Iot Config service use Helius for on-chain metadata #428
Conversation
| impl_msg_verify!(SessionKeyFilterListReqV1, signature); | ||
| impl_msg_verify!(SessionKeyFilterStreamReqV1, signature); | ||
| impl_msg_verify!(SessionKeyFilterUpdateReqV1, signature); | ||
| impl_msg_verify!(iot_config::OrgCreateHeliumReqV1, signature); |
There was a problem hiding this comment.
i've started pathing these message types here since they will have very similar names between other services (like the mobile config service)
jeffgrunewald
force-pushed
the
jg/iot-config-helius
branch
2 times, most recently
from
9a82be5 to
472d8e2
Compare
|
This is ready to review it's in "draft" status to prevent merging before updating the dependencies once they get updated |
| } | ||
|
|
||
| impl AuthCache { | ||
| pub async fn new( | ||
| settings: &Settings, | ||
| db: impl sqlx::PgExecutor<'_> + Copy, | ||
| ) -> Result<Self, AdminAuthError> { | ||
| ) -> anyhow::Result<(watch::Sender<CacheKeys>, Self)> { |
There was a problem hiding this comment.
nit: why not import result in line 2? I notice you import in some modules but not others
There was a problem hiding this comment.
this is a stylistic choice that i'm up for debate over; i don't feel overly strongly about it, but given the std::result::Result is part of the typical prelude unless you override it with use anyhow::Result then it's easier at a glance, particularly in a large file that what you're returning is not the std Result type
| signature: vec![], | ||
| }; | ||
| request.signature = self.signing_key.sign(&request.encode_to_vec())?; | ||
| tracing::debug!(pubkey = address.to_string(), "fetching gateway info"); |
There was a problem hiding this comment.
nit: not sure what value this log statement provide
There was a problem hiding this comment.
this is probably a better place for a metric on grpc requests then a log statement, good point
| use helium_crypto::PublicKeyBinary; | ||
| use sqlx::{PgExecutor, Row}; | ||
|
|
||
| pub struct IotMetadata { |
There was a problem hiding this comment.
slightly confusing having both GatewayMetadata and IotMetadata structs
There was a problem hiding this comment.
i had hoped scoping the IotMetadata struct inside the db submodule would help with that, but i couldn't think of a better way to do unless i skipped the FromRow impl altogether; since the GatewayInfo requires the hextree map to look up a Region from the asserted location and i can't change the from_row function signature to pass that in i needed the intermediary data structure
There was a problem hiding this comment.
I understand andymck's point, but I can't think of a better way either and I think scoping IotMetadata to the db submodule does help.
jeffgrunewald
force-pushed
the
jg/iot-config-helius
branch
from
c453021 to
86df017
Compare
| signer: signer.clone(), | ||
| signature: vec![], | ||
| }; | ||
| futures::future::ready(signing_key.sign(&update_res.encode_to_vec())) |
There was a problem hiding this comment.
Nice! I need to remember this.
Co-authored-by: andymck <andrewb.mckenzie@gmail.com>
jeffgrunewald
force-pushed
the
jg/iot-config-helius
branch
from
86df017 to
7d7edfe
Compare
jeffgrunewald
force-pushed
the
jg/iot-config-helius
branch
from
71fda35 to
c8cde12
Compare
Co-authored-by: Matthew Plant <matty@nova-labs.com>
jeffgrunewald
force-pushed
the
jg/iot-config-helius
branch
from
c8cde12 to
b0c265b
Compare
Switches the iot-config service (and the rest of oracles) to use the helius database for retrieving on-chain gateway metadata instead of the blockchain-node follower client service.
This also adds additional optimizations for signature verification of sent and received messages with the iot-config service, primarily enforcing messages include the binary of the signing pubkey for O(1) verification of the signature verification instead of O(n) when checking the signature against all potentially valid signing keys; instead of attempting to verifying the signature of a message against all potential keys we validate against the key as self-reported in the message and then simply check for membership of that key in the list of potential authorized signers. This also introduces additional message signing of outgoing messages sent by the config service itself
Depends on: