add auth for grpc merge mining proxy

tari-project · Aug 31, 2022 · 25a763b · 25a763b
1 parent 095196b
commit 25a763b
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 9 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/applications/tari_merge_mining_proxy/Cargo.toml b/applications/tari_merge_mining_proxy/Cargo.toml
@@ -14,6 +14,7 @@ envlog = ["env_logger"]
 [dependencies]
 tari_app_grpc = { path = "../tari_app_grpc" }
 tari_common = { path = "../../common" }
+tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_core = { path = "../../base_layer/core", default-features = false, features = ["transactions"] }
 tari_app_utilities = { path = "../tari_app_utilities" }

diff --git a/applications/tari_merge_mining_proxy/src/block_template_protocol.rs b/applications/tari_merge_mining_proxy/src/block_template_protocol.rs
@@ -25,7 +25,7 @@
 use std::cmp;
 
 use log::*;
-use tari_app_grpc::tari_rpc as grpc;
+use tari_app_grpc::{authentication::ClientAuthenticationInterceptor, tari_rpc as grpc};
 use tari_core::proof_of_work::{monero_rx, monero_rx::FixedByteArray, Difficulty};
 
 use crate::{
@@ -39,13 +39,17 @@ const LOG_TARGET: &str = "tari_mm_proxy::proxy::block_template_protocol";
 /// Structure holding grpc connections.
 pub struct BlockTemplateProtocol<'a> {
     base_node_client: &'a mut grpc::base_node_client::BaseNodeClient<tonic::transport::Channel>,
-    wallet_client: &'a mut grpc::wallet_client::WalletClient<tonic::transport::Channel>,
+    wallet_client: &'a mut grpc::wallet_client::WalletClient<
+        tonic::codegen::InterceptedService<tonic::transport::Channel, ClientAuthenticationInterceptor>,
+    >,
 }
 
 impl<'a> BlockTemplateProtocol<'a> {
     pub fn new(
         base_node_client: &'a mut grpc::base_node_client::BaseNodeClient<tonic::transport::Channel>,
-        wallet_client: &'a mut grpc::wallet_client::WalletClient<tonic::transport::Channel>,
+        wallet_client: &'a mut grpc::wallet_client::WalletClient<
+            tonic::codegen::InterceptedService<tonic::transport::Channel, ClientAuthenticationInterceptor>,
+        >,
     ) -> Self {
         Self {
             base_node_client,

diff --git a/applications/tari_merge_mining_proxy/src/config.rs b/applications/tari_merge_mining_proxy/src/config.rs
@@ -22,6 +22,7 @@
 
 use serde::{Deserialize, Serialize};
 use tari_common::{configuration::StringList, SubConfigPath};
+use tari_common_types::grpc_authentication::GrpcAuthentication;
 use tari_comms::multiaddr::Multiaddr;
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -41,6 +42,8 @@ pub struct MergeMiningProxyConfig {
     pub base_node_grpc_address: Multiaddr,
     /// The Tari console wallet's GRPC address
     pub console_wallet_grpc_address: Multiaddr,
+    /// GRPC authentication for console wallet
+    pub console_wallet_grpc_authentication: GrpcAuthentication,
     /// Address of the tari_merge_mining_proxy application
     pub listener_address: Multiaddr,
     /// In sole merged mining, the block solution is usually submitted to the Monero blockchain (monerod) as well as to
@@ -69,6 +72,7 @@ impl Default for MergeMiningProxyConfig {
             monerod_use_auth: false,
             base_node_grpc_address: "/ip4/127.0.0.1/tcp/18142".parse().unwrap(),
             console_wallet_grpc_address: "/ip4/127.0.0.1/tcp/18143".parse().unwrap(),
+            console_wallet_grpc_authentication: GrpcAuthentication::default(),
             listener_address: "/ip4/127.0.0.1/tcp/18081".parse().unwrap(),
             submit_to_origin: true,
             wait_for_initial_sync_at_startup: true,

diff --git a/applications/tari_merge_mining_proxy/src/error.rs b/applications/tari_merge_mining_proxy/src/error.rs
@@ -26,10 +26,11 @@ use std::io;
 
 use hex::FromHexError;
 use hyper::header::InvalidHeaderValue;
+use tari_app_grpc::authentication::BasicAuthError;
 use tari_common::{ConfigError, ConfigurationError};
 use tari_core::{proof_of_work::monero_rx::MergeMineError, transactions::CoinbaseBuildError};
 use thiserror::Error;
-use tonic::transport;
+use tonic::{codegen::http::uri::InvalidUri, transport};
 
 #[derive(Debug, Error)]
 pub enum MmProxyError {
@@ -42,6 +43,8 @@ pub enum MmProxyError {
         #[from]
         source: MergeMineError,
     },
+    #[error("Invalid URI: {0}")]
+    InvalidUriError(#[from] InvalidUri),
     #[error("Reqwest error: {0}")]
     ReqwestError(#[from] reqwest::Error),
     #[error("Missing data:{0}")]
@@ -50,6 +53,8 @@ pub enum MmProxyError {
     IoError(#[from] io::Error),
     #[error("Tonic transport error: {0}")]
     TonicTransportError(#[from] transport::Error),
+    #[error("Grpc authentication error: {0}")]
+    GRPCAuthenticationError(#[from] BasicAuthError),
     #[error("GRPC response did not contain the expected field: `{0}`")]
     GrpcResponseMissingField(&'static str),
     #[error("Hyper error: {0}")]

diff --git a/applications/tari_merge_mining_proxy/src/main.rs b/applications/tari_merge_mining_proxy/src/main.rs
@@ -34,6 +34,7 @@ mod test;
 use std::{
     convert::Infallible,
     io::{stdout, Write},
+    str::FromStr,
 };
 
 use clap::Parser;
@@ -42,12 +43,16 @@ use futures::future;
 use hyper::{service::make_service_fn, Server};
 use log::*;
 use proxy::MergeMiningProxyService;
-use tari_app_grpc::tari_rpc as grpc;
+use tari_app_grpc::{authentication::ClientAuthenticationInterceptor, tari_rpc as grpc};
 use tari_app_utilities::consts;
 use tari_common::{initialize_logging, load_configuration, DefaultConfigLoader};
 use tari_comms::utils::multiaddr::multiaddr_to_socketaddr;
 use tari_core::proof_of_work::randomx_factory::RandomXFactory;
 use tokio::time::Duration;
+use tonic::{
+    codegen::InterceptedService,
+    transport::{Channel, Endpoint},
+};
 
 use crate::{
     block_template_data::BlockTemplateRepository,
@@ -57,6 +62,23 @@ use crate::{
 };
 const LOG_TARGET: &str = "tari_mm_proxy::proxy";
 
+type WalletGrpcClient = grpc::wallet_client::WalletClient<InterceptedService<Channel, ClientAuthenticationInterceptor>>;
+
+async fn connect_wallet_with_authenticator(config: &MergeMiningProxyConfig) -> Result<WalletGrpcClient, MmProxyError> {
+    let wallet_addr = format!(
+        "http://{}",
+        multiaddr_to_socketaddr(&config.console_wallet_grpc_address)?
+    );
+    info!(target: LOG_TARGET, "👛 Connecting to wallet at {}", wallet_addr);
+    let channel = Endpoint::from_str(&wallet_addr)?.connect().await?;
+    let wallet_conn = grpc::wallet_client::WalletClient::with_interceptor(
+        channel,
+        ClientAuthenticationInterceptor::create(&config.console_wallet_grpc_authentication)?,
+    );
+
+    Ok(wallet_conn)
+}
+
 #[tokio::main]
 async fn main() -> Result<(), anyhow::Error> {
     let terminal_title = format!("Tari Merge Mining Proxy - Version {}", consts::APP_VERSION);
@@ -90,7 +112,7 @@ async fn main() -> Result<(), anyhow::Error> {
     let wallet = multiaddr_to_socketaddr(&config.console_wallet_grpc_address)?;
     info!(target: LOG_TARGET, "Connecting to wallet at {}", wallet);
     println!("Connecting to wallet at {}", wallet);
-    let wallet_client = grpc::wallet_client::WalletClient::connect(format!("http://{}", wallet)).await?;
+    let wallet_client = connect_wallet_with_authenticator(&config).await?;
     let listen_addr = multiaddr_to_socketaddr(&config.listener_address)?;
     let randomx_factory = RandomXFactory::new(config.max_randomx_vms);
     let xmrig_service = MergeMiningProxyService::new(

diff --git a/applications/tari_merge_mining_proxy/src/proxy.rs b/applications/tari_merge_mining_proxy/src/proxy.rs
@@ -40,7 +40,7 @@ use json::json;
 use jsonrpc::error::StandardError;
 use reqwest::{ResponseBuilderExt, Url};
 use serde_json as json;
-use tari_app_grpc::tari_rpc as grpc;
+use tari_app_grpc::{authentication::ClientAuthenticationInterceptor, tari_rpc as grpc};
 use tari_core::{
     consensus::ConsensusEncoding,
     proof_of_work::{monero_difficulty, monero_rx, monero_rx::FixedByteArray, randomx_factory::RandomXFactory},
@@ -62,6 +62,9 @@ pub(crate) const MMPROXY_AUX_KEY_NAME: &str = "_aux";
 /// The identifier used to identify the tari aux chain data
 const TARI_CHAIN_ID: &str = "xtr";
 
+type WalletClient = grpc::wallet_client::WalletClient<
+    tonic::codegen::InterceptedService<tonic::transport::Channel, ClientAuthenticationInterceptor>,
+>;
 #[derive(Debug, Clone)]
 pub struct MergeMiningProxyService {
     inner: InnerService,
@@ -72,7 +75,7 @@ impl MergeMiningProxyService {
         config: MergeMiningProxyConfig,
         http_client: reqwest::Client,
         base_node_client: grpc::base_node_client::BaseNodeClient<tonic::transport::Channel>,
-        wallet_client: grpc::wallet_client::WalletClient<tonic::transport::Channel>,
+        wallet_client: WalletClient,
         block_templates: BlockTemplateRepository,
         randomx_factory: RandomXFactory,
     ) -> Self {
@@ -154,7 +157,9 @@ struct InnerService {
     block_templates: BlockTemplateRepository,
     http_client: reqwest::Client,
     base_node_client: grpc::base_node_client::BaseNodeClient<tonic::transport::Channel>,
-    wallet_client: grpc::wallet_client::WalletClient<tonic::transport::Channel>,
+    wallet_client: grpc::wallet_client::WalletClient<
+        tonic::codegen::InterceptedService<tonic::transport::Channel, ClientAuthenticationInterceptor>,
+    >,
     initial_sync_achieved: Arc<AtomicBool>,
     current_monerod_server: Arc<RwLock<Option<String>>>,
     last_assigned_monerod_server: Arc<RwLock<Option<String>>>,