serai/message-queue/src/main.rs

use std::{
  sync::{Arc, RwLock},
  collections::HashMap,
};

use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
use schnorr_signatures::SchnorrSignature;

use serai_primitives::NetworkId;

use jsonrpsee::{RpcModule, server::ServerBuilder};

mod messages;
use messages::*;

mod queue;
use queue::Queue;

type Db = serai_db::RocksDB;

lazy_static::lazy_static! {
  static ref KEYS: Arc<RwLock<HashMap<Service, <Ristretto as Ciphersuite>::G>>> =
    Arc::new(RwLock::new(HashMap::new()));
  static ref QUEUES: Arc<RwLock<HashMap<Service, RwLock<Queue<Db>>>>> =
    Arc::new(RwLock::new(HashMap::new()));
}

// queue RPC method
/*
  Queues a message to be delivered from a processor to a coordinator, or vice versa.

  Messages are authenticated to be coming from the claimed service. Recipient services SHOULD
  independently verify signatures.

  The metadata specifies an intent. Only one message, for a specified intent, will be delivered.
  This allows services to safely send messages multiple times without them being delivered multiple
  times.

  The message will be ordered by this service, with the order having no guarantees other than
  successful ordering by the time this call returns.
*/
fn queue_message(meta: Metadata, msg: Vec<u8>, sig: SchnorrSignature<Ristretto>) {
  {
    let from = (*KEYS).read().unwrap()[&meta.from];
    assert!(
      sig.verify(from, message_challenge(meta.from, from, meta.to, &meta.intent, &msg, sig.R))
    );
  }

  // Assert one, and only one of these, is the coordinator
  assert!(matches!(meta.from, Service::Coordinator) ^ matches!(meta.to, Service::Coordinator));

  // TODO: Verify (from, intent) hasn't been prior seen

  // Queue it
  let id = (*QUEUES).read().unwrap()[&meta.to].write().unwrap().queue_message(QueuedMessage {
    from: meta.from,
    // Temporary value which queue_message will override
    id: u64::MAX,
    msg,
    sig: sig.serialize(),
  });

  log::info!("Queued message from {:?}. It is {:?} {id}", meta.from, meta.to);
}

// next RPC method
/*
  Gets the next message in queue for this service.

  This is not authenticated due to the fact every nonce would have to be saved to prevent replays,
  or a challenge-response protocol implemented. Neither are worth doing when there should be no
  sensitive data on this server.

  The expected index is used to ensure a service didn't fall out of sync with this service. It
  should always be either the next message's ID or *TODO*.
*/
fn get_next_message(service: Service, _expected: u64) -> Option<QueuedMessage> {
  // TODO: Verify the expected next message ID matches

  let queue_outer = (*QUEUES).read().unwrap();
  let queue = queue_outer[&service].read().unwrap();
  let next = queue.last_acknowledged().map(|i| i + 1).unwrap_or(0);
  queue.get_message(next)
}

// ack RPC method
/*
  Acknowledges a message as received and handled, meaning it'll no longer be returned as the next
  message.
*/
fn ack_message(service: Service, id: u64, sig: SchnorrSignature<Ristretto>) {
  {
    let from = (*KEYS).read().unwrap()[&service];
    assert!(sig.verify(from, ack_challenge(service, from, id, sig.R)));
  }

  // Is it:
  // The acknowledged message should be > last acknowledged OR
  // The acknowledged message should be >=
  // It's the first if we save messages as acknowledged before acknowledging them
  // It's the second if we acknowledge messages before saving them as acknowledged
  // TODO: Check only a proper message is being acked

  log::info!("{:?} is acknowledging {}", service, id);

  (*QUEUES).read().unwrap()[&service].write().unwrap().ack_message(id)
}

#[tokio::main]
async fn main() {
  if std::env::var("RUST_LOG").is_err() {
    std::env::set_var("RUST_LOG", serai_env::var("RUST_LOG").unwrap_or_else(|| "info".to_string()));
  }
  env_logger::init();

  log::info!("Starting message-queue service...");

  // Open the DB
  let db = serai_db::new_rocksdb(&serai_env::var("DB_PATH").expect("path to DB wasn't specified"));

  let read_key = |str| {
    let key = serai_env::var(str)?;

    let mut repr = <<Ristretto as Ciphersuite>::G as GroupEncoding>::Repr::default();
    repr.as_mut().copy_from_slice(&hex::decode(key).unwrap());
    Some(<Ristretto as Ciphersuite>::G::from_bytes(&repr).unwrap())
  };

  let register_service = |service, key| {
    (*KEYS).write().unwrap().insert(service, key);
    (*QUEUES).write().unwrap().insert(service, RwLock::new(Queue(db.clone(), service)));
  };

  // Make queues for each NetworkId, other than Serai
  for network in [NetworkId::Bitcoin, NetworkId::Ethereum, NetworkId::Monero] {
    // Use a match so we error if the list of NetworkIds changes
    let Some(key) = read_key(match network {
      NetworkId::Serai => unreachable!(),
      NetworkId::Bitcoin => "BITCOIN_KEY",
      NetworkId::Ethereum => "ETHEREUM_KEY",
      NetworkId::Monero => "MONERO_KEY",
    }) else {
      continue;
    };

    register_service(Service::Processor(network), key);
  }

  // And the coordinator's
  register_service(Service::Coordinator, read_key("COORDINATOR_KEY").unwrap());

  // Start server
  let builder = ServerBuilder::new();
  // TODO: Add middleware to check some key is present in the header, making this an authed
  // connection
  // TODO: Set max request/response size
  // 5132 ^ ((b'M' << 8) | b'Q')
  let listen_on: &[std::net::SocketAddr] = &["0.0.0.0:2287".parse().unwrap()];
  let server = builder.build(listen_on).await.unwrap();

  let mut module = RpcModule::new(());
  module
    .register_method("queue", |args, _| {
      let args = args.parse::<(Metadata, Vec<u8>, Vec<u8>)>().unwrap();
      queue_message(
        args.0,
        args.1,
        SchnorrSignature::<Ristretto>::read(&mut args.2.as_slice()).unwrap(),
      );
      Ok(true)
    })
    .unwrap();
  module
    .register_method("next", |args, _| {
      let args = args.parse::<(Service, u64)>().unwrap();
      Ok(get_next_message(args.0, args.1))
    })
    .unwrap();
  module
    .register_method("ack", |args, _| {
      let args = args.parse::<(Service, u64, Vec<u8>)>().unwrap();
      ack_message(
        args.0,
        args.1,
        SchnorrSignature::<Ristretto>::read(&mut args.2.as_slice()).unwrap(),
      );
      Ok(true)
    })
    .unwrap();

  // Run until stopped, which it never will
  server.start(module).unwrap().stopped().await;
}
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`use std::{`
			`sync::{Arc, RwLock},`
			`collections::HashMap,`
			`};`

			`use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};`
			`use schnorr_signatures::SchnorrSignature;`

			`use serai_primitives::NetworkId;`

			`use jsonrpsee::{RpcModule, server::ServerBuilder};`

			`mod messages;`
			`use messages::*;`

			`mod queue;`
			`use queue::Queue;`

Consolidate RockDB code Moves explicitly to zstd. RockDB recommends zstd, or at least lz4 over snappy, and this minimizes which dependencies we pull in. 2023-07-26 01:39:29 +00:00			`type Db = serai_db::RocksDB;`
message-queue RocksDB + fix listening 2023-07-17 04:20:10 +00:00
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`lazy_static::lazy_static! {`
			`static ref KEYS: Arc<RwLock<HashMap<Service, <Ristretto as Ciphersuite>::G>>> =`
			`Arc::new(RwLock::new(HashMap::new()));`
message-queue RocksDB + fix listening 2023-07-17 04:20:10 +00:00			`static ref QUEUES: Arc<RwLock<HashMap<Service, RwLock<Queue<Db>>>>> =`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`Arc::new(RwLock::new(HashMap::new()));`
			`}`

			`// queue RPC method`
Document message-queue RPC methods 2023-07-17 00:53:58 +00:00			`/*`
			`Queues a message to be delivered from a processor to a coordinator, or vice versa.`

			`Messages are authenticated to be coming from the claimed service. Recipient services SHOULD`
			`independently verify signatures.`

			`The metadata specifies an intent. Only one message, for a specified intent, will be delivered.`
			`This allows services to safely send messages multiple times without them being delivered multiple`
			`times.`

			`The message will be ordered by this service, with the order having no guarantees other than`
			`successful ordering by the time this call returns.`
			`*/`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`fn queue_message(meta: Metadata, msg: Vec<u8>, sig: SchnorrSignature<Ristretto>) {`
			`{`
			`let from = (*KEYS).read().unwrap()[&meta.from];`
Add ack signatures Also modifies message signatures to be binding to from, not just from's key. 2023-07-17 21:40:34 +00:00			`assert!(`
			`sig.verify(from, message_challenge(meta.from, from, meta.to, &meta.intent, &msg, sig.R))`
			`);`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`}`

			`// Assert one, and only one of these, is the coordinator`
			`assert!(matches!(meta.from, Service::Coordinator) ^ matches!(meta.to, Service::Coordinator));`

Document message-queue RPC methods 2023-07-17 00:53:58 +00:00			`// TODO: Verify (from, intent) hasn't been prior seen`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00
			`// Queue it`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`let id = (*QUEUES).read().unwrap()[&meta.to].write().unwrap().queue_message(QueuedMessage {`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`from: meta.from,`
Add a message-queue connection to processor Still needs love, yet should get us closer to starting testing. 2023-07-17 19:49:15 +00:00			`// Temporary value which queue_message will override`
			`id: u64::MAX,`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`msg,`
			`sig: sig.serialize(),`
			`});`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00
			`log::info!("Queued message from {:?}. It is {:?} {id}", meta.from, meta.to);`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`}`

Document message-queue RPC methods 2023-07-17 00:53:58 +00:00			`// next RPC method`
			`/*`
			`Gets the next message in queue for this service.`

			`This is not authenticated due to the fact every nonce would have to be saved to prevent replays,`
			`or a challenge-response protocol implemented. Neither are worth doing when there should be no`
			`sensitive data on this server.`

			`The expected index is used to ensure a service didn't fall out of sync with this service. It`
			`should always be either the next message's ID or TODO.`
			`*/`
Remove signature from get_next_message Duee to signature replaying, it's very annoying to provide meanigful data access privacy. None of these messages should be private/have sensitive data anyways though. 2023-07-17 00:38:13 +00:00			`fn get_next_message(service: Service, _expected: u64) -> Option<QueuedMessage> {`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`// TODO: Verify the expected next message ID matches`

			`let queue_outer = (*QUEUES).read().unwrap();`
			`let queue = queue_outer[&service].read().unwrap();`
			`let next = queue.last_acknowledged().map(\|i\| i + 1).unwrap_or(0);`
			`queue.get_message(next)`
			`}`

			`// ack RPC method`
Document message-queue RPC methods 2023-07-17 00:53:58 +00:00			`/*`
			`Acknowledges a message as received and handled, meaning it'll no longer be returned as the next`
			`message.`
			`*/`
Add ack signatures Also modifies message signatures to be binding to from, not just from's key. 2023-07-17 21:40:34 +00:00			`fn ack_message(service: Service, id: u64, sig: SchnorrSignature<Ristretto>) {`
			`{`
			`let from = (*KEYS).read().unwrap()[&service];`
			`assert!(sig.verify(from, ack_challenge(service, from, id, sig.R)));`
			`}`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00
			`// Is it:`
			`// The acknowledged message should be > last acknowledged OR`
			`// The acknowledged message should be >=`
			`// It's the first if we save messages as acknowledged before acknowledging them`
			`// It's the second if we acknowledge messages before saving them as acknowledged`
			`// TODO: Check only a proper message is being acked`

Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`log::info!("{:?} is acknowledging {}", service, id);`

Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`(*QUEUES).read().unwrap()[&service].write().unwrap().ack_message(id)`
			`}`

			`#[tokio::main]`
			`async fn main() {`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`if std::env::var("RUST_LOG").is_err() {`
Update how RPCs are handled The processor now takes three vars and joins them itself. message-queue uses a single argument, with defaults, as it's a service we control. 2023-07-21 18:00:03 +00:00			`std::env::set_var("RUST_LOG", serai_env::var("RUST_LOG").unwrap_or_else(\|\| "info".to_string()));`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`}`
			`env_logger::init();`

			`log::info!("Starting message-queue service...");`

Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`// Open the DB`
Consolidate RockDB code Moves explicitly to zstd. RockDB recommends zstd, or at least lz4 over snappy, and this minimizes which dependencies we pull in. 2023-07-26 01:39:29 +00:00			`let db = serai_db::new_rocksdb(&serai_env::var("DB_PATH").expect("path to DB wasn't specified"));`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00
			`let read_key = \|str\| {`
Correct the message-queue's handling of var 2023-07-17 06:01:31 +00:00			`let key = serai_env::var(str)?;`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00
			`let mut repr = <<Ristretto as Ciphersuite>::G as GroupEncoding>::Repr::default();`
			`repr.as_mut().copy_from_slice(&hex::decode(key).unwrap());`
			`Some(<Ristretto as Ciphersuite>::G::from_bytes(&repr).unwrap())`
			`};`

			`let register_service = \|service, key\| {`
			`(*KEYS).write().unwrap().insert(service, key);`
			`(*QUEUES).write().unwrap().insert(service, RwLock::new(Queue(db.clone(), service)));`
			`};`

			`// Make queues for each NetworkId, other than Serai`
			`for network in [NetworkId::Bitcoin, NetworkId::Ethereum, NetworkId::Monero] {`
			`// Use a match so we error if the list of NetworkIds changes`
			`let Some(key) = read_key(match network {`
			`NetworkId::Serai => unreachable!(),`
			`NetworkId::Bitcoin => "BITCOIN_KEY",`
			`NetworkId::Ethereum => "ETHEREUM_KEY",`
			`NetworkId::Monero => "MONERO_KEY",`
cargo +nightly fmt 2023-08-01 04:47:36 +00:00			`}) else {`
			`continue;`
			`};`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00
			`register_service(Service::Processor(network), key);`
			`}`

			`// And the coordinator's`
			`register_service(Service::Coordinator, read_key("COORDINATOR_KEY").unwrap());`

			`// Start server`
			`let builder = ServerBuilder::new();`
Add a message-queue connection to processor Still needs love, yet should get us closer to starting testing. 2023-07-17 19:49:15 +00:00			`// TODO: Add middleware to check some key is present in the header, making this an authed`
			`// connection`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`// TODO: Set max request/response size`
message-queue RocksDB + fix listening 2023-07-17 04:20:10 +00:00			`// 5132 ^ ((b'M' << 8) \| b'Q')`
			`let listen_on: &[std::net::SocketAddr] = &["0.0.0.0:2287".parse().unwrap()];`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`let server = builder.build(listen_on).await.unwrap();`

			`let mut module = RpcModule::new(());`
			`module`
			`.register_method("queue", \|args, _\| {`
			`let args = args.parse::<(Metadata, Vec<u8>, Vec<u8>)>().unwrap();`
			`queue_message(`
			`args.0,`
			`args.1,`
			`SchnorrSignature::<Ristretto>::read(&mut args.2.as_slice()).unwrap(),`
			`);`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`Ok(true)`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`})`
			`.unwrap();`
			`module`
			`.register_method("next", \|args, _\| {`
Add a message-queue connection to processor Still needs love, yet should get us closer to starting testing. 2023-07-17 19:49:15 +00:00			`let args = args.parse::<(Service, u64)>().unwrap();`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`Ok(get_next_message(args.0, args.1))`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`})`
			`.unwrap();`
			`module`
			`.register_method("ack", \|args, _\| {`
			`let args = args.parse::<(Service, u64, Vec<u8>)>().unwrap();`
			`ack_message(`
			`args.0,`
			`args.1,`
			`SchnorrSignature::<Ristretto>::read(&mut args.2.as_slice()).unwrap(),`
			`);`
Add a Docker-based test for the message-queue service 2023-07-20 22:53:03 +00:00			`Ok(true)`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`})`
			`.unwrap();`
message-queue RocksDB + fix listening 2023-07-17 04:20:10 +00:00
			`// Run until stopped, which it never will`
			`server.start(module).unwrap().stopped().await;`
Add a message queue This is intended to be a reliable transport between the processors and coordinator. Since it'll be intranet only, it's written as never fail. Primarily needs testing and a proper ID. 2023-07-01 12:53:46 +00:00			`}`