diff --git a/Cargo.lock b/Cargo.lock index 0f81c4a..32f4cf4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -76,13 +76,14 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +checksum = "cd7d5a2cecb58716e47d67d5703a249964b14c7be1ec3cad3affc295b2d1c35d" dependencies = [ "cfg-if", "once_cell", "version_check", + "zerocopy", ] [[package]] @@ -564,11 +565,11 @@ dependencies = [ [[package]] name = "borsh" -version = "1.3.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f58b559fd6448c6e2fd0adb5720cd98a2506594cafa4737ff98c396f3e82f667" +checksum = "dbe5b10e214954177fb1dc9fbd20a1a2608fe99e6c832033bdc7cea287a20d77" dependencies = [ - "borsh-derive 1.3.1", + "borsh-derive 1.5.0", "cfg_aliases", ] @@ -600,9 +601,9 @@ dependencies = [ [[package]] name = "borsh-derive" -version = "1.3.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7aadb5b6ccbd078890f6d7003694e33816e6b784358f18e15e7e6d9f065a57cd" +checksum = "d7a8646f94ab393e43e8b35a2558b1624bed28b97ee09c5d15456e3c9463f46d" dependencies = [ "once_cell", "proc-macro-crate 3.1.0", @@ -1449,7 +1450,7 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" dependencies = [ - "ahash 0.8.3", + "ahash 0.8.5", ] [[package]] @@ -1458,7 +1459,7 @@ version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" dependencies = [ - "ahash 0.8.3", + "ahash 0.8.5", "allocator-api2", ] @@ -1772,9 +1773,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.67" +version = "0.3.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a1d36f1235bc969acba30b7f5990b864423a6068a10f7c90ae8f0112e3a59d1" +checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" dependencies = [ "wasm-bindgen", ] @@ -2139,7 +2140,7 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "681030a937600a36906c185595136d26abfebb4aa9c65701cefcaf8578bb982b" dependencies = [ - "proc-macro-crate 1.3.1", + "proc-macro-crate 3.1.0", "proc-macro2", "quote", "syn 2.0.48", @@ -3094,7 +3095,7 @@ dependencies = [ "blake3", "borsh 0.10.3", "borsh 0.9.3", - "borsh 1.3.1", + "borsh 1.5.0", "bs58 0.4.0", "bv", "bytemuck", @@ -3171,7 +3172,7 @@ dependencies = [ "base64 0.21.7", "bincode", "bitflags 2.4.2", - "borsh 1.3.1", + "borsh 1.5.0", "bs58 0.4.0", "bytemuck", "byteorder", @@ -4041,9 +4042,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1223296a201415c7fad14792dbefaace9bd52b62d33453ade1c5b5f07555406" +checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -4051,9 +4052,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcdc935b63408d58a32f8cc9738a0bffd8f05cc7c002086c6ef20b7312ad9dcd" +checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" dependencies = [ "bumpalo", "log", @@ -4078,9 +4079,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e4c238561b2d428924c49815533a8b9121c664599558a5d9ec51f8a1740a999" +checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -4088,9 +4089,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7" +checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" dependencies = [ "proc-macro2", "quote", @@ -4101,9 +4102,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b" +checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" [[package]] name = "web-sys" @@ -4323,6 +4324,26 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "zerocopy" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "zeroize" version = "1.3.0" diff --git a/cli/src/main.rs b/cli/src/main.rs index 8747973..b62a76e 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -14,10 +14,7 @@ use jito_geyser_protos::solana::geyser::{ }; use prost_types::Timestamp; use solana_sdk::pubkey::Pubkey; -use tonic::{ - transport::{ClientTlsConfig, Endpoint}, - Streaming, -}; +use tonic::{transport::channel::Endpoint, Streaming}; use uuid::Uuid; #[derive(Parser, Debug)] @@ -72,12 +69,7 @@ async fn main() { let args: Args = Args::parse(); println!("args: {args:?}"); - let mut endpoint = Endpoint::from_str(&args.url).unwrap(); - if args.url.starts_with("https://") { - endpoint = endpoint - .tls_config(ClientTlsConfig::new()) - .expect("create tls config"); - } + let endpoint = Endpoint::from_str(&args.url).unwrap(); let channel = endpoint.connect().await.expect("connects"); diff --git a/server/src/geyser_grpc_plugin.rs b/server/src/geyser_grpc_plugin.rs index 7f199f1..5e7bb9a 100644 --- a/server/src/geyser_grpc_plugin.rs +++ b/server/src/geyser_grpc_plugin.rs @@ -1,5 +1,7 @@ //! Implements the geyser plugin interface. +use std::fs; +use std::sync::atomic::AtomicBool; use std::{ fs::File, io::Read, @@ -9,7 +11,6 @@ use std::{ }, time::SystemTime, }; -use std::sync::atomic::AtomicBool; use bs58; use crossbeam_channel::{bounded, Sender, TrySendError}; @@ -29,7 +30,10 @@ use solana_geyser_plugin_interface::geyser_plugin_interface::{ ReplicaTransactionInfoVersions, Result as PluginResult, SlotStatus, }; use tokio::{runtime::Runtime, sync::oneshot}; -use tonic::transport::Server; +use tonic::service::interceptor::InterceptedService; +use tonic::service::Interceptor; +use tonic::transport::{Identity, Server, ServerTlsConfig}; +use tonic::{Request, Status}; use crate::server::{GeyserService, GeyserServiceConfig}; @@ -47,7 +51,7 @@ pub struct PluginData { highest_write_slot: Arc, is_startup_completed: AtomicBool, - ignore_startup_updates: bool + ignore_startup_updates: bool, } #[derive(Default)] @@ -70,7 +74,7 @@ pub struct PluginConfig { pub slot_update_buffer_size: usize, pub block_update_buffer_size: usize, pub transaction_update_buffer_size: usize, - pub skip_startup_stream: Option + pub skip_startup_stream: Option, } impl GeyserPlugin for GeyserGrpcPlugin { @@ -114,7 +118,7 @@ impl GeyserPlugin for GeyserGrpcPlugin { bounded(config.transaction_update_buffer_size); let svc = GeyserService::new( - config.geyser_service_config, + config.geyser_service_config.clone(), account_update_rx, slot_update_rx, block_update_receiver, @@ -125,12 +129,27 @@ impl GeyserPlugin for GeyserGrpcPlugin { let runtime = Runtime::new().unwrap(); let (server_exit_tx, server_exit_rx) = oneshot::channel(); + let mut server_builder = Server::builder(); + let tls_config = config.geyser_service_config.tls_config.clone(); + let access_token = config.geyser_service_config.access_token.clone(); + if let Some(tls_config) = tls_config { + let cert = fs::read(&tls_config.cert_path)?; + let key = fs::read(&tls_config.key_path)?; + server_builder = server_builder + .tls_config(ServerTlsConfig::new().identity(Identity::from_pem(cert, key))) + .map_err(|e| GeyserPluginError::Custom(e.into()))?; + } + let server_builder_with_svc; + if let Some(access_token) = access_token { + let svc = InterceptedService::new(svc, AccessTokenChecker::new(access_token)); + server_builder_with_svc = server_builder.add_service(svc); + } else { + server_builder_with_svc = server_builder.add_service(svc); + } runtime.spawn( - Server::builder() - .add_service(svc) - .serve_with_shutdown(addr, async move { - let _ = server_exit_rx.await; - }), + server_builder_with_svc.serve_with_shutdown(addr, async move { + let _ = server_exit_rx.await; + }), ); self.data = Some(PluginData { @@ -143,7 +162,7 @@ impl GeyserPlugin for GeyserGrpcPlugin { highest_write_slot, is_startup_completed: AtomicBool::new(false), // don't skip startup to keep backwards compatability - ignore_startup_updates: config.skip_startup_stream.unwrap_or(false) + ignore_startup_updates: config.skip_startup_stream.unwrap_or(false), }); info!("plugin data initialized"); @@ -161,7 +180,11 @@ impl GeyserPlugin for GeyserGrpcPlugin { } fn notify_end_of_startup(&self) -> PluginResult<()> { - self.data.as_ref().unwrap().is_startup_completed.store(true, Ordering::Relaxed); + self.data + .as_ref() + .unwrap() + .is_startup_completed + .store(true, Ordering::Relaxed); Ok(()) } @@ -459,3 +482,23 @@ pub unsafe extern "C" fn _create_plugin() -> *mut dyn GeyserPlugin { let plugin: Box = Box::new(plugin); Box::into_raw(plugin) } + +#[derive(Clone)] +struct AccessTokenChecker { + access_token: String, +} + +impl AccessTokenChecker { + fn new(access_token: String) -> Self { + Self { access_token } + } +} + +impl Interceptor for AccessTokenChecker { + fn call(&mut self, req: Request<()>) -> Result, Status> { + match req.metadata().get("access-token") { + Some(t) if &self.access_token == t => Ok(req), + _ => Err(Status::unauthenticated("Access token is incorrect")), + } + } +} diff --git a/server/src/server.rs b/server/src/server.rs index 70ba47b..6465e85 100644 --- a/server/src/server.rs +++ b/server/src/server.rs @@ -282,6 +282,12 @@ pub enum GeyserServiceError { type GeyserServiceResult = Result; +#[derive(Debug, Clone, Deserialize)] +pub struct ServerTlsConfig { + pub cert_path: String, + pub key_path: String, +} + #[derive(Clone, Debug, Deserialize)] pub struct GeyserServiceConfig { /// Cadence of heartbeats. @@ -289,6 +295,9 @@ pub struct GeyserServiceConfig { /// Individual subscriber buffer size. subscriber_buffer_size: usize, + + pub tls_config: Option, + pub access_token: Option, } pub struct GeyserService {