feat(backend): unique keys per wallet address #2863
Conversation
…posit input (#2817) * fix(frontend): asset scale consistency in liquidity dialogs. * Ensure asset scale consistency when displaying and withdrawing liquidity by adding asset info to the liquidity dialog component and updating the input handling in Rafiki Admin UI. --------- Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com>
* fix: getting the localenv docs and readme in sync * chore: updated MASE screenshots * chore: updating the code block language identifier to have consistent approach through the docs
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fixed(frontend) asset page now retains page scroll position. * feat(frontend) added autofocus to liquidity dialog input * feat(fronted) made eslint happy
* feat(auth): build with alpine3.19 * feat(backend): build with alpine3.19 * feat(frontend): build with alpine3.19 * bump(localenv): docker image to alpine 3.19
* fix(auth): interact redirect * fix(auth): session cookie not expiring in browser * fix(auth): session expiration time unit --------- Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com>
* feat(auth): return granId for the grant lookup via interaction id * test(auth): check grantId is returned for grant lookup via interaction id * docs(openapi): auth return grantId for grant lookup via interaction id
* feat(backend): support for returning grantId when querying outgoing payment When querying outgoing payment, either single one, or list of them via pagination, etc., it will be possible to also get a grantId under which the outgoing * test(outgoing-payment): check if grantId is returned * docs(bruno): include grantId when fetching outgoing payment
* feat(localenv): add span metric generation - adds configuration that generates span metrics from tempo traces - can see new `traces_spanmetrics_bucket` etc. in local grafana dashboard * feat(localenv): add gql resolver metric * chore(localenv): give panel title
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* feat(2737): add fees as metric for outgoing payment. * feat(2737): rename to payment_fees. * feat(2737): test case updates. * feat(2737): formatting. * feat(2737): re-order test cases. Move fee collector. * feat(2737): dashboard and doc updates. * feat(2737): merged with main. * feat(2737): review feedback applied from @JoblersTune. * feat(2737): review feedback applied from @mkurapov. * feat(2737): additional tests for covert of assets and rates. * feat(2737): additional tests ensuring the increment counter was called. * feat(2737): additional tests ensuring the increment counter was called. * feat(2737): readme.
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860
✅ Deploy Preview for brilliant-pasca-3e80ec canceled.
|
github-actions
bot
added
type: tests
@BlairCurrey I messed up merging in main. I haven't touched code in a while so I'm out of practice 😬 |
|
@sabineschaller to double check, are we good to review this? |
github-actions
bot
added
pkg: frontend
|
Changes:
|
github-actions
bot
removed
pkg: frontend
|
Updates based on #3130.
|
| }) | ||
| }) | ||
|
|
||
| test('Returns DuplicateKey when the key already exists and it is unrevoked', async (): Promise<void> => { |
There was a problem hiding this comment.
Looks like you are already handling this in the "'cannot add duplicate key to a wallet address'" test.
|
|
||
| const revokedKey = await walletAddressKeyService.revoke(key.id) | ||
| await expect(walletAddressKeyService.revoke(key.id)).resolves.toEqual( | ||
| revokedKey | ||
| ) | ||
| }) | ||
| }) | ||
|
|
||
| describe('Unrevoke Wallet Address Keys', (): void => { | ||
| test('Creates a new key unrevoked', async (): Promise<void> => { |
There was a problem hiding this comment.
I think we can just add this to the "create" describe block
| `DELETE FROM "walletAddressKeys" w | ||
| WHERE revoked = false | ||
| AND "createdAt" <> ( | ||
| SELECT MAX("createdAt") | ||
| FROM "walletAddressKeys" | ||
| WHERE revoked = false | ||
| AND "walletAddressId" = w."walletAddressId" | ||
| GROUP BY "walletAddressId" | ||
| ); |
There was a problem hiding this comment.
This is a tricky one. One thing we need to add is the kid parameter (so we don't delete all non-revoked keys for a wallet address), and also maybe we can come up with a way to not delete by createdAt (although very unlikely, it could end up deleting valid, non-duplicated keys which happen to have the same createdAt).
There was a problem hiding this comment.
Yeah, I think that grouping by kid is the right way to do it.
| `DELETE FROM "walletAddressKeys" w | |
| WHERE revoked = false | |
| AND "createdAt" <> ( | |
| SELECT MAX("createdAt") | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND "walletAddressId" = w."walletAddressId" | |
| GROUP BY "walletAddressId" | |
| ); | |
| `DELETE FROM "walletAddressKeys" w | |
| WHERE revoked = false | |
| AND "createdAt" <> ( | |
| SELECT MAX("createdAt") | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND kid = w.kid | |
| GROUP BY kid | |
| ); |
Could we use TOP to delete just one key if there are multiple valid keys with the same createdAt? I don't see another way to determine which key to choose.
There was a problem hiding this comment.
This is a way to do it, but still based on createdAt. If there are multiple keys that have the most recent createdAt, we can keep the first one we find and delete the rest. What do you think, @mkurapov ?
| `DELETE FROM "walletAddressKeys" w | |
| WHERE revoked = false | |
| AND "createdAt" <> ( | |
| SELECT MAX("createdAt") | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND "walletAddressId" = w."walletAddressId" | |
| GROUP BY "walletAddressId" | |
| ); | |
| `DELETE FROM "walletAddressKeys" w | |
| WHERE revoked = false | |
| AND w."createdAt" = ( | |
| SELECT "createdAt" | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND kid = w.kid | |
| ORDER BY "createdAt" DESC | |
| LIMIT 1 | |
| ) | |
| AND w.id <> ( | |
| SELECT id | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND kid = w.kid | |
| ORDER BY "createdAt" DESC | |
| LIMIT 1 OFFSET 1 | |
| ); | |
| ` |
There was a problem hiding this comment.
@oana-lolea I was looking through the PR history, and I think we can use physical location row ctid value:
I agree with you on keeping the most recent key so we'd have to adjust the migration a bit, but using ctid should work.
| SELECT MIN(ctid) | ||
| FROM "walletAddressKeys" | ||
| WHERE revoked = false | ||
| AND kid = w.kid |
There was a problem hiding this comment.
I think we need to group by walletAddressId and kid here still, otherwise we may delete keys that have the same kid but belong to a different wallet address.
Additionally, we should also use MAX(ctid) so we can grab the most recent key
| `DELETE FROM "walletAddressKeys" w | ||
| WHERE revoked = false | ||
| AND ctid NOT IN ( | ||
| SELECT MAX(ctid) | ||
| FROM "walletAddressKeys" | ||
| WHERE revoked = false | ||
| AND kid = w.kid | ||
| GROUP BY kid, "walletAddressId" | ||
| )` |
There was a problem hiding this comment.
| `DELETE FROM "walletAddressKeys" w | |
| WHERE revoked = false | |
| AND ctid NOT IN ( | |
| SELECT MAX(ctid) | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| AND kid = w.kid | |
| GROUP BY kid, "walletAddressId" | |
| )` | |
| `DELETE FROM "walletAddressKeys" w | |
| AND ctid NOT IN ( | |
| SELECT MAX(ctid) | |
| FROM "walletAddressKeys" | |
| WHERE revoked = false | |
| GROUP BY kid, "walletAddressId" | |
| )` |
can you double check if this suggestion has the same behaviour? I think it should. Otherwise, looks good 👍
Changes proposed in this pull request
This prevents uploading the same key per wallet address multiple times.
Context
Checklist
fixes #number