TEST_PROJECT_ID="Create one on https://wc-cloud-staging.vercel.app" # Terraform GRAFANA_AUTH= - -DOMAIN_WHITELIST=walletconnect.com,vercel.app,localhost \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index bd504e0..fe5dbda 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,21 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "addr2line" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + [[package]] name = "ahash" version = "0.7.6" @@ -37,6 +52,18 @@ version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "216261ddc8289130e551ddcd5ce8a064710c0d064a4d2895c67151c92b5443f6" +[[package]] +name = "arrayref" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" + +[[package]] +name = "arrayvec" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" + [[package]] name = "arrayvec" version = "0.7.2" @@ -46,15 +73,45 @@ dependencies = [ "serde", ] +[[package]] +name = "async-lock" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa24f727524730b077666307f2734b4a1a1c57acb79193127dcc8914d5242dd7" +dependencies = [ + "event-listener", +] + +[[package]] +name = "async-session" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07da4ce523b4e2ebaaf330746761df23a465b951a83d84bbce4233dabedae630" +dependencies = [ + "anyhow", + "async-lock", + "async-trait", + "base64 0.13.1", + "bincode", + "blake3", + "chrono", + "hmac 0.11.0", + "log", + "rand", + "serde", + "serde_json", + "sha2 0.9.9", +] + [[package]] name = "async-trait" -version = "0.1.58" +version = "0.1.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e805d94e6b5001b651426cf4cd446b1ab5f319d27bab5c644f61de0a804360c" +checksum = "a564d521dd56509c4c47480d00b80ee55f7e385ae48db5744c67ad50c92d2ebf" dependencies = [ "proc-macro2", "quote", - "syn 1.0.103", + "syn 2.0.25", ] [[package]] @@ -65,15 +122,16 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "axum" -version = "0.6.1" +version = "0.6.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08b108ad2665fa3f6e6a517c3d80ec3e77d224c47d605167aefaa5d7ef97fa48" +checksum = "f8175979259124331c1d7bf6586ee7e0da434155e4b2d48ec2c8386281d8df39" dependencies = [ "async-trait", "axum-core", "bitflags", "bytes", "futures-util", + "headers", "http", "http-body", "hyper", @@ -91,16 +149,15 @@ dependencies = [ "sync_wrapper", "tokio", "tower", - "tower-http 0.3.4", "tower-layer", "tower-service", ] [[package]] name = "axum-core" -version = "0.3.0" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79b8558f5a0581152dc94dcd289132a1d377494bdeafcd41869b3258e3e2ad92" +checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c" dependencies = [ "async-trait", "bytes", @@ -113,6 +170,46 @@ dependencies = [ "tower-service", ] +[[package]] +name = "axum-csrf-sync-pattern" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "36a74468282b59d5408544c39be21361263e9e59457e89bb898b5dff929ffec6" +dependencies = [ + "axum", + "axum-core", + "axum-sessions", + "base64 0.21.0", + "rand", + "thiserror", + "tokio", + "tower", + "tracing", +] + +[[package]] +name = "axum-extra" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "febf23ab04509bd7672e6abe76bd8277af31b679e89fa5ffc6087dc289a448a3" +dependencies = [ + "axum", + "axum-core", + "bytes", + "cookie", + "futures-util", + "http", + "http-body", + "mime", + "pin-project-lite", + "serde", + "tokio", + "tower", + "tower-http 0.4.0", + "tower-layer", + "tower-service", +] + [[package]] name = "axum-prometheus" version = "0.3.2" @@ -136,6 +233,37 @@ dependencies = [ "tower-http 0.4.0", ] +[[package]] +name = "axum-sessions" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714cad544cd87d8da821cda715bb9aaa5d4d1adbdb64c549b18138e3cbf93c44" +dependencies = [ + "async-session", + "axum", + "axum-extra", + "futures", + "http-body", + "tokio", + "tower", + "tracing", +] + +[[package]] +name = "backtrace" +version = "0.3.68" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4319208da049c43661739c5fade2ba182f09d1dc2299b32298d3a31692b17e12" +dependencies = [ + "addr2line", + "cc", + "cfg-if 1.0.0", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + [[package]] name = "base64" version = "0.13.1" @@ -163,15 +291,50 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "blake3" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b64485778c4f16a6a5a9d335e80d449ac6c70cdd6a06d2af18a6f6f775a125b3" +dependencies = [ + "arrayref", + "arrayvec 0.5.2", + "cc", + "cfg-if 0.1.10", + "constant_time_eq", + "crypto-mac 0.8.0", + "digest 0.9.0", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bouncer" -version = "0.24.1" +version = "0.24.2" dependencies = [ "anyhow", - "arrayvec", + "arrayvec 0.7.2", "async-trait", "axum", + "axum-csrf-sync-pattern", "axum-prometheus", + "axum-sessions", "build-info", "build-info-build", "cerberus", @@ -183,6 +346,7 @@ dependencies = [ "log", "metrics", "prometheus", + "rand", "rmp-serde", "serde", "tap", @@ -255,7 +419,7 @@ dependencies = [ "proc-macro2", "quote", "serde_json", - "syn 2.0.12", + "syn 2.0.25", "xz2", ] @@ -321,7 +485,7 @@ dependencies = [ [[package]] name = "cerberus" version = "0.2.0" -source = "git+https://github.com/WalletConnect/cerberus.git?tag=v0.4.0#ea9c41e5a1a678ce2c047a12b8c4d2f7de5f7d45" +source = "git+https://github.com/WalletConnect/cerberus.git?rev=83217c8dddee6b0857ca75cac91123aa430a0667#83217c8dddee6b0857ca75cac91123aa430a0667" dependencies = [ "async-trait", "once_cell", @@ -331,6 +495,12 @@ dependencies = [ "thiserror", ] +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + [[package]] name = "cfg-if" version = "1.0.0" @@ -374,12 +544,34 @@ dependencies = [ "tokio-util", ] +[[package]] +name = "constant_time_eq" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" + [[package]] name = "convert_case" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" +[[package]] +name = "cookie" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24" +dependencies = [ + "base64 0.21.0", + "hmac 0.12.1", + "percent-encoding", + "rand", + "sha2 0.10.7", + "subtle", + "time", + "version_check", +] + [[package]] name = "core-foundation" version = "0.9.3" @@ -396,6 +588,15 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" +[[package]] +name = "cpufeatures" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +dependencies = [ + "libc", +] + [[package]] name = "crossbeam-epoch" version = "0.9.14" @@ -403,7 +604,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" dependencies = [ "autocfg", - "cfg-if", + "cfg-if 1.0.0", "crossbeam-utils", "memoffset", "scopeguard", @@ -415,7 +616,37 @@ version = "0.8.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "crypto-mac" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" +dependencies = [ + "generic-array", + "subtle", +] + +[[package]] +name = "crypto-mac" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" +dependencies = [ + "generic-array", + "subtle", ] [[package]] @@ -523,13 +754,33 @@ version = "0.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8" +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer 0.10.4", + "crypto-common", + "subtle", +] + [[package]] name = "encoding_rs" version = "0.8.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9852635589dc9f9ea1b6fe9f05b50ef208c85c834a562f0c6abb1c475736ec2b" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", ] [[package]] @@ -541,6 +792,12 @@ dependencies = [ "serde", ] +[[package]] +name = "event-listener" +version = "2.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" + [[package]] name = "fastrand" version = "1.8.0" @@ -669,17 +926,33 @@ dependencies = [ "slab", ] +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + [[package]] name = "getrandom" version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "wasi 0.11.0+wasi-snapshot-preview1", ] +[[package]] +name = "gimli" +version = "0.27.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e" + [[package]] name = "git2" version = "0.16.1" @@ -701,9 +974,9 @@ checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" [[package]] name = "h2" -version = "0.3.15" +version = "0.3.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f9f29bc9dda355256b2916cf526ab02ce0aeaaaf2bad60d65ef3f12f11dd0f4" +checksum = "97ec8491ebaf99c8eaa73058b045fe58073cd6be7f596ac993ced0b0a0c01049" dependencies = [ "bytes", "fnv", @@ -727,6 +1000,31 @@ dependencies = [ "ahash", ] +[[package]] +name = "headers" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3e372db8e5c0d213e0cd0b9be18be2aca3d44cf2fe30a9d46a65581cd454584" +dependencies = [ + "base64 0.13.1", + "bitflags", + "bytes", + "headers-core", + "http", + "httpdate", + "mime", + "sha1", +] + +[[package]] +name = "headers-core" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429" +dependencies = [ + "http", +] + [[package]] name = "hermit-abi" version = "0.1.19" @@ -736,11 +1034,30 @@ dependencies = [ "libc", ] +[[package]] +name = "hmac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +dependencies = [ + "crypto-mac 0.11.1", + "digest 0.9.0", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "http" -version = "0.2.8" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" +checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" dependencies = [ "bytes", "fnv", @@ -778,9 +1095,9 @@ checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" [[package]] name = "hyper" -version = "0.14.23" +version = "0.14.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "034711faac9d2166cb1baf1a2fb0b60b1f277f8492fd72176c17f3515e1abd3c" +checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468" dependencies = [ "bytes", "futures-channel", @@ -863,7 +1180,7 @@ version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", ] [[package]] @@ -874,9 +1191,9 @@ checksum = "ec947b7a4ce12e3b87e353abae7ce124d025b6c7d6c5aea5cc0bcf92e9510ded" [[package]] name = "itoa" -version = "1.0.4" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" +checksum = "62b02a5381cc465bd3041d84623d0fa3b66738b52b8e2fc3bab8ad63ab032f4a" [[package]] name = "jobserver" @@ -904,9 +1221,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.141" +version = "0.2.147" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5" +checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" [[package]] name = "libgit2-sys" @@ -957,7 +1274,7 @@ version = "0.4.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", ] [[package]] @@ -1065,16 +1382,24 @@ version = "0.3.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + [[package]] name = "mio" -version = "0.8.5" +version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5d732bc30207a6423068df043e3d02e0735b155ad7ce1a6f76fe2baa5b158de" +checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" dependencies = [ "libc", - "log", "wasi 0.11.0+wasi-snapshot-preview1", - "windows-sys 0.42.0", + "windows-sys 0.48.0", ] [[package]] @@ -1145,12 +1470,27 @@ dependencies = [ "libc", ] +[[package]] +name = "object" +version = "0.31.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8bda667d9f2b5051b8833f59f3bf748b28ef54f850f4fcb389a252aa383866d1" +dependencies = [ + "memchr", +] + [[package]] name = "once_cell" version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + [[package]] name = "openssl" version = "0.10.43" @@ -1158,7 +1498,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "020433887e44c27ff16365eaa2d380547a94544ad509aff6eb5b6e3e0b27b376" dependencies = [ "bitflags", - "cfg-if", + "cfg-if 1.0.0", "foreign-types", "libc", "once_cell", @@ -1227,7 +1567,7 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dc9e0dc2adc1c69d09143aff38d3d30c5c3f0df0dad82e6d25547af174ebec0" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "redox_syscall", "smallvec", @@ -1290,6 +1630,12 @@ version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26f6a7b87c2e435a3241addceeeff740ff8b7e76b74c13bf9acb17fa454ea00b" +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + [[package]] name = "pretty_assertions" version = "1.3.0" @@ -1328,9 +1674,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.54" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e472a104799c74b514a57226160104aa483546de37e839ec50e3c2e41dd87534" +checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" dependencies = [ "unicode-ident", ] @@ -1341,7 +1687,7 @@ version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "449811d15fbdf5ceb5c1144416066429cf82316e2ec8ce0c1f6f8a02e7bbcf8c" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "fnv", "lazy_static", "memchr", @@ -1374,13 +1720,43 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.26" +version = "1.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "573015e8ab27661678357f27dc26460738fd2b6c86e46f386fde94cb5d913105" dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + [[package]] name = "raw-cpuid" version = "10.7.0" @@ -1509,6 +1885,12 @@ dependencies = [ "serde", ] +[[package]] +name = "rustc-demangle" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" + [[package]] name = "rustc_version" version = "0.4.0" @@ -1636,6 +2018,41 @@ dependencies = [ "serde", ] +[[package]] +name = "sha1" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + +[[package]] +name = "sha2" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.10.7", +] + [[package]] name = "sharded-slab" version = "0.1.4" @@ -1677,14 +2094,20 @@ checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" [[package]] name = "socket2" -version = "0.4.7" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" +checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" dependencies = [ "libc", "winapi", ] +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" version = "1.0.103" @@ -1698,9 +2121,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.12" +version = "2.0.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79d9531f94112cfc3e4c8f5f02cb2b58f72c97b7efd85f70203cc6d8efda5927" +checksum = "15e3fc8c0c74267e2df136e5e5fb656a464158aa57624053375eb9c8c6e25ae2" dependencies = [ "proc-macro2", "quote", @@ -1725,7 +2148,7 @@ version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "fastrand", "libc", "redox_syscall", @@ -1744,22 +2167,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.37" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e" +checksum = "a35fc5b8971143ca348fa6df4f024d4d55264f3468c71ad1c2f365b0a4d58c42" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.37" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" +checksum = "463fe12d7993d3b327787537ce8dd4dfa058de32fc2b195ef3cde03dc4771e8f" dependencies = [ "proc-macro2", "quote", - "syn 1.0.103", + "syn 2.0.25", ] [[package]] @@ -1771,6 +2194,33 @@ dependencies = [ "once_cell", ] +[[package]] +name = "time" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59e399c068f43a5d116fedaf73b203fa4f9c519f17e2b34f63221d3792f81446" +dependencies = [ + "itoa", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" + +[[package]] +name = "time-macros" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96ba15a897f3c86766b757e5ac7221554c6750054d74d5b28844fce5fb36a6c4" +dependencies = [ + "time-core", +] + [[package]] name = "tinyvec" version = "1.6.0" @@ -1788,14 +2238,14 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.22.0" +version = "1.29.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76ce4a75fb488c605c54bf610f221cea8b0dafb53333c1a67e8ee199dcd2ae3" +checksum = "532826ff75199d5833b9d2c5fe410f29235e25704ee5f0ef599fb51c21f4a4da" dependencies = [ "autocfg", + "backtrace", "bytes", "libc", - "memchr", "mio", "num_cpus", "parking_lot", @@ -1803,18 +2253,18 @@ dependencies = [ "signal-hook-registry", "socket2", "tokio-macros", - "winapi", + "windows-sys 0.48.0", ] [[package]] name = "tokio-macros" -version = "1.8.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484" +checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 1.0.103", + "syn 2.0.25", ] [[package]] @@ -1871,7 +2321,6 @@ dependencies = [ "http-body", "http-range-header", "pin-project-lite", - "tower", "tower-layer", "tower-service", "tracing", @@ -1913,7 +2362,7 @@ version = "0.1.37" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "log", "pin-project-lite", "tracing-attributes", @@ -1985,6 +2434,12 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" +[[package]] +name = "typenum" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" + [[package]] name = "unicode-bidi" version = "0.3.8" @@ -2069,7 +2524,7 @@ version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "wasm-bindgen-macro", ] @@ -2094,7 +2549,7 @@ version = "0.4.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "23639446165ca5a5de86ae1d8896b737ae80319560fbaa4c2887b7da6e7ebd7d" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "js-sys", "wasm-bindgen", "web-sys", @@ -2189,21 +2644,51 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" dependencies = [ - "windows_aarch64_gnullvm", + "windows_aarch64_gnullvm 0.42.0", "windows_aarch64_msvc 0.42.0", "windows_i686_gnu 0.42.0", "windows_i686_msvc 0.42.0", "windows_x86_64_gnu 0.42.0", - "windows_x86_64_gnullvm", + "windows_x86_64_gnullvm 0.42.0", "windows_x86_64_msvc 0.42.0", ] +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.48.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f" +dependencies = [ + "windows_aarch64_gnullvm 0.48.0", + "windows_aarch64_msvc 0.48.0", + "windows_i686_gnu 0.48.0", + "windows_i686_msvc 0.48.0", + "windows_x86_64_gnu 0.48.0", + "windows_x86_64_gnullvm 0.48.0", + "windows_x86_64_msvc 0.48.0", +] + [[package]] name = "windows_aarch64_gnullvm" version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41d2aa71f6f0cbe00ae5167d90ef3cfe66527d6f613ca78ac8024c3ccab9a19e" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" + [[package]] name = "windows_aarch64_msvc" version = "0.36.1" @@ -2216,6 +2701,12 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd0f252f5a35cac83d6311b2e795981f5ee6e67eb1f9a7f64eb4500fbc4dcdb4" +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" + [[package]] name = "windows_i686_gnu" version = "0.36.1" @@ -2228,6 +2719,12 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbeae19f6716841636c28d695375df17562ca208b2b7d0dc47635a50ae6c5de7" +[[package]] +name = "windows_i686_gnu" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" + [[package]] name = "windows_i686_msvc" version = "0.36.1" @@ -2240,6 +2737,12 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "84c12f65daa39dd2babe6e442988fc329d6243fdce47d7d2d155b8d874862246" +[[package]] +name = "windows_i686_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" + [[package]] name = "windows_x86_64_gnu" version = "0.36.1" @@ -2252,12 +2755,24 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf7b1b21b5362cbc318f686150e5bcea75ecedc74dd157d874d754a2ca44b0ed" +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" + [[package]] name = "windows_x86_64_gnullvm" version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09d525d2ba30eeb3297665bd434a54297e4170c7f1a44cad4ef58095b4cd2028" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" + [[package]] name = "windows_x86_64_msvc" version = "0.36.1" @@ -2270,6 +2785,12 @@ version = "0.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f40009d85759725a34da6d89a94e63d7bdc50a862acf0dbc7c8e488f1edcb6f5" +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" + [[package]] name = "winreg" version = "0.10.1" diff --git a/Cargo.toml b/Cargo.toml index 087b5bd..4325198 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,13 +12,15 @@ tokio = { version = "1", features = ["full"] } # Http axum = { version = "0.6", features = ["json"] } +axum-sessions = "0.5" +axum-csrf-sync-pattern = "0.3" tower = "0.4" tower-http = { version = "0.3", features = ["cors", "trace"] } hyper = "0.14" # Infra deadpool-redis = "0.10" -cerberus = { git = "https://github.com/WalletConnect/cerberus.git", tag = "v0.4.0" } +cerberus = { git = "https://github.com/WalletConnect/cerberus.git", rev = "83217c8dddee6b0857ca75cac91123aa430a0667" } # O11y tracing = "0.1" @@ -40,6 +42,7 @@ derive_more = "0.99" envy = "0.4" futures = "0.3" log = "0.4" +rand = "0.8" thiserror = "1.0" tap = "1.0" diff --git a/integration/integration.test.ts b/integration/integration.test.ts index 5ecd979..cdb824c 100644 --- a/integration/integration.test.ts +++ b/integration/integration.test.ts @@ -39,7 +39,13 @@ describe('verify', () => { const url = `${BASE_URL}/attestation` it('can set an attestation', async () => { - let resp: any = await http.post(`${url}`, {'origin': 'localhost', 'attestationId': 'some'}) + let resp: any = await http.get(`${url}/${TEST_PROJECT_ID}`) + let setCookie = resp.headers["set-cookie"] + let csrfToken = resp.headers["x-csrf-token"] + + resp = await http.post(`${url}`, {'origin': 'localhost', 'attestationId': 'some'}, { + headers: { "x-csrf-token": csrfToken, cookie: setCookie }, + }) expect(resp.status).toBe(200) expect(resp.headers["access-control-allow-origin"]).toBe(undefined) @@ -60,16 +66,8 @@ describe('verify', () => { expect(resp.status).toBe(200) - // let policy = resp.headers["content-security-policy"] - - // if (ENV === 'prod') { - // expect(policy).toBe("frame-ancestors https://*.walletconnect.com") - // } else { - // let wc = "https://*.walletconnect.com https://walletconnect.com" - // let vercel = "https://*.vercel.app https://vercel.app" - // let localhost = "http://*.localhost http://localhost" - // expect(policy).toBe(`frame-ancestors ${wc} ${wc} ${vercel} ${localhost}`) - // } + let policy = resp.headers["content-security-policy"] + expect(policy).toBe(`frame-ancestors https://*.walletconnect.com https://walletconnect.com`) }) describe('invalid project ID', () => { @@ -101,17 +99,8 @@ describe('verify', () => { let resp = await http.get(`${url}/22f5c861aeb01d5928e9f347df79f21b`) expect(resp.status).toBe(200) - // if (ENV === 'prod') { - // expect(resp.status).toBe(404) - // expect(resp.data).toContain("Project with the provided ID doesn't have a verified domain") - // } else { - // let policy = resp.headers["content-security-policy"] - - // let wc = "https://*.walletconnect.com https://walletconnect.com" - // let vercel = "https://*.vercel.app https://vercel.app" - // let localhost = "http://*.localhost http://localhost" - // expect(policy).toBe(`frame-ancestors ${wc} ${vercel} ${localhost}`) - // } + let policy = resp.headers["content-security-policy"] + expect(policy).toBe(undefined) }) }) describe('index.js', () => { diff --git a/src/http_server/mod.rs b/src/http_server/mod.rs index 3b4016b..0ebdc28 100644 --- a/src/http_server/mod.rs +++ b/src/http_server/mod.rs @@ -1,12 +1,14 @@ use { - crate::{Bouncer, Domain, GetAllowedDomainsError, ProjectId}, + crate::{Bouncer, Domain, GetVerifyStatusError, ProjectId, VerifyStatus}, axum::{ extract::{Path, State}, response::{Html, IntoResponse, Response}, routing::{get, post}, Router, }, + axum_csrf_sync_pattern::CsrfLayer, axum_prometheus::{EndpointLabel, PrometheusMetricLayerBuilder as MetricLayerBuilder}, + axum_sessions::{async_session, SessionLayer}, futures::FutureExt, hyper::{header, Method, StatusCode}, std::{future::Future, iter, net::SocketAddr, sync::Arc}, @@ -23,6 +25,7 @@ mod metrics; pub async fn run( app: impl Bouncer, port: u16, + session_secret: &[u8], metrics_provider: impl Fn() -> String + Clone + Send + 'static, metrics_port: u16, health_provider: impl Fn() -> String + Clone + Send + 'static, @@ -36,6 +39,8 @@ pub async fn run( .allow_origin(cors::Any) .allow_methods([Method::OPTIONS, Method::GET]); + let session_layer = SessionLayer::new(async_session::MemoryStore::new(), session_secret); + let metrics_layer = MetricLayerBuilder::new() // We overwrite enexpected enpoint paths here, otherwise this label will collect a bunch // of junk like "/+CSCOE+/logon.html". @@ -45,10 +50,12 @@ pub async fn run( let server = Router::new() .route("/attestation/:attestation_id", get(attestation::get)) .layer(cors_layer) - .route("/health", get(health::get(health_provider))) .route("/attestation", post(attestation::post)) - .route("/index.js", get(index_js::get)) .route("/:project_id", get(root)) + .layer(CsrfLayer::new()) + .layer(session_layer) + .route("/health", get(health::get(health_provider))) + .route("/index.js", get(index_js::get)) .layer(metrics_layer) .with_state(Arc::new(app)) .into_make_service() @@ -81,36 +88,29 @@ const INDEX_HTML: &str = r#" const UNKNOWN_PROJECT_MSG: &str = "Project with the provided ID doesn't exist. Please, ensure \ that the project is registered on cloud.walletconnect.com"; -const NO_VERIFIED_DOMAINS_MSG: &str = "Project with the provided ID doesn't have a verified \ - domain. Please, verify your domain on \ - cloud.walletconnect.com"; - #[instrument(level = "debug", skip(app))] pub async fn root( State(app): State>, Path(project_id): Path, ) -> Result { - let domains = app.get_allowed_domains(project_id).await?; - if domains.is_empty() { - return Err((StatusCode::NOT_FOUND, NO_VERIFIED_DOMAINS_MSG).into_response()); - } - - // TODO: enable once clients are ready - let _headers = [( - header::CONTENT_SECURITY_POLICY, - build_content_security_header(domains), - )]; - - Ok(Html(INDEX_HTML)) + let headers = match app.get_verify_status(project_id).await? { + VerifyStatus::Disabled => None, + VerifyStatus::Enabled { verified_domains } => Some([( + header::CONTENT_SECURITY_POLICY, + build_content_security_header(verified_domains), + )]), + }; + + Ok((headers, Html(INDEX_HTML))) } -impl From for Response { - fn from(e: GetAllowedDomainsError) -> Self { +impl From for Response { + fn from(e: GetVerifyStatusError) -> Self { match e { - GetAllowedDomainsError::UnknownProject => { + GetVerifyStatusError::UnknownProject => { (StatusCode::NOT_FOUND, UNKNOWN_PROJECT_MSG).into_response() } - GetAllowedDomainsError::Other(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(), + GetVerifyStatusError::Other(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(), } } } diff --git a/src/lib.rs b/src/lib.rs index 1ddc2eb..e49dc0a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -19,17 +19,30 @@ pub mod util; #[async_trait] pub trait Bouncer: Send + Sync + 'static { - async fn get_allowed_domains( + async fn get_verify_status( &self, project_id: ProjectId, - ) -> Result, GetAllowedDomainsError>; + ) -> Result; async fn set_attestation(&self, id: &str, origin: &str) -> Result<(), Error>; async fn get_attestation(&self, id: &str) -> Result, Error>; } +/// Status of the Verify API of some project. +pub enum VerifyStatus { + /// Verify API is disabled. + Disabled, + + /// Verify API is enabled. + Enabled { + /// List of the verified domains of the project. + verified_domains: Vec, + }, +} + +/// Error of getting [`Verification`] via [`Bouncer::verification`]. #[derive(Debug, thiserror::Error)] -pub enum GetAllowedDomainsError { +pub enum GetVerifyStatusError { #[error("UnknownProject")] UnknownProject, @@ -63,40 +76,39 @@ impl<'de> Deserialize<'de> for ProjectId { #[derive(Clone, Debug, Serialize, Deserialize)] pub struct ProjectData { + pub is_verify_enabled: bool, pub verified_domains: Vec, } struct App { - domain_whitelist: Vec, infra: I, } -pub fn new(domain_whitelist: Vec, infra: impl Infra) -> impl Bouncer { - App { - domain_whitelist, - infra, - } +pub fn new(infra: impl Infra) -> impl Bouncer { + App { infra } } #[async_trait] impl Bouncer for App { #[instrument(level = "warn", skip(self))] - async fn get_allowed_domains( + async fn get_verify_status( &self, project_id: ProjectId, - ) -> Result, GetAllowedDomainsError> { - let mut domains = self + ) -> Result { + let project_data = self .project_registry() .project_data(project_id) .await .tap_err(|e| error!("ProjectRegistry::project_data: {e:?}"))? - .ok_or(GetAllowedDomainsError::UnknownProject) - .tap_err(|_| warn!("Unknown project id"))? - .verified_domains; + .ok_or(GetVerifyStatusError::UnknownProject) + .tap_err(|_| warn!("Unknown project id"))?; - domains.extend_from_slice(&self.domain_whitelist); + let status = (project_data.is_verify_enabled && !project_data.verified_domains.is_empty()) + .then_some(project_data.verified_domains) + .map(|verified_domains| VerifyStatus::Enabled { verified_domains }) + .unwrap_or(VerifyStatus::Disabled); - Ok(domains) + Ok(status) } #[instrument(level = "debug", skip(self))] diff --git a/src/main.rs b/src/main.rs index ab1ea37..ff24106 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,10 +7,10 @@ use { bouncer::{ project_registry::{self, CachedExt as _}, util::redis, - Domain, }, build_info::VersionControl, futures::{future::select, FutureExt}, + rand::RngCore, serde::{Deserialize, Deserializer}, std::{future::Future, str::FromStr}, tokio::signal::unix::{signal, SignalKind}, @@ -37,12 +37,6 @@ pub struct Configuration { pub project_registry_url: String, pub project_registry_auth_token: String, pub project_registry_cache_url: String, - - /// Additional domains to allow the Enclave to be served on. - /// - /// Intended for testing purposes on dev environments. - #[serde(default)] - pub domain_whitelist: Vec, } build_info::build_info!(fn build_info); @@ -90,14 +84,15 @@ async fn main() -> Result<(), anyhow::Error> { .context("Failed to initialize ProjectRegistry")? .cached(project_registry_cache); - let app = bouncer::new( - config.domain_whitelist, - (attestation_store, project_registry), - ); + let app = bouncer::new((attestation_store, project_registry)); + + let mut session_secret = [0; 64]; + rand::thread_rng().try_fill_bytes(&mut session_secret)?; bouncer::http_server::run( app, config.port, + &session_secret, move || prometheus.render(), config.prometheus_port, health_provider, diff --git a/src/project_registry/cloud.rs b/src/project_registry/cloud.rs index 5af20ab..60b1295 100644 --- a/src/project_registry/cloud.rs +++ b/src/project_registry/cloud.rs @@ -26,7 +26,9 @@ impl ProjectRegistry for RegistryHttpClient { return Ok(None); }; - let verified_domains = data.verified_domains.into_iter().map(Domain).collect(); - Ok(Some(ProjectData { verified_domains })) + Ok(Some(ProjectData { + is_verify_enabled: data.is_verify_enabled, + verified_domains: data.verified_domains.into_iter().map(Domain).collect(), + })) } } diff --git a/terraform/ecs/main.tf b/terraform/ecs/main.tf index 2a410b7..aba6dc4 100644 --- a/terraform/ecs/main.tf +++ b/terraform/ecs/main.tf @@ -66,7 +66,6 @@ resource "aws_ecs_task_definition" "app_task_definition" { { name = "PROJECT_REGISTRY_CACHE_URL", value = "redis://${var.redis_url}/1" }, { name = "PROJECT_REGISTRY_URL", value = var.project_registry_url }, { name = "PROJECT_REGISTRY_AUTH_TOKEN", value = var.project_registry_auth_token }, - { name = "DOMAIN_WHITELIST", value = var.domain_whitelist } ], dependsOn = [ { containerName = "aws-otel-collector", condition = "START" } diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf index c71207f..f42d950 100644 --- a/terraform/ecs/variables.tf +++ b/terraform/ecs/variables.tf @@ -28,11 +28,6 @@ variable "project_registry_auth_token" { sensitive = true } -variable "domain_whitelist" { - type = string - default = "" -} - variable "prometheus_endpoint" { type = string } diff --git a/terraform/main.tf b/terraform/main.tf index 334d436..586211b 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -102,5 +102,4 @@ module "ecs" { redis_url = module.redis.endpoint project_registry_url = var.project_registry_url project_registry_auth_token = var.project_registry_auth_token - domain_whitelist = var.domain_whitelist } diff --git a/terraform/variables.tf b/terraform/variables.tf index 7977044..e845900 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -7,11 +7,6 @@ variable "project_registry_auth_token" { sensitive = true } -variable "domain_whitelist" { - type = string - default = "" -} - variable "region" { type = string default = "eu-central-1" diff --git a/terraform/vars/dev.tfvars b/terraform/vars/dev.tfvars index dd0984b..fe50821 100644 --- a/terraform/vars/dev.tfvars +++ b/terraform/vars/dev.tfvars @@ -1,2 +1 @@ project_registry_url = "https://registry-staging-cf.walletconnect.com" -domain_whitelist = "walletconnect.com,vercel.app,localhost" \ No newline at end of file diff --git a/terraform/vars/prod.tfvars b/terraform/vars/prod.tfvars index 4ac1d6b..2195811 100644 --- a/terraform/vars/prod.tfvars +++ b/terraform/vars/prod.tfvars @@ -1,2 +1 @@ project_registry_url = "https://registry-prod-cf.walletconnect.com" -domain_whitelist = "localhost" diff --git a/terraform/vars/staging.tfvars b/terraform/vars/staging.tfvars index dd0984b..fe50821 100644 --- a/terraform/vars/staging.tfvars +++ b/terraform/vars/staging.tfvars @@ -1,2 +1 @@ project_registry_url = "https://registry-staging-cf.walletconnect.com" -domain_whitelist = "walletconnect.com,vercel.app,localhost" \ No newline at end of file