From 929d50b5898cd16f45253ed4a6b2f112fca0884d Mon Sep 17 00:00:00 2001 From: Skipper Date: Sat, 18 Apr 2026 13:29:45 +0200 Subject: [PATCH] housekeeping(server): clean too-broad visibility markers and organize imports --- server/crates/arbiter-client/src/auth.rs | 10 ++--- .../arbiter-client/src/bin/test_connect.rs | 4 +- server/crates/arbiter-client/src/client.rs | 21 +++++---- server/crates/arbiter-client/src/storage.rs | 1 + server/crates/arbiter-client/src/transport.rs | 1 + .../crates/arbiter-client/src/wallets/evm.rs | 21 +++++---- server/crates/arbiter-crypto/src/hashing.rs | 3 +- server/crates/arbiter-crypto/src/safecell.rs | 8 ++-- server/crates/arbiter-macros/src/hashable.rs | 8 ++-- server/crates/arbiter-macros/src/utils.rs | 8 ++-- server/crates/arbiter-proto/src/transport.rs | 4 +- .../arbiter-proto/src/transport/grpc.rs | 4 +- server/crates/arbiter-proto/src/url.rs | 3 +- .../arbiter-server/src/actors/bootstrap.rs | 4 +- .../arbiter-server/src/actors/evm/mod.rs | 16 +++---- .../client_connect_approval.rs | 15 +++---- .../src/actors/flow_coordinator/mod.rs | 17 ++++---- .../crates/arbiter-server/src/actors/mod.rs | 17 +++----- .../src/actors/useragent_registry.rs | 11 +++-- .../arbiter-server/src/actors/vault/mod.rs | 32 +++++++------- .../crates/arbiter-server/src/context/mod.rs | 7 ++- .../crates/arbiter-server/src/context/tls.rs | 26 ++++++----- .../src/crypto/encryption/v1.rs | 7 ++- .../arbiter-server/src/crypto/integrity/v1.rs | 16 +++---- .../crates/arbiter-server/src/crypto/mod.rs | 10 ++--- server/crates/arbiter-server/src/db/mod.rs | 1 - server/crates/arbiter-server/src/db/models.rs | 2 +- server/crates/arbiter-server/src/evm/mod.rs | 24 +++++------ .../crates/arbiter-server/src/evm/policies.rs | 14 +++--- .../src/evm/policies/ether_transfer/mod.rs | 43 ++++++++++--------- .../src/evm/policies/ether_transfer/tests.rs | 35 +++++++-------- .../src/evm/policies/token_transfers/mod.rs | 40 +++++++++-------- .../src/evm/policies/token_transfers/tests.rs | 39 +++++++++-------- .../arbiter-server/src/evm/safe_signer.rs | 4 +- server/crates/arbiter-server/src/evm/utils.rs | 12 +++--- .../crates/arbiter-server/src/grpc/client.rs | 10 ++--- .../arbiter-server/src/grpc/client/auth.rs | 18 ++++---- .../arbiter-server/src/grpc/client/evm.rs | 16 +++---- .../arbiter-server/src/grpc/client/vault.rs | 10 ++--- .../crates/arbiter-server/src/grpc/common.rs | 4 +- .../arbiter-server/src/grpc/common/inbound.rs | 8 ++-- .../src/grpc/common/outbound.rs | 16 +++---- server/crates/arbiter-server/src/grpc/mod.rs | 6 +-- .../src/grpc/request_tracker.rs | 6 +-- .../arbiter-server/src/grpc/user_agent.rs | 14 +++--- .../src/grpc/user_agent/auth.rs | 20 ++------- .../arbiter-server/src/grpc/user_agent/evm.rs | 30 ++++++------- .../src/grpc/user_agent/inbound.rs | 32 +++++++------- .../src/grpc/user_agent/outbound.rs | 12 +++--- .../src/grpc/user_agent/sdk_client.rs | 24 +++++------ .../src/grpc/user_agent/vault.rs | 23 ++++++---- .../src/grpc/user_agent/vault_gate.rs | 10 ++--- .../src/grpc/user_agent/vault_gate/inbound.rs | 14 +++--- .../grpc/user_agent/vault_gate/outbound.rs | 12 +++--- server/crates/arbiter-server/src/main.rs | 6 +-- .../arbiter-server/src/peers/client/auth.rs | 29 ++++++------- .../arbiter-server/src/peers/client/mod.rs | 12 +++--- .../src/peers/client/session.rs | 10 ++--- .../src/peers/user_agent/auth/mod.rs | 7 ++- .../src/peers/user_agent/auth/state.rs | 40 +++++++++-------- .../src/peers/user_agent/mod.rs | 10 ++--- .../src/peers/user_agent/session/handlers.rs | 37 ++++++---------- .../src/peers/user_agent/session/mod.rs | 27 ++++-------- .../src/peers/user_agent/vault_gate/mod.rs | 22 +++++----- .../src/peers/user_agent/vault_gate/state.rs | 5 --- .../arbiter-server/tests/client/auth.rs | 20 +++++---- .../crates/arbiter-server/tests/common/mod.rs | 8 ++-- .../arbiter-server/tests/user_agent/auth.rs | 27 +++++++----- .../arbiter-server/tests/user_agent/unseal.rs | 8 ++-- .../arbiter-server/tests/vault/concurrency.rs | 6 +-- .../arbiter-server/tests/vault/lifecycle.rs | 3 +- .../arbiter-server/tests/vault/storage.rs | 6 +-- 72 files changed, 507 insertions(+), 549 deletions(-) diff --git a/server/crates/arbiter-client/src/auth.rs b/server/crates/arbiter-client/src/auth.rs index d9d4dbb..150f8cf 100644 --- a/server/crates/arbiter-client/src/auth.rs +++ b/server/crates/arbiter-client/src/auth.rs @@ -1,3 +1,7 @@ +use crate::{ + storage::StorageError, + transport::{ClientTransport, next_request_id}, +}; use arbiter_crypto::authn::{self, CLIENT_CONTEXT, SigningKey}; use arbiter_proto::{ ClientMetadata, @@ -15,12 +19,8 @@ use arbiter_proto::{ shared::ClientInfo as ProtoClientInfo, }, }; -use chrono::DateTime; -use crate::{ - storage::StorageError, - transport::{ClientTransport, next_request_id}, -}; +use chrono::DateTime; #[derive(Debug, thiserror::Error)] pub enum AuthError { diff --git a/server/crates/arbiter-client/src/bin/test_connect.rs b/server/crates/arbiter-client/src/bin/test_connect.rs index 311d333..fad1f6b 100644 --- a/server/crates/arbiter-client/src/bin/test_connect.rs +++ b/server/crates/arbiter-client/src/bin/test_connect.rs @@ -1,8 +1,8 @@ -use std::io::{self, Write}; - use arbiter_client::ArbiterClient; use arbiter_proto::{ClientMetadata, url::ArbiterUrl}; +use std::io::{self, Write}; + #[tokio::main] async fn main() { println!("Testing connection to Arbiter server..."); diff --git a/server/crates/arbiter-client/src/client.rs b/server/crates/arbiter-client/src/client.rs index b540647..dd6be98 100644 --- a/server/crates/arbiter-client/src/client.rs +++ b/server/crates/arbiter-client/src/client.rs @@ -1,21 +1,20 @@ -use arbiter_crypto::authn::SigningKey; -use arbiter_proto::{ - ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl, -}; -use std::sync::Arc; -use tokio::sync::{Mutex, mpsc}; -use tokio_stream::wrappers::ReceiverStream; -use tonic::transport::ClientTlsConfig; - +#[cfg(feature = "evm")] +use crate::wallets::evm::ArbiterEvmWallet; use crate::{ StorageError, auth::{AuthError, authenticate}, storage::{FileSigningKeyStorage, SigningKeyStorage}, transport::{BUFFER_LENGTH, ClientTransport}, }; +use arbiter_crypto::authn::SigningKey; +use arbiter_proto::{ + ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl, +}; -#[cfg(feature = "evm")] -use crate::wallets::evm::ArbiterEvmWallet; +use std::sync::Arc; +use tokio::sync::{Mutex, mpsc}; +use tokio_stream::wrappers::ReceiverStream; +use tonic::transport::ClientTlsConfig; #[derive(Debug, thiserror::Error)] pub enum Error { diff --git a/server/crates/arbiter-client/src/storage.rs b/server/crates/arbiter-client/src/storage.rs index 55d4a46..ca7450a 100644 --- a/server/crates/arbiter-client/src/storage.rs +++ b/server/crates/arbiter-client/src/storage.rs @@ -1,5 +1,6 @@ use arbiter_crypto::authn::SigningKey; use arbiter_proto::home_path; + use std::path::{Path, PathBuf}; #[derive(Debug, thiserror::Error)] diff --git a/server/crates/arbiter-client/src/transport.rs b/server/crates/arbiter-client/src/transport.rs index 7332e89..26e3ba3 100644 --- a/server/crates/arbiter-client/src/transport.rs +++ b/server/crates/arbiter-client/src/transport.rs @@ -1,4 +1,5 @@ use arbiter_proto::proto::client::{ClientRequest, ClientResponse}; + use std::sync::atomic::{AtomicI32, Ordering}; use tokio::sync::mpsc; diff --git a/server/crates/arbiter-client/src/wallets/evm.rs b/server/crates/arbiter-client/src/wallets/evm.rs index 5c975c9..f26e969 100644 --- a/server/crates/arbiter-client/src/wallets/evm.rs +++ b/server/crates/arbiter-client/src/wallets/evm.rs @@ -1,13 +1,4 @@ -use alloy::{ - consensus::SignableTransaction, - network::TxSigner, - primitives::{Address, B256, ChainId, Signature}, - signers::{Error, Result, Signer}, -}; -use async_trait::async_trait; -use std::sync::Arc; -use tokio::sync::Mutex; - +use crate::transport::{ClientTransport, next_request_id}; use arbiter_proto::proto::{ client::{ ClientRequest, @@ -25,7 +16,15 @@ use arbiter_proto::proto::{ shared::evm::TransactionEvalError, }; -use crate::transport::{ClientTransport, next_request_id}; +use alloy::{ + consensus::SignableTransaction, + network::TxSigner, + primitives::{Address, B256, ChainId, Signature}, + signers::{Error, Result, Signer}, +}; +use async_trait::async_trait; +use std::sync::Arc; +use tokio::sync::Mutex; /// A typed error payload returned by [`ArbiterEvmWallet`] transaction signing. /// diff --git a/server/crates/arbiter-crypto/src/hashing.rs b/server/crates/arbiter-crypto/src/hashing.rs index 48b54ee..5f3de8d 100644 --- a/server/crates/arbiter-crypto/src/hashing.rs +++ b/server/crates/arbiter-crypto/src/hashing.rs @@ -1,6 +1,7 @@ -pub use hmac::digest::Digest; use std::collections::HashSet; +pub use hmac::digest::Digest; + /// Deterministically hash a value by feeding its fields into the hasher in a consistent order. #[diagnostic::on_unimplemented( note = "for local types consider adding `#[derive(arbiter_macros::Hashable)]` to your `{Self}` type", diff --git a/server/crates/arbiter-crypto/src/safecell.rs b/server/crates/arbiter-crypto/src/safecell.rs index 80dc57e..391730d 100644 --- a/server/crates/arbiter-crypto/src/safecell.rs +++ b/server/crates/arbiter-crypto/src/safecell.rs @@ -1,7 +1,9 @@ -use std::ops::{Deref, DerefMut}; -use std::{any::type_name, fmt}; - use memsafe::MemSafe; +use std::{ + any::type_name, + fmt, + ops::{Deref, DerefMut}, +}; pub trait SafeCellHandle { type CellRead<'a>: Deref diff --git a/server/crates/arbiter-macros/src/hashable.rs b/server/crates/arbiter-macros/src/hashable.rs index 7473497..a175987 100644 --- a/server/crates/arbiter-macros/src/hashable.rs +++ b/server/crates/arbiter-macros/src/hashable.rs @@ -1,10 +1,8 @@ +use crate::utils::{HASHABLE_TRAIT_PATH, HMAC_DIGEST_PATH}; + use proc_macro2::{Span, TokenStream, TokenTree}; use quote::quote; -use syn::parse_quote; -use syn::spanned::Spanned; -use syn::{DataStruct, DeriveInput, Fields, Generics, Index}; - -use crate::utils::{HASHABLE_TRAIT_PATH, HMAC_DIGEST_PATH}; +use syn::{DataStruct, DeriveInput, Fields, Generics, Index, parse_quote, spanned::Spanned}; pub(crate) fn derive(input: &DeriveInput) -> TokenStream { match &input.data { diff --git a/server/crates/arbiter-macros/src/utils.rs b/server/crates/arbiter-macros/src/utils.rs index 460aa94..d4f792b 100644 --- a/server/crates/arbiter-macros/src/utils.rs +++ b/server/crates/arbiter-macros/src/utils.rs @@ -1,7 +1,7 @@ -pub struct ToPath(pub &'static str); +pub(crate) struct ToPath(pub(crate) &'static str); impl ToPath { - pub fn to_path(&self) -> syn::Path { + pub(crate) fn to_path(&self) -> syn::Path { syn::parse_str(self.0).expect("Invalid path") } } @@ -15,5 +15,5 @@ macro_rules! ensure_path { }}; } -pub const HASHABLE_TRAIT_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Hashable); -pub const HMAC_DIGEST_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Digest); +pub(crate) const HASHABLE_TRAIT_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Hashable); +pub(crate) const HMAC_DIGEST_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Digest); diff --git a/server/crates/arbiter-proto/src/transport.rs b/server/crates/arbiter-proto/src/transport.rs index dcf517b..afa641b 100644 --- a/server/crates/arbiter-proto/src/transport.rs +++ b/server/crates/arbiter-proto/src/transport.rs @@ -54,11 +54,9 @@ //! as a closed outbound channel. //! - [`Bi::recv`] returns `None` when the underlying transport closes. //! - Message translation is intentionally out of scope for this module. - -use std::marker::PhantomData; - use async_trait::async_trait; use kameo::{error::Infallible, prelude::*}; +use std::marker::PhantomData; /// Errors returned by transport adapters implementing [`Bi`]. #[derive(thiserror::Error, Debug)] diff --git a/server/crates/arbiter-proto/src/transport/grpc.rs b/server/crates/arbiter-proto/src/transport/grpc.rs index e0959e0..17b3c27 100644 --- a/server/crates/arbiter-proto/src/transport/grpc.rs +++ b/server/crates/arbiter-proto/src/transport/grpc.rs @@ -1,10 +1,10 @@ +use super::{Bi, Receiver, Sender}; + use async_trait::async_trait; use futures::StreamExt; use tokio::sync::mpsc; use tokio_stream::wrappers::ReceiverStream; -use super::{Bi, Receiver, Sender}; - pub struct GrpcSender { tx: mpsc::Sender>, } diff --git a/server/crates/arbiter-proto/src/url.rs b/server/crates/arbiter-proto/src/url.rs index 321df0b..7e1ee52 100644 --- a/server/crates/arbiter-proto/src/url.rs +++ b/server/crates/arbiter-proto/src/url.rs @@ -1,7 +1,6 @@ -use std::fmt::Display; - use base64::{Engine as _, prelude::BASE64_URL_SAFE}; use rustls_pki_types::CertificateDer; +use std::fmt::Display; const ARBITER_URL_SCHEME: &str = "arbiter"; const CERT_QUERY_KEY: &str = "cert"; diff --git a/server/crates/arbiter-server/src/actors/bootstrap.rs b/server/crates/arbiter-server/src/actors/bootstrap.rs index cef154a..01c246d 100644 --- a/server/crates/arbiter-server/src/actors/bootstrap.rs +++ b/server/crates/arbiter-server/src/actors/bootstrap.rs @@ -1,13 +1,13 @@ +use crate::db::{self, DatabasePool, schema}; use arbiter_proto::{BOOTSTRAP_PATH, home_path}; + use diesel::QueryDsl; use diesel_async::RunQueryDsl; use kameo::{Actor, messages}; - use rand::{RngExt, distr::Alphanumeric, make_rng, rngs::StdRng}; use subtle::ConstantTimeEq as _; use thiserror::Error; -use crate::db::{self, DatabasePool, schema}; const TOKEN_LENGTH: usize = 64; pub async fn generate_token() -> Result { diff --git a/server/crates/arbiter-server/src/actors/evm/mod.rs b/server/crates/arbiter-server/src/actors/evm/mod.rs index 5520ca1..7623afd 100644 --- a/server/crates/arbiter-server/src/actors/evm/mod.rs +++ b/server/crates/arbiter-server/src/actors/evm/mod.rs @@ -1,11 +1,3 @@ -use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; -use diesel::{ - ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into, -}; -use diesel_async::RunQueryDsl; -use kameo::{Actor, actor::ActorRef, messages}; -use rand::{SeedableRng, rng, rngs::StdRng}; - use crate::{ actors::vault::{CreateNew, Decrypt, Vault}, crypto::integrity, @@ -24,6 +16,14 @@ use crate::{ }; use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; +use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; +use diesel::{ + ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into, +}; +use diesel_async::RunQueryDsl; +use kameo::{Actor, actor::ActorRef, messages}; +use rand::{SeedableRng, rng, rngs::StdRng}; + pub use crate::evm::safe_signer; #[derive(Debug, thiserror::Error)] diff --git a/server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs b/server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs index 4868c72..9249ce2 100644 --- a/server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs +++ b/server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs @@ -1,11 +1,3 @@ -use std::ops::ControlFlow; - -use kameo::{ - Actor, messages, - prelude::{ActorId, ActorRef, ActorStopReason, Context, WeakActorRef}, - reply::ReplySender, -}; - use crate::{ actors::flow_coordinator::ApprovalError, peers::{ @@ -14,6 +6,13 @@ use crate::{ }, }; +use kameo::{ + Actor, messages, + prelude::{ActorId, ActorRef, ActorStopReason, Context, WeakActorRef}, + reply::ReplySender, +}; +use std::ops::ControlFlow; + pub struct Args { pub client: ClientProfile, pub user_agents: Vec>, diff --git a/server/crates/arbiter-server/src/actors/flow_coordinator/mod.rs b/server/crates/arbiter-server/src/actors/flow_coordinator/mod.rs index 20fee53..64a1999 100644 --- a/server/crates/arbiter-server/src/actors/flow_coordinator/mod.rs +++ b/server/crates/arbiter-server/src/actors/flow_coordinator/mod.rs @@ -1,4 +1,10 @@ -use std::{collections::HashMap, ops::ControlFlow}; +use crate::{ + actors::{ + flow_coordinator::client_connect_approval::ClientApprovalController, + useragent_registry::{GetConnected, UserAgentRegistry}, + }, + peers::client::{ClientProfile, session::ClientSession}, +}; use kameo::{ Actor, @@ -7,16 +13,9 @@ use kameo::{ prelude::{ActorStopReason, Context, WeakActorRef}, reply::DelegatedReply, }; +use std::{collections::HashMap, ops::ControlFlow}; use tracing::info; -use crate::{ - actors::{ - flow_coordinator::client_connect_approval::ClientApprovalController, - useragent_registry::{GetConnected, UserAgentRegistry}, - }, - peers::client::{ClientProfile, session::ClientSession}, -}; - pub mod client_connect_approval; pub struct FlowCoordinator { diff --git a/server/crates/arbiter-server/src/actors/mod.rs b/server/crates/arbiter-server/src/actors/mod.rs index 6b01dd8..e28f12c 100644 --- a/server/crates/arbiter-server/src/actors/mod.rs +++ b/server/crates/arbiter-server/src/actors/mod.rs @@ -1,23 +1,20 @@ -use kameo::actor::{ActorRef, Spawn}; -use kameo_actors::{DeliveryStrategy, message_bus::MessageBus}; -use thiserror::Error; - use crate::{ actors::{ - bootstrap::Bootstrapper, - evm::EvmActor, - flow_coordinator::FlowCoordinator, - useragent_registry::UserAgentRegistry, - vault::Vault, + bootstrap::Bootstrapper, evm::EvmActor, flow_coordinator::FlowCoordinator, + useragent_registry::UserAgentRegistry, vault::Vault, }, db, }; +use kameo::actor::{ActorRef, Spawn}; +use kameo_actors::{DeliveryStrategy, message_bus::MessageBus}; +use thiserror::Error; + pub mod bootstrap; pub mod evm; pub mod flow_coordinator; -pub mod vault; pub mod useragent_registry; +pub mod vault; #[derive(Error, Debug)] pub enum SpawnError { diff --git a/server/crates/arbiter-server/src/actors/useragent_registry.rs b/server/crates/arbiter-server/src/actors/useragent_registry.rs index 74e616c..15e6080 100644 --- a/server/crates/arbiter-server/src/actors/useragent_registry.rs +++ b/server/crates/arbiter-server/src/actors/useragent_registry.rs @@ -1,4 +1,4 @@ -use std::{collections::HashMap, ops::ControlFlow}; +use crate::peers::user_agent::UserAgentSession; use kameo::{ Actor, @@ -7,10 +7,9 @@ use kameo::{ messages, prelude::{ActorStopReason, Context, WeakActorRef}, }; +use std::{collections::HashMap, ops::ControlFlow}; use tracing::info; -use crate::peers::user_agent::UserAgentSession; - #[derive(Default)] pub struct UserAgentRegistry { connected: HashMap>, @@ -32,7 +31,11 @@ impl Actor for UserAgentRegistry { _: ActorStopReason, ) -> Result, Self::Error> { if self.connected.remove(&id).is_some() { - info!(?id, actor = "UserAgentRegistry", event = "useragent.disconnected"); + info!( + ?id, + actor = "UserAgentRegistry", + event = "useragent.disconnected" + ); } Ok(ControlFlow::Continue(())) } diff --git a/server/crates/arbiter-server/src/actors/vault/mod.rs b/server/crates/arbiter-server/src/actors/vault/mod.rs index fa053f7..1c053ef 100644 --- a/server/crates/arbiter-server/src/actors/vault/mod.rs +++ b/server/crates/arbiter-server/src/actors/vault/mod.rs @@ -1,3 +1,17 @@ +use crate::{ + crypto::{ + KeyCell, derive_key, + encryption::v1::{self, Nonce}, + integrity::v1::HmacSha256, + }, + db::{ + self, + models::{self, RootKeyHistory}, + schema::{self}, + }, +}; +use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; + use chrono::Utc; use diesel::{ ExpressionMethods as _, OptionalExtension, QueryDsl, SelectableHelper, @@ -10,18 +24,6 @@ use kameo_actors::message_bus::{MessageBus, Publish}; use strum::{EnumDiscriminants, IntoDiscriminant}; use tracing::{error, info}; -use crate::crypto::{ - KeyCell, derive_key, - encryption::v1::{self, Nonce}, - integrity::v1::HmacSha256, -}; -use crate::db::{ - self, - models::{self, RootKeyHistory}, - schema::{self}, -}; -use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; - pub mod events { #[derive(Clone, Copy)] @@ -213,7 +215,7 @@ impl Vault { }); info!("Vault bootstrapped successfully"); - self.events.tell(Publish(events::Bootstrapped)).await; + let _ = self.events.tell(Publish(events::Bootstrapped)).await; Ok(()) } @@ -269,7 +271,7 @@ impl Vault { }); info!("Vault unsealed successfully"); - self.events.tell(Publish(events::Unsealed)).await; + let _ = self.events.tell(Publish(events::Unsealed)).await; Ok(()) } @@ -399,7 +401,7 @@ impl Vault { self.state = State::Sealed { root_key_history_id: *root_key_history_id, }; - self.events.tell(Publish(events::VaultResealed)).await; + let _ = self.events.tell(Publish(events::VaultResealed)).await; Ok(()) } } diff --git a/server/crates/arbiter-server/src/context/mod.rs b/server/crates/arbiter-server/src/context/mod.rs index dd44655..aeea460 100644 --- a/server/crates/arbiter-server/src/context/mod.rs +++ b/server/crates/arbiter-server/src/context/mod.rs @@ -1,13 +1,12 @@ -use std::sync::Arc; - -use thiserror::Error; - use crate::{ actors::GlobalActors, context::tls::TlsManager, db::{self}, }; +use std::sync::Arc; +use thiserror::Error; + pub mod tls; #[derive(Error, Debug)] diff --git a/server/crates/arbiter-server/src/context/tls.rs b/server/crates/arbiter-server/src/context/tls.rs index 786b68f..4c9d0fc 100644 --- a/server/crates/arbiter-server/src/context/tls.rs +++ b/server/crates/arbiter-server/src/context/tls.rs @@ -1,17 +1,3 @@ -use std::{net::Ipv4Addr, string::FromUtf8Error}; - -use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper as _}; -use diesel_async::{AsyncConnection, RunQueryDsl}; - -use pem::Pem; -use rcgen::{ - BasicConstraints, Certificate, CertificateParams, CertifiedIssuer, DistinguishedName, DnType, - IsCa, Issuer, KeyPair, KeyUsagePurpose, SanType, -}; -use rustls::pki_types::pem::PemObject; -use thiserror::Error; -use tonic::transport::CertificateDer; - use crate::db::{ self, models::{NewTlsHistory, TlsHistory}, @@ -21,6 +7,18 @@ use crate::db::{ }, }; +use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper as _}; +use diesel_async::{AsyncConnection, RunQueryDsl}; +use pem::Pem; +use rcgen::{ + BasicConstraints, Certificate, CertificateParams, CertifiedIssuer, DistinguishedName, DnType, + IsCa, Issuer, KeyPair, KeyUsagePurpose, SanType, +}; +use rustls::pki_types::pem::PemObject; +use std::{net::Ipv4Addr, string::FromUtf8Error}; +use thiserror::Error; +use tonic::transport::CertificateDer; + const ENCODE_CONFIG: pem::EncodeConfig = { let line_ending = match cfg!(target_family = "windows") { true => pem::LineEnding::CRLF, diff --git a/server/crates/arbiter-server/src/crypto/encryption/v1.rs b/server/crates/arbiter-server/src/crypto/encryption/v1.rs index e2b7c04..d57c481 100644 --- a/server/crates/arbiter-server/src/crypto/encryption/v1.rs +++ b/server/crates/arbiter-server/src/crypto/encryption/v1.rs @@ -1,5 +1,4 @@ use argon2::password_hash::Salt as ArgonSalt; - use rand::{ Rng as _, SeedableRng, rngs::{StdRng, SysRng}, @@ -63,7 +62,7 @@ mod tests { use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; #[test] - pub fn derive_seal_key_deterministic() { + fn derive_seal_key_deterministic() { static PASSWORD: &[u8] = b"password"; let password = SafeCell::new(PASSWORD.to_vec()); let password2 = SafeCell::new(PASSWORD.to_vec()); @@ -79,7 +78,7 @@ mod tests { } #[test] - pub fn successful_derive() { + fn successful_derive() { static PASSWORD: &[u8] = b"password"; let password = SafeCell::new(PASSWORD.to_vec()); let salt = generate_salt(); @@ -93,7 +92,7 @@ mod tests { #[test] // We should fuzz this - pub fn test_nonce_increment() { + fn test_nonce_increment() { let mut nonce = Nonce([0u8; NONCE_LENGTH]); nonce.increment(); diff --git a/server/crates/arbiter-server/src/crypto/integrity/v1.rs b/server/crates/arbiter-server/src/crypto/integrity/v1.rs index fce659b..378687e 100644 --- a/server/crates/arbiter-server/src/crypto/integrity/v1.rs +++ b/server/crates/arbiter-server/src/crypto/integrity/v1.rs @@ -1,12 +1,3 @@ -use arbiter_crypto::hashing::Hashable; -use hmac::Hmac; -use sha2::Sha256; - -use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite}; -use diesel_async::{AsyncConnection, RunQueryDsl}; -use kameo::{actor::ActorRef, error::SendError}; -use sha2::Digest as _; - use crate::{ actors::vault::{self, GetState, SignIntegrity, Vault, VerifyIntegrity}, db::{ @@ -15,6 +6,13 @@ use crate::{ schema::integrity_envelope, }, }; +use arbiter_crypto::hashing::Hashable; + +use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite}; +use diesel_async::{AsyncConnection, RunQueryDsl}; +use hmac::Hmac; +use kameo::{actor::ActorRef, error::SendError}; +use sha2::{Digest as _, Sha256}; #[derive(Debug, thiserror::Error)] pub enum Error { diff --git a/server/crates/arbiter-server/src/crypto/mod.rs b/server/crates/arbiter-server/src/crypto/mod.rs index 5a11898..b331209 100644 --- a/server/crates/arbiter-server/src/crypto/mod.rs +++ b/server/crates/arbiter-server/src/crypto/mod.rs @@ -1,4 +1,5 @@ -use std::ops::Deref as _; +use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; +use encryption::v1::{Nonce, Salt}; use argon2::{Algorithm, Argon2}; use chacha20poly1305::{ @@ -9,14 +10,11 @@ use rand::{ Rng as _, SeedableRng as _, rngs::{StdRng, SysRng}, }; - -use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; +use std::ops::Deref as _; pub mod encryption; pub mod integrity; -use encryption::v1::{Nonce, Salt}; - pub struct KeyCell(pub SafeCell); impl From> for KeyCell { fn from(value: SafeCell) -> Self { @@ -144,7 +142,7 @@ mod tests { use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; #[test] - pub fn encrypt_decrypt() { + fn encrypt_decrypt() { static PASSWORD: &[u8] = b"password"; let password = SafeCell::new(PASSWORD.to_vec()); let salt = generate_salt(); diff --git a/server/crates/arbiter-server/src/db/mod.rs b/server/crates/arbiter-server/src/db/mod.rs index 9971ad2..7e67663 100644 --- a/server/crates/arbiter-server/src/db/mod.rs +++ b/server/crates/arbiter-server/src/db/mod.rs @@ -5,7 +5,6 @@ use diesel_async::{ sync_connection_wrapper::SyncConnectionWrapper, }; use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations}; - use thiserror::Error; use tracing::info; diff --git a/server/crates/arbiter-server/src/db/models.rs b/server/crates/arbiter-server/src/db/models.rs index 00d16d8..1de6b1d 100644 --- a/server/crates/arbiter-server/src/db/models.rs +++ b/server/crates/arbiter-server/src/db/models.rs @@ -1,12 +1,12 @@ #![allow(unused)] #![allow(clippy::all)] - use crate::db::schema::{ self, aead_encrypted, arbiter_settings, evm_basic_grant, evm_ether_transfer_grant, evm_ether_transfer_grant_target, evm_ether_transfer_limit, evm_token_transfer_grant, evm_token_transfer_log, evm_token_transfer_volume_limit, evm_transaction_log, evm_wallet, integrity_envelope, root_key_history, tls_history, }; + use chrono::{DateTime, Utc}; use diesel::{prelude::*, sqlite::Sqlite}; use restructed::Models; diff --git a/server/crates/arbiter-server/src/evm/mod.rs b/server/crates/arbiter-server/src/evm/mod.rs index 0572e1f..c8629de 100644 --- a/server/crates/arbiter-server/src/evm/mod.rs +++ b/server/crates/arbiter-server/src/evm/mod.rs @@ -1,15 +1,3 @@ -pub mod abi; -pub mod safe_signer; - -use alloy::{ - consensus::TxEip1559, - primitives::{TxKind, U256}, -}; -use chrono::Utc; -use diesel::{ExpressionMethods as _, QueryDsl as _, QueryResult, insert_into, sqlite::Sqlite}; -use diesel_async::{AsyncConnection, RunQueryDsl}; -use kameo::actor::ActorRef; - use crate::{ actors::vault::Vault, crypto::integrity, @@ -27,6 +15,18 @@ use crate::{ }, }; +use alloy::{ + consensus::TxEip1559, + primitives::{TxKind, U256}, +}; +use chrono::Utc; +use diesel::{ExpressionMethods as _, QueryDsl as _, QueryResult, insert_into, sqlite::Sqlite}; +use diesel_async::{AsyncConnection, RunQueryDsl}; +use kameo::actor::ActorRef; + +pub mod abi; +pub mod safe_signer; + pub mod policies; mod utils; diff --git a/server/crates/arbiter-server/src/evm/policies.rs b/server/crates/arbiter-server/src/evm/policies.rs index 828c52e..33773a3 100644 --- a/server/crates/arbiter-server/src/evm/policies.rs +++ b/server/crates/arbiter-server/src/evm/policies.rs @@ -1,4 +1,8 @@ -use std::fmt::Display; +use crate::{ + crypto::integrity::v1::Integrable, + db::models::{self, EvmBasicGrant, EvmWalletAccess}, + evm::utils, +}; use alloy::primitives::{Address, Bytes, ChainId, U256}; use chrono::{DateTime, Duration, Utc}; @@ -6,15 +10,9 @@ use diesel::{ ExpressionMethods as _, QueryDsl, SelectableHelper, result::QueryResult, sqlite::Sqlite, }; use diesel_async::{AsyncConnection, RunQueryDsl}; - +use std::fmt::Display; use thiserror::Error; -use crate::{ - crypto::integrity::v1::Integrable, - db::models::{self, EvmBasicGrant, EvmWalletAccess}, - evm::utils, -}; - pub mod ether_transfer; pub mod token_transfers; diff --git a/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs b/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs index 3fa507b..d337a0b 100644 --- a/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs +++ b/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs @@ -1,30 +1,33 @@ -use std::collections::HashMap; -use std::fmt::Display; - -use alloy::primitives::{Address, U256}; -use chrono::{DateTime, Duration, Utc}; -use diesel::dsl::{auto_type, insert_into}; -use diesel::sqlite::Sqlite; -use diesel::{ExpressionMethods, JoinOnDsl, prelude::*}; -use diesel_async::{AsyncConnection, RunQueryDsl}; - -use crate::crypto::integrity::v1::Integrable; -use crate::db::models::{ - EvmBasicGrant, EvmEtherTransferGrant, EvmEtherTransferGrantTarget, EvmEtherTransferLimit, - NewEvmEtherTransferLimit, SqliteTimestamp, -}; -use crate::db::schema::{evm_basic_grant, evm_ether_transfer_limit, evm_transaction_log}; -use crate::evm::policies::{ - CombinedSettings, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning, VolumeRateLimit, -}; +use super::{DatabaseID, EvalContext, EvalViolation}; use crate::{ + crypto::integrity::v1::Integrable, + db::models::{ + EvmBasicGrant, EvmEtherTransferGrant, EvmEtherTransferGrantTarget, EvmEtherTransferLimit, + NewEvmEtherTransferLimit, SqliteTimestamp, + }, + db::schema::{evm_basic_grant, evm_ether_transfer_limit, evm_transaction_log}, db::{ models::{self, NewEvmEtherTransferGrant, NewEvmEtherTransferGrantTarget}, schema::{evm_ether_transfer_grant, evm_ether_transfer_grant_target}, }, + evm::policies::{ + CombinedSettings, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning, + VolumeRateLimit, + }, evm::{policies::Policy, utils}, }; +use alloy::primitives::{Address, U256}; +use chrono::{DateTime, Duration, Utc}; +use diesel::{ + ExpressionMethods, JoinOnDsl, + dsl::{auto_type, insert_into}, + prelude::*, + sqlite::Sqlite, +}; +use diesel_async::{AsyncConnection, RunQueryDsl}; +use std::{collections::HashMap, fmt::Display}; + #[auto_type] fn grant_join() -> _ { evm_ether_transfer_grant::table.inner_join( @@ -32,8 +35,6 @@ fn grant_join() -> _ { ) } -use super::{DatabaseID, EvalContext, EvalViolation}; - // Plain ether transfer #[derive(Clone, Debug, PartialEq, Eq, Hash)] pub struct Meaning { diff --git a/server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs b/server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs index 5253a25..519579b 100644 --- a/server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs +++ b/server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs @@ -1,25 +1,26 @@ +use super::{EtherTransfer, Settings}; +use crate::{ + db::{ + self, DatabaseConnection, + models::{ + EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp, + }, + schema::{evm_basic_grant, evm_transaction_log}, + }, + evm::{ + policies::{ + CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, + VolumeRateLimit, + }, + utils, + }, +}; + use alloy::primitives::{Address, Bytes, U256, address}; use chrono::{Duration, Utc}; use diesel::{SelectableHelper, insert_into}; use diesel_async::RunQueryDsl; -use crate::db::{ - self, DatabaseConnection, - models::{ - EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp, - }, - schema::{evm_basic_grant, evm_transaction_log}, -}; -use crate::evm::{ - policies::{ - CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, - VolumeRateLimit, - }, - utils, -}; - -use super::{EtherTransfer, Settings}; - const WALLET_ACCESS_ID: i32 = 1; const CHAIN_ID: u64 = 1; diff --git a/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs b/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs index f540c82..86f879c 100644 --- a/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs +++ b/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs @@ -1,16 +1,4 @@ -use std::collections::HashMap; - -use crate::db::schema::{ - evm_basic_grant, evm_token_transfer_grant, evm_token_transfer_log, - evm_token_transfer_volume_limit, -}; -use crate::evm::{ - abi::IERC20::transferCall, - policies::{ - Grant, Policy, SharedGrantSettings, SpecificGrant, SpecificMeaning, VolumeRateLimit, - }, - utils, -}; +use super::{DatabaseID, EvalContext, EvalViolation}; use crate::{ crypto::integrity::Integrable, db::models::{ @@ -18,20 +6,34 @@ use crate::{ NewEvmTokenTransferGrant, NewEvmTokenTransferLog, NewEvmTokenTransferVolumeLimit, SqliteTimestamp, }, + db::schema::{ + evm_basic_grant, evm_token_transfer_grant, evm_token_transfer_log, + evm_token_transfer_volume_limit, + }, evm::policies::CombinedSettings, + evm::{ + abi::IERC20::transferCall, + policies::{ + Grant, Policy, SharedGrantSettings, SpecificGrant, SpecificMeaning, VolumeRateLimit, + }, + utils, + }, }; +use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo}; + use alloy::{ primitives::{Address, U256}, sol_types::SolCall, }; -use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo}; use chrono::{DateTime, Duration, Utc}; -use diesel::dsl::{auto_type, insert_into}; -use diesel::sqlite::Sqlite; -use diesel::{ExpressionMethods, prelude::*}; +use diesel::{ + ExpressionMethods, + dsl::{auto_type, insert_into}, + prelude::*, + sqlite::Sqlite, +}; use diesel_async::{AsyncConnection, RunQueryDsl}; - -use super::{DatabaseID, EvalContext, EvalViolation}; +use std::collections::HashMap; #[auto_type] fn grant_join() -> _ { diff --git a/server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs b/server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs index c059b0b..77dd226 100644 --- a/server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs +++ b/server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs @@ -1,25 +1,28 @@ -use alloy::primitives::{Address, Bytes, U256, address}; -use alloy::sol_types::SolCall; +use super::{Settings, TokenTransfer}; +use crate::{ + db::{ + self, DatabaseConnection, + models::{EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, SqliteTimestamp}, + schema::evm_basic_grant, + }, + evm::{ + abi::IERC20::transferCall, + policies::{ + CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, + VolumeRateLimit, + }, + utils, + }, +}; + +use alloy::{ + primitives::{Address, Bytes, U256, address}, + sol_types::SolCall, +}; use chrono::{Duration, Utc}; use diesel::{SelectableHelper, insert_into}; use diesel_async::RunQueryDsl; -use crate::db::{ - self, DatabaseConnection, - models::{EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, SqliteTimestamp}, - schema::evm_basic_grant, -}; -use crate::evm::{ - abi::IERC20::transferCall, - policies::{ - CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, - VolumeRateLimit, - }, - utils, -}; - -use super::{Settings, TokenTransfer}; - // DAI on Ethereum mainnet — present in the static token registry const CHAIN_ID: u64 = 1; const DAI: Address = address!("6B175474E89094C44Da98b954EedeAC495271d0F"); diff --git a/server/crates/arbiter-server/src/evm/safe_signer.rs b/server/crates/arbiter-server/src/evm/safe_signer.rs index e2f8100..dc9c1ed 100644 --- a/server/crates/arbiter-server/src/evm/safe_signer.rs +++ b/server/crates/arbiter-server/src/evm/safe_signer.rs @@ -1,4 +1,4 @@ -use std::sync::Mutex; +use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; use alloy::{ consensus::SignableTransaction, @@ -6,9 +6,9 @@ use alloy::{ primitives::{Address, B256, ChainId, Signature}, signers::{Error, Result, Signer, SignerSync, utils::secret_key_to_address}, }; -use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; use async_trait::async_trait; use k256::ecdsa::{self, RecoveryId, SigningKey, signature::hazmat::PrehashSigner}; +use std::sync::Mutex; /// An Ethereum signer that stores its secp256k1 secret key inside a /// hardware-protected [`MemSafe`] cell. diff --git a/server/crates/arbiter-server/src/evm/utils.rs b/server/crates/arbiter-server/src/evm/utils.rs index 7358173..dd75434 100644 --- a/server/crates/arbiter-server/src/evm/utils.rs +++ b/server/crates/arbiter-server/src/evm/utils.rs @@ -2,20 +2,20 @@ use alloy::primitives::U256; #[derive(thiserror::Error, Debug)] #[error("Expected {expected} bytes but got {actual} bytes")] -pub struct LengthError { - pub expected: usize, - pub actual: usize, +pub(super) struct LengthError { + pub(super) expected: usize, + pub(super) actual: usize, } -pub fn u256_to_bytes(value: U256) -> [u8; 32] { +pub(super) fn u256_to_bytes(value: U256) -> [u8; 32] { value.to_le_bytes() } -pub fn bytes_to_u256(bytes: &[u8]) -> Option { +pub(super) fn bytes_to_u256(bytes: &[u8]) -> Option { let bytes: [u8; 32] = bytes.try_into().ok()?; Some(U256::from_le_bytes(bytes)) } -pub fn try_bytes_to_u256(bytes: &[u8]) -> diesel::result::QueryResult { +pub(super) fn try_bytes_to_u256(bytes: &[u8]) -> diesel::result::QueryResult { let bytes: [u8; 32] = bytes.try_into().map_err(|_| { diesel::result::Error::DeserializationError(Box::new(LengthError { expected: 32, diff --git a/server/crates/arbiter-server/src/grpc/client.rs b/server/crates/arbiter-server/src/grpc/client.rs index 6fd8223..ac34e77 100644 --- a/server/crates/arbiter-server/src/grpc/client.rs +++ b/server/crates/arbiter-server/src/grpc/client.rs @@ -1,3 +1,7 @@ +use crate::{ + grpc::request_tracker::RequestTracker, + peers::client::{ClientConnection, session::ClientSession}, +}; use arbiter_proto::{ proto::client::{ ClientRequest, ClientResponse, client_request::Payload as ClientRequestPayload, @@ -5,15 +9,11 @@ use arbiter_proto::{ }, transport::{Receiver, Sender, grpc::GrpcBi}, }; + use kameo::actor::{ActorRef, Spawn as _}; use tonic::Status; use tracing::{info, warn}; -use crate::{ - grpc::request_tracker::RequestTracker, - peers::client::{ClientConnection, session::ClientSession}, -}; - mod auth; mod evm; mod inbound; diff --git a/server/crates/arbiter-server/src/grpc/client/auth.rs b/server/crates/arbiter-server/src/grpc/client/auth.rs index fc16dbf..11f1361 100644 --- a/server/crates/arbiter-server/src/grpc/client/auth.rs +++ b/server/crates/arbiter-server/src/grpc/client/auth.rs @@ -1,3 +1,7 @@ +use crate::{ + grpc::request_tracker::RequestTracker, + peers::client::{self, ClientConnection, auth}, +}; use arbiter_crypto::authn; use arbiter_proto::{ ClientMetadata, @@ -17,22 +21,18 @@ use arbiter_proto::{ }, transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi}, }; + use async_trait::async_trait; use tonic::Status; use tracing::warn; -use crate::{ - grpc::request_tracker::RequestTracker, - peers::client::{self, ClientConnection, auth}, -}; - -pub struct AuthTransportAdapter<'a> { +pub(super) struct AuthTransportAdapter<'a> { bi: &'a mut GrpcBi, request_tracker: &'a mut RequestTracker, } impl<'a> AuthTransportAdapter<'a> { - pub fn new( + pub(super) fn new( bi: &'a mut GrpcBi, request_tracker: &'a mut RequestTracker, ) -> Self { @@ -44,7 +44,7 @@ impl<'a> AuthTransportAdapter<'a> { fn response_to_proto(response: auth::Outbound) -> AuthResponsePayload { match response { - auth::Outbound::AuthChallenge { challenge } => { + auth::Outbound::AuthChallenge { challenge } => { AuthResponsePayload::Challenge(ProtoAuthChallenge { timestamp_nanos: challenge .timestamp @@ -197,7 +197,7 @@ fn client_metadata_from_proto(metadata: ProtoClientInfo) -> ClientMetadata { } } -pub async fn start( +pub(super) async fn start( conn: &mut ClientConnection, bi: &mut GrpcBi, request_tracker: &mut RequestTracker, diff --git a/server/crates/arbiter-server/src/grpc/client/evm.rs b/server/crates/arbiter-server/src/grpc/client/evm.rs index 2f621a9..7cbd02b 100644 --- a/server/crates/arbiter-server/src/grpc/client/evm.rs +++ b/server/crates/arbiter-server/src/grpc/client/evm.rs @@ -1,3 +1,10 @@ +use crate::{ + grpc::{ + Convert, TryConvert, + common::inbound::{RawEvmAddress, RawEvmTransaction}, + }, + peers::client::session::{ClientSession, HandleSignTransaction, SignTransactionRpcError}, +}; use arbiter_proto::proto::{ client::{ client_response::Payload as ClientResponsePayload, @@ -11,18 +18,11 @@ use arbiter_proto::proto::{ evm_sign_transaction_response::Result as EvmSignTransactionResult, }, }; + use kameo::actor::ActorRef; use tonic::Status; use tracing::warn; -use crate::{ - grpc::{ - Convert, TryConvert, - common::inbound::{RawEvmAddress, RawEvmTransaction}, - }, - peers::client::session::{ClientSession, HandleSignTransaction, SignTransactionRpcError}, -}; - fn wrap_response(payload: EvmResponsePayload) -> ClientResponsePayload { ClientResponsePayload::Evm(proto_evm::Response { payload: Some(payload), diff --git a/server/crates/arbiter-server/src/grpc/client/vault.rs b/server/crates/arbiter-server/src/grpc/client/vault.rs index fd33388..3416e33 100644 --- a/server/crates/arbiter-server/src/grpc/client/vault.rs +++ b/server/crates/arbiter-server/src/grpc/client/vault.rs @@ -1,3 +1,7 @@ +use crate::{ + actors::vault::VaultState, + peers::client::session::{ClientSession, Error, HandleQueryVaultState}, +}; use arbiter_proto::proto::{ client::{ client_response::Payload as ClientResponsePayload, @@ -8,15 +12,11 @@ use arbiter_proto::proto::{ }, shared::VaultState as ProtoVaultState, }; + use kameo::{actor::ActorRef, error::SendError}; use tonic::Status; use tracing::warn; -use crate::{ - actors::vault::VaultState, - peers::client::session::{ClientSession, Error, HandleQueryVaultState}, -}; - pub(super) async fn dispatch( actor: &ActorRef, req: proto_vault::Request, diff --git a/server/crates/arbiter-server/src/grpc/common.rs b/server/crates/arbiter-server/src/grpc/common.rs index 5756441..b638928 100644 --- a/server/crates/arbiter-server/src/grpc/common.rs +++ b/server/crates/arbiter-server/src/grpc/common.rs @@ -1,2 +1,2 @@ -pub mod inbound; -pub mod outbound; +pub(super) mod inbound; +pub(super) mod outbound; diff --git a/server/crates/arbiter-server/src/grpc/common/inbound.rs b/server/crates/arbiter-server/src/grpc/common/inbound.rs index d9e4d9a..5c71aed 100644 --- a/server/crates/arbiter-server/src/grpc/common/inbound.rs +++ b/server/crates/arbiter-server/src/grpc/common/inbound.rs @@ -1,8 +1,8 @@ -use alloy::{consensus::TxEip1559, primitives::Address, rlp::Decodable as _}; - use crate::grpc::TryConvert; -pub struct RawEvmAddress(pub Vec); +use alloy::{consensus::TxEip1559, primitives::Address, rlp::Decodable as _}; + +pub(in crate::grpc) struct RawEvmAddress(pub(in crate::grpc) Vec); impl TryConvert for RawEvmAddress { type Output = Address; @@ -21,7 +21,7 @@ impl TryConvert for RawEvmAddress { } } -pub struct RawEvmTransaction(pub Vec); +pub(in crate::grpc) struct RawEvmTransaction(pub(in crate::grpc) Vec); impl TryConvert for RawEvmTransaction { type Output = TxEip1559; diff --git a/server/crates/arbiter-server/src/grpc/common/outbound.rs b/server/crates/arbiter-server/src/grpc/common/outbound.rs index c2a2045..8b8447c 100644 --- a/server/crates/arbiter-server/src/grpc/common/outbound.rs +++ b/server/crates/arbiter-server/src/grpc/common/outbound.rs @@ -1,4 +1,10 @@ -use alloy::primitives::U256; +use crate::{ + evm::{ + PolicyError, VetError, + policies::{EvalViolation, SpecificMeaning}, + }, + grpc::Convert, +}; use arbiter_proto::proto::{ evm::{ EvmError as ProtoEvmError, @@ -14,13 +20,7 @@ use arbiter_proto::proto::{ }, }; -use crate::{ - evm::{ - PolicyError, VetError, - policies::{EvalViolation, SpecificMeaning}, - }, - grpc::Convert, -}; +use alloy::primitives::U256; fn u256_to_proto_bytes(value: U256) -> Vec { value.to_be_bytes::<32>().to_vec() diff --git a/server/crates/arbiter-server/src/grpc/mod.rs b/server/crates/arbiter-server/src/grpc/mod.rs index 775b481..4e0ed8f 100644 --- a/server/crates/arbiter-server/src/grpc/mod.rs +++ b/server/crates/arbiter-server/src/grpc/mod.rs @@ -1,3 +1,4 @@ +use crate::peers::{client::ClientConnection, user_agent::UserAgentConnection}; use arbiter_proto::{ proto::{ client::{ClientRequest, ClientResponse}, @@ -5,14 +6,11 @@ use arbiter_proto::{ }, transport::grpc::GrpcBi, }; + use tokio_stream::wrappers::ReceiverStream; use tonic::{Request, Response, Status, async_trait}; use tracing::info; -use crate::{ - peers::{client::ClientConnection, user_agent::UserAgentConnection}, -}; - mod request_tracker; pub mod client; diff --git a/server/crates/arbiter-server/src/grpc/request_tracker.rs b/server/crates/arbiter-server/src/grpc/request_tracker.rs index 7ab6254..715f838 100644 --- a/server/crates/arbiter-server/src/grpc/request_tracker.rs +++ b/server/crates/arbiter-server/src/grpc/request_tracker.rs @@ -1,12 +1,12 @@ use tonic::Status; #[derive(Default)] -pub struct RequestTracker { +pub(super) struct RequestTracker { next_request_id: i32, } impl RequestTracker { - pub fn request(&mut self, id: i32) -> Result { + pub(super) fn request(&mut self, id: i32) -> Result { if id < self.next_request_id { return Err(Status::invalid_argument("Duplicate request id")); } @@ -20,7 +20,7 @@ impl RequestTracker { // This is used to set the response id for auth responses, which need to match the request id of the auth challenge request. // -1 offset is needed because request() increments the next_request_id after returning the current request id. - pub fn current_request_id(&self) -> i32 { + pub(super) fn current_request_id(&self) -> i32 { self.next_request_id - 1 } } diff --git a/server/crates/arbiter-server/src/grpc/user_agent.rs b/server/crates/arbiter-server/src/grpc/user_agent.rs index 49c13ba..fc64017 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent.rs @@ -1,5 +1,7 @@ -use tokio::sync::mpsc; - +use crate::{ + grpc::request_tracker::RequestTracker, + peers::user_agent::{OutOfBand, UserAgentConnection, UserAgentSession}, +}; use arbiter_proto::{ proto::user_agent::{ UserAgentRequest, UserAgentResponse, @@ -8,16 +10,13 @@ use arbiter_proto::{ }, transport::{Error as TransportError, Receiver, Sender, grpc::GrpcBi}, }; + use async_trait::async_trait; use kameo::actor::ActorRef; +use tokio::sync::mpsc; use tonic::Status; use tracing::{error, info, warn}; -use crate::{ - grpc::request_tracker::RequestTracker, - peers::user_agent::{OutOfBand, UserAgentConnection, UserAgentSession}, -}; - mod auth; mod evm; mod inbound; @@ -144,4 +143,3 @@ pub async fn start( dispatch_loop(bi, actor.clone(), oob_receiver, request_tracker).await; actor.kill(); } - diff --git a/server/crates/arbiter-server/src/grpc/user_agent/auth.rs b/server/crates/arbiter-server/src/grpc/user_agent/auth.rs index f9e625e..10a20a0 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/auth.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/auth.rs @@ -1,3 +1,4 @@ +use crate::{grpc::request_tracker::RequestTracker, peers::user_agent::auth}; use arbiter_crypto::authn; use arbiter_proto::{ proto::user_agent::{ @@ -13,22 +14,18 @@ use arbiter_proto::{ }, transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi}, }; + use async_trait::async_trait; use tonic::Status; use tracing::warn; -use crate::{ - grpc::request_tracker::RequestTracker, - peers::user_agent::{Credentials, UserAgentConnection, auth}, -}; - -pub struct AuthTransportAdapter<'a> { +pub(super) struct AuthTransportAdapter<'a> { pub(super) bi: &'a mut GrpcBi, pub(super) request_tracker: &'a mut RequestTracker, } impl<'a> AuthTransportAdapter<'a> { - pub fn new( + pub(super) fn new( bi: &'a mut GrpcBi, request_tracker: &'a mut RequestTracker, ) -> Self { @@ -185,12 +182,3 @@ impl Receiver for AuthTransportAdapter<'_> { } impl Bi> for AuthTransportAdapter<'_> {} - -pub async fn start( - conn: &mut UserAgentConnection, - bi: &mut GrpcBi, - request_tracker: &mut RequestTracker, -) -> Result { - let mut transport = AuthTransportAdapter::new(bi, request_tracker); - auth::authenticate(conn, &mut transport).await -} diff --git a/server/crates/arbiter-server/src/grpc/user_agent/evm.rs b/server/crates/arbiter-server/src/grpc/user_agent/evm.rs index 2999b72..b2dbe96 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/evm.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/evm.rs @@ -1,3 +1,17 @@ +use crate::{ + grpc::{ + Convert, TryConvert, + common::inbound::{RawEvmAddress, RawEvmTransaction}, + }, + peers::user_agent::{ + UserAgentSession, + session::handlers::{ + GrantMutationError, HandleEvmWalletCreate, HandleEvmWalletList, HandleGrantCreate, + HandleGrantDelete, HandleGrantList, HandleSignTransaction, + SignTransactionError as SessionSignTransactionError, + }, + }, +}; use arbiter_proto::proto::{ evm::{ EvmError as ProtoEvmError, EvmGrantCreateRequest, EvmGrantCreateResponse, @@ -18,25 +32,11 @@ use arbiter_proto::proto::{ user_agent_response::Payload as UserAgentResponsePayload, }, }; + use kameo::actor::ActorRef; use tonic::Status; use tracing::warn; -use crate::{ - grpc::{ - Convert, TryConvert, - common::inbound::{RawEvmAddress, RawEvmTransaction}, - }, - peers::user_agent::{ - UserAgentSession, - session::handlers::{ - GrantMutationError, HandleEvmWalletCreate, HandleEvmWalletList, HandleGrantCreate, - HandleGrantDelete, HandleGrantList, HandleSignTransaction, - SignTransactionError as SessionSignTransactionError, - }, - }, -}; - fn wrap_evm_response(payload: EvmResponsePayload) -> UserAgentResponsePayload { UserAgentResponsePayload::Evm(proto_evm::Response { payload: Some(payload), diff --git a/server/crates/arbiter-server/src/grpc/user_agent/inbound.rs b/server/crates/arbiter-server/src/grpc/user_agent/inbound.rs index 6cfb2e5..c42f661 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/inbound.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/inbound.rs @@ -1,26 +1,26 @@ -use alloy::primitives::{Address, U256}; -use arbiter_proto::proto::evm::{ - EtherTransferSettings as ProtoEtherTransferSettings, SharedSettings as ProtoSharedSettings, - SpecificGrant as ProtoSpecificGrant, TokenTransferSettings as ProtoTokenTransferSettings, - TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit, - specific_grant::Grant as ProtoSpecificGrantType, -}; -use arbiter_proto::proto::user_agent::sdk_client::{ - WalletAccess, WalletAccessEntry as SdkClientWalletAccess, -}; -use chrono::{DateTime, TimeZone, Utc}; -use prost_types::Timestamp as ProtoTimestamp; -use tonic::Status; - -use crate::db::models::{CoreEvmWalletAccess, NewEvmWalletAccess}; -use crate::grpc::Convert; use crate::{ + db::models::{CoreEvmWalletAccess, NewEvmWalletAccess}, evm::policies::{ SharedGrantSettings, SpecificGrant, TransactionRateLimit, VolumeRateLimit, ether_transfer, token_transfers, }, + grpc::Convert, grpc::TryConvert, }; +use arbiter_proto::{ + proto::evm::{ + EtherTransferSettings as ProtoEtherTransferSettings, SharedSettings as ProtoSharedSettings, + SpecificGrant as ProtoSpecificGrant, TokenTransferSettings as ProtoTokenTransferSettings, + TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit, + specific_grant::Grant as ProtoSpecificGrantType, + }, + proto::user_agent::sdk_client::{WalletAccess, WalletAccessEntry as SdkClientWalletAccess}, +}; + +use alloy::primitives::{Address, U256}; +use chrono::{DateTime, TimeZone, Utc}; +use prost_types::Timestamp as ProtoTimestamp; +use tonic::Status; fn address_from_bytes(bytes: Vec) -> Result { if bytes.len() != 20 { diff --git a/server/crates/arbiter-server/src/grpc/user_agent/outbound.rs b/server/crates/arbiter-server/src/grpc/user_agent/outbound.rs index 805386e..5b778b4 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/outbound.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/outbound.rs @@ -1,3 +1,8 @@ +use crate::{ + db::models::EvmWalletAccess, + evm::policies::{SharedGrantSettings, SpecificGrant, TransactionRateLimit, VolumeRateLimit}, + grpc::Convert, +}; use arbiter_proto::proto::{ evm::{ EtherTransferSettings as ProtoEtherTransferSettings, SharedSettings as ProtoSharedSettings, @@ -7,15 +12,10 @@ use arbiter_proto::proto::{ }, user_agent::sdk_client::{WalletAccess, WalletAccessEntry as ProtoSdkClientWalletAccess}, }; + use chrono::{DateTime, Utc}; use prost_types::Timestamp as ProtoTimestamp; -use crate::{ - db::models::EvmWalletAccess, - evm::policies::{SharedGrantSettings, SpecificGrant, TransactionRateLimit, VolumeRateLimit}, - grpc::Convert, -}; - impl Convert for DateTime { type Output = ProtoTimestamp; diff --git a/server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs b/server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs index aa3f017..4420439 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs @@ -1,3 +1,14 @@ +use crate::{ + db::models::NewEvmWalletAccess, + grpc::Convert, + peers::user_agent::{ + OutOfBand, UserAgentSession, + session::handlers::{ + HandleGrantEvmWalletAccess, HandleListWalletAccess, HandleNewClientApprove, + HandleRevokeEvmWalletAccess, HandleSdkClientList, + }, + }, +}; use arbiter_crypto::authn; use arbiter_proto::proto::{ shared::ClientInfo as ProtoClientMetadata, @@ -16,22 +27,11 @@ use arbiter_proto::proto::{ user_agent_response::Payload as UserAgentResponsePayload, }, }; + use kameo::actor::ActorRef; use tonic::Status; use tracing::{info, warn}; -use crate::{ - db::models::NewEvmWalletAccess, - grpc::Convert, - peers::user_agent::{ - OutOfBand, UserAgentSession, - session::handlers::{ - HandleGrantEvmWalletAccess, HandleListWalletAccess, HandleNewClientApprove, - HandleRevokeEvmWalletAccess, HandleSdkClientList, - }, - }, -}; - fn wrap_sdk_client_response(payload: SdkClientResponsePayload) -> UserAgentResponsePayload { UserAgentResponsePayload::SdkClient(proto_sdk_client::Response { payload: Some(payload), diff --git a/server/crates/arbiter-server/src/grpc/user_agent/vault.rs b/server/crates/arbiter-server/src/grpc/user_agent/vault.rs index 4d123ae..6ccb8bb 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/vault.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/vault.rs @@ -1,16 +1,21 @@ -use arbiter_proto::proto::shared::VaultState as ProtoVaultState; -use arbiter_proto::proto::user_agent::{ - user_agent_response::Payload as UserAgentResponsePayload, - vault::{self as proto_vault, request::Payload as VaultRequestPayload, response::Payload as VaultResponsePayload}, -}; -use kameo::actor::ActorRef; -use tonic::Status; -use tracing::warn; - use crate::{ actors::vault::VaultState, peers::user_agent::{UserAgentSession, session::handlers::HandleQueryVaultState}, }; +use arbiter_proto::{ + proto::shared::VaultState as ProtoVaultState, + proto::user_agent::{ + user_agent_response::Payload as UserAgentResponsePayload, + vault::{ + self as proto_vault, request::Payload as VaultRequestPayload, + response::Payload as VaultResponsePayload, + }, + }, +}; + +use kameo::actor::ActorRef; +use tonic::Status; +use tracing::warn; fn wrap_vault_response(payload: VaultResponsePayload) -> UserAgentResponsePayload { UserAgentResponsePayload::Vault(proto_vault::Response { diff --git a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs index 37f3c5b..557f77d 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs @@ -1,13 +1,13 @@ -use arbiter_proto::transport::{Bi, Error as TransportError, Receiver, Sender}; -use async_trait::async_trait; -use tonic::Status; -use tracing::warn; - use super::auth::AuthTransportAdapter; use crate::{ grpc::TryConvert, peers::user_agent::vault_gate::{self as vault_gate}, }; +use arbiter_proto::transport::{Bi, Error as TransportError, Receiver, Sender}; + +use async_trait::async_trait; +use tonic::Status; +use tracing::warn; mod inbound; mod outbound; diff --git a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/inbound.rs b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/inbound.rs index 68761ae..8dbb671 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/inbound.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/inbound.rs @@ -1,3 +1,9 @@ +use crate::{ + grpc::{Convert, TryConvert}, + peers::user_agent::vault_gate::{ + self as vault_gate, HandleBootstrapEncryptedKey, HandleHandshake, HandleUnsealEncryptedKey, + }, +}; use arbiter_proto::proto::user_agent::{ user_agent_request::Payload as UserAgentRequestPayload, vault::{ @@ -7,14 +13,8 @@ use arbiter_proto::proto::user_agent::{ unseal::{self as proto_unseal, request::Payload as UnsealRequestPayload}, }, }; -use tonic::Status; -use crate::{ - grpc::{Convert, TryConvert}, - peers::user_agent::vault_gate::{ - self as vault_gate, HandleBootstrapEncryptedKey, HandleHandshake, HandleUnsealEncryptedKey, - }, -}; +use tonic::Status; impl TryConvert for UserAgentRequestPayload { type Output = vault_gate::Inbound; diff --git a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/outbound.rs b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/outbound.rs index c594b33..14ff947 100644 --- a/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/outbound.rs +++ b/server/crates/arbiter-server/src/grpc/user_agent/vault_gate/outbound.rs @@ -1,3 +1,8 @@ +use crate::{ + actors::vault::VaultState, + grpc::{Convert, TryConvert}, + peers::user_agent::vault_gate::{self as vault_gate}, +}; use arbiter_proto::proto::{ shared::VaultState as ProtoVaultState, user_agent::{ @@ -13,15 +18,10 @@ use arbiter_proto::proto::{ }, }, }; + use tonic::Status; use tracing::warn; -use crate::{ - actors::vault::VaultState, - grpc::{Convert, TryConvert}, - peers::user_agent::vault_gate::{self as vault_gate}, -}; - fn wrap_vault_response(payload: VaultResponsePayload) -> UserAgentResponsePayload { UserAgentResponsePayload::Vault(proto_vault::Response { payload: Some(payload), diff --git a/server/crates/arbiter-server/src/main.rs b/server/crates/arbiter-server/src/main.rs index a63644b..0c2edde 100644 --- a/server/crates/arbiter-server/src/main.rs +++ b/server/crates/arbiter-server/src/main.rs @@ -1,9 +1,9 @@ -use std::net::SocketAddr; - -use anyhow::anyhow; use arbiter_proto::{proto::arbiter_service_server::ArbiterServiceServer, url::ArbiterUrl}; use arbiter_server::{Server, actors::bootstrap::GetToken, context::ServerContext, db}; + +use anyhow::anyhow; use rustls::crypto::aws_lc_rs; +use std::net::SocketAddr; use tonic::transport::{Identity, ServerTlsConfig}; use tracing::info; diff --git a/server/crates/arbiter-server/src/peers/client/auth.rs b/server/crates/arbiter-server/src/peers/client/auth.rs index 98f6bd4..5c224d7 100644 --- a/server/crates/arbiter-server/src/peers/client/auth.rs +++ b/server/crates/arbiter-server/src/peers/client/auth.rs @@ -1,17 +1,4 @@ -use arbiter_crypto::authn::{self, AuthChallenge, CLIENT_CONTEXT}; -use arbiter_proto::{ - ClientMetadata, - transport::{Bi, expect_message}, -}; -use chrono::Utc; -use diesel::{ - ExpressionMethods as _, OptionalExtension as _, QueryDsl as _, SelectableHelper as _, - dsl::insert_into, update, -}; -use diesel_async::RunQueryDsl as _; -use kameo::{actor::ActorRef, error::SendError}; -use tracing::error; - +use super::{ClientConnection, ClientCredentials, ClientProfile}; use crate::{ actors::{ GlobalActors, @@ -25,8 +12,20 @@ use crate::{ schema::program_client, }, }; +use arbiter_crypto::authn::{self, AuthChallenge, CLIENT_CONTEXT}; +use arbiter_proto::{ + ClientMetadata, + transport::{Bi, expect_message}, +}; -use super::{ClientConnection, ClientCredentials, ClientProfile}; +use chrono::Utc; +use diesel::{ + ExpressionMethods as _, OptionalExtension as _, QueryDsl as _, SelectableHelper as _, + dsl::insert_into, update, +}; +use diesel_async::RunQueryDsl as _; +use kameo::{actor::ActorRef, error::SendError}; +use tracing::error; #[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)] pub enum Error { diff --git a/server/crates/arbiter-server/src/peers/client/mod.rs b/server/crates/arbiter-server/src/peers/client/mod.rs index fbdd781..a6c0b77 100644 --- a/server/crates/arbiter-server/src/peers/client/mod.rs +++ b/server/crates/arbiter-server/src/peers/client/mod.rs @@ -1,12 +1,12 @@ -use arbiter_crypto::authn; -use arbiter_macros::Hashable; -use arbiter_proto::{ClientMetadata, transport::Bi}; -use kameo::actor::Spawn; -use tracing::{error, info}; - use crate::{ actors::GlobalActors, crypto::integrity::Integrable, db, peers::client::session::ClientSession, }; +use arbiter_crypto::authn; +use arbiter_macros::Hashable; +use arbiter_proto::{ClientMetadata, transport::Bi}; + +use kameo::actor::Spawn; +use tracing::{error, info}; #[derive(Debug, Clone)] pub struct ClientProfile { diff --git a/server/crates/arbiter-server/src/peers/client/session.rs b/server/crates/arbiter-server/src/peers/client/session.rs index d09d844..760d8a9 100644 --- a/server/crates/arbiter-server/src/peers/client/session.rs +++ b/server/crates/arbiter-server/src/peers/client/session.rs @@ -1,8 +1,4 @@ -use kameo::{Actor, messages}; -use tracing::error; - -use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; - +use super::ClientConnection; use crate::{ actors::{ GlobalActors, @@ -14,7 +10,9 @@ use crate::{ evm::VetError, }; -use super::ClientConnection; +use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; +use kameo::{Actor, messages}; +use tracing::error; pub struct ClientSession { props: ClientConnection, diff --git a/server/crates/arbiter-server/src/peers/user_agent/auth/mod.rs b/server/crates/arbiter-server/src/peers/user_agent/auth/mod.rs index 8332b5b..51caeb8 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/auth/mod.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/auth/mod.rs @@ -1,12 +1,11 @@ +use super::{Credentials, UserAgentConnection}; use arbiter_crypto::authn::{self, AuthChallenge}; use arbiter_proto::transport::Bi; + +use state::*; use tracing::error; mod state; -use state::*; - -use super::Credentials; -use super::UserAgentConnection; #[derive(Debug, Clone)] pub enum Inbound { diff --git a/server/crates/arbiter-server/src/peers/user_agent/auth/state.rs b/server/crates/arbiter-server/src/peers/user_agent/auth/state.rs index 04f8b2e..93f7b80 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/auth/state.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/auth/state.rs @@ -1,30 +1,32 @@ -use super::super::{Credentials, UserAgentConnection}; -use arbiter_crypto::authn::{self, AuthChallenge, USERAGENT_CONTEXT}; -use arbiter_proto::transport::Bi; -use diesel::{ExpressionMethods as _, OptionalExtension as _, QueryDsl}; -use diesel_async::RunQueryDsl; -use tracing::error; - -use super::Error; +use super::{ + super::{Credentials, UserAgentConnection}, + Error, +}; use crate::{ actors::bootstrap::ConsumeToken, db::{DatabasePool, schema::useragent_client}, peers::user_agent::auth::Outbound, }; +use arbiter_crypto::authn::{self, AuthChallenge, USERAGENT_CONTEXT}; +use arbiter_proto::transport::Bi; -pub struct ChallengeRequest { - pub pubkey: authn::PublicKey, - pub bootstrap_token: Option, +use diesel::{ExpressionMethods as _, OptionalExtension as _, QueryDsl}; +use diesel_async::RunQueryDsl; +use tracing::error; + +pub(super) struct ChallengeRequest { + pub(super) pubkey: authn::PublicKey, + pub(super) bootstrap_token: Option, } -pub struct ChallengeContext { - pub challenge: AuthChallenge, - pub pubkey: authn::PublicKey, - pub bootstrap_token: Option, +pub(super) struct ChallengeContext { + pub(super) challenge: AuthChallenge, + pub(super) pubkey: authn::PublicKey, + pub(super) bootstrap_token: Option, } -pub struct ChallengeSolution { - pub solution: Vec, +pub(super) struct ChallengeSolution { + pub(super) solution: Vec, } smlang::statemachine!( @@ -74,13 +76,13 @@ async fn register_key(db: &DatabasePool, pubkey: &authn::PublicKey) -> Result { +pub(super) struct AuthContext<'a, T: ?Sized> { pub(super) conn: &'a mut UserAgentConnection, pub(super) transport: &'a mut T, } impl<'a, T: ?Sized> AuthContext<'a, T> { - pub fn new(conn: &'a mut UserAgentConnection, transport: &'a mut T) -> Self { + pub(super) fn new(conn: &'a mut UserAgentConnection, transport: &'a mut T) -> Self { Self { conn, transport } } } diff --git a/server/crates/arbiter-server/src/peers/user_agent/mod.rs b/server/crates/arbiter-server/src/peers/user_agent/mod.rs index bd0b165..d1806ce 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/mod.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/mod.rs @@ -8,15 +8,16 @@ use crate::{ peers::client::ClientProfile, }; use arbiter_crypto::authn; - use arbiter_macros::Hashable; use arbiter_proto::transport::{Bi, Sender}; -pub use auth::authenticate; +use vault_gate::VaultGate; + use kameo::actor::{ActorRef, Spawn as _}; -pub use session::UserAgentSession; use tokio::sync::oneshot; use tracing::{error, warn}; -use vault_gate::VaultGate; + +pub use auth::authenticate; +pub use session::UserAgentSession; pub mod auth; pub mod session; @@ -179,7 +180,6 @@ where Ok(UserAgentSession::spawn(UserAgentSession::new( props.clone(), - creds, oob_sender, ))) } diff --git a/server/crates/arbiter-server/src/peers/user_agent/session/handlers.rs b/server/crates/arbiter-server/src/peers/user_agent/session/handlers.rs index 1fcbd74..d0c9d73 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/session/handlers.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/session/handlers.rs @@ -1,32 +1,21 @@ - -use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; -use arbiter_crypto::{ - authn, - safecell::SafeCellHandle as _, -}; -use chacha20poly1305::aead::KeyInit; -use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper}; -use diesel_async::{AsyncConnection, RunQueryDsl}; -use kameo::error::SendError; -use kameo::messages; -use kameo::prelude::Context; -use tracing::error; - -use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer; -use crate::actors::evm::{ +use super::{Error, UserAgentSession}; +use crate::{ + actors::evm::{ ClientSignTransaction, Generate, ListWallets, SignTransactionError as EvmSignError, UseragentCreateGrant, UseragentListGrants, - }; -use crate::db::models::{ - EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata, -}; -use crate::evm::policies::{Grant, SpecificGrant}; -use crate::{ + }, + actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer, actors::vault::VaultState, + db::models::{EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata}, + evm::policies::{Grant, SpecificGrant}, }; +use arbiter_crypto::authn; -use super::{Error, UserAgentSession}; - +use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; +use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper}; +use diesel_async::{AsyncConnection, RunQueryDsl}; +use kameo::{error::SendError, messages, prelude::Context}; +use tracing::error; #[derive(Debug, Error)] pub enum SignTransactionError { diff --git a/server/crates/arbiter-server/src/peers/user_agent/session/mod.rs b/server/crates/arbiter-server/src/peers/user_agent/session/mod.rs index d603bff..989303c 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/session/mod.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/session/mod.rs @@ -1,21 +1,18 @@ -use arbiter_crypto::authn; - -use std::{borrow::Cow, collections::HashMap}; - -use arbiter_proto::transport::Sender; -use kameo::{Actor, actor::ActorRef, messages}; -use thiserror::Error; -use tracing::error; - +use super::{OutOfBand, UserAgentConnection}; use crate::{ actors::{ flow_coordinator::client_connect_approval::ClientApprovalController, useragent_registry::ConnectUseragent, }, - peers::{client::ClientProfile, user_agent::Credentials}, + peers::client::ClientProfile, }; +use arbiter_crypto::authn; +use arbiter_proto::transport::Sender; -use super::{OutOfBand, UserAgentConnection}; +use kameo::{Actor, actor::ActorRef, messages}; +use std::{borrow::Cow, collections::HashMap}; +use thiserror::Error; +use tracing::error; #[derive(Debug, Error)] pub enum Error { @@ -53,7 +50,6 @@ pub struct PendingClientApproval { } pub struct UserAgentSession { - creds: Credentials, props: UserAgentConnection, sender: Box>, @@ -63,13 +59,8 @@ pub struct UserAgentSession { pub mod handlers; impl UserAgentSession { - pub(crate) fn new( - props: UserAgentConnection, - creds: Credentials, - sender: Box>, - ) -> Self { + pub(crate) fn new(props: UserAgentConnection, sender: Box>) -> Self { Self { - creds, props, sender, pending_client_approvals: Default::default(), diff --git a/server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs b/server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs index 03f0351..fe74c8c 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs @@ -1,14 +1,3 @@ -use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; -use chacha20poly1305::{AeadInPlace, KeyInit as _, XChaCha20Poly1305, XNonce}; -use kameo::{Actor, error::SendError, messages, prelude::Message}; -use kameo_actors::message_bus::Register; -use tokio::sync::oneshot; -use tracing::{error, info}; -use x25519_dalek::{EphemeralSecret, PublicKey, SharedSecret}; - -pub mod state; -use state::*; - use super::Credentials; use crate::{ actors::{ @@ -18,6 +7,17 @@ use crate::{ crypto::integrity::{self}, db::DatabasePool, }; +use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; +use state::*; + +use chacha20poly1305::{AeadInPlace, KeyInit as _, XChaCha20Poly1305, XNonce}; +use kameo::{Actor, error::SendError, messages, prelude::Message}; +use kameo_actors::message_bus::Register; +use tokio::sync::oneshot; +use tracing::{error, info}; +use x25519_dalek::{EphemeralSecret, PublicKey, SharedSecret}; + +pub mod state; #[derive(Debug, thiserror::Error)] pub enum Error { diff --git a/server/crates/arbiter-server/src/peers/user_agent/vault_gate/state.rs b/server/crates/arbiter-server/src/peers/user_agent/vault_gate/state.rs index cc38dff..2f4baff 100644 --- a/server/crates/arbiter-server/src/peers/user_agent/vault_gate/state.rs +++ b/server/crates/arbiter-server/src/peers/user_agent/vault_gate/state.rs @@ -1,10 +1,5 @@ - use x25519_dalek::{PublicKey, SharedSecret}; -pub struct Handshake { - client_pubkey: PublicKey, -} - #[derive(Default)] pub enum State { #[default] diff --git a/server/crates/arbiter-server/tests/client/auth.rs b/server/crates/arbiter-server/tests/client/auth.rs index b106d34..e0b866d 100644 --- a/server/crates/arbiter-server/tests/client/auth.rs +++ b/server/crates/arbiter-server/tests/client/auth.rs @@ -1,21 +1,23 @@ +use super::common::ChannelTransport; use arbiter_crypto::{ authn::{self, AuthChallenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}, }; -use arbiter_proto::ClientMetadata; -use arbiter_proto::transport::{Receiver, Sender}; +use arbiter_proto::{ + ClientMetadata, + transport::{Receiver, Sender}, +}; use arbiter_server::{ actors::{GlobalActors, vault::Bootstrap}, crypto::integrity, db::{self, schema}, peers::client::{ClientConnection, ClientCredentials, auth, connect_client}, }; + use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into}; use diesel_async::RunQueryDsl; use ml_dsa::{KeyGen, MlDsa87, SigningKey, VerifyingKey, signature::Keypair as _}; -use super::common::ChannelTransport; - fn metadata(name: &str, description: Option<&str>, version: Option<&str>) -> ClientMetadata { ClientMetadata { name: name.to_owned(), @@ -103,7 +105,7 @@ async fn spawn_test_actors(db: &db::DatabasePool) -> GlobalActors { #[tokio::test] #[test_log::test] -pub async fn test_unregistered_pubkey_rejected() { +async fn test_unregistered_pubkey_rejected() { let db = db::create_test_pool().await; let (server_transport, mut test_transport) = ChannelTransport::new(); @@ -130,7 +132,7 @@ pub async fn test_unregistered_pubkey_rejected() { #[tokio::test] #[test_log::test] -pub async fn test_challenge_auth() { +async fn test_challenge_auth() { let db = db::create_test_pool().await; let actors = spawn_test_actors(&db).await; @@ -197,7 +199,7 @@ pub async fn test_challenge_auth() { #[tokio::test] #[test_log::test] -pub async fn test_metadata_unchanged_does_not_append_history() { +async fn test_metadata_unchanged_does_not_append_history() { let db = db::create_test_pool().await; let actors = spawn_test_actors(&db).await; let new_key = MlDsa87::key_gen(&mut rand::rng()); @@ -254,7 +256,7 @@ pub async fn test_metadata_unchanged_does_not_append_history() { #[tokio::test] #[test_log::test] -pub async fn test_metadata_change_appends_history_and_repoints_binding() { +async fn test_metadata_change_appends_history_and_repoints_binding() { let db = db::create_test_pool().await; let actors = spawn_test_actors(&db).await; let new_key = MlDsa87::key_gen(&mut rand::rng()); @@ -341,7 +343,7 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() { #[tokio::test] #[test_log::test] -pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() { +async fn test_challenge_auth_rejects_integrity_tag_mismatch() { let db = db::create_test_pool().await; let actors = spawn_test_actors(&db).await; diff --git a/server/crates/arbiter-server/tests/common/mod.rs b/server/crates/arbiter-server/tests/common/mod.rs index d4aa438..4fe0465 100644 --- a/server/crates/arbiter-server/tests/common/mod.rs +++ b/server/crates/arbiter-server/tests/common/mod.rs @@ -11,7 +11,7 @@ use diesel_async::RunQueryDsl; use tokio::sync::mpsc; #[allow(dead_code)] -pub async fn bootstrapped_vault(db: &db::DatabasePool) -> Vault { +pub(crate) async fn bootstrapped_vault(db: &db::DatabasePool) -> Vault { let mut actor = Vault::new(db.clone(), GlobalActors::spawn_message_bus()) .await .unwrap(); @@ -23,7 +23,7 @@ pub async fn bootstrapped_vault(db: &db::DatabasePool) -> Vault { } #[allow(dead_code)] -pub async fn root_key_history_id(db: &db::DatabasePool) -> i32 { +pub(crate) async fn root_key_history_id(db: &db::DatabasePool) -> i32 { let mut conn = db.get().await.unwrap(); let id = schema::arbiter_settings::table .select(schema::arbiter_settings::root_key_id) @@ -34,14 +34,14 @@ pub async fn root_key_history_id(db: &db::DatabasePool) -> i32 { } #[allow(dead_code)] -pub struct ChannelTransport { +pub(crate) struct ChannelTransport { receiver: mpsc::Receiver, sender: mpsc::Sender, } impl ChannelTransport { #[allow(dead_code)] - pub fn new() -> (Self, ChannelTransport) { + pub(crate) fn new() -> (Self, ChannelTransport) { let (tx1, rx1) = mpsc::channel(10); let (tx2, rx2) = mpsc::channel(10); ( diff --git a/server/crates/arbiter-server/tests/user_agent/auth.rs b/server/crates/arbiter-server/tests/user_agent/auth.rs index 5c9c247..d215bba 100644 --- a/server/crates/arbiter-server/tests/user_agent/auth.rs +++ b/server/crates/arbiter-server/tests/user_agent/auth.rs @@ -1,8 +1,8 @@ +use super::common::ChannelTransport; use arbiter_crypto::{ authn::{self, AuthChallenge, USERAGENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}, }; - use arbiter_proto::transport::{Error as TransportError, Receiver, Sender}; use arbiter_server::{ actors::{GlobalActors, bootstrap::GetToken, vault::Bootstrap}, @@ -10,14 +10,13 @@ use arbiter_server::{ db::{self, schema}, peers::user_agent::{self, Credentials, UserAgentConnection, auth, vault_gate}, }; + use async_trait::async_trait; use diesel::{ExpressionMethods as _, QueryDsl, insert_into}; use diesel_async::RunQueryDsl; use ml_dsa::{KeyGen, MlDsa87, SigningKey, signature::Keypair as _}; use tokio::sync::mpsc; -use super::common::ChannelTransport; - fn sign_useragent_challenge( key: &SigningKey, challenge: &AuthChallenge, @@ -85,7 +84,10 @@ impl Receiver for StartServerTransport { #[async_trait] impl Sender> for StartServerTransport { - async fn send(&mut self, item: Result) -> Result<(), TransportError> { + async fn send( + &mut self, + item: Result, + ) -> Result<(), TransportError> { self.auth_tx .send(item) .await @@ -118,8 +120,11 @@ impl Sender> for StartServerTran } } -impl arbiter_proto::transport::Bi> - for StartServerTransport +impl + arbiter_proto::transport::Bi< + vault_gate::Inbound, + Result, + > for StartServerTransport { } @@ -142,7 +147,7 @@ impl Sender for StartTestTransport { #[tokio::test] #[test_log::test] -pub async fn test_bootstrap_token_auth() { +async fn test_bootstrap_token_auth() { let db = db::create_test_pool().await; let actors = GlobalActors::spawn(db.clone()).await.unwrap(); actors @@ -207,7 +212,7 @@ pub async fn test_bootstrap_token_auth() { #[tokio::test] #[test_log::test] -pub async fn test_bootstrap_invalid_token_auth() { +async fn test_bootstrap_invalid_token_auth() { let db = db::create_test_pool().await; let actors = GlobalActors::spawn(db.clone()).await.unwrap(); @@ -260,7 +265,7 @@ pub async fn test_bootstrap_invalid_token_auth() { #[tokio::test] #[test_log::test] -pub async fn test_challenge_auth() { +async fn test_challenge_auth() { let db = db::create_test_pool().await; let actors = GlobalActors::spawn(db.clone()).await.unwrap(); actors @@ -345,7 +350,7 @@ pub async fn test_challenge_auth() { #[tokio::test] #[test_log::test] -pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() { +async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() { let db = db::create_test_pool().await; let actors = GlobalActors::spawn(db.clone()).await.unwrap(); @@ -419,7 +424,7 @@ pub async fn test_challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() #[tokio::test] #[test_log::test] -pub async fn test_challenge_auth_rejects_invalid_signature() { +async fn test_challenge_auth_rejects_invalid_signature() { let db = db::create_test_pool().await; let actors = GlobalActors::spawn(db.clone()).await.unwrap(); actors diff --git a/server/crates/arbiter-server/tests/user_agent/unseal.rs b/server/crates/arbiter-server/tests/user_agent/unseal.rs index 6772b79..bae308a 100644 --- a/server/crates/arbiter-server/tests/user_agent/unseal.rs +++ b/server/crates/arbiter-server/tests/user_agent/unseal.rs @@ -82,7 +82,7 @@ async fn client_dh_encrypt( #[tokio::test] #[test_log::test] -pub async fn test_unseal_success() { +async fn test_unseal_success() { let seal_key = b"test-seal-key"; let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await; @@ -94,7 +94,7 @@ pub async fn test_unseal_success() { #[tokio::test] #[test_log::test] -pub async fn test_unseal_wrong_seal_key() { +async fn test_unseal_wrong_seal_key() { let (_db, gate, _promotion_rx) = setup_sealed_gate(b"correct-key").await; let encrypted_key = client_dh_encrypt(&gate, b"wrong-key").await; @@ -110,7 +110,7 @@ pub async fn test_unseal_wrong_seal_key() { #[tokio::test] #[test_log::test] -pub async fn test_unseal_corrupted_ciphertext() { +async fn test_unseal_corrupted_ciphertext() { let (_db, gate, _promotion_rx) = setup_sealed_gate(b"test-key").await; let client_secret = EphemeralSecret::random(); @@ -140,7 +140,7 @@ pub async fn test_unseal_corrupted_ciphertext() { #[tokio::test] #[test_log::test] -pub async fn test_unseal_retry_after_invalid_key() { +async fn test_unseal_retry_after_invalid_key() { let seal_key = b"real-seal-key"; let (_db, gate, _promotion_rx) = setup_sealed_gate(seal_key).await; diff --git a/server/crates/arbiter-server/tests/vault/concurrency.rs b/server/crates/arbiter-server/tests/vault/concurrency.rs index f6e8a88..ee84f4a 100644 --- a/server/crates/arbiter-server/tests/vault/concurrency.rs +++ b/server/crates/arbiter-server/tests/vault/concurrency.rs @@ -1,5 +1,4 @@ -use std::collections::{HashMap, HashSet}; - +use crate::common; use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; use arbiter_server::{ actors::{ @@ -12,10 +11,9 @@ use arbiter_server::{ use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::sql_query}; use diesel_async::RunQueryDsl; use kameo::actor::{ActorRef, Spawn as _}; +use std::collections::{HashMap, HashSet}; use tokio::task::JoinSet; -use crate::common; - async fn write_concurrently( actor: ActorRef, prefix: &'static str, diff --git a/server/crates/arbiter-server/tests/vault/lifecycle.rs b/server/crates/arbiter-server/tests/vault/lifecycle.rs index 77238c2..25017c4 100644 --- a/server/crates/arbiter-server/tests/vault/lifecycle.rs +++ b/server/crates/arbiter-server/tests/vault/lifecycle.rs @@ -1,3 +1,4 @@ +use crate::common; use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; use arbiter_server::{ actors::{ @@ -11,8 +12,6 @@ use arbiter_server::{ use diesel::{QueryDsl, SelectableHelper}; use diesel_async::RunQueryDsl; -use crate::common; - #[tokio::test] #[test_log::test] async fn test_bootstrap() { diff --git a/server/crates/arbiter-server/tests/vault/storage.rs b/server/crates/arbiter-server/tests/vault/storage.rs index ae6d3d3..391080f 100644 --- a/server/crates/arbiter-server/tests/vault/storage.rs +++ b/server/crates/arbiter-server/tests/vault/storage.rs @@ -1,5 +1,4 @@ -use std::collections::HashSet; - +use crate::common; use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _}; use arbiter_server::{ actors::vault::Error, @@ -9,8 +8,7 @@ use arbiter_server::{ use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::update}; use diesel_async::RunQueryDsl; - -use crate::common; +use std::collections::HashSet; #[tokio::test] #[test_log::test]