Merge pull request #488 from helium/jg/skf-by-route

migrate skf under route

docker-compose.yml

@@ -93,6 +93,8 @@ services:
         iot-verifier
         mobile-packet-verifier
         iot-packet-verifier
+        iot-price
+        mobile-price
       ORACLE_ID: oraclesecretid
       ORACLE_KEY: oraclesecretkey
     entrypoint:

file_store/src/traits/msg_verify.rs

@@ -46,15 +46,14 @@ impl_msg_verify!(iot_config::RouteGetEuisReqV1, signature);
 impl_msg_verify!(iot_config::RouteUpdateEuisReqV1, signature);
 impl_msg_verify!(iot_config::RouteGetDevaddrRangesReqV1, signature);
 impl_msg_verify!(iot_config::RouteUpdateDevaddrRangesReqV1, signature);
+impl_msg_verify!(iot_config::RouteSkfListReqV1, signature);
+impl_msg_verify!(iot_config::RouteSkfGetReqV1, signature);
+impl_msg_verify!(iot_config::RouteSkfUpdateReqV1, signature);
 impl_msg_verify!(iot_config::GatewayLocationReqV1, signature);
 impl_msg_verify!(iot_config::GatewayRegionParamsReqV1, signature);
 impl_msg_verify!(iot_config::AdminAddKeyReqV1, signature);
 impl_msg_verify!(iot_config::AdminLoadRegionReqV1, signature);
 impl_msg_verify!(iot_config::AdminRemoveKeyReqV1, signature);
-impl_msg_verify!(iot_config::SessionKeyFilterGetReqV1, signature);
-impl_msg_verify!(iot_config::SessionKeyFilterListReqV1, signature);
-impl_msg_verify!(iot_config::SessionKeyFilterStreamReqV1, signature);
-impl_msg_verify!(iot_config::SessionKeyFilterUpdateReqV1, signature);
 impl_msg_verify!(iot_config::GatewayInfoReqV1, signature);
 impl_msg_verify!(iot_config::GatewayInfoStreamReqV1, signature);
 impl_msg_verify!(iot_config::RegionParamsReqV1, signature);

iot_config.Dockerfile

@@ -19,7 +19,7 @@ RUN mkdir ./iot_config/src \
  && sed -i -e '/ingest/d'       -e '/mobile_config/d' -e '/mobile_verifier/d' \
            -e '/poc_entropy/d'  -e '/iot_verifier/d'  -e '/price/d' \
            -e '/reward_index/d' -e '/denylist/d'      -e '/iot_packet_verifier/d' \
-           -e '/mobile_packet_verifier/d' \
+           -e '/solana/d'       -e '/mobile_packet_verifier/d' \
            Cargo.toml \
  && cargo build --package iot-config --release
 

iot_config/migrations/8_skfs_by_route.sql

@@ -0,0 +1,16 @@
+drop table session_key_filters;
+
+create table route_session_key_filters (
+    route_id uuid not null references routes(id) on delete cascade,
+    devaddr int not null,
+    session_key text not null,
+
+    inserted_at timestamptz not null default now(),
+    updated_at timestamptz not null default now(),
+
+    primary key (route_id, devaddr, session_key)
+);
+
+create index skf_devaddr_idx on route_session_key_filters (devaddr);
+
+select trigger_updated_at('route_session_key_filters');

iot_config/src/lib.rs

@@ -9,8 +9,6 @@ pub mod org_service;
 pub mod region_map;
 pub mod route;
 pub mod route_service;
-pub mod session_key;
-pub mod session_key_service;
 pub mod settings;
 pub mod telemetry;
 
@@ -20,7 +18,6 @@ pub use gateway_service::GatewayService;
 use lora_field::{LoraField, NetIdField};
 pub use org_service::OrgService;
 pub use route_service::RouteService;
-pub use session_key_service::SessionKeyFilterService;
 pub use settings::Settings;
 
 use helium_crypto::PublicKey;

iot_config/src/lora_field.rs

@@ -11,7 +11,7 @@ pub type EuiField = LoraField<16>;
 
 pub mod proto {
     pub use helium_proto::services::iot_config::{
-        DevaddrConstraintV1, DevaddrRangeV1, EuiPairV1, OrgV1,
+        DevaddrConstraintV1, DevaddrRangeV1, EuiPairV1, OrgV1, SkfV1,
     };
 }
 
@@ -30,6 +30,10 @@ impl DevAddrRange {
             end_addr,
         }
     }
+
+    pub fn contains_addr(&self, addr: DevAddrField) -> bool {
+        self.start_addr <= addr && self.end_addr >= addr
+    }
 }
 
 impl FromRow<'_, PgRow> for DevAddrRange {
@@ -73,10 +77,6 @@ impl DevAddrConstraint {
     pub fn contains_range(&self, range: &DevAddrRange) -> bool {
         self.start_addr <= range.start_addr && self.end_addr >= range.end_addr
     }
-
-    pub fn contains_addr(&self, addr: DevAddrField) -> bool {
-        self.start_addr <= addr && self.end_addr >= addr
-    }
 }
 
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
@@ -108,6 +108,35 @@ impl FromRow<'_, PgRow> for EuiPair {
     }
 }
 
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct Skf {
+    pub route_id: String,
+    pub devaddr: DevAddrField,
+    pub session_key: String,
+}
+
+impl Skf {
+    pub fn new(route_id: String, devaddr: DevAddrField, session_key: String) -> Self {
+        Self {
+            route_id,
+            devaddr,
+            session_key,
+        }
+    }
+}
+
+impl FromRow<'_, PgRow> for Skf {
+    fn from_row(row: &PgRow) -> sqlx::Result<Self> {
+        Ok(Self {
+            route_id: row
+                .try_get::<sqlx::types::Uuid, &str>("route_id")?
+                .to_string(),
+            devaddr: row.get::<i32, &str>("devaddr").into(),
+            session_key: row.get::<String, &str>("session_key"),
+        })
+    }
+}
+
 #[derive(thiserror::Error, Debug)]
 pub enum ParseError {
     #[error("char len mismatch: expected {0}, found {1}")]
@@ -523,6 +552,46 @@ impl From<&EuiPair> for proto::EuiPairV1 {
     }
 }
 
+impl From<proto::SkfV1> for Skf {
+    fn from(filter: proto::SkfV1) -> Self {
+        Self {
+            route_id: filter.route_id,
+            devaddr: filter.devaddr.into(),
+            session_key: filter.session_key,
+        }
+    }
+}
+
+impl From<&proto::SkfV1> for Skf {
+    fn from(filter: &proto::SkfV1) -> Self {
+        Self {
+            route_id: filter.route_id.to_owned(),
+            devaddr: filter.devaddr.into(),
+            session_key: filter.session_key.to_owned(),
+        }
+    }
+}
+
+impl From<Skf> for proto::SkfV1 {
+    fn from(filter: Skf) -> Self {
+        Self {
+            route_id: filter.route_id,
+            devaddr: filter.devaddr.into(),
+            session_key: filter.session_key,
+        }
+    }
+}
+
+impl From<&Skf> for proto::SkfV1 {
+    fn from(filter: &Skf) -> Self {
+        Self {
+            route_id: filter.route_id.to_owned(),
+            devaddr: filter.devaddr.into(),
+            session_key: filter.session_key.to_owned(),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

iot_config/src/main.rs

@@ -1,13 +1,11 @@
 use anyhow::{Error, Result};
 use clap::Parser;
 use futures_util::TryFutureExt;
-use helium_proto::services::iot_config::{
-    AdminServer, GatewayServer, OrgServer, RouteServer, SessionKeyFilterServer,
-};
+use helium_proto::services::iot_config::{AdminServer, GatewayServer, OrgServer, RouteServer};
 use iot_config::{
-    admin::AuthCache, gateway_service::GatewayService, org_service::OrgService,
-    region_map::RegionMapReader, route_service::RouteService,
-    session_key_service::SessionKeyFilterService, settings::Settings, AdminService,
+    admin::AuthCache, admin_service::AdminService, gateway_service::GatewayService,
+    org_service::OrgService, region_map::RegionMapReader, route_service::RouteService,
+    settings::Settings,
 };
 use std::{path::PathBuf, time::Duration};
 use tokio::signal;
@@ -115,12 +113,12 @@ impl Daemon {
             region_map.clone(),
             region_updater,
         )?;
-        let session_key_filter_svc = SessionKeyFilterService::new(
-            settings,
-            auth_cache.clone(),
-            pool.clone(),
-            shutdown_listener.clone(),
-        )?;
+
+        let pubkey = settings
+            .signing_keypair()
+            .map(|keypair| keypair.public_key().to_string())?;
+        tracing::debug!("listening on {listen_addr}");
+        tracing::debug!("signing as {pubkey}");
 
         let server = transport::Server::builder()
             .http2_keepalive_interval(Some(Duration::from_secs(250)))
@@ -129,7 +127,6 @@ impl Daemon {
             .add_service(OrgServer::new(org_svc))
             .add_service(RouteServer::new(route_svc))
             .add_service(AdminServer::new(admin_svc))
-            .add_service(SessionKeyFilterServer::new(session_key_filter_svc))
             .serve_with_shutdown(listen_addr, shutdown_listener)
             .map_err(Error::from);
 

iot_config/src/org.rs

@@ -232,7 +232,10 @@ pub async fn get_org_pubkeys(
 ) -> Result<Vec<PublicKey>, DbOrgError> {
     let org = get(oui, db).await?;
 
-    let mut pubkeys: Vec<PublicKey> = vec![PublicKey::try_from(org.owner)?];
+    let mut pubkeys: Vec<PublicKey> = vec![
+        PublicKey::try_from(org.owner)?,
+        PublicKey::try_from(org.payer)?,
+    ];
 
     let mut delegate_pubkeys: Vec<PublicKey> = org
         .delegate_keys
@@ -262,7 +265,10 @@ pub async fn get_org_pubkeys_by_route(
     .fetch_one(db)
     .await?;
 
-    let mut pubkeys: Vec<PublicKey> = vec![PublicKey::try_from(org.owner)?];
+    let mut pubkeys: Vec<PublicKey> = vec![
+        PublicKey::try_from(org.owner)?,
+        PublicKey::try_from(org.payer)?,
+    ];
 
     let mut delegate_keys: Vec<PublicKey> = org
         .delegate_keys