fix conflicts

ten-protocol · Jul 31, 2024 · 3ddd6bd · 3ddd6bd
2 parents cc6c61f + c3ad0a4
commit 3ddd6bd
Show file tree

Hide file tree

Showing 13 changed files with 429 additions and 37 deletions.
diff --git a/.github/workflows/manual-deploy-dexynth-gateway.yml b/.github/workflows/manual-deploy-dexynth-gateway.yml
@@ -138,4 +138,5 @@ jobs:
               --log-opt max-file=3 --log-opt max-size=10m \
               ${{ vars.DOCKER_BUILD_TAG_GATEWAY_DEXYNTH }} \
               -host=0.0.0.0 -port=8080 -portWS=81 -nodeHost=${{ vars.L2_RPC_URL_VALIDATOR_DEXYNTH }} -verbose=true \
-              -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{  github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb"'
+              -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{  github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb" \
+              -rateLimitUserComputeTime=${{ vars.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }} -rateLimitWindow=${{ vars.GATEWAY_RATE_LIMIT_WINDOW }} -maxConcurrentRequestsPerUser=${{ vars.GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER }} '
diff --git a/.github/workflows/manual-deploy-obscuro-gateway.yml b/.github/workflows/manual-deploy-obscuro-gateway.yml
@@ -137,7 +137,8 @@ jobs:
             && cd /home/obscuro/go-obscuro/ \
             && docker run -d -p 80:80 -p 81:81 --name ${{ github.event.inputs.testnet_type }}-OG-${{ GITHUB.RUN_NUMBER }} \
               -e OBSCURO_GATEWAY_VERSION="${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }}" \
-              --log-opt max-file=3 --log-opt max-size=10m \
-              ${{ vars.DOCKER_BUILD_TAG_GATEWAY }} \
-              -host=0.0.0.0 -port=8080 -portWS=81 -nodeHost=${{ vars.L2_RPC_URL_VALIDATOR }} -verbose=true \
-              -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{  github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb"'
+               --log-opt max-file=3 --log-opt max-size=10m \
+               ${{ vars.DOCKER_BUILD_TAG_GATEWAY }} \
+               -host=0.0.0.0 -port=8080 -portWS=81 -nodeHost=${{ vars.L2_RPC_URL_VALIDATOR }} -verbose=true \
+               -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{  github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb" \
+               -rateLimitUserComputeTime=${{ vars.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }} -rateLimitWindow=${{ vars.GATEWAY_RATE_LIMIT_WINDOW }} -maxConcurrentRequestsPerUser=${{ vars.GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER }} '
diff --git a/contracts/package.json b/contracts/package.json
@@ -26,5 +26,8 @@
     "ethers": "^6.6.0",
     "hardhat-ignore-warnings": "^0.2.6",
     "ten-hardhat-plugin": "^0.0.9"
+  },
+  "peerDependencies": {
+    "@nomicfoundation/hardhat-verify" : "2.0.8"
   }
 }
diff --git a/go/common/subscription/new_heads_manager.go b/go/common/subscription/new_heads_manager.go
@@ -88,7 +88,7 @@ func (nhs *NewHeadsService) onNewBatch(head *common.BatchHeader) error {
 
 	var msg any = head
 	if nhs.convertToEthHeader {
-		msg = convertBatchHeader(head)
+		msg = ConvertBatchHeader(head)
 	}
 
 	nhs.notifiersMutex.Lock()
@@ -130,10 +130,11 @@ func (nhs *NewHeadsService) HealthStatus(context.Context) host.HealthStatus {
 	return &host.BasicErrHealthStatus{}
 }
 
-func convertBatchHeader(head *common.BatchHeader) *types.Header {
+func ConvertBatchHeader(head *common.BatchHeader) *types.Header {
 	return &types.Header{
 		ParentHash:  head.ParentHash,
 		UncleHash:   gethcommon.Hash{},
+		Coinbase:    head.Coinbase,
 		Root:        head.Root,
 		TxHash:      head.TxHash,
 		ReceiptHash: head.ReceiptHash,

diff --git a/go/host/rpc/clientapi/client_api_eth.go b/go/host/rpc/clientapi/client_api_eth.go
@@ -187,6 +187,18 @@ func (api *EthereumAPI) GetStorageAt(ctx context.Context, encryptedParams common
 	return *enclaveResponse, nil
 }
 
+func (api *EthereumAPI) MaxPriorityFeePerGas(_ context.Context) (*hexutil.Big, error) {
+	// todo - implement with the gas mechanics
+	header, err := api.host.Storage().FetchHeadBatchHeader()
+	if err != nil {
+		api.logger.Error("Unable to retrieve header for fee history.", log.ErrKey, err)
+		return nil, fmt.Errorf("unable to retrieve MaxPriorityFeePerGas")
+	}
+
+	// just return the base fee?
+	return (*hexutil.Big)(header.BaseFee), err
+}
+
 // FeeHistory is a placeholder for an RPC method required by MetaMask/Remix.
 // rpc.DecimalOrHex -> []byte
 func (api *EthereumAPI) FeeHistory(context.Context, string, rpc.BlockNumber, []float64) (*FeeHistoryResult, error) {

diff --git a/integration/tengateway/tengateway_test.go b/integration/tengateway/tengateway_test.go
@@ -74,6 +74,9 @@ func TestTenGateway(t *testing.T) {
 		DBType:                  "sqlite",
 		TenChainID:              443,
 		StoreIncomingTxs:        true,
+		RateLimitUserComputeTime:       200 * time.Millisecond,
+		RateLimitWindow:                1 * time.Second,
+		RateLimitMaxConcurrentRequests: 3,
 	}
 
 	tenGwContainer := walletextension.NewContainerFromConfig(tenGatewayConf, testlog.Logger())
@@ -111,6 +114,7 @@ func TestTenGateway(t *testing.T) {
 		"testDifferentMessagesOnRegister":      testDifferentMessagesOnRegister,
 		"testInvokeNonSensitiveMethod":         testInvokeNonSensitiveMethod,
 		"testGetStorageAtForReturningUserID":   testGetStorageAtForReturningUserID,
+		"testRateLimiter":                      testRateLimiter,
 	} {
 		t.Run(name, func(t *testing.T) {
 			test(t, httpURL, wsURL, w)
@@ -124,6 +128,45 @@ func TestTenGateway(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func testRateLimiter(t *testing.T, httpURL, wsURL string, w wallet.Wallet) {
+	user0, err := NewGatewayUser([]wallet.Wallet{w, datagenerator.RandomWallet(integration.TenChainID)}, httpURL, wsURL)
+	require.NoError(t, err)
+	testlog.Logger().Info("Created user with encryption token", "t", user0.tgClient.UserID())
+	// register the user so we can call the endpoints that require authentication
+	err = user0.RegisterAccounts()
+	require.NoError(t, err)
+
+	// call BalanceAt - fist call should be successful
+	_, err = user0.HTTPClient.BalanceAt(context.Background(), user0.Wallets[0].Address(), nil)
+	require.NoError(t, err)
+
+	// sleep for a period of time to allow the rate limiter to reset
+	time.Sleep(1 * time.Second)
+
+	// first call after the rate limiter reset should be successful
+	_, err = user0.HTTPClient.BalanceAt(context.Background(), user0.Wallets[0].Address(), nil)
+	require.NoError(t, err)
+
+	address := user0.Wallets[0].Address()
+
+	// make 1000 requests with the same user to "spam" the gateway
+	for i := 0; i < 1000; i++ {
+		msg := ethereum.CallMsg{
+			From: address,
+			To:   &address, // Example: self-call to the user's address
+			Gas:  uint64(i),
+			Data: nil,
+		}
+
+		user0.HTTPClient.EstimateGas(context.Background(), msg)
+	}
+
+	// after 1000 requests, the rate limiter should block the user
+	_, err = user0.HTTPClient.BalanceAt(context.Background(), user0.Wallets[0].Address(), nil)
+	require.Error(t, err)
+	require.Equal(t, "rate limit exceeded", err.Error())
+}
+
 func testNewHeadsSubscription(t *testing.T, httpURL, wsURL string, w wallet.Wallet) {
 	user0, err := NewGatewayUser([]wallet.Wallet{w, datagenerator.RandomWallet(integration.TenChainID)}, httpURL, wsURL)
 	require.NoError(t, err)
@@ -467,7 +510,7 @@ func testErrorHandling(t *testing.T, httpURL, wsURL string, w wallet.Wallet) {
 		`{"jsonrpc":"2.0","method":"eth_sendTransaction","params":[["0xA58C60cc047592DE97BF1E8d2f225Fc5D959De77", "0x1234"]],"id":1}`,
 		`{"jsonrpc":"2.0","method":"eth_getTransactionByHash","params":["0x0000000000000000000000000000000000000000000000000000000000000000"],"id":1}`,
 	} {
-		// ensure the geth request is issued correctly (should return 200 ok with jsonRPCError)
+		// ensure the gateway request is issued correctly (should return 200 ok with jsonRPCError)
 		_, response, err := httputil.PostDataJSON(ogClient.HTTP(), []byte(req))
 		require.NoError(t, err)
 		fmt.Printf("Resp: %s", response)
@@ -477,7 +520,7 @@ func testErrorHandling(t *testing.T, httpURL, wsURL string, w wallet.Wallet) {
 		err = json.Unmarshal(response, &jsonRPCError)
 		require.NoError(t, err, req, response)
 
-		// repeat the process for the gateway
+		// repeat the process for geth
 		_, response, err = httputil.PostDataJSON(fmt.Sprintf("http://localhost:%d", _startPort+integration.DefaultGethHTTPPortOffset), []byte(req))
 		require.NoError(t, err)
 

diff --git a/tools/walletextension/common/config.go b/tools/walletextension/common/config.go
@@ -1,17 +1,22 @@
 package common
 
+import "time"
+
 // Config contains the configuration required by the WalletExtension.
 type Config struct {
-	WalletExtensionHost     string
-	WalletExtensionPortHTTP int
-	WalletExtensionPortWS   int
-	NodeRPCHTTPAddress      string
-	NodeRPCWebsocketAddress string
-	LogPath                 string
-	DBPathOverride          string // Overrides the database file location. Used in tests.
-	VerboseFlag             bool
-	DBType                  string
-	DBConnectionURL         string
-	TenChainID              int
-	StoreIncomingTxs        bool
+	WalletExtensionHost            string
+	WalletExtensionPortHTTP        int
+	WalletExtensionPortWS          int
+	NodeRPCHTTPAddress             string
+	NodeRPCWebsocketAddress        string
+	LogPath                        string
+	DBPathOverride                 string // Overrides the database file location. Used in tests.
+	VerboseFlag                    bool
+	DBType                         string
+	DBConnectionURL                string
+	TenChainID                     int
+	StoreIncomingTxs               bool
+	RateLimitUserComputeTime       time.Duration
+	RateLimitWindow                time.Duration
+	RateLimitMaxConcurrentRequests int
 }
diff --git a/tools/walletextension/main/cli.go b/tools/walletextension/main/cli.go
@@ -3,6 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
+	"time"
 
 	wecommon "github.com/ten-protocol/go-ten/tools/walletextension/common"
 )
@@ -59,6 +60,18 @@ const (
 	storeIncomingTxs        = "storeIncomingTxs"
 	storeIncomingTxsDefault = true
 	storeIncomingTxsUsage   = "Flag to enable storing incoming transactions in the database for debugging purposes. Default: true"
+
+	rateLimitUserComputeTimeName    = "rateLimitUserComputeTime"
+	rateLimitUserComputeTimeDefault = 10 * time.Second
+	rateLimitUserComputeTimeUsage   = "rateLimitUserComputeTime represents how much compute time is user allowed to used in rateLimitWindow time. If rateLimitUserComputeTime is set to 0, rate limiting is turned off. Default: 10s."
+
+	rateLimitWindowName    = "rateLimitWindow"
+	rateLimitWindowDefault = 1 * time.Minute
+	rateLimitWindowUsage   = "rateLimitWindow represents time window in which we allow one user to use compute time defined with rateLimitUserComputeTimeMs  Default: 1m"
+
+	rateLimitMaxConcurrentRequestsName    = "maxConcurrentRequestsPerUser"
+	rateLimitMaxConcurrentRequestsDefault = 3
+	rateLimitMaxConcurrentRequestsUsage   = "Number of concurrent requests allowed per user. Default: 3"
 )
 
 func parseCLIArgs() wecommon.Config {
@@ -75,20 +88,26 @@ func parseCLIArgs() wecommon.Config {
 	dbConnectionURL := flag.String(dbConnectionURLFlagName, dbConnectionURLFlagDefault, dbConnectionURLFlagUsage)
 	tenChainID := flag.Int(tenChainIDName, tenChainIDDefault, tenChainIDFlagUsage)
 	storeIncomingTransactions := flag.Bool(storeIncomingTxs, storeIncomingTxsDefault, storeIncomingTxsUsage)
+	rateLimitUserComputeTime := flag.Duration(rateLimitUserComputeTimeName, rateLimitUserComputeTimeDefault, rateLimitUserComputeTimeUsage)
+	rateLimitWindow := flag.Duration(rateLimitWindowName, rateLimitWindowDefault, rateLimitWindowUsage)
+	rateLimitMaxConcurrentRequests := flag.Int(rateLimitMaxConcurrentRequestsName, rateLimitMaxConcurrentRequestsDefault, rateLimitMaxConcurrentRequestsUsage)
 	flag.Parse()
 
 	return wecommon.Config{
-		WalletExtensionHost:     *walletExtensionHost,
-		WalletExtensionPortHTTP: *walletExtensionPort,
-		WalletExtensionPortWS:   *walletExtensionPortWS,
-		NodeRPCHTTPAddress:      fmt.Sprintf("%s:%d", *nodeHost, *nodeHTTPPort),
-		NodeRPCWebsocketAddress: fmt.Sprintf("%s:%d", *nodeHost, *nodeWebsocketPort),
-		LogPath:                 *logPath,
-		DBPathOverride:          *databasePath,
-		VerboseFlag:             *verboseFlag,
-		DBType:                  *dbType,
-		DBConnectionURL:         *dbConnectionURL,
-		TenChainID:              *tenChainID,
-		StoreIncomingTxs:        *storeIncomingTransactions,
+		WalletExtensionHost:            *walletExtensionHost,
+		WalletExtensionPortHTTP:        *walletExtensionPort,
+		WalletExtensionPortWS:          *walletExtensionPortWS,
+		NodeRPCHTTPAddress:             fmt.Sprintf("%s:%d", *nodeHost, *nodeHTTPPort),
+		NodeRPCWebsocketAddress:        fmt.Sprintf("%s:%d", *nodeHost, *nodeWebsocketPort),
+		LogPath:                        *logPath,
+		DBPathOverride:                 *databasePath,
+		VerboseFlag:                    *verboseFlag,
+		DBType:                         *dbType,
+		DBConnectionURL:                *dbConnectionURL,
+		TenChainID:                     *tenChainID,
+		StoreIncomingTxs:               *storeIncomingTransactions,
+		RateLimitUserComputeTime:       *rateLimitUserComputeTime,
+		RateLimitWindow:                *rateLimitWindow,
+		RateLimitMaxConcurrentRequests: *rateLimitMaxConcurrentRequests,
 	}
 }