generated from pokt-network/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 8
/
application.ts
201 lines (169 loc) · 6.77 KB
/
application.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
import { BootMixin } from '@loopback/boot'
import { ApplicationConfig } from '@loopback/core'
import { RepositoryMixin } from '@loopback/repository'
import { RestApplication, HttpErrors } from '@loopback/rest'
import { ServiceMixin } from '@loopback/service-proxy'
import { GatewaySequence } from './sequence'
import { Account } from '@pokt-network/pocket-js/dist/keybase/models/account'
import path from 'path'
import AatPlans from './config/aat-plans.json'
const logger = require('./services/logger')
const pocketJS = require('@pokt-network/pocket-js')
const { Pocket, Configuration, HttpRpcProvider } = pocketJS
import Redis from 'ioredis'
import crypto from 'crypto'
import os from 'os'
import process from 'process'
import pg from 'pg'
import got from 'got'
require('log-timestamp')
require('dotenv').config()
export class PocketGatewayApplication extends BootMixin(ServiceMixin(RepositoryMixin(RestApplication))) {
constructor(options: ApplicationConfig = {}) {
super(options)
this.sequence(GatewaySequence)
this.static('/', path.join(__dirname, '../public'))
this.projectRoot = __dirname
this.bootOptions = {
controllers: {
dirs: ['controllers'],
extensions: ['.controller.js'],
nested: true,
},
}
}
async loadPocket(): Promise<void> {
// Requirements; for Production these are stored in GitHub repo secrets
//
// For Dev, you need to pass them in via .env file
const environment: string = process.env.NODE_ENV || 'production'
logger.log('info', 'Environment: ' + environment)
const dispatchURL: string = process.env.DISPATCH_URL || ''
const altruists: string = process.env.ALTRUISTS || ''
const clientPrivateKey: string = process.env.GATEWAY_CLIENT_PRIVATE_KEY || ''
const clientPassphrase: string = process.env.GATEWAY_CLIENT_PASSPHRASE || ''
const pocketSessionBlockFrequency: string = process.env.POCKET_SESSION_BLOCK_FREQUENCY || ''
const pocketBlockTime: string = process.env.POCKET_BLOCK_TIME || ''
const relayRetries: string = process.env.POCKET_RELAY_RETRIES || ''
const databaseEncryptionKey: string = process.env.DATABASE_ENCRYPTION_KEY || ''
const aatPlan = process.env.AAT_PLAN || AatPlans.PREMIUM
if (!dispatchURL) {
throw new HttpErrors.InternalServerError('DISPATCH_URL required in ENV')
}
if (!altruists) {
throw new HttpErrors.InternalServerError('ALTRUISTS required in ENV')
}
if (!clientPrivateKey) {
throw new HttpErrors.InternalServerError('GATEWAY_CLIENT_PRIVATE_KEY required in ENV')
}
if (!clientPassphrase) {
throw new HttpErrors.InternalServerError('GATEWAY_CLIENT_PASSPHRASE required in ENV')
}
if (!pocketSessionBlockFrequency || pocketSessionBlockFrequency === '') {
throw new HttpErrors.InternalServerError('POCKET_SESSION_BLOCK_FREQUENCY required in ENV')
}
if (!pocketBlockTime || pocketBlockTime === '') {
throw new HttpErrors.InternalServerError('POCKET_BLOCK_TIME required in ENV')
}
if (!databaseEncryptionKey) {
throw new HttpErrors.InternalServerError('DATABASE_ENCRYPTION_KEY required in ENV')
}
if (aatPlan !== AatPlans.PREMIUM && !AatPlans.values.includes(aatPlan)) {
throw new HttpErrors.InternalServerError('Unrecognized AAT Plan')
}
const dispatchers = []
if (dispatchURL.indexOf(',')) {
const dispatcherArray = dispatchURL.split(',')
dispatcherArray.forEach(function (dispatcher) {
dispatchers.push(new URL(dispatcher))
})
} else {
dispatchers.push(new URL(dispatchURL))
}
const configuration = new Configuration(
50,
100000,
0,
120000,
false,
parseInt(pocketSessionBlockFrequency),
parseInt(pocketBlockTime),
undefined,
undefined,
false
)
const rpcProvider = new HttpRpcProvider(dispatchers[0])
const pocket = new Pocket(dispatchers, rpcProvider, configuration)
// Bind to application context for shared re-use
this.bind('pocketInstance').to(pocket)
this.bind('pocketConfiguration').to(configuration)
this.bind('relayRetries').to(parseInt(relayRetries))
this.bind('altruists').to(altruists)
this.bind('logger').to(logger)
// Unlock primary client account for relay signing
try {
const importAccount = await pocket.keybase.importAccount(Buffer.from(clientPrivateKey, 'hex'), clientPassphrase)
if (importAccount instanceof Account) {
await pocket.keybase.unlockAccount(importAccount.addressHex, clientPassphrase, 0)
}
} catch (e) {
logger.log('error', e)
throw new HttpErrors.InternalServerError('Unable to import or unlock base client account')
}
// Load Redis for cache
const redisEndpoint: string = process.env.REDIS_ENDPOINT || ''
const redisPort: string = process.env.REDIS_PORT || ''
if (!redisEndpoint) {
throw new HttpErrors.InternalServerError('REDIS_ENDPOINT required in ENV')
}
if (!redisPort) {
throw new HttpErrors.InternalServerError('REDIS_PORT required in ENV')
}
const redis = new Redis(parseInt(redisPort), redisEndpoint)
this.bind('redisInstance').to(redis)
// Load Postgres for TimescaleDB metrics
const pgConnection: string = process.env.PG_CONNECTION || ''
const pgCertificate: string = process.env.PG_CERTIFICATE || ''
if (!pgConnection) {
throw new HttpErrors.InternalServerError('PG_CONNECTION required in ENV')
}
if (!pgCertificate && environment !== 'development') {
throw new HttpErrors.InternalServerError('PG_CERTIFICATE required in ENV')
}
// Pull public certificate from Redis or s3 if not there
const cachedCertificate = await redis.get('timescaleDBCertificate')
let publicCertificate
if (environment === 'production') {
if (!cachedCertificate) {
try {
const s3Certificate = await got(pgCertificate)
publicCertificate = s3Certificate.body
} catch (e) {
throw new HttpErrors.InternalServerError('Invalid Certificate')
}
await redis.set('timescaleDBCertificate', publicCertificate, 'EX', 600)
} else {
publicCertificate = cachedCertificate
}
}
const ssl =
environment === 'production'
? {
rejectUnauthorized: false,
ca: publicCertificate,
}
: false
const pgConfig = {
connectionString: pgConnection,
ssl,
}
const pgPool = new pg.Pool(pgConfig)
this.bind('pgPool').to(pgPool)
this.bind('databaseEncryptionKey').to(databaseEncryptionKey)
this.bind('aatPlan').to(aatPlan)
// Create a UID for this process
const parts = [os.hostname(), process.pid, +new Date()]
const hash = crypto.createHash('md5').update(parts.join(''))
this.bind('processUID').to(hash.digest('hex'))
}
}