diff --git a/.github/workflows/cd-docs.yml b/.github/workflows/cd-docs.yml index 3cdcbd5fa7..c36e393b6a 100644 --- a/.github/workflows/cd-docs.yml +++ b/.github/workflows/cd-docs.yml @@ -15,10 +15,8 @@ jobs: - uses: actions/checkout@v6 - name: Install Dependencies (Linux) run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing - - name: Install pip3 - run: sudo apt install -y python3-pip - name: Install Python3 modules - run: sudo pip3 install pandas tabulate + run: sudo apt install -y python3-pandas python3-tabulate - name: Install rsync run: sudo apt-get install -y rsync - uses: rlespinasse/github-slug-action@v3.x diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml index 2c68468e3a..1501111f46 100644 --- a/.github/workflows/ci-docs.yml +++ b/.github/workflows/ci-docs.yml @@ -20,10 +20,8 @@ jobs: - uses: actions/checkout@v6 - name: Install Dependencies (Linux) run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing - - name: Install pip3 - run: sudo apt install -y python3-pip - name: Install Python3 modules - run: sudo pip3 install pandas tabulate + run: sudo apt install -y python3-pandas python3-tabulate - name: Install rsync run: sudo apt-get install -y rsync - uses: rlespinasse/github-slug-action@v3.x diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ddc2bbf14..f41a9eb2d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,28 @@ Post 1.0.0 release, the changelog format is based on [Keep a Changelog](https:// ## [Unreleased] +## [2026.7-tola] (2026-04-07) + +- Simon/ecash contract serde fix ([#6634]) +- Update Fallback IP for Nym API ([#6622]) +- Nym Node spam logging ([#6621]) +- feat: multiple deposit prices ([#6608]) +- move format_debug_bytes in common crate ([#6580]) +- bugfix: make sure client keys are generated before requesting credentials ([#6579]) +- Fix socks5 GW probe regression ([#6576]) +- Max/lp stream framing ([#6573]) +- HTTP domain rotation conditions ([#6570]) + +[#6634]: https://github.com/nymtech/nym/pull/6634 +[#6622]: https://github.com/nymtech/nym/pull/6622 +[#6621]: https://github.com/nymtech/nym/pull/6621 +[#6608]: https://github.com/nymtech/nym/pull/6608 +[#6580]: https://github.com/nymtech/nym/pull/6580 +[#6579]: https://github.com/nymtech/nym/pull/6579 +[#6576]: https://github.com/nymtech/nym/pull/6576 +[#6573]: https://github.com/nymtech/nym/pull/6573 +[#6570]: https://github.com/nymtech/nym/pull/6570 + ## [2026.6-stilton] (2026-03-25) - lp fixes ([#6601]) diff --git a/Cargo.lock b/Cargo.lock index 9ad4e872af..0377d3b8e5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2534,7 +2534,7 @@ dependencies = [ "libc", "option-ext", "redox_users", - "windows-sys 0.60.2", + "windows-sys 0.61.2", ] [[package]] @@ -3589,7 +3589,7 @@ dependencies = [ "once_cell", "rand 0.9.2", "ring", - "rustls 0.23.29", + "rustls 0.23.37", "thiserror 2.0.12", "tinyvec", "tokio", @@ -3614,7 +3614,7 @@ dependencies = [ "parking_lot", "rand 0.9.2", "resolv-conf", - "rustls 0.23.29", + "rustls 0.23.37", "smallvec", "thiserror 2.0.12", "tokio", @@ -3871,7 +3871,7 @@ dependencies = [ "http 1.3.1", "hyper 1.6.0", "hyper-util", - "rustls 0.23.29", + "rustls 0.23.37", "rustls-native-certs 0.8.3", "rustls-pki-types", "tokio", @@ -5448,7 +5448,7 @@ version = "0.50.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" dependencies = [ - "windows-sys 0.60.2", + "windows-sys 0.61.2", ] [[package]] @@ -5547,7 +5547,7 @@ dependencies = [ [[package]] name = "nym-api" -version = "1.1.76" +version = "1.1.77" dependencies = [ "anyhow", "async-trait", @@ -5792,7 +5792,7 @@ dependencies = [ [[package]] name = "nym-cli" -version = "1.1.73" +version = "1.1.74" dependencies = [ "anyhow", "base64 0.22.1", @@ -5875,7 +5875,7 @@ dependencies = [ [[package]] name = "nym-client" -version = "1.1.73" +version = "1.1.74" dependencies = [ "bs58", "clap", @@ -6849,6 +6849,7 @@ dependencies = [ "nym-network-defaults", "once_cell", "reqwest 0.13.1", + "rustls 0.23.37", "serde", "serde_json", "serde_plain", @@ -6956,12 +6957,15 @@ dependencies = [ "nym-crypto", "nym-service-provider-requests-common", "nym-sphinx", + "pnet_packet", "rand 0.8.5", + "semver 1.0.27", "serde", "thiserror 2.0.12", "time", "tokio", "tokio-util", + "tracing", ] [[package]] @@ -6984,7 +6988,7 @@ dependencies = [ "nym-exit-policy", "nym-id", "nym-ip-packet-requests", - "nym-kcp", + "nym-lp", "nym-network-defaults", "nym-network-requester", "nym-sdk", @@ -7086,6 +7090,7 @@ dependencies = [ "criterion", "libcrux-psq", "num_enum", + "nym-common", "nym-crypto", "nym-kkt", "nym-kkt-ciphersuite", @@ -7279,7 +7284,7 @@ dependencies = [ [[package]] name = "nym-network-requester" -version = "1.1.74" +version = "1.1.75" dependencies = [ "addr", "anyhow", @@ -7329,7 +7334,7 @@ dependencies = [ [[package]] name = "nym-node" -version = "1.28.0" +version = "1.29.0" dependencies = [ "anyhow", "arc-swap", @@ -7466,7 +7471,7 @@ dependencies = [ [[package]] name = "nym-node-status-agent" -version = "1.1.3" +version = "1.1.5" dependencies = [ "anyhow", "clap", @@ -7485,7 +7490,7 @@ dependencies = [ [[package]] name = "nym-node-status-api" -version = "4.3.0" +version = "4.3.1" dependencies = [ "ammonia", "anyhow", @@ -7790,6 +7795,8 @@ dependencies = [ "nym-crypto", "nym-gateway-requests", "nym-http-api-client", + "nym-ip-packet-requests", + "nym-lp", "nym-network-defaults", "nym-ordered-buffer", "nym-service-providers-common", @@ -7802,8 +7809,10 @@ dependencies = [ "nym-topology", "nym-validator-client", "parking_lot", + "pnet_packet", "rand 0.8.5", "reqwest 0.13.1", + "semver 1.0.27", "serde", "tap", "tempfile", @@ -7875,7 +7884,7 @@ dependencies = [ [[package]] name = "nym-socks5-client" -version = "1.1.73" +version = "1.1.74" dependencies = [ "bs58", "clap", @@ -8673,7 +8682,7 @@ dependencies = [ [[package]] name = "nymvisor" -version = "0.1.38" +version = "0.1.39" dependencies = [ "anyhow", "bytes", @@ -9652,7 +9661,7 @@ dependencies = [ "quinn-proto", "quinn-udp", "rustc-hash", - "rustls 0.23.29", + "rustls 0.23.37", "socket2 0.5.10", "thiserror 2.0.12", "tokio", @@ -9673,7 +9682,7 @@ dependencies = [ "rand 0.9.2", "ring", "rustc-hash", - "rustls 0.23.29", + "rustls 0.23.37", "rustls-pki-types", "slab", "thiserror 2.0.12", @@ -9940,7 +9949,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.29", + "rustls 0.23.37", "rustls-native-certs 0.8.3", "rustls-pki-types", "serde", @@ -9981,7 +9990,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.29", + "rustls 0.23.37", "rustls-pki-types", "rustls-platform-verifier", "serde", @@ -10241,16 +10250,16 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.29" +version = "0.23.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2491382039b29b9b11ff08b76ff6c97cf287671dbb74f0be44bda389fffe9bd1" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" dependencies = [ "aws-lc-rs", "log", "once_cell", "ring", "rustls-pki-types", - "rustls-webpki 0.103.4", + "rustls-webpki 0.103.9", "subtle 2.6.1", "zeroize", ] @@ -10331,14 +10340,14 @@ dependencies = [ "jni", "log", "once_cell", - "rustls 0.23.29", + "rustls 0.23.37", "rustls-native-certs 0.8.3", "rustls-platform-verifier-android", - "rustls-webpki 0.103.4", + "rustls-webpki 0.103.9", "security-framework 3.6.0", "security-framework-sys", "webpki-root-certs", - "windows-sys 0.60.2", + "windows-sys 0.61.2", ] [[package]] @@ -10370,9 +10379,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.4" +version = "0.103.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" +checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" dependencies = [ "aws-lc-rs", "ring", @@ -11203,7 +11212,7 @@ dependencies = [ "memchr", "once_cell", "percent-encoding", - "rustls 0.23.29", + "rustls 0.23.37", "serde", "serde_json", "sha2 0.10.9", @@ -12025,7 +12034,7 @@ version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ - "rustls 0.23.29", + "rustls 0.23.37", "tokio", ] @@ -12843,7 +12852,7 @@ dependencies = [ "serde", "tempfile", "textwrap", - "toml 0.8.23", + "toml 0.9.12+spec-1.1.0", "uniffi_internal_macros 0.31.0", "uniffi_meta 0.31.0", "uniffi_pipeline 0.31.0", @@ -12952,7 +12961,7 @@ dependencies = [ "quote", "serde", "syn 2.0.106", - "toml 0.8.23", + "toml 0.9.12+spec-1.1.0", "uniffi_meta 0.31.0", ] diff --git a/Cargo.toml b/Cargo.toml index 61411826b8..df0e4b6153 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -334,6 +334,7 @@ rayon = "1.5.1" regex = "1.10.6" reqwest = { version = "0.13.1", default-features = false } rs_merkle = "1.5.0" +rustls = { version = "0.23.37", default-features = false } schemars = "0.8.22" semver = "1.0.26" serde = "1.0.219" diff --git a/clients/native/Cargo.toml b/clients/native/Cargo.toml index 358ca50198..755ebcf189 100644 --- a/clients/native/Cargo.toml +++ b/clients/native/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nym-client" -version = "1.1.73" +version = "1.1.74" authors = ["Dave Hrycyszyn ", "Jędrzej Stuczyński "] description = "Implementation of the Nym Client" edition = "2021" diff --git a/clients/socks5/Cargo.toml b/clients/socks5/Cargo.toml index bfa71ee74f..249d801cc2 100644 --- a/clients/socks5/Cargo.toml +++ b/clients/socks5/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nym-socks5-client" -version = "1.1.73" +version = "1.1.74" authors = ["Dave Hrycyszyn "] description = "A SOCKS5 localhost proxy that converts incoming messages to Sphinx and sends them to a Nym address" edition = "2021" diff --git a/common/bandwidth-controller/src/acquire/mod.rs b/common/bandwidth-controller/src/acquire/mod.rs index b6c3aae8cb..51031f814e 100644 --- a/common/bandwidth-controller/src/acquire/mod.rs +++ b/common/bandwidth-controller/src/acquire/mod.rs @@ -34,7 +34,7 @@ where let signing_key = ed25519::PrivateKey::new(&mut rng); let expiration = expiration.unwrap_or_else(ecash_default_expiration_date); - let deposit_amount = client.get_required_deposit_amount().await?; + let deposit_amount = client.get_default_deposit_amount().await?; info!("we'll need to deposit {deposit_amount} to obtain the ticketbook"); let result = client .make_ticketbook_deposit( diff --git a/common/client-libs/mixnet-client/src/client.rs b/common/client-libs/mixnet-client/src/client.rs index ffd4d025e1..0bdb06a198 100644 --- a/common/client-libs/mixnet-client/src/client.rs +++ b/common/client-libs/mixnet-client/src/client.rs @@ -342,7 +342,7 @@ impl SendWithoutResponse for Client { sending_res.map_err(|err| { match err { TrySendError::Full(_) => { - warn!( + trace!( event = "mixclient.try_send", peer = %address, result = "full_dropped", diff --git a/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_query_client.rs b/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_query_client.rs index 2a799b5da4..2abff233da 100644 --- a/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_query_client.rs +++ b/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_query_client.rs @@ -8,6 +8,7 @@ use crate::nyxd::CosmWasmClient; use async_trait::async_trait; use cosmwasm_std::Coin; use nym_ecash_contract_common::deposit::LatestDepositResponse; +use nym_ecash_contract_common::deposit_statistics::DepositsStatistics; use nym_ecash_contract_common::msg::QueryMsg as EcashQueryMsg; use serde::Deserialize; @@ -17,6 +18,9 @@ pub use nym_ecash_contract_common::blacklist::{ pub use nym_ecash_contract_common::deposit::{ Deposit, DepositData, DepositId, DepositResponse, PagedDepositsResponse, }; +pub use nym_ecash_contract_common::reduced_deposit::{ + WhitelistedAccount, WhitelistedAccountsResponse, +}; #[cfg_attr(target_arch = "wasm32", async_trait(?Send))] #[cfg_attr(not(target_arch = "wasm32"), async_trait)] @@ -42,8 +46,18 @@ pub trait EcashQueryClient { .await } - async fn get_required_deposit_amount(&self) -> Result { - self.query_ecash_contract(EcashQueryMsg::GetRequiredDepositAmount {}) + async fn get_default_deposit_amount(&self) -> Result { + self.query_ecash_contract(EcashQueryMsg::GetDefaultDepositAmount {}) + .await + } + + async fn get_reduced_deposit_amount(&self, address: String) -> Result, NyxdError> { + self.query_ecash_contract(EcashQueryMsg::GetReducedDepositAmount { address }) + .await + } + + async fn get_all_whitelisted_accounts(&self) -> Result { + self.query_ecash_contract(EcashQueryMsg::GetAllWhitelistedAccounts {}) .await } @@ -65,6 +79,11 @@ pub trait EcashQueryClient { self.query_ecash_contract(EcashQueryMsg::GetDepositsPaged { start_after, limit }) .await } + + async fn get_deposits_statistics(&self) -> Result { + self.query_ecash_contract(EcashQueryMsg::GetDepositsStatistics {}) + .await + } } #[cfg_attr(target_arch = "wasm32", async_trait(?Send))] @@ -122,10 +141,17 @@ mod tests { EcashQueryMsg::GetDepositsPaged { limit, start_after } => { client.get_deposits_paged(start_after, limit).ignore() } - EcashQueryMsg::GetRequiredDepositAmount {} => { - client.get_required_deposit_amount().ignore() + EcashQueryMsg::GetDefaultDepositAmount {} => { + client.get_default_deposit_amount().ignore() + } + EcashQueryMsg::GetReducedDepositAmount { address } => { + client.get_reduced_deposit_amount(address).ignore() + } + EcashQueryMsg::GetAllWhitelistedAccounts {} => { + client.get_all_whitelisted_accounts().ignore() } EcashQueryMsg::GetLatestDeposit {} => client.get_latest_deposit().ignore(), + EcashQueryMsg::GetDepositsStatistics {} => client.get_deposits_statistics().ignore(), }; } } diff --git a/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_signing_client.rs b/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_signing_client.rs index 72ba43053b..613ee64d8e 100644 --- a/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_signing_client.rs +++ b/common/client-libs/validator-client/src/nyxd/contract_traits/ecash_signing_client.rs @@ -62,13 +62,47 @@ pub trait EcashSigningClient { new_deposit: Coin, fee: Option, ) -> Result { - let req = EcashExecuteMsg::UpdateDepositValue { + let req = EcashExecuteMsg::UpdateDefaultDepositValue { new_deposit: new_deposit.into(), }; self.execute_ecash_contract(fee, req, "Ecash::UpdateDepositValue".to_string(), vec![]) .await } + async fn set_reduced_deposit_price( + &self, + address: String, + deposit: Coin, + fee: Option, + ) -> Result { + let req = EcashExecuteMsg::SetReducedDepositPrice { + address, + deposit: deposit.into(), + }; + self.execute_ecash_contract( + fee, + req, + "Ecash::SetReducedDepositPrice".to_string(), + vec![], + ) + .await + } + + async fn remove_reduced_deposit_price( + &self, + address: String, + fee: Option, + ) -> Result { + let req = EcashExecuteMsg::RemoveReducedDepositPrice { address }; + self.execute_ecash_contract( + fee, + req, + "Ecash::RemoveReducedDepositPrice".to_string(), + vec![], + ) + .await + } + async fn propose_for_blacklist( &self, public_key: String, @@ -141,9 +175,15 @@ mod tests { .ignore(), ExecuteMsg::RedeemTickets { .. } => unimplemented!(), // no redeem tickets method for the client ExecuteMsg::UpdateAdmin { admin } => client.update_admin(admin, None).ignore(), - ExecuteMsg::UpdateDepositValue { new_deposit } => client + ExecuteMsg::UpdateDefaultDepositValue { new_deposit } => client .update_deposit_value(new_deposit.into(), None) .ignore(), + ExecuteMsg::SetReducedDepositPrice { address, deposit } => client + .set_reduced_deposit_price(address, deposit.into(), None) + .ignore(), + ExecuteMsg::RemoveReducedDepositPrice { address } => { + client.remove_reduced_deposit_price(address, None).ignore() + } }; } } diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/counters.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/counters.rs index e3b9d01752..48ee6766bd 100644 --- a/common/cosmwasm-smart-contracts/ecash-contract/src/counters.rs +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/counters.rs @@ -6,6 +6,14 @@ use cosmwasm_std::Coin; #[cw_serde] pub struct PoolCounters { + /// Represents the total amount of funds deposited into the contract. pub total_deposited: Coin, + + /// Represents the total amount of funds redeemed from the contract that got transferred into the holding account. pub total_redeemed: Coin, + + /// Represents the total amount of tickets requested to be redeemed from the contract and get moved into the holding account, + /// after that functionality got disabled. + #[serde(default)] + pub tickets_requested_and_not_redeemed: u64, } diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/deposit_statistics.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/deposit_statistics.rs new file mode 100644 index 0000000000..dc4af4326d --- /dev/null +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/deposit_statistics.rs @@ -0,0 +1,38 @@ +// Copyright 2026 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +use cosmwasm_schema::cw_serde; +use cosmwasm_std::Coin; +use std::collections::HashMap; + +/// Aggregate statistics about all deposits made through the ecash contract. +#[cw_serde] +pub struct DepositsStatistics { + /// Total number of deposits ever made (at any price tier), + /// derived from the deposit id counter. + pub total_deposits_made: u32, + + /// Total value of all deposits ever made (at any price tier), + /// sourced from `PoolCounters::total_deposited`. + pub total_deposited: Coin, + + /// Number of deposits made at the default (non-reduced) price. + pub total_deposits_made_with_default_price: u32, + + /// Total value deposited at the default price. + pub total_deposited_with_default_price: Coin, + + /// Number of deposits made at any custom (reduced) price, summed across all whitelisted accounts. + pub total_deposits_made_with_custom_price: u32, + + /// Total value deposited at custom prices, summed across all whitelisted accounts. + pub total_deposited_with_custom_price: Coin, + + /// Per-account breakdown of deposit counts for whitelisted addresses. + // note: we use String for addressing due to serialisation incompatibility + pub deposits_made_with_custom_price: HashMap, + + /// Per-account breakdown of deposited amounts for whitelisted addresses. + // note: we use String for addressing due to serialisation incompatibility + pub deposited_with_custom_price: HashMap, +} diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/error.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/error.rs index 3aec9dd6e7..9fd94ab81a 100644 --- a/common/cosmwasm-smart-contracts/ecash-contract/src/error.rs +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/error.rs @@ -65,4 +65,26 @@ pub enum EcashContractError { #[error("the account blacklisting hasn't been fully implemented yet")] UnimplementedBlacklisting, + + #[error("reduced deposit must use the same denom as the default deposit (expected '{expected}', got '{got}')")] + InvalidReducedDepositDenom { expected: String, got: String }, + + #[error( + "reduced deposit amount ({reduced}) must be strictly less than the default ({default})" + )] + ReducedDepositNotReduced { + reduced: cosmwasm_std::Uint128, + default: cosmwasm_std::Uint128, + }, + + #[error("address '{address}' does not have a custom reduced deposit price set")] + NoReducedDepositPrice { address: String }, + + #[error( + "deposit amount ({amount}) must be at least the ticket book size ({ticket_book_size})" + )] + DepositBelowTicketBookSize { + amount: cosmwasm_std::Uint128, + ticket_book_size: u64, + }, } diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/lib.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/lib.rs index 3c05433349..5495094d70 100644 --- a/common/cosmwasm-smart-contracts/ecash-contract/src/lib.rs +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/lib.rs @@ -4,10 +4,12 @@ pub mod blacklist; pub mod counters; pub mod deposit; +pub mod deposit_statistics; pub mod error; pub mod event_attributes; pub mod events; pub mod msg; pub mod redeem_credential; +pub mod reduced_deposit; pub use error::EcashContractError; diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/msg.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/msg.rs index 3341ae0afd..7ba734c294 100644 --- a/common/cosmwasm-smart-contracts/ecash-contract/src/msg.rs +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/msg.rs @@ -9,6 +9,10 @@ use crate::blacklist::{BlacklistedAccountResponse, PagedBlacklistedAccountRespon #[cfg(feature = "schema")] use crate::deposit::{DepositResponse, LatestDepositResponse, PagedDepositsResponse}; #[cfg(feature = "schema")] +use crate::deposit_statistics::DepositsStatistics; +#[cfg(feature = "schema")] +use crate::reduced_deposit::WhitelistedAccountsResponse; +#[cfg(feature = "schema")] use cosmwasm_schema::QueryResponses; #[cw_serde] @@ -42,10 +46,25 @@ pub enum ExecuteMsg { admin: String, }, - UpdateDepositValue { + #[serde(alias = "update_deposit_value")] + UpdateDefaultDepositValue { new_deposit: Coin, }, + /// Set (or overwrite) a reduced deposit price for a specific address. + /// Only callable by the contract admin. + SetReducedDepositPrice { + address: String, + deposit: Coin, + }, + + /// Remove the reduced deposit price for a specific address, reverting them to + /// the default price. Returns an error if the address has no custom price set. + /// Only callable by the contract admin. + RemoveReducedDepositPrice { + address: String, + }, + // TODO: properly implement ProposeToBlacklist { public_key: String, @@ -68,7 +87,15 @@ pub enum QueryMsg { }, #[cfg_attr(feature = "schema", returns(Coin))] - GetRequiredDepositAmount {}, + #[serde(alias = "get_required_deposit_amount")] + #[serde(alias = "GetRequiredDepositAmount")] + GetDefaultDepositAmount {}, + + #[cfg_attr(feature = "schema", returns(Option))] + GetReducedDepositAmount { address: String }, + + #[cfg_attr(feature = "schema", returns(WhitelistedAccountsResponse))] + GetAllWhitelistedAccounts {}, #[cfg_attr(feature = "schema", returns(DepositResponse))] GetDeposit { deposit_id: u32 }, @@ -81,7 +108,22 @@ pub enum QueryMsg { limit: Option, start_after: Option, }, + + #[cfg_attr(feature = "schema", returns(DepositsStatistics))] + GetDepositsStatistics {}, } #[cw_serde] -pub struct MigrateMsg {} +pub struct MigrateMsg { + /// Initial set of whitelisted accounts with their reduced deposit prices. + /// Each entry is validated and stored during migration. + pub initial_whitelist: Vec, +} + +/// An address and its reduced deposit price, used when seeding the whitelist +/// via migration. +#[cw_serde] +pub struct WhitelistedDeposit { + pub address: String, + pub deposit: Coin, +} diff --git a/common/cosmwasm-smart-contracts/ecash-contract/src/reduced_deposit.rs b/common/cosmwasm-smart-contracts/ecash-contract/src/reduced_deposit.rs new file mode 100644 index 0000000000..95f7355e24 --- /dev/null +++ b/common/cosmwasm-smart-contracts/ecash-contract/src/reduced_deposit.rs @@ -0,0 +1,16 @@ +// Copyright 2026 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +use cosmwasm_schema::cw_serde; +use cosmwasm_std::{Addr, Coin}; + +#[cw_serde] +pub struct WhitelistedAccount { + pub address: Addr, + pub deposit: Coin, +} + +#[cw_serde] +pub struct WhitelistedAccountsResponse { + pub whitelisted_accounts: Vec, +} diff --git a/common/credential-proxy/src/shared_state/nyxd_client.rs b/common/credential-proxy/src/shared_state/nyxd_client.rs index 6adaf3d600..0007e24a7b 100644 --- a/common/credential-proxy/src/shared_state/nyxd_client.rs +++ b/common/credential-proxy/src/shared_state/nyxd_client.rs @@ -6,7 +6,7 @@ use crate::helpers::LockTimer; use nym_ecash_contract_common::msg::ExecuteMsg; use nym_validator_client::nyxd::contract_traits::NymContractsProvider; use nym_validator_client::nyxd::cosmwasm_client::types::ExecuteResult; -use nym_validator_client::nyxd::{Coin, Config, CosmWasmClient, NyxdClient}; +use nym_validator_client::nyxd::{AccountId, Coin, Config, CosmWasmClient, NyxdClient}; use nym_validator_client::{DirectSigningHttpRpcNyxdClient, nyxd}; use std::ops::Deref; use std::sync::Arc; @@ -50,6 +50,10 @@ impl ChainClient { Ok(ChainClient(Arc::new(RwLock::new(client)))) } + pub async fn address(&self) -> AccountId { + self.0.read().await.address() + } + pub async fn query_chain(&self) -> ChainReadPermit<'_> { let _acquire_timer = LockTimer::new("acquire chain query permit"); self.0.read().await diff --git a/common/credential-proxy/src/shared_state/required_deposit_cache.rs b/common/credential-proxy/src/shared_state/required_deposit_cache.rs index fa8094cb53..1aa151e73e 100644 --- a/common/credential-proxy/src/shared_state/required_deposit_cache.rs +++ b/common/credential-proxy/src/shared_state/required_deposit_cache.rs @@ -8,6 +8,7 @@ use nym_validator_client::nyxd::contract_traits::EcashQueryClient; use std::sync::Arc; use time::OffsetDateTime; use tokio::sync::RwLock; +use tracing::{info, warn}; pub struct CachedDeposit { valid_until: OffsetDateTime, @@ -56,13 +57,29 @@ impl RequiredDepositCache { // update cache drop(read_guard); + + let address = chain_client.address().await; + info!("checking deposit required by {address}"); let mut write_guard = self.inner.write().await; - let deposit_amount = chain_client - .query_chain() - .await - .get_required_deposit_amount() + + let read_permit = chain_client.query_chain().await; + let reduced = read_permit + .get_reduced_deposit_amount(address.to_string()) .await?; + let deposit_amount = match reduced { + Some(reduced) => { + info!("we're permitted to use reduced price"); + reduced + } + None => { + warn!( + "using default deposit value {address} is not whitelisted for price reduction" + ); + read_permit.get_default_deposit_amount().await? + } + }; + let nym_coin: Coin = deposit_amount.into(); write_guard.update(nym_coin.clone()); diff --git a/common/credential-verification/src/ecash/credential_sender.rs b/common/credential-verification/src/ecash/credential_sender.rs index 85c54b01ad..866e523a29 100644 --- a/common/credential-verification/src/ecash/credential_sender.rs +++ b/common/credential-verification/src/ecash/credential_sender.rs @@ -3,25 +3,19 @@ use crate::Error; use crate::ecash::error::EcashTicketError; -use crate::ecash::helpers::for_each_api_concurrent; use crate::ecash::state::SharedState; use cosmwasm_std::Fraction; use cw_utils::ThresholdResponse; use futures::channel::mpsc::UnboundedReceiver; use futures::{Stream, StreamExt}; -use nym_api_requests::constants::MIN_BATCH_REDEMPTION_DELAY; -use nym_api_requests::ecash::models::{BatchRedeemTicketsBody, VerifyEcashTicketBody}; +use nym_api_requests::ecash::models::VerifyEcashTicketBody; use nym_credentials_interface::Bandwidth; use nym_credentials_interface::{ClientTicket, TicketType}; use nym_validator_client::EcashApiClient; use nym_validator_client::coconut::EcashApiError; -use nym_validator_client::nym_api::{EpochId, NymApiClientExt}; +use nym_validator_client::nym_api::NymApiClientExt; use nym_validator_client::nyxd::AccountId; -use nym_validator_client::nyxd::contract_traits::{ - EcashSigningClient, MultisigQueryClient, MultisigSigningClient, PagedMultisigQueryClient, -}; -use nym_validator_client::nyxd::cosmwasm_client::ContractResponseData; -use nym_validator_client::nyxd::cw3::Status; +use nym_validator_client::nyxd::contract_traits::MultisigQueryClient; use si_scale::helpers::bibytes2; use std::collections::{HashMap, HashSet}; use std::ops::Deref; @@ -31,22 +25,6 @@ use tokio::sync::{Mutex, RwLockReadGuard}; use tokio::time::{Duration, Instant, interval_at}; use tracing::{debug, error, info, instrument, trace, warn}; -enum ProposalResult { - Executed, - Rejected, - Pending, -} - -impl ProposalResult { - fn is_pending(&self) -> bool { - matches!(self, ProposalResult::Pending) - } - - fn is_rejected(&self) -> bool { - matches!(self, ProposalResult::Rejected) - } -} - struct PendingVerification { ticket: ClientTicket, @@ -68,43 +46,6 @@ impl PendingVerification { } } -struct PendingRedemptionVote { - proposal_id: u64, - digest: Vec, - included_serial_numbers: Vec>, - epoch_id: EpochId, - - // vec of node ids of apis that haven't sent a valid response - pending: Vec, -} - -impl PendingRedemptionVote { - fn new( - proposal_id: u64, - digest: Vec, - included_serial_numbers: Vec>, - epoch_id: EpochId, - pending: Vec, - ) -> Self { - PendingRedemptionVote { - proposal_id, - digest, - included_serial_numbers, - epoch_id, - pending, - } - } - - fn to_request_body(&self, gateway_cosmos_addr: AccountId) -> BatchRedeemTicketsBody { - BatchRedeemTicketsBody::new( - self.digest.clone(), - self.proposal_id, - self.included_serial_numbers.clone(), - gateway_cosmos_addr, - ) - } -} - pub struct CredentialHandlerConfig { /// Specifies the multiplier for revoking a malformed/double-spent ticket /// (if it has to go all the way to the nym-api for verification) @@ -132,7 +73,6 @@ pub struct CredentialHandler { ticket_receiver: UnboundedReceiver, shared_state: SharedState, pending_tickets: Vec, - pending_redemptions: Vec, } impl CredentialHandler { @@ -184,75 +124,6 @@ impl CredentialHandler { Ok(pending) } - async fn rebuild_pending_votes( - shared_state: &SharedState, - ) -> Result, EcashTicketError> { - // 1. get all tickets that were not fully verified - let unverified = shared_state.storage.get_all_unresolved_proposals().await?; - let mut pending = Vec::with_capacity(unverified.len()); - - let epoch_id = shared_state.current_epoch_id().await?; - let apis = shared_state - .api_clients(epoch_id) - .await? - .iter() - .map(|s| (s.cosmos_address.to_string(), s.node_id)) - .collect::>(); - - for proposal_id in unverified { - // get all of the votes - let votes = shared_state - .start_query() - .await - .get_all_votes(proposal_id as u64) - .await - .map_err(EcashTicketError::chain_query_failure)? - .into_iter() - .map(|v| v.voter) - .collect::>(); - - let mut missing_votes = Vec::new(); - - // see who hasn't voted - for (api_address, api_id) in &apis { - // for each signer, check if they have actually voted; if not, that's the missing guy - if !votes.contains(api_address) { - missing_votes.push(*api_id) - } - } - - // attempt to rebuild SN and digest from the proposal info + storage data - let proposal_info = shared_state - .start_query() - .await - .query_proposal(proposal_id as u64) - .await - .map_err(EcashTicketError::chain_query_failure)?; - - let tickets = shared_state - .storage - .get_all_proposed_tickets_with_sn(proposal_id as u32) - .await?; - let digest = - BatchRedeemTicketsBody::make_digest(tickets.iter().map(|t| &t.serial_number)); - let encoded_digest = bs58::encode(&digest).into_string(); - if encoded_digest != proposal_info.description { - error!("the lost proposal {proposal_id} does not have a matching digest!"); - continue; - } - - pending.push(PendingRedemptionVote { - proposal_id: proposal_id as u64, - digest, - included_serial_numbers: tickets.into_iter().map(|t| t.serial_number).collect(), - epoch_id, - pending: missing_votes, - }) - } - - Ok(pending) - } - pub(crate) async fn new( config: CredentialHandlerConfig, ticket_receiver: UnboundedReceiver, @@ -276,51 +147,15 @@ impl CredentialHandler { // on startup read pending credentials and api responses from the storage let pending_tickets = Self::rebuild_pending_tickets(&shared_state).await?; - // on startup read pending proposals from the storage - // then reconstruct the votes by querying the multisig contract for votes on those proposals - // digest from the description and count from the message - let pending_redemptions = Self::rebuild_pending_votes(&shared_state).await?; - Ok(CredentialHandler { config, multisig_threshold, ticket_receiver, shared_state, pending_tickets, - pending_redemptions, }) } - // the argument is temporary as we'll be reading from the storage - async fn create_redemption_proposal( - &self, - commitment: &[u8], - number_of_tickets: u16, - ) -> Result { - let res = self - .shared_state - .start_tx() - .await - .request_ticket_redemption( - bs58::encode(commitment).into_string(), - number_of_tickets, - None, - ) - .await - .map_err(|source| EcashTicketError::RedemptionProposalCreationFailure { source })?; - - // that one is quite tricky because proposal exists on chain, but we didn't get the id... - // but it should be quite impossible to ever reach this unless we make breaking changes - let proposal_id = res - .parse_singleton_u64_contract_data() - .inspect_err(|err| error!("reached seemingly impossible error! could not recover the redemption proposal id: {err}")) - .map_err(|source| EcashTicketError::ProposalIdParsingFailure { source })?; - - info!("created redemption proposal {proposal_id} to redeem {number_of_tickets} tickets"); - - Ok(proposal_id) - } - /// Attempt to send ticket verification request to the provided ecash verifier. async fn verify_ticket( &self, @@ -522,42 +357,7 @@ impl CredentialHandler { async fn resolve_pending(&mut self) -> Result<(), EcashTicketError> { let mut still_failing = Vec::new(); - // 1. attempt to resolve all pending proposals - while let Some(mut pending) = self.pending_redemptions.pop() { - match self.try_resolve_pending_proposal(&mut pending, None).await { - Ok(resolution) => { - if resolution.is_pending() { - warn!( - "still failed to reach quorum for proposal {}. apis: {:?} haven't responded. we'll retry later", - pending.proposal_id, pending.pending - ); - still_failing.push(pending); - } else { - self.shared_state - .storage - .clear_post_proposal_data( - pending.proposal_id as u32, - OffsetDateTime::now_utc(), - resolution.is_rejected(), - ) - .await?; - } - } - Err(err) => { - error!( - "experienced internal error when attempting to resolve pending proposal: {err}" - ); - // make sure to update internal state to not lose any data - self.pending_redemptions.push(pending); - self.pending_redemptions.append(&mut still_failing); - return Err(err); - } - } - } - - let mut still_failing = Vec::new(); - - // 2. attempt to verify the remaining tickets + // 1. attempt to verify the remaining tickets while let Some(mut pending) = self.pending_tickets.pop() { // possible optimisation: if there's a lot of pending tickets, pre-emptively grab locks for api_clients match self @@ -595,362 +395,14 @@ impl CredentialHandler { Ok(()) } - /// Attempt to send batch redemption request to the provided ecash verifier. - async fn redeem_tickets( - &self, - proposal_id: u64, - request: &BatchRedeemTicketsBody, - client: &EcashApiClient, - ) -> Result { - match client.api_client.batch_redeem_ecash_tickets(request).await { - Ok(res) => { - let accepted = if res.proposal_accepted { - trace!("{client} has accepted proposal {proposal_id}"); - true - } else { - warn!("{client} has rejected proposal {proposal_id}"); - false - }; - - Ok(accepted) - } - Err(err) => { - error!( - "failed to send proposal {proposal_id} for redemption vote to ecash signer '{client}': {err}. if we don't reach quorum, we'll retry later" - ); - Ok(false) - } - } - } - - async fn try_execute_proposal(&self, proposal_id: u64) -> Result<(), EcashTicketError> { - self.shared_state - .start_tx() - .await - .execute_proposal(proposal_id, None) - .await - .map_err( - |source| EcashTicketError::RedemptionProposalExecutionFailure { - proposal_id, - source, - }, - )?; - Ok(()) - } - - async fn get_proposal_status(&self, proposal_id: u64) -> Result { - Ok(self - .shared_state - .start_query() - .await - .query_proposal(proposal_id) - .await - .map_err(EcashTicketError::chain_query_failure)? - .status) - } - - async fn try_finalize_proposal( - &self, - proposal_id: u64, - ) -> Result { - match self.get_proposal_status(proposal_id).await? { - Status::Pending => { - // the voting hasn't even begun! - error!("impossible case! the proposal {proposal_id} is still pending"); - Ok(ProposalResult::Pending) - } - Status::Open => { - debug!("proposal {proposal_id} is still open and needs more votes"); - Ok(ProposalResult::Pending) - } - Status::Rejected => { - warn!("proposal {proposal_id} has been rejected"); - Ok(ProposalResult::Rejected) - } - Status::Passed => { - info!( - "proposal {proposal_id} has already been passed - we just need to execute it" - ); - self.try_execute_proposal(proposal_id).await?; - info!("executed proposal {proposal_id}"); - Ok(ProposalResult::Executed) - } - Status::Executed => { - info!("proposal {proposal_id} has already been executed - nothing to do!"); - Ok(ProposalResult::Executed) - } - } - } - - async fn try_resolve_pending_proposal( - &self, - pending: &mut PendingRedemptionVote, - api_clients: Option>>, - ) -> Result { - let proposal_id = pending.proposal_id; - - info!( - "attempting to resolve pending redemption proposal {proposal_id} to redeem {} tickets", - pending.included_serial_numbers.len() - ); - - // check if the proposal still needs more votes from the apis - let result = self.try_finalize_proposal(proposal_id).await?; - if !result.is_pending() { - return Ok(result); - } - - let api_clients = match api_clients { - Some(clients) => clients, - None => self.shared_state.api_clients(pending.epoch_id).await?, - }; - - let redemption_request = pending.to_request_body(self.shared_state.address.clone()); - - // TODO: optimisation: tell other apis they can purge our tickets even if they haven't voted - - let total = api_clients.len(); - let api_failures = Mutex::new(Vec::new()); - let rejected = AtomicUsize::new(0); - - for_each_api_concurrent(&api_clients, &pending.pending, |ecash_client| async { - // errors are only returned on hard, storage, failures - match self - .redeem_tickets(pending.proposal_id, &redemption_request, ecash_client) - .await - { - Err(err) => { - error!("internal failure. could not proceed with ticket redemption: {err}"); - api_failures.lock().await.push(ecash_client.node_id); - } - Ok(false) => { - rejected.fetch_add(1, Ordering::SeqCst); - } - _ => {} - } - }) - .await; - - let api_failures = api_failures.into_inner(); - let num_failures = api_failures.len(); - pending.pending = api_failures; - - let rejected = rejected.into_inner(); - let rejected_ratio = rejected as f32 / total as f32; - let rejected_perc = rejected_ratio * 100.; - if rejected_ratio >= (1. - self.multisig_threshold) { - error!( - "{rejected_perc:.2}% of signers rejected proposal {proposal_id}. we won't be able to execute it" - ); - // no need to query the chain as with so many rejections it's impossible it has passed. - return Ok(ProposalResult::Rejected); - } - - let accepted_ratio = (total - rejected - num_failures) as f32 / total as f32; - let accepted_perc = accepted_ratio * 100.; - match accepted_ratio { - n if n < self.multisig_threshold => { - error!( - "less than 2/3 of signers ({accepted_perc:.2}%) accepted proposal {proposal_id}. we're not yet be able to execute it to get funds out" - ); - return Ok(ProposalResult::Pending); - } - n if n < self.config.minimum_api_quorum => { - warn!( - "the system seems to be a bit unstable: less than 80%, but more than 67% of signers ({accepted_perc:.2}%) accepted proposal {proposal_id}" - ); - } - _ => { - trace!("{accepted_perc:.2}% of signers accepted proposal {proposal_id}"); - } - } - - // attempt to execute the proposal if it reached the required threshold - self.try_finalize_proposal(proposal_id).await - } - - async fn maybe_redeem_tickets(&mut self) -> Result<(), EcashTicketError> { - if !self.pending_tickets.is_empty() { - return Err(EcashTicketError::PendingTickets); - } - - let latest_stored = self.shared_state.storage.latest_proposal().await?; - - // check if we have already created the proposal but crashed before persisting it in the db - // - // if we have some persisted proposals in storage, try to see if there's anything more recent on chain - // (i.e. the missing proposal) - // if not (i.e. this would have been our first) check the latest page of proposals. - // while this is not ideal, realistically speaking we probably crashed few minutes ago - // and worst case scenario we'll just recreate the proposal instead - // - // LIMITATION: if MULTIPLE proposals got created in between, well. though luck. - let latest_on_chain = if let Some(latest_stored) = &latest_stored { - // those are sorted in ASCENDING way - self.shared_state - .proposals_since(latest_stored.proposal_id as u64) - .await? - .pop() - } else { - // but those are DESCENDING - self.shared_state - .last_proposal_page() - .await? - .first() - .cloned() - }; - - let now = OffsetDateTime::now_utc(); - - let prior_proposal = match (&latest_stored, latest_on_chain) { - (None, None) => { - // we haven't created any proposals before - trace!("this could be our first redemption proposal"); - None - } - (Some(stored), None) => { - if stored.created_at + MIN_BATCH_REDEMPTION_DELAY > now { - trace!("too soon to create new redemption proposal"); - return Ok(()); - } - None - } - (_, Some(on_chain)) => { - warn!( - "we seem to have crashed after creating proposal, but before persisting it onto disk!" - ); - - Some(on_chain) - } - }; - - // technically we could have been just caching all of those serial numbers as we verify tickets, - // but given how infrequently we call this, there's no point in wasting this memory - let verified_tickets = self - .shared_state - .storage - .get_all_verified_tickets_with_sn() - .await?; - - // TODO: somehow simplify that nasty nested if - if verified_tickets.len() < self.config.minimum_redemption_tickets { - // bypass the number of tickets check if we're about to lose our rewards due to expiration - if let Some(latest_stored) = latest_stored { - if latest_stored.created_at + self.config.maximum_time_between_redemption < now { - {} - } else { - debug!( - "we only have {} verified tickets. there's no point in creating a redemption request yet. (we need at least {} (configurable))", - verified_tickets.len(), - self.config.minimum_redemption_tickets - ); - return Ok(()); - } - } else { - // first proposal - debug!( - "we only have {} verified tickets. there's no point in creating a redemption request yet. (we need at least {} (configurable))", - verified_tickets.len(), - self.config.minimum_redemption_tickets - ); - return Ok(()); - } - } - - // this should have been ensured when querying - assert!(verified_tickets.len() <= u16::MAX as usize); - - let digest = - BatchRedeemTicketsBody::make_digest(verified_tickets.iter().map(|t| &t.serial_number)); - let encoded_digest = bs58::encode(&digest).into_string(); - - let prior_proposal_id = if let Some(prior_proposal) = prior_proposal { - if prior_proposal.description == encoded_digest { - info!("we have already created proposal for those tickets"); - Some(prior_proposal.id) - } else { - warn!( - "our missed proposal seem to have been for different tickets - abandoning it" - ); - None - } - } else { - None - }; - - // if the proposal has already existed on chain, do use it. otherwise create a new one - let proposal_id = if let Some(prior) = prior_proposal_id { - prior - } else { - self.create_redemption_proposal(&digest, verified_tickets.len() as u16) - .await? - }; - - if proposal_id > u32::MAX as u64 { - // realistically will we ever reach it? no. - panic!( - "we have created more than {} proposals. we can't handle that.", - u32::MAX - ) - } - - self.shared_state - .storage - .insert_redemption_proposal( - &verified_tickets, - proposal_id as u32, - OffsetDateTime::now_utc(), - ) - .await?; - - let current_epoch = self.shared_state.current_epoch_id().await?; - let api_clients = self.shared_state.api_clients(current_epoch).await?; - let ids = api_clients.iter().map(|c| c.node_id).collect(); - let mut pending = PendingRedemptionVote::new( - proposal_id, - digest, - verified_tickets - .into_iter() - .map(|t| t.serial_number) - .collect(), - current_epoch, - ids, - ); - - let resolution = self - .try_resolve_pending_proposal(&mut pending, Some(api_clients)) - .await?; - if resolution.is_pending() { - warn!( - "failed to reach quorum for proposal {proposal_id}. apis: {:?} haven't responded. we'll retry later", - pending.pending - ); - self.pending_redemptions.push(pending); - } else { - self.shared_state - .storage - .clear_post_proposal_data( - proposal_id as u32, - OffsetDateTime::now_utc(), - resolution.is_rejected(), - ) - .await?; - } - - Ok(()) - } - async fn periodic_operations(&mut self) -> Result<(), EcashTicketError> { trace!( - "attempting to resolve all pending operations -> tickets that are waiting for verification and possibly redemption" + "attempting to resolve all pending operations -> tickets that are waiting for verification" ); - // 1. retry all operations that have failed in the past: verification requests and pending redemption + // retry the pending verification requests that have failed before self.resolve_pending().await?; - // 2. if applicable, attempt to redeem all newly verified tickets - self.maybe_redeem_tickets().await?; - Ok(()) } diff --git a/common/credential-verification/src/ecash/helpers.rs b/common/credential-verification/src/ecash/helpers.rs index 9d767fba6c..ca57b95b65 100644 --- a/common/credential-verification/src/ecash/helpers.rs +++ b/common/credential-verification/src/ecash/helpers.rs @@ -7,7 +7,7 @@ use std::future::Future; use std::ops::Deref; use tokio::sync::RwLockReadGuard; -pub(crate) fn apis_stream<'a>( +pub fn apis_stream<'a>( // if needed we could make this argument more generic to accept either locks or iterators, etc. all_clients: &'a RwLockReadGuard<'a, Vec>, filter_by_id: &'a [u64], @@ -22,7 +22,7 @@ pub(crate) fn apis_stream<'a>( ) } -pub(crate) async fn for_each_api_concurrent<'a, F, Fut>( +pub async fn for_each_api_concurrent<'a, F, Fut>( all_clients: &'a RwLockReadGuard<'a, Vec>, filter_by_id: &'a [u64], f: F, diff --git a/common/credential-verification/src/ecash/mod.rs b/common/credential-verification/src/ecash/mod.rs index c87b86030d..255215b27f 100644 --- a/common/credential-verification/src/ecash/mod.rs +++ b/common/credential-verification/src/ecash/mod.rs @@ -20,7 +20,7 @@ use tracing::error; pub mod credential_sender; pub mod error; -mod helpers; +pub mod helpers; mod state; pub mod traits; diff --git a/common/credential-verification/src/ecash/state.rs b/common/credential-verification/src/ecash/state.rs index 78cabf7a95..888439b628 100644 --- a/common/credential-verification/src/ecash/state.rs +++ b/common/credential-verification/src/ecash/state.rs @@ -3,17 +3,12 @@ use crate::Error; use crate::ecash::error::EcashTicketError; -use cosmwasm_std::{CosmosMsg, WasmMsg, from_json}; use nym_credentials_interface::VerificationKeyAuth; -use nym_ecash_contract_common::msg::ExecuteMsg; use nym_gateway_storage::traits::BandwidthGatewayStorage; use nym_validator_client::coconut::all_ecash_api_clients; use nym_validator_client::nym_api::EpochId; use nym_validator_client::nyxd::AccountId; -use nym_validator_client::nyxd::contract_traits::{ - DkgQueryClient, MultisigQueryClient, NymContractsProvider, -}; -use nym_validator_client::nyxd::cw3::ProposalResponse; +use nym_validator_client::nyxd::contract_traits::{DkgQueryClient, NymContractsProvider}; use nym_validator_client::{DirectSigningHttpRpcNyxdClient, EcashApiClient}; use std::collections::BTreeMap; use std::ops::Deref; @@ -77,53 +72,6 @@ impl SharedState { Ok(this) } - fn created_redemption_proposal(&self, proposal: &ProposalResponse) -> bool { - let Some(msg) = proposal.msgs.first() else { - return false; - }; - let CosmosMsg::Wasm(WasmMsg::Execute { msg, .. }) = msg else { - return false; - }; - let Ok(ExecuteMsg::RedeemTickets { gw, .. }) = from_json(msg) else { - return false; - }; - - gw == self.address.as_ref() - } - - /// retrieve all redemption proposals made by this gateway since, but excluding, the provided id - pub(crate) async fn proposals_since( - &self, - proposal_id: u64, - ) -> Result, EcashTicketError> { - Ok(self - .start_query() - .await - .list_proposals(Some(proposal_id), None) - .await - .map_err(EcashTicketError::chain_query_failure)? - .proposals - .into_iter() - .filter(|p| self.created_redemption_proposal(p)) - .collect()) - } - - /// retrieve all redemption proposals made by this gateway that are available on the last page of the query - pub(crate) async fn last_proposal_page( - &self, - ) -> Result, EcashTicketError> { - Ok(self - .start_query() - .await - .reverse_proposals(None, None) - .await - .map_err(EcashTicketError::chain_query_failure)? - .proposals - .into_iter() - .filter(|p| self.created_redemption_proposal(p)) - .collect()) - } - async fn set_epoch_data( &self, epoch_id: EpochId, @@ -240,24 +188,6 @@ impl SharedState { data.get(&epoch_id).map(|d| &d.master_key).unwrap() })) } - - pub(crate) async fn start_tx(&self) -> RwLockWriteGuard<'_, DirectSigningHttpRpcNyxdClient> { - self.nyxd_client.write().await - } - - pub(crate) async fn start_query(&self) -> RwLockReadGuard<'_, DirectSigningHttpRpcNyxdClient> { - self.nyxd_client.read().await - } - - pub(crate) async fn current_epoch_id(&self) -> Result { - Ok(self - .start_query() - .await - .get_current_epoch() - .await - .map_err(EcashTicketError::chain_query_failure)? - .epoch_id) - } } pub(crate) struct EpochState { diff --git a/common/http-api-client/Cargo.toml b/common/http-api-client/Cargo.toml index cb297f004c..00d083bbf2 100644 --- a/common/http-api-client/Cargo.toml +++ b/common/http-api-client/Cargo.toml @@ -34,6 +34,7 @@ tracing = { workspace = true } itertools = { workspace = true } inventory = { workspace = true } tokio = { workspace = true, features = ["rt", "macros", "time"] } +rustls = { workspace=true } # used for decoding text responses (they were already implicitly included) bytes = { workspace = true } encoding_rs = { workspace = true } diff --git a/common/http-api-client/src/dns/constants.rs b/common/http-api-client/src/dns/constants.rs index 5a7c35037f..3359310d94 100644 --- a/common/http-api-client/src/dns/constants.rs +++ b/common/http-api-client/src/dns/constants.rs @@ -4,7 +4,7 @@ use std::collections::HashMap; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; pub const NYM_API_DOMAIN: &str = "validator.nymtech.net"; -pub const NYM_API_IPS: &[IpAddr] = &[IpAddr::V4(Ipv4Addr::new(212, 71, 233, 232))]; +pub const NYM_API_IPS: &[IpAddr] = &[IpAddr::V4(Ipv4Addr::new(92, 39, 63, 14))]; pub const NYM_VPN_API_DOMAIN: &str = "nymvpn.com"; pub const NYM_VPN_API_IPS: &[IpAddr] = &[IpAddr::V4(Ipv4Addr::new(76, 76, 21, 21))]; diff --git a/common/http-api-client/src/lib.rs b/common/http-api-client/src/lib.rs index c9baec7eb7..9d94dcf30e 100644 --- a/common/http-api-client/src/lib.rs +++ b/common/http-api-client/src/lib.rs @@ -161,6 +161,8 @@ use reqwest::{RequestBuilder, Response}; use serde::de::DeserializeOwned; use serde::{Deserialize, Serialize}; use std::fmt::Display; +#[cfg(not(target_arch = "wasm32"))] +use std::io::ErrorKind; use std::sync::atomic::{AtomicUsize, Ordering}; use std::time::Duration; use thiserror::Error; @@ -1167,14 +1169,10 @@ impl ApiClientCore for Client { match response { Ok(resp) => return Ok(resp), Err(err) => { - // only if there was a network issue should we consider updating the host info - // - // note: for now this includes DNS resolution failure, I am not sure how I would go about - // segregating that based on the interface provided by request for errors. #[cfg(target_arch = "wasm32")] let is_network_err = err.is_timeout(); #[cfg(not(target_arch = "wasm32"))] - let is_network_err = err.is_timeout() || err.is_connect(); + let is_network_err = might_be_network_interference(&err); if is_network_err { // if we have multiple urls, update to the next @@ -1222,6 +1220,68 @@ impl ApiClientCore for Client { } } +#[cfg(not(target_arch = "wasm32"))] +const MAX_ERR_SOURCE_ITERATIONS: usize = 4; + +/// This functions attempts to check the error returned by reqwest to see if +/// rotating host informtion (for clients with mutliple hosts defined) could be +/// helpful. This looks for situations where the error could plausibly be caused +/// by a network adversary, or where rotating to an equival hostname might help. +/// +/// For example --> NetworkUnreachable will not be helped by rotating domains, +/// but ConnectionReset might be caused by a network adversary blocking by SNI +/// which could possibly benefit from rotating domains. +#[cfg(not(target_arch = "wasm32"))] +pub(crate) fn might_be_network_interference(err: &reqwest::Error) -> bool { + if err.is_timeout() { + return true; + } + + if !(err.is_connect() || err.is_request()) { + return false; + } + + // The io::Error source is several layers deep, for clarity this is done as a loop + // * reqwest::Error -> hyper_util::Error + // * hyper_util::Error -> hyper_util::ClientError + // * hyper_util::ClientError -> io::Error + let mut inner = err.source(); + for _ in 0..MAX_ERR_SOURCE_ITERATIONS { + if let Some(e) = inner { + if let Some(io_err) = e.downcast_ref::() { + // try downcast to io::Error from + match io_err.kind() { + // device not connected to the internet + ErrorKind::NetworkUnreachable | ErrorKind::NetworkDown => return false, + // connection errors can indicate connection interference + ErrorKind::ConnectionReset + | ErrorKind::HostUnreachable + | ErrorKind::ConnectionRefused => return true, + // TLS errors get wrapped in custom io::Errors + ErrorKind::Other | ErrorKind::InvalidData => { + // io::Error get_ref works while source doesn't here -_- + // if you don't like it take it up with the rust devs https://users.rust-lang.org/t/question-about-implementation-of-std-source/121117 + inner = io_err.get_ref().map(|e| e as &dyn std::error::Error); + } + _ => return false, + } + } else if let Some(_tls_err) = e.downcast_ref::() { + // try downcast to TLS error + return true; + } else if let Some(resolve_err) = e.downcast_ref::() { + // try downcast to DNS error + return resolve_err.is_nx_domain(); + } else { + inner = e.source(); + } + } else { + break; + } + } + + false +} + /// Common usage functionality for the http client. /// /// These functions allow for cleaner downstream usage free of type parameters and unneeded imports. diff --git a/common/ip-packet-requests/Cargo.toml b/common/ip-packet-requests/Cargo.toml index 487ff4d782..0d062b2d45 100644 --- a/common/ip-packet-requests/Cargo.toml +++ b/common/ip-packet-requests/Cargo.toml @@ -10,7 +10,11 @@ license.workspace = true description = "Codec, signing functionality, and different version definitions for IP packet request and responses" +[features] +test-utils = ["pnet_packet"] + [dependencies] +pnet_packet = { workspace = true, optional = true } bincode = { workspace = true } bytes = { workspace = true } nym-bin-common = { workspace = true } @@ -18,8 +22,10 @@ nym-crypto = { workspace = true } nym-service-provider-requests-common = { workspace = true } nym-sphinx = { workspace = true } rand = { workspace = true } +semver = { workspace = true } serde = { workspace = true, features = ["derive"] } thiserror = { workspace = true } time = { workspace = true } tokio = { workspace = true, features = ["time"] } tokio-util = { workspace = true, features = ["codec"] } +tracing = { workspace = true } diff --git a/common/ip-packet-requests/src/icmp_utils.rs b/common/ip-packet-requests/src/icmp_utils.rs new file mode 100644 index 0000000000..9dd9b1baea --- /dev/null +++ b/common/ip-packet-requests/src/icmp_utils.rs @@ -0,0 +1,117 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +// Extracted from sdk/rust/nym-sdk/examples/ipr_tunnel.rs + +//! ICMP/ICMPv6 packet construction and reply detection helpers for testing +//! IPR connectivity. Gated behind the `test-utils` feature. + +use std::net::{Ipv4Addr, Ipv6Addr}; + +use pnet_packet::Packet; +use pnet_packet::icmp::echo_reply::EchoReplyPacket; +use pnet_packet::icmp::echo_request::MutableEchoRequestPacket; +use pnet_packet::icmp::{IcmpPacket, IcmpTypes}; +use pnet_packet::icmpv6::Icmpv6Types; +use pnet_packet::ipv4::{Ipv4Flags, MutableIpv4Packet}; +use pnet_packet::ipv6::MutableIpv6Packet; + +/// Build a complete IPv4 ICMP echo request packet. +pub fn build_icmp_ping(src: Ipv4Addr, dst: Ipv4Addr, seq: u16) -> Option> { + let mut echo = MutableEchoRequestPacket::owned(vec![0u8; 64])?; + echo.set_icmp_type(IcmpTypes::EchoRequest); + echo.set_icmp_code(pnet_packet::icmp::IcmpCode::new(0)); + echo.set_sequence_number(seq); + let cksum = pnet_packet::icmp::checksum(&IcmpPacket::new(echo.packet())?); + echo.set_checksum(cksum); + + let total_len = 20 + echo.packet().len(); + let mut ip = MutableIpv4Packet::owned(vec![0u8; total_len])?; + ip.set_version(4); + ip.set_header_length(5); + ip.set_total_length(total_len as u16); + ip.set_ttl(64); + ip.set_next_level_protocol(pnet_packet::ip::IpNextHeaderProtocols::Icmp); + ip.set_source(src); + ip.set_destination(dst); + ip.set_flags(Ipv4Flags::DontFragment); + ip.set_payload(echo.packet()); + + let mut buf = ip.consume_to_immutable().packet().to_vec(); + let cksum = ipv4_checksum(&buf); + buf[10] = (cksum >> 8) as u8; + buf[11] = cksum as u8; + Some(buf) +} + +/// Build a complete IPv6 ICMPv6 echo request packet. +pub fn build_icmpv6_ping(src: Ipv6Addr, dst: Ipv6Addr, seq: u16) -> Option> { + let mut echo = + pnet_packet::icmpv6::echo_request::MutableEchoRequestPacket::owned(vec![0u8; 64])?; + echo.set_icmpv6_type(Icmpv6Types::EchoRequest); + echo.set_icmpv6_code(pnet_packet::icmpv6::Icmpv6Code::new(0)); + echo.set_sequence_number(seq); + let cksum = pnet_packet::icmpv6::checksum( + &pnet_packet::icmpv6::Icmpv6Packet::new(echo.packet())?, + &src, + &dst, + ); + echo.set_checksum(cksum); + + let payload_len = echo.packet().len(); + let mut ip = MutableIpv6Packet::owned(vec![0u8; 40 + payload_len])?; + ip.set_version(6); + ip.set_payload_length(payload_len as u16); + ip.set_next_header(pnet_packet::ip::IpNextHeaderProtocols::Icmpv6); + ip.set_hop_limit(64); + ip.set_source(src); + ip.set_destination(dst); + ip.set_payload(echo.packet()); + + Some(ip.consume_to_immutable().packet().to_vec()) +} + +/// Check if a raw packet is an IPv4 ICMP echo reply destined to `expected_dst`. +pub fn is_echo_reply_v4(data: &[u8], expected_dst: Ipv4Addr) -> bool { + let Some(ip) = pnet_packet::ipv4::Ipv4Packet::new(data) else { + return false; + }; + if ip.get_destination() != expected_dst { + return false; + } + if ip.get_next_level_protocol() != pnet_packet::ip::IpNextHeaderProtocols::Icmp { + return false; + } + let Some(reply) = EchoReplyPacket::new(ip.payload()) else { + return false; + }; + reply.get_icmp_type() == IcmpTypes::EchoReply +} + +/// Check if a raw packet is an IPv6 ICMPv6 echo reply destined to `expected_dst`. +pub fn is_echo_reply_v6(data: &[u8], expected_dst: Ipv6Addr) -> bool { + let Some(ip) = pnet_packet::ipv6::Ipv6Packet::new(data) else { + return false; + }; + if ip.get_destination() != expected_dst { + return false; + } + if ip.get_next_header() != pnet_packet::ip::IpNextHeaderProtocols::Icmpv6 { + return false; + } + let Some(reply) = pnet_packet::icmpv6::echo_reply::EchoReplyPacket::new(ip.payload()) else { + return false; + }; + reply.get_icmpv6_type() == Icmpv6Types::EchoReply +} + +fn ipv4_checksum(header: &[u8]) -> u16 { + let mut sum = 0u32; + for i in (0..20).step_by(2) { + sum += ((header[i] as u32) << 8) | header[i + 1] as u32; + } + while (sum >> 16) > 0 { + sum = (sum & 0xFFFF) + (sum >> 16); + } + !sum as u16 +} diff --git a/common/ip-packet-requests/src/lib.rs b/common/ip-packet-requests/src/lib.rs index 977a277446..f3014a69ec 100644 --- a/common/ip-packet-requests/src/lib.rs +++ b/common/ip-packet-requests/src/lib.rs @@ -3,10 +3,14 @@ use std::fmt::{Display, Formatter}; use std::net::{Ipv4Addr, Ipv6Addr}; pub mod codec; +#[cfg(feature = "test-utils")] +pub mod icmp_utils; +pub mod response_helpers; pub mod sign; pub mod v6; pub mod v7; pub mod v8; +pub mod v9; // version 3: initial version // version 4: IPv6 support @@ -14,6 +18,8 @@ pub mod v8; // version 6: Increase the available IPs // version 7: Add signature support (for the future) // version 8: Anonymous sends +// version 9: LP-framed transport (SphinxStream) +// response_helpers: shared IPR response parsing (nym-ip-packet-client + nym-sdk) #[derive(Copy, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)] pub struct IpPair { diff --git a/common/ip-packet-requests/src/response_helpers.rs b/common/ip-packet-requests/src/response_helpers.rs new file mode 100644 index 0000000000..5caa81ab0d --- /dev/null +++ b/common/ip-packet-requests/src/response_helpers.rs @@ -0,0 +1,134 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +use bytes::{Bytes, BytesMut}; +use tokio_util::codec::Decoder; +use tracing::{error, info, warn}; + +use crate::{ + IpPair, + codec::MultiIpPacketCodec, + v8::response::{ + ConnectResponseReply, ControlResponse, InfoLevel, IpPacketResponse, IpPacketResponseData, + }, +}; + +#[derive(Debug, thiserror::Error)] +pub enum IprResponseError { + #[error("no version byte in message")] + NoVersionByte, + + #[error("version mismatch: received v{received}, expected v{expected}")] + VersionMismatch { expected: u8, received: u8 }, + + #[error("expected control response, got {0:?}")] + UnexpectedResponse(IpPacketResponseData), + + #[error("connect denied: {0:?}")] + ConnectDenied(crate::v8::response::ConnectFailureReason), +} + +pub enum MixnetMessageOutcome { + IpPackets(Vec), + Disconnect, +} + +// Extracted from: +// nym-ip-packet-client/src/helpers.rs — check_ipr_message_version() +// sdk/rust/nym-sdk/src/ip_packet_client/listener.rs — check_ipr_message_version() +/// Check that the first byte of an IPR message matches the expected protocol version. +pub fn check_ipr_message_version(data: &[u8], expected: u8) -> Result<(), IprResponseError> { + let version = data.first().ok_or(IprResponseError::NoVersionByte)?; + if *version != expected { + return Err(IprResponseError::VersionMismatch { + expected, + received: *version, + }); + } + Ok(()) +} + +// Extracted from: +// nym-ip-packet-client/src/connect.rs — handle_connect_response() + handle_ip_packet_router_response() +// sdk/rust/nym-sdk/src/ip_packet_client/discovery.rs — parse_connect_response() +/// Parse an IPR connect response, returning allocated IPs on success. +pub fn parse_connect_response(response: IpPacketResponse) -> Result { + let control_response = match response.data { + IpPacketResponseData::Control(c) => c, + other => return Err(IprResponseError::UnexpectedResponse(other)), + }; + + match *control_response { + ControlResponse::Connect(connect_resp) => match connect_resp.reply { + ConnectResponseReply::Success(success) => Ok(success.ips), + ConnectResponseReply::Failure(reason) => Err(IprResponseError::ConnectDenied(reason)), + }, + _ => Err(IprResponseError::UnexpectedResponse( + IpPacketResponseData::Control(control_response), + )), + } +} + +// Extracted from: +// nym-ip-packet-client/src/listener.rs — IprListener::handle_reconstructed_message() +// sdk/rust/nym-sdk/src/ip_packet_client/listener.rs — handle_ipr_response() +/// Parse raw IPR response bytes into an outcome. +/// +/// Logs non-fatal conditions (unknown control messages, deserialization +/// failures) and returns `None` for them. +pub fn handle_ipr_response(data: &[u8]) -> Option { + match IpPacketResponse::from_bytes(data) { + Ok(response) => match response.data { + IpPacketResponseData::Data(data_response) => { + let mut codec = MultiIpPacketCodec::new(); + let mut buf = BytesMut::from(data_response.ip_packet.as_ref()); + let mut packets = Vec::new(); + loop { + match codec.decode(&mut buf) { + Ok(Some(packet)) => packets.push(packet.into_bytes()), + Ok(None) => break, + Err(e) => { + warn!("Failed to decode bundled IP packet: {e}"); + break; + } + } + } + Some(MixnetMessageOutcome::IpPackets(packets)) + } + IpPacketResponseData::Control(control_response) => match *control_response { + ControlResponse::Connect(_) => { + info!("Received connect response when already connected - ignoring"); + None + } + ControlResponse::Disconnect(_) | ControlResponse::UnrequestedDisconnect(_) => { + info!("Received disconnect from IPR"); + Some(MixnetMessageOutcome::Disconnect) + } + ControlResponse::Pong(_) => { + info!("Received pong response"); + None + } + ControlResponse::Health(_) => { + info!("Received health response"); + None + } + ControlResponse::Info(info_resp) => { + let msg = format!( + "Received info response from the mixnet: {}", + info_resp.reply + ); + match info_resp.level { + InfoLevel::Info => info!("{msg}"), + InfoLevel::Warn => warn!("{msg}"), + InfoLevel::Error => error!("{msg}"), + } + None + } + }, + }, + Err(err) => { + warn!("Failed to deserialize IPR response: {err}"); + None + } + } +} diff --git a/common/ip-packet-requests/src/v8/response.rs b/common/ip-packet-requests/src/v8/response.rs index 12256252bd..1dce990caa 100644 --- a/common/ip-packet-requests/src/v8/response.rs +++ b/common/ip-packet-requests/src/v8/response.rs @@ -179,11 +179,15 @@ impl IpPacketResponse { make_bincode_serializer().serialize(self) } + pub fn from_bytes(data: &[u8]) -> Result { + use bincode::Options; + make_bincode_serializer().deserialize(data) + } + pub fn from_reconstructed_message( message: &nym_sphinx::receiver::ReconstructedMessage, ) -> Result { - use bincode::Options; - make_bincode_serializer().deserialize(&message.message) + Self::from_bytes(&message.message) } } diff --git a/common/ip-packet-requests/src/v9/mod.rs b/common/ip-packet-requests/src/v9/mod.rs new file mode 100644 index 0000000000..881a7c19d9 --- /dev/null +++ b/common/ip-packet-requests/src/v9/mod.rs @@ -0,0 +1,34 @@ +pub const VERSION: u8 = 9; + +/// Minimum nym-node release version that supports v9 (LP Stream framing). +/// Nodes running older versions will not understand LP-wrapped packets. +pub const MIN_RELEASE_VERSION: semver::Version = semver::Version::new(1, 30, 0); + +// v9 uses the same wire format as v8. The version bump indicates +// the message was sent with LP framing (SphinxStream). +// +// Types are re-exported for deserialization/matching. Use the wrapper +// constructors below to create correctly-versioned packets — never +// manually set `protocol.version` or `response.version`. +pub use super::v8::{request, response}; + +/// Create a v9 connect request (version byte set to 9). +pub fn new_connect_request(buffer_timeout: Option) -> (request::IpPacketRequest, u64) { + let (mut req, id) = request::IpPacketRequest::new_connect_request(buffer_timeout); + req.protocol.version = VERSION; + (req, id) +} + +/// Create a v9 data request (version byte set to 9). +pub fn new_data_request(data: bytes::Bytes) -> request::IpPacketRequest { + let mut req = request::IpPacketRequest::new_data_request(data); + req.protocol.version = VERSION; + req +} + +/// Create a v9 IP packet response (version byte set to 9). +pub fn new_ip_packet_response(ip_packet: bytes::Bytes) -> response::IpPacketResponse { + let mut resp = response::IpPacketResponse::new_ip_packet(ip_packet); + resp.version = VERSION; + resp +} diff --git a/common/nym-lp/src/packet/utils.rs b/common/nym-common/src/debug.rs similarity index 88% rename from common/nym-lp/src/packet/utils.rs rename to common/nym-common/src/debug.rs index 4abe90c213..4003daffef 100644 --- a/common/nym-lp/src/packet/utils.rs +++ b/common/nym-common/src/debug.rs @@ -1,3 +1,6 @@ +// Copyright 2026 Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + use std::fmt::{self, Write}; pub fn format_debug_bytes(bytes: &[u8]) -> Result { diff --git a/common/nym-common/src/lib.rs b/common/nym-common/src/lib.rs index b59be68666..a7db978223 100644 --- a/common/nym-common/src/lib.rs +++ b/common/nym-common/src/lib.rs @@ -2,6 +2,7 @@ // Copyright 2024 Nym Technologies SA // SPDX-License-Identifier: GPL-3.0-only +pub mod debug; mod error; pub mod flood; diff --git a/common/nym-lp/Cargo.toml b/common/nym-lp/Cargo.toml index 645b8f8ef2..56ba2c2c11 100644 --- a/common/nym-lp/Cargo.toml +++ b/common/nym-lp/Cargo.toml @@ -21,6 +21,7 @@ tls_codec = { workspace = true } tokio = { workspace = true, features = ["net", "io-util"] } nym-crypto = { workspace = true, features = ["hashing"] } +nym-common.workspace = true nym-kkt = { workspace = true } nym-kkt-ciphersuite = { workspace = true } @@ -45,4 +46,4 @@ mock = ["nym-test-utils"] [[bench]] name = "replay_protection" -harness = false \ No newline at end of file +harness = false diff --git a/common/nym-lp/src/packet/frame.rs b/common/nym-lp/src/packet/frame.rs index 5472b45d1b..81b73de04f 100644 --- a/common/nym-lp/src/packet/frame.rs +++ b/common/nym-lp/src/packet/frame.rs @@ -9,13 +9,13 @@ use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}; #[derive(Debug, Clone, PartialEq)] pub struct LpFrameHeader { pub kind: LpFrameKind, - pub frame_attributes: [u8; 14], + pub frame_attributes: LpFrameAttributes, } impl LpFrameHeader { pub const SIZE: usize = 16; // message_kind(2) + message_attributes(14) - pub fn new(kind: LpFrameKind, frame_attributes: [u8; 14]) -> Self { + pub fn new(kind: LpFrameKind, frame_attributes: LpFrameAttributes) -> Self { Self { kind, frame_attributes, @@ -103,6 +103,13 @@ impl LpFrame { Self::new(LpFrameKind::Forward, data) } + pub fn new_stream(attrs: SphinxStreamFrameAttributes, content: impl Into) -> Self { + Self { + header: LpFrameHeader::new(LpFrameKind::SphinxStream, attrs.encode()), + content: content.into(), + } + } + pub(crate) fn len(&self) -> usize { LpFrameHeader::SIZE + self.content.len() } @@ -115,6 +122,66 @@ pub enum LpFrameKind { Opaque = 0, Registration = 1, Forward = 2, + SphinxStream = 3, +} + +/// Message type within a `LpFrameKind::SphinxStream` frame. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +#[repr(u8)] +pub enum SphinxStreamMsgType { + /// Open a new stream. Content is optional initial data. + Open = 0, + /// Data on an existing stream. + Data = 1, +} + +/// Parsed form of the 14-byte `frame_attributes` for `LpFrameKind::SphinxStream`. +/// +/// Wire layout (big-endian): +/// ```text +/// [0..8 ) stream_id : u64 +/// [8 ) msg_type : u8 (0 = Open, 1 = Data) +/// [9..13) sequence_num : u32 +/// [13 ) reserved : u8 +/// ``` +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub struct SphinxStreamFrameAttributes { + pub stream_id: u64, + pub msg_type: SphinxStreamMsgType, + pub sequence_num: u32, +} + +/// Raw 14-byte frame attributes field in every [`LpFrameHeader`]. +/// Interpretation depends on the [`LpFrameKind`]. +pub type LpFrameAttributes = [u8; 14]; + +impl SphinxStreamFrameAttributes { + pub fn encode(&self) -> LpFrameAttributes { + let mut buf = [0u8; 14]; + buf[0..8].copy_from_slice(&self.stream_id.to_be_bytes()); + buf[8] = self.msg_type as u8; + buf[9..13].copy_from_slice(&self.sequence_num.to_be_bytes()); + buf + } + + pub fn parse(attrs: &LpFrameAttributes) -> Result { + let stream_id = u64::from_be_bytes(attrs[0..8].try_into().unwrap()); + let msg_type = match attrs[8] { + 0 => SphinxStreamMsgType::Open, + 1 => SphinxStreamMsgType::Data, + other => { + return Err(MalformedLpPacketError::DeserialisationFailure(format!( + "invalid stream msg_type: {other}" + ))); + } + }; + let sequence_num = u32::from_be_bytes(attrs[9..13].try_into().unwrap()); + Ok(Self { + stream_id, + msg_type, + sequence_num, + }) + } } #[derive(Debug, Clone, PartialEq, Eq)] diff --git a/common/nym-lp/src/packet/mod.rs b/common/nym-lp/src/packet/mod.rs index 34fddb9973..e5e8687c4b 100644 --- a/common/nym-lp/src/packet/mod.rs +++ b/common/nym-lp/src/packet/mod.rs @@ -1,10 +1,11 @@ // Copyright 2026 - Nym Technologies SA // SPDX-License-Identifier: Apache-2.0 -use crate::packet::utils::format_debug_bytes; use bytes::{BufMut, BytesMut}; use std::fmt::{Debug, Formatter}; +use nym_common::debug::format_debug_bytes; + pub use error::MalformedLpPacketError; pub use frame::{ForwardPacketData, LpFrame}; pub use header::{InnerHeader, LpHeader, OuterHeader}; @@ -13,7 +14,6 @@ pub mod error; pub mod frame; pub mod header; pub mod replay; -pub mod utils; pub mod version { /// The current version of the Lewes Protocol that is put into each new constructed header. diff --git a/contracts/Cargo.lock b/contracts/Cargo.lock index 84a73def30..1fb526afa4 100644 --- a/contracts/Cargo.lock +++ b/contracts/Cargo.lock @@ -709,7 +709,7 @@ dependencies = [ "nym-contracts-common", "nym-contracts-common-testing", "nym-group-contract-common", - "nym-multisig-contract-common", + "nym-multisig-contract-common 1.20.4 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -1258,7 +1258,7 @@ dependencies = [ "cw2", "cw4", "nym-contracts-common", - "nym-multisig-contract-common", + "nym-multisig-contract-common 1.20.4 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -1329,11 +1329,11 @@ dependencies = [ "cw3", "cw4", "nym-contracts-common", + "nym-contracts-common-testing", "nym-crypto", "nym-ecash-contract-common", - "nym-multisig-contract-common", + "nym-multisig-contract-common 1.20.4 (registry+https://github.com/rust-lang/crates.io-index)", "nym-network-defaults", - "rand_chacha", "schemars", "semver", "serde", @@ -1344,8 +1344,6 @@ dependencies = [ [[package]] name = "nym-ecash-contract-common" version = "1.20.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d022e85291bf51877fbbf4688bc3762c605fdaee3b98c6407414f7c358bc5610" dependencies = [ "bs58", "cosmwasm-schema", @@ -1353,7 +1351,7 @@ dependencies = [ "cw-controllers", "cw-utils", "cw2", - "nym-multisig-contract-common", + "nym-multisig-contract-common 1.20.4", "thiserror 2.0.12", ] @@ -1416,6 +1414,21 @@ dependencies = [ "time", ] +[[package]] +name = "nym-multisig-contract-common" +version = "1.20.4" +dependencies = [ + "cosmwasm-schema", + "cosmwasm-std", + "cw-storage-plus", + "cw-utils", + "cw3", + "cw4", + "schemars", + "serde", + "thiserror 2.0.12", +] + [[package]] name = "nym-multisig-contract-common" version = "1.20.4" diff --git a/contracts/Cargo.toml b/contracts/Cargo.toml index 6659cb8804..0b23099771 100644 --- a/contracts/Cargo.toml +++ b/contracts/Cargo.toml @@ -96,3 +96,6 @@ unreachable = "deny" # For local development, import via path instead of crates.io, e.g. # [patch.crates-io] # nym-coconut-dkg-common = { path = "../common/cosmwasm-smart-contracts/coconut-dkg" } + +[patch.crates-io] +nym-ecash-contract-common = { path = "../common/cosmwasm-smart-contracts/ecash-contract" } diff --git a/contracts/ecash/Cargo.toml b/contracts/ecash/Cargo.toml index 4badeb4460..6391ebd269 100644 --- a/contracts/ecash/Cargo.toml +++ b/contracts/ecash/Cargo.toml @@ -39,8 +39,12 @@ nym-network-defaults = { workspace = true, default-features = false } anyhow = { workspace = true } sylvia = { workspace = true, features = ["mt"] } nym-crypto = { workspace = true, features = ["rand", "asymmetric"] } -rand_chacha = "0.3" cw-multi-test = { workspace = true } +nym-contracts-common-testing = { workspace = true } + [features] schema-gen = ["nym-ecash-contract-common/schema"] + +[lints] +workspace = true diff --git a/contracts/ecash/schema/nym-ecash.json b/contracts/ecash/schema/nym-ecash.json index ce67c4b049..7bf0c27804 100644 --- a/contracts/ecash/schema/nym-ecash.json +++ b/contracts/ecash/schema/nym-ecash.json @@ -156,10 +156,10 @@ { "type": "object", "required": [ - "update_deposit_value" + "update_default_deposit_value" ], "properties": { - "update_deposit_value": { + "update_default_deposit_value": { "type": "object", "required": [ "new_deposit" @@ -174,6 +174,54 @@ }, "additionalProperties": false }, + { + "description": "Set (or overwrite) a reduced deposit price for a specific address. Only callable by the contract admin.", + "type": "object", + "required": [ + "set_reduced_deposit_price" + ], + "properties": { + "set_reduced_deposit_price": { + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "type": "string" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "description": "Remove the reduced deposit price for a specific address, reverting them to the default price. Returns an error if the address has no custom price set. Only callable by the contract admin.", + "type": "object", + "required": [ + "remove_reduced_deposit_price" + ], + "properties": { + "remove_reduced_deposit_price": { + "type": "object", + "required": [ + "address" + ], + "properties": { + "address": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, { "type": "object", "required": [ @@ -297,10 +345,44 @@ { "type": "object", "required": [ - "get_required_deposit_amount" + "get_default_deposit_amount" ], "properties": { - "get_required_deposit_amount": { + "get_default_deposit_amount": { + "type": "object", + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_reduced_deposit_amount" + ], + "properties": { + "get_reduced_deposit_amount": { + "type": "object", + "required": [ + "address" + ], + "properties": { + "address": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_all_whitelisted_accounts" + ], + "properties": { + "get_all_whitelisted_accounts": { "type": "object", "additionalProperties": false } @@ -373,6 +455,19 @@ } }, "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_deposits_statistics" + ], + "properties": { + "get_deposits_statistics": { + "type": "object", + "additionalProperties": false + } + }, + "additionalProperties": false } ] }, @@ -380,10 +475,120 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "MigrateMsg", "type": "object", - "additionalProperties": false + "required": [ + "initial_whitelist" + ], + "properties": { + "initial_whitelist": { + "description": "Initial set of whitelisted accounts with their reduced deposit prices. Each entry is validated and stored during migration.", + "type": "array", + "items": { + "$ref": "#/definitions/WhitelistedDeposit" + } + } + }, + "additionalProperties": false, + "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + }, + "WhitelistedDeposit": { + "description": "An address and its reduced deposit price, used when seeding the whitelist via migration.", + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "type": "string" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + } }, "sudo": null, "responses": { + "get_all_whitelisted_accounts": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "WhitelistedAccountsResponse", + "type": "object", + "required": [ + "whitelisted_accounts" + ], + "properties": { + "whitelisted_accounts": { + "type": "array", + "items": { + "$ref": "#/definitions/WhitelistedAccount" + } + } + }, + "additionalProperties": false, + "definitions": { + "Addr": { + "description": "A human readable address.\n\nIn Cosmos, this is typically bech32 encoded. But for multi-chain smart contracts no assumptions should be made other than being UTF-8 encoded and of reasonable length.\n\nThis type represents a validated address. It can be created in the following ways 1. Use `Addr::unchecked(input)` 2. Use `let checked: Addr = deps.api.addr_validate(input)?` 3. Use `let checked: Addr = deps.api.addr_humanize(canonical_addr)?` 4. Deserialize from JSON. This must only be done from JSON that was validated before such as a contract's state. `Addr` must not be used in messages sent by the user because this would result in unvalidated instances.\n\nThis type is immutable. If you really need to mutate it (Really? Are you sure?), create a mutable copy using `let mut mutable = Addr::to_string()` and operate on that `String` instance.", + "type": "string" + }, + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + }, + "WhitelistedAccount": { + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "$ref": "#/definitions/Addr" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + } + }, "get_blacklist_paged": { "$schema": "http://json-schema.org/draft-07/schema#", "title": "PagedBlacklistedAccountResponse", @@ -496,6 +701,30 @@ } } }, + "get_default_deposit_amount": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Coin", + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false, + "definitions": { + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + } + } + }, "get_deposit": { "$schema": "http://json-schema.org/draft-07/schema#", "title": "DepositResponse", @@ -594,6 +823,99 @@ } } }, + "get_deposits_statistics": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "DepositsStatistics", + "description": "Aggregate statistics about all deposits made through the ecash contract.", + "type": "object", + "required": [ + "deposited_with_custom_price", + "deposits_made_with_custom_price", + "total_deposited", + "total_deposited_with_custom_price", + "total_deposited_with_default_price", + "total_deposits_made", + "total_deposits_made_with_custom_price", + "total_deposits_made_with_default_price" + ], + "properties": { + "deposited_with_custom_price": { + "description": "Per-account breakdown of deposited amounts for whitelisted addresses.", + "type": "object", + "additionalProperties": false + }, + "deposits_made_with_custom_price": { + "description": "Per-account breakdown of deposit counts for whitelisted addresses.", + "type": "object", + "additionalProperties": false + }, + "total_deposited": { + "description": "Total value of all deposits ever made (at any price tier), sourced from `PoolCounters::total_deposited`.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposited_with_custom_price": { + "description": "Total value deposited at custom prices, summed across all whitelisted accounts.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposited_with_default_price": { + "description": "Total value deposited at the default price.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposits_made": { + "description": "Total number of deposits ever made (at any price tier), derived from the deposit id counter.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + }, + "total_deposits_made_with_custom_price": { + "description": "Number of deposits made at any custom (reduced) price, summed across all whitelisted accounts.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + }, + "total_deposits_made_with_default_price": { + "description": "Number of deposits made at the default (non-reduced) price.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + } + }, + "additionalProperties": false, + "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + } + } + }, "get_latest_deposit": { "$schema": "http://json-schema.org/draft-07/schema#", "title": "LatestDepositResponse", @@ -644,24 +966,34 @@ } } }, - "get_required_deposit_amount": { + "get_reduced_deposit_amount": { "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Coin", - "type": "object", - "required": [ - "amount", - "denom" - ], - "properties": { - "amount": { - "$ref": "#/definitions/Uint128" + "title": "Nullable_Coin", + "anyOf": [ + { + "$ref": "#/definitions/Coin" }, - "denom": { - "type": "string" + { + "type": "null" } - }, - "additionalProperties": false, + ], "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, "Uint128": { "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", "type": "string" diff --git a/contracts/ecash/schema/raw/execute.json b/contracts/ecash/schema/raw/execute.json index e16868cf1a..3f64fb7f29 100644 --- a/contracts/ecash/schema/raw/execute.json +++ b/contracts/ecash/schema/raw/execute.json @@ -104,10 +104,10 @@ { "type": "object", "required": [ - "update_deposit_value" + "update_default_deposit_value" ], "properties": { - "update_deposit_value": { + "update_default_deposit_value": { "type": "object", "required": [ "new_deposit" @@ -122,6 +122,54 @@ }, "additionalProperties": false }, + { + "description": "Set (or overwrite) a reduced deposit price for a specific address. Only callable by the contract admin.", + "type": "object", + "required": [ + "set_reduced_deposit_price" + ], + "properties": { + "set_reduced_deposit_price": { + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "type": "string" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "description": "Remove the reduced deposit price for a specific address, reverting them to the default price. Returns an error if the address has no custom price set. Only callable by the contract admin.", + "type": "object", + "required": [ + "remove_reduced_deposit_price" + ], + "properties": { + "remove_reduced_deposit_price": { + "type": "object", + "required": [ + "address" + ], + "properties": { + "address": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, { "type": "object", "required": [ diff --git a/contracts/ecash/schema/raw/migrate.json b/contracts/ecash/schema/raw/migrate.json index 7fbe8c5708..6049157ca5 100644 --- a/contracts/ecash/schema/raw/migrate.json +++ b/contracts/ecash/schema/raw/migrate.json @@ -2,5 +2,56 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "MigrateMsg", "type": "object", - "additionalProperties": false + "required": [ + "initial_whitelist" + ], + "properties": { + "initial_whitelist": { + "description": "Initial set of whitelisted accounts with their reduced deposit prices. Each entry is validated and stored during migration.", + "type": "array", + "items": { + "$ref": "#/definitions/WhitelistedDeposit" + } + } + }, + "additionalProperties": false, + "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + }, + "WhitelistedDeposit": { + "description": "An address and its reduced deposit price, used when seeding the whitelist via migration.", + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "type": "string" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + } } diff --git a/contracts/ecash/schema/raw/query.json b/contracts/ecash/schema/raw/query.json index f0a9ef71b1..00b2db97bb 100644 --- a/contracts/ecash/schema/raw/query.json +++ b/contracts/ecash/schema/raw/query.json @@ -55,10 +55,44 @@ { "type": "object", "required": [ - "get_required_deposit_amount" + "get_default_deposit_amount" ], "properties": { - "get_required_deposit_amount": { + "get_default_deposit_amount": { + "type": "object", + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_reduced_deposit_amount" + ], + "properties": { + "get_reduced_deposit_amount": { + "type": "object", + "required": [ + "address" + ], + "properties": { + "address": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_all_whitelisted_accounts" + ], + "properties": { + "get_all_whitelisted_accounts": { "type": "object", "additionalProperties": false } @@ -131,6 +165,19 @@ } }, "additionalProperties": false + }, + { + "type": "object", + "required": [ + "get_deposits_statistics" + ], + "properties": { + "get_deposits_statistics": { + "type": "object", + "additionalProperties": false + } + }, + "additionalProperties": false } ] } diff --git a/contracts/ecash/schema/raw/response_to_get_all_whitelisted_accounts.json b/contracts/ecash/schema/raw/response_to_get_all_whitelisted_accounts.json new file mode 100644 index 0000000000..256867acb3 --- /dev/null +++ b/contracts/ecash/schema/raw/response_to_get_all_whitelisted_accounts.json @@ -0,0 +1,59 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "WhitelistedAccountsResponse", + "type": "object", + "required": [ + "whitelisted_accounts" + ], + "properties": { + "whitelisted_accounts": { + "type": "array", + "items": { + "$ref": "#/definitions/WhitelistedAccount" + } + } + }, + "additionalProperties": false, + "definitions": { + "Addr": { + "description": "A human readable address.\n\nIn Cosmos, this is typically bech32 encoded. But for multi-chain smart contracts no assumptions should be made other than being UTF-8 encoded and of reasonable length.\n\nThis type represents a validated address. It can be created in the following ways 1. Use `Addr::unchecked(input)` 2. Use `let checked: Addr = deps.api.addr_validate(input)?` 3. Use `let checked: Addr = deps.api.addr_humanize(canonical_addr)?` 4. Deserialize from JSON. This must only be done from JSON that was validated before such as a contract's state. `Addr` must not be used in messages sent by the user because this would result in unvalidated instances.\n\nThis type is immutable. If you really need to mutate it (Really? Are you sure?), create a mutable copy using `let mut mutable = Addr::to_string()` and operate on that `String` instance.", + "type": "string" + }, + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + }, + "WhitelistedAccount": { + "type": "object", + "required": [ + "address", + "deposit" + ], + "properties": { + "address": { + "$ref": "#/definitions/Addr" + }, + "deposit": { + "$ref": "#/definitions/Coin" + } + }, + "additionalProperties": false + } + } +} diff --git a/contracts/ecash/schema/raw/response_to_get_default_deposit_amount.json b/contracts/ecash/schema/raw/response_to_get_default_deposit_amount.json new file mode 100644 index 0000000000..b1c4c6c716 --- /dev/null +++ b/contracts/ecash/schema/raw/response_to_get_default_deposit_amount.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Coin", + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false, + "definitions": { + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + } + } +} diff --git a/contracts/ecash/schema/raw/response_to_get_deposits_statistics.json b/contracts/ecash/schema/raw/response_to_get_deposits_statistics.json new file mode 100644 index 0000000000..404799e43b --- /dev/null +++ b/contracts/ecash/schema/raw/response_to_get_deposits_statistics.json @@ -0,0 +1,93 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "DepositsStatistics", + "description": "Aggregate statistics about all deposits made through the ecash contract.", + "type": "object", + "required": [ + "deposited_with_custom_price", + "deposits_made_with_custom_price", + "total_deposited", + "total_deposited_with_custom_price", + "total_deposited_with_default_price", + "total_deposits_made", + "total_deposits_made_with_custom_price", + "total_deposits_made_with_default_price" + ], + "properties": { + "deposited_with_custom_price": { + "description": "Per-account breakdown of deposited amounts for whitelisted addresses.", + "type": "object", + "additionalProperties": false + }, + "deposits_made_with_custom_price": { + "description": "Per-account breakdown of deposit counts for whitelisted addresses.", + "type": "object", + "additionalProperties": false + }, + "total_deposited": { + "description": "Total value of all deposits ever made (at any price tier), sourced from `PoolCounters::total_deposited`.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposited_with_custom_price": { + "description": "Total value deposited at custom prices, summed across all whitelisted accounts.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposited_with_default_price": { + "description": "Total value deposited at the default price.", + "allOf": [ + { + "$ref": "#/definitions/Coin" + } + ] + }, + "total_deposits_made": { + "description": "Total number of deposits ever made (at any price tier), derived from the deposit id counter.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + }, + "total_deposits_made_with_custom_price": { + "description": "Number of deposits made at any custom (reduced) price, summed across all whitelisted accounts.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + }, + "total_deposits_made_with_default_price": { + "description": "Number of deposits made at the default (non-reduced) price.", + "type": "integer", + "format": "uint32", + "minimum": 0.0 + } + }, + "additionalProperties": false, + "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + } + } +} diff --git a/contracts/ecash/schema/raw/response_to_get_reduced_deposit_amount.json b/contracts/ecash/schema/raw/response_to_get_reduced_deposit_amount.json new file mode 100644 index 0000000000..e0533432a2 --- /dev/null +++ b/contracts/ecash/schema/raw/response_to_get_reduced_deposit_amount.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Nullable_Coin", + "anyOf": [ + { + "$ref": "#/definitions/Coin" + }, + { + "type": "null" + } + ], + "definitions": { + "Coin": { + "type": "object", + "required": [ + "amount", + "denom" + ], + "properties": { + "amount": { + "$ref": "#/definitions/Uint128" + }, + "denom": { + "type": "string" + } + }, + "additionalProperties": false + }, + "Uint128": { + "description": "A thin wrapper around u128 that is using strings for JSON encoding/decoding, such that the full u128 range can be used for clients that convert JSON numbers to floats, like JavaScript and jq.\n\n# Examples\n\nUse `from` to create instances of this and `u128` to get the value out:\n\n``` # use cosmwasm_std::Uint128; let a = Uint128::from(123u128); assert_eq!(a.u128(), 123);\n\nlet b = Uint128::from(42u64); assert_eq!(b.u128(), 42);\n\nlet c = Uint128::from(70u32); assert_eq!(c.u128(), 70); ```", + "type": "string" + } + } +} diff --git a/contracts/ecash/src/contract/helpers.rs b/contracts/ecash/src/contract/helpers.rs index 578e967da8..cb7acde076 100644 --- a/contracts/ecash/src/contract/helpers.rs +++ b/contracts/ecash/src/contract/helpers.rs @@ -2,11 +2,9 @@ // SPDX-License-Identifier: Apache-2.0 use crate::contract::NymEcashContract; -use crate::helpers::{ - create_batch_redemption_proposal, create_blacklist_proposal, Config, ProposalId, -}; +use crate::helpers::{create_batch_redemption_proposal, create_blacklist_proposal, ProposalId}; use cosmwasm_schema::cw_serde; -use cosmwasm_std::{to_json_binary, Addr, Coin, Decimal, Deps, Storage, SubMsg, Uint128}; +use cosmwasm_std::{to_json_binary, Addr, Deps, Storage, SubMsg}; use cw3::ProposalResponse; use nym_ecash_contract_common::EcashContractError; use nym_multisig_contract_common::msg::QueryMsg as MultisigQueryMsg; @@ -33,28 +31,6 @@ impl NymEcashContract { Ok(TICKETBOOK_SIZE) } - pub(crate) fn tickets_redemption_amount( - &self, - storage: &dyn Storage, - config: &Config, - number_of_tickets: u16, - ) -> Result { - let deposit_amount = config.deposit_amount.amount; - let ticketbook_size = Uint128::new(self.get_ticketbook_size(storage)? as u128); - let tickets = Uint128::new(number_of_tickets as u128); - - // how many tickets from a ticketbook you redeemed - let book_ratio = Decimal::from_ratio(tickets, ticketbook_size); - - // return = ticketbook_price * (tickets / ticketbook_size) - let return_amount = deposit_amount.mul_floor(book_ratio); - - Ok(Coin { - denom: config.deposit_amount.denom.clone(), - amount: return_amount, - }) - } - fn must_get_multisig_addr(&self, deps: Deps) -> Result { // SAFETY: multisig admin MUST always be set on initialisation, // if the call fails, we're in some weird UB land @@ -117,172 +93,3 @@ impl NymEcashContract { Ok(proposal_response) } } - -#[cfg(test)] -mod tests { - use super::*; - use crate::support::tests::TestSetupSimple; - - #[test] - fn ticket_redemption_amount() -> anyhow::Result<()> { - // make sure the ticketbook size hasn't changed so that our tests are still valid - assert_eq!(TICKETBOOK_SIZE, 50); - - // ticketbook price of 100nym - let test = TestSetupSimple::new().with_deposit_amount(100_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 1)?; - assert_eq!(res.amount.u128(), 2_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 2)?; - assert_eq!(res.amount.u128(), 4_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 5)?; - assert_eq!(res.amount.u128(), 10_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 10)?; - assert_eq!(res.amount.u128(), 20_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 30)?; - assert_eq!(res.amount.u128(), 60_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 50)?; - assert_eq!(res.amount.u128(), 100_000_000); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 123)?; - assert_eq!(res.amount.u128(), 246_000_000); - - // ticketbook price of 1.5unym per ticket - let test = TestSetupSimple::new().with_deposit_amount(75); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 1)?; - assert_eq!(res.amount.u128(), 1); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 2)?; - assert_eq!(res.amount.u128(), 3); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 5)?; - assert_eq!(res.amount.u128(), 7); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 10)?; - assert_eq!(res.amount.u128(), 15); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 30)?; - assert_eq!(res.amount.u128(), 45); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 50)?; - assert_eq!(res.amount.u128(), 75); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 123)?; - assert_eq!(res.amount.u128(), 184); - - // ticketbook price of 1unym per ticket - let test = TestSetupSimple::new().with_deposit_amount(50); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 1)?; - assert_eq!(res.amount.u128(), 1); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 2)?; - assert_eq!(res.amount.u128(), 2); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 5)?; - assert_eq!(res.amount.u128(), 5); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 10)?; - assert_eq!(res.amount.u128(), 10); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 30)?; - assert_eq!(res.amount.u128(), 30); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 50)?; - assert_eq!(res.amount.u128(), 50); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 123)?; - assert_eq!(res.amount.u128(), 123); - - // ticketbook price of 1unym in total - let test = TestSetupSimple::new().with_deposit_amount(1); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 1)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 2)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 5)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 10)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 30)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 50)?; - assert_eq!(res.amount.u128(), 1); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 123)?; - assert_eq!(res.amount.u128(), 2); - - // ticketbook price of 0unym - let test = TestSetupSimple::new().with_deposit_amount(0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 1)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 2)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 5)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 10)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 30)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 50)?; - assert_eq!(res.amount.u128(), 0); - let res = - test.contract() - .tickets_redemption_amount(test.deps().storage, &test.config(), 123)?; - assert_eq!(res.amount.u128(), 0); - - Ok(()) - } -} diff --git a/contracts/ecash/src/contract/mod.rs b/contracts/ecash/src/contract/mod.rs index 934b2bdc07..78b415c457 100644 --- a/contracts/ecash/src/contract/mod.rs +++ b/contracts/ecash/src/contract/mod.rs @@ -4,11 +4,12 @@ use crate::constants::{BLACKLIST_PROPOSAL_REPLY_ID, REDEMPTION_PROPOSAL_REPLY_ID}; use crate::contract::helpers::Invariants; use crate::deposit::DepositStorage; +use crate::deposit_stats::DepositStatsStorage; use crate::helpers::{ BlacklistKey, Config, MultisigReply, BLACKLIST_PAGE_DEFAULT_LIMIT, BLACKLIST_PAGE_MAX_LIMIT, CONTRACT_NAME, CONTRACT_VERSION, DEPOSITS_PAGE_DEFAULT_LIMIT, DEPOSITS_PAGE_MAX_LIMIT, }; -use cosmwasm_std::{coin, BankMsg, Coin, Event, Order, Reply, Response, StdResult}; +use cosmwasm_std::{coin, Addr, Coin, DepsMut, Event, Order, Reply, Response, StdResult}; use cw4::Cw4Contract; use cw_controllers::Admin; use cw_storage_plus::{Bound, Item, Map}; @@ -20,9 +21,12 @@ use nym_ecash_contract_common::counters::PoolCounters; use nym_ecash_contract_common::deposit::{ DepositData, DepositResponse, LatestDepositResponse, PagedDepositsResponse, }; +use nym_ecash_contract_common::deposit_statistics::DepositsStatistics; use nym_ecash_contract_common::events::{ DEPOSITED_FUNDS_EVENT_TYPE, DEPOSIT_ID, PROPOSAL_ID_ATTRIBUTE_NAME, }; +use nym_ecash_contract_common::msg::WhitelistedDeposit; +use nym_ecash_contract_common::reduced_deposit::{WhitelistedAccount, WhitelistedAccountsResponse}; use nym_ecash_contract_common::EcashContractError; use nym_network_defaults::TICKETBOOK_SIZE; use sylvia::ctx::{ExecCtx, InstantiateCtx, MigrateCtx, QueryCtx}; @@ -41,6 +45,13 @@ pub struct NymEcashContract { pub(crate) pool_counters: Item, pub(crate) expected_invariants: Item, + /// Information about the performed deposits + pub(crate) deposit_stats: DepositStatsStorage, + + /// Map of approved addresses that are allowed to perform deposits using a reduced amount + /// as specified by the saved value. + pub(crate) reduced_deposits: Map, + pub(crate) blacklist: Map, pub(crate) deposits: DepositStorage, @@ -58,6 +69,8 @@ impl NymEcashContract { config: Item::new("config"), pool_counters: Item::new("pool_counters"), expected_invariants: Item::new("expected_invariants"), + deposit_stats: DepositStatsStorage::new(), + reduced_deposits: Map::new("reduced_deposits"), blacklist: Map::new("blacklist"), deposits: DepositStorage::new(), } @@ -72,6 +85,9 @@ impl NymEcashContract { group_addr: String, deposit_amount: Coin, ) -> Result { + // all counters, deposits, etc. always use and always will use the same denom + let zero_coin = coin(0, &deposit_amount.denom); + let multisig_addr = ctx.deps.api.addr_validate(&multisig_addr)?; let holding_account = ctx.deps.api.addr_validate(&holding_account)?; let group_addr = Cw4Contract(ctx.deps.api.addr_validate(&group_addr).map_err(|_| { @@ -96,8 +112,9 @@ impl NymEcashContract { self.pool_counters.save( ctx.deps.storage, &PoolCounters { - total_deposited: coin(0, &deposit_amount.denom), - total_redeemed: coin(0, &deposit_amount.denom), + total_deposited: zero_coin.clone(), + total_redeemed: zero_coin.clone(), + tickets_requested_and_not_redeemed: 0, }, )?; @@ -110,6 +127,14 @@ impl NymEcashContract { }, )?; + self.deposit_stats + .deposits_with_default_price + .save(ctx.deps.storage, &0)?; + + self.deposit_stats + .deposits_with_default_price_amounts + .save(ctx.deps.storage, &zero_coin)?; + cw2::set_contract_version(ctx.deps.storage, CONTRACT_NAME, CONTRACT_VERSION)?; set_build_information!(ctx.deps.storage)?; @@ -161,12 +186,49 @@ impl NymEcashContract { } #[sv::msg(query)] - pub fn get_required_deposit_amount(&self, ctx: QueryCtx) -> StdResult { + pub fn get_default_deposit_amount(&self, ctx: QueryCtx) -> StdResult { let deposit_amount = self.config.load(ctx.deps.storage)?.deposit_amount; Ok(deposit_amount) } + // Poor man's alias for backwards compatibility as sv::attr didn't seem to work + #[sv::msg(query)] + pub fn get_required_deposit_amount(&self, ctx: QueryCtx) -> StdResult { + self.get_default_deposit_amount(ctx) + } + + #[sv::msg(query)] + pub fn get_reduced_deposit_amount( + &self, + ctx: QueryCtx, + address: String, + ) -> StdResult> { + let address = ctx.deps.api.addr_validate(&address)?; + let deposit_amount = self.reduced_deposits.may_load(ctx.deps.storage, address)?; + + Ok(deposit_amount) + } + + #[sv::msg(query)] + pub fn get_all_whitelisted_accounts( + &self, + ctx: QueryCtx, + ) -> StdResult { + let whitelisted_accounts = self + .reduced_deposits + .range(ctx.deps.storage, None, None, Order::Ascending) + .map(|item| { + let (address, deposit) = item?; + Ok(WhitelistedAccount { address, deposit }) + }) + .collect::>>()?; + + Ok(WhitelistedAccountsResponse { + whitelisted_accounts, + }) + } + #[sv::msg(query)] pub fn get_deposit( &self, @@ -226,6 +288,40 @@ impl NymEcashContract { }) } + #[sv::msg(query)] + pub fn get_deposits_statistics( + &self, + ctx: QueryCtx, + ) -> Result { + let storage = ctx.deps.storage; + let denom = &self.config.load(storage)?.deposit_amount.denom; + + let total_deposits_made = self.deposits.total_deposits_made(storage)?; + let total_deposited = self.pool_counters.load(storage)?.total_deposited; + + let total_deposits_made_with_default_price = self + .deposit_stats + .get_total_deposits_made_with_default_price(storage)?; + let total_deposited_with_default_price = self + .deposit_stats + .get_total_deposited_with_default_price(storage, denom)?; + + let custom = self + .deposit_stats + .get_custom_price_deposits(storage, denom)?; + + Ok(DepositsStatistics { + total_deposits_made, + total_deposited, + total_deposits_made_with_default_price, + total_deposited_with_default_price, + total_deposits_made_with_custom_price: custom.total_count, + total_deposited_with_custom_price: custom.total_amount, + deposits_made_with_custom_price: custom.per_account_count, + deposited_with_custom_price: custom.per_account_amount, + }) + } + /*===================== ======EXECUTIONS======= =====================*/ @@ -236,20 +332,48 @@ impl NymEcashContract { ctx: ExecCtx, identity_key: String, ) -> Result { - let required_deposit = self.config.load(ctx.deps.storage)?.deposit_amount; + let default_deposit = self.config.load(ctx.deps.storage)?.deposit_amount; + let reduced_deposit = self + .reduced_deposits + .may_load(ctx.deps.storage, ctx.info.sender.clone())?; - let submitted = cw_utils::must_pay(&ctx.info, &required_deposit.denom)?; + let submitted = cw_utils::must_pay(&ctx.info, &default_deposit.denom)?; + let mut funds = ctx.info.funds; - if submitted != required_deposit.amount { - let mut funds = ctx.info.funds; + // Whitelisted accounts may deposit at either their reduced price or the + // default price. If the default price is sent, the deposit is treated as + // a regular (non-reduced) deposit for statistics purposes. + if submitted == default_deposit.amount { + self.deposit_stats + .new_default_deposit(ctx.deps.storage, &default_deposit)?; + } else if let Some(reduced_deposit) = reduced_deposit.as_ref() { + // can't do if let chaining due to outdated rustc used for building contracts + if reduced_deposit.amount == submitted { + self.deposit_stats.new_reduced_deposit( + ctx.deps.storage, + &ctx.info.sender, + reduced_deposit, + )?; + } else { + // we are allowed to send reduced amounts, but we sent the wrong amount + return Err(EcashContractError::WrongAmount { + // SAFETY: the call to `must_pay` ensured a single coin has been sent + #[allow(clippy::unwrap_used)] + received: funds.pop().unwrap(), + amount: reduced_deposit.clone(), + }); + } + } else { + // we sent wrong amount of tokens return Err(EcashContractError::WrongAmount { // SAFETY: the call to `must_pay` ensured a single coin has been sent #[allow(clippy::unwrap_used)] received: funds.pop().unwrap(), - amount: required_deposit, + amount: default_deposit, }); - } + }; + // global total needed when migrating to the nym pool contract self.pool_counters .update(ctx.deps.storage, |mut counters| -> StdResult<_> { counters.total_deposited.amount += submitted; @@ -285,6 +409,8 @@ impl NymEcashContract { Ok(Response::new().add_submessage(msg)) } + /// Old legacy method for requesting ticket redemption by moving them into the holding accounts + /// currently only executed by legacy gateways #[sv::msg(exec)] pub fn redeem_tickets( &self, @@ -301,22 +427,15 @@ impl NymEcashContract { self.multisig .assert_admin(ctx.deps.as_ref(), &ctx.info.sender)?; - let config = self.config.load(ctx.deps.storage)?; - let to_return = self.tickets_redemption_amount(ctx.deps.storage, &config, n)?; - if to_return.amount.is_zero() { - return Ok(Response::new()); - } - self.pool_counters .update(ctx.deps.storage, |mut counters| -> StdResult<_> { - counters.total_redeemed.amount += to_return.amount; + counters.tickets_requested_and_not_redeemed += n as u64; Ok(counters) })?; - Ok(Response::new().add_message(BankMsg::Send { - to_address: config.holding_account.to_string(), - amount: vec![to_return], - })) + Ok(Response::new().add_event( + Event::new("ticket_redemption").add_attribute("moved_to_holding_account", "false"), + )) } #[sv::msg(exec)] @@ -334,7 +453,7 @@ impl NymEcashContract { } #[sv::msg(exec)] - pub fn update_deposit_value( + pub fn update_default_deposit_value( &self, ctx: ExecCtx, new_deposit: Coin, @@ -343,6 +462,14 @@ impl NymEcashContract { self.contract_admin .assert_admin(ctx.deps.as_ref(), &ctx.info.sender)?; + let ticket_book_size = self.get_ticketbook_size(ctx.deps.storage)?; + if new_deposit.amount < cosmwasm_std::Uint128::from(ticket_book_size) { + return Err(EcashContractError::DepositBelowTicketBookSize { + amount: new_deposit.amount, + ticket_book_size, + }); + } + let deposit_str = new_deposit.to_string(); self.config .update(ctx.deps.storage, |mut cfg| -> StdResult<_> { @@ -352,6 +479,85 @@ impl NymEcashContract { Ok(Response::new().add_attribute("updated_deposit", deposit_str)) } + pub(crate) fn add_reduced_deposit_address( + &self, + deps: DepsMut, + address: Addr, + deposit: &Coin, + ) -> Result<(), EcashContractError> { + // the reduced price must be strictly less than the default to avoid + // accidentally misconfiguring an address to pay more than everyone else + let default = self.config.load(deps.storage)?.deposit_amount; + if deposit.denom != default.denom { + return Err(EcashContractError::InvalidReducedDepositDenom { + expected: default.denom, + got: deposit.denom.clone(), + }); + } + if deposit.amount >= default.amount { + return Err(EcashContractError::ReducedDepositNotReduced { + reduced: deposit.amount, + default: default.amount, + }); + } + + let ticket_book_size = self.get_ticketbook_size(deps.storage)?; + if deposit.amount < cosmwasm_std::Uint128::from(ticket_book_size) { + return Err(EcashContractError::DepositBelowTicketBookSize { + amount: deposit.amount, + ticket_book_size, + }); + } + + self.reduced_deposits.save(deps.storage, address, deposit)?; + Ok(()) + } + + #[sv::msg(exec)] + pub fn set_reduced_deposit_price( + &self, + ctx: ExecCtx, + address: String, + deposit: Coin, + ) -> Result { + self.contract_admin + .assert_admin(ctx.deps.as_ref(), &ctx.info.sender)?; + + let addr = ctx.deps.api.addr_validate(&address)?; + self.add_reduced_deposit_address(ctx.deps, addr.clone(), &deposit)?; + + Ok(Response::new() + .add_attribute("action", "set_reduced_deposit_price") + .add_attribute("address", address) + .add_attribute("deposit", deposit.to_string())) + } + + /// Removes the reduced deposit price for a given address, reverting them to + /// the default deposit amount. This is safe to call even if the address has + /// already deposited at the reduced price — their next deposit will simply + /// use the default price. Historical deposit statistics are not affected. + #[sv::msg(exec)] + pub fn remove_reduced_deposit_price( + &self, + ctx: ExecCtx, + address: String, + ) -> Result { + self.contract_admin + .assert_admin(ctx.deps.as_ref(), &ctx.info.sender)?; + + let addr = ctx.deps.api.addr_validate(&address)?; + + if !self.reduced_deposits.has(ctx.deps.storage, addr.clone()) { + return Err(EcashContractError::NoReducedDepositPrice { address }); + } + + self.reduced_deposits.remove(ctx.deps.storage, addr); + + Ok(Response::new() + .add_attribute("action", "remove_reduced_deposit_price") + .add_attribute("address", address)) + } + #[sv::msg(exec)] pub fn propose_to_blacklist( &self, @@ -459,11 +665,15 @@ impl NymEcashContract { =======MIGRATION======= =====================*/ #[sv::msg(migrate)] - pub fn migrate(&self, ctx: MigrateCtx) -> Result { + pub fn migrate( + &self, + ctx: MigrateCtx, + initial_whitelist: Vec, + ) -> Result { set_build_information!(ctx.deps.storage)?; cw2::ensure_from_older_version(ctx.deps.storage, CONTRACT_NAME, CONTRACT_VERSION)?; - queued_migrations::remove_redemption_gateway_share(ctx.deps)?; + queued_migrations::add_tiered_pricing(ctx.deps, initial_whitelist)?; Ok(Response::new()) } diff --git a/contracts/ecash/src/contract/queued_migrations.rs b/contracts/ecash/src/contract/queued_migrations.rs index a479330aca..284b8bf81c 100644 --- a/contracts/ecash/src/contract/queued_migrations.rs +++ b/contracts/ecash/src/contract/queued_migrations.rs @@ -1,42 +1,303 @@ -// Copyright 2024 - Nym Technologies SA +// Copyright 2026 - Nym Technologies SA // SPDX-License-Identifier: Apache-2.0 use crate::contract::NymEcashContract; -use crate::helpers::Config; -use cosmwasm_std::{Addr, Coin, Decimal, DepsMut}; -use cw4::Cw4Contract; -use cw_storage_plus::Item; +use cosmwasm_std::DepsMut; +use nym_ecash_contract_common::msg::WhitelistedDeposit; use nym_ecash_contract_common::EcashContractError; -use serde::{Deserialize, Serialize}; -pub fn remove_redemption_gateway_share(deps: DepsMut) -> Result<(), EcashContractError> { - #[derive(Serialize, Deserialize)] - struct OldConfig { - group_addr: Cw4Contract, - holding_account: Addr, +pub fn add_tiered_pricing( + mut deps: DepsMut, + initial_whitelist: Vec, +) -> Result<(), EcashContractError> { + let contract = NymEcashContract::new(); - redemption_gateway_share: Decimal, - deposit_amount: Coin, + // All the deposits made so far were performed with the default price. + let deposits_performed = contract.deposits.total_deposits_made(deps.storage)?; + let deposits_amounts = contract.pool_counters.load(deps.storage)?.total_deposited; + + contract + .deposit_stats + .deposits_with_default_price + .save(deps.storage, &deposits_performed)?; + + contract + .deposit_stats + .deposits_with_default_price_amounts + .save(deps.storage, &deposits_amounts)?; + + // Seed the whitelist with the initial set of reduced deposit prices. + for whitelisted in initial_whitelist { + let addr = deps.api.addr_validate(&whitelisted.address)?; + + contract.add_reduced_deposit_address(deps.branch(), addr, &whitelisted.deposit)?; } - impl From for Config { - fn from(config: OldConfig) -> Self { - Config { - group_addr: config.group_addr, - holding_account: config.holding_account, - deposit_amount: config.deposit_amount, - } - } - } - - const OLD_CONFIG: Item = Item::new("config"); - - let old_config = OLD_CONFIG.load(deps.storage)?; - let new_config = old_config.into(); - - NymEcashContract::new() - .config - .save(deps.storage, &new_config)?; - Ok(()) } + +#[cfg(test)] +mod tests { + use super::*; + use crate::contract::helpers::Invariants; + use crate::deposit::DepositStorage; + use crate::deposit_stats::DepositStatsStorage; + use crate::helpers::Config; + use cosmwasm_std::testing::{mock_dependencies, MockApi, MockQuerier}; + use cosmwasm_std::{coin, Empty, MemoryStorage, OwnedDeps, Uint128}; + use cw4::Cw4Contract; + use cw_storage_plus::Item; + use nym_ecash_contract_common::counters::PoolCounters; + + const DENOM: &str = "unym"; + const DEFAULT_DEPOSIT: u128 = 75_000_000; + const TICKET_BOOK_SIZE: u64 = 50; + + /// Initialise the contract config and invariants so that whitelist + /// validation during migration has the values it needs. + fn save_config_and_invariants( + deps: &mut OwnedDeps>, + ) { + let contract = NymEcashContract::new(); + let group_addr = deps.api.addr_make("group"); + let holding_account = deps.api.addr_make("holding"); + contract + .config + .save( + deps.as_mut().storage, + &Config { + group_addr: Cw4Contract(group_addr), + holding_account, + deposit_amount: coin(DEFAULT_DEPOSIT, DENOM), + }, + ) + .unwrap(); + contract + .expected_invariants + .save( + deps.as_mut().storage, + &Invariants { + ticket_book_size: TICKET_BOOK_SIZE, + }, + ) + .unwrap(); + } + + fn save_pool_counters(storage: &mut dyn cosmwasm_std::Storage, total_deposited: u128) { + let pool_counters: Item = Item::new("pool_counters"); + pool_counters + .save( + storage, + &PoolCounters { + total_deposited: coin(total_deposited, DENOM), + total_redeemed: coin(0, DENOM), + tickets_requested_and_not_redeemed: 0, + }, + ) + .unwrap(); + } + + #[test] + fn migration_with_no_prior_deposits_initialises_stats_to_zero() { + let mut deps = mock_dependencies(); + + // No deposit_id_counter saved — contract never had a deposit. + save_pool_counters(deps.as_mut().storage, 0); + + add_tiered_pricing(deps.as_mut(), vec![]).unwrap(); + + let stats = DepositStatsStorage::new(); + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 0 + ); + assert_eq!( + stats + .deposits_with_default_price_amounts + .load(deps.as_ref().storage) + .unwrap(), + coin(0, DENOM) + ); + } + + #[test] + fn migration_with_prior_deposits_backfills_correct_count() { + let mut deps = mock_dependencies(); + let n_deposits: u32 = 3; + let total: u128 = n_deposits as u128 * 75_000_000; + + // Simulate n_deposits having been made: counter stores the next available id, + // which equals the number of deposits already performed. + let deposits = DepositStorage::new(); + deposits + .deposit_id_counter + .save(deps.as_mut().storage, &n_deposits) + .unwrap(); + + save_pool_counters(deps.as_mut().storage, total); + + add_tiered_pricing(deps.as_mut(), vec![]).unwrap(); + + let stats = DepositStatsStorage::new(); + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + n_deposits + ); + assert_eq!( + stats + .deposits_with_default_price_amounts + .load(deps.as_ref().storage) + .unwrap(), + coin(total, DENOM) + ); + } + + #[test] + fn migration_with_single_deposit_backfills_count_of_one() { + let mut deps = mock_dependencies(); + + // After one deposit, next_id returns 0 and saves counter=1. + let deposits = DepositStorage::new(); + deposits + .deposit_id_counter + .save(deps.as_mut().storage, &1u32) + .unwrap(); + + save_pool_counters(deps.as_mut().storage, 75_000_000); + + add_tiered_pricing(deps.as_mut(), vec![]).unwrap(); + + let stats = DepositStatsStorage::new(); + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 1 + ); + } + + #[test] + fn migration_stores_valid_whitelist_entries() { + let mut deps = mock_dependencies(); + save_pool_counters(deps.as_mut().storage, 0); + save_config_and_invariants(&mut deps); + + let addr1 = deps.api.addr_make("alice"); + let addr2 = deps.api.addr_make("bob"); + + let whitelist = vec![ + WhitelistedDeposit { + address: addr1.to_string(), + deposit: coin(10_000_000, DENOM), + }, + WhitelistedDeposit { + address: addr2.to_string(), + deposit: coin(50_000_000, DENOM), + }, + ]; + + add_tiered_pricing(deps.as_mut(), whitelist).unwrap(); + + let contract = NymEcashContract::new(); + assert_eq!( + contract + .reduced_deposits + .load(deps.as_ref().storage, addr1) + .unwrap(), + coin(10_000_000, DENOM) + ); + assert_eq!( + contract + .reduced_deposits + .load(deps.as_ref().storage, addr2) + .unwrap(), + coin(50_000_000, DENOM) + ); + } + + #[test] + fn migration_rejects_wrong_denom() { + let mut deps = mock_dependencies(); + save_pool_counters(deps.as_mut().storage, 0); + save_config_and_invariants(&mut deps); + + let whitelist = vec![WhitelistedDeposit { + address: deps.api.addr_make("alice").to_string(), + deposit: coin(10_000_000, "uatom"), + }]; + + let err = add_tiered_pricing(deps.as_mut(), whitelist).unwrap_err(); + assert_eq!( + err, + EcashContractError::InvalidReducedDepositDenom { + expected: DENOM.to_string(), + got: "uatom".to_string(), + } + ); + } + + #[test] + fn migration_rejects_amount_not_less_than_default() { + let mut deps = mock_dependencies(); + save_pool_counters(deps.as_mut().storage, 0); + save_config_and_invariants(&mut deps); + + // Equal to default — should fail + let whitelist = vec![WhitelistedDeposit { + address: deps.api.addr_make("alice").to_string(), + deposit: coin(DEFAULT_DEPOSIT, DENOM), + }]; + + let err = add_tiered_pricing(deps.as_mut(), whitelist).unwrap_err(); + assert_eq!( + err, + EcashContractError::ReducedDepositNotReduced { + reduced: Uint128::new(DEFAULT_DEPOSIT), + default: Uint128::new(DEFAULT_DEPOSIT), + } + ); + + // Greater than default — should also fail + let whitelist = vec![WhitelistedDeposit { + address: deps.api.addr_make("alice").to_string(), + deposit: coin(DEFAULT_DEPOSIT + 1, DENOM), + }]; + + let err = add_tiered_pricing(deps.as_mut(), whitelist).unwrap_err(); + assert_eq!( + err, + EcashContractError::ReducedDepositNotReduced { + reduced: Uint128::new(DEFAULT_DEPOSIT + 1), + default: Uint128::new(DEFAULT_DEPOSIT), + } + ); + } + + #[test] + fn migration_rejects_amount_below_ticket_book_size() { + let mut deps = mock_dependencies(); + save_pool_counters(deps.as_mut().storage, 0); + save_config_and_invariants(&mut deps); + + let whitelist = vec![WhitelistedDeposit { + address: deps.api.addr_make("alice").to_string(), + deposit: coin(TICKET_BOOK_SIZE as u128 - 1, DENOM), + }]; + + let err = add_tiered_pricing(deps.as_mut(), whitelist).unwrap_err(); + assert_eq!( + err, + EcashContractError::DepositBelowTicketBookSize { + amount: Uint128::new(TICKET_BOOK_SIZE as u128 - 1), + ticket_book_size: TICKET_BOOK_SIZE, + } + ); + } +} diff --git a/contracts/ecash/src/contract/test.rs b/contracts/ecash/src/contract/test.rs index 77f4dade4c..cdf79f6195 100644 --- a/contracts/ecash/src/contract/test.rs +++ b/contracts/ecash/src/contract/test.rs @@ -3,8 +3,8 @@ use crate::contract::NymEcashContract; use cosmwasm_std::testing::{message_info, mock_dependencies, mock_env, MockApi, MockQuerier}; -use cosmwasm_std::{coin, Addr, Empty, Env, MemoryStorage, OwnedDeps}; -use sylvia::ctx::{InstantiateCtx, QueryCtx}; +use cosmwasm_std::{coin, Addr, Empty, Env, MemoryStorage, MessageInfo, OwnedDeps}; +use sylvia::ctx::{ExecCtx, InstantiateCtx, QueryCtx}; pub const TEST_DENOM: &str = "unym"; @@ -55,30 +55,48 @@ impl TestSetup { pub fn query_ctx(&self) -> QueryCtx<'_> { QueryCtx::from((self.deps.as_ref(), self.env.clone())) } + + pub fn exec_ctx(&mut self, sender: MessageInfo) -> ExecCtx<'_> { + ExecCtx::from((self.deps.as_mut(), self.env.clone(), sender)) + } + + pub fn admin_info(&self) -> MessageInfo { + let admin = self + .contract + .contract_admin + .get(self.deps.as_ref()) + .unwrap() + .unwrap(); + message_info(&admin, &[]) + } } #[cfg(test)] mod tests { use super::*; + use cosmwasm_std::coin; use nym_ecash_contract_common::deposit::Deposit; + use nym_ecash_contract_common::reduced_deposit::WhitelistedAccount; + use nym_ecash_contract_common::EcashContractError; use sylvia::anyhow; + const CONTRACT: NymEcashContract = NymEcashContract::new(); + #[test] fn deposit_queries() -> anyhow::Result<()> { let mut test = TestSetup::init(); // no deposit - let res = test.contract.get_deposit(test.query_ctx(), 42)?; + let res = CONTRACT.get_deposit(test.query_ctx(), 42)?; assert!(res.deposit.is_none()); - let deps = test.deps.as_mut(); - let deposit_id = test.contract.deposits.save_deposit( - deps.storage, + let deposit_id = CONTRACT.deposits.save_deposit( + test.deps.as_mut().storage, "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), )?; // deposit exists - let res = test.contract.get_deposit(test.query_ctx(), deposit_id)?; + let res = CONTRACT.get_deposit(test.query_ctx(), deposit_id)?; let expected = Deposit { bs58_encoded_ed25519_pubkey: "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), }; @@ -87,4 +105,392 @@ mod tests { Ok(()) } + + #[test] + fn get_default_deposit_amount_returns_configured_value() -> anyhow::Result<()> { + let test = TestSetup::init(); + + let amount = CONTRACT.get_default_deposit_amount(test.query_ctx())?; + + assert_eq!(amount, coin(75_000_000, TEST_DENOM)); + + Ok(()) + } + + #[test] + fn get_reduced_deposit_amount_returns_none_for_unlisted_address() -> anyhow::Result<()> { + let test = TestSetup::init(); + let unknown = test.deps.api.addr_make("unknown"); + + let amount = CONTRACT.get_reduced_deposit_amount(test.query_ctx(), unknown.to_string())?; + + assert!(amount.is_none()); + + Ok(()) + } + + #[test] + fn get_reduced_deposit_amount_returns_amount_for_whitelisted_address() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("whitelisted"); + let reduced = coin(10_000_000, TEST_DENOM); + + CONTRACT + .reduced_deposits + .save(test.deps.as_mut().storage, addr.clone(), &reduced)?; + + let amount = CONTRACT.get_reduced_deposit_amount(test.query_ctx(), addr.to_string())?; + + assert_eq!(amount, Some(reduced)); + + Ok(()) + } + + // --- get_all_whitelisted_accounts --- + + #[test] + fn get_all_whitelisted_accounts_returns_empty_by_default() -> anyhow::Result<()> { + let test = TestSetup::init(); + + let res = CONTRACT.get_all_whitelisted_accounts(test.query_ctx())?; + assert!(res.whitelisted_accounts.is_empty()); + + Ok(()) + } + + #[test] + fn get_all_whitelisted_accounts_returns_all_entries() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let alice = test.deps.api.addr_make("alice"); + let bob = test.deps.api.addr_make("bob"); + + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + alice.to_string(), + coin(10_000_000, TEST_DENOM), + )?; + + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + bob.to_string(), + coin(5_000_000, TEST_DENOM), + )?; + + let res = CONTRACT.get_all_whitelisted_accounts(test.query_ctx())?; + assert_eq!(res.whitelisted_accounts.len(), 2); + + assert!(res.whitelisted_accounts.contains(&WhitelistedAccount { + address: alice, + deposit: coin(10_000_000, TEST_DENOM), + })); + assert!(res.whitelisted_accounts.contains(&WhitelistedAccount { + address: bob, + deposit: coin(5_000_000, TEST_DENOM), + })); + + Ok(()) + } + + // --- set_reduced_deposit_price --- + + #[test] + fn set_reduced_deposit_price_requires_admin() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let non_admin = test.deps.api.addr_make("non_admin"); + let addr = test.deps.api.addr_make("alice"); + + let err = CONTRACT + .set_reduced_deposit_price( + test.exec_ctx(message_info(&non_admin, &[])), + addr.to_string(), + coin(10_000_000, TEST_DENOM), + ) + .unwrap_err(); + + assert!(matches!(err, EcashContractError::Admin(_))); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_rejects_wrong_denom() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + let admin = test.admin_info(); + + let err = CONTRACT + .set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(10_000_000, "uatom"), + ) + .unwrap_err(); + + assert_eq!( + err, + EcashContractError::InvalidReducedDepositDenom { + expected: TEST_DENOM.to_string(), + got: "uatom".to_string(), + } + ); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_rejects_amount_equal_to_default() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + let admin = test.admin_info(); + + let err = CONTRACT + .set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(75_000_000, TEST_DENOM), // same as default + ) + .unwrap_err(); + + assert!(matches!( + err, + EcashContractError::ReducedDepositNotReduced { .. } + )); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_rejects_amount_above_default() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + let admin = test.admin_info(); + + let err = CONTRACT + .set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(100_000_000, TEST_DENOM), + ) + .unwrap_err(); + + assert!(matches!( + err, + EcashContractError::ReducedDepositNotReduced { .. } + )); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_rejects_amount_below_ticket_book_size() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + let admin = test.admin_info(); + + let err = CONTRACT + .set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(10, TEST_DENOM), // below ticket_book_size (50) + ) + .unwrap_err(); + + assert!(matches!( + err, + EcashContractError::DepositBelowTicketBookSize { .. } + )); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_stores_price() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + let reduced = coin(10_000_000, TEST_DENOM); + let admin = test.admin_info(); + + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + reduced.clone(), + )?; + + let stored = CONTRACT.get_reduced_deposit_amount(test.query_ctx(), addr.to_string())?; + + assert_eq!(stored, Some(reduced)); + + Ok(()) + } + + #[test] + fn set_reduced_deposit_price_overwrites_existing_price() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(10_000_000, TEST_DENOM), + )?; + + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(5_000_000, TEST_DENOM), + )?; + + let stored = CONTRACT.get_reduced_deposit_amount(test.query_ctx(), addr.to_string())?; + + assert_eq!(stored, Some(coin(5_000_000, TEST_DENOM))); + + Ok(()) + } + + // --- remove_reduced_deposit_price --- + + #[test] + fn remove_reduced_deposit_price_requires_admin() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let non_admin = test.deps.api.addr_make("non_admin"); + let addr = test.deps.api.addr_make("alice"); + + let err = CONTRACT + .remove_reduced_deposit_price( + test.exec_ctx(message_info(&non_admin, &[])), + addr.to_string(), + ) + .unwrap_err(); + + assert!(matches!(err, EcashContractError::Admin(_))); + + Ok(()) + } + + #[test] + fn remove_reduced_deposit_price_clears_stored_price() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + addr.to_string(), + coin(10_000_000, TEST_DENOM), + )?; + + let admin = test.admin_info(); + CONTRACT.remove_reduced_deposit_price(test.exec_ctx(admin), addr.to_string())?; + + let stored = CONTRACT.get_reduced_deposit_amount(test.query_ctx(), addr.to_string())?; + + assert!(stored.is_none()); + + Ok(()) + } + + #[test] + fn remove_reduced_deposit_price_errors_for_unlisted_address() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let addr = test.deps.api.addr_make("alice"); + + let admin = test.admin_info(); + let err = CONTRACT + .remove_reduced_deposit_price(test.exec_ctx(admin), addr.to_string()) + .unwrap_err(); + + assert_eq!( + err, + EcashContractError::NoReducedDepositPrice { + address: addr.to_string() + } + ); + + Ok(()) + } + + // --- get_deposits_statistics --- + + #[test] + fn get_deposits_statistics_returns_zeroes_after_init() -> anyhow::Result<()> { + let test = TestSetup::init(); + + let stats = CONTRACT.get_deposits_statistics(test.query_ctx())?; + + assert_eq!(stats.total_deposits_made, 0); + assert_eq!(stats.total_deposited, coin(0, TEST_DENOM)); + assert_eq!(stats.total_deposits_made_with_default_price, 0); + assert_eq!( + stats.total_deposited_with_default_price, + coin(0, TEST_DENOM) + ); + assert_eq!(stats.total_deposits_made_with_custom_price, 0); + assert_eq!(stats.total_deposited_with_custom_price, coin(0, TEST_DENOM)); + assert!(stats.deposits_made_with_custom_price.is_empty()); + assert!(stats.deposited_with_custom_price.is_empty()); + + CONTRACT + .deposit_stats + .assert_counts_consistent(test.deps.as_ref().storage, stats.total_deposits_made); + + Ok(()) + } + + #[test] + fn deposit_stats_invariant_holds_after_mixed_deposits() -> anyhow::Result<()> { + let mut test = TestSetup::init(); + let alice = test.deps.api.addr_make("alice"); + let bob = test.deps.api.addr_make("bob"); + + // whitelist alice + let admin = test.admin_info(); + CONTRACT.set_reduced_deposit_price( + test.exec_ctx(admin), + alice.to_string(), + coin(10_000_000, TEST_DENOM), + )?; + + // alice deposits at reduced price + let alice_info = message_info(&alice, &[coin(10_000_000, TEST_DENOM)]); + CONTRACT.deposit_ticket_book_funds( + test.exec_ctx(alice_info), + "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), + )?; + + // bob deposits at default price + let bob_info = message_info(&bob, &[coin(75_000_000, TEST_DENOM)]); + CONTRACT.deposit_ticket_book_funds( + test.exec_ctx(bob_info), + "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), + )?; + + // alice deposits again at reduced price + let alice_info = message_info(&alice, &[coin(10_000_000, TEST_DENOM)]); + CONTRACT.deposit_ticket_book_funds( + test.exec_ctx(alice_info), + "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), + )?; + + // alice deposits at the default price — should be treated as a normal deposit + let alice_info = message_info(&alice, &[coin(75_000_000, TEST_DENOM)]); + CONTRACT.deposit_ticket_book_funds( + test.exec_ctx(alice_info), + "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK".to_string(), + )?; + + let total = CONTRACT + .deposits + .total_deposits_made(test.deps.as_ref().storage)?; + assert_eq!(total, 4); + + CONTRACT + .deposit_stats + .assert_counts_consistent(test.deps.as_ref().storage, total); + + Ok(()) + } } diff --git a/contracts/ecash/src/deposit.rs b/contracts/ecash/src/deposit.rs index 11d13831b8..f71b23a55d 100644 --- a/contracts/ecash/src/deposit.rs +++ b/contracts/ecash/src/deposit.rs @@ -29,6 +29,14 @@ impl DepositStorage { .map_err(Into::into) } + /// Returns the total number of deposits ever made. + /// + /// The deposit id counter stores the next available id, which equals the + /// total count (first deposit gets id 0, counter becomes 1, and so on). + pub fn total_deposits_made(&self, storage: &dyn Storage) -> Result { + Ok(self.deposit_id_counter.may_load(storage)?.unwrap_or(0)) + } + fn next_id(&self, store: &mut dyn Storage) -> Result { let id: DepositId = self.deposit_id_counter.may_load(store)?.unwrap_or_default(); let next_id = id + 1; @@ -115,8 +123,8 @@ impl StoredDeposits { #[cfg(test)] mod tests { use super::*; - use crate::support::tests::test_rng; use cosmwasm_std::testing::mock_dependencies; + use nym_contracts_common_testing::test_rng; use nym_crypto::asymmetric::ed25519; #[test] @@ -142,6 +150,23 @@ mod tests { Ok(()) } + #[test] + fn total_deposits_made_tracks_count() -> anyhow::Result<()> { + let mut deps = mock_dependencies(); + let storage = DepositStorage::new(); + + assert_eq!(storage.total_deposits_made(deps.as_ref().storage)?, 0); + + let _ = storage.next_id(deps.as_mut().storage)?; + assert_eq!(storage.total_deposits_made(deps.as_ref().storage)?, 1); + + let _ = storage.next_id(deps.as_mut().storage)?; + let _ = storage.next_id(deps.as_mut().storage)?; + assert_eq!(storage.total_deposits_made(deps.as_ref().storage)?, 3); + + Ok(()) + } + #[test] fn iterating_over_deposits() { let mut deps = mock_dependencies(); diff --git a/contracts/ecash/src/deposit_stats.rs b/contracts/ecash/src/deposit_stats.rs new file mode 100644 index 0000000000..3dcc935c28 --- /dev/null +++ b/contracts/ecash/src/deposit_stats.rs @@ -0,0 +1,374 @@ +// Copyright 2026 - Nym Technologies SA +// SPDX-License-Identifier: GPL-3.0-only + +use cosmwasm_std::{coin, Addr, Coin, Order, StdResult, Storage}; +use cw_storage_plus::{Item, Map}; +use nym_ecash_contract_common::EcashContractError; +use std::collections::HashMap; + +pub(crate) struct DepositStatsStorage { + /// Total deposits performed with the default price + pub(crate) deposits_with_default_price: Item, + + /// Total amounts deposited with the default price + pub(crate) deposits_with_default_price_amounts: Item, + + /// Total deposits performed with a custom price by account + pub(crate) deposits_with_custom_price: Map, + + /// Total amounts deposited with a custom price by account + pub(crate) deposits_with_custom_price_amounts: Map, +} + +impl DepositStatsStorage { + pub(crate) const fn new() -> Self { + Self { + deposits_with_default_price: Item::new("deposits_with_default_price"), + deposits_with_default_price_amounts: Item::new("deposits_with_default_price_amounts"), + deposits_with_custom_price: Map::new("deposits_with_custom_price"), + deposits_with_custom_price_amounts: Map::new("deposits_with_custom_price_amounts"), + } + } + + pub(crate) fn new_default_deposit( + &self, + store: &mut dyn Storage, + deposited: &Coin, + ) -> Result<(), EcashContractError> { + self.deposits_with_default_price + .update(store, |count| StdResult::Ok(count + 1))?; + self.deposits_with_default_price_amounts + .update(store, |amount| { + let mut updated = amount; + updated.amount += deposited.amount; + StdResult::Ok(updated) + })?; + + Ok(()) + } + + pub(crate) fn new_reduced_deposit( + &self, + store: &mut dyn Storage, + sender: &Addr, + deposited: &Coin, + ) -> Result<(), EcashContractError> { + self.deposits_with_custom_price + .update(store, sender.clone(), |count| { + StdResult::Ok(count.unwrap_or_default() + 1) + })?; + + self.deposits_with_custom_price_amounts + .update(store, sender.clone(), |amount| { + let updated = match amount { + None => deposited.clone(), + Some(mut existing) => { + existing.amount += deposited.amount; + existing + } + }; + StdResult::Ok(updated) + })?; + + Ok(()) + } + + pub(crate) fn get_total_deposits_made_with_default_price( + &self, + store: &dyn Storage, + ) -> StdResult { + Ok(self + .deposits_with_default_price + .may_load(store)? + .unwrap_or(0)) + } + + pub(crate) fn get_total_deposited_with_default_price( + &self, + store: &dyn Storage, + denom: &str, + ) -> StdResult { + Ok(self + .deposits_with_default_price_amounts + .may_load(store)? + .unwrap_or_else(|| coin(0, denom))) + } + + pub(crate) fn get_custom_price_deposits( + &self, + store: &dyn Storage, + denom: &str, + ) -> StdResult { + let mut total_count = 0; + let mut total_amount = coin(0, denom); + let mut per_account_count = HashMap::new(); + let mut per_account_amount = HashMap::new(); + + for item in self + .deposits_with_custom_price + .range(store, None, None, Order::Ascending) + { + let (addr, count) = item?; + total_count += count; + per_account_count.insert(addr.into_string(), count); + } + + for item in + self.deposits_with_custom_price_amounts + .range(store, None, None, Order::Ascending) + { + let (addr, amount) = item?; + total_amount.amount += amount.amount; + per_account_amount.insert(addr.into_string(), amount); + } + + Ok(CustomPriceDepositStats { + total_count, + total_amount, + per_account_count, + per_account_amount, + }) + } +} + +impl DepositStatsStorage { + /// Asserts that the per-tier deposit counts sum to the given total. + /// Only meaningful when all deposits go through the contract entry point + /// (not after raw storage writes that bypass bookkeeping). + #[cfg(test)] + pub(crate) fn assert_counts_consistent(&self, store: &dyn Storage, total_deposits_made: u32) { + let default_count = self + .get_total_deposits_made_with_default_price(store) + .unwrap(); + let custom = self.get_custom_price_deposits(store, "unused").unwrap(); + assert_eq!( + default_count + custom.total_count, + total_deposits_made, + "deposit stats invariant violated: default ({default_count}) + custom ({}) != total ({total_deposits_made})", + custom.total_count, + ); + } +} + +pub(crate) struct CustomPriceDepositStats { + pub(crate) total_count: u32, + pub(crate) total_amount: Coin, + pub(crate) per_account_count: HashMap, + pub(crate) per_account_amount: HashMap, +} + +#[cfg(test)] +mod tests { + use super::*; + use cosmwasm_std::coin; + use cosmwasm_std::testing::mock_dependencies; + + const DENOM: &str = "unym"; + const DEFAULT_AMOUNT: u128 = 75_000_000; + const REDUCED_AMOUNT: u128 = 10_000_000; + + /// Mirror what `instantiate` does: zero-initialise the default-price counters. + /// The custom-price Maps need no initialisation (they start empty). + fn init_stats(storage: &mut dyn Storage) -> DepositStatsStorage { + let stats = DepositStatsStorage::new(); + stats.deposits_with_default_price.save(storage, &0).unwrap(); + stats + .deposits_with_default_price_amounts + .save(storage, &coin(0, DENOM)) + .unwrap(); + stats + } + + #[test] + fn single_default_deposit_increments_count_and_amount() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + + stats + .new_default_deposit(deps.as_mut().storage, &coin(DEFAULT_AMOUNT, DENOM)) + .unwrap(); + + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 1 + ); + assert_eq!( + stats + .deposits_with_default_price_amounts + .load(deps.as_ref().storage) + .unwrap(), + coin(DEFAULT_AMOUNT, DENOM) + ); + } + + #[test] + fn multiple_default_deposits_accumulate() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + + for _ in 0..3 { + stats + .new_default_deposit(deps.as_mut().storage, &coin(DEFAULT_AMOUNT, DENOM)) + .unwrap(); + } + + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 3 + ); + assert_eq!( + stats + .deposits_with_default_price_amounts + .load(deps.as_ref().storage) + .unwrap(), + coin(DEFAULT_AMOUNT * 3, DENOM) + ); + } + + #[test] + fn single_reduced_deposit_is_tracked_per_address() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + let alice = deps.api.addr_make("alice"); + + stats + .new_reduced_deposit(deps.as_mut().storage, &alice, &coin(REDUCED_AMOUNT, DENOM)) + .unwrap(); + + assert_eq!( + stats + .deposits_with_custom_price + .load(deps.as_ref().storage, alice.clone()) + .unwrap(), + 1 + ); + assert_eq!( + stats + .deposits_with_custom_price_amounts + .load(deps.as_ref().storage, alice.clone()) + .unwrap(), + coin(REDUCED_AMOUNT, DENOM) + ); + // default-price stats must be untouched + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 0 + ); + } + + #[test] + fn multiple_reduced_deposits_same_address_accumulate() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + let alice = deps.api.addr_make("alice"); + + for _ in 0..4 { + stats + .new_reduced_deposit(deps.as_mut().storage, &alice, &coin(REDUCED_AMOUNT, DENOM)) + .unwrap(); + } + + assert_eq!( + stats + .deposits_with_custom_price + .load(deps.as_ref().storage, alice.clone()) + .unwrap(), + 4 + ); + assert_eq!( + stats + .deposits_with_custom_price_amounts + .load(deps.as_ref().storage, alice.clone()) + .unwrap(), + coin(REDUCED_AMOUNT * 4, DENOM) + ); + } + + #[test] + fn reduced_deposits_for_different_addresses_tracked_independently() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + let alice = deps.api.addr_make("alice"); + let bob = deps.api.addr_make("bob"); + + stats + .new_reduced_deposit(deps.as_mut().storage, &alice, &coin(REDUCED_AMOUNT, DENOM)) + .unwrap(); + stats + .new_reduced_deposit(deps.as_mut().storage, &alice, &coin(REDUCED_AMOUNT, DENOM)) + .unwrap(); + stats + .new_reduced_deposit(deps.as_mut().storage, &bob, &coin(5_000_000, DENOM)) + .unwrap(); + + assert_eq!( + stats + .deposits_with_custom_price + .load(deps.as_ref().storage, alice.clone()) + .unwrap(), + 2 + ); + assert_eq!( + stats + .deposits_with_custom_price + .load(deps.as_ref().storage, bob.clone()) + .unwrap(), + 1 + ); + assert_eq!( + stats + .deposits_with_custom_price_amounts + .load(deps.as_ref().storage, alice) + .unwrap(), + coin(REDUCED_AMOUNT * 2, DENOM) + ); + assert_eq!( + stats + .deposits_with_custom_price_amounts + .load(deps.as_ref().storage, bob) + .unwrap(), + coin(5_000_000, DENOM) + ); + } + + #[test] + fn default_and_reduced_stats_do_not_interfere() { + let mut deps = mock_dependencies(); + let stats = init_stats(deps.as_mut().storage); + let alice = deps.api.addr_make("alice"); + + stats + .new_default_deposit(deps.as_mut().storage, &coin(DEFAULT_AMOUNT, DENOM)) + .unwrap(); + stats + .new_reduced_deposit(deps.as_mut().storage, &alice, &coin(REDUCED_AMOUNT, DENOM)) + .unwrap(); + stats + .new_default_deposit(deps.as_mut().storage, &coin(DEFAULT_AMOUNT, DENOM)) + .unwrap(); + + assert_eq!( + stats + .deposits_with_default_price + .load(deps.as_ref().storage) + .unwrap(), + 2 + ); + assert_eq!( + stats + .deposits_with_custom_price + .load(deps.as_ref().storage, alice) + .unwrap(), + 1 + ); + } +} diff --git a/contracts/ecash/src/helpers.rs b/contracts/ecash/src/helpers.rs index 82f5767ecc..ec313af2a6 100644 --- a/contracts/ecash/src/helpers.rs +++ b/contracts/ecash/src/helpers.rs @@ -22,6 +22,9 @@ pub(crate) const CONTRACT_VERSION: &str = env!("CARGO_PKG_VERSION"); pub struct Config { pub group_addr: Cw4Contract, pub holding_account: Addr, + + /// Specifies the expected default deposit amount if the sender is not in the whitelisted set. + #[serde(alias = "default_deposit_amount")] pub deposit_amount: Coin, } diff --git a/contracts/ecash/src/lib.rs b/contracts/ecash/src/lib.rs index a66566e247..83359af34b 100644 --- a/contracts/ecash/src/lib.rs +++ b/contracts/ecash/src/lib.rs @@ -1,15 +1,10 @@ // Copyright 2024 - Nym Technologies SA // SPDX-License-Identifier: Apache-2.0 -#![warn(clippy::expect_used)] -#![warn(clippy::unwrap_used)] -#![warn(clippy::todo)] -#![warn(clippy::dbg_macro)] - mod constants; pub mod contract; mod deposit; +mod deposit_stats; mod helpers; #[cfg(test)] pub mod multitest; -mod support; diff --git a/contracts/ecash/src/multitest.rs b/contracts/ecash/src/multitest.rs index 74b3d2c443..e157eeda00 100644 --- a/contracts/ecash/src/multitest.rs +++ b/contracts/ecash/src/multitest.rs @@ -10,6 +10,9 @@ use sylvia::{cw_multi_test::App as MtApp, multitest::App}; use crate::contract::sv::mt::{CodeId, NymEcashContractProxy}; +const DENOM: &str = "unym"; +const DEPOSIT_AMOUNT: u128 = 75_000_000; + #[test] fn invalid_deposit() { let owner = "owner".into_bech32(); @@ -73,3 +76,198 @@ fn invalid_deposit() { EcashContractError::InvalidDeposit(PaymentError::MissingDenom(denom.to_string())) ); } + +#[test] +fn wrong_deposit_amount() { + let owner = "owner".into_bech32(); + + let mtapp = MtApp::new(|router, _, storage| { + router + .bank + .init_balance(storage, &owner, vec![Coin::new(1_000_000_000u128, DENOM)]) + .unwrap() + }); + let app = App::new(mtapp); + let code_id = CodeId::store_code(&app); + let contract = code_id + .instantiate( + MockApi::default().addr_make("holding_account").to_string(), + MockApi::default().addr_make("multisig_addr").to_string(), + MockApi::default().addr_make("group_addr").to_string(), + coin(DEPOSIT_AMOUNT, DENOM), + ) + .call(&owner) + .unwrap(); + + let vk = "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK"; + + // too little + assert_eq!( + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(1_000_000u128, DENOM)]) + .call(&owner) + .unwrap_err(), + EcashContractError::WrongAmount { + received: coin(1_000_000u128, DENOM), + amount: coin(DEPOSIT_AMOUNT, DENOM), + } + ); + + // too much + assert_eq!( + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(100_000_000u128, DENOM)]) + .call(&owner) + .unwrap_err(), + EcashContractError::WrongAmount { + received: coin(100_000_000u128, DENOM), + amount: coin(DEPOSIT_AMOUNT, DENOM), + } + ); +} + +#[test] +fn correct_default_deposit_succeeds() { + let owner = "owner".into_bech32(); + + let mtapp = MtApp::new(|router, _, storage| { + router + .bank + .init_balance(storage, &owner, vec![Coin::new(1_000_000_000u128, DENOM)]) + .unwrap() + }); + let app = App::new(mtapp); + let code_id = CodeId::store_code(&app); + let contract = code_id + .instantiate( + MockApi::default().addr_make("holding_account").to_string(), + MockApi::default().addr_make("multisig_addr").to_string(), + MockApi::default().addr_make("group_addr").to_string(), + coin(DEPOSIT_AMOUNT, DENOM), + ) + .call(&owner) + .unwrap(); + + let vk = "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK"; + + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(DEPOSIT_AMOUNT, DENOM)]) + .call(&owner) + .unwrap(); +} + +#[test] +fn reduced_price_deposit_end_to_end() { + let owner = "owner".into_bech32(); + let whitelisted = "whitelisted".into_bech32(); + let non_whitelisted = "non_whitelisted".into_bech32(); + let reduced_amount: u128 = 10_000_000; + + let mtapp = MtApp::new(|router, _, storage| { + router + .bank + .init_balance( + storage, + &whitelisted, + vec![Coin::new(1_000_000_000u128, DENOM)], + ) + .unwrap(); + router + .bank + .init_balance( + storage, + &non_whitelisted, + vec![Coin::new(1_000_000_000u128, DENOM)], + ) + .unwrap(); + }); + let app = App::new(mtapp); + let code_id = CodeId::store_code(&app); + let contract = code_id + .instantiate( + MockApi::default().addr_make("holding_account").to_string(), + MockApi::default().addr_make("multisig_addr").to_string(), + MockApi::default().addr_make("group_addr").to_string(), + coin(DEPOSIT_AMOUNT, DENOM), + ) + .call(&owner) + .unwrap(); + + let vk = "GLdR2NRVZBiCoCbv4fNqt9wUJZAnNjGXHkx3TjVAUzrK"; + + // whitelist an address with a reduced price + contract + .set_reduced_deposit_price(whitelisted.to_string(), coin(reduced_amount, DENOM)) + .call(&owner) + .unwrap(); + + // whitelisted address can deposit at the reduced price + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(reduced_amount, DENOM)]) + .call(&whitelisted) + .unwrap(); + + // whitelisted address can also deposit at the default price — + // treated as a normal (non-reduced) deposit for statistics purposes + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(DEPOSIT_AMOUNT, DENOM)]) + .call(&whitelisted) + .unwrap(); + + // whitelisted address is rejected when sending an amount that is + // neither the reduced nor the default price + assert_eq!( + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(50_000_000, DENOM)]) + .call(&whitelisted) + .unwrap_err(), + EcashContractError::WrongAmount { + received: coin(50_000_000, DENOM), + amount: coin(reduced_amount, DENOM), + } + ); + + // non-whitelisted address is rejected at the reduced amount + assert_eq!( + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(reduced_amount, DENOM)]) + .call(&non_whitelisted) + .unwrap_err(), + EcashContractError::WrongAmount { + received: coin(reduced_amount, DENOM), + amount: coin(DEPOSIT_AMOUNT, DENOM), + } + ); + + // non-whitelisted address succeeds at the default amount + contract + .deposit_ticket_book_funds(vk.to_string()) + .with_funds(&[coin(DEPOSIT_AMOUNT, DENOM)]) + .call(&non_whitelisted) + .unwrap(); + + let stats = contract.get_deposits_statistics().unwrap(); + assert_eq!(stats.total_deposits_made, 3); + assert_eq!( + stats.total_deposited, + coin(reduced_amount + DEPOSIT_AMOUNT * 2, DENOM) + ); + // whitelisted depositing at default price + non-whitelisted = 2 default deposits + assert_eq!(stats.total_deposits_made_with_default_price, 2); + assert_eq!( + stats.total_deposited_with_default_price, + coin(DEPOSIT_AMOUNT * 2, DENOM) + ); + assert_eq!(stats.total_deposits_made_with_custom_price, 1); + assert_eq!( + stats.total_deposited_with_custom_price, + coin(reduced_amount, DENOM) + ); +} diff --git a/contracts/ecash/src/support/mod.rs b/contracts/ecash/src/support/mod.rs deleted file mode 100644 index f217570509..0000000000 --- a/contracts/ecash/src/support/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -// Copyright 2024 - Nym Technologies SA -// SPDX-License-Identifier: Apache-2.0 - -#[cfg(test)] -pub mod tests; diff --git a/contracts/ecash/src/support/tests.rs b/contracts/ecash/src/support/tests.rs deleted file mode 100644 index de31ea4e6d..0000000000 --- a/contracts/ecash/src/support/tests.rs +++ /dev/null @@ -1,104 +0,0 @@ -// Copyright 2024 - Nym Technologies SA -// SPDX-License-Identifier: Apache-2.0 - -use crate::contract::NymEcashContract; -use crate::helpers::Config; -use cosmwasm_std::testing::{message_info, mock_dependencies, mock_env, MockApi, MockQuerier}; -use cosmwasm_std::{coin, Addr, Deps, Empty, Env, MemoryStorage, MessageInfo, OwnedDeps}; -use rand_chacha::rand_core::SeedableRng; -use rand_chacha::ChaCha20Rng; -use sylvia::ctx::{ExecCtx, InstantiateCtx, QueryCtx}; - -pub fn test_rng() -> ChaCha20Rng { - let dummy_seed = [42u8; 32]; - ChaCha20Rng::from_seed(dummy_seed) -} - -const CONTRACT: NymEcashContract = NymEcashContract::new(); - -const DENOM: &str = "unym"; - -#[allow(dead_code)] -pub struct TestSetupSimple { - pub deps: OwnedDeps>, - pub env: Env, - pub rng: ChaCha20Rng, - pub owner: Addr, - pub holding_account: Addr, - pub multisig_contract: Addr, - pub group_contract: Addr, -} - -impl TestSetupSimple { - pub fn new() -> Self { - let mut deps = mock_dependencies(); - let env = mock_env(); - let owner = deps.api.addr_make("owner"); - - let rng = test_rng(); - let holding_account = deps.api.addr_make("holding_account"); - let multisig_contract = deps.api.addr_make("multisig_contract"); - let group_contract = deps.api.addr_make("group_contract"); - - let init_ctx = - InstantiateCtx::from((deps.as_mut(), env.clone(), message_info(&owner, &[]))); - - CONTRACT - .instantiate( - init_ctx, - holding_account.to_string(), - multisig_contract.to_string(), - group_contract.to_string(), - coin(75_000_000, DENOM.to_string()), - ) - .unwrap(); - - TestSetupSimple { - deps, - env, - rng, - owner, - holding_account, - multisig_contract, - group_contract, - } - } - - pub fn admin(&self) -> MessageInfo { - let admin = CONTRACT - .contract_admin - .get(self.deps.as_ref()) - .unwrap() - .unwrap(); - message_info(&admin, &[]) - } - - pub fn execute_ctx(&mut self, sender: MessageInfo) -> ExecCtx<'_> { - let env = self.env.clone(); - ExecCtx::from((self.deps.as_mut(), env, sender)) - } - - #[allow(dead_code)] - pub fn query_ctx(&self) -> QueryCtx<'_> { - QueryCtx::from((self.deps.as_ref(), self.env.clone())) - } - - pub fn contract(&self) -> NymEcashContract { - CONTRACT - } - - pub fn deps(&self) -> Deps<'_> { - self.deps.as_ref() - } - - pub fn config(&self) -> Config { - CONTRACT.config.load(self.deps().storage).unwrap() - } - - pub fn with_deposit_amount(mut self, amount: u128) -> Self { - CONTRACT - .update_deposit_value(self.execute_ctx(self.admin()), coin(amount, DENOM)) - .unwrap(); - self - } -} diff --git a/documentation/docs/components/landing-page.tsx b/documentation/docs/components/landing-page.tsx index 699e704263..9df5a95192 100644 --- a/documentation/docs/components/landing-page.tsx +++ b/documentation/docs/components/landing-page.tsx @@ -1,120 +1,507 @@ -import React from "react"; -import { Box, Grid, Typography } from "@mui/material"; -import useMediaQuery from "@mui/material/useMediaQuery"; -import { useTheme } from "@mui/material/styles"; - -import Image from "next/image"; +import React, { useState, useEffect, useRef } from "react"; import Link from "next/link"; -import networkDocs from "../public/images/landing/Vector1.png"; -import developerDocs from "../public/images/landing/Vector2.png"; -import sdkDocs from "../public/images/landing/Vector3.png"; -import operatorGuide from "../public/images/landing/Vector4.png"; -export const LandingPage = () => { - const theme = useTheme(); - const isTablet = useMediaQuery(theme.breakpoints.up("md")); - const isDesktop = useMediaQuery(theme.breakpoints.up("xl")); +const asciiStyle: React.CSSProperties = { + fontFamily: "var(--font-mono)", + fontSize: "0.72rem", + lineHeight: 1.4, + color: "var(--colorPrimary)", + opacity: 0.7, + whiteSpace: "pre", + margin: 0, +}; - const squares = [ - { - text: "Network Docs", - description: "Architecture, crypto systems, and how the Mixnet works", - href: "/network", - icon: developerDocs, - }, - { - text: "Operator Guides", - description: - "Guides and maintenance: if you want to run a node, start here", +// ── Animation components ── - href: "/operators/introduction", - icon: operatorGuide, - }, - { - text: "Developer Portal", - description: "Conceptual overview, clients, tools and SDKs", +const randomRow = () => Math.floor(Math.random() * 3); +const randomPath = () => [randomRow(), randomRow(), randomRow()]; - href: "/developers", - icon: sdkDocs, - }, - { - text: "APIs", - description: "Interactive API specs for Nym infrastructure", +const NetworkAnimation = () => { + // Packets traverse 5 stages: gw_e(0) → M1(1) → M2(2) → M3(3) → gw_ex(4) + // stage -1 = not yet mounted (SSR-safe, renders all ○) + const [packets, setPackets] = useState([ + { path: randomPath(), stage: -1 }, + { path: randomPath(), stage: -1 }, + ]); + useEffect(() => { + // kick off with staggered positions + setPackets([ + { path: randomPath(), stage: 0 }, + { path: randomPath(), stage: 3 }, + ]); - href: "/apis/introduction", - icon: networkDocs, - }, - ]; + const id = setInterval(() => { + setPackets((prev) => + prev.map((p) => { + const next = (p.stage + 1) % 5; + return { stage: next, path: next === 0 ? randomPath() : p.path }; + }) + ); + }, 300); + return () => clearInterval(id); + }, []); - const shortenDescription = (description: string) => { - return description.slice(0, 18) + "..."; + const gwNode = (stage: number) => { + const active = packets.some((p) => p.stage === stage); + return ( + + {active ? "\u25CF" : "\u25CB"} + + ); + }; + + const mixNode = (col: number, row: number) => { + const active = packets.some( + (p) => p.stage === col + 1 && p.path[col] === row + ); + const filled = active; + return ( + + {filled ? "\u25CF" : "\u25CB"} + + ); }; return ( - - {/* - Nym Docs - - - - Nym is a privacy platform. It provides strong network-level privacy - against sophisticated end-to-end attackers, and anonymous access control - using blinded, re-randomizable, decentralized credentials. Our goal is - to allow developers to build new applications, or upgrade existing apps, - with privacy features unavailable in other systems. - */} - - {squares.map((square, index) => ( - - - - - {square.text} - - - - {square.description} - - - {square.text} - - - - ))} - - +
+      {"gw_e  M1   M2   M3  gw_ex\n"}
+      {"       "}
+      {mixNode(0, 0)}
+      {" \u2500\u2500 "}
+      {mixNode(1, 0)}
+      {" \u2500\u2500 "}
+      {mixNode(2, 0)}
+      {"\n"}
+      {"        \\  / \\  /\n"}
+      {"  "}
+      {gwNode(0)}
+      {" \u2500\u2500 "}
+      {mixNode(0, 1)}
+      {" \u2500\u2500 "}
+      {mixNode(1, 1)}
+      {" \u2500\u2500 "}
+      {mixNode(2, 1)}
+      {" \u2500\u2500 "}
+      {gwNode(4)}
+      {"\n"}
+      {"        /  \\ /  \\\n"}
+      {"       "}
+      {mixNode(0, 2)}
+      {" \u2500\u2500 "}
+      {mixNode(1, 2)}
+      {" \u2500\u2500 "}
+      {mixNode(2, 2)}
+    
+ ); +}; + +const TypewriterAnimation = () => { + const text = + "let client = MixnetClient::connect_new().await?;\n" + + "\n" + + "client.send(msg).await;"; + const [charCount, setCharCount] = useState(0); + const [showCursor, setShowCursor] = useState(true); + + useEffect(() => { + let cancelled = false; + const run = () => { + setCharCount(0); + let i = 0; + const type = () => { + if (cancelled) return; + if (i <= text.length) { + setCharCount(i); + i++; + setTimeout(type, 40); + } else { + setTimeout(() => { + if (!cancelled) run(); + }, 2000); + } + }; + type(); + }; + run(); + return () => { + cancelled = true; + }; + }, []); + + useEffect(() => { + const id = setInterval(() => setShowCursor((v) => !v), 530); + return () => clearInterval(id); + }, []); + + return ( +
+      {text.slice(0, charCount)}
+      {showCursor ? "\u258C" : " "}
+      {text.slice(charCount)}
+    
+ ); +}; + +const OperatorsAnimation = () => { + const totalBars = 10; + const [tick, setTick] = useState(0); + const mixRef = useRef(0); + const [mixCount, setMixCount] = useState(0); + + useEffect(() => { + const id = setInterval(() => { + setTick((t) => t + 1); + mixRef.current += Math.floor(Math.random() * 8) + 5; + setMixCount(mixRef.current); + }, 80); + return () => clearInterval(id); + }, []); + + const mixFilled = Math.min(tick % 12, totalBars); + const bar = (f: number) => + "\u25A0".repeat(f) + "\u25A1".repeat(totalBars - f); + const fmt = (n: number) => n.toLocaleString("en"); + + return ( +
+      {"> nym-node run\n\n"}
+      {"  mixing: "}
+      {bar(mixFilled)}
+      {"  "}
+      {fmt(mixCount)}
+      {" pkts"}
+    
+ ); +}; + +const ApiAnimation = () => { + const lines = [ + "GET /v1/mixnodes/active", + "", + '{ "count": 498,', + ' "nodes": [ ... ] }', + ]; + const [visibleLines, setVisibleLines] = useState(0); + + useEffect(() => { + let cancelled = false; + const run = () => { + setVisibleLines(0); + setTimeout(() => { + if (cancelled) return; + setVisibleLines(1); + setTimeout(() => { + if (cancelled) return; + let i = 2; + const reveal = () => { + if (cancelled) return; + if (i <= lines.length) { + setVisibleLines(i); + i++; + setTimeout(reveal, 300); + } else { + setTimeout(() => { + if (!cancelled) run(); + }, 2000); + } + }; + reveal(); + }, 800); + }, 100); + }; + run(); + return () => { + cancelled = true; + }; + }, []); + + return ( +
+      {lines.slice(0, visibleLines).map((line, i) => (
+        
+          {i > 0 && "\n"}
+          {line}
+        
+      ))}
+      
+        {lines.slice(visibleLines).map((line, i) => (
+          
+            {visibleLines > 0 || i > 0 ? "\n" : ""}
+            {line}
+          
+        ))}
+      
+    
+ ); +}; + +// ── Section data ── + +const sections = [ + { + title: "Network", + description: + "Architecture, cryptographic systems, and how the Mixnet protects your traffic.", + href: "/network", + animation: "network" as const, + }, + { + title: "Developers", + description: "SDKs, tutorials, and integration guides for building on Nym.", + href: "/developers", + animation: "typewriter" as const, + }, + { + title: "Operators", + description: + "Set up and maintain mix nodes, gateways, and network infrastructure.", + href: "/operators/introduction", + animation: "progress" as const, + }, + { + title: "APIs", + description: "Interactive specs for querying Nym infrastructure.", + href: "/apis/introduction", + animation: "api" as const, + }, +]; + +const AnimationBlock = ({ type }: { type: string }) => { + switch (type) { + case "network": + return ; + case "typewriter": + return ; + case "progress": + return ; + case "api": + return ; + default: + return null; + } +}; + +const sdks = [ + { + name: "Rust", + description: + "Native SDK with async Mixnet client, streams, and TcpProxy modules.", + href: "/developers/rust", + }, + { + name: "TypeScript", + description: + "Browser-based SDK with fetch API replacement and message-based WebSocket transport.", + href: "/developers/typescript", + }, +]; + +export const LandingPage = () => { + return ( +
+ {/* ── Section cards ── */} +
+ {sections.map((s, i) => ( + +
+
+
+

+ {s.title} +

+ + › + +
+

+ {s.description} +

+
+ +
+ + ))} +
+ + {/* ── SDKs ── */} +
+
+

+ SDKs +

+

+ Integrate Mixnet privacy into your application with our Rust and + TypeScript SDKs. +

+
+
+ {sdks.map((sdk, i) => ( + +
0 ? "-1px" : undefined, + display: "flex", + alignItems: "center", + justifyContent: "space-between", + transition: "background-color 0.15s", + cursor: "pointer", + }} + > +
+ + {sdk.name} + +

+ {sdk.description} +

+
+ + › + +
+ + ))} +
+
+ + {/* ── Links ── */} + +
); }; diff --git a/documentation/docs/components/operators/snippets/ports-nym-node.mdx b/documentation/docs/components/operators/snippets/ports-nym-node.mdx index adc15fc6ab..076a038e1f 100644 --- a/documentation/docs/components/operators/snippets/ports-nym-node.mdx +++ b/documentation/docs/components/operators/snippets/ports-nym-node.mdx @@ -1,4 +1,4 @@ -Open the needed ports for `nym-node` by running these commands: +import { Callout } from 'nextra/components'; ```sh ufw allow 22/tcp # SSH - you're in control of these ports @@ -7,8 +7,16 @@ ufw allow 443/tcp # HTTPS ufw allow 1789/tcp # Nym specific - Mixnet ufw allow 1790/tcp # Nym specific - Verloc ufw allow 8080/tcp # Nym specific - nym-node-api -ufw allow 9000/tcp # Nym Specific - clients port +ufw allow 9000/tcp # Nym specific - clients port ufw allow 9001/tcp # Nym specific - wss port -ufw allow 51822/udp # WireGuard -ufw allow in on nymwg to any port 51830 proto tcp # bandwidth queries/topup - inside the tunnel +ufw allow 41264/tcp # Nym specific - Lewes Protocol registration +ufw allow 51264/udp # Nym specific - Lewes Protocol data ``` + + +Note that these ports were moved to [NTM](/operators/nodes/preliminary-steps/vps-setup#1-download-the-new-ntm) as they are for Gateways only +```sh +# ufw allow 51822/udp # WireGuard +# ufw allow in on nymwg to any port 51830 proto tcp # bandwidth queries/topup - inside the tunnel +``` + \ No newline at end of file diff --git a/documentation/docs/components/operators/snippets/tabs-ports-nym-node.mdx b/documentation/docs/components/operators/snippets/tabs-ports-nym-node.mdx new file mode 100644 index 0000000000..6b553d436e --- /dev/null +++ b/documentation/docs/components/operators/snippets/tabs-ports-nym-node.mdx @@ -0,0 +1,79 @@ +import { MyTab } from 'components/generic-tabs.tsx'; +import { Tabs, Steps } from 'nextra/components'; +import PortsNymNode from 'components/operators/snippets/ports-nym-node.mdx'; + +
+ + +For operators considering to eventually run `nym-node` in a Gateway mode or supporting WireGuard routing, use the tab for Gateways & WireGuard. + +For mixnode only open the needed ports for Nym services using Uncomplicated Firewall (`ufw`) by running these commands: + + + +###### 1. Ensure `ufw` functionality + +- Check if you have `ufw` installed: +```sh +ufw version +``` + +- If it's not installed, install with: +```sh +apt install ufw -y +``` + +- Enable ufw +```sh +ufw enable +``` + +- Check the status of the firewall +```sh +ufw status +``` + +###### 2. Open required ports for Nym services using `ufw` + +- Copy this whole block to open all ports for mixnode + + + +###### 3. Validate opened ports +- Re-check the status of the firewall +```sh +ufw status +``` + + + + + +Gateways (and WireGuard) nodes use [`network-tunnel-manager.sh` (NTM)](https://github.com/nymtech/nym/refs/heads/develop/scripts/nym-node-setup/network-tunnel-manager.sh) tool to open ports for Nym related services, setup and configure Nym networking devices, configure Nym exit policy and run tests. For more info, read the chapter [*Routing configuration*](/operators/nodes/nym-node/configuration#routing-configuration). + +Follow these steps to setup complete routing of your server hosting a Nym node. + + + +###### 1. Download the new NTM + +- Download the latest NTM and make it executable: +```sh +curl -L https://raw.githubusercontent.com/nymtech/nym/refs/heads/develop/scripts/nym-node-setup/network-tunnel-manager.sh -o ./network-tunnel-manager.sh && \ +chmod +x network-tunnel-manager.sh +``` + +###### 2. Update the exit policy + +- To ensure your routing is clean, run: +```sh +./network-tunnel-manager.sh complete_networking_configuration +``` + + + + +
\ No newline at end of file diff --git a/documentation/docs/components/outputs/api-scraping-outputs/time-now.md b/documentation/docs/components/outputs/api-scraping-outputs/time-now.md index 99b1edc85f..3d232e6dc0 100644 --- a/documentation/docs/components/outputs/api-scraping-outputs/time-now.md +++ b/documentation/docs/components/outputs/api-scraping-outputs/time-now.md @@ -1 +1 @@ -Thursday, March 12th 2026, 13:23:46 UTC +Thursday, March 26th 2026, 11:17:59 UTC diff --git a/documentation/docs/components/outputs/command-outputs/node-api-check-query-help.md b/documentation/docs/components/outputs/command-outputs/node-api-check-query-help.md index 999f3d4a6f..bfa068ddb0 100644 --- a/documentation/docs/components/outputs/command-outputs/node-api-check-query-help.md +++ b/documentation/docs/components/outputs/command-outputs/node-api-check-query-help.md @@ -11,7 +11,7 @@ options: --no_routing_history Display node stats without routing history --no_verloc_metrics Display node stats without verloc metrics -m, --markdown Display results in markdown format - -o, --output [OUTPUT] + -o [OUTPUT], --output [OUTPUT] Save results to file (in current dir or supply with path without filename) ``` diff --git a/documentation/docs/components/outputs/command-outputs/nym-node-cli-install-help.md b/documentation/docs/components/outputs/command-outputs/nym-node-cli-install-help.md index ddc7c867b3..70baf6f736 100644 --- a/documentation/docs/components/outputs/command-outputs/nym-node-cli-install-help.md +++ b/documentation/docs/components/outputs/command-outputs/nym-node-cli-install-help.md @@ -12,7 +12,8 @@ usage: nym-node-cli install [-h] [-V] [-d BRANCH] [-v] options: -h, --help show this help message and exit -V, --version show program's version number and exit - -d, --dev BRANCH Define github branch (default: develop) + -d BRANCH, --dev BRANCH + Define github branch (default: develop) -v, --verbose Show full error tracebacks --mode {mixnode,entry-gateway,exit-gateway} Node mode: 'mixnode', 'entry-gateway', or 'exit- diff --git a/documentation/docs/package.json b/documentation/docs/package.json index 40a77f6600..8d2a07a1ac 100644 --- a/documentation/docs/package.json +++ b/documentation/docs/package.json @@ -38,7 +38,7 @@ "@nextui-org/accordion": "^2.0.40", "@nextui-org/react": "^2.4.8", "@nymproject/contract-clients": ">=1.2.4-rc.2 || ^1", - "@nymproject/mix-fetch-full-fat": "^1.4.2", + "@nymproject/mix-fetch-full-fat": "^1.4.3", "@nymproject/sdk-full-fat": ">=1.5.1-rc.0 || ^1.4.1", "@redocly/cli": "^1.25.15", "@types/mdx": "^2.0.13", diff --git a/documentation/docs/pages/_app.tsx b/documentation/docs/pages/_app.tsx index f76d9a47ef..15e08f8a0a 100644 --- a/documentation/docs/pages/_app.tsx +++ b/documentation/docs/pages/_app.tsx @@ -1,4 +1,4 @@ -import React, { useMemo } from 'react'; +import React, { useMemo, useEffect } from 'react'; import type { AppProps } from 'next/app'; import './styles.css'; import { ThemeProvider, createTheme } from '@mui/material/styles'; @@ -20,6 +20,17 @@ const MyApp: React.FC = ({ Component, pageProps }) => { }), [], ); + useEffect(() => { + const handler = (e: MouseEvent) => { + const img = e.target as HTMLElement; + if (img.tagName === 'IMG' && img.closest('.nextra-content')) { + img.classList.toggle('img-expanded'); + } + }; + document.addEventListener('click', handler); + return () => document.removeEventListener('click', handler); + }, []); + const AnyComponent = Component as any; return ( diff --git a/documentation/docs/pages/developers/browsers.mdx b/documentation/docs/pages/developers/browsers.mdx index b1b07f4edc..b8453ed32d 100644 --- a/documentation/docs/pages/developers/browsers.mdx +++ b/documentation/docs/pages/developers/browsers.mdx @@ -19,11 +19,16 @@ Internally it uses the WASM client. - [docs](./typescript/start#mixfetch) - [example](./typescript/playground/mixfetch) - + ### Current Limitations of `mixFetch` - It cannot currently handle concurrent requests, and comes with a pre-bundled CA store. `mixFetchv2` - which will act more like a general-purpose userspace IP stack - is currently in development. + `mixFetch` can currently only perform 10 concurrent requests (i.e. in-flight requests where a request has been sent to a remote endpoint, but no result has been recieved). + + `mixFetchv2` - which will act more like a general-purpose userspace IP stack - is currently in development. + + It is shipped with a pre-bundled CA store. + diff --git a/documentation/docs/pages/network/architecture.mdx b/documentation/docs/pages/network/architecture.mdx index 19560c0bb2..a3b8086b9b 100644 --- a/documentation/docs/pages/network/architecture.mdx +++ b/documentation/docs/pages/network/architecture.mdx @@ -3,6 +3,4 @@ Core components: * A **Mixnet**, which mixes Sphinx packet traffic so that it cannot be determined who is communicating with whom. Our mixnet is based on a modified version of the [**Loopix** design](concepts/loopix). This is made up of [Nym nodes](architecture/mixnet#nodes) runnning on servers around the world maintained by a decentralised group of Operators. * Various [**Nym clients**](architecture/mixnet#nym-clients) which manage sending and receiving Sphinx packets, encrypting/decrypting traffic, and providing [cover traffic](./concepts/cover-traffic) to hide 'real' traffic timing. -* A CosmWasm-enabled blockchain called [**Nyx**](architecture/nyx), the home of the various smart contracts used by the mixnet. A subset of Nyx Validators run [NymAPI](./architecture/nyx#nymapi) instances, taking part in also producing and verifying [zk-nym credentials](cryptography/zk-nym). - -![arch_overview](/images/network/arch/overall-arch.png) +* A CosmWasm-enabled blockchain called [**Nyx**](architecture/nyx), the home of the various smart contracts used by the mixnet. A subset of Nyx Validators run [NymAPI](./architecture/nyx#nymapi) instances, taking part in also producing and verifying [zk-nym credentials](cryptography/zk-nym). \ No newline at end of file diff --git a/documentation/docs/pages/operators/changelog.mdx b/documentation/docs/pages/operators/changelog.mdx index c4b8e9d37d..835784ca34 100644 --- a/documentation/docs/pages/operators/changelog.mdx +++ b/documentation/docs/pages/operators/changelog.mdx @@ -57,6 +57,106 @@ This page displays a full list of all the changes during our release cycle from +## `v2026.6-stilton` + +- [Release Binaries](https://github.com/nymtech/nym/releases/tag/nym-binaries-v2026.6-stilton) +- [`nym-node`](nodes/nym-node.mdx) version `1.28.0` + +```sh +nym-node +Binary Name: nym-node +Build Timestamp: 2026-03-25T13:41:43.299729408Z +Build Version: 1.28.0 +Commit SHA: 034346917901bd373dee0ca170b26a9359dbd26d +Commit Date: 2026-03-25T07:47:04.000000000+01:00 +Commit Branch: HEAD +rustc Version: 1.91.1 +rustc Channel: stable +cargo Profile: release +``` + +### Operators Updates & Tools + +New release is here and with it a completely new theme of the docs! + + +**This release introduces implementation of Lewes Protocol (LP). Only nodes upgraded to this version will be able to complete handshake using LP.** + +**Please upgrade soon and follow the section below to ensure smooth functionality of your `nym-node`.** + + +1. **[Network Tunnel Manager (NTM)](#network-tunnel-manager-ntm-updates) is now the single port manager for WireGuard routing and Gateway Nym nodes.** + +2. Lewes protocol ports (`41264/tcp` and `51264/udp`) as well as all the essential ports for mixnet operation (before `ufw`) are now included in NTM +- Follow [these steps](#network-tunnel-manager-ntm-updates) to implement changes if you run any Gateway type of Nym node +- For operators running mixnode mode, make sure to open all ports via `ufw` as [documented here](/operators/nodes/preliminary-steps/vps-setup#3-configure-your-firewall), do *not* use NTM as you nodes do *not* need all exress ports (exit policy) opened + + +#### Network Tunnel Manager (NTM) Updates + + +Nym team is testing an unreleased version of [Gateway Probe](/operators/performance-and-testing/gateway-probe). This new version checks whether the ports opened align with the governance decision about exit policy. If they don't, the nodes will be taken out of Service grant program and [Delegation program](https://nym.com/network/DP). + + +NTM is now changed to be a standalone port manager for servers hosting Nym nodes running in a Gateway mode (with or without WireGuard). Operators of these nodes no longer need to manage mixnet fundamental ports by `ufw` separately, as the NTM will take care of it as well as adjusting the ports according to Nym exit policy. + +**Follow these steps to update the ports setting of your server using NTM.** + + +###### 1. Download the new NTM +- Download the latest NTM and make it executable: +```sh +curl -L https://raw.githubusercontent.com/nymtech/nym/refs/heads/develop/scripts/nym-node-setup/network-tunnel-manager.sh -o ./network-tunnel-manager.sh && \ +chmod +x network-tunnel-manager.sh +``` + +###### 2. Update the exit policy + +- Run NTM to become main port manager (including Nym services), run: +```sh +./network-tunnel-manager.sh complete_networking_configuration +``` + +###### 3. Disable `ufw` + +Right now your NTM is handling the port management. You can disable `ufw`. + +- We suggest to not uninstall it, just make it innactive for the time being: + +```sh +ufw disable +``` + +###### 4. Re-run NTM + +- NTM is fully omnipotent, re-rerun it again now with `ufw` disabled to ensure clean state: +```sh +./network-tunnel-manager.sh complete_networking_configuration +``` + + +Congratulation, your port configuration is up to date, including LP ports. + +### Features + +- [Add LP to NS UI](https://github.com/nymtech/nym/pull/6562): Operators can now monitor LP registration status directly from the UI. The gateway list shows post-quantum registration status via emojis (success/failure), and the dashboard view adds LP count columns for success, failure, and untested, making monitoring faster and easier. + +- [Introduce /v3/unstable/nym-nodes/semi-skimmed](https://github.com/nymtech/nym/pull/6499): New API endpoint aggregates LP information for nodes, allowing them to discover each other's LP capabilities and establish shared post-quantum connections efficiently. + +- [Additional ticket for agent](https://github.com/nymtech/nym/pull/6551): Adds an extra ticket so the agent/probe can perform LP tests automatically without additional configuration. + +### Bugfix + +- [LP fixes](https://github.com/nymtech/nym/pull/6601): Improvements for LP registration results and preshared key handling to ensure accurate LP status reporting. + +- [Allow deserialisation of LP data from either snake_case or lowercase](https://github.com/nymtech/nym/pull/6586): Fixes LP data deserialization issues, making LP information robust across different formats. + + +### Refactors & Maintenance + +- [LP improvements](https://github.com/nymtech/nym/pull/6526): Refactors LP handling code and scaffolds internode handshake processing to simplify future maintenance and reduce potential bugs. + + ## `v2026.5-raclette` - [Release Binaries](https://github.com/nymtech/nym/releases/tag/nym-binaries-v2026.5-raclette) diff --git a/documentation/docs/pages/operators/nodes/nym-node/setup.mdx b/documentation/docs/pages/operators/nodes/nym-node/setup.mdx index 8e9e30eff7..6394620273 100644 --- a/documentation/docs/pages/operators/nodes/nym-node/setup.mdx +++ b/documentation/docs/pages/operators/nodes/nym-node/setup.mdx @@ -19,11 +19,12 @@ This documentation page provides a guide on how to set up and run a [NYM NODE](. ## Current version ```sh +nym-node Binary Name: nym-node -Build Timestamp: 2026-03-10T10:14:03.446553605Z -Build Version: 1.27.0 -Commit SHA: 7cccf3cfff448f1b38324f7655930a2b621588c6 -Commit Date: 2026-03-10T10:46:12.000000000+01:00 +Build Timestamp: 2026-03-25T13:41:43.299729408Z +Build Version: 1.28.0 +Commit SHA: 034346917901bd373dee0ca170b26a9359dbd26d +Commit Date: 2026-03-25T07:47:04.000000000+01:00 Commit Branch: HEAD rustc Version: 1.91.1 rustc Channel: stable diff --git a/documentation/docs/pages/operators/nodes/preliminary-steps/vps-setup.mdx b/documentation/docs/pages/operators/nodes/preliminary-steps/vps-setup.mdx index da46321ee3..42a88f9cf4 100644 --- a/documentation/docs/pages/operators/nodes/preliminary-steps/vps-setup.mdx +++ b/documentation/docs/pages/operators/nodes/preliminary-steps/vps-setup.mdx @@ -2,7 +2,7 @@ import { Callout } from 'nextra/components'; import { VarInfo } from 'components/variable-info.tsx'; import { Steps } from 'nextra/components';import { Tabs } from 'nextra/components'; import { MyTab } from 'components/generic-tabs.tsx'; -import PortsNymNode from 'components/operators/snippets/ports-nym-node.mdx'; +import TabsPortsNymNode from 'components/operators/snippets/tabs-ports-nym-node.mdx'; import PortsValidator from 'components/operators/snippets/ports-validator.mdx'; import NymNodeSpecs from 'components/operators/snippets/nym-node-specs.mdx'; import NTPSync from 'components/operators/snippets/ntp-time-sync.mdx' @@ -54,44 +54,20 @@ apt install ufw --fix-missing -###### 3. Configure your firewall using Uncomplicated Firewall (UFW) +###### 3. Configure your firewall -For a `nym-node` or Nyx validator to recieve traffic, you need to open ports on the server. The following commands will allow you to set up a firewall using `ufw`. - -- Check if you have `ufw` installed: -```sh -ufw version -``` -- If it's not installed, install with: -```sh -apt install ufw -y -``` -- Enable ufw -```sh -ufw enable -``` -- Check the status of the firewall -```sh -ufw status -``` - -###### 4. Open all needed ports to have your firewall for `nym-node` working correctly +For a `nym-node` or Nyx validator to recieve traffic, you need to open ports on the server.
nym-node, validator, ]} defaultIndex="0"> - +
-- Re-check the status of the firewall: -```sh -ufw status -``` -
For more information about your node's port configuration, check the [port reference table](#ports-reference-table) below. diff --git a/documentation/docs/pages/styles.css b/documentation/docs/pages/styles.css index 0e5c829a30..35664541ac 100644 --- a/documentation/docs/pages/styles.css +++ b/documentation/docs/pages/styles.css @@ -1,21 +1,67 @@ -/* nym.com-aligned colour tokens */ -:root { - --colorPrimary: #85E89D; - --textPrimary: #FFFFFF; - --bg-dark: #1E2426; - --border-dark: #2E3538; +/* nym docs – angular, clean styling (oxide-inspired) */ + +@font-face { + font-family: 'JetBrains Mono'; + src: url('/docs/fonts/JetBrainsMono-Regular.woff2') format('woff2'); + font-weight: 400; + font-style: normal; + font-display: swap; } -/* dark mode background override */ +@font-face { + font-family: 'JetBrains Mono'; + src: url('/docs/fonts/JetBrainsMono-Medium.woff2') format('woff2'); + font-weight: 500; + font-style: normal; + font-display: swap; +} + +@font-face { + font-family: 'JetBrains Mono'; + src: url('/docs/fonts/JetBrainsMono-SemiBold.woff2') format('woff2'); + font-weight: 600; + font-style: normal; + font-display: swap; +} + +@font-face { + font-family: 'JetBrains Mono'; + src: url('/docs/fonts/JetBrainsMono-Bold.woff2') format('woff2'); + font-weight: 700; + font-style: normal; + font-display: swap; +} + +:root { + --colorPrimary: #85E89D; + --textPrimary: #E0E0E0; + --textMuted: #8B9295; + --bg-dark: #181C1E; + --bg-code: #1C2022; + --border-dark: #2A2F32; + --border: #2A2F32; + --font-mono: 'JetBrains Mono', 'SFMono-Regular', 'Consolas', 'Liberation Mono', 'Menlo', monospace; +} + +/* ── Global: kill all rounded corners ── */ + +*, +*::before, +*::after { + border-radius: 0 !important; +} + +/* ── Dark mode backgrounds ── */ + html.dark { background-color: var(--bg-dark); } html.dark body { background-color: var(--bg-dark); + color: var(--textPrimary); } -/* nextra main content area bg */ html.dark .nextra-nav-container, html.dark .nextra-sidebar-container, html.dark .nextra-content, @@ -24,28 +70,43 @@ html.dark .dark\:nx-bg-dark { background-color: var(--bg-dark) !important; } +/* ── Typography ── */ + +h1, h2, h3, h4, h5, h6 { + font-family: var(--font-mono); + letter-spacing: -0.02em; + font-weight: 600; +} + +html.dark h1 { + color: #FFFFFF; + font-weight: 700; +} + +html.dark h2 { + color: #F0F0F0; + padding-bottom: 0.3em; + border-bottom: 1px solid var(--border-dark); +} + +html.dark p, html.dark li { + color: var(--textPrimary); + line-height: 1.7; +} + +/* ── Layout ── */ + footer { text-align: center; } .nextra-code-block > pre { - /* max-height: 350px !important; */ max-height: none !important; scroll-y: auto !important; } -/* set width entire div */ .nx-mx-auto.nx-flex.nx-max-w-\[90rem\] { max-width: 110rem; - left-padding: 1%; -} - -.nextra-toc { - width: 10px !important; - padding-right: 0px; - padding-left: 0px; - /* text-align: right; */ - border-left: 1px solid var(--border-dark); } .nextra-content { @@ -56,23 +117,26 @@ footer { margin: 0 !important; } -:is(html[class~="dark"] .dark\:nx-bg-primary-300\/10) { - background-color: hsl(var(black) 100% 77%/0.1) !important; +/* ── Nav bar ── */ + +html.dark .nextra-nav-container { + border-bottom: 1px solid var(--border-dark) !important; } -/* Sidebar active item */ -:is(html .dark\:nx-bg-primary-400\/10) { - background: transparent !important; - border-left: 2px solid #85E89D; - color: #FFFFFF !important; +html.dark .nextra-nav-container nav a, +html.dark .nextra-nav-container nav button, +html.dark .nextra-nav-container nav ul a { + font-family: var(--font-mono); + font-size: 0.85rem; } -:is(html:not(.dark) .dark\:nx-bg-primary-400\/10) { - background: transparent !important; - border-left: 2px solid #4A9E5C; - color: #242B2D !important; +html.dark .nextra-nav-container nav a:hover, +html.dark .nextra-nav-container nav ul a:hover { + color: var(--colorPrimary) !important; } +/* ── Sidebar ── */ + .nextra-sidebar-container { border-right: 1px solid var(--border-dark); width: 300px !important; @@ -82,21 +146,171 @@ footer { column-width: 500px; } -/* Links*/ +/* Sidebar font */ +html.dark .nextra-sidebar-container { + font-family: var(--font-mono); + font-size: 0.82rem; +} + +/* Sidebar text: muted by default */ +html.dark .nextra-sidebar-container a { + color: var(--textMuted) !important; +} + +html.dark .nextra-sidebar-container a:hover { + color: var(--textPrimary) !important; +} + +/* Sidebar separator labels (not active items) */ +html.dark .nextra-sidebar-container li.nx-mt-5 .nx-font-semibold { + color: var(--textMuted) !important; + font-size: 0.7rem; + letter-spacing: 0.05em; +} + +/* Active sidebar item: left-border accent + subtle tint */ +:is(html .dark\:nx-bg-primary-400\/10) { + background: rgba(133, 232, 157, 0.06) !important; + border-left: 2px solid var(--colorPrimary); + color: #FFFFFF !important; +} + +html.dark .nextra-sidebar-container :is(.dark\:nx-bg-primary-400\/10) a { + color: #FFFFFF !important; +} + +:is(html:not(.dark) .dark\:nx-bg-primary-400\/10) { + background: rgba(74, 158, 92, 0.08) !important; + border-left: 2px solid #4A9E5C; + color: #242B2D !important; +} + +:is(html[class~="dark"] .dark\:nx-bg-primary-300\/10) { + background-color: transparent !important; +} + +/* ── TOC (hidden — subsections live in sidebar) ── */ + +.nextra-toc { + display: none !important; +} + +/* ── Code blocks ── */ + +html.dark .nextra-code-block > pre { + background-color: var(--bg-code) !important; + border: 1px solid var(--border-dark); +} + +/* Language tag in code blocks */ +html.dark .nextra-code-block [class*="nx-absolute"] { + color: var(--textMuted); + font-size: 0.7rem; + text-transform: uppercase; + letter-spacing: 0.05em; +} + +/* Inline code: subtle background, no border */ +html.dark code:not(pre code) { + background-color: rgba(255, 255, 255, 0.06) !important; + border: none !important; + padding: 0.15em 0.4em; + font-size: 0.88em; + color: var(--textPrimary); +} + +/* ── Callouts: left-border accent ── */ + +html.dark .nextra-callout { + border: none; + border-left: 3px solid; + background: rgba(255, 255, 255, 0.02); +} + +/* ── Tables: monospace uppercase headers ── */ + +html.dark table { + border-collapse: collapse; + width: 100%; +} + +html.dark th { + border-bottom: 1px solid var(--border-dark); + text-align: left; + font-weight: 600; + font-family: var(--font-mono); + font-size: 0.75rem; + text-transform: uppercase; + letter-spacing: 0.08em; + color: var(--textMuted); + padding: 0.6em 1em; +} + +html.dark td { + border-bottom: 1px solid var(--border-dark); + padding: 0.6em 1em; + color: var(--textPrimary); +} + +html.dark tr:hover td { + background-color: rgba(255, 255, 255, 0.02); +} + +/* ── Search box ── */ + +html.dark .nextra-search input { + border: 1px solid var(--border-dark); + background-color: var(--bg-dark) !important; + color: var(--textMuted); + font-family: var(--font-mono); + font-size: 0.8rem; +} + +html.dark .nextra-search input::placeholder { + text-transform: uppercase; + letter-spacing: 0.08em; + font-size: 0.72rem; +} + +/* ── Links ── */ + .nx-text-primary-600.nx-underline.nx-decoration-from-font { color: var(--colorPrimary) !important; } -.MuiTypography-root.MuiTypography-inherit.MuiLink-root.MuiLink-underlineAlways.css-1xr3c94-MuiTypography-root-MuiLink-root { +.nx-text-primary-600 { + color: var(--colorPrimary) !important; +} + +.nextra-scrollbar.nx-sticky { + color: var(--colorPrimary) !important; +} + +/* ── Breadcrumbs / navigation links ── */ + +html.dark .nextra-breadcrumb { + color: var(--textMuted); +} + +/* Prev/next page links */ +html.dark a.nx-flex.nx-items-center { + border-color: var(--border-dark) !important; +} + +html.dark a.nx-flex.nx-items-center:hover { + border-color: var(--colorPrimary) !important; +} + +/* ── Material UI overrides ── */ + +.MuiTypography-root.MuiTypography-inherit.MuiLink-root.MuiLink-underlineAlways { color: var(--colorPrimary) !important; } -/* Chips*/ .chipContained { background-color: var(--colorPrimary) !important; } -/* Buttons */ .MuiButton-root { color: var(--colorPrimary) !important; border-color: var(--colorPrimary) !important; @@ -111,11 +325,7 @@ footer { color: var(--colorPrimary) !important; } -.nextra-scrollbar.nx-sticky { - color: var(--colorPrimary) !important; -} - -.nx-text-primary-600 { +a.MuiLink-root { color: var(--colorPrimary) !important; } @@ -127,10 +337,203 @@ input:focus-visible { border-color: var(--colorPrimary) !important; } -a.MuiLink-root { - color: var(--colorPrimary) !important; +.MuiPaper-root.MuiAccordion-root { + border-radius: 0; } -.MuiPaper-root.MuiAccordion-root { - border-radius: 8px; +/* ── Landing page ── */ + +.landing-heading { + color: #FFFFFF; +} + +.landing-card:hover { + background-color: rgba(255, 255, 255, 0.03) !important; +} + +/* ── Invert diagrams in dark mode ── */ + +html.dark .nextra-content img:not([src*="landing"]) { + filter: invert(1) hue-rotate(180deg) brightness(0.92) contrast(1.1); + mix-blend-mode: lighten; + cursor: zoom-in; +} + +/* Expanded image overlay */ +.nextra-content img.img-expanded { + position: fixed !important; + top: 0; + left: 0; + width: 100vw !important; + height: 100vh !important; + max-width: none !important; + object-fit: contain; + background: rgba(0, 0, 0, 0.9); + z-index: 9999; + cursor: zoom-out; + padding: 2rem; + mix-blend-mode: normal; + filter: none; +} + +html.dark .nextra-content img.img-expanded { + filter: invert(1) hue-rotate(180deg) brightness(0.92) contrast(1.1); + mix-blend-mode: normal; +} + +/* ── Light mode ── */ + +html:not(.dark) { + --colorPrimary: #1a7a32; + --colorPrimary-light: #1a7a32; + --bg-light: #F5F5F5; + --border-light: #E0E0E0; + --border: #E0E0E0; + --textMuted: #6B7280; + --textMuted-light: #6B7280; +} + +html:not(.dark) body { + background-color: var(--bg-light); +} + +html:not(.dark) .nextra-nav-container, +html:not(.dark) .nextra-sidebar-container, +html:not(.dark) .nextra-content, +html:not(.dark) .nx-bg-white { + background-color: var(--bg-light) !important; +} + +/* Light mode links: darker green */ +html:not(.dark) .nx-text-primary-600 { + color: var(--colorPrimary-light) !important; +} + +html:not(.dark) .nx-text-primary-600.nx-underline.nx-decoration-from-font { + color: var(--colorPrimary-light) !important; +} + +/* Light mode sidebar */ +html:not(.dark) .nextra-sidebar-container { + font-family: var(--font-mono); + font-size: 0.82rem; + border-right: 1px solid var(--border-light); +} + +html:not(.dark) .nextra-sidebar-container a { + color: var(--textMuted-light) !important; +} + +html:not(.dark) .nextra-sidebar-container a:hover { + color: #111 !important; +} + +/* Light mode nav */ +html:not(.dark) .nextra-nav-container { + border-bottom: 1px solid var(--border-light) !important; +} + +html:not(.dark) .nextra-nav-container nav a, +html:not(.dark) .nextra-nav-container nav button, +html:not(.dark) .nextra-nav-container nav ul a { + font-family: var(--font-mono); + font-size: 0.85rem; +} + +html:not(.dark) .nextra-nav-container nav a:hover, +html:not(.dark) .nextra-nav-container nav ul a:hover { + color: var(--colorPrimary-light) !important; +} + +/* Light mode code */ +html:not(.dark) code:not(pre code) { + background-color: rgba(0, 0, 0, 0.05) !important; + border: none !important; + padding: 0.15em 0.4em; + font-size: 0.88em; +} + +/* Light mode callouts */ +html:not(.dark) .nextra-callout { + border: none; + border-left: 3px solid; + background: rgba(0, 0, 0, 0.02); +} + +/* Light mode tables */ +html:not(.dark) th { + font-family: var(--font-mono); + font-size: 0.75rem; + text-transform: uppercase; + letter-spacing: 0.08em; + color: var(--textMuted-light); +} + +/* Light mode search */ +html:not(.dark) .nextra-search input { + font-family: var(--font-mono); + font-size: 0.8rem; + border: 1px solid var(--border-light); + background-color: #FFFFFF !important; +} + +html:not(.dark) .nextra-search input::placeholder { + text-transform: uppercase; + letter-spacing: 0.08em; + font-size: 0.72rem; +} + +/* Light mode h2 border */ +html:not(.dark) h2 { + padding-bottom: 0.3em; + border-bottom: 1px solid var(--border-light); +} + +/* Light mode landing page */ +html:not(.dark) .landing-heading { + color: #1a1a1a !important; +} + +html:not(.dark) .landing-card:hover { + background-color: rgba(0, 0, 0, 0.02) !important; +} + +html:not(.dark) .landing-card { + border-color: var(--border-light) !important; +} + +/* ── Landing page mobile responsiveness ── */ + +@media (max-width: 640px) { + .landing-grid { + grid-template-columns: 1fr !important; + overflow: hidden; + } + + /* In single-column mode every card gets a bottom border except the last */ + .landing-grid .landing-card { + border-right: none !important; + border-bottom: 1px solid var(--border) !important; + overflow: hidden; + } + + .landing-grid > a:last-child .landing-card { + border-bottom: none !important; + } + + /* Contain pre animations so they don't blow out the viewport */ + .landing-grid pre, + .landing-sdk-grid pre { + font-size: 0.6rem !important; + overflow: hidden !important; + } + + .landing-sdk-grid { + grid-template-columns: 1fr !important; + } + + .landing-sdk-grid > div:first-child { + padding-right: 0 !important; + margin-bottom: 1.5rem; + } } diff --git a/documentation/docs/pnpm-lock.yaml b/documentation/docs/pnpm-lock.yaml index bac8e0871d..39200508fb 100644 --- a/documentation/docs/pnpm-lock.yaml +++ b/documentation/docs/pnpm-lock.yaml @@ -78,8 +78,8 @@ importers: specifier: '>=1.2.4-rc.2 || ^1' version: 1.4.1 '@nymproject/mix-fetch-full-fat': - specifier: ^1.4.2 - version: 1.4.2 + specifier: ^1.4.3 + version: 1.4.3 '@nymproject/sdk-full-fat': specifier: '>=1.5.1-rc.0 || ^1.4.1' version: 1.4.1 @@ -104,9 +104,6 @@ importers: next: specifier: 15.5.10 version: 15.5.10(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) - next-sitemap: - specifier: 4.2.3 - version: 4.2.3(next@15.5.10(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)) nextra: specifier: '2' version: 2.13.4(next@15.5.10(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) @@ -1778,8 +1775,8 @@ packages: '@nymproject/contract-clients@1.4.1': resolution: {integrity: sha512-HuJZ4Hv+Rl6ZZEtCHKgurNLJapM+QQRJlGkevFH2a4UdqUqF9omUkUi3AVes4679dPoSFgvA7plyVSDBdbgV6w==} - '@nymproject/mix-fetch-full-fat@1.4.2': - resolution: {integrity: sha512-QHPwa7A+c/2VUm4Imq2I21toFiZhbZxcjHud1sFsE9hN5BWxZ+QJKV2bg9oBUzulzoQabsk48RA13/hqU7c4KA==} + '@nymproject/mix-fetch-full-fat@1.4.3': + resolution: {integrity: sha512-r3WVZDDFv+eFWPxhkMDg2VvLWd3ws1OK6kFT6bEt6/qTpfA21vV2MouuuyVkBy8DEUKqyU4z/8MiVFxfpkWlsg==} '@nymproject/sdk-full-fat@1.4.1': resolution: {integrity: sha512-dh5bvMUj3m8nEssvO8Nl66WpcJAjwRZrGNwqfczJWLG4nX3Vt95tPLv4v0/Z1W3DQWQFW6WmEPPYHNjl18V/fA==} @@ -9536,7 +9533,7 @@ snapshots: '@nymproject/contract-clients@1.4.1': {} - '@nymproject/mix-fetch-full-fat@1.4.2': {} + '@nymproject/mix-fetch-full-fat@1.4.3': {} '@nymproject/sdk-full-fat@1.4.1': {} diff --git a/documentation/docs/public/fonts/JetBrainsMono-Bold.woff2 b/documentation/docs/public/fonts/JetBrainsMono-Bold.woff2 new file mode 100644 index 0000000000..4917f43410 Binary files /dev/null and b/documentation/docs/public/fonts/JetBrainsMono-Bold.woff2 differ diff --git a/documentation/docs/public/fonts/JetBrainsMono-LICENSE.txt b/documentation/docs/public/fonts/JetBrainsMono-LICENSE.txt new file mode 100644 index 0000000000..8bee4148c1 --- /dev/null +++ b/documentation/docs/public/fonts/JetBrainsMono-LICENSE.txt @@ -0,0 +1,93 @@ +Copyright 2020 The JetBrains Mono Project Authors (https://github.com/JetBrains/JetBrainsMono) + +This Font Software is licensed under the SIL Open Font License, Version 1.1. +This license is copied below, and is also available with a FAQ at: +https://scripts.sil.org/OFL + + +----------------------------------------------------------- +SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007 +----------------------------------------------------------- + +PREAMBLE +The goals of the Open Font License (OFL) are to stimulate worldwide +development of collaborative font projects, to support the font creation +efforts of academic and linguistic communities, and to provide a free and +open framework in which fonts may be shared and improved in partnership +with others. + +The OFL allows the licensed fonts to be used, studied, modified and +redistributed freely as long as they are not sold by themselves. The +fonts, including any derivative works, can be bundled, embedded, +redistributed and/or sold with any software provided that any reserved +names are not used by derivative works. The fonts and derivatives, +however, cannot be released under any other type of license. The +requirement for fonts to remain under this license does not apply +to any document created using the fonts or their derivatives. + +DEFINITIONS +"Font Software" refers to the set of files released by the Copyright +Holder(s) under this license and clearly marked as such. This may +include source files, build scripts and documentation. + +"Reserved Font Name" refers to any names specified as such after the +copyright statement(s). + +"Original Version" refers to the collection of Font Software components as +distributed by the Copyright Holder(s). + +"Modified Version" refers to any derivative made by adding to, deleting, +or substituting -- in part or in whole -- any of the components of the +Original Version, by changing formats or by porting the Font Software to a +new environment. + +"Author" refers to any designer, engineer, programmer, technical +writer or other person who contributed to the Font Software. + +PERMISSION & CONDITIONS +Permission is hereby granted, free of charge, to any person obtaining +a copy of the Font Software, to use, study, copy, merge, embed, modify, +redistribute, and sell modified and unmodified copies of the Font +Software, subject to the following conditions: + +1) Neither the Font Software nor any of its individual components, +in Original or Modified Versions, may be sold by itself. + +2) Original or Modified Versions of the Font Software may be bundled, +redistributed and/or sold with any software, provided that each copy +contains the above copyright notice and this license. These can be +included either as stand-alone text files, human-readable headers or +in the appropriate machine-readable metadata fields within text or +binary files as long as those fields can be easily viewed by the user. + +3) No Modified Version of the Font Software may use the Reserved Font +Name(s) unless explicit written permission is granted by the corresponding +Copyright Holder. This restriction only applies to the primary font name as +presented to the users. + +4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font +Software shall not be used to promote, endorse or advertise any +Modified Version, except to acknowledge the contribution(s) of the +Copyright Holder(s) and the Author(s) or with their explicit written +permission. + +5) The Font Software, modified or unmodified, in part or in whole, +must be distributed entirely under this license, and must not be +distributed under any other license. The requirement for fonts to +remain under this license does not apply to any document created +using the Font Software. + +TERMINATION +This license becomes null and void if any of the above conditions are +not met. + +DISCLAIMER +THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL +DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM +OTHER DEALINGS IN THE FONT SOFTWARE. diff --git a/documentation/docs/public/fonts/JetBrainsMono-Medium.woff2 b/documentation/docs/public/fonts/JetBrainsMono-Medium.woff2 new file mode 100644 index 0000000000..669d04cdf2 Binary files /dev/null and b/documentation/docs/public/fonts/JetBrainsMono-Medium.woff2 differ diff --git a/documentation/docs/public/fonts/JetBrainsMono-Regular.woff2 b/documentation/docs/public/fonts/JetBrainsMono-Regular.woff2 new file mode 100644 index 0000000000..40da427651 Binary files /dev/null and b/documentation/docs/public/fonts/JetBrainsMono-Regular.woff2 differ diff --git a/documentation/docs/public/fonts/JetBrainsMono-SemiBold.woff2 b/documentation/docs/public/fonts/JetBrainsMono-SemiBold.woff2 new file mode 100644 index 0000000000..5ead7b0d6f Binary files /dev/null and b/documentation/docs/public/fonts/JetBrainsMono-SemiBold.woff2 differ diff --git a/documentation/docs/theme.config.tsx b/documentation/docs/theme.config.tsx index 8906294882..c223e68178 100644 --- a/documentation/docs/theme.config.tsx +++ b/documentation/docs/theme.config.tsx @@ -139,7 +139,7 @@ const config: DocsThemeConfig = { ); }, - logo: Nym Docs, + logo: Nym Docs, project: { link: "https://github.com/nymtech/nym", }, diff --git a/lychee.toml b/lychee.toml index 42ea21812d..7dff1a851a 100644 --- a/lychee.toml +++ b/lychee.toml @@ -9,7 +9,7 @@ fallback_extensions = ["mdx", "md"] # Remap /images to public/images for NextJS static assets # Lychee resolves /images to pages/images, but Next.js serves from public/images -remap = ["pages/images public/images"] +remap = ["pages/images public/images", "pages/docs/fonts public/fonts"] # Exclude component snippets (TODO: verify which are still in use) exclude_path = ["components/"] diff --git a/nym-api/Cargo.toml b/nym-api/Cargo.toml index 47b992d409..8ce67d316a 100644 --- a/nym-api/Cargo.toml +++ b/nym-api/Cargo.toml @@ -4,7 +4,7 @@ [package] name = "nym-api" license = "GPL-3.0" -version = "1.1.76" +version = "1.1.77" authors.workspace = true edition = "2021" rust-version.workspace = true diff --git a/nym-gateway-probe/src/common/helpers.rs b/nym-gateway-probe/src/common/helpers.rs index 7f90fca60a..5dc330e9cc 100644 --- a/nym-gateway-probe/src/common/helpers.rs +++ b/nym-gateway-probe/src/common/helpers.rs @@ -76,9 +76,9 @@ pub async fn fetch_topology( }) .unwrap_or_default(); - if nym_api_urls.is_empty() { + let Some(nym_api_url) = nym_api_urls.first() else { return Err(String::from("No nym-api URLs available to fetch topology")); - } + }; let topology_config = NymApiTopologyProviderConfig { min_mixnode_performance: debug_config.topology.minimum_mixnode_performance, @@ -87,7 +87,7 @@ pub async fn fetch_topology( ignore_egress_epoch_role: debug_config.topology.ignore_egress_epoch_role, }; - let api_client = nym_http_api_client::Client::new_url(nym_api_urls[0].clone(), None) + let api_client = nym_http_api_client::Client::new_url(nym_api_url.clone(), None) .map_err(|e| e.to_string())?; let mut provider = NymApiTopologyProvider::new(topology_config, nym_api_urls, api_client); diff --git a/nym-gateway-probe/src/common/probe_tests.rs b/nym-gateway-probe/src/common/probe_tests.rs index a0ee3262d9..d37a1042d2 100644 --- a/nym-gateway-probe/src/common/probe_tests.rs +++ b/nym-gateway-probe/src/common/probe_tests.rs @@ -29,7 +29,7 @@ use nym_lp::peer::DHKeyPair; use nym_registration_client::LpRegistrationClient; use nym_sdk::NymNetworkDetails; use nym_sdk::mixnet::{MixnetClient, MixnetClientBuilder, NodeIdentity, Recipient, Socks5}; -use nym_topology::{HardcodedTopologyProvider, NymTopology}; +use nym_topology::HardcodedTopologyProvider; use rand09::SeedableRng; use std::{ net::{IpAddr, Ipv4Addr, Ipv6Addr}, @@ -442,9 +442,7 @@ pub(crate) async fn do_socks5_connectivity_test( nr_recipient: &Recipient, entry_gateway_id: NodeIdentity, network_details: NymNetworkDetails, - min_gw_performance: Option, socks5_args: Socks5Args, - maybe_topology: Option, ) -> anyhow::Result { info!( "Starting SOCKS5 test through Network Requester: {}", @@ -463,23 +461,31 @@ pub(crate) async fn do_socks5_connectivity_test( nr_recipient.identity().to_base58_string() ); + // since we define both entry & exit gateways to be the same tested GW, + // this shouldn't negatively affect mixnet layers but it will force route + // construction in case GW would get filtered out of topology + let min_gw_performance = Some(0); + // create ephemeral SOCKS5 client let socks5_config = Socks5::new(nr_recipient.to_string()); - // debug config similar to main probe let debug_config = mixnet_debug_config(min_gw_performance, true); - let mut socks5_client_builder = MixnetClientBuilder::new_ephemeral() + // don't reuse topology: our gateway might be filtered out in it + info!("Fetching topology for SOCKS5 client..."); + let topology_provider: Box = + match helpers::fetch_topology(&network_details, &debug_config).await { + Ok(topology) => Box::new(HardcodedTopologyProvider::new(topology)), + Err(e) => return Ok(Socks5ProbeResults::error_before_connecting(e)), + }; + + let socks5_client_builder = MixnetClientBuilder::new_ephemeral() // Specify entry gateway explicitly .request_gateway(entry_gateway_id.to_base58_string()) .socks5_config(socks5_config) .network_details(network_details) - .debug_config(debug_config); - - if let Some(topology) = maybe_topology { - socks5_client_builder = socks5_client_builder - .custom_topology_provider(Box::new(HardcodedTopologyProvider::new(topology))); - } + .debug_config(debug_config) + .custom_topology_provider(topology_provider); let disconnected_socks5_client = socks5_client_builder.build()?; @@ -489,9 +495,8 @@ pub(crate) async fn do_socks5_connectivity_test( .await { Ok(client) => { - info!("🌐 Successfully connected to mixnet via SOCKS5 proxy"); info!( - "Connected via entry gateway: {}", + "🌐 Successfully connected to mixnet via SOCKS5 on entry gateway: {}", client.nym_address().gateway().to_base58_string() ); client diff --git a/nym-gateway-probe/src/common/socks5_test/json_rpc_client.rs b/nym-gateway-probe/src/common/socks5_test/json_rpc_client.rs index e38269ed04..1ccd1cb653 100644 --- a/nym-gateway-probe/src/common/socks5_test/json_rpc_client.rs +++ b/nym-gateway-probe/src/common/socks5_test/json_rpc_client.rs @@ -1,4 +1,4 @@ -use anyhow::bail; +use anyhow::{Context, bail}; use rand::Rng; use reqwest::Proxy; use serde::{Deserialize, Serialize}; @@ -35,7 +35,7 @@ impl JsonRpcClient { } pub(super) async fn https_request_with_fallbacks(&self) -> SingleHttpsTestResult { - let mut error_msg = String::new(); + let mut error_msg = Vec::new(); // endpoints are used as fallbacks: in case of success, return early for endpoint in self.test_endpoints.iter() { @@ -65,11 +65,11 @@ impl JsonRpcClient { } Ok((_, JsonRpcResponse::Err { error, .. })) => { warn!("JSON-RPC error: {} (code: {})", error.message, error.code); - error_msg = format!("JSON-RPC error: {}", error.message); + error_msg.push(format!("JSON-RPC error: {}", error.message)); } Err(e) => { - error_msg = e.to_string(); - error!("{}", &error_msg); + error_msg.push(e.to_string()); + error!("{}", &e); } } } @@ -78,8 +78,8 @@ impl JsonRpcClient { success: false, status_code: None, latency_ms: None, - endpoint_used: self.test_endpoints.last().cloned(), - error: Some(error_msg), + endpoint_used: Some(self.test_endpoints.join(",")), + error: Some(error_msg.join(",")), } } @@ -98,20 +98,32 @@ impl JsonRpcClient { { Ok(response) => { let status = response.status(); + let response_text = response + .text() + .await + .context("Failed to extract response text") + .unwrap_or_else(|e| e.to_string()); if status.is_success() { // Deserialize body into JsonRpcResponse - response - .json::() - .await + serde_json::from_str::(&response_text) .map(|res| (status, res)) .map_err(From::from) } else { - bail!("HTTP error status: {}", status.as_u16()); + bail!( + "HTTP error: {}\n{}", + status.as_u16(), + // truncate for logs in case response is too long + response_text.chars().take(200).collect::() + ); } } Err(e) => { + let status = e + .status() + .map(|s| s.to_string()) + .unwrap_or_else(|| "no HTTP status".to_string()); error!("HTTPS request failed: {}", e); - bail!("HTTPS request failed: {}", e); + bail!("HTTPS request failed: {} ({})", e, status); } } } diff --git a/nym-gateway-probe/src/common/socks5_test/mod.rs b/nym-gateway-probe/src/common/socks5_test/mod.rs index 21a0cbbb2f..7aa094e5c6 100644 --- a/nym-gateway-probe/src/common/socks5_test/mod.rs +++ b/nym-gateway-probe/src/common/socks5_test/mod.rs @@ -106,17 +106,26 @@ impl HttpsConnectivityResult { fn from_results(results: Vec) -> Self { let (successes, errors): (Vec, Vec) = results.into_iter().partition(|r| r.success); + let last_error_endpoint = errors + .iter() + .last() + .as_ref() + .and_then(|test| test.endpoint_used.clone()); let errors = errors .into_iter() .map(|r| r.error) - .collect::>>() - // partition above guarantees this vec is non-empty - .unwrap_or_default(); + .collect::>>(); - // use the last successful result for status_code and endpoint - // this works as an empty check as well: if there is no last success, array must be empty hence only errors are present + // this works as an empty check as well: if there is no last success, + // array must be empty hence only errors are present let Some(last_success) = successes.last() else { - return Self::with_errors(errors); + return Self { + https_success: false, + https_status_code: None, + https_latency_ms: None, + endpoint_used: last_error_endpoint, + errors, + }; }; // average latency from successful runs @@ -136,11 +145,7 @@ impl HttpsConnectivityResult { https_latency_ms: Some(avg_latency), endpoint_used: last_success.endpoint_used.clone(), // even in case of success, some errors were possible - errors: if errors.is_empty() { - None - } else { - Some(errors) - }, + errors, } } diff --git a/nym-gateway-probe/src/lib.rs b/nym-gateway-probe/src/lib.rs index 0ac823cf4b..68bb3edd85 100644 --- a/nym-gateway-probe/src/lib.rs +++ b/nym-gateway-probe/src/lib.rs @@ -198,6 +198,7 @@ impl Probe { } let disconnected_mixnet_client = mixnet_client_builder.build()?; + disconnected_mixnet_client.setup_client_keys().await?; // Acquire credential if needed credential @@ -406,9 +407,7 @@ impl Probe { &network_requester, self.entry_node.identity, self.network.clone(), - self.config.min_gateway_mixnet_performance, self.config.socks5_args, - self.topology, ) .await { diff --git a/nym-ip-packet-client/src/connect.rs b/nym-ip-packet-client/src/connect.rs index bf679f67cf..0448c0cf40 100644 --- a/nym-ip-packet-client/src/connect.rs +++ b/nym-ip-packet-client/src/connect.rs @@ -11,14 +11,10 @@ use tokio::time::sleep; use tokio_util::sync::CancellationToken; use tracing::{debug, error}; +use nym_ip_packet_requests::response_helpers::{self, IprResponseError}; + use crate::{ - current::{ - request::IpPacketRequest, - response::{ - ConnectResponse, ConnectResponseReply, ControlResponse, IpPacketResponse, - IpPacketResponseData, - }, - }, + current::{request::IpPacketRequest, response::IpPacketResponse}, error::{Error, Result}, helpers::check_ipr_message_version, }; @@ -101,32 +97,6 @@ impl IprClientConnect { Ok(request_id) } - async fn handle_connect_response(&self, response: ConnectResponse) -> Result { - debug!("Handling dynamic connect response"); - match response.reply { - ConnectResponseReply::Success(r) => Ok(r.ips), - ConnectResponseReply::Failure(reason) => Err(Error::ConnectRequestDenied { reason }), - } - } - - async fn handle_ip_packet_router_response(&self, response: IpPacketResponse) -> Result { - let control_response = match response.data { - IpPacketResponseData::Control(control_response) => control_response, - _ => { - error!("Received non-control response while waiting for connect response"); - return Err(Error::UnexpectedConnectResponse); - } - }; - - match *control_response { - ControlResponse::Connect(resp) => self.handle_connect_response(resp).await, - response => { - error!("Unexpected response: {response:?}"); - Err(Error::UnexpectedConnectResponse) - } - } - } - async fn listen_for_connect_response(&mut self, request_id: u64) -> Result { // Connecting is basically synchronous from the perspective of the mixnet client, so it's safe // to just grab ahold of the mutex and keep it until we get the response. @@ -173,7 +143,14 @@ impl IprClientConnect { if response.id() == Some(request_id) { tracing::debug!("Got response with matching id"); - return self.handle_ip_packet_router_response(response).await; + // Replaces local handle_ip_packet_router_response() + handle_connect_response() + return response_helpers::parse_connect_response(response) + .map_err(|e| match e { + IprResponseError::ConnectDenied(reason) => { + Error::ConnectRequestDenied { reason } + } + _ => Error::UnexpectedConnectResponse, + }); } } } diff --git a/nym-ip-packet-client/src/helpers.rs b/nym-ip-packet-client/src/helpers.rs index 8198a8a7b7..1b31870ff8 100644 --- a/nym-ip-packet-client/src/helpers.rs +++ b/nym-ip-packet-client/src/helpers.rs @@ -1,30 +1,24 @@ // Copyright 2023-2024 - Nym Technologies SA // SPDX-License-Identifier: GPL-3.0-only -use std::cmp::Ordering; - +use nym_ip_packet_requests::response_helpers::IprResponseError; use nym_sdk::mixnet::ReconstructedMessage; -use crate::{Error, current::VERSION as CURRENT_VERSION, error::Result}; +use crate::{current::VERSION as CURRENT_VERSION, error::Result}; pub(crate) fn check_ipr_message_version(message: &ReconstructedMessage) -> Result<()> { - // Assuming it's a IPR message, it will have a version as its first byte - if let Some(version) = message.message.first() { - match version.cmp(&CURRENT_VERSION) { - Ordering::Greater => Err(Error::ReceivedResponseWithNewVersion { - expected: CURRENT_VERSION, - received: *version, - }), - Ordering::Less => Err(Error::ReceivedResponseWithOldVersion { - expected: CURRENT_VERSION, - received: *version, - }), - Ordering::Equal => { - // We're good - Ok(()) - } + nym_ip_packet_requests::response_helpers::check_ipr_message_version( + &message.message, + CURRENT_VERSION, + ) + .map_err(|e| match e { + IprResponseError::NoVersionByte => crate::Error::NoVersionInMessage, + IprResponseError::VersionMismatch { expected, received } if received < expected => { + crate::Error::ReceivedResponseWithOldVersion { expected, received } } - } else { - Err(Error::NoVersionInMessage) - } + IprResponseError::VersionMismatch { expected, received } => { + crate::Error::ReceivedResponseWithNewVersion { expected, received } + } + _ => crate::Error::NoVersionInMessage, + }) } diff --git a/nym-ip-packet-client/src/lib.rs b/nym-ip-packet-client/src/lib.rs index 8aa5ffdf42..0ab5c2eb24 100644 --- a/nym-ip-packet-client/src/lib.rs +++ b/nym-ip-packet-client/src/lib.rs @@ -11,4 +11,4 @@ pub use error::Error; pub use listener::{IprListener, MixnetMessageOutcome}; // Re-export the currently used version -pub use nym_ip_packet_requests::v8 as current; +pub use nym_ip_packet_requests::v9 as current; diff --git a/nym-node-status-api/nym-node-status-agent/Cargo.toml b/nym-node-status-api/nym-node-status-agent/Cargo.toml index 6adc231711..dbc7e877a5 100644 --- a/nym-node-status-api/nym-node-status-agent/Cargo.toml +++ b/nym-node-status-api/nym-node-status-agent/Cargo.toml @@ -3,7 +3,7 @@ [package] name = "nym-node-status-agent" -version = "1.1.3" +version = "1.1.5" authors.workspace = true repository.workspace = true homepage.workspace = true diff --git a/nym-node-status-api/nym-node-status-agent/run.sh b/nym-node-status-api/nym-node-status-agent/run.sh index 99ebb1867a..98f684ea41 100755 --- a/nym-node-status-api/nym-node-status-agent/run.sh +++ b/nym-node-status-api/nym-node-status-agent/run.sh @@ -25,7 +25,7 @@ SERVER="${NODE_STATUS_AGENT_SERVER_ADDRESS}|${NODE_STATUS_AGENT_SERVER_PORT}" # hardcoded key used only for LOCAL TESTING export NODE_STATUS_AGENT_AUTH_KEY=${NODE_STATUS_AGENT_AUTH_KEY_STAGING:-"BjyC9SsHAZUzPRkQR4sPTvVrp4GgaquTh5YfSJksvvWT"} export NODE_STATUS_AGENT_PROBE_PATH="$crate_root/nym-gateway-probe" -export NODE_STATUS_AGENT_PROBE_EXTRA_ARGS="netstack-download-timeout-sec=30,netstack-num-ping=2,netstack-send-timeout-sec=1,netstack-recv-timeout-sec=1,socks5-json-rpc-url-list=https://cloudflare-eth.com;https://ethereum.publicnode.com" +export NODE_STATUS_AGENT_PROBE_EXTRA_ARGS="netstack-download-timeout-sec=30,netstack-num-ping=2,netstack-send-timeout-sec=1,netstack-recv-timeout-sec=1,socks5-json-rpc-url-list=https://cloudflare-eth.com;https://ethereum-rpc.publicnode.com" workers=${1:-1} echo "Running $workers workers in parallel" diff --git a/nym-node-status-api/nym-node-status-agent/src/cli/run_probe.rs b/nym-node-status-api/nym-node-status-agent/src/cli/run_probe.rs index 820136b3f0..889b0b4f08 100644 --- a/nym-node-status-api/nym-node-status-agent/src/cli/run_probe.rs +++ b/nym-node-status-api/nym-node-status-agent/src/cli/run_probe.rs @@ -1,3 +1,5 @@ +use tracing::instrument; + use crate::cli::{GwProbe, ServerConfig}; pub(crate) async fn run_probe( @@ -46,7 +48,7 @@ pub(crate) async fn run_probe( let testrun_id = testrun.assignment.testrun_id; let testrun_assigned_at = testrun.assignment.assigned_at_utc; - let gateway_identity_key = testrun.assignment.gateway_identity_key; + let gateway_identity_key = testrun.assignment.gateway_identity_key.clone(); tracing::info!("Received testrun {testrun_id} for gateway {gateway_identity_key} from primary",); @@ -61,7 +63,7 @@ pub(crate) async fn run_probe( // Extract JSON from log output (probe outputs logs followed by JSON) let json_str = extract_json_from_log(&log); if json_str.is_empty() { - tracing::error!("Failed to extract JSON from probe output"); + tracing::warn!("Failed to extract JSON from probe output"); } else { match serde_json::from_str::(&json_str) { Ok(json) => { @@ -87,13 +89,32 @@ pub(crate) async fn run_probe( } } - // Submit to ALL servers in parallel + submit_results_to_servers( + servers, + testrun_id, + testrun_assigned_at, + &gateway_identity_key, + log, + ) + .await; + + Ok(()) +} + +#[instrument(level = "info", skip_all, fields(gateway_id = %gateway_identity_key, testrun = testrun_id))] +async fn submit_results_to_servers( + servers: &[ServerConfig], + testrun_id: i32, + testrun_assigned_at: i64, + gateway_identity_key: &str, + log: String, +) { let handles = servers .iter() .enumerate() - .map(move |(idx, server)| { + .map(|(idx, server)| { let log = log.clone(); - let gateway_identity_key = gateway_identity_key.clone(); + let gateway_identity_key = gateway_identity_key.to_string(); async move { let auth_key = nym_crypto::asymmetric::ed25519::PrivateKey::from_bytes( @@ -139,7 +160,7 @@ pub(crate) async fn run_probe( match result { Ok(()) => { tracing::info!( - "✅ Successfully submitted {method} to server[{index}] {server_address}:{server_port}" + "✅ Successfully submitted {method} to server[{index}] {server_address}:{server_port}", ); } Err(e) => { @@ -149,8 +170,6 @@ pub(crate) async fn run_probe( } } } - - Ok(()) } /// Extract JSON from probe log output. diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-0112296b190328a3856d1adf51aafa2525da6c0b871633aad80ad555db9cf47c.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-0112296b190328a3856d1adf51aafa2525da6c0b871633aad80ad555db9cf47c.json new file mode 100644 index 0000000000..068bc54b4b --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-0112296b190328a3856d1adf51aafa2525da6c0b871633aad80ad555db9cf47c.json @@ -0,0 +1,32 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT epoch_id as \"epoch_id: u32\", serialised_key, serialization_revision as \"serialization_revision: u8\"\n FROM master_verification_key WHERE epoch_id = ?\n ", + "describe": { + "columns": [ + { + "name": "epoch_id: u32", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "serialised_key", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "serialization_revision: u8", + "ordinal": 2, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + false, + false + ] + }, + "hash": "0112296b190328a3856d1adf51aafa2525da6c0b871633aad80ad555db9cf47c" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-06e743d143fcc4be20ca2af5e99b19f15d22fff72490473587a14cdc046fda32.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-06e743d143fcc4be20ca2af5e99b19f15d22fff72490473587a14cdc046fda32.json new file mode 100644 index 0000000000..20c47048d8 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-06e743d143fcc4be20ca2af5e99b19f15d22fff72490473587a14cdc046fda32.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT EXISTS (SELECT 1 FROM registered_gateway WHERE gateway_id_bs58 = ?) AS 'exists'", + "describe": { + "columns": [ + { + "name": "exists", + "ordinal": 0, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false + ] + }, + "hash": "06e743d143fcc4be20ca2af5e99b19f15d22fff72490473587a14cdc046fda32" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-16d10f0ac0ed9ce4239937f46df3797a6a9ee7db2aab9f1b5e55f7c13c53bcc1.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-16d10f0ac0ed9ce4239937f46df3797a6a9ee7db2aab9f1b5e55f7c13c53bcc1.json new file mode 100644 index 0000000000..e4f26c5053 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-16d10f0ac0ed9ce4239937f46df3797a6a9ee7db2aab9f1b5e55f7c13c53bcc1.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT OR IGNORE INTO expiration_date_signatures(expiration_date, epoch_id, serialised_signatures, serialization_revision)\n VALUES (?, ?, ?, ?);\n UPDATE expiration_date_signatures\n SET\n serialised_signatures = ?,\n serialization_revision = ?\n WHERE expiration_date = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 7 + }, + "nullable": [] + }, + "hash": "16d10f0ac0ed9ce4239937f46df3797a6a9ee7db2aab9f1b5e55f7c13c53bcc1" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-1b43cc81ce6b6007ccc59172fc64c270fd5dd7f00eaab0fe82e6fe927e604294.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-1b43cc81ce6b6007ccc59172fc64c270fd5dd7f00eaab0fe82e6fe927e604294.json new file mode 100644 index 0000000000..6d2842a9df --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-1b43cc81ce6b6007ccc59172fc64c270fd5dd7f00eaab0fe82e6fe927e604294.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes256_gcm_siv_key, gateway_listener, fallback_listener, expiration_timestamp)\n VALUES (?, ?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 5 + }, + "nullable": [] + }, + "hash": "1b43cc81ce6b6007ccc59172fc64c270fd5dd7f00eaab0fe82e6fe927e604294" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-1da6904e72b5abb9abf75affb13af7974d7795b4cbdba234273345fe161df233.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-1da6904e72b5abb9abf75affb13af7974d7795b4cbdba234273345fe161df233.json new file mode 100644 index 0000000000..9d4281137b --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-1da6904e72b5abb9abf75affb13af7974d7795b4cbdba234273345fe161df233.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM remote_gateway_details WHERE gateway_id_bs58 = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "1da6904e72b5abb9abf75affb13af7974d7795b4cbdba234273345fe161df233" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-1f4fde2cafa3b5fae95ab5fb653b5905d4dd6b7ac0e20f1cf100a51a1a40b35d.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-1f4fde2cafa3b5fae95ab5fb653b5905d4dd6b7ac0e20f1cf100a51a1a40b35d.json new file mode 100644 index 0000000000..d891d0d97a --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-1f4fde2cafa3b5fae95ab5fb653b5905d4dd6b7ac0e20f1cf100a51a1a40b35d.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM reply_key;", + "describe": { + "columns": [], + "parameters": { + "Right": 0 + }, + "nullable": [] + }, + "hash": "1f4fde2cafa3b5fae95ab5fb653b5905d4dd6b7ac0e20f1cf100a51a1a40b35d" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-1fa61c23a1504de280d67c7943282b4dc00ba6a580de1faf83b137365f44b36d.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-1fa61c23a1504de280d67c7943282b4dc00ba6a580de1faf83b137365f44b36d.json new file mode 100644 index 0000000000..096aa7a892 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-1fa61c23a1504de280d67c7943282b4dc00ba6a580de1faf83b137365f44b36d.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE status SET previous_flush = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "1fa61c23a1504de280d67c7943282b4dc00ba6a580de1faf83b137365f44b36d" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-1fc72f8ba24039548047e1766c9105614dea7fd301f0ec38bfe85bfe546dad40.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-1fc72f8ba24039548047e1766c9105614dea7fd301f0ec38bfe85bfe546dad40.json new file mode 100644 index 0000000000..cdc057df57 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-1fc72f8ba24039548047e1766c9105614dea7fd301f0ec38bfe85bfe546dad40.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO ecash_deposit_usage (deposit_id, ticketbooks_requested_on, client_pubkey, request_uuid)\n VALUES (?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 4 + }, + "nullable": [] + }, + "hash": "1fc72f8ba24039548047e1766c9105614dea7fd301f0ec38bfe85bfe546dad40" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-20797a3e0bb951ed77216a906d7997139172411b10c7444dea74a1438de4f343.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-20797a3e0bb951ed77216a906d7997139172411b10c7444dea74a1438de4f343.json new file mode 100644 index 0000000000..eb6e8b8904 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-20797a3e0bb951ed77216a906d7997139172411b10c7444dea74a1438de4f343.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n UPDATE remote_gateway_details SET gateway_listener = ?, fallback_listener = ?, expiration_timestamp = ? WHERE gateway_id_bs58 = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 4 + }, + "nullable": [] + }, + "hash": "20797a3e0bb951ed77216a906d7997139172411b10c7444dea74a1438de4f343" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-22bc9c7bcf96ec817c83c26104408cb6c3b99c6b808ba50c67b066fc3f36073b.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-22bc9c7bcf96ec817c83c26104408cb6c3b99c6b808ba50c67b066fc3f36073b.json new file mode 100644 index 0000000000..3fbb4e474d --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-22bc9c7bcf96ec817c83c26104408cb6c3b99c6b808ba50c67b066fc3f36073b.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO reply_surb(reply_surb_sender_id, reply_surb, encoded_key_rotation) VALUES (?, ?, ?);\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "22bc9c7bcf96ec817c83c26104408cb6c3b99c6b808ba50c67b066fc3f36073b" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-284b3ceae42f9320c30323dde47765854899103fd3c0fa670eb6809492270e02.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-284b3ceae42f9320c30323dde47765854899103fd3c0fa670eb6809492270e02.json new file mode 100644 index 0000000000..6ee25bbc1a --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-284b3ceae42f9320c30323dde47765854899103fd3c0fa670eb6809492270e02.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO ecash_ticketbook\n (serialization_revision, ticketbook_data, expiration_date, ticketbook_type, epoch_id, total_tickets, used_tickets)\n VALUES (?, ?, ?, ?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 7 + }, + "nullable": [] + }, + "hash": "284b3ceae42f9320c30323dde47765854899103fd3c0fa670eb6809492270e02" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-28681fcd8e2d4326f628681b8f2a317aabce063a650be362d3a8ed83cc7c3549.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-28681fcd8e2d4326f628681b8f2a317aabce063a650be362d3a8ed83cc7c3549.json new file mode 100644 index 0000000000..32f3f9958c --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-28681fcd8e2d4326f628681b8f2a317aabce063a650be362d3a8ed83cc7c3549.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n DELETE FROM blinded_shares WHERE created < ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "28681fcd8e2d4326f628681b8f2a317aabce063a650be362d3a8ed83cc7c3549" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-2930ca6e3875c74acb7abb9ad889f166ad7f57681f76a1d0c7723d007c1f2c1e.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-2930ca6e3875c74acb7abb9ad889f166ad7f57681f76a1d0c7723d007c1f2c1e.json new file mode 100644 index 0000000000..9ef7d96cca --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-2930ca6e3875c74acb7abb9ad889f166ad7f57681f76a1d0c7723d007c1f2c1e.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO global_expiration_date_signatures(expiration_date, epoch_id, serialised_signatures, serialization_revision)\n VALUES (?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 4 + }, + "nullable": [] + }, + "hash": "2930ca6e3875c74acb7abb9ad889f166ad7f57681f76a1d0c7723d007c1f2c1e" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-2c113b37864f9fec7e64c0f8fdd38edcdf149acfd38c56a4db3bbf97bdb13210.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-2c113b37864f9fec7e64c0f8fdd38edcdf149acfd38c56a4db3bbf97bdb13210.json new file mode 100644 index 0000000000..4fd84fdf93 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-2c113b37864f9fec7e64c0f8fdd38edcdf149acfd38c56a4db3bbf97bdb13210.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO custom_gateway_details(gateway_id_bs58, data)\n VALUES (?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 2 + }, + "nullable": [] + }, + "hash": "2c113b37864f9fec7e64c0f8fdd38edcdf149acfd38c56a4db3bbf97bdb13210" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-2f3c12cb0c48084b569e12ecb0315212a6f526f78258e173c96ec177988696ef.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-2f3c12cb0c48084b569e12ecb0315212a6f526f78258e173c96ec177988696ef.json new file mode 100644 index 0000000000..405049043d --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-2f3c12cb0c48084b569e12ecb0315212a6f526f78258e173c96ec177988696ef.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n DELETE FROM emergency_credential\n WHERE id = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "2f3c12cb0c48084b569e12ecb0315212a6f526f78258e173c96ec177988696ef" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-37f82c9ec26b53d01601a2d6df82038a77ec37cca9f9aef18008dcd03030c2c4.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-37f82c9ec26b53d01601a2d6df82038a77ec37cca9f9aef18008dcd03030c2c4.json new file mode 100644 index 0000000000..ea79b11bbd --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-37f82c9ec26b53d01601a2d6df82038a77ec37cca9f9aef18008dcd03030c2c4.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM ecash_ticketbook WHERE expiration_date <= ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "37f82c9ec26b53d01601a2d6df82038a77ec37cca9f9aef18008dcd03030c2c4" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-396f40c33f0f62796eb7449d640bd97845350f4fb9f806c60b93c7cebd5e410d.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-396f40c33f0f62796eb7449d640bd97845350f4fb9f806c60b93c7cebd5e410d.json new file mode 100644 index 0000000000..944c86e33e --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-396f40c33f0f62796eb7449d640bd97845350f4fb9f806c60b93c7cebd5e410d.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT error_message\n FROM blinded_shares\n WHERE id = ?;\n ", + "describe": { + "columns": [ + { + "name": "error_message", + "ordinal": 0, + "type_info": "Text" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + true + ] + }, + "hash": "396f40c33f0f62796eb7449d640bd97845350f4fb9f806c60b93c7cebd5e410d" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-3cc446220668fb3e02f0578104291d2a2af57656b405212af414d765b2263347.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-3cc446220668fb3e02f0578104291d2a2af57656b405212af414d765b2263347.json new file mode 100644 index 0000000000..9d8cff1326 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-3cc446220668fb3e02f0578104291d2a2af57656b405212af414d765b2263347.json @@ -0,0 +1,26 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT serialised_signatures, serialization_revision as \"serialization_revision: u8\"\n FROM global_expiration_date_signatures\n WHERE expiration_date = ? AND epoch_id = ?\n ", + "describe": { + "columns": [ + { + "name": "serialised_signatures", + "ordinal": 0, + "type_info": "Blob" + }, + { + "name": "serialization_revision: u8", + "ordinal": 1, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 2 + }, + "nullable": [ + false, + false + ] + }, + "hash": "3cc446220668fb3e02f0578104291d2a2af57656b405212af414d765b2263347" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-42dfc51aea793fc60484cff6c481bbace1bcf110e048e594e8bd03fa45290732.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-42dfc51aea793fc60484cff6c481bbace1bcf110e048e594e8bd03fa45290732.json new file mode 100644 index 0000000000..d1ea957e7f --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-42dfc51aea793fc60484cff6c481bbace1bcf110e048e594e8bd03fa45290732.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE status SET client_in_use = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "42dfc51aea793fc60484cff6c481bbace1bcf110e048e594e8bd03fa45290732" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-4a4f3b32b313f7fbc6eb579659e7cec1442967e53764b83ba0a66cd9a72494f9.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-4a4f3b32b313f7fbc6eb579659e7cec1442967e53764b83ba0a66cd9a72494f9.json new file mode 100644 index 0000000000..e71f300174 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-4a4f3b32b313f7fbc6eb579659e7cec1442967e53764b83ba0a66cd9a72494f9.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n DELETE FROM emergency_credential\n WHERE type = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "4a4f3b32b313f7fbc6eb579659e7cec1442967e53764b83ba0a66cd9a72494f9" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-4f78619aca933484cd67cb89a376b2a5bec1c191993ff58f0c71c03e3ef6d92d.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-4f78619aca933484cd67cb89a376b2a5bec1c191993ff58f0c71c03e3ef6d92d.json new file mode 100644 index 0000000000..eb2dc28e12 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-4f78619aca933484cd67cb89a376b2a5bec1c191993ff58f0c71c03e3ef6d92d.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM custom_gateway_details WHERE gateway_id_bs58 = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "4f78619aca933484cd67cb89a376b2a5bec1c191993ff58f0c71c03e3ef6d92d" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-52b378e282d93db941eff53b5b311e5732ece0bf84ea98f2328b20add8f2b5ef.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-52b378e282d93db941eff53b5b311e5732ece0bf84ea98f2328b20add8f2b5ef.json new file mode 100644 index 0000000000..77a99816d4 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-52b378e282d93db941eff53b5b311e5732ece0bf84ea98f2328b20add8f2b5ef.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n DELETE FROM partial_blinded_wallet_failure WHERE created < ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "52b378e282d93db941eff53b5b311e5732ece0bf84ea98f2328b20add8f2b5ef" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-54f552a9dbe95236f946ac2b6615e03504afa58e345ae16a128629d8e76f0a11.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-54f552a9dbe95236f946ac2b6615e03504afa58e345ae16a128629d8e76f0a11.json new file mode 100644 index 0000000000..b1d46fd96b --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-54f552a9dbe95236f946ac2b6615e03504afa58e345ae16a128629d8e76f0a11.json @@ -0,0 +1,26 @@ +{ + "db_name": "SQLite", + "query": "SELECT * FROM custom_gateway_details WHERE gateway_id_bs58 = ?", + "describe": { + "columns": [ + { + "name": "gateway_id_bs58", + "ordinal": 0, + "type_info": "Text" + }, + { + "name": "data", + "ordinal": 1, + "type_info": "Blob" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + true + ] + }, + "hash": "54f552a9dbe95236f946ac2b6615e03504afa58e345ae16a128629d8e76f0a11" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-5661cf1ad8bd5ca062e855e1971a8787133ee41814bd3efdd501f9ee0c050f2b.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-5661cf1ad8bd5ca062e855e1971a8787133ee41814bd3efdd501f9ee0c050f2b.json new file mode 100644 index 0000000000..ad91647c9a --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-5661cf1ad8bd5ca062e855e1971a8787133ee41814bd3efdd501f9ee0c050f2b.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT gateway_id_bs58 FROM registered_gateway", + "describe": { + "columns": [ + { + "name": "gateway_id_bs58", + "ordinal": 0, + "type_info": "Text" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + false + ] + }, + "hash": "5661cf1ad8bd5ca062e855e1971a8787133ee41814bd3efdd501f9ee0c050f2b" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-5c5d4bfabf18bc6fa56e76a9b98e38b7f6ceb8e9191a7b9201922efcf6b07966.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-5c5d4bfabf18bc6fa56e76a9b98e38b7f6ceb8e9191a7b9201922efcf6b07966.json new file mode 100644 index 0000000000..ea667b0bc6 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-5c5d4bfabf18bc6fa56e76a9b98e38b7f6ceb8e9191a7b9201922efcf6b07966.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM pending_issuance WHERE deposit_id = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "5c5d4bfabf18bc6fa56e76a9b98e38b7f6ceb8e9191a7b9201922efcf6b07966" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-5d3b8ad051ab6f46c702308c2fc751a5ca340ac9c6dd86da1a5e9a3e65ea589f.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-5d3b8ad051ab6f46c702308c2fc751a5ca340ac9c6dd86da1a5e9a3e65ea589f.json new file mode 100644 index 0000000000..eb6a62ba22 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-5d3b8ad051ab6f46c702308c2fc751a5ca340ac9c6dd86da1a5e9a3e65ea589f.json @@ -0,0 +1,26 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT serialised_signatures, serialization_revision as \"serialization_revision: u8\"\n FROM expiration_date_signatures\n WHERE expiration_date = ? AND epoch_id = ?\n ", + "describe": { + "columns": [ + { + "name": "serialised_signatures", + "ordinal": 0, + "type_info": "Blob" + }, + { + "name": "serialization_revision: u8", + "ordinal": 1, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 2 + }, + "nullable": [ + false, + false + ] + }, + "hash": "5d3b8ad051ab6f46c702308c2fc751a5ca340ac9c6dd86da1a5e9a3e65ea589f" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-5e51396c534409a4b55c08170e00fd083e87cc9a18d798b2cf8d6774224aebed.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-5e51396c534409a4b55c08170e00fd083e87cc9a18d798b2cf8d6774224aebed.json new file mode 100644 index 0000000000..35fd74e6ee --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-5e51396c534409a4b55c08170e00fd083e87cc9a18d798b2cf8d6774224aebed.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT name FROM sqlite_master WHERE type='table' AND name='status'", + "describe": { + "columns": [ + { + "name": "name", + "ordinal": 0, + "type_info": "Text" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + true + ] + }, + "hash": "5e51396c534409a4b55c08170e00fd083e87cc9a18d798b2cf8d6774224aebed" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-62f471858c831ac762a0ecf60876067dbf82d0dc376ad3f0df835b77dfcc3c37.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-62f471858c831ac762a0ecf60876067dbf82d0dc376ad3f0df835b77dfcc3c37.json new file mode 100644 index 0000000000..632b688eeb --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-62f471858c831ac762a0ecf60876067dbf82d0dc376ad3f0df835b77dfcc3c37.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT flush_in_progress FROM status;", + "describe": { + "columns": [ + { + "name": "flush_in_progress", + "ordinal": 0, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + false + ] + }, + "hash": "62f471858c831ac762a0ecf60876067dbf82d0dc376ad3f0df835b77dfcc3c37" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-648fff18c4016fb356c164f813e0d5ebd37d62612b65b8ac4c9eb5d7b67a8884.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-648fff18c4016fb356c164f813e0d5ebd37d62612b65b8ac4c9eb5d7b67a8884.json new file mode 100644 index 0000000000..974bbd1cd1 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-648fff18c4016fb356c164f813e0d5ebd37d62612b65b8ac4c9eb5d7b67a8884.json @@ -0,0 +1,26 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT min_reply_surb_threshold as \"min_reply_surb_threshold: u32\", max_reply_surb_threshold as \"max_reply_surb_threshold: u32\" FROM reply_surb_storage_metadata;\n ", + "describe": { + "columns": [ + { + "name": "min_reply_surb_threshold: u32", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "max_reply_surb_threshold: u32", + "ordinal": 1, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + false, + false + ] + }, + "hash": "648fff18c4016fb356c164f813e0d5ebd37d62612b65b8ac4c9eb5d7b67a8884" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-67db5e91bcdc831e0d1659eda358d18a0c6792d7a4244a65243d4b22d578a1e5.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-67db5e91bcdc831e0d1659eda358d18a0c6792d7a4244a65243d4b22d578a1e5.json new file mode 100644 index 0000000000..01a4ca077c --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-67db5e91bcdc831e0d1659eda358d18a0c6792d7a4244a65243d4b22d578a1e5.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT client_in_use FROM status;", + "describe": { + "columns": [ + { + "name": "client_in_use", + "ordinal": 0, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + false + ] + }, + "hash": "67db5e91bcdc831e0d1659eda358d18a0c6792d7a4244a65243d4b22d578a1e5" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-70d8f240ad6edda6b8c7f2e800e7fca89d80869484f2f3c66cabb898f0298c62.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-70d8f240ad6edda6b8c7f2e800e7fca89d80869484f2f3c66cabb898f0298c62.json new file mode 100644 index 0000000000..2f22ed93fa --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-70d8f240ad6edda6b8c7f2e800e7fca89d80869484f2f3c66cabb898f0298c62.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "INSERT INTO master_verification_key(epoch_id, serialised_key, serialization_revision) VALUES (?, ?, ?)", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "70d8f240ad6edda6b8c7f2e800e7fca89d80869484f2f3c66cabb898f0298c62" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-727598e516090da6d26e36d09062b60ccb76d6468f359891428c0bfb96ddd7ef.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-727598e516090da6d26e36d09062b60ccb76d6468f359891428c0bfb96ddd7ef.json new file mode 100644 index 0000000000..389d07c6ea --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-727598e516090da6d26e36d09062b60ccb76d6468f359891428c0bfb96ddd7ef.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO registered_gateway(gateway_id_bs58, registration_timestamp, gateway_type)\n VALUES (?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "727598e516090da6d26e36d09062b60ccb76d6468f359891428c0bfb96ddd7ef" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-74d77a3e15f49bde7b8b17dd638de04e5ece789fb0b0cd27ad09858fbf5c5e27.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-74d77a3e15f49bde7b8b17dd638de04e5ece789fb0b0cd27ad09858fbf5c5e27.json new file mode 100644 index 0000000000..caf7479a75 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-74d77a3e15f49bde7b8b17dd638de04e5ece789fb0b0cd27ad09858fbf5c5e27.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE status SET flush_in_progress = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "74d77a3e15f49bde7b8b17dd638de04e5ece789fb0b0cd27ad09858fbf5c5e27" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-80476cf2906eb0ecf7f66c16bc5682169b87f488b6927fa67fade6bf5abf7582.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-80476cf2906eb0ecf7f66c16bc5682169b87f488b6927fa67fade6bf5abf7582.json new file mode 100644 index 0000000000..02b9ef7426 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-80476cf2906eb0ecf7f66c16bc5682169b87f488b6927fa67fade6bf5abf7582.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE active_gateway SET active_gateway_id_bs58 = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "80476cf2906eb0ecf7f66c16bc5682169b87f488b6927fa67fade6bf5abf7582" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-805ad4f26e0234d7f482a263e186156311713d2e9f69d39c868cd16296b56326.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-805ad4f26e0234d7f482a263e186156311713d2e9f69d39c868cd16296b56326.json new file mode 100644 index 0000000000..e1eb54bb9c --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-805ad4f26e0234d7f482a263e186156311713d2e9f69d39c868cd16296b56326.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO emergency_credential\n (type, content, expiration)\n VALUES (?, ?, ?)\n ON CONFLICT(type, content) DO NOTHING;\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "805ad4f26e0234d7f482a263e186156311713d2e9f69d39c868cd16296b56326" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-81a12a8a419c88b1c28a5533fde4d63462e9ea0049e2edafea1dc3f8476b33e4.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-81a12a8a419c88b1c28a5533fde4d63462e9ea0049e2edafea1dc3f8476b33e4.json new file mode 100644 index 0000000000..ae81f52d0e --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-81a12a8a419c88b1c28a5533fde4d63462e9ea0049e2edafea1dc3f8476b33e4.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO pending_issuance\n (deposit_id, serialization_revision, pending_ticketbook_data, expiration_date)\n VALUES (?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 4 + }, + "nullable": [] + }, + "hash": "81a12a8a419c88b1c28a5533fde4d63462e9ea0049e2edafea1dc3f8476b33e4" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-84cad8b1078a4000830835e6349de3eb76fed954b7336530401db72cd008aff3.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-84cad8b1078a4000830835e6349de3eb76fed954b7336530401db72cd008aff3.json new file mode 100644 index 0000000000..051c18bba2 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-84cad8b1078a4000830835e6349de3eb76fed954b7336530401db72cd008aff3.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "UPDATE ecash_ticketbook SET used_tickets = used_tickets + ? WHERE id = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 2 + }, + "nullable": [] + }, + "hash": "84cad8b1078a4000830835e6349de3eb76fed954b7336530401db72cd008aff3" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-85d542a8cb2e1fbba6142729056b57e6ea8685e9473a3a8bd635552810493a58.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-85d542a8cb2e1fbba6142729056b57e6ea8685e9473a3a8bd635552810493a58.json new file mode 100644 index 0000000000..12145c00d4 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-85d542a8cb2e1fbba6142729056b57e6ea8685e9473a3a8bd635552810493a58.json @@ -0,0 +1,32 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT reply_surb_sender_id, reply_surb, encoded_key_rotation as \"encoded_key_rotation: u8\" FROM reply_surb\n WHERE reply_surb_sender_id = ?\n ", + "describe": { + "columns": [ + { + "name": "reply_surb_sender_id", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "reply_surb", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "encoded_key_rotation: u8", + "ordinal": 2, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + false, + false + ] + }, + "hash": "85d542a8cb2e1fbba6142729056b57e6ea8685e9473a3a8bd635552810493a58" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-97d97ebb6bc8f4114fdea9ebc9f57f91a11f5057273cb70bd0e629712d17dd41.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-97d97ebb6bc8f4114fdea9ebc9f57f91a11f5057273cb70bd0e629712d17dd41.json new file mode 100644 index 0000000000..84e8ba9f16 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-97d97ebb6bc8f4114fdea9ebc9f57f91a11f5057273cb70bd0e629712d17dd41.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO partial_blinded_wallet_failure(corresponding_deposit, epoch_id, expiration_date, node_id, created, failure_message)\n VALUES (?, ?, ?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 6 + }, + "nullable": [] + }, + "hash": "97d97ebb6bc8f4114fdea9ebc9f57f91a11f5057273cb70bd0e629712d17dd41" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-a5a71e480118639397f7464abb09db66d1dc1307c0873627b39cb22a245b5a8c.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-a5a71e480118639397f7464abb09db66d1dc1307c0873627b39cb22a245b5a8c.json new file mode 100644 index 0000000000..6cd1eab066 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-a5a71e480118639397f7464abb09db66d1dc1307c0873627b39cb22a245b5a8c.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "INSERT INTO status(flush_in_progress, previous_flush, client_in_use) VALUES (0, 0, 1)", + "describe": { + "columns": [], + "parameters": { + "Right": 0 + }, + "nullable": [] + }, + "hash": "a5a71e480118639397f7464abb09db66d1dc1307c0873627b39cb22a245b5a8c" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-a5b18e66d77ff802e274623605e15dcfcffb502ba8398caefd56c481f44eb84e.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-a5b18e66d77ff802e274623605e15dcfcffb502ba8398caefd56c481f44eb84e.json new file mode 100644 index 0000000000..5fd4e4f2e6 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-a5b18e66d77ff802e274623605e15dcfcffb502ba8398caefd56c481f44eb84e.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT OR IGNORE INTO master_verification_key(epoch_id, serialised_key, serialization_revision) VALUES (?, ?, ?);\n UPDATE master_verification_key\n SET\n serialised_key = ?,\n serialization_revision = ?\n WHERE epoch_id = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 6 + }, + "nullable": [] + }, + "hash": "a5b18e66d77ff802e274623605e15dcfcffb502ba8398caefd56c481f44eb84e" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-a8b7ce0fe4755c28b96d1e503e313ab15fed747fb0cee1c9f949fb58461b3f79.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-a8b7ce0fe4755c28b96d1e503e313ab15fed747fb0cee1c9f949fb58461b3f79.json new file mode 100644 index 0000000000..6cb8138cc5 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-a8b7ce0fe4755c28b96d1e503e313ab15fed747fb0cee1c9f949fb58461b3f79.json @@ -0,0 +1,32 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT epoch_id as \"epoch_id: u32\", serialised_signatures, serialization_revision as \"serialization_revision: u8\"\n FROM global_coin_index_signatures WHERE epoch_id = ?\n ", + "describe": { + "columns": [ + { + "name": "epoch_id: u32", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "serialised_signatures", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "serialization_revision: u8", + "ordinal": 2, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + false, + false + ] + }, + "hash": "a8b7ce0fe4755c28b96d1e503e313ab15fed747fb0cee1c9f949fb58461b3f79" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-b6ce77fcffda2ee24ba181213e04adec312abffa604fa805cc362a2c206107b4.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-b6ce77fcffda2ee24ba181213e04adec312abffa604fa805cc362a2c206107b4.json new file mode 100644 index 0000000000..7b8a1a92fc --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-b6ce77fcffda2ee24ba181213e04adec312abffa604fa805cc362a2c206107b4.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO reply_surb_storage_metadata(min_reply_surb_threshold, max_reply_surb_threshold)\n VALUES (?, ?);\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 2 + }, + "nullable": [] + }, + "hash": "b6ce77fcffda2ee24ba181213e04adec312abffa604fa805cc362a2c206107b4" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-b8257a0832d0124f0a8aaaf81dc6a811c593aea8febf1f891117e5e84213f147.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-b8257a0832d0124f0a8aaaf81dc6a811c593aea8febf1f891117e5e84213f147.json new file mode 100644 index 0000000000..03efdc4734 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-b8257a0832d0124f0a8aaaf81dc6a811c593aea8febf1f891117e5e84213f147.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n DELETE FROM partial_blinded_wallet WHERE created < ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "b8257a0832d0124f0a8aaaf81dc6a811c593aea8febf1f891117e5e84213f147" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-ba96344db31b0f2155e2af53eaaeafc9b5f64061b6c9a829e2912945b6cffc82.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-ba96344db31b0f2155e2af53eaaeafc9b5f64061b6c9a829e2912945b6cffc82.json new file mode 100644 index 0000000000..7c01c8d1fa --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-ba96344db31b0f2155e2af53eaaeafc9b5f64061b6c9a829e2912945b6cffc82.json @@ -0,0 +1,32 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT epoch_id as \"epoch_id: u32\", serialised_signatures, serialization_revision as \"serialization_revision: u8\"\n FROM coin_indices_signatures WHERE epoch_id = ?\n ", + "describe": { + "columns": [ + { + "name": "epoch_id: u32", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "serialised_signatures", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "serialization_revision: u8", + "ordinal": 2, + "type_info": "Integer" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + false, + false + ] + }, + "hash": "ba96344db31b0f2155e2af53eaaeafc9b5f64061b6c9a829e2912945b6cffc82" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-bc823c54143e2dc590b91347cd089dde284b38a3a4960afed758206d03ca1cf4.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-bc823c54143e2dc590b91347cd089dde284b38a3a4960afed758206d03ca1cf4.json new file mode 100644 index 0000000000..ec7111bc5a --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-bc823c54143e2dc590b91347cd089dde284b38a3a4960afed758206d03ca1cf4.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n UPDATE ecash_ticketbook\n SET used_tickets = used_tickets - ?\n WHERE id = ?\n AND used_tickets = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "bc823c54143e2dc590b91347cd089dde284b38a3a4960afed758206d03ca1cf4" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-bd1973696121b6128bd75ae80fab253c071e04eb853d4b0f3b21782ea57c2f68.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-bd1973696121b6128bd75ae80fab253c071e04eb853d4b0f3b21782ea57c2f68.json new file mode 100644 index 0000000000..a2077f76ae --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-bd1973696121b6128bd75ae80fab253c071e04eb853d4b0f3b21782ea57c2f68.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT OR IGNORE INTO coin_indices_signatures(epoch_id, serialised_signatures, serialization_revision) VALUES (?, ?, ?);\n UPDATE coin_indices_signatures\n SET\n serialised_signatures = ?,\n serialization_revision = ?\n WHERE epoch_id = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 6 + }, + "nullable": [] + }, + "hash": "bd1973696121b6128bd75ae80fab253c071e04eb853d4b0f3b21782ea57c2f68" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-bdaf8e8dd711ff420807659456f5ebe0222a2a0ba96f28e3a3aa58fdc4b689db.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-bdaf8e8dd711ff420807659456f5ebe0222a2a0ba96f28e3a3aa58fdc4b689db.json new file mode 100644 index 0000000000..383ca24d4e --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-bdaf8e8dd711ff420807659456f5ebe0222a2a0ba96f28e3a3aa58fdc4b689db.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO reply_surb_sender(tag, last_sent) VALUES (?, ?);\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 2 + }, + "nullable": [] + }, + "hash": "bdaf8e8dd711ff420807659456f5ebe0222a2a0ba96f28e3a3aa58fdc4b689db" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-bf249752f08c283bf5942b6ff48125c24750b523cfcad1e5e9069dbf7050e2a1.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-bf249752f08c283bf5942b6ff48125c24750b523cfcad1e5e9069dbf7050e2a1.json new file mode 100644 index 0000000000..a1ae46b595 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-bf249752f08c283bf5942b6ff48125c24750b523cfcad1e5e9069dbf7050e2a1.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT active_gateway_id_bs58 FROM active_gateway", + "describe": { + "columns": [ + { + "name": "active_gateway_id_bs58", + "ordinal": 0, + "type_info": "Text" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + true + ] + }, + "hash": "bf249752f08c283bf5942b6ff48125c24750b523cfcad1e5e9069dbf7050e2a1" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-c2b841762bdb963fff337ef5c8ec9f560017b4da6b0303ea0397d9568229e167.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-c2b841762bdb963fff337ef5c8ec9f560017b4da6b0303ea0397d9568229e167.json new file mode 100644 index 0000000000..6b70481c75 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-c2b841762bdb963fff337ef5c8ec9f560017b4da6b0303ea0397d9568229e167.json @@ -0,0 +1,38 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT\n t1.node_id as \"node_id!\",\n t1.blinded_signature as \"blinded_signature!\",\n t1.epoch_id as \"epoch_id!\",\n t1.expiration_date as \"expiration_date!: Date\"\n FROM partial_blinded_wallet as t1\n JOIN ecash_deposit_usage as t2\n on t1.corresponding_deposit = t2.deposit_id\n JOIN blinded_shares as t3\n ON t2.request_uuid = t3.request_uuid\n WHERE t3.device_id = ? AND t3.credential_id = ?;\n ", + "describe": { + "columns": [ + { + "name": "node_id!", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "blinded_signature!", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "epoch_id!", + "ordinal": 2, + "type_info": "Integer" + }, + { + "name": "expiration_date!: Date", + "ordinal": 3, + "type_info": "Date" + } + ], + "parameters": { + "Right": 2 + }, + "nullable": [ + true, + true, + true, + true + ] + }, + "hash": "c2b841762bdb963fff337ef5c8ec9f560017b4da6b0303ea0397d9568229e167" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-d3510846941fa2525926b9bfbcdabd806877ce914b514d4f7cd6be318c4debe6.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-d3510846941fa2525926b9bfbcdabd806877ce914b514d4f7cd6be318c4debe6.json new file mode 100644 index 0000000000..9de4c7f230 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-d3510846941fa2525926b9bfbcdabd806877ce914b514d4f7cd6be318c4debe6.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "INSERT INTO global_coin_index_signatures(epoch_id, serialised_signatures, serialization_revision) VALUES (?, ?, ?)", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "d3510846941fa2525926b9bfbcdabd806877ce914b514d4f7cd6be318c4debe6" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-daa9ffcbe13178d773e538e96971da2809ec4bd66ad49d2e3b8d67b741835475.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-daa9ffcbe13178d773e538e96971da2809ec4bd66ad49d2e3b8d67b741835475.json new file mode 100644 index 0000000000..1faa4be465 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-daa9ffcbe13178d773e538e96971da2809ec4bd66ad49d2e3b8d67b741835475.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM reply_surb_sender;", + "describe": { + "columns": [], + "parameters": { + "Right": 0 + }, + "nullable": [] + }, + "hash": "daa9ffcbe13178d773e538e96971da2809ec4bd66ad49d2e3b8d67b741835475" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-db176e98198fe594d88eb860d918f633a94d18a19b7f0f96935a62560def7d0f.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-db176e98198fe594d88eb860d918f633a94d18a19b7f0f96935a62560def7d0f.json new file mode 100644 index 0000000000..e5dd7c8413 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-db176e98198fe594d88eb860d918f633a94d18a19b7f0f96935a62560def7d0f.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO partial_blinded_wallet(corresponding_deposit, epoch_id, expiration_date, node_id, created, blinded_signature)\n VALUES (?, ?, ?, ?, ?, ?)\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 6 + }, + "nullable": [] + }, + "hash": "db176e98198fe594d88eb860d918f633a94d18a19b7f0f96935a62560def7d0f" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-e29e0c82d034626f9b369348b8e35677b9d9a1b29e4d89437134e92967fa98d1.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-e29e0c82d034626f9b369348b8e35677b9d9a1b29e4d89437134e92967fa98d1.json new file mode 100644 index 0000000000..ecab96d023 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-e29e0c82d034626f9b369348b8e35677b9d9a1b29e4d89437134e92967fa98d1.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM reply_surb;", + "describe": { + "columns": [], + "parameters": { + "Right": 0 + }, + "nullable": [] + }, + "hash": "e29e0c82d034626f9b369348b8e35677b9d9a1b29e4d89437134e92967fa98d1" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-e584253e3856355899537eb8fc152f2bfed2d918b894ec0f588e38dd5e8ad726.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-e584253e3856355899537eb8fc152f2bfed2d918b894ec0f588e38dd5e8ad726.json new file mode 100644 index 0000000000..340f83a280 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-e584253e3856355899537eb8fc152f2bfed2d918b894ec0f588e38dd5e8ad726.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n UPDATE ecash_deposit_usage\n SET ticketbook_request_error = ?\n WHERE deposit_id = ?\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 2 + }, + "nullable": [] + }, + "hash": "e584253e3856355899537eb8fc152f2bfed2d918b894ec0f588e38dd5e8ad726" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-e77ffab19b099b84470fe5611716a2e314787586a46cffd074abb67f2f4d109e.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-e77ffab19b099b84470fe5611716a2e314787586a46cffd074abb67f2f4d109e.json new file mode 100644 index 0000000000..449bc6869f --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-e77ffab19b099b84470fe5611716a2e314787586a46cffd074abb67f2f4d109e.json @@ -0,0 +1,38 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT t1.node_id, t1.blinded_signature, t1.epoch_id, t1.expiration_date as \"expiration_date!: Date\"\n FROM partial_blinded_wallet as t1\n JOIN ecash_deposit_usage as t2\n on t1.corresponding_deposit = t2.deposit_id\n JOIN blinded_shares as t3\n ON t2.request_uuid = t3.request_uuid\n WHERE t3.id = ?;\n ", + "describe": { + "columns": [ + { + "name": "node_id", + "ordinal": 0, + "type_info": "Integer" + }, + { + "name": "blinded_signature", + "ordinal": 1, + "type_info": "Blob" + }, + { + "name": "epoch_id", + "ordinal": 2, + "type_info": "Integer" + }, + { + "name": "expiration_date!: Date", + "ordinal": 3, + "type_info": "Date" + } + ], + "parameters": { + "Right": 1 + }, + "nullable": [ + false, + false, + false, + false + ] + }, + "hash": "e77ffab19b099b84470fe5611716a2e314787586a46cffd074abb67f2f4d109e" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-e8717ef6523ef9bcf37a0e81570ac000904bb7fe3934786d652adc80fde78add.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-e8717ef6523ef9bcf37a0e81570ac000904bb7fe3934786d652adc80fde78add.json new file mode 100644 index 0000000000..a7d1dee6ec --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-e8717ef6523ef9bcf37a0e81570ac000904bb7fe3934786d652adc80fde78add.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "SELECT previous_flush AS \"previous_flush: OffsetDateTime\" FROM status", + "describe": { + "columns": [ + { + "name": "previous_flush: OffsetDateTime", + "ordinal": 0, + "type_info": "Null" + } + ], + "parameters": { + "Right": 0 + }, + "nullable": [ + false + ] + }, + "hash": "e8717ef6523ef9bcf37a0e81570ac000904bb7fe3934786d652adc80fde78add" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-eded014a5fffbd9c359f8557bcd3d41724666bf92357bf5faf42120a2aab131c.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-eded014a5fffbd9c359f8557bcd3d41724666bf92357bf5faf42120a2aab131c.json new file mode 100644 index 0000000000..7e0d68b0db --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-eded014a5fffbd9c359f8557bcd3d41724666bf92357bf5faf42120a2aab131c.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "\n INSERT INTO reply_key(key_digest, reply_key, sent_at) VALUES (?, ?, ?);\n ", + "describe": { + "columns": [], + "parameters": { + "Right": 3 + }, + "nullable": [] + }, + "hash": "eded014a5fffbd9c359f8557bcd3d41724666bf92357bf5faf42120a2aab131c" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-ef60c2683211cc4ec2d3e46392518a1f62fa67dfe8f130deb876ebee11bf1602.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-ef60c2683211cc4ec2d3e46392518a1f62fa67dfe8f130deb876ebee11bf1602.json new file mode 100644 index 0000000000..c78ff30f50 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-ef60c2683211cc4ec2d3e46392518a1f62fa67dfe8f130deb876ebee11bf1602.json @@ -0,0 +1,20 @@ +{ + "db_name": "SQLite", + "query": "\n SELECT error_message\n FROM blinded_shares\n WHERE device_id = ? AND credential_id = ?;\n ", + "describe": { + "columns": [ + { + "name": "error_message", + "ordinal": 0, + "type_info": "Text" + } + ], + "parameters": { + "Right": 2 + }, + "nullable": [ + true + ] + }, + "hash": "ef60c2683211cc4ec2d3e46392518a1f62fa67dfe8f130deb876ebee11bf1602" +} diff --git a/nym-node-status-api/nym-node-status-api/.sqlx/query-f3ebe259e26c05ecdd33bd9085dbb91cd5046a8c9d4434cf085a4fa2ebf03e93.json b/nym-node-status-api/nym-node-status-api/.sqlx/query-f3ebe259e26c05ecdd33bd9085dbb91cd5046a8c9d4434cf085a4fa2ebf03e93.json new file mode 100644 index 0000000000..e2cfa29a82 --- /dev/null +++ b/nym-node-status-api/nym-node-status-api/.sqlx/query-f3ebe259e26c05ecdd33bd9085dbb91cd5046a8c9d4434cf085a4fa2ebf03e93.json @@ -0,0 +1,12 @@ +{ + "db_name": "SQLite", + "query": "DELETE FROM registered_gateway WHERE gateway_id_bs58 = ?", + "describe": { + "columns": [], + "parameters": { + "Right": 1 + }, + "nullable": [] + }, + "hash": "f3ebe259e26c05ecdd33bd9085dbb91cd5046a8c9d4434cf085a4fa2ebf03e93" +} diff --git a/nym-node-status-api/nym-node-status-api/Cargo.toml b/nym-node-status-api/nym-node-status-api/Cargo.toml index 5c317a78c0..47a214d768 100644 --- a/nym-node-status-api/nym-node-status-api/Cargo.toml +++ b/nym-node-status-api/nym-node-status-api/Cargo.toml @@ -3,7 +3,7 @@ [package] name = "nym-node-status-api" -version = "4.3.0" +version = "4.3.1" authors.workspace = true repository.workspace = true homepage.workspace = true diff --git a/nym-node-status-api/nym-node-status-api/Makefile b/nym-node-status-api/nym-node-status-api/Makefile index 65e699d116..f0ae2fe951 100644 --- a/nym-node-status-api/nym-node-status-api/Makefile +++ b/nym-node-status-api/nym-node-status-api/Makefile @@ -59,6 +59,7 @@ test-db-prepare: ## Run sqlx prepare for compile-time query verification # --- Run Targets --- .PHONY: run run: ## Run the service (assumes database is already running) + @test -n "$$NYM_NODE_STATUS_API_MNEMONIC" || { echo "Error: NYM_NODE_STATUS_API_MNEMONIC is not set"; exit 1; } @echo "Starting nym-node-status-api with $(ENVIRONMENT) environment..." @set -a && source "$(MONOREPO_ROOT)/envs/$(ENVIRONMENT).env" && set +a && \ DATABASE_URL="$(TEST_DATABASE_URL)" \ diff --git a/nym-node-status-api/nym-node-status-api/docker-compose.yml b/nym-node-status-api/nym-node-status-api/docker-compose.yml index 12dbe51031..35090735c1 100644 --- a/nym-node-status-api/nym-node-status-api/docker-compose.yml +++ b/nym-node-status-api/nym-node-status-api/docker-compose.yml @@ -1,6 +1,6 @@ services: postgres-test: - image: postgres:16-alpine + image: postgres:17-alpine container_name: nym_node_status_api_postgres_test environment: POSTGRES_DB: nym_node_status_api_test @@ -18,4 +18,4 @@ services: # - postgres_test_data:/var/lib/postgresql/data # volumes: -# postgres_test_data: \ No newline at end of file +# postgres_test_data: diff --git a/nym-node/Cargo.toml b/nym-node/Cargo.toml index 73c192f13f..26eb3d6f12 100644 --- a/nym-node/Cargo.toml +++ b/nym-node/Cargo.toml @@ -3,7 +3,7 @@ [package] name = "nym-node" -version = "1.28.0" +version = "1.29.0" authors.workspace = true repository.workspace = true homepage.workspace = true diff --git a/nym-node/src/node/lp/control/ingress/client_handler.rs b/nym-node/src/node/lp/control/ingress/client_handler.rs index 5fc23caf0d..6cd8a6c1b7 100644 --- a/nym-node/src/node/lp/control/ingress/client_handler.rs +++ b/nym-node/src/node/lp/control/ingress/client_handler.rs @@ -261,14 +261,27 @@ where self.handle_forwarding_request(receiver_idx, forward_data) .await } - typ @ LpFrameKind::Opaque => { + LpFrameKind::Opaque => { // Neither registration nor forwarding - unknown payload type warn!( "Unknown transport payload type from {remote} (receiver_idx={receiver_idx}). dropping {} bytes", bytes.len() ); inc!("lp_errors_unknown_payload_type"); - Err(LpHandlerError::UnexpectedLpPayload { typ }) + Err(LpHandlerError::UnexpectedLpPayload { + typ: LpFrameKind::Opaque, + }) + } + LpFrameKind::SphinxStream => { + // Neither registration nor forwarding - unknown payload type + warn!( + "Unknown transport payload type from {remote} (receiver_idx={receiver_idx}). dropping {} bytes", + bytes.len() + ); + inc!("lp_errors_unknown_payload_type"); + Err(LpHandlerError::UnexpectedLpPayload { + typ: LpFrameKind::SphinxStream, + }) } } } diff --git a/nym-node/src/node/mixnet/packet_forwarding/mod.rs b/nym-node/src/node/mixnet/packet_forwarding/mod.rs index a6a5b32d73..6fa21d31c5 100644 --- a/nym-node/src/node/mixnet/packet_forwarding/mod.rs +++ b/nym-node/src/node/mixnet/packet_forwarding/mod.rs @@ -56,7 +56,7 @@ impl PacketForwarder { if let Err(err) = self.mixnet_client.send_without_response(packet) { if err.kind() == io::ErrorKind::WouldBlock { // we only know for sure if we dropped a packet if our sending queue was full - warn!( + trace!( event = "packet.dropped.buffer_full", next_hop = %next_hop, "dropping packet: egress connection buffer full (WouldBlock)" diff --git a/nym-wallet/Cargo.lock b/nym-wallet/Cargo.lock index 0d8b48e1b2..da28ebe4e7 100644 --- a/nym-wallet/Cargo.lock +++ b/nym-wallet/Cargo.lock @@ -2992,7 +2992,7 @@ dependencies = [ "once_cell", "rand 0.9.2", "ring", - "rustls 0.23.36", + "rustls 0.23.37", "thiserror 2.0.12", "tinyvec", "tokio", @@ -3017,7 +3017,7 @@ dependencies = [ "parking_lot", "rand 0.9.2", "resolv-conf", - "rustls 0.23.36", + "rustls 0.23.37", "smallvec", "thiserror 2.0.12", "tokio", @@ -3256,7 +3256,7 @@ dependencies = [ "http 1.3.1", "hyper 1.8.1", "hyper-util", - "rustls 0.23.36", + "rustls 0.23.37", "rustls-pki-types", "tokio", "tokio-rustls 0.26.2", @@ -4726,6 +4726,7 @@ dependencies = [ "nym-http-api-common", "once_cell", "reqwest 0.13.2", + "rustls 0.23.37", "serde", "serde_json", "serde_plain", @@ -6103,7 +6104,7 @@ dependencies = [ "quinn-proto", "quinn-udp", "rustc-hash", - "rustls 0.23.36", + "rustls 0.23.37", "socket2 0.5.9", "thiserror 2.0.12", "tokio", @@ -6123,7 +6124,7 @@ dependencies = [ "rand 0.9.2", "ring", "rustc-hash", - "rustls 0.23.36", + "rustls 0.23.37", "rustls-pki-types", "slab", "thiserror 2.0.12", @@ -6426,7 +6427,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.36", + "rustls 0.23.37", "rustls-pemfile 2.2.0", "rustls-pki-types", "serde", @@ -6469,7 +6470,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.36", + "rustls 0.23.37", "rustls-pki-types", "rustls-platform-verifier", "serde", @@ -6641,9 +6642,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.36" +version = "0.23.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" dependencies = [ "aws-lc-rs", "log", @@ -6718,7 +6719,7 @@ dependencies = [ "jni", "log", "once_cell", - "rustls 0.23.36", + "rustls 0.23.37", "rustls-native-certs 0.8.3", "rustls-platform-verifier-android", "rustls-webpki 0.103.9", @@ -8291,7 +8292,7 @@ version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ - "rustls 0.23.36", + "rustls 0.23.37", "tokio", ] diff --git a/scripts/nym-node-setup/network-tunnel-manager.sh b/scripts/nym-node-setup/network-tunnel-manager.sh index 8faa623047..4bfe031589 100755 --- a/scripts/nym-node-setup/network-tunnel-manager.sh +++ b/scripts/nym-node-setup/network-tunnel-manager.sh @@ -513,7 +513,138 @@ apply_smtps_465_rate_limit() { ############################################################################### -# part 2: wireguard exit policy manager +# part 2: host network firewall for nym services +############################################################################### + +NETWORK_FIREWALL_COMMENT="NYM-NETWORK-FW" + +delete_managed_input_rules() { + local cmd="$1" + + while read -r rule; do + [[ -z "$rule" ]] && continue + local spec + spec="${rule#-A INPUT }" + $cmd -D INPUT $spec 2>/dev/null || true + done < <($cmd -S INPUT | grep -F -- "$NETWORK_FIREWALL_COMMENT" || true) +} + +add_input_port_rule() { + local cmd="$1" + local port="$2" + local protocol="$3" + local iface="${4:-}" + + if [[ -n "$iface" ]]; then + if ! $cmd -C INPUT -i "$iface" -p "$protocol" --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + $cmd -A INPUT -i "$iface" -p "$protocol" --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT + ok "added $cmd INPUT $protocol port $port on $iface" + fi + else + if ! $cmd -C INPUT -p "$protocol" --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + $cmd -A INPUT -p "$protocol" --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT + ok "added $cmd INPUT $protocol port $port" + fi + fi +} + +configure_network_firewall() { + info "configuring host network firewall for nym node services" + + delete_managed_input_rules iptables + delete_managed_input_rules ip6tables + + local tcp_ports=(22 80 443 1789 1790 8080 9000 9001 41264) + local udp_ports=(4443 51822 51264) + + local port + for port in "${tcp_ports[@]}"; do + add_input_port_rule iptables "$port" tcp + add_input_port_rule ip6tables "$port" tcp + done + + for port in "${udp_ports[@]}"; do + add_input_port_rule iptables "$port" udp + add_input_port_rule ip6tables "$port" udp + done + + add_input_port_rule iptables 51830 tcp "$WG_INTERFACE" + add_input_port_rule ip6tables 51830 tcp "$WG_INTERFACE" + + save_iptables_rules + ok "host network firewall configuration completed" +} + +show_network_firewall_status() { + info "managed host network firewall rules" + echo + info "ipv4 input rules:" + iptables -L INPUT -n -v --line-numbers | grep -E "($NETWORK_FIREWALL_COMMENT|dpt:22|dpt:80|dpt:443|dpt:1789|dpt:1790|dpt:8080|dpt:9000|dpt:9001|dpt:51822|dpt:51830|dpt:41264|dpt:51264)" || true + echo + info "ipv6 input rules:" + ip6tables -L INPUT -n -v --line-numbers | grep -E "($NETWORK_FIREWALL_COMMENT|dpt:22|dpt:80|dpt:443|dpt:1789|dpt:1790|dpt:8080|dpt:9000|dpt:9001|dpt:51822|dpt:51830|dpt:41264|dpt:51264)" || true +} + +test_network_firewall_rules() { + info "testing host network firewall rules" + + local failures=0 + local tcp_ports=(22 80 443 1789 1790 8080 9000 9001 41264) + local udp_ports=(51822 51264) + local port + + for port in "${tcp_ports[@]}"; do + if iptables -C INPUT -p tcp --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv4 tcp port $port allowed" + else + error "ipv4 tcp port $port missing" + ((failures++)) + fi + + if ip6tables -C INPUT -p tcp --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv6 tcp port $port allowed" + else + error "ipv6 tcp port $port missing" + ((failures++)) + fi + done + + for port in "${udp_ports[@]}"; do + if iptables -C INPUT -p udp --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv4 udp port $port allowed" + else + error "ipv4 udp port $port missing" + ((failures++)) + fi + + if ip6tables -C INPUT -p udp --dport "$port" -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv6 udp port $port allowed" + else + error "ipv6 udp port $port missing" + ((failures++)) + fi + done + + if iptables -C INPUT -i "$WG_INTERFACE" -p tcp --dport 51830 -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv4 tcp port 51830 allowed on $WG_INTERFACE" + else + error "ipv4 tcp port 51830 missing on $WG_INTERFACE" + ((failures++)) + fi + + if ip6tables -C INPUT -i "$WG_INTERFACE" -p tcp --dport 51830 -m conntrack --ctstate NEW -m comment --comment "$NETWORK_FIREWALL_COMMENT" -j ACCEPT 2>/dev/null; then + ok "ipv6 tcp port 51830 allowed on $WG_INTERFACE" + else + error "ipv6 tcp port 51830 missing on $WG_INTERFACE" + ((failures++)) + fi + + return "$failures" +} + + +############################################################################### +# part 3: wireguard exit policy manager ############################################################################### add_port_rules() { @@ -892,6 +1023,8 @@ show_exit_policy_status() { echo ip6tables -L "$NYM_CHAIN" -n -v 2>/dev/null || echo "ipv6 chain not found" echo + show_network_firewall_status + echo info "ip forwarding:" echo "ipv4: $(cat /proc/sys/net/ipv4/ip_forward 2>/dev/null || echo 0)" echo "ipv6: $(cat /proc/sys/net/ipv6/conf/all/forwarding 2>/dev/null || echo 0)" @@ -942,7 +1075,7 @@ test_exit_policy_connectivity() { ############################################################################### -# part 3: check the firewall setup +# part 4: check the firewall setup ############################################################################### firewall_rule_line() { @@ -1013,21 +1146,15 @@ check_iptables_default_policies() { if [[ -z "${input_policy:-}" ]]; then error "unable to read INPUT default policy (iptables -S INPUT failed?)" issues=1 - elif [[ "${input_policy^^}" != "DROP" ]]; then - error "INPUT default policy is ${input_policy^^}; expected DROP so traffic is only allowed by explicit rules." - issues=1 else - ok "INPUT default policy is DROP" + info "INPUT default policy is ${input_policy^^}" fi if [[ -z "${forward_policy:-}" ]]; then error "unable to read FORWARD default policy (iptables -S FORWARD failed?)" issues=1 - elif [[ "${forward_policy^^}" != "DROP" ]]; then - error "FORWARD default policy is ${forward_policy^^}; expected DROP to ensure traffic only flows via NYM-EXIT rules." - issues=1 else - ok "FORWARD default policy is DROP" + info "FORWARD default policy is ${forward_policy^^}" fi if [[ -z "${output_policy:-}" ]]; then @@ -1050,6 +1177,7 @@ check_firewall_setup() { check_iptables_default_policies || errors=1 check_forward_chain || errors=1 check_nym_exit_chain || errors=1 + test_network_firewall_rules || errors=1 if command -v ip6tables >/dev/null 2>&1; then info "checking ipv6 firewall ordering…" @@ -1062,7 +1190,7 @@ check_firewall_setup() { fi if [[ $errors -ne 0 ]]; then - error "There may be some ordering issues, it is recommended to re-run network-tunnel-manager.sh exit_policy_install after configuring UFW." + error "There may be some ordering issues, it is recommended to re-run network-tunnel-manager.sh exit_policy_install and review the firewall output above." return 1 fi @@ -1072,7 +1200,7 @@ check_firewall_setup() { ############################################################################### -# part 4: full exit policy verification tests +# part 5: full exit policy verification tests ############################################################################### test_port_range_rules() { @@ -1227,6 +1355,9 @@ exit_policy_run_tests() { test_critical_services || ((failed += 1)) ((total += 1)) + test_network_firewall_rules || ((failed += 1)) + ((total += 1)) + if [[ $skip_default -eq 0 ]]; then test_default_reject_rule || ((failed += 1)) ((total += 1)) @@ -1243,7 +1374,7 @@ exit_policy_run_tests() { } ############################################################################### -# part 5: high level workflows +# part 6: high level workflows ############################################################################### nym_tunnel_setup() { @@ -1286,9 +1417,10 @@ exit_policy_install() { } complete_networking_configuration() { - info "starting complete networking configuration: tunnels + exit policy" + info "starting complete networking configuration: tunnels + host firewall + exit policy" nym_tunnel_setup + configure_network_firewall exit_policy_install check_firewall_setup || error "firewall order checks reported problems, please review output" exit_policy_run_tests || error "exit policy tests reported problems, please review output" @@ -1316,6 +1448,12 @@ case "$cmd" in complete_networking_configuration status=$? ;; + + # nym firewall setup + configure_network_firewall) + configure_network_firewall + status=$? + ;; # tunnel manager cmds fetch_ipv6_address_nym_tun) @@ -1403,9 +1541,11 @@ case "$cmd" in usage: $0 [args] high level workflows: - complete_networking_configuration Install tunnel interfaces, setup networking, iptables, wg exit policy & tests - nym_tunnel_setup Install tunnel interfaces & setup networking + complete_networking_configuration Install tunnel interfaces, setup networking, host firewall, iptables, wg exit policy & tests + nym_tunnel_setup Install tunnel interfaces & setup networking + configure_network_firewall Install host firewall rules for nym services exit_policy_install Install and configure wireguard exit policy + tunnel and nat helpers: adjust_ip_forwarding Enable ipv4/ipv6 forwarding via sysctl.d apply_iptables_rules Apply nat/forward rules for ${TUNNEL_INTERFACE} diff --git a/sdk/rust/nym-sdk/Cargo.toml b/sdk/rust/nym-sdk/Cargo.toml index 59bd347d2f..9fddca8295 100644 --- a/sdk/rust/nym-sdk/Cargo.toml +++ b/sdk/rust/nym-sdk/Cargo.toml @@ -33,6 +33,7 @@ nym-credentials-interface = { workspace = true } nym-credential-storage = { workspace = true } nym-credential-utils = { workspace = true } nym-network-defaults = { workspace = true } +nym-lp = { workspace = true } nym-sphinx = { workspace = true } nym-statistics-common = { workspace = true } nym-task = { workspace = true } @@ -64,6 +65,9 @@ url = { workspace = true } toml = { workspace = true } tempfile = { workspace = true } +nym-ip-packet-requests = { workspace = true } +semver = { workspace = true } + # tcpproxy dependencies clap = { workspace = true, features = ["derive"] } anyhow.workspace = true @@ -93,6 +97,8 @@ tokio-stream = { workspace = true } tokio-util = { workspace = true, features = ["codec"] } parking_lot = { workspace = true } hex = { workspace = true } +pnet_packet = { workspace = true } +nym-ip-packet-requests = { workspace = true, features = ["test-utils"] } [features] libp2p-vanilla = [] diff --git a/sdk/rust/nym-sdk/examples/ipr_tunnel.rs b/sdk/rust/nym-sdk/examples/ipr_tunnel.rs new file mode 100644 index 0000000000..9bf242827e --- /dev/null +++ b/sdk/rust/nym-sdk/examples/ipr_tunnel.rs @@ -0,0 +1,92 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +// Smoke test for IpMixStream: connect to an IPR, send a ping, check we get a reply. +// Tests both IPv4 and IPv6 paths. +// +// Usage: +// cargo run --example ipr_tunnel +// cargo run --example ipr_tunnel -- --ipr +// +// e.g. cargo run --example ipr_tunnel -- --ipr 6B6iuWX4bQP4GVA4Yq7XmZencaaGw6BaPY6xJWYSwsbF.6g6LRx1fgU2Q2A4ZPKonYHtfBARh1GPMe1LtXk6vpRR8@q2A2cbooyC16YJzvdYaSMH9X3cSiieZNtfBr8cE8Fi1 + +use std::net::{Ipv4Addr, Ipv6Addr}; +use std::time::Duration; + +use nym_ip_packet_requests::codec::MultiIpPacketCodec; +use nym_ip_packet_requests::icmp_utils::{ + build_icmp_ping, build_icmpv6_ping, is_echo_reply_v4, is_echo_reply_v6, +}; +use nym_sdk::ipr_wrapper::IpMixStream; + +const PING4_TARGET: Ipv4Addr = Ipv4Addr::new(8, 8, 8, 8); +const PING6_TARGET: Ipv6Addr = Ipv6Addr::new(0x2001, 0x4860, 0x4860, 0, 0, 0, 0, 0x8888); + +#[tokio::main] +async fn main() -> anyhow::Result<()> { + nym_bin_common::logging::setup_tracing_logger(); + + let args: Vec = std::env::args().collect(); + let ipr_addr = args + .iter() + .position(|a| a == "--ipr") + .and_then(|i| args.get(i + 1)); + + let mut tunnel = if let Some(addr) = ipr_addr { + let recipient = addr.parse().expect("invalid IPR address"); + IpMixStream::new_with_ipr(recipient).await? + } else { + IpMixStream::new().await? + }; + + let ips = tunnel.allocated_ips(); + let src4 = ips.ipv4; + let src6 = ips.ipv6; + println!("Tunnel up — IPv4: {src4}, IPv6: {src6}"); + + // Send IPv4 ping (ICMP seq=0, unrelated to LP Stream sequence numbers) + let pkt4 = build_icmp_ping(src4, PING4_TARGET, 0).expect("failed to build ICMP packet"); + let bundled = MultiIpPacketCodec::bundle_one_packet(pkt4.into()); + tunnel.send_ip_packet(&bundled).await?; + println!("Sent ping → {PING4_TARGET}"); + + // Send IPv6 ping + let pkt6 = build_icmpv6_ping(src6, PING6_TARGET, 0).expect("failed to build ICMPv6 packet"); + let bundled = MultiIpPacketCodec::bundle_one_packet(pkt6.into()); + tunnel.send_ip_packet(&bundled).await?; + println!("Sent ping → {PING6_TARGET}"); + + let mut got_v4 = false; + let mut got_v6 = false; + let deadline = tokio::time::sleep(Duration::from_secs(30)); + tokio::pin!(deadline); + + loop { + tokio::select! { + _ = &mut deadline => { + if !got_v4 { println!("FAIL — no IPv4 reply within 30s"); } + if !got_v6 { println!("FAIL — no IPv6 reply within 30s"); } + break; + } + result = tunnel.handle_incoming() => { + for pkt in result? { + if !got_v4 && is_echo_reply_v4(&pkt, src4) { + println!("OK — got IPv4 echo reply"); + got_v4 = true; + } + if !got_v6 && is_echo_reply_v6(&pkt, src6) { + println!("OK — got IPv6 echo reply"); + got_v6 = true; + } + if got_v4 && got_v6 { + tunnel.disconnect().await; + return Ok(()); + } + } + } + } + } + + tunnel.disconnect().await; + Ok(()) +} diff --git a/sdk/rust/nym-sdk/src/error.rs b/sdk/rust/nym-sdk/src/error.rs index 57e486172a..dc2a5da492 100644 --- a/sdk/rust/nym-sdk/src/error.rs +++ b/sdk/rust/nym-sdk/src/error.rs @@ -1,3 +1,8 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +use nym_ip_packet_requests::v8::response::{ConnectFailureReason, IpPacketResponseData}; +use nym_validator_client::nym_api::error::NymAPIError; use nym_validator_client::nyxd::error::NyxdError; use std::path::PathBuf; @@ -108,6 +113,37 @@ pub enum Error { #[error("Stream subsystem failed to initialise: reconstructed_receiver unavailable")] StreamInitFailure, + + #[error("client not connected")] + IprStreamClientNotConnected, + + #[error("listening for connection response timed out")] + IPRConnectResponseTimeout, + + #[error("stream closed")] + IPRClientStreamClosed, + + #[error("expected control response, got {0:?}")] + UnexpectedResponseType(IpPacketResponseData), + + #[error("connect denied: {0:?}")] + ConnectDenied(ConnectFailureReason), + + #[allow(clippy::result_large_err)] + #[error("api directory error: {0}")] + GatewayDirectoryError(#[from] NymAPIError), + + #[error("did not receive Nym API URL")] + NoNymAPIUrl, + + #[error("no available gateway")] + NoGatewayAvailable, + + #[error("tunnel disconnected by IPR")] + IprTunnelDisconnected, + + #[error("message version check failed: {0}")] + IPRMessageVersionCheckFailed(String), } impl Error { diff --git a/sdk/rust/nym-sdk/src/ip_packet_client.rs b/sdk/rust/nym-sdk/src/ip_packet_client.rs new file mode 100644 index 0000000000..93a4dae694 --- /dev/null +++ b/sdk/rust/nym-sdk/src/ip_packet_client.rs @@ -0,0 +1,17 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +//! IPR helpers for [`IpMixStream`](crate::ipr_wrapper::IpMixStream). +//! +//! - **Discovery** (`discovery`): queries the Nym API for IPR-enabled exit gateways. +//! - **Response handling** (`listener`): thin wrappers around +//! [`nym_ip_packet_requests::response_helpers`] that add version checking +//! and error mapping for SDK use. + +pub mod discovery; +pub mod listener; + +pub use listener::{handle_ipr_response, MixnetMessageOutcome}; + +// Re-export the currently used version +pub use nym_ip_packet_requests::v9 as current; diff --git a/sdk/rust/nym-sdk/src/ip_packet_client/discovery.rs b/sdk/rust/nym-sdk/src/ip_packet_client/discovery.rs new file mode 100644 index 0000000000..998567a951 --- /dev/null +++ b/sdk/rust/nym-sdk/src/ip_packet_client/discovery.rs @@ -0,0 +1,121 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +//! IPR gateway discovery — find and rank IPR-enabled exit gateways via the Nym API. + +use std::collections::HashMap; + +use nym_crypto::asymmetric::ed25519; +use nym_ip_packet_requests::v9; +use nym_network_defaults::ApiUrl; +use nym_sphinx::addressing::clients::Recipient; +use nym_validator_client::nym_api::NymApiClientExt; +use tracing::{debug, error, info}; + +use rand::seq::SliceRandom; + +use crate::Error; + +#[derive(Clone)] +pub struct IprWithPerformance { + pub address: Recipient, + pub identity: ed25519::PublicKey, + pub performance: u8, +} + +#[allow(clippy::result_large_err)] +pub fn create_nym_api_client( + nym_api_urls: Vec, +) -> Result { + let user_agent = format!("nym-sdk/{}", env!("CARGO_PKG_VERSION")); + + let urls = nym_api_urls + .into_iter() + .map(|url| url.url.parse()) + .collect::, _>>() + .map_err(|err| { + error!("malformed nym-api url: {err}"); + Error::NoNymAPIUrl + })?; + + if urls.is_empty() { + return Err(Error::NoNymAPIUrl); + } + + let client = nym_http_api_client::ClientBuilder::new_with_urls(urls)? + .with_user_agent(user_agent) + .build()?; + + Ok(client) +} + +pub async fn retrieve_exit_nodes_with_performance( + client: nym_http_api_client::Client, +) -> Result, Error> { + let all_nodes = client + .get_all_described_nodes_v2() + .await? + .into_iter() + .map(|described| (described.ed25519_identity_key(), described)) + .collect::>(); + + let exit_gateways = client.get_all_basic_nodes_with_metadata().await?.nodes; + + let mut described = Vec::new(); + + for exit in exit_gateways { + let Some(node) = all_nodes.get(&exit.ed25519_identity_pubkey) else { + continue; + }; + + // Only select nodes running a version that supports v9 (LP Stream framing) + let Ok(node_version) = semver::Version::parse(node.version()) else { + debug!( + "Skipping node {}: unable to parse version '{}'", + exit.ed25519_identity_pubkey, + node.version() + ); + continue; + }; + if node_version < v9::MIN_RELEASE_VERSION { + debug!( + "Skipping node {}: version {} < minimum {}", + exit.ed25519_identity_pubkey, + node_version, + v9::MIN_RELEASE_VERSION + ); + continue; + } + + if let Some(ipr_info) = node.description.ip_packet_router.clone() { + if let Ok(parsed_address) = ipr_info.address.parse() { + described.push(IprWithPerformance { + address: parsed_address, + identity: exit.ed25519_identity_pubkey, + performance: exit.performance.round_to_integer(), + }) + } + } + } + + Ok(described) +} + +/// Select the highest-performance IPR gateway from the directory. +pub async fn get_best_ipr(client: nym_http_api_client::Client) -> Result { + let nodes = retrieve_exit_nodes_with_performance(client).await?; + info!("Found {} Exit Gateways", nodes.len()); + + let selected_ipr = nodes + .choose_weighted(&mut rand::thread_rng(), |gw| gw.performance as f64) + .map_err(|_| Error::NoGatewayAvailable)?; + + let ipr_address = selected_ipr.address; + + info!( + "Using IPR: {} (Gateway: {}, Performance: {:?})", + ipr_address, selected_ipr.identity, selected_ipr.performance + ); + + Ok(ipr_address) +} diff --git a/sdk/rust/nym-sdk/src/ip_packet_client/listener.rs b/sdk/rust/nym-sdk/src/ip_packet_client/listener.rs new file mode 100644 index 0000000000..28ab5cc61a --- /dev/null +++ b/sdk/rust/nym-sdk/src/ip_packet_client/listener.rs @@ -0,0 +1,20 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +pub use nym_ip_packet_requests::response_helpers::MixnetMessageOutcome; + +use nym_ip_packet_requests::response_helpers; + +use crate::ip_packet_client::current::VERSION as CURRENT_VERSION; + +/// Check that the first byte of an IPR message matches the expected protocol version. +pub(crate) fn check_ipr_message_version(data: &[u8]) -> Result<(), crate::Error> { + response_helpers::check_ipr_message_version(data, CURRENT_VERSION) + .map_err(|e| crate::Error::IPRMessageVersionCheckFailed(e.to_string())) +} + +/// Parse raw IPR response bytes into an outcome. +pub fn handle_ipr_response(data: &[u8]) -> Result, crate::Error> { + check_ipr_message_version(data)?; + Ok(response_helpers::handle_ipr_response(data)) +} diff --git a/sdk/rust/nym-sdk/src/ipr_wrapper.rs b/sdk/rust/nym-sdk/src/ipr_wrapper.rs new file mode 100644 index 0000000000..084b74bda0 --- /dev/null +++ b/sdk/rust/nym-sdk/src/ipr_wrapper.rs @@ -0,0 +1,13 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + +//! High-level IPR (IP Packet Router) stream wrapper. +//! +//! [`IpMixStream`] tunnels IP packets through the Nym mixnet to an exit +//! gateway running an IP Packet Router. Both requests and responses are +//! wrapped in LP Stream frames for type-safe detection at the IPR and +//! dispatch by the client's stream router. + +mod ip_mix_stream; + +pub use ip_mix_stream::IpMixStream; diff --git a/sdk/rust/nym-sdk/src/ipr_wrapper/architecture.md b/sdk/rust/nym-sdk/src/ipr_wrapper/architecture.md new file mode 100644 index 0000000000..0c19e01527 --- /dev/null +++ b/sdk/rust/nym-sdk/src/ipr_wrapper/architecture.md @@ -0,0 +1,80 @@ +# IpMixStream Architecture + +## Overview + +`IpMixStream` tunnels IP packets through the Nym mixnet to an IP Packet Router +(IPR) exit gateway. It provides a high-level API over a single `MixnetStream`, +which handles LP Stream framing and Sphinx packet transport automatically. + +## Data Flow + +```text +Client IPR + | | + |-- IpPacketRequest (connect) ---- LP Stream ----->| + |<--- IpPacketResponse (ips) ---- LP Stream (s=0) -| + | | + |-- IpPacketRequest (data) ------- LP Stream ----->| -> TUN -> internet + |<--- IpPacketResponse (data) --- LP Stream (s=1+) | <- TUN <- internet +``` + +## Layer Stack + +```text +IpMixStream IPR protocol (connect, data, disconnect) +MixnetStream AsyncRead + AsyncWrite, LP Stream framing, seq numbers +Stream Router Dispatches inbound messages by stream_id +MixnetClient Sphinx packet encryption, SURB management +Mixnet Entry GW -> Mix1 -> Mix2 -> Mix3 -> Exit GW +``` + +## LP Stream Framing + +All messages between client and IPR are wrapped in LP Stream frames: + +- **Client -> IPR**: `MixnetStream.write()` wraps each write in an LP Stream + Data frame (stream_id, sequence number, payload). The IPR detects + `LpFrameKind::Stream` and strips the header before processing. + +- **IPR -> Client**: Both inline responses (connect handshake, pong) and async + TUN responses are wrapped in LP Stream frames with the same stream_id. The + client's stream router dispatches by stream_id to the correct `MixnetStream`. + +## IP Allocation + +The IPR owns a subnet (`10.0.0.0/16` for IPv4, `fc00::/112` for IPv6) and +allocates addresses to clients on connect. Two modes are supported: + +- **Dynamic** (used by `IpMixStream`): The IPR picks a random unused `IpPair` + from the pool (up to 100 retries). `IpMixStream` uses this path. +- **Static**: The client requests specific IPs; the IPR checks availability. + +On dynamic connect: + +1. IPR calls `find_new_ip()` — random selection from the subnet +2. Registers the client in dual `HashMap` / `HashMap` + maps (keyed by allocated IP). The client identity (anonymous sender tag + for v8, Nym address for v6/v7) is stored inside the `ConnectedClient` value. +3. Returns `DynamicConnectSuccess { ips }` to the client + +The client uses the allocated IPv4/IPv6 as its source address when constructing +packets. When the TUN device receives a response destined for that IP, the IPR +looks up which client owns it and forwards the packet back through the mixnet. + +Reserved addresses: `10.0.0.1` / `fc00::1` (TUN gateway, never allocated). + +> **Note — pool isolation from LP dVPN:** This pool (`10.0.0.0/16`, `fc00::/112` +> on `nymtun`) is separate from the authenticator/LP dVPN WireGuard pool +> (`10.1.0.0/16`, `fc01::/112` on `nymwg`). The second octet differs (`10.0` vs +> `10.1`) and each uses its own TUN interface. Both sets of constants live in +> `common/network-defaults/src/constants.rs` (`mixnet_vpn` vs `wireguard` modules). +> The IPR addresses are hardcoded; the WG addresses are configurable but default to +> the non-overlapping range. + +## Connection Lifecycle + +1. `IpMixStream::new()` discovers the best IPR via Nym API +2. Opens a `MixnetStream` to the IPR (`client.open_stream()`) +3. Sends a dynamic connect request, IPR allocates an `IpPair` +4. Ready for `send_ip_packet()` / `handle_incoming()` loop +5. `disconnect()` shuts down the mixnet client diff --git a/sdk/rust/nym-sdk/src/ipr_wrapper/ip_mix_stream.rs b/sdk/rust/nym-sdk/src/ipr_wrapper/ip_mix_stream.rs new file mode 100644 index 0000000000..13cfb56e23 --- /dev/null +++ b/sdk/rust/nym-sdk/src/ipr_wrapper/ip_mix_stream.rs @@ -0,0 +1,192 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 +use crate::ip_packet_client::{ + discovery::{create_nym_api_client, get_best_ipr}, + handle_ipr_response, + listener::check_ipr_message_version, + MixnetMessageOutcome, +}; +use crate::mixnet::{MixnetClient, MixnetStream, Recipient}; +use crate::Error; +use bytes::Bytes; +use nym_ip_packet_requests::response_helpers; +use nym_ip_packet_requests::{ + v9::{self, response::IpPacketResponse}, + IpPair, +}; +use nym_network_defaults::NymNetworkDetails; +use std::time::Duration; +use tokio::io::AsyncWriteExt; +use tracing::{debug, info}; + +const IPR_CONNECT_TIMEOUT: Duration = Duration::from_secs(60); + +/// A bidirectional tunnel for sending and receiving IP packets through the mixnet. +/// +/// Wraps a [`MixnetStream`] (opened to an IPR exit gateway) and provides a +/// high-level API for the IPR protocol. The underlying `MixnetStream` handles +/// LP Stream framing and stream multiplexing automatically. +/// +/// # Data flow +/// +/// ```text +/// IpMixStream.send_ip_packet(bytes) +/// → IpPacketRequest::to_bytes() → MixnetStream.write() +/// → LP Stream frame (stream_id, seq, Data) +/// → Sphinx packets → mixnet → IPR +/// +/// IPR processes request → TUN → internet → response +/// → IPR wraps in LP Stream frame → Sphinx → mixnet → client +/// → stream router dispatches by stream_id +/// → MixnetStream.recv() → IpPacketResponse bytes +/// → handle_ipr_response() → extract IP packets +/// ``` +pub struct IpMixStream { + stream: MixnetStream, + client: MixnetClient, + allocated_ips: IpPair, + connected: bool, +} + +impl IpMixStream { + /// Discover the best IPR, connect through the mixnet, and establish the IP tunnel. + /// + /// Returns a ready-to-use tunnel with allocated IP addresses. + pub async fn new() -> Result { + let network_defaults = NymNetworkDetails::new_mainnet(); + let api_client = + create_nym_api_client(network_defaults.nym_api_urls.ok_or(Error::NoNymAPIUrl)?)?; + let ipr_address = get_best_ipr(api_client).await?; + Self::new_with_ipr(ipr_address).await + } + + /// Connect to a specific IPR address. + /// + /// Use this when you already know the IPR `Recipient` address (e.g. for + /// testing against a specific exit node). For automatic discovery, use + /// [`IpMixStream::new`] instead. + pub async fn new_with_ipr(ipr_address: Recipient) -> Result { + nym_network_defaults::setup_env(None::<&str>); + let mut client = MixnetClient::connect_new().await?; + let mut stream = client.open_stream(ipr_address, Some(10)).await?; + + info!("Connecting to IP packet router at {ipr_address}"); + let allocated_ips = Self::connect_tunnel(&mut stream).await?; + info!( + "Connected — IPv4: {}, IPv6: {}", + allocated_ips.ipv4, allocated_ips.ipv6 + ); + + Ok(Self { + stream, + client, + allocated_ips, + connected: true, + }) + } + + pub fn nym_address(&self) -> &Recipient { + self.client.nym_address() + } + + pub fn allocated_ips(&self) -> &IpPair { + &self.allocated_ips + } + + pub fn is_connected(&self) -> bool { + self.connected + } + + /// Check that the tunnel is connected, returning an error if not. + pub fn check_connected(&self) -> Result<(), Error> { + if self.connected { + Ok(()) + } else { + Err(Error::IprStreamClientNotConnected) + } + } + + async fn connect_tunnel(stream: &mut MixnetStream) -> Result { + let (request, request_id) = v9::new_connect_request(None); + debug!("Sending connect request with ID: {}", request_id); + + let request_bytes = request.to_bytes()?; + stream + .write_all(&request_bytes) + .await + .map_err(|_| Error::MessageSendingFailure)?; + + let timeout = tokio::time::sleep(IPR_CONNECT_TIMEOUT); + tokio::pin!(timeout); + + loop { + tokio::select! { + _ = &mut timeout => { + return Err(Error::IPRConnectResponseTimeout); + } + result = stream.recv() => { + let data = result.ok_or(Error::IPRClientStreamClosed)?; + + check_ipr_message_version(&data)?; + if let Ok(response) = IpPacketResponse::from_bytes(&data) { + if response.id() == Some(request_id) { + return response_helpers::parse_connect_response(response) + .map_err(|e| match e { + response_helpers::IprResponseError::ConnectDenied(r) => Error::ConnectDenied(r), + response_helpers::IprResponseError::UnexpectedResponse(d) => Error::UnexpectedResponseType(d), + other => Error::IPRMessageVersionCheckFailed(other.to_string()), + }); + } + } + } + } + } + } + + /// Send an IP packet through the tunnel. + pub async fn send_ip_packet(&mut self, packet: &[u8]) -> Result<(), Error> { + self.check_connected()?; + let request = v9::new_data_request(packet.to_vec().into()); + let request_bytes = request.to_bytes()?; + self.stream + .write_all(&request_bytes) + .await + .map_err(|_| Error::MessageSendingFailure) + } + + /// Handle incoming messages from the mixnet. + /// + /// Reads from the underlying `MixnetStream`, parses IPR responses, and + /// extracts IP packets. Returns an empty vec on timeout (10 s). + pub async fn handle_incoming(&mut self) -> Result, Error> { + let data = match tokio::time::timeout(Duration::from_secs(10), self.stream.recv()).await { + Err(_) => return Ok(Vec::new()), + Ok(None) => { + self.connected = false; + return Err(Error::IPRClientStreamClosed); + } + Ok(Some(data)) => data, + }; + + match handle_ipr_response(&data) { + Ok(Some(MixnetMessageOutcome::IpPackets(packets))) => { + debug!("Extracted {} IP packets", packets.len()); + Ok(packets) + } + Ok(Some(MixnetMessageOutcome::Disconnect)) => { + info!("Received disconnect"); + self.connected = false; + Err(Error::IprTunnelDisconnected) + } + Ok(None) => Ok(Vec::new()), + Err(e) => Err(e), + } + } + + /// Disconnect from the Mixnet. Disconnected clients cannot be reconnected. + pub async fn disconnect(self) { + debug!("Disconnecting"); + self.client.disconnect().await; + debug!("Disconnected"); + } +} diff --git a/sdk/rust/nym-sdk/src/lib.rs b/sdk/rust/nym-sdk/src/lib.rs index 8b5bb45568..03fc5ccdbe 100644 --- a/sdk/rust/nym-sdk/src/lib.rs +++ b/sdk/rust/nym-sdk/src/lib.rs @@ -1,13 +1,19 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + //! Rust SDK for the Nym platform //! //! The main component currently is [`mixnet`]. //! [`tcp_proxy`] is probably a good place to start for anyone wanting to integrate with existing app code and read/write from a socket. //! [`client_pool`] is a configurable client pool. +//! [`ipr_wrapper`] tunnels IP packets through the mixnet to an IPR exit gateway. mod error; pub mod bandwidth; pub mod client_pool; +pub mod ip_packet_client; +pub mod ipr_wrapper; pub mod mixnet; pub mod tcp_proxy; diff --git a/sdk/rust/nym-sdk/src/mixnet/client.rs b/sdk/rust/nym-sdk/src/mixnet/client.rs index bafc45b554..32165ef961 100644 --- a/sdk/rust/nym-sdk/src/mixnet/client.rs +++ b/sdk/rust/nym-sdk/src/mixnet/client.rs @@ -546,7 +546,7 @@ where .collect() } - async fn setup_client_keys(&self) -> Result<()> { + pub async fn setup_client_keys(&self) -> Result<()> { let mut rng = OsRng; let key_store = self.storage.key_store(); diff --git a/sdk/rust/nym-sdk/src/mixnet/stream/mixnet_stream.rs b/sdk/rust/nym-sdk/src/mixnet/stream/mixnet_stream.rs index 1d3358aeea..fd8a9c879f 100644 --- a/sdk/rust/nym-sdk/src/mixnet/stream/mixnet_stream.rs +++ b/sdk/rust/nym-sdk/src/mixnet/stream/mixnet_stream.rs @@ -1,3 +1,6 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + //! Per-stream handle implementing `AsyncRead + AsyncWrite`. use std::pin::Pin; @@ -16,7 +19,9 @@ use nym_sphinx::params::PacketType; use nym_task::connections::TransmissionLane; use tokio_util::sync::PollSender; -use super::protocol::{encode_stream_message, StreamId, StreamMessageType}; +use nym_lp::packet::frame::SphinxStreamMsgType; + +use super::protocol::{encode_stream_message, StreamId}; use super::StreamMap; /// How to address outbound messages on this stream. @@ -45,6 +50,7 @@ pub struct MixnetStream { inbound_rx: mpsc::UnboundedReceiver>, read_buf: BytesMut, deregistered: bool, + next_seq: u32, } impl MixnetStream { @@ -71,6 +77,7 @@ impl MixnetStream { inbound_rx, read_buf: BytesMut::new(), deregistered: false, + next_seq: 0, } } @@ -98,6 +105,7 @@ impl MixnetStream { inbound_rx, read_buf, deregistered: false, + next_seq: 0, } } @@ -106,6 +114,17 @@ impl MixnetStream { self.id } + /// Receive a single message payload directly from the stream channel. + /// + /// Returns `None` on EOF (channel closed). Drains any leftover from + /// a prior `AsyncRead` call first. + pub async fn recv(&mut self) -> Option> { + if !self.read_buf.is_empty() { + return Some(self.read_buf.split().to_vec()); + } + self.inbound_rx.recv().await + } + /// Wrap `data` in the appropriate `InputMessage` for this stream's destination. fn make_input_message(&self, data: Vec) -> InputMessage { match &self.destination { @@ -177,7 +196,9 @@ impl AsyncWrite for MixnetStream { ready!(self.sender.poll_ready_unpin(cx)) .map_err(|_| std::io::Error::other("mixnet input channel closed"))?; - let wire = encode_stream_message(&self.id, StreamMessageType::Data, buf); + let seq = self.next_seq; + self.next_seq = self.next_seq.wrapping_add(1); + let wire = encode_stream_message(&self.id, SphinxStreamMsgType::Data, seq, buf); let msg = self.make_input_message(wire); self.sender diff --git a/sdk/rust/nym-sdk/src/mixnet/stream/mod.rs b/sdk/rust/nym-sdk/src/mixnet/stream/mod.rs index 2948837309..d3e85bd800 100644 --- a/sdk/rust/nym-sdk/src/mixnet/stream/mod.rs +++ b/sdk/rust/nym-sdk/src/mixnet/stream/mod.rs @@ -1,3 +1,6 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + //! Stream multiplexing for `MixnetClient`. //! //! A [`MixnetStream`] is a byte channel (`AsyncRead + AsyncWrite`) to a @@ -9,12 +12,12 @@ //! stream's channel (or to the listener for `Open` messages). mod mixnet_stream; -mod protocol; +pub(crate) mod protocol; pub use mixnet_stream::MixnetStream; pub use protocol::StreamId; -use std::collections::HashMap; +use std::collections::{BTreeMap, HashMap}; use std::sync::atomic::Ordering; use std::sync::Arc; use std::time::Duration; @@ -32,7 +35,8 @@ use nym_sphinx::addressing::clients::Recipient; use nym_sphinx::anonymous_replies::requests::AnonymousSenderTag; use nym_task::connections::TransmissionLane; -use protocol::{decode_stream_message, encode_stream_message, StreamMessageType}; +use nym_lp::packet::frame::SphinxStreamMsgType; +use protocol::{decode_stream_message, encode_stream_message}; use crate::mixnet::native_client::MixnetClient; use crate::{Error, Result}; @@ -46,11 +50,25 @@ pub(crate) const DEFAULT_STREAM_IDLE_TIMEOUT: Duration = Duration::from_secs(30 const MAX_CLEANUP_INTERVAL: Duration = Duration::from_secs(10); /// Per-stream state stored in the routing table. +/// +/// Reorder buffer uses the same BTreeMap pattern as `OrderedMessageBuffer` +/// (`common/socks5/ordered-buffer/`) but drains per-message instead of +/// concatenating, so `recv()` preserves message boundaries. struct StreamEntry { sender: mpsc::UnboundedSender>, last_activity: Instant, + next_seq: u32, + pending: BTreeMap>, } +/// Maximum number of out-of-order messages buffered per stream before we +/// skip ahead. Without this cap, a malicious sender that deliberately skips +/// a sequence number (e.g. never sends seq 1) could cause the buffer to +/// grow indefinitely while the drain loop waits for the missing seq. +/// The idle timeout only reaps *inactive* streams, so an actively-sending +/// attacker would bypass it. +const MAX_REORDER_BUFFER: usize = 256; + /// The shared stream routing table. /// /// Wraps the map of active streams behind an async mutex with focused @@ -75,6 +93,8 @@ impl StreamMap { StreamEntry { sender: tx, last_activity: Instant::now(), + next_seq: 0, + pending: BTreeMap::new(), }, ); rx @@ -94,17 +114,49 @@ impl StreamMap { }); } - /// Dispatch data to a stream's channel. Updates `last_activity` on - /// success. Removes the entry if the receiver has been dropped. - async fn send_to_stream(&self, stream_id: &StreamId, data: Vec) { + /// Buffer a message and flush any contiguous sequence to the channel. + /// Updates `last_activity` on success; removes the entry if the + /// receiver has been dropped. + async fn send_to_stream(&self, stream_id: &StreamId, seq: u32, data: Vec) { let mut map = self.inner.lock().await; let should_remove = if let Some(entry) = map.get_mut(stream_id) { - if entry.sender.send(data).is_err() { - true + if seq < entry.next_seq { + warn!( + "Stream {stream_id}: dropping old seq {seq} (expected >= {})", + entry.next_seq + ); } else { - entry.last_activity = Instant::now(); - false + entry.pending.insert(seq, data); } + + // If the buffer has grown too large, skip ahead to the lowest + // buffered seq so we don't accumulate unbounded memory. + if entry.pending.len() > MAX_REORDER_BUFFER { + if let Some(&lowest) = entry.pending.keys().next() { + warn!( + "Stream {stream_id}: reorder buffer overflow ({} pending), \ + skipping seq {} -> {lowest}", + entry.pending.len(), + entry.next_seq + ); + entry.next_seq = lowest; + } + } + + // Drain contiguous messages + let mut failed = false; + while let Some(msg) = entry.pending.remove(&entry.next_seq) { + if entry.sender.send(msg).is_err() { + failed = true; + break; + } + entry.next_seq += 1; + } + + if !failed { + entry.last_activity = Instant::now(); + } + failed } else { false }; @@ -230,20 +282,20 @@ async fn run_router( continue; }; - let stream_id = frame.header.stream_id; - match frame.header.message_type { - StreamMessageType::Open => { + let stream_id = frame.stream_id; + match frame.msg_type { + SphinxStreamMsgType::Open => { let _ = listener_tx.send(InboundOpen { stream_id, sender_tag: msg.sender_tag, initial_data: frame.data.to_vec(), }); } - StreamMessageType::Data => { + SphinxStreamMsgType::Data => { streams - .send_to_stream(&stream_id, frame.data.to_vec()) + .send_to_stream(&stream_id, frame.sequence_num, frame.data.to_vec()) .await; - } // TODO: if we decide we need close logic add another enum member + } } } } @@ -294,8 +346,10 @@ pub(crate) async fn open_stream( let stream_id = StreamId::random(); let rx = streams.register_stream(stream_id).await; - // Send Open to the peer - let wire = encode_stream_message(&stream_id, StreamMessageType::Open, &[]); + // Open message with seq=0. The receiver's reorder buffer starts at + // next_seq=0 so this could later carry an initial seq to resume a + // dropped stream from where it left off. + let wire = encode_stream_message(&stream_id, SphinxStreamMsgType::Open, 0, &[]); let msg = InputMessage::new_anonymous( recipient, wire, @@ -375,7 +429,7 @@ mod tests { tokio::time::advance(Duration::from_secs(8)).await; // Activity on the stream resets its timer - map.send_to_stream(&id, vec![1, 2, 3]).await; + map.send_to_stream(&id, 0, vec![1, 2, 3]).await; // Advance past the original timeout, but only 5s since last activity tokio::time::advance(Duration::from_secs(5)).await; @@ -401,4 +455,37 @@ mod tests { assert_eq!(map.inner.lock().await.len(), 1); } + + #[tokio::test] + async fn out_of_order_messages_delivered_in_sequence() { + let map = StreamMap::new(); + let id = StreamId::random(); + let mut rx = map.register_stream(id).await; + + // Send seq 2, 0, 1 out of order + map.send_to_stream(&id, 2, vec![20]).await; + map.send_to_stream(&id, 0, vec![0]).await; + + // seq 0 should be delivered now, but 2 is buffered (gap at 1) + assert_eq!(rx.recv().await.unwrap(), vec![0]); + + // Fill the gap — both 1 and 2 should flush + map.send_to_stream(&id, 1, vec![10]).await; + assert_eq!(rx.recv().await.unwrap(), vec![10]); + assert_eq!(rx.recv().await.unwrap(), vec![20]); + } + + #[tokio::test] + async fn duplicate_seq_is_dropped() { + let map = StreamMap::new(); + let id = StreamId::random(); + let mut rx = map.register_stream(id).await; + + map.send_to_stream(&id, 0, vec![0]).await; + map.send_to_stream(&id, 0, vec![99]).await; // duplicate, dropped + map.send_to_stream(&id, 1, vec![1]).await; + + assert_eq!(rx.recv().await.unwrap(), vec![0]); + assert_eq!(rx.recv().await.unwrap(), vec![1]); + } } diff --git a/sdk/rust/nym-sdk/src/mixnet/stream/protocol.rs b/sdk/rust/nym-sdk/src/mixnet/stream/protocol.rs index 0cd6891ee8..058e6c445d 100644 --- a/sdk/rust/nym-sdk/src/mixnet/stream/protocol.rs +++ b/sdk/rust/nym-sdk/src/mixnet/stream/protocol.rs @@ -1,24 +1,25 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: Apache-2.0 + //! Wire protocol for stream multiplexing. //! -//! Every message between streams carries a fixed header prepended to +//! Every message between streams carries an LP frame header prepended to //! the payload inside the mixnet message body: //! //! ```text -//! [Version: 1 byte][StreamId: 8 bytes][MessageType: 1 byte][payload: N bytes] +//! [LpFrameKind: 2 bytes LE][SphinxStreamFrameAttributes: 14 bytes][payload: N bytes] //! ``` //! -//! This header sits inside the sphinx packet payload. +//! The `SphinxStreamFrameAttributes` encode stream_id, message type, and sequence +//! number inside the LP header's `frame_attributes` field. This is the same +//! LP frame format used across the system (IPR detection, gateway dispatch). use std::fmt; -/// Current stream protocol version. -pub const STREAM_PROTOCOL_VERSION: u8 = 1; - -/// Length of a StreamId in bytes (u64, big-endian). -pub const STREAM_ID_LEN: usize = 8; - -/// Total header length: Version (1) + StreamId (8) + MessageType (1). -pub const STREAM_HEADER_LEN: usize = 1 + STREAM_ID_LEN + 1; +use bytes::BytesMut; +use nym_lp::packet::frame::{ + LpFrame, LpFrameHeader, LpFrameKind, SphinxStreamFrameAttributes, SphinxStreamMsgType, +}; /// Identifies a stream within a MixnetClient. #[derive(Clone, Copy, PartialEq, Eq, Hash)] @@ -29,12 +30,12 @@ impl StreamId { Self(rand::random::()) } - pub fn to_bytes(self) -> [u8; STREAM_ID_LEN] { - self.0.to_be_bytes() + pub fn as_u64(self) -> u64 { + self.0 } - pub fn from_bytes(bytes: [u8; STREAM_ID_LEN]) -> Self { - Self(u64::from_be_bytes(bytes)) + pub fn from_u64(v: u64) -> Self { + Self(v) } } @@ -50,88 +51,54 @@ impl fmt::Display for StreamId { } } -/// Message types within the stream protocol. -/// -/// Note: there is no Close variant. Without message sequencing, a close -/// message races ahead of in-flight data and arrives before the data is -/// reconstructed. Streams clean up locally via Drop. If ordered close/EOF -/// is needed in future, add sequencing + reorder buffering (see the -/// tcp_proxy's `MessageBuffer` for a working example). -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -#[repr(u8)] -pub enum StreamMessageType { - /// Open a new stream. Payload is optional initial data. - Open = 0, - /// Data on an existing stream. - Data = 1, -} - -impl StreamMessageType { - pub fn from_byte(b: u8) -> Option { - match b { - 0 => Some(Self::Open), - 1 => Some(Self::Data), - _ => None, - } - } -} - -/// The fixed-size header prepended to every stream message. -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub struct MixStreamHeader { - pub version: u8, - pub stream_id: StreamId, - pub message_type: StreamMessageType, -} - -/// A decoded stream frame: header + payload reference. +/// A decoded stream frame: LP header fields + payload reference. #[derive(Debug)] -pub struct MixStreamFrame<'a> { - pub header: MixStreamHeader, +pub struct StreamFrame<'a> { + pub stream_id: StreamId, + pub msg_type: SphinxStreamMsgType, + pub sequence_num: u32, pub data: &'a [u8], } -/// Encode a stream message: `[version][stream_id][msg_type][payload]`. +/// Encode a stream message as an LP frame: `[LpFrameHeader][payload]`. pub fn encode_stream_message( id: &StreamId, - msg_type: StreamMessageType, + msg_type: SphinxStreamMsgType, + sequence_num: u32, payload: &[u8], ) -> Vec { - let mut buf = Vec::with_capacity(STREAM_HEADER_LEN + payload.len()); - buf.push(STREAM_PROTOCOL_VERSION); - buf.extend_from_slice(&id.to_bytes()); - buf.push(msg_type as u8); - buf.extend_from_slice(payload); - buf + let attrs = SphinxStreamFrameAttributes { + stream_id: id.as_u64(), + msg_type, + sequence_num, + }; + let frame = LpFrame::new_stream(attrs, payload.to_vec()); + let mut buf = BytesMut::with_capacity(LpFrameHeader::SIZE + payload.len()); + frame.encode(&mut buf); + buf.to_vec() } -/// Decode a stream message into a [`MixStreamFrame`]. +/// Decode a stream message from LP frame bytes. /// -/// Returns `None` if the buffer is too short, the version is unknown, -/// or the message type byte is invalid. -pub fn decode_stream_message(bytes: &[u8]) -> Option> { - if bytes.len() < STREAM_HEADER_LEN { +/// Returns `None` if the buffer is too short, the frame kind is not `Stream`, +/// or the stream attributes are invalid. +pub fn decode_stream_message(bytes: &[u8]) -> Option> { + if bytes.len() < LpFrameHeader::SIZE { return None; } - let version = bytes[0]; - if version != STREAM_PROTOCOL_VERSION { + let header = LpFrameHeader::parse(bytes).ok()?; + if header.kind != LpFrameKind::SphinxStream { return None; } - let mut id_bytes = [0u8; STREAM_ID_LEN]; - id_bytes.copy_from_slice(&bytes[1..1 + STREAM_ID_LEN]); - let stream_id = StreamId::from_bytes(id_bytes); + let attrs = SphinxStreamFrameAttributes::parse(&header.frame_attributes).ok()?; + let data = &bytes[LpFrameHeader::SIZE..]; - let message_type = StreamMessageType::from_byte(bytes[1 + STREAM_ID_LEN])?; - let data = &bytes[STREAM_HEADER_LEN..]; - - Some(MixStreamFrame { - header: MixStreamHeader { - version, - stream_id, - message_type, - }, + Some(StreamFrame { + stream_id: StreamId::from_u64(attrs.stream_id), + msg_type: attrs.msg_type, + sequence_num: attrs.sequence_num, data, }) } @@ -144,11 +111,11 @@ mod tests { fn roundtrip() { let id = StreamId::random(); let payload = b"hello world"; - let encoded = encode_stream_message(&id, StreamMessageType::Data, payload); + let encoded = encode_stream_message(&id, SphinxStreamMsgType::Data, 42, payload); let frame = decode_stream_message(&encoded).unwrap(); - assert_eq!(frame.header.version, STREAM_PROTOCOL_VERSION); - assert_eq!(frame.header.stream_id, id); - assert_eq!(frame.header.message_type, StreamMessageType::Data); + assert_eq!(frame.stream_id, id); + assert_eq!(frame.msg_type, SphinxStreamMsgType::Data); + assert_eq!(frame.sequence_num, 42); assert_eq!(frame.data, payload); } @@ -158,41 +125,70 @@ mod tests { } #[test] - fn bad_version() { - let id = StreamId::random(); - let mut encoded = encode_stream_message(&id, StreamMessageType::Data, b"x"); - encoded[0] = 0xFF; - assert!(decode_stream_message(&encoded).is_none()); + fn wrong_frame_kind() { + // Opaque frame kind (0x00, 0x00) should not parse as stream + let mut buf = vec![0u8; LpFrameHeader::SIZE + 1]; + buf[LpFrameHeader::SIZE] = 0xAA; + assert!(decode_stream_message(&buf).is_none()); } #[test] - fn bad_message_type() { - let mut buf = [0u8; STREAM_HEADER_LEN]; - buf[0] = STREAM_PROTOCOL_VERSION; - buf[1 + STREAM_ID_LEN] = 0xFF; - assert!(decode_stream_message(&buf).is_none()); + fn bad_msg_type() { + let id = StreamId::random(); + let mut encoded = encode_stream_message(&id, SphinxStreamMsgType::Data, 0, b"x"); + // msg_type is at byte offset 2 + 8 = 10 (inside frame_attributes) + encoded[10] = 0xFF; + assert!(decode_stream_message(&encoded).is_none()); } #[test] fn empty_payload() { let id = StreamId::random(); - let encoded = encode_stream_message(&id, StreamMessageType::Open, &[]); + let encoded = encode_stream_message(&id, SphinxStreamMsgType::Open, 0, &[]); let frame = decode_stream_message(&encoded).unwrap(); - assert_eq!(frame.header.message_type, StreamMessageType::Open); + assert_eq!(frame.msg_type, SphinxStreamMsgType::Open); + assert_eq!(frame.sequence_num, 0); assert!(frame.data.is_empty()); } #[test] fn header_wire_format() { - let id = StreamId::from_bytes([0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77]); - let encoded = encode_stream_message(&id, StreamMessageType::Open, &[0xAA]); - assert_eq!(encoded.len(), STREAM_HEADER_LEN + 1); - assert_eq!(encoded[0], STREAM_PROTOCOL_VERSION); + let id = StreamId::from_u64(0x0011223344556677); + let encoded = encode_stream_message(&id, SphinxStreamMsgType::Open, 1, &[0xAA]); + + // LpFrameHeader::SIZE (16) + 1 byte payload + assert_eq!(encoded.len(), LpFrameHeader::SIZE + 1); + + // First 2 bytes: LpFrameKind::SphinxStream = 3, LE + assert_eq!(encoded[0], 0x03); + assert_eq!(encoded[1], 0x00); + + // Bytes 2..10: stream_id BE assert_eq!( - &encoded[1..9], + &encoded[2..10], &[0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77] ); - assert_eq!(encoded[9], StreamMessageType::Open as u8); - assert_eq!(encoded[10], 0xAA); + + // Byte 10: msg_type = Open = 0 + assert_eq!(encoded[10], SphinxStreamMsgType::Open as u8); + + // Bytes 11..15: sequence_num = 1, BE + assert_eq!(&encoded[11..15], &[0x00, 0x00, 0x00, 0x01]); + + // Byte 15: reserved = 0 + assert_eq!(encoded[15], 0x00); + + // Byte 16: payload + assert_eq!(encoded[16], 0xAA); + } + + #[test] + fn sequence_num_roundtrip() { + let id = StreamId::random(); + for seq in [0, 1, 255, 65535, u32::MAX] { + let encoded = encode_stream_message(&id, SphinxStreamMsgType::Data, seq, b"test"); + let frame = decode_stream_message(&encoded).unwrap(); + assert_eq!(frame.sequence_num, seq); + } } } diff --git a/sdk/typescript/scripts/publish.sh b/sdk/typescript/scripts/publish.sh index d03fe73942..b46579dc86 100755 --- a/sdk/typescript/scripts/publish.sh +++ b/sdk/typescript/scripts/publish.sh @@ -23,12 +23,12 @@ cd dist #react/sdk-react #) packages=( -"wasm/client" +# "wasm/client" "wasm/mix-fetch" -"wasm/node-tester" -"wasm/extension-storage" +# "wasm/node-tester" +# "wasm/extension-storage" -"node/wasm/client" +# "node/wasm/client" #"node/wasm/mix-fetch" "ts/sdk/mix-fetch/cjs" @@ -36,18 +36,18 @@ packages=( "ts/sdk/mix-fetch/esm" "ts/sdk/mix-fetch/esm-full-fat" -"ts/sdk/nodejs-client/cjs" +# "ts/sdk/nodejs-client/cjs" "ts/sdk/mix-fetch-node/cjs" -"ts/sdk/node-tester/cjs" -"ts/sdk/node-tester/cjs-full-fat" -"ts/sdk/node-tester/esm" -"ts/sdk/node-tester/esm-full-fat" +# "ts/sdk/node-tester/cjs" +# "ts/sdk/node-tester/cjs-full-fat" +# "ts/sdk/node-tester/esm" +# "ts/sdk/node-tester/esm-full-fat" -"ts/sdk/sdk/cjs" -"ts/sdk/sdk/cjs-full-fat" -"ts/sdk/sdk/esm" -"ts/sdk/sdk/esm-full-fat" +# "ts/sdk/sdk/cjs" +# "ts/sdk/sdk/cjs-full-fat" +# "ts/sdk/sdk/esm" +# "ts/sdk/sdk/esm-full-fat" #"ts/sdk/contract-clients" ) diff --git a/service-providers/ip-packet-router/Cargo.toml b/service-providers/ip-packet-router/Cargo.toml index 5e3340871f..fdb12ae514 100644 --- a/service-providers/ip-packet-router/Cargo.toml +++ b/service-providers/ip-packet-router/Cargo.toml @@ -26,7 +26,7 @@ nym-crypto = { workspace = true } nym-exit-policy = { workspace = true } nym-id = { workspace = true } nym-ip-packet-requests = { workspace = true } -nym-kcp = { path = "../../common/nym-kcp" } # TODO MAX add to workspace dependencies +nym-lp = { workspace = true } nym-network-defaults = { workspace = true } nym-network-requester = { path = "../network-requester" } nym-sdk = { workspace = true } diff --git a/service-providers/ip-packet-router/src/clients/connected_client_handler.rs b/service-providers/ip-packet-router/src/clients/connected_client_handler.rs index ba9f9b3290..e44b543276 100644 --- a/service-providers/ip-packet-router/src/clients/connected_client_handler.rs +++ b/service-providers/ip-packet-router/src/clients/connected_client_handler.rs @@ -1,6 +1,7 @@ // Copyright 2025 - Nym Technologies SA // SPDX-License-Identifier: GPL-3.0-only +use std::sync::atomic::{AtomicU32, Ordering}; use std::time::Duration; use bytes::{Bytes, BytesMut}; @@ -9,6 +10,10 @@ use nym_ip_packet_requests::{ v6::response::IpPacketResponse as IpPacketResponseV6, v7::response::IpPacketResponse as IpPacketResponseV7, v8::response::IpPacketResponse as IpPacketResponseV8, + v9, +}; +use nym_lp::packet::frame::{ + LpFrame, LpFrameHeader, SphinxStreamFrameAttributes, SphinxStreamMsgType, }; use nym_sdk::mixnet::{ InputMessage, MixnetClientSender, MixnetMessageSender, MixnetMessageSinkTranslator, @@ -26,6 +31,19 @@ use crate::{ messages::ClientVersion, }; +/// Encode a payload inside an LP Stream frame: `[LpFrameHeader][payload]`. +pub(crate) fn encode_stream_frame(stream_id: u64, sequence_num: u32, payload: Vec) -> Vec { + let attrs = SphinxStreamFrameAttributes { + stream_id, + msg_type: SphinxStreamMsgType::Data, + sequence_num, + }; + let frame = LpFrame::new_stream(attrs, payload); + let mut buf = BytesMut::with_capacity(LpFrameHeader::SIZE + frame.content.len()); + frame.encode(&mut buf); + buf.to_vec() +} + // Data flow // Out: mixnet_listener -> decode -> handle_packet -> write_to_tun // In: tun_listener -> [connected_client_handler -> encode] -> mixnet_sender @@ -64,6 +82,7 @@ impl ConnectedClientHandler { buffer_timeout: Duration, client_version: ClientVersion, mixnet_client_sender: MixnetClientSender, + stream_id: Option, ) -> ( mpsc::UnboundedSender>, oneshot::Sender<()>, @@ -71,6 +90,9 @@ impl ConnectedClientHandler { ) { log::debug!("Starting connected client handler for: {client_id}"); log::debug!("client version: {client_version:?}"); + if let Some(sid) = stream_id { + log::debug!("LP Stream mode: stream_id={sid:#018x}"); + } let (close_tx, close_rx) = oneshot::channel(); let (forward_from_tun_tx, forward_from_tun_rx) = mpsc::unbounded_channel(); @@ -86,6 +108,13 @@ impl ConnectedClientHandler { let input_message_creator = ToIprDataResponse { send_to: client_id.clone(), client_version, + stream_id, + // Start at 1 — seq=0 is reserved for inline control responses + // (connect handshake, pong, health) sent by + // handle_stream_response() in mixnet_listener.rs. + // The skip-on-wrap logic in to_input_message() ensures we never + // emit seq=0 from the data path either. + next_response_seq: AtomicU32::new(1), }; let connected_client_handler = ConnectedClientHandler { @@ -189,15 +218,21 @@ fn create_ip_packet_response( ClientVersion::V6 => IpPacketResponseV6::new_ip_packet(packets).to_bytes(), ClientVersion::V7 => IpPacketResponseV7::new_ip_packet(packets).to_bytes(), ClientVersion::V8 => IpPacketResponseV8::new_ip_packet(packets).to_bytes(), + ClientVersion::V9 => v9::new_ip_packet_response(packets).to_bytes(), } } -// This struct is used by the sink to translate the the bundled IP packets into a IPR packet -// responses that can be sent to the mixnet. -#[derive(Clone, Debug)] +// This struct is used by the sink to translate the bundled IP packets into IPR packet +// responses that can be sent to the mixnet. When `stream_id` is set, responses are +// wrapped in LP Stream frames so the client's stream router can dispatch them. +#[derive(Debug)] struct ToIprDataResponse { send_to: ConnectedClientId, client_version: ClientVersion, + /// When Some, wrap responses in LP Stream frames with this stream_id. + stream_id: Option, + /// Sequence number for LP Stream response frames. + next_response_seq: AtomicU32, } impl MixnetMessageSinkTranslator for ToIprDataResponse { @@ -205,12 +240,24 @@ impl MixnetMessageSinkTranslator for ToIprDataResponse { &self, bundled_ip_packets: &[u8], ) -> std::result::Result { - // Create a IPR packet response that the recipient can understand let response_packet = create_ip_packet_response(bundled_ip_packets, self.client_version)?; - // Wrap the response packet in a mixnet input message + // Optionally wrap in LP Stream frame for stream-mode clients. + // Seq counter starts at 1 and skips 0 on wrap-around because seq=0 + // is used by handle_stream_response() for inline control responses + // (see comment in mixnet_listener.rs for the full story). + let final_packet = if let Some(stream_id) = self.stream_id { + let mut seq = self.next_response_seq.fetch_add(1, Ordering::Relaxed); + if seq == 0 { + seq = self.next_response_seq.fetch_add(1, Ordering::Relaxed); + } + encode_stream_frame(stream_id, seq, response_packet) + } else { + response_packet + }; + let input_message = - crate::util::create_message::create_input_message(&self.send_to, response_packet) + crate::util::create_message::create_input_message(&self.send_to, final_packet) .with_max_retransmissions(0); Ok(input_message) @@ -282,6 +329,8 @@ mod tests { let bytes_to_input_message = ToIprDataResponse { send_to: client_id.clone(), client_version, + stream_id: None, + next_response_seq: AtomicU32::new(0), }; let mixnet_ip_packet_sender = MixnetMessageSink::new_with_custom_translator( diff --git a/service-providers/ip-packet-router/src/clients/mod.rs b/service-providers/ip-packet-router/src/clients/mod.rs index fc6b39a359..1be30a4fa9 100644 --- a/service-providers/ip-packet-router/src/clients/mod.rs +++ b/service-providers/ip-packet-router/src/clients/mod.rs @@ -6,7 +6,7 @@ mod connected_client_handler; mod connected_clients; pub(crate) use client_id::ConnectedClientId; -pub(crate) use connected_client_handler::ConnectedClientHandler; +pub(crate) use connected_client_handler::{ConnectedClientHandler, encode_stream_frame}; pub(crate) use connected_clients::{ ConnectEvent, ConnectedClientEvent, ConnectedClients, DisconnectEvent, }; diff --git a/service-providers/ip-packet-router/src/error.rs b/service-providers/ip-packet-router/src/error.rs index b77b641455..ed1ca47263 100644 --- a/service-providers/ip-packet-router/src/error.rs +++ b/service-providers/ip-packet-router/src/error.rs @@ -117,8 +117,8 @@ pub enum IpPacketRouterError { #[error("failed to deserialize protocol: {source}")] FailedToDeserializeProtocol { source: ProtocolError }, - #[error("KCP protocol error: {0}")] - KcpError(String), + #[error("{0}")] + Other(String), } pub type Result = std::result::Result; diff --git a/service-providers/ip-packet-router/src/ip_packet_router.rs b/service-providers/ip-packet-router/src/ip_packet_router.rs index 084adb4009..13d5a7f6a8 100644 --- a/service-providers/ip-packet-router/src/ip_packet_router.rs +++ b/service-providers/ip-packet-router/src/ip_packet_router.rs @@ -180,7 +180,6 @@ impl IpPacketRouter { mixnet_client, shutdown_token: self.shutdown.clone_shutdown_token(), connected_clients, - kcp_session_manager: crate::kcp_session_manager::KcpSessionManager::new(), }; log::info!("The address of this client is: {self_address}"); diff --git a/service-providers/ip-packet-router/src/kcp_session_manager.rs b/service-providers/ip-packet-router/src/kcp_session_manager.rs deleted file mode 100644 index 9175f5d44e..0000000000 --- a/service-providers/ip-packet-router/src/kcp_session_manager.rs +++ /dev/null @@ -1,504 +0,0 @@ -// Copyright 2025 - Nym Technologies SA -// SPDX-License-Identifier: GPL-3.0-only - -#![allow(unused)] - -//! KCP Session Manager for LP clients at the exit gateway. -//! -//! This module sits between Sphinx unwrapping and IPR message processing. -//! It maintains per-client KCP state (keyed by conv_id from KCP packets), -//! reassembles KCP fragments into complete messages, and wraps responses -//! in KCP for SURB replies. -//! -//! # Architecture -//! -//! ```text -//! Mixnet → [Sphinx unwrap] → [KCP Session Manager] → [IPR message handling] -//! ↓ -//! KCP sessions per conv_id -//! ↓ -//! Reassemble fragments → DataRequest -//! ``` -//! -//! # Design Notes -//! -//! - Conv ID is extracted from the first 4 bytes of KCP packet data -//! - SURBs are stored per conv_id for sending replies -//! - Pattern follows `nym-lp-node::Node` from lewes-protocol - -use bytes::BytesMut; -use nym_kcp::driver::KcpDriver; -use nym_kcp::packet::KcpPacket; -use nym_kcp::session::KcpSession; -use nym_sphinx::anonymous_replies::ReplySurb; -use nym_sphinx::anonymous_replies::requests::AnonymousSenderTag; -use std::collections::{HashMap, VecDeque}; -use std::time::{Duration, Instant}; - -use crate::error::IpPacketRouterError; - -/// Default session timeout (5 minutes, matching IPR client timeout) -const SESSION_TIMEOUT: Duration = Duration::from_secs(300); - -/// Maximum concurrent KCP sessions per exit gateway -const MAX_SESSIONS: usize = 10000; - -/// State for a single KCP session -struct KcpSessionState { - driver: KcpDriver, - /// SURBs for sending replies back to this client - surbs: VecDeque, - /// Last activity timestamp - last_activity: Instant, - /// The sender tag associated with this session (for logging/debugging) - sender_tag: Option, -} - -impl KcpSessionState { - fn new(conv_id: u32) -> Self { - let session = KcpSession::new(conv_id); - Self { - driver: KcpDriver::new(session), - surbs: VecDeque::new(), - last_activity: Instant::now(), - sender_tag: None, - } - } - - fn touch(&mut self) { - self.last_activity = Instant::now(); - } - - fn is_expired(&self, timeout: Duration) -> bool { - self.last_activity.elapsed() > timeout - } - - fn add_surbs(&mut self, surbs: Vec) { - self.surbs.extend(surbs); - } - - fn take_surb(&mut self) -> Option { - self.surbs.pop_front() - } - - fn surb_count(&self) -> usize { - self.surbs.len() - } -} - -/// KCP Session Manager maintains per-client KCP state for LP clients. -/// -/// It intercepts incoming Sphinx payloads containing KCP data, extracts KCP frames, -/// reassembles them into complete messages, and returns the assembled data for IPR processing. -/// -/// Sessions are keyed by `conv_id` (first 4 bytes of KCP packet), which is derived -/// by clients from their local and remote addresses. -pub struct KcpSessionManager { - /// KCP sessions keyed by conv_id (from KCP packet header) - sessions: HashMap, - /// Session timeout duration - timeout: Duration, - /// Maximum number of sessions - max_sessions: usize, -} - -/// Result of processing incoming KCP data from a client -pub(crate) struct KcpProcessingResult { - /// The conv_id extracted from the KCP packet - pub(crate) conversation_id: u32, - - /// Vector of decoded KCP packets (for inspection/logging) - pub(crate) decoded_packets: Vec, - - /// Vector of complete reassembled messages ready for IPR processing - pub(crate) reassembled_messages: Vec>, -} - -impl Default for KcpSessionManager { - fn default() -> Self { - Self::new() - } -} - -impl KcpSessionManager { - /// Create a new KCP Session Manager with default settings - pub fn new() -> Self { - Self { - sessions: HashMap::new(), - timeout: SESSION_TIMEOUT, - max_sessions: MAX_SESSIONS, - } - } - - /// Create a new KCP Session Manager with custom settings - pub fn with_config(timeout: Duration, max_sessions: usize) -> Self { - Self { - sessions: HashMap::new(), - timeout, - max_sessions, - } - } - - /// Process incoming KCP data from a client. - /// - /// Takes raw KCP-encoded data (from a RepliableMessage). The conv_id is extracted - /// from the first 4 bytes of the KCP data. - /// - /// # Arguments - /// * `kcp_data` - Raw KCP packet data (conv_id is in first 4 bytes) - /// * `reply_surbs` - SURBs attached to the message for sending replies - /// * `sender_tag` - The anonymous sender tag (for logging/association) - /// * `current_time_ms` - Current time in milliseconds for KCP timing - /// - /// # Returns - /// A tuple containing: - /// - The conv_id extracted from the KCP packet - /// - A vector of decoded KCP packets (for inspection/logging) - /// - A vector of complete reassembled messages ready for IPR processing - pub fn process_incoming( - &mut self, - kcp_data: &[u8], - reply_surbs: Vec, - sender_tag: Option, - current_time_ms: u64, - ) -> Result { - if kcp_data.len() < 4 { - return Err(IpPacketRouterError::KcpError( - "KCP data too short to contain conv_id".to_string(), - )); - } - - // Extract conv_id from first 4 bytes of KCP packet - let conv_id = u32::from_le_bytes([kcp_data[0], kcp_data[1], kcp_data[2], kcp_data[3]]); - - // Get or create session - self.ensure_session(conv_id, sender_tag)?; - - let session = self - .sessions - .get_mut(&conv_id) - .ok_or_else(|| IpPacketRouterError::KcpError("Session not found".to_string()))?; - - session.touch(); - - // Store SURBs for later replies - session.add_surbs(reply_surbs); - - // Input the KCP data and get decoded packets - let decoded_packets = match session.driver.input(kcp_data) { - Ok(pkts) => pkts, - Err(e) => { - log::warn!("KCP input error for conv_id {}: {}", conv_id, e); - return Err(IpPacketRouterError::KcpError(e.to_string())); - } - }; - - // Update KCP state machine - session.driver.update(current_time_ms); - - // Collect any complete messages - let incoming_messages: Vec> = session - .driver - .fetch_incoming() - .into_iter() - .map(|buf| buf.to_vec()) - .collect(); - - Ok(KcpProcessingResult { - conversation_id: conv_id, - decoded_packets, - reassembled_messages: incoming_messages, - }) - } - - /// Wrap outgoing data in KCP for sending via SURB. - /// - /// # Arguments - /// * `conv_id` - The conversation ID - /// * `data` - The data to wrap in KCP - /// * `current_time_ms` - Current time in milliseconds for KCP timing - /// - /// # Returns - /// KCP-encoded packets ready to send - pub fn wrap_response( - &mut self, - conv_id: u32, - data: &[u8], - current_time_ms: u64, - ) -> Result, IpPacketRouterError> { - let session = self - .sessions - .get_mut(&conv_id) - .ok_or_else(|| IpPacketRouterError::KcpError("No session for conv_id".to_string()))?; - - session.touch(); - - // Queue the data for sending - session.driver.send(data); - - // Update to generate outgoing packets - session.driver.update(current_time_ms); - - // Fetch outgoing KCP packets and encode - let packets = session.driver.fetch_outgoing(); - let mut buf = BytesMut::new(); - for pkt in packets { - pkt.encode(&mut buf); - } - - Ok(buf.to_vec()) - } - - /// Take a SURB for sending a reply to a client. - /// - /// # Arguments - /// * `conv_id` - The conversation ID - /// - /// # Returns - /// A SURB if available, None otherwise - pub fn take_surb(&mut self, conv_id: u32) -> Option { - self.sessions.get_mut(&conv_id)?.take_surb() - } - - /// Get the number of available SURBs for a session - pub fn surb_count(&self, conv_id: u32) -> usize { - self.sessions - .get(&conv_id) - .map(|s| s.surb_count()) - .unwrap_or(0) - } - - /// Get the sender_tag associated with a session. - /// - /// Returns None if the session doesn't exist or has no sender_tag. - pub fn get_sender_tag(&self, conv_id: u32) -> Option { - self.sessions.get(&conv_id)?.sender_tag - } - - /// Fetch any pending outgoing KCP packets for a specific session. - /// - /// This is used to send immediate ACKs after receiving packets, - /// rather than waiting for the periodic tick. - pub fn fetch_outgoing_for_conv( - &mut self, - conv_id: u32, - current_time_ms: u64, - ) -> Option> { - let session = self.sessions.get_mut(&conv_id)?; - session.driver.update(current_time_ms); - let packets = session.driver.fetch_outgoing(); - - if packets.is_empty() { - return None; - } - - let mut buf = BytesMut::new(); - for pkt in packets { - pkt.encode(&mut buf); - } - Some(buf.to_vec()) - } - - /// Periodic update for all sessions. - /// - /// This should be called periodically (e.g., every 10-100ms) to: - /// - Drive KCP state machines (retransmissions, etc.) - /// - Clean up expired sessions - /// - /// Returns a list of (conv_id, outgoing_data) pairs for any sessions - /// that have pending outgoing packets. - pub fn tick(&mut self, current_time_ms: u64) -> Vec<(u32, Vec)> { - let mut outgoing = Vec::new(); - - for (&conv_id, session) in self.sessions.iter_mut() { - session.driver.update(current_time_ms); - let packets = session.driver.fetch_outgoing(); - - if !packets.is_empty() { - let mut buf = BytesMut::new(); - for pkt in packets { - pkt.encode(&mut buf); - } - outgoing.push((conv_id, buf.to_vec())); - } - } - - // Clean up expired sessions - self.cleanup_expired(); - - outgoing - } - - /// Remove expired sessions. - pub fn cleanup_expired(&mut self) { - let timeout = self.timeout; - self.sessions.retain(|conv_id, state| { - let expired = state.is_expired(timeout); - if expired { - log::debug!("Removing expired KCP session for conv_id {}", conv_id); - } - !expired - }); - } - - /// Get the number of active sessions - pub fn session_count(&self) -> usize { - self.sessions.len() - } - - /// Check if a session exists for the given conv_id - pub fn has_session(&self, conv_id: u32) -> bool { - self.sessions.contains_key(&conv_id) - } - - /// Ensure a session exists for the given conv_id, creating one if needed - fn ensure_session( - &mut self, - conv_id: u32, - sender_tag: Option, - ) -> Result<(), IpPacketRouterError> { - if self.sessions.contains_key(&conv_id) { - // Update sender_tag if provided - if let Some(tag) = sender_tag - && let Some(session) = self.sessions.get_mut(&conv_id) - { - session.sender_tag = Some(tag); - } - - return Ok(()); - } - - // Check session limit - if self.sessions.len() >= self.max_sessions { - // Try to clean up expired sessions first - self.cleanup_expired(); - - // Still at limit? - if self.sessions.len() >= self.max_sessions { - return Err(IpPacketRouterError::KcpError( - "Maximum KCP sessions reached".to_string(), - )); - } - } - - log::debug!("Creating new KCP session for conv_id {}", conv_id); - let mut state = KcpSessionState::new(conv_id); - state.sender_tag = sender_tag; - self.sessions.insert(conv_id, state); - - Ok(()) - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_session_creation() { - let mut manager = KcpSessionManager::new(); - - assert!(!manager.has_session(12345)); - assert_eq!(manager.session_count(), 0); - - // Create a minimal KCP packet (just conv_id) - let conv_id: u32 = 12345; - let mut kcp_data = conv_id.to_le_bytes().to_vec(); - // Add minimal header padding to make it look like a packet - kcp_data.extend_from_slice(&[0u8; 21]); // KCP header is 25 bytes total - - // Processing data should create a session - let result = manager.process_incoming(&kcp_data, vec![], None, 0); - // May error due to invalid KCP packet, but session should be created - let _ = result; - - assert!(manager.has_session(conv_id)); - assert_eq!(manager.session_count(), 1); - } - - #[test] - fn test_session_expiry() { - let mut manager = KcpSessionManager::with_config(Duration::from_millis(10), 100); - let conv_id: u32 = 99999; - - // Create session directly - manager.ensure_session(conv_id, None).unwrap(); - assert!(manager.has_session(conv_id)); - - // Wait for expiry - std::thread::sleep(Duration::from_millis(20)); - - manager.cleanup_expired(); - assert!(!manager.has_session(conv_id)); - } - - #[test] - fn test_max_sessions_limit() { - let mut manager = KcpSessionManager::with_config(Duration::from_secs(300), 2); - - manager.ensure_session(1, None).unwrap(); - manager.ensure_session(2, None).unwrap(); - - assert_eq!(manager.session_count(), 2); - - // Third session should fail - let result = manager.ensure_session(3, None); - assert!(result.is_err()); - } - - #[test] - fn test_kcp_roundtrip() { - use nym_kcp::driver::KcpDriver; - use nym_kcp::session::KcpSession; - - let mut manager = KcpSessionManager::new(); - let conv_id: u32 = 42424242; - - // Create a "client" KCP session to send data - let client_session = KcpSession::new(conv_id); - let mut client_driver = KcpDriver::new(client_session); - - // Client sends a message - let message = b"Hello, IPR via KCP!"; - client_driver.send(message); - client_driver.update(100); - - // Get the KCP packets from the client - let outgoing = client_driver.fetch_outgoing(); - assert!(!outgoing.is_empty(), "Client should produce KCP packets"); - - // Encode packets - let mut kcp_data = BytesMut::new(); - for pkt in outgoing { - pkt.encode(&mut kcp_data); - } - - // Feed to the session manager - let res = manager - .process_incoming(&kcp_data, vec![], None, 100) - .expect("process_incoming should succeed"); - - // Verify conv_id was extracted correctly - assert_eq!(res.conversation_id, conv_id); - - // Should have received the complete message - assert_eq!(res.reassembled_messages.len(), 1); - assert_eq!(res.reassembled_messages[0], message); - } - - #[test] - fn test_surb_storage() { - let mut manager = KcpSessionManager::new(); - let conv_id: u32 = 11111; - - // Create session - manager.ensure_session(conv_id, None).unwrap(); - - // Initially no SURBs - assert_eq!(manager.surb_count(conv_id), 0); - assert!(manager.take_surb(conv_id).is_none()); - - // Note: We can't easily create ReplySurbs in tests without complex setup, - // but the storage mechanism is tested via the session state - } -} diff --git a/service-providers/ip-packet-router/src/lib.rs b/service-providers/ip-packet-router/src/lib.rs index 7810b07e74..fe66577b22 100644 --- a/service-providers/ip-packet-router/src/lib.rs +++ b/service-providers/ip-packet-router/src/lib.rs @@ -17,7 +17,6 @@ pub(crate) mod non_linux_dummy; mod clients; mod constants; mod ip_packet_router; -mod kcp_session_manager; mod mixnet_client; mod mixnet_listener; mod tun_listener; diff --git a/service-providers/ip-packet-router/src/messages/mod.rs b/service-providers/ip-packet-router/src/messages/mod.rs index a695fc5e2f..392e590186 100644 --- a/service-providers/ip-packet-router/src/messages/mod.rs +++ b/service-providers/ip-packet-router/src/messages/mod.rs @@ -9,6 +9,7 @@ pub(crate) enum ClientVersion { V6, V7, V8, + V9, } impl ClientVersion { @@ -17,6 +18,7 @@ impl ClientVersion { ClientVersion::V6 => 6, ClientVersion::V7 => 7, ClientVersion::V8 => 8, + ClientVersion::V9 => 9, } } } diff --git a/service-providers/ip-packet-router/src/messages/request.rs b/service-providers/ip-packet-router/src/messages/request.rs index 9f5704fb40..0f8419e5e1 100644 --- a/service-providers/ip-packet-router/src/messages/request.rs +++ b/service-providers/ip-packet-router/src/messages/request.rs @@ -4,6 +4,7 @@ mod v6; mod v7; mod v8; +mod v9; use nym_ip_packet_requests::{ IpPair, v6::request::IpPacketRequest as IpPacketRequestV6, @@ -129,6 +130,16 @@ impl TryFrom<&ReconstructedMessage> for IpPacketRequest { .ok_or(IpPacketRouterError::MissingSenderTag)?; Ok(IpPacketRequest::from((request_v8, sender_tag))) } + 9 => { + let request_v8 = IpPacketRequestV8::from_reconstructed_message(reconstructed) + .map_err( + |source| IpPacketRouterError::FailedToDeserializeTaggedPacket { source }, + )?; + let sender_tag = reconstructed + .sender_tag + .ok_or(IpPacketRouterError::MissingSenderTag)?; + Ok(v9::convert(request_v8, sender_tag)) + } _ => { log::info!("Received packet with invalid version: v{request_version}"); Err(IpPacketRouterError::InvalidPacketVersion(request_version)) @@ -137,6 +148,21 @@ impl TryFrom<&ReconstructedMessage> for IpPacketRequest { } } +impl IpPacketRequest { + pub(crate) fn version(&self) -> ClientVersion { + match self { + IpPacketRequest::Data(r) => r.version, + IpPacketRequest::Control(c) => match c { + ControlRequest::StaticConnect(r) => r.version, + ControlRequest::DynamicConnect(r) => r.version, + ControlRequest::Disconnect(r) => r.version, + ControlRequest::Ping(r) => r.version, + ControlRequest::Health(r) => r.version, + }, + } + } +} + impl fmt::Display for IpPacketRequest { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { diff --git a/service-providers/ip-packet-router/src/messages/request/v9.rs b/service-providers/ip-packet-router/src/messages/request/v9.rs new file mode 100644 index 0000000000..317fd9b458 --- /dev/null +++ b/service-providers/ip-packet-router/src/messages/request/v9.rs @@ -0,0 +1,27 @@ +// Copyright 2025 - Nym Technologies SA +// SPDX-License-Identifier: GPL-3.0-only + +use nym_ip_packet_requests::v8::request::{ + IpPacketRequest as IpPacketRequestV8, IpPacketRequestData as IpPacketRequestDataV8, +}; +use nym_sdk::mixnet::AnonymousSenderTag; + +use super::{ClientVersion, IpPacketRequest}; + +// v9 uses the same wire format as v8, so we reuse the v8 deserialization +// and just tag the result with ClientVersion::V9. +// +// We cannot implement From<(IpPacketRequestV8, AnonymousSenderTag)> again +// because v8.rs already has that impl (same concrete types). +pub(crate) fn convert( + request: IpPacketRequestV8, + sender_tag: AnonymousSenderTag, +) -> IpPacketRequest { + let version = ClientVersion::V9; + match request.data { + IpPacketRequestDataV8::Data(inner) => IpPacketRequest::Data((inner, version).into()), + IpPacketRequestDataV8::Control(inner) => { + IpPacketRequest::Control((*inner, sender_tag, version).into()) + } + } +} diff --git a/service-providers/ip-packet-router/src/messages/response.rs b/service-providers/ip-packet-router/src/messages/response.rs index 56b6680500..4801983f48 100644 --- a/service-providers/ip-packet-router/src/messages/response.rs +++ b/service-providers/ip-packet-router/src/messages/response.rs @@ -130,6 +130,7 @@ impl VersionedResponse { ClientVersion::V6 => IpPacketResponseV6::try_from(self)?.to_bytes(), ClientVersion::V7 => IpPacketResponseV7::try_from(self)?.to_bytes(), ClientVersion::V8 => IpPacketResponseV8::try_from(self)?.to_bytes(), + ClientVersion::V9 => IpPacketResponseV8::try_from(self)?.to_bytes(), } .map_err(|err| IpPacketRouterError::FailedToSerializeResponsePacket { source: err }) } diff --git a/service-providers/ip-packet-router/src/mixnet_listener.rs b/service-providers/ip-packet-router/src/mixnet_listener.rs index fc5b2b20d6..fa25adbf71 100644 --- a/service-providers/ip-packet-router/src/mixnet_listener.rs +++ b/service-providers/ip-packet-router/src/mixnet_listener.rs @@ -6,7 +6,6 @@ use crate::{ config::Config, constants::DISCONNECT_TIMER_INTERVAL, error::{IpPacketRouterError, Result}, - kcp_session_manager::KcpSessionManager, messages::{ ClientVersion, request::{ @@ -24,6 +23,7 @@ use crate::{ }; use futures::StreamExt; use nym_ip_packet_requests::codec::MultiIpPacketCodec; +use nym_lp::packet::frame::{LpFrameHeader, LpFrameKind, SphinxStreamFrameAttributes}; use nym_sdk::mixnet::MixnetMessageSender; use nym_sphinx::receiver::ReconstructedMessage; use nym_task::ShutdownToken; @@ -31,9 +31,6 @@ use std::{net::SocketAddr, time::Duration}; use tokio::io::AsyncWriteExt; use tokio_util::codec::FramedRead; -/// KCP tick interval for session updates (retransmissions, ACKs, cleanup) -const KCP_TICK_INTERVAL: Duration = Duration::from_millis(10); - #[cfg(not(target_os = "linux"))] type TunDevice = crate::non_linux_dummy::DummyDevice; @@ -60,45 +57,6 @@ pub(crate) struct MixnetListener { // The map of connected clients that the mixnet listener keeps track of. It monitors // activity and disconnects clients that have been inactive for too long. pub(crate) connected_clients: ConnectedClients, - - // KCP session manager for LP clients sending KCP-wrapped messages - pub(crate) kcp_session_manager: KcpSessionManager, -} - -/// Check if a message payload appears to be KCP-wrapped. -/// -/// KCP packets have a 25-byte header with the command byte at position 4. -/// Valid KCP commands are: Push(81), Ack(82), Wask(83), Wins(84). -/// -/// This is distinguishable from IPR protocol messages which have: -/// - Version byte at position 0: 6, 7, or 8 -/// - ServiceProviderType at position 1: 0, 1, or 2 (for v8+) -/// -/// We use a two-step heuristic: -/// 1. Exclude messages that look like IPR protocol headers -/// 2. Check if byte 4 contains a valid KCP command (81-84) -/// -/// See: `Protocol::try_from` in service-provider-requests-common for header format. -fn is_kcp_message(data: &[u8]) -> bool { - // Need at least 25 bytes for KCP header - if data.len() < 25 { - return false; - } - - // First, check if this looks like an IPR protocol message. - // IPR messages have: byte 0 = version (6-8), byte 1 = ServiceProviderType (0-2 for v8+) - // See: IpPacketRequest::try_from in messages/request.rs - let version_byte = data[0]; - let service_type_byte = data[1]; - if (6..=8).contains(&version_byte) && service_type_byte <= 2 { - // This matches IPR protocol header pattern - not a KCP message - return false; - } - - // Check KCP command byte at position 4 - let cmd = data[4]; - // Valid KCP commands: Push=81, Ack=82, Wask=83, Wins=84 - (81..=84).contains(&cmd) } // #[cfg(target_os = "linux")] @@ -172,11 +130,19 @@ impl MixnetListener { let decoder = MultiIpPacketCodec::new(); let mut framed_reader = FramedRead::new(data_request.ip_packets.as_ref(), decoder); - while let Some(Ok(packet)) = framed_reader.next().await { - let result = self - .handle_packet(packet.as_bytes(), data_request.version) - .await; - responses.push(result); + while let Some(result) = framed_reader.next().await { + match result { + Ok(packet) => { + let result = self + .handle_packet(packet.as_bytes(), data_request.version) + .await; + responses.push(result); + } + Err(e) => { + log::warn!("Failed to decode bundled IP packet: {e}"); + continue; + } + } } Ok(responses) @@ -187,6 +153,7 @@ impl MixnetListener { async fn on_static_connect_request( &mut self, connect_request: StaticConnectRequest, + stream_id: Option, ) -> PacketHandleResult { log::info!( "Received static connect request from {}", @@ -209,6 +176,31 @@ impl MixnetListener { let is_client_id_taken = self.connected_clients.is_client_connected(&sent_by); let response = match (is_ip_taken, is_client_id_taken) { + (true, true) if stream_id.is_some() => { + // Stream-mode reconnect: tear down the old handler (which has a + // stale stream_id) and create a fresh one for the new stream. + log::info!("Stream-mode client reconnecting, replacing handler"); + self.connected_clients.disconnect_client(&sent_by); + + let (forward_from_tun_tx, close_tx, handle) = ConnectedClientHandler::start( + sent_by.clone(), + buffer_timeout, + version, + self.mixnet_client.split_sender(), + stream_id, + ); + self.connected_clients.connect( + requested_ips, + sent_by.clone(), + forward_from_tun_tx, + close_tx, + handle, + ); + Response::StaticConnect { + request_id, + reply: StaticConnectResponse::Success, + } + } (true, true) => { log::info!("Connecting an already connected client"); if self @@ -233,6 +225,7 @@ impl MixnetListener { buffer_timeout, version, self.mixnet_client.split_sender(), + stream_id, ); // Register the new client in the set of connected clients @@ -274,9 +267,11 @@ impl MixnetListener { fn on_dynamic_connect_request( &mut self, connect_request: DynamicConnectRequest, + stream_id: Option, ) -> PacketHandleResult { log::info!( - "Received dynamic connect request from {}", + "Received v{} dynamic connect request from {}", + connect_request.version.into_u8(), connect_request.sent_by ); @@ -289,15 +284,22 @@ impl MixnetListener { .unwrap_or(nym_ip_packet_requests::codec::BUFFER_TIMEOUT); if let Some(ips) = self.connected_clients.lookup_ip_from_client_id(&reply_to) { - log::debug!("Reconnecting to the previous session"); - return Ok(Some(VersionedResponse { - version, - reply_to, - response: Response::DynamicConnect { - request_id, - reply: DynamicConnectSuccess { ips }.into(), - }, - })); + if stream_id.is_some() { + // Stream-mode reconnect: tear down old handler (stale stream_id) + // and create a fresh one below with the new stream. + log::info!("Stream-mode client reconnecting, replacing handler"); + self.connected_clients.disconnect_client(&reply_to); + } else { + log::debug!("Reconnecting to the previous session"); + return Ok(Some(VersionedResponse { + version, + reply_to, + response: Response::DynamicConnect { + request_id, + reply: DynamicConnectSuccess { ips }.into(), + }, + })); + } } let Some(new_ips) = self.connected_clients.find_new_ip() else { @@ -318,6 +320,7 @@ impl MixnetListener { buffer_timeout, version, self.mixnet_client.split_sender(), + stream_id, ); // Register the new client in the set of connected clients @@ -403,10 +406,14 @@ impl MixnetListener { })) } - async fn on_control_request(&mut self, control_request: ControlRequest) -> PacketHandleResult { + async fn on_control_request( + &mut self, + control_request: ControlRequest, + stream_id: Option, + ) -> PacketHandleResult { match control_request { - ControlRequest::StaticConnect(r) => self.on_static_connect_request(r).await, - ControlRequest::DynamicConnect(r) => self.on_dynamic_connect_request(r), + ControlRequest::StaticConnect(r) => self.on_static_connect_request(r, stream_id).await, + ControlRequest::DynamicConnect(r) => self.on_dynamic_connect_request(r, stream_id), ControlRequest::Disconnect(r) => self.on_disconnect_request(r), ControlRequest::Ping(r) => self.on_ping_request(r), ControlRequest::Health(r) => self.on_health_request(r), @@ -436,127 +443,106 @@ impl MixnetListener { .unwrap_or("missing".to_owned()) ); - // Check if this is a KCP-wrapped message from an LP client - if is_kcp_message(&reconstructed.message) { - return self.on_kcp_message(reconstructed).await; + // Check if this is an LP Stream frame + if reconstructed.message.len() >= LpFrameHeader::SIZE + && let Ok(header) = LpFrameHeader::parse(&reconstructed.message) + && header.kind == LpFrameKind::SphinxStream + { + return self.on_stream_frame(reconstructed, header).await; } // Regular IPR protocol message (websocket clients) - self.on_ipr_message(reconstructed).await + self.on_ipr_message(reconstructed, None).await } - /// Handle KCP-wrapped messages from LP clients. + /// Handle LP Stream-framed messages. /// - /// LP clients send: KCP(IpPacketRequest) - /// We unwrap the KCP layer, reassemble fragments, then process the inner IpPacketRequest. - /// Responses are wrapped in KCP and sent directly via the sender_tag reply mechanism, - /// rather than being returned for standard handling. - async fn on_kcp_message( + /// Parses stream attributes, processes the inner IPR payload, and handles + /// responses inline (wrapped in LP Stream frames). + async fn on_stream_frame( &mut self, reconstructed: ReconstructedMessage, + header: LpFrameHeader, ) -> Result> { - let current_time_ms = std::time::SystemTime::now() - .duration_since(std::time::UNIX_EPOCH) - .map(|d| d.as_millis() as u64) - .unwrap_or(0); - - // Process the KCP data through the session manager. - // AIDEV-NOTE: Reply mechanism for LP clients: - // 1. LP clients MUST send SURBs (in RepliableMessage) when connecting/sending data - // 2. The SDK's client-core layer (ReceivedMessagesBuffer + ReplyController) automatically - // extracts SURBs from incoming RepliableMessages and stores them keyed by sender_tag - // 3. When we call InputMessage::new_reply(sender_tag, ...), the SDK looks up stored SURBs - // 4. The vec![] here is for KcpSessionManager's internal SURB storage (currently unused) - // since the SDK handles SURB storage at a lower layer - // 5. If replies fail, check that LP client is sending SURBs in its messages - let processing_result = self - .kcp_session_manager - .process_incoming( - &reconstructed.message, - vec![], // SDK handles SURB extraction/storage automatically - reconstructed.sender_tag, - current_time_ms, - ) - .inspect_err(|e| { - log::warn!("KCP processing error: {e}"); - })?; - - let conv_id = processing_result.conversation_id; - log::debug!( - "KCP conv_id={}: received {} packets, {} complete messages", - processing_result.conversation_id, - processing_result.decoded_packets.len(), - processing_result.reassembled_messages.len() + "Received LP Stream frame ({} bytes)", + reconstructed.message.len() ); - // Process each reassembled message as an IpPacketRequest - for message_data in processing_result.reassembled_messages { - // Create a synthetic ReconstructedMessage for the inner payload - let inner_reconstructed = ReconstructedMessage { - message: message_data, - sender_tag: reconstructed.sender_tag, - }; + let attrs = SphinxStreamFrameAttributes::parse(&header.frame_attributes).map_err(|e| { + IpPacketRouterError::Other(format!("Invalid stream frame attributes: {e}")) + })?; - match self.on_ipr_message(inner_reconstructed).await { - Ok(results) => { - // Handle responses by wrapping in KCP and sending directly - for result in results { - // false positive: this if can't be collapsed due to `response` being moved - // between calls - #[allow(clippy::collapsible_if)] - if let Ok(Some(response)) = result { - if let Err(e) = self - .handle_kcp_response(conv_id, response, current_time_ms) - .await - { - log::warn!( - "Error sending KCP-wrapped response for conv_id={conv_id}: {e}", - ); - } - } + let stream_id = attrs.stream_id; + log::debug!( + "LP Stream: stream_id={stream_id:#018x}, msg_type={:?}, seq={}", + attrs.msg_type, + attrs.sequence_num + ); + + let payload = &reconstructed.message[LpFrameHeader::SIZE..]; + + // Open frames may carry an empty payload (stream handshake). + if payload.is_empty() { + log::info!("LP Stream: new stream opened (stream_id={stream_id:#018x})"); + return Ok(vec![]); + } + + let inner_reconstructed = ReconstructedMessage { + message: payload.to_vec(), + sender_tag: reconstructed.sender_tag, + }; + + match self + .on_ipr_message(inner_reconstructed, Some(stream_id)) + .await + { + Ok(results) => { + for result in results { + let Ok(Some(response)) = result else { continue }; + if let Err(e) = self.handle_stream_response(stream_id, response).await { + log::warn!( + "Error sending LP Stream response for stream_id={stream_id:#018x}: {e}" + ); } } - Err(e) => { - log::warn!("Error processing KCP inner message: {}", e); - // Continue processing other messages - } + } + Err(e) => { + log::warn!("Error processing LP Stream inner message: {e}"); } } - // Return empty - we handled responses directly above Ok(vec![]) } - /// Wrap a response in KCP and send it via the mixnet reply mechanism. + /// Wrap a response in an LP Stream frame and send it via the mixnet. /// - /// This is used for LP clients that communicate via KCP-wrapped messages. - async fn handle_kcp_response( + /// Used for inline control responses (connect handshake, pong, health) + /// that are sent directly from the message handler — outside the + /// `ConnectedClientHandler` which owns the data-path sequence counter. + /// + /// # Sequence numbering + /// + /// These inline responses always use **seq=0**. The data-path counter in + /// `ConnectedClientHandler` starts at 1 and skips 0 on wrap-around, so + /// the two paths never collide. + /// + /// Limitation: if multiple inline responses are sent on the same stream + /// (e.g. connect + later pong), they share seq=0. The client's reorder + /// buffer will see the second as a duplicate and drop it. In practice + /// this is fine because control responses are rare and idempotent, but + /// if it becomes a problem, give inline responses their own counter. + async fn handle_stream_response( &mut self, - conv_id: u32, + stream_id: u64, response: VersionedResponse, - current_time_ms: u64, ) -> Result<()> { let reply_to = response.reply_to.clone(); - - // Serialize the response let response_bytes = response.try_into_bytes()?; - // Wrap in KCP - let kcp_wrapped = - self.kcp_session_manager - .wrap_response(conv_id, &response_bytes, current_time_ms)?; + let wrapped = crate::clients::encode_stream_frame(stream_id, 0, response_bytes); - log::debug!( - "KCP conv_id={}: wrapped {} byte response into {} bytes", - conv_id, - response_bytes.len(), - kcp_wrapped.len() - ); - - // Send via mixnet using the sender_tag reply mechanism - let input_message = - crate::util::create_message::create_input_message(&reply_to, kcp_wrapped); + let input_message = crate::util::create_message::create_input_message(&reply_to, wrapped); self.mixnet_client.send(input_message).await.map_err(|err| { IpPacketRouterError::FailedToSendPacketToMixnet { @@ -566,9 +552,21 @@ impl MixnetListener { } /// Handle regular IPR protocol messages (from websocket clients). + /// + /// `stream_id` is `Some` when processing a payload extracted from an LP + /// Stream frame, so that connect handlers can thread the id to the + /// `ConnectedClientHandler` for LP-wrapping TUN responses. + /// + /// # Version / transport enforcement + /// + /// - LP Stream frames (`stream_id` is `Some`) **must** carry v9+ payloads. + /// - Non-stream messages (`stream_id` is `None`) **must** be v8 or lower. + /// + /// Messages that violate these rules are dropped. async fn on_ipr_message( &mut self, reconstructed: ReconstructedMessage, + stream_id: Option, ) -> Result> { // First deserialize the request let request = match IpPacketRequest::try_from(&reconstructed) { @@ -579,11 +577,27 @@ impl MixnetListener { req => req, }?; + // Enforce version/transport consistency: + // - LP Stream frames must carry v9+ payloads + // - Non-stream messages must be v8 or lower + let version_num = request.version().into_u8(); + + if stream_id.is_some() && version_num < 9 { + log::warn!("LP Stream frame contains v{version_num} payload, expected v9+; dropping",); + return Ok(vec![]); + } + if stream_id.is_none() && version_num >= 9 { + log::warn!("Non-stream message claims v{version_num}, expected v8 or lower; dropping",); + return Ok(vec![]); + } + log::debug!("Received request: {request}"); match request { IpPacketRequest::Data(request) => self.on_data_request(request).await, - IpPacketRequest::Control(request) => Ok(vec![self.on_control_request(request).await]), + IpPacketRequest::Control(request) => { + Ok(vec![self.on_control_request(request, stream_id).await]) + } } } @@ -640,45 +654,8 @@ impl MixnetListener { } } - /// Handle KCP session tick - drives retransmissions, ACKs, and cleanup. - /// - /// Sends any pending outgoing KCP packets (ACKs, retransmissions) via the - /// sender_tag reply mechanism. - async fn handle_kcp_tick(&mut self) { - let current_time_ms = std::time::SystemTime::now() - .duration_since(std::time::UNIX_EPOCH) - .map(|d| d.as_millis() as u64) - .unwrap_or(0); - - // Tick all KCP sessions - generates ACKs, retransmissions, etc. - let outgoing = self.kcp_session_manager.tick(current_time_ms); - - // Send any pending outgoing KCP protocol packets - for (conv_id, data) in outgoing { - // Get the sender_tag for this session to reply via mixnet - let Some(sender_tag) = self.kcp_session_manager.get_sender_tag(conv_id) else { - log::warn!( - "KCP tick: conv_id={} has {} bytes but no sender_tag, dropping", - conv_id, - data.len() - ); - continue; - }; - - log::trace!("KCP tick: conv_id={} sending {} bytes", conv_id, data.len()); - - let reply_to = crate::clients::ConnectedClientId::AnonymousSenderTag(sender_tag); - let input_message = crate::util::create_message::create_input_message(&reply_to, data); - - if let Err(e) = self.mixnet_client.send(input_message).await { - log::warn!("KCP tick: failed to send for conv_id={}: {}", conv_id, e); - } - } - } - pub(crate) async fn run(mut self) -> Result<()> { let mut disconnect_timer = tokio::time::interval(DISCONNECT_TIMER_INTERVAL); - let mut kcp_tick_timer = tokio::time::interval(KCP_TICK_INTERVAL); loop { tokio::select! { @@ -690,9 +667,6 @@ impl MixnetListener { _ = disconnect_timer.tick() => { self.handle_disconnect_timer().await; }, - _ = kcp_tick_timer.tick() => { - self.handle_kcp_tick().await; - }, msg = self.mixnet_client.next() => { if let Some(msg) = msg { match self.on_reconstructed_message(msg).await { @@ -719,98 +693,31 @@ pub(crate) type PacketHandleResult = Result>; #[cfg(test)] mod tests { - use super::*; - #[test] - fn test_is_kcp_message_rejects_ipr_protocol() { - // IPR v8 message: version=8, service_provider_type=1 (IpPacketRouter) - // Even if byte 4 happens to be a valid KCP command, we should reject it - let mut ipr_message = vec![0u8; 30]; - ipr_message[0] = 8; // version - ipr_message[1] = 1; // ServiceProviderType::IpPacketRouter - ipr_message[4] = 81; // This would be KCP Push command, but should be ignored + fn test_lp_stream_frame_detected() { + use bytes::BytesMut; + use nym_lp::packet::frame::{ + LpFrameHeader, LpFrameKind, SphinxStreamFrameAttributes, SphinxStreamMsgType, + }; - assert!( - !is_kcp_message(&ipr_message), - "IPR v8 message should not be detected as KCP" - ); + let attrs = SphinxStreamFrameAttributes { + stream_id: 0x1234, + msg_type: SphinxStreamMsgType::Data, + sequence_num: 42, + }; + let frame = nym_lp::packet::frame::LpFrame::new_stream(attrs, vec![8, 1, 0]); // fake IPR payload + let mut buf = BytesMut::new(); + frame.encode(&mut buf); - // IPR v6 message - ipr_message[0] = 6; - ipr_message[1] = 0; // v6 doesn't use service_provider_type but byte could be 0 - assert!( - !is_kcp_message(&ipr_message), - "IPR v6 message should not be detected as KCP" - ); + let header = LpFrameHeader::parse(&buf).unwrap(); + assert_eq!(header.kind, LpFrameKind::SphinxStream); - // IPR v7 message - ipr_message[0] = 7; - ipr_message[1] = 2; // Authenticator type - assert!( - !is_kcp_message(&ipr_message), - "IPR v7 message should not be detected as KCP" - ); - } + let parsed_attrs = SphinxStreamFrameAttributes::parse(&header.frame_attributes).unwrap(); + assert_eq!(parsed_attrs.stream_id, 0x1234); + assert_eq!(parsed_attrs.msg_type, SphinxStreamMsgType::Data); + assert_eq!(parsed_attrs.sequence_num, 42); - #[test] - fn test_is_kcp_message_accepts_kcp() { - // Valid KCP message: conv_id in bytes 0-3, cmd=Push(81) at byte 4 - // First bytes are conv_id (little-endian u32), so they won't look like IPR version - let mut kcp_message = vec![0u8; 30]; - kcp_message[0] = 0x12; // conv_id byte 0 (not 6-8, so not IPR version) - kcp_message[1] = 0x34; // conv_id byte 1 - kcp_message[2] = 0x56; // conv_id byte 2 - kcp_message[3] = 0x78; // conv_id byte 3 - kcp_message[4] = 81; // KCP Push command - - assert!( - is_kcp_message(&kcp_message), - "Valid KCP message should be detected" - ); - - // Test all valid KCP commands - for cmd in [81u8, 82, 83, 84] { - kcp_message[4] = cmd; - assert!( - is_kcp_message(&kcp_message), - "KCP command {} should be accepted", - cmd - ); - } - } - - #[test] - fn test_is_kcp_message_rejects_short_messages() { - // Less than 25 bytes should be rejected - let short_message = vec![0u8; 24]; - assert!( - !is_kcp_message(&short_message), - "Short message should not be detected as KCP" - ); - - let empty_message: Vec = vec![]; - assert!( - !is_kcp_message(&empty_message), - "Empty message should not be detected as KCP" - ); - } - - #[test] - fn test_is_kcp_message_rejects_invalid_kcp_command() { - // Message with invalid KCP command at byte 4 - let mut message = vec![0u8; 30]; - message[0] = 0x12; // Not IPR version - message[4] = 80; // Invalid KCP command (valid are 81-84) - - assert!( - !is_kcp_message(&message), - "Invalid KCP command should be rejected" - ); - - message[4] = 85; // Also invalid - assert!( - !is_kcp_message(&message), - "Invalid KCP command 85 should be rejected" - ); + // Content is everything after the header + assert_eq!(&buf[LpFrameHeader::SIZE..], &[8, 1, 0]); } } diff --git a/service-providers/network-requester/Cargo.toml b/service-providers/network-requester/Cargo.toml index 71ec9783e5..fcb1d3a0d6 100644 --- a/service-providers/network-requester/Cargo.toml +++ b/service-providers/network-requester/Cargo.toml @@ -4,7 +4,7 @@ [package] name = "nym-network-requester" license = "GPL-3.0" -version = "1.1.74" +version = "1.1.75" authors.workspace = true edition.workspace = true rust-version = "1.85" diff --git a/tools/nym-cli/Cargo.toml b/tools/nym-cli/Cargo.toml index c3a1600b87..1c5bced200 100644 --- a/tools/nym-cli/Cargo.toml +++ b/tools/nym-cli/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nym-cli" -version = "1.1.73" +version = "1.1.74" authors.workspace = true edition = "2021" license.workspace = true diff --git a/tools/nymvisor/Cargo.toml b/tools/nymvisor/Cargo.toml index 724ed219b4..a99cb29472 100644 --- a/tools/nymvisor/Cargo.toml +++ b/tools/nymvisor/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nymvisor" -version = "0.1.38" +version = "0.1.39" authors.workspace = true repository.workspace = true homepage.workspace = true