Compare commits

...

19 Commits

Author SHA1 Message Date
42a4035a64 Add --fqdn-policy option to deploy-webapp-from-registry.
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 47s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m15s
Smoke Test / Run basic test suite (pull_request) Successful in 5m42s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m35s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 10m20s
2024-04-12 16:57:36 -05:00
7cce68959f relay
Some checks failed
Lint Checks / Run linter (pull_request) Successful in 39s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m3s
Webapp Test / Run webapp test suite (pull_request) Failing after 4m15s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m52s
Smoke Test / Run basic test suite (pull_request) Successful in 4m19s
2024-04-04 22:55:45 -05:00
0cd90ad3dc Target reverse_proxy by env.
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 44s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m34s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m28s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 10m2s
Smoke Test / Run basic test suite (pull_request) Successful in 5m13s
2024-04-04 14:32:12 -05:00
90d92c3e15 Fix Docker build
Some checks failed
Lint Checks / Run linter (pull_request) Successful in 50s
Webapp Test / Run webapp test suite (pull_request) Failing after 4m40s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m4s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m49s
Smoke Test / Run basic test suite (pull_request) Successful in 4m59s
2024-04-02 22:20:02 -05:00
202c68d996 unused file
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 43s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m31s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m17s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m5s
Smoke Test / Run basic test suite (pull_request) Successful in 4m33s
2024-04-02 21:25:06 -05:00
236dea1b44 typo
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 43s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m15s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m37s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 8m35s
Smoke Test / Run basic test suite (pull_request) Successful in 5m0s
2024-04-02 18:43:05 -05:00
9aa02fc26a missing env
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 42s
Deploy Test / Run deploy test suite (pull_request) Successful in 4m55s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m24s
Smoke Test / Run basic test suite (pull_request) Successful in 4m31s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m40s
2024-04-02 18:39:48 -05:00
80e039d70e Remove abandoned file.
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 40s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m40s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m43s
Smoke Test / Run basic test suite (pull_request) Successful in 5m1s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m4s
2024-04-02 18:03:59 -05:00
d7f06ad51e Combine stacks.
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 33s
Deploy Test / Run deploy test suite (pull_request) Successful in 4m54s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m27s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 8m37s
Smoke Test / Run basic test suite (pull_request) Successful in 5m22s
2024-04-02 18:02:54 -05:00
343d31c324 Add README
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 43s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m10s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m33s
Smoke Test / Run basic test suite (pull_request) Successful in 4m56s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 10m13s
2024-04-01 16:07:47 -05:00
fd00143b76 Add README
Some checks failed
Lint Checks / Run linter (pull_request) Successful in 55s
Webapp Test / Run webapp test suite (pull_request) Failing after 4m55s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m51s
Smoke Test / Run basic test suite (pull_request) Successful in 5m36s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 10m57s
2024-04-01 16:06:52 -05:00
36e89b5a78 Linea Sepolia Testnet-based Nitro Auth
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 45s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m53s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m45s
Smoke Test / Run basic test suite (pull_request) Successful in 5m41s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m27s
2024-04-01 15:53:01 -05:00
80b299c1e5 Swap caddy for nginx
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 41s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m45s
Smoke Test / Run basic test suite (pull_request) Successful in 4m40s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m28s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 8m57s
2024-03-22 17:10:23 -05:00
f20dcb8457 revert
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 39s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m35s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m16s
Smoke Test / Run basic test suite (pull_request) Successful in 5m14s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 11m8s
2024-03-21 16:19:42 -05:00
7929a137b6 revert
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 57s
Deploy Test / Run deploy test suite (pull_request) Successful in 6m39s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m35s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 10m57s
Smoke Test / Run basic test suite (pull_request) Successful in 6m19s
2024-03-21 16:19:14 -05:00
247025de28 Shorten sleep
All checks were successful
Lint Checks / Run linter (pull_request) Successful in 52s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m24s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m36s
Smoke Test / Run basic test suite (pull_request) Successful in 6m15s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 11m40s
2024-03-21 12:12:26 -05:00
76821f00a0 stack updates 2024-03-21 02:10:37 -05:00
78219c0e04 Ask nitor 2024-03-19 21:11:52 -05:00
9e87088328 WIP: nitro auth 2024-03-19 16:49:51 -05:00
12 changed files with 558 additions and 28 deletions

View File

@ -0,0 +1,113 @@
version: '3.7'
services:
go-nitro-alice:
image: cerc/go-nitro:local
hostname: go-nitro-alice
restart: on-failure
depends_on:
- go-nitro-bootnode
environment:
CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_ALICE:-888814df89c4358d7ddb3fa4b0213e7331239a80e1f013eaa7b2deca2a41a218}
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
env_file:
- ../config/go-nitro-auth/alice.env
entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"]
volumes:
- nitro_deployment:/app/deployment
- go_nitro_data_alice:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: ["CMD", "nc", "-vz", "localhost", "4006"]
interval: 5s
timeout: 5s
retries: 100
start_period: 100s
ports:
- "3006"
- "4006"
- "5006"
- "4106"
- "4206"
- "4216"
go-nitro-bob:
image: cerc/go-nitro:local
hostname: go-nitro-bob
restart: on-failure
depends_on:
- go-nitro-bootnode
environment:
CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_BOB:-570b909da9669b2f35a0b1ac70b8358516d55ae1b5b3710e95e9a94395090597}
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
env_file:
- ../config/go-nitro-auth/bob.env
entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"]
volumes:
- nitro_deployment:/app/deployment
- go_nitro_data_bob:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: ["CMD", "nc", "-vz", "localhost", "4007"]
interval: 5s
timeout: 5s
retries: 100
start_period: 100s
ports:
- "3007"
- "4007"
- "5007"
- "4107"
- "4207"
- "4217"
go-nitro-bootnode:
image: cerc/go-nitro:local
hostname: go-nitro-bootnode
restart: on-failure
environment:
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
CERC_NITRO_RELAY_ON: true
env_file:
- ../config/go-nitro-auth/bootnode.env
entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ]
volumes:
- nitro_deployment:/app/deployment
- go_nitro_data_bootnode:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: [ "CMD", "nc", "-vz", "localhost", "4008" ]
interval: 5s
timeout: 5s
retries: 100
start_period: 100s
ports:
- "9090"
nitro-caddy:
image: caddy:2-alpine
restart: always
environment:
CERC_ETH_RPC_ENDPOINT: ${CERC_ETH_RPC_ENDPOINT:-http://fixturenet-eth-geth-1:8545}
volumes:
- ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile
ports:
- "5678"
depends_on:
- go-nitro-alice
- go-nitro-bob
volumes:
go_nitro_data_alice:
go_nitro_data_bob:
go_nitro_data_bootnode:
nitro_deployment:

View File

@ -0,0 +1,19 @@
# SET ME! Your on-chain private key.
#CERC_NITRO_CHAIN_PK=<MY_PK_GOES_HERE>
# Default is CERC_NITRO_CHAIN_PK.
#CERC_NITRO_PK=<MY_PK_GOES_HERE>
# SET ME! The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_NITRO_AUTH_ON=false
CERC_NITRO_AUTH_RPC_PORT=4006
CERC_NITRO_AUTH_UI_PORT=4206
CERC_NITRO_BOOT_PEERS="/dns4/go-nitro-bootnode/tcp/3008/p2p/16Uiu2HAmFYz5YPf3GtkfQsAwYJfDsKSm34U9qAiTwxW7RJUVGMRK"
CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store
CERC_NITRO_MSG_PORT=3006
CERC_NITRO_RPC_PORT=4006
CERC_NITRO_UI_PORT=4106
CERC_NITRO_USE_DURABLE_STORE=true
CERC_NITRO_WS_MSG_PORT=5006

View File

@ -0,0 +1,19 @@
# SET ME! Your on-chain private key.
#CERC_NITRO_CHAIN_PK=<MY_PK_GOES_HERE>
# Default is CERC_NITRO_CHAIN_PK.
#CERC_NITRO_PK=<MY_PK_GOES_HERE>
# SET ME! The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_NITRO_AUTH_ON=true
CERC_NITRO_AUTH_RPC_PORT=4007
CERC_NITRO_AUTH_UI_PORT=4207
CERC_NITRO_BOOT_PEERS="/dns4/go-nitro-bootnode/tcp/3008/p2p/16Uiu2HAmFYz5YPf3GtkfQsAwYJfDsKSm34U9qAiTwxW7RJUVGMRK"
CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store
CERC_NITRO_MSG_PORT=3007
CERC_NITRO_RPC_PORT=4007
CERC_NITRO_UI_PORT=4107
CERC_NITRO_USE_DURABLE_STORE=true
CERC_NITRO_WS_MSG_PORT=5007

View File

@ -0,0 +1,17 @@
CERC_NITRO_CHAIN_PK=596db2ac27479cfdf60f708bf64ae44a1c5090e9446cca011d72bc9a59b47d3d
CERC_NITRO_PK=f41086394674cf00a66448c6688295d7330af39f6f38fed89ea023e39382d6a0
# The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_NITRO_AUTH_ON=false
CERC_NITRO_AUTH_RPC_PORT=4008
CERC_NITRO_AUTH_UI_PORT=4208
CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store
CERC_NITRO_MSG_PORT=3008
CERC_NITRO_RPC_PORT=4008
CERC_NITRO_UI_PORT=4108
CERC_NITRO_USE_DURABLE_STORE=true
CERC_NITRO_WS_MSG_PORT=5008
CERC_SCRIPT_DEBUG=true

View File

@ -0,0 +1,42 @@
:5678 {
handle /pay* {
reverse_proxy http://go-nitro-bob:8547
}
@eth-key-in-header {
path_regexp /eth/?$
header X-Api-Key *
}
handle @eth-key-in-header {
forward_auth go-nitro-bob:8547 {
uri /auth/{header.x-api-key}
}
rewrite * /
reverse_proxy {$CERC_ETH_RPC_ENDPOINT} {
header_up Host {upstream_hostport}
}
}
@eth-key-in-path {
path_regexp apikey eth/(.+)$
}
handle @eth-key-in-path {
forward_auth go-nitro-bob:8547 {
uri /auth/{re.apikey.1}
}
rewrite * /
reverse_proxy {$CERC_ETH_RPC_ENDPOINT} {
header_up Host {upstream_hostport}
}
}
handle /eth* {
respond "401 Unauthorized" 401
}
handle {
reverse_proxy http://go-nitro-alice:4206
}
}

View File

@ -4,6 +4,11 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
set -x set -x
fi fi
if [ -z "$CERC_NITRO_CHAIN_PK" ] || [ -z "$CERC_NITRO_CHAIN_URL" ]; then
echo "You most set both CERC_NITRO_CHAIN_PK and CERC_NITRO_CHAIN_URL." 1>&2
exit 1
fi
nitro_addresses_file="/app/deployment/nitro-addresses.json" nitro_addresses_file="/app/deployment/nitro-addresses.json"
# Check if CERC_NA_ADDRESS environment variable is set # Check if CERC_NA_ADDRESS environment variable is set
@ -29,14 +34,18 @@ fi
echo "Running Nitro node" echo "Running Nitro node"
# Assuming CERC_NITRO_CHAIN_URL is of format <ws|http>://host:port if [[ "${CERC_GO_NITRO_WAIT_FOR_CHAIN:-true}" == "true" ]]; then
ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 1) # Assuming CERC_NITRO_CHAIN_URL is of format <ws|http>://host[:port][/foo]
ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 2) ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 1)
ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 2)
if [[ "$ws_port" == "$ws_host" ]]; then
ws_port=""
fi
# Wait till chain endpoint is available # Wait till chain endpoint is available
retry_interval=5 retry_interval=5
while true; do while true; do
nc -z -w 1 "$ws_host" "$ws_port" nc -z -w 1 "$ws_host" "${ws_port:-443}"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo "Chain endpoint is available" echo "Chain endpoint is available"
@ -45,6 +54,66 @@ while true; do
echo "Chain endpoint not yet available, retrying in $retry_interval seconds..." echo "Chain endpoint not yet available, retrying in $retry_interval seconds..."
sleep $retry_interval sleep $retry_interval
done done
fi
./nitro -chainurl ${CERC_NITRO_CHAIN_URL} -msgport ${CERC_NITRO_MSG_PORT} -rpcport ${CERC_NITRO_RPC_PORT} -wsmsgport ${CERC_NITRO_WS_MSG_PORT} -publicip "0.0.0.0" -pk ${CERC_NITRO_PK} -chainpk ${CERC_NITRO_CHAIN_PK} -naaddress ${NA_ADDRESS} -vpaaddress ${VPA_ADDRESS} -caaddress ${CA_ADDRESS} -usedurablestore ${CERC_NITRO_USE_DURABLE_STORE} -durablestorefolder ${CERC_NITRO_DURABLE_STORE_FOLDER} -tlscertfilepath "" -tlsKeyFilepath "" if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-gui/dist" ]]; then
for f in `ls /app-node/packages/nitro-gui/dist/assets/*.js`; do
sed -i "s#\"CERC_RUNTIME_ENV_RPC_HOST\"#\"localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f"
sed -i "s#\"CERC_RUNTIME_ENV_TARGET_URL\"#\"http://localhost:5678\"#g" "$f"
done
http-server -p $CERC_NITRO_UI_PORT /app-node/packages/nitro-gui/dist &
fi
if [[ -n "$CERC_NITRO_AUTH_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-auth-gui/dist" ]]; then
for f in `ls /app-node/packages/nitro-auth-gui/dist/assets/*.js`; do
sed -i "s#\"CERC_RUNTIME_ENV_RPC_URL\"#\"http://localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f"
sed -i "s#\"CERC_RUNTIME_ENV_TARGET_URL\"#\"http://localhost:5678\"#g" "$f"
done
http-server -p $CERC_NITRO_AUTH_UI_PORT /app-node/packages/nitro-auth-gui/dist &
fi
if [[ "$CERC_NITRO_AUTH_ON" == "true" ]] && [[ -d "/app-node/packages/nitro-auth/dist" ]]; then
bash -c "sleep 6 && cd /app-node/packages/nitro-auth && yarn start" &
fi
if [[ "$CERC_NITRO_RELAY_ON" == "true" ]]; then
if [[ ! -f "/app/deployment/relay-node.json" ]]; then
node /usr/local/lib/node_modules/@cerc-io/peer/dist/cli/create-peer.js \
-f /app/deployment/relay-node.json
fi
DEBUG='laconic:*' node /usr/local/lib/node_modules/@cerc-io/peer/dist/cli/relay.js \
--host 0.0.0.0 \
-f /app/deployment/relay-node.json &
fi
if [[ -z "$CERC_CHAIN_START_BLOCK" ]]; then
if [[ ! -f "/app/deployment/chainstartblock.json" ]]; then
curl --location "$(echo $CERC_NITRO_CHAIN_URL | sed 's/^ws/http/' | sed 's#/ws/#/#')" \
--header 'Content-Type: application/json' \
--data '{
"jsonrpc": "2.0",
"id": 124,
"method": "eth_blockNumber",
"params": []
}' > /app/deployment/chainstartblock.json
fi
CERC_CHAIN_START_BLOCK=$(printf "%d" `cat /app/deployment/chainstartblock.json | jq -r '.result'`)
fi
cd /app
./nitro \
-chainurl ${CERC_NITRO_CHAIN_URL} \
-msgport ${CERC_NITRO_MSG_PORT} \
-rpcport ${CERC_NITRO_RPC_PORT} \
-wsmsgport ${CERC_NITRO_WS_MSG_PORT} \
-publicip "0.0.0.0" \
-pk ${CERC_NITRO_PK:-$CERC_NITRO_CHAIN_PK} \
-chainpk ${CERC_NITRO_CHAIN_PK} \
-naaddress ${NA_ADDRESS} \
-vpaaddress ${VPA_ADDRESS} \
-caaddress ${CA_ADDRESS} \
-usedurablestore=${CERC_NITRO_USE_DURABLE_STORE} \
-durablestorefolder ${CERC_NITRO_DURABLE_STORE_FOLDER} \
-bootpeers "${CERC_NITRO_BOOT_PEERS}" \
-chainstartblock $CERC_CHAIN_START_BLOCK

View File

@ -0,0 +1,99 @@
#!/bin/bash
CERC_NITRO_RPC_FUND_AMOUNT=${CERC_NITRO_RPC_FUND_AMOUNT:-0}
CERC_NITRO_RPC_HOST_ALICE=${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice}
CERC_NITRO_RPC_PORT_ALICE=${CERC_NITRO_RPC_PORT_ALICE:-4006}
CERC_NITRO_USE_TLS=${CERC_NITRO_USE_TLS:-false}
CERC_NITRO_ADDRESS_BOB=${CERC_NITRO_ADDRESS_BOB:-0xe07e314501cc73b24cf45a6577486017300e153c}
# Wait till chain endpoint is available
retry_interval=5
while true; do
nc -z -w 1 "$CERC_NITRO_RPC_HOST_ALICE" "$CERC_NITRO_RPC_PORT_ALICE"
if [ $? -eq 0 ]; then
echo "Nitro endpoint is available"
break
fi
echo "Nitro endpoint not yet available, retrying in $retry_interval seconds..."
sleep $retry_interval
done
if [[ "$CERC_NITRO_RPC_FUND_AMOUNT" -gt 0 ]]; then
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
get-all-ledger-channels | \
jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \
/app/deployment/nitro-ledger-channel-alice-to-bob.json
ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json 2>/dev/null | sed 's/^null$//')
if [[ -z "${ledger_channel}" ]]; then
echo "Creating new ledger channel ..."
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
-n \
direct-fund --amount $CERC_NITRO_RPC_FUND_AMOUNT $CERC_NITRO_ADDRESS_BOB
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
get-all-ledger-channels | \
jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \
/app/deployment/nitro-ledger-channel-alice-to-bob.json
ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json)
fi
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
get-payment-channels-by-ledger $ledger_channel > \
/app/deployment/nitro-payment-channels-alice-to-bob.json
first_open_channel=$(jq '[.[] | select(.Status == "Open")] | first' /app/deployment/nitro-payment-channels-alice-to-bob.json | sed 's/^null$//')
if [[ -z "$first_open_channel" ]]; then
echo "Creating new payment channel ..."
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
-n \
virtual-fund --amount $((CERC_NITRO_RPC_FUND_AMOUNT/2)) $CERC_NITRO_ADDRESS_BOB
nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \
-p $CERC_NITRO_RPC_PORT_ALICE \
-s=$CERC_NITRO_USE_TLS \
get-payment-channels-by-ledger $ledger_channel > \
/app/deployment/nitro-payment-channels-alice-to-bob.json
first_open_channel=$(jq '[.[] | select(.Status == "Open")] | first' /app/deployment/nitro-payment-channels-alice-to-bob.json | sed 's/^null$//')
fi
echo ""
echo "################################################################"
echo ""
echo "LEDGER:"
cat /app/deployment/nitro-ledger-channel-alice-to-bob.json | jq
echo ""
echo ""
echo "PAYMENT:"
cat /app/deployment/nitro-payment-channels-alice-to-bob.json | jq
echo ""
echo ""
fi
if [ -n "$1" ]; then
exec "$@"
exit $?
fi
while [ 1 -eq 1 ]; do
sleep 100
done

View File

@ -8,9 +8,30 @@ COPY . .
RUN go build -v -o nitro . RUN go build -v -o nitro .
# Reduce image size # Reduce image size
FROM debian:bullseye-slim FROM node:18-bullseye-slim as builder-node
RUN apt-get update RUN apt-get update
RUN apt-get install -y ca-certificates jq netcat RUN apt-get install -y make
WORKDIR /app
COPY . .
RUN find . -name 'node_modules' | xargs -n1 rm -rf
RUN find . -name 'dist' | xargs -n1 rm -rf
RUN yarn
WORKDIR /app/packages/nitro-gui
RUN VITE_RPC_HOST=CERC_RUNTIME_ENV_RPC_HOST yarn build
RUN if [ -d /app/packages/nitro-auth-gui ]; then \
cd /app/packages/nitro-auth-gui && \
VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build; \
fi
WORKDIR /app/packages/nitro-auth
RUN if [ -d /app/packages/nitro-auth ]; then cd /app/packages/nitro-auth && yarn build; fi
FROM node:18-bullseye-slim
RUN apt-get update
RUN apt-get install -y ca-certificates jq netcat make curl wget
RUN rm -rf /var/lib/apt/lists/* RUN rm -rf /var/lib/apt/lists/*
RUN npm install -g http-server
RUN npm config set @cerc-io:registry https://git.vdb.to/api/packages/cerc-io/npm/
RUN npm install -g @cerc-io/peer
WORKDIR /app WORKDIR /app
COPY --from=builder /app/nitro . COPY --from=builder /app/nitro .
COPY --from=builder-node /app /app-node

View File

@ -4,9 +4,10 @@ RUN apk --update --no-cache add python3 alpine-sdk bash curl jq
WORKDIR /app WORKDIR /app
COPY . . COPY packages/nitro-rpc-client .
RUN echo "Installing dependencies" && \ RUN echo "Installing dependencies" && \
yarn yarn
RUN cd packages/nitro-rpc-client RUN yarn build
RUN ln -s /app/bin/nitro-rpc-client.js /bin/nitro-rpc-client

View File

@ -0,0 +1,104 @@
# go-nitro-auth
Deploy a stack for demoing Nitro-based auth, using either a local fixturenet (fully self-contained) or remote testnet.
## Local Fixturenet (Self-Contained)
### Clone required repositories
```
$ laconic-so --stack fixturenet-eth setup-repositories
$ laconic-so --stack go-nitro-auth setup-repositories
```
### Build containers
```
$ laconic-so --stack fixturenet-eth build-containers
$ laconic-so --stack go-nitro-auth build-containers
```
### Create a deployment
```
$ laconic-so --stack fixturenet-eth deploy init --output nitro-net.yml
$ laconic-so --stack fixturenet-eth deploy create --spec-file nitro-net.yml --deployment-dir /srv/nitro-net
$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml
$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth
# Place them both in the same namespace (TODO: support setting the deployment name via --cluster).
$ cp /srv/nitro-net/deployment.yml /srv/nitro-auth/deployment.yml
```
### Start the containers
```
$ laconic-so deployment --dir /srv/nitro-net up
$ laconic-so deployment --dir /srv/nitro-auth up
```
### Open the webapp
Visit http://localhost:5678
## Remote Testnet
This example will use the Linea Sepolia testnet.
### Clone required repositories
```
$ laconic-so --stack go-nitro-auth setup-repositories
```
### Build containers
```
$ laconic-so --stack go-nitro-auth build-containers
```
### Create a deployment
```
$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml
$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth
```
### Set your keys, contract addresses, etc.
You must set the private keys for two accounts with funds on the target network, as well as the contract addresses
(if they already exist) or else an account to create them. You must also set the URL to use for WebSocket connections,
eg, `wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>`
#### Config
```
$ vim /srv/nitro-auth/config.env
# Addresses of existing contracts.
CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636"
CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# Else the private key of an account and RPC URL to use create them.
CERC_PRIVATE_KEY_DEPLOYER=<PRIV_KEY_HERE>
CERC_ETH_RPC_ENDPOINT=https://rpc.sepolia.linea.build
# The WebSocket chain URL.
CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_HERE>
# Private key for "Alice" account (payer)
CERC_NITRO_CHAIN_PK_ALICE=<ALICE_PRIVATE_KEY_HERE>
# Private key for "Bob" account (payee)
CERC_NITRO_CHAIN_PK_BOB=<BOB_PRIVATE_KEY_HERE>
```
### Start the stack
```
$ laconic-so deployment --dir /srv/nitro-auth up
```
### Open the webapp
Visit http://localhost:5678

View File

@ -0,0 +1,16 @@
version: "1.0"
name: go-nitro-auth
description: "Stack to demonstrate payments between various services"
repos:
# for nitro-contracts
- github.com/cerc-io/ts-nitro@v0.1.15
# for go-nitro and nitro-rpc-client
- github.com/cerc-io/go-nitro@telackey/update
containers:
# nitro
- cerc/nitro-contracts
- cerc/go-nitro
- cerc/nitro-rpc-client
pods:
- nitro-contracts
- go-nitro-auth

View File

@ -39,11 +39,12 @@ def process_app_deployment_request(
app_deployment_request, app_deployment_request,
deployment_record_namespace, deployment_record_namespace,
dns_record_namespace, dns_record_namespace,
dns_suffix, default_dns_suffix,
deployment_parent_dir, deployment_parent_dir,
kube_config, kube_config,
image_registry, image_registry,
force_rebuild, force_rebuild,
fqdn_policy,
logger logger
): ):
logger.log("BEGIN - process_app_deployment_request") logger.log("BEGIN - process_app_deployment_request")
@ -56,14 +57,15 @@ def process_app_deployment_request(
requested_name = hostname_for_deployment_request(app_deployment_request, laconic) requested_name = hostname_for_deployment_request(app_deployment_request, laconic)
logger.log(f"Determined requested name: {requested_name}") logger.log(f"Determined requested name: {requested_name}")
# HACK
if "." in requested_name: if "." in requested_name:
raise Exception("Only unqualified hostnames allowed at this time.") if "allow" == fqdn_policy or "preexisting" == fqdn_policy:
fqdn = requested_name
fqdn = f"{requested_name}.{dns_suffix}" else:
raise Exception(f"{requested_name} is invalid: only unqualified hostnames are allowed.")
else:
fqdn = f"{requested_name}.{default_dns_suffix}"
# 3. check ownership of existing dnsrecord vs this request # 3. check ownership of existing dnsrecord vs this request
# TODO: Support foreign DNS
dns_crn = f"{dns_record_namespace}/{fqdn}" dns_crn = f"{dns_record_namespace}/{fqdn}"
dns_record = laconic.get_record(dns_crn) dns_record = laconic.get_record(dns_crn)
if dns_record: if dns_record:
@ -75,7 +77,9 @@ def process_app_deployment_request(
logger.log(f"Matched DnsRecord ownership: {matched_owner}") logger.log(f"Matched DnsRecord ownership: {matched_owner}")
else: else:
raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" % raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" %
(dns_record.id, app_deployment_request.id)) (dns_crn, app_deployment_request.id))
elif "preexisting" == fqdn_policy:
raise Exception(f"No pre-existing DnsRecord {dns_crn} could be found for request {app_deployment_request.id}.")
# 4. get build and runtime config from request # 4. get build and runtime config from request
env_filename = None env_filename = None
@ -191,6 +195,7 @@ def dump_known_requests(filename, requests, status="SEEN"):
@click.option("--state-file", help="File to store state about previously seen requests.") @click.option("--state-file", help="File to store state about previously seen requests.")
@click.option("--only-update-state", help="Only update the state file, don't process any requests anything.", is_flag=True) @click.option("--only-update-state", help="Only update the state file, don't process any requests anything.", is_flag=True)
@click.option("--dns-suffix", help="DNS domain to use eg, laconic.servesthe.world") @click.option("--dns-suffix", help="DNS domain to use eg, laconic.servesthe.world")
@click.option("--fqdn-policy", help="How to handle requests with an FQDN: prohibit, allow, preexisting", default="prohibit")
@click.option("--record-namespace-dns", help="eg, crn://laconic/dns") @click.option("--record-namespace-dns", help="eg, crn://laconic/dns")
@click.option("--record-namespace-deployments", help="eg, crn://laconic/deployments") @click.option("--record-namespace-deployments", help="eg, crn://laconic/deployments")
@click.option("--dry-run", help="Don't do anything, just report what would be done.", is_flag=True) @click.option("--dry-run", help="Don't do anything, just report what would be done.", is_flag=True)
@ -201,7 +206,7 @@ def dump_known_requests(filename, requests, status="SEEN"):
@click.pass_context @click.pass_context
def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_dir, # noqa: C901 def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_dir, # noqa: C901
request_id, discover, state_file, only_update_state, request_id, discover, state_file, only_update_state,
dns_suffix, record_namespace_dns, record_namespace_deployments, dry_run, dns_suffix, fqdn_policy, record_namespace_dns, record_namespace_deployments, dry_run,
include_tags, exclude_tags, force_rebuild, log_dir): include_tags, exclude_tags, force_rebuild, log_dir):
if request_id and discover: if request_id and discover:
print("Cannot specify both --request-id and --discover", file=sys.stderr) print("Cannot specify both --request-id and --discover", file=sys.stderr)
@ -220,6 +225,10 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
print("--dns-suffix, --record-namespace-dns, and --record-namespace-deployments are all required", file=sys.stderr) print("--dns-suffix, --record-namespace-dns, and --record-namespace-deployments are all required", file=sys.stderr)
sys.exit(2) sys.exit(2)
if fqdn_policy not in ["prohibit", "allow", "preexisting"]:
print("--fqdn-policy must be one of 'prohibit', 'allow', or 'preexisting'", file=sys.stderr)
sys.exit(2)
# Split CSV and clean up values. # Split CSV and clean up values.
include_tags = [tag.strip() for tag in include_tags.split(",") if tag] include_tags = [tag.strip() for tag in include_tags.split(",") if tag]
exclude_tags = [tag.strip() for tag in exclude_tags.split(",") if tag] exclude_tags = [tag.strip() for tag in exclude_tags.split(",") if tag]
@ -334,6 +343,7 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
kube_config, kube_config,
image_registry, image_registry,
force_rebuild, force_rebuild,
fqdn_policy,
logger logger
) )
status = "DEPLOYED" status = "DEPLOYED"