From 46040f9779e7dddb095ea5eedb6af535b07bf589 Mon Sep 17 00:00:00 2001 From: Martin Stefcek Date: Tue, 21 Jan 2025 13:12:04 +0100 Subject: [PATCH 1/5] feat: add google oauth (zklogin) behind feature flag --- atoma-auth/Cargo.toml | 3 + atoma-auth/src/auth.rs | 71 +++++++++++++------ atoma-auth/src/config.rs | 4 +- atoma-auth/src/lib.rs | 1 + atoma-proxy-service/Cargo.toml | 3 + atoma-proxy-service/docs/openapi.yml | 64 ++++++++--------- atoma-proxy-service/src/components/openapi.rs | 38 +++++++--- atoma-proxy-service/src/handlers/auth.rs | 11 ++- atoma-proxy/Cargo.toml | 4 ++ 9 files changed, 130 insertions(+), 69 deletions(-) diff --git a/atoma-auth/Cargo.toml b/atoma-auth/Cargo.toml index 9a6ef87c..ad4b27f9 100644 --- a/atoma-auth/Cargo.toml +++ b/atoma-auth/Cargo.toml @@ -32,3 +32,6 @@ sui-sdk-types = { workspace = true, features = ["serde"] } thiserror.workspace = true tokio.workspace = true tracing.workspace = true + +[features] +google-oauth = [] diff --git a/atoma-auth/src/auth.rs b/atoma-auth/src/auth.rs index 6c72dfc6..3c6b6c59 100644 --- a/atoma-auth/src/auth.rs +++ b/atoma-auth/src/auth.rs @@ -1,5 +1,10 @@ -use std::{collections::HashMap, str::FromStr, sync::Arc}; +#[cfg(feature = "google-oauth")] +use std::collections::HashMap; +use std::{str::FromStr, sync::Arc}; +#[cfg(feature = "google-oauth")] +use crate::google::{self, fetch_google_public_keys}; +use crate::{AtomaAuthConfig, Sui}; use atoma_state::{types::AtomaAtomaStateManagerEvent, AtomaStateManagerError}; use atoma_utils::hashing::blake2b_hash; use blake2::{ @@ -14,28 +19,29 @@ use fastcrypto::{ secp256r1::{Secp256r1PublicKey, Secp256r1Signature}, traits::{ToFromBytes, VerifyingKey}, }; +#[cfg(feature = "google-oauth")] use fastcrypto_zkp::zk_login_utils::Bn254FrElement; use flume::Sender; -use jsonwebtoken::{decode, encode, Algorithm, DecodingKey, EncodingKey, Header, Validation}; +#[cfg(feature = "google-oauth")] +use jsonwebtoken::Algorithm; +use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation}; use rand::Rng; use serde::{Deserialize, Serialize}; use shared_crypto::intent::{Intent, IntentMessage, PersonalMessage}; +#[cfg(feature = "google-oauth")] +use sui_sdk::types::crypto::ZkLoginPublicIdentifier; use sui_sdk::types::{ base_types::SuiAddress, - crypto::{PublicKey, Signature, SignatureScheme, SuiSignature, ZkLoginPublicIdentifier}, + crypto::{PublicKey, Signature, SignatureScheme, SuiSignature}, object::Owner, TypeTag, }; +#[cfg(feature = "google-oauth")] use sui_sdk_types::{SimpleSignature, UserSignature}; use thiserror::Error; use tokio::sync::{oneshot, RwLock}; use tracing::{error, instrument}; -use crate::{ - google::{self, fetch_google_public_keys}, - AtomaAuthConfig, Sui, -}; - /// The length of the API token const API_TOKEN_LENGTH: usize = 30; @@ -92,8 +98,12 @@ pub enum AuthError { SenderOrReceiverNotFound, #[error("The payment is not for this user")] PaymentNotForThisUser, + #[cfg(feature = "google-oauth")] #[error("Google error: {0}")] GoogleError(#[from] crate::google::GoogleError), + #[cfg(not(feature = "google-oauth"))] + #[error("ZkLogin not enabled")] + ZkLoginNotEnabled, } type Result = std::result::Result; @@ -110,8 +120,10 @@ pub struct Auth { state_manager_sender: Sender, /// The sui client sui: Arc>, + #[cfg(feature = "google-oauth")] /// GooglePublicKeys google_public_keys: HashMap, + #[cfg(feature = "google-oauth")] /// Google client id google_client_id: String, } @@ -123,6 +135,7 @@ impl Auth { state_manager_sender: Sender, sui: Arc>, ) -> Result { + #[cfg(feature = "google-oauth")] let google_public_keys = fetch_google_public_keys().await?; Ok(Self { secret_key: config.secret_key, @@ -130,7 +143,9 @@ impl Auth { refresh_token_lifetime: config.refresh_token_lifetime, state_manager_sender, sui, + #[cfg(feature = "google-oauth")] google_public_keys, + #[cfg(feature = "google-oauth")] google_client_id: config.google_client_id, }) } @@ -332,6 +347,7 @@ impl Auth { /// This method will check the google oauth token and generate a new refresh and access token /// The method will check if the email is present in the claims and store the user in the DB /// The method will generate a new refresh and access tokens + #[cfg(feature = "google-oauth")] #[instrument(level = "info", skip(self))] pub async fn check_google_id_token(&self, id_token: &str) -> Result<(String, String)> { let claims = google::verify_google_id_token( @@ -560,6 +576,7 @@ impl Auth { /// /// * If the signature is not a zk_login signature /// * If the signature is not valid + #[cfg(feature = "google-oauth")] #[instrument(level = "info")] async fn get_zk_address(zk_login_signature: &str, tx_digest: &str) -> Result { let user_signature = UserSignature::from_base64(zk_login_signature)?; @@ -706,6 +723,7 @@ impl Auth { // The signature is coming from the frontend where the user used his zk credentials to sign the transaction digest as a personal message (digest of the transaction). // Now we need to prove that it was the digest he is trying to claim. And if the sui address from the signature is matching the address in the usdc payment transaction. match zk_proof_signature { + #[cfg(feature = "google-oauth")] Some(signature) => { if sender.to_string() != Self::get_zk_address(&signature, transaction_digest).await? @@ -713,6 +731,10 @@ impl Auth { return Err(AuthError::PaymentNotForThisUser); } } + #[cfg(not(feature = "google-oauth"))] + Some(_) => { + return Err(AuthError::ZkLoginNotEnabled); + } None => { let (result_sender, result_receiver) = oneshot::channel(); self.state_manager_sender @@ -772,15 +794,10 @@ mod test { use atoma_state::types::AtomaAtomaStateManagerEvent; use atoma_sui::AtomaSuiConfig; - use chrono::Utc; use flume::Receiver; - use jsonwebtoken::{decode_header, encode, Algorithm, DecodingKey, EncodingKey, Header}; - use rand::rngs::OsRng; - use rsa::{RsaPrivateKey, RsaPublicKey}; use tokio::sync::RwLock; - use crate::google::ISS; - use crate::{google, AtomaAuthConfig}; + use crate::AtomaAuthConfig; use super::Auth; use std::env; @@ -870,8 +887,13 @@ active_address: "0x939cfcc7fcbc71ce983203bcb36fa498901932ab9293dfa2b271203e71603 } async fn setup_test() -> (Auth, Receiver) { - let config = - AtomaAuthConfig::new("secret".to_string(), 1, 1, "google_client_id".to_string()); + let config = AtomaAuthConfig::new( + "secret".to_string(), + 1, + 1, + #[cfg(feature = "google-oauth")] + "google_client_id".to_string(), + ); let (state_manager_sender, state_manager_receiver) = flume::unbounded(); let sui_config = AtomaSuiConfig::from_file_path(get_config_path()); @@ -997,8 +1019,12 @@ active_address: "0x939cfcc7fcbc71ce983203bcb36fa498901932ab9293dfa2b271203e71603 } } + #[cfg(feature = "google-oauth")] #[tokio::test] async fn google_login() { + use crate::google::{Claims, ISS}; + use chrono::Utc; + use jsonwebtoken::{encode, Algorithm, DecodingKey, EncodingKey, Header}; let (mut auth, receiver) = setup_test().await; let mock_handle = tokio::task::spawn(async move { // First event is for the user to log in to get the tokens @@ -1031,9 +1057,6 @@ active_address: "0x939cfcc7fcbc71ce983203bcb36fa498901932ab9293dfa2b271203e71603 _ => panic!("Unexpected event"), } }); - // let private_key = RsaPrivateKey::new(&mut OsRng, 2048).expect("Failed to generate a key"); - // let public_key = RsaPublicKey::from(&private_key); - // (private_key, public_key); let encoding_key = EncodingKey::from_secret("fake secret".as_bytes()); auth.google_public_keys.insert( "kid".to_string(), @@ -1042,12 +1065,14 @@ active_address: "0x939cfcc7fcbc71ce983203bcb36fa498901932ab9293dfa2b271203e71603 Algorithm::HS256, ), ); - let mut header = Header::default(); - header.kid = Some("kid".to_string()); - header.alg = Algorithm::HS256; + let header = Header { + kid: Some("kid".to_string()), + alg: Algorithm::HS256, + ..Default::default() + }; let id_token = encode( &header, - &google::Claims::new( + &Claims::new( ISS, "sub", "google_client_id", diff --git a/atoma-auth/src/config.rs b/atoma-auth/src/config.rs index 085b1b8c..1e354345 100644 --- a/atoma-auth/src/config.rs +++ b/atoma-auth/src/config.rs @@ -12,6 +12,7 @@ pub struct AtomaAuthConfig { /// The refresh token lifetime in days. pub refresh_token_lifetime: usize, /// Google client id. + #[cfg(feature = "google-oauth")] pub google_client_id: String, } @@ -21,12 +22,13 @@ impl AtomaAuthConfig { secret_key: String, access_token_lifetime: usize, refresh_token_lifetime: usize, - google_client_id: String, + #[cfg(feature = "google-oauth")] google_client_id: String, ) -> Self { Self { secret_key, access_token_lifetime, refresh_token_lifetime, + #[cfg(feature = "google-oauth")] google_client_id, } } diff --git a/atoma-auth/src/lib.rs b/atoma-auth/src/lib.rs index 39ffda34..486f25fe 100644 --- a/atoma-auth/src/lib.rs +++ b/atoma-auth/src/lib.rs @@ -1,5 +1,6 @@ mod auth; mod config; +#[cfg(feature = "google-oauth")] mod google; mod sui; diff --git a/atoma-proxy-service/Cargo.toml b/atoma-proxy-service/Cargo.toml index b1eaaca0..f371f667 100644 --- a/atoma-proxy-service/Cargo.toml +++ b/atoma-proxy-service/Cargo.toml @@ -23,3 +23,6 @@ tracing-subscriber.workspace = true tracing.workspace = true utoipa = { workspace = true, features = ["axum_extras"] } utoipa-swagger-ui = { workspace = true } + +[features] +google-oauth = ["atoma-auth/google-oauth"] diff --git a/atoma-proxy-service/docs/openapi.yml b/atoma-proxy-service/docs/openapi.yml index acb01c96..67cd8b3b 100644 --- a/atoma-proxy-service/docs/openapi.yml +++ b/atoma-proxy-service/docs/openapi.yml @@ -252,38 +252,6 @@ paths: description: Failed to get sui address security: - bearerAuth: [] - /google_oauth: - post: - tags: - - Auth - summary: |- - Logs in a user with the proxy service using Google OAuth. - This endpoint is used to verify a Google ID token and return an access token. - description: |- - # Arguments - - * `proxy_service_state` - The shared state containing the state manager - * `body` - The request body containing the Google ID token - - # Returns - - * `Result>` - A JSON response containing the access and refresh tokens - operationId: google_oauth - requestBody: - content: - text/plain: - schema: - type: string - required: true - responses: - '200': - description: Logs in a user with Google OAuth - content: - text/plain: - schema: - type: string - '500': - description: Failed to verify Google ID token /current_stacks: get: tags: @@ -615,6 +583,38 @@ paths: schema: {} '500': description: Failed to get node distribution + /google_oauth: + post: + tags: + - Auth + summary: |- + Logs in a user with the proxy service using Google OAuth. + This endpoint is used to verify a Google ID token and return an access token. + description: |- + # Arguments + + * `proxy_service_state` - The shared state containing the state manager + * `body` - The request body containing the Google ID token + + # Returns + + * `Result>` - A JSON response containing the access and refresh tokens + operationId: google_oauth + requestBody: + content: + text/plain: + schema: + type: string + required: true + responses: + '200': + description: Logs in a user with Google OAuth + content: + text/plain: + schema: + type: string + '500': + description: Failed to verify Google ID token components: schemas: AuthRequest: diff --git a/atoma-proxy-service/src/components/openapi.rs b/atoma-proxy-service/src/components/openapi.rs index 3d0879cf..130821d6 100644 --- a/atoma-proxy-service/src/components/openapi.rs +++ b/atoma-proxy-service/src/components/openapi.rs @@ -5,15 +5,16 @@ use utoipa::{ }; use utoipa_swagger_ui::SwaggerUi; +#[cfg(feature = "google-oauth")] +use crate::handlers::auth::{GoogleOAuth, GOOGLE_OAUTH_PATH}; use crate::{ handlers::{ auth::{ GenerateApiTokenOpenApi, GetAllApiTokensOpenApi, GetBalance, GetSalt, GetSuiAddress, - GetUserProfile, GoogleOAuth, LoginOpenApi, RegisterOpenApi, RevokeApiTokenOpenApi, - UpdateSuiAddress, UsdcPayment, GENERATE_API_TOKEN_PATH, GET_ALL_API_TOKENS_PATH, - GET_BALANCE_PATH, GET_SALT_PATH, GET_SUI_ADDRESS_PATH, GET_USER_PROFILE_PATH, - GOOGLE_OAUTH_PATH, LOGIN_PATH, REGISTER_PATH, REVOKE_API_TOKEN_PATH, - UPDATE_SUI_ADDRESS_PATH, USDC_PAYMENT_PATH, + GetUserProfile, LoginOpenApi, RegisterOpenApi, RevokeApiTokenOpenApi, UpdateSuiAddress, + UsdcPayment, GENERATE_API_TOKEN_PATH, GET_ALL_API_TOKENS_PATH, GET_BALANCE_PATH, + GET_SALT_PATH, GET_SUI_ADDRESS_PATH, GET_USER_PROFILE_PATH, LOGIN_PATH, REGISTER_PATH, + REVOKE_API_TOKEN_PATH, UPDATE_SUI_ADDRESS_PATH, USDC_PAYMENT_PATH, }, stacks::{ GetCurrentStacksOpenApi, GetStacksByUserId, GET_ALL_STACKS_FOR_USER_PATH, @@ -44,7 +45,6 @@ pub fn openapi_router() -> Router { (path = UPDATE_SUI_ADDRESS_PATH, api = UpdateSuiAddress, tags = ["Auth"]), (path = USDC_PAYMENT_PATH, api = UsdcPayment, tags = ["Auth"]), (path = GET_SUI_ADDRESS_PATH, api = GetSuiAddress, tags = ["Auth"]), - (path = GOOGLE_OAUTH_PATH, api = GoogleOAuth, tags = ["Auth"]), (path = GET_CURRENT_STACKS_PATH, api = GetCurrentStacksOpenApi, tags = ["Stacks"]), (path = GET_ALL_STACKS_FOR_USER_PATH, api = GetStacksByUserId, tags = ["Stacks"]), (path = GET_BALANCE_PATH, api = GetBalance, tags = ["Auth"]), @@ -71,6 +71,22 @@ pub fn openapi_router() -> Router { )] struct ApiDoc; + #[cfg(feature = "google-oauth")] + #[derive(OpenApi)] + #[openapi( + modifiers(&SecurityAddon), + nest( + (path = GOOGLE_OAUTH_PATH, api = GoogleOAuth, tags = ["Auth"]), + ), + tags( + (name = "Auth", description = "Authentication and API token management"), + ), + servers( + (url = "http://localhost:8081", description = "Local server"), + ) + )] + struct GoogleOAuthApiDoc; + struct SecurityAddon; impl Modify for SecurityAddon { @@ -84,14 +100,17 @@ pub fn openapi_router() -> Router { } } + let openapi = ApiDoc::openapi(); + #[cfg(feature = "google-oauth")] + let openapi = openapi.merge_from(GoogleOAuthApiDoc::openapi()); + // Generate the OpenAPI spec and write it to a file in debug mode #[cfg(debug_assertions)] { use std::fs; use std::path::Path; - let spec = - serde_yaml::to_string(&ApiDoc::openapi()).expect("Failed to serialize OpenAPI spec"); + let spec = serde_yaml::to_string(&openapi).expect("Failed to serialize OpenAPI spec"); let docs_dir = Path::new(env!("CARGO_MANIFEST_DIR")).join("docs"); fs::create_dir_all(&docs_dir).expect("Failed to create docs directory"); @@ -102,6 +121,5 @@ pub fn openapi_router() -> Router { println!("OpenAPI spec written to: {:?}", spec_path); } - Router::new() - .merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi())) + Router::new().merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", openapi)) } diff --git a/atoma-proxy-service/src/handlers/auth.rs b/atoma-proxy-service/src/handlers/auth.rs index 80fef5c2..835e6c9d 100644 --- a/atoma-proxy-service/src/handlers/auth.rs +++ b/atoma-proxy-service/src/handlers/auth.rs @@ -49,6 +49,7 @@ pub(crate) const GET_USER_PROFILE_PATH: &str = "/user_profile"; /// Set user's salt endpoint. pub(crate) const GET_SALT_PATH: &str = "/salt"; +#[cfg(feature = "google-oauth")] /// The path for the google_oauth endpoint. pub(crate) const GOOGLE_OAUTH_PATH: &str = "/google_oauth"; @@ -68,7 +69,7 @@ pub(crate) struct GetAllApiTokensOpenApi; /// # Returns /// * `Router` - A router with the auth endpoints pub(crate) fn auth_router() -> Router { - Router::new() + let router = Router::new() .route(GET_ALL_API_TOKENS_PATH, get(get_all_api_tokens)) .route(GENERATE_API_TOKEN_PATH, get(generate_api_token)) .route(REVOKE_API_TOKEN_PATH, post(revoke_api_token)) @@ -79,8 +80,10 @@ pub(crate) fn auth_router() -> Router { .route(GET_SUI_ADDRESS_PATH, get(get_sui_address)) .route(GET_BALANCE_PATH, get(get_balance)) .route(GET_USER_PROFILE_PATH, get(get_user_profile)) - .route(GET_SALT_PATH, get(get_salt)) - .route(GOOGLE_OAUTH_PATH, post(google_oauth)) + .route(GET_SALT_PATH, get(get_salt)); + #[cfg(feature = "google-oauth")] + let router = router.route(GOOGLE_OAUTH_PATH, post(google_oauth)); + router } fn get_jwt_from_headers(headers: &HeaderMap) -> Result<&str> { @@ -336,6 +339,7 @@ pub(crate) async fn login( /// This struct is used to generate OpenAPI documentation for the google_oauth /// endpoint. It uses the `utoipa` crate's derive macro to automatically generate /// the OpenAPI specification from the code. +#[cfg(feature = "google-oauth")] #[derive(OpenApi)] #[openapi(paths(google_oauth))] pub(crate) struct GoogleOAuth; @@ -351,6 +355,7 @@ pub(crate) struct GoogleOAuth; /// # Returns /// /// * `Result>` - A JSON response containing the access and refresh tokens +#[cfg(feature = "google-oauth")] #[utoipa::path( post, path = "", diff --git a/atoma-proxy/Cargo.toml b/atoma-proxy/Cargo.toml index c736031a..59cc19d0 100644 --- a/atoma-proxy/Cargo.toml +++ b/atoma-proxy/Cargo.toml @@ -42,3 +42,7 @@ tokenizers.workspace = true tower = { workspace = true } utoipa = { workspace = true, features = ["axum_extras", "preserve_path_order"] } utoipa-swagger-ui = { workspace = true, features = ["axum"] } + +[features] +default = ["google-oauth"] +google-oauth = ["atoma-auth/google-oauth", "atoma-proxy-service/google-oauth"] From 53497a19845092d0c25ea7cd56ace20f7ce8a429 Mon Sep 17 00:00:00 2001 From: Martin Stefcek Date: Tue, 21 Jan 2025 14:12:08 +0100 Subject: [PATCH 2/5] add google_client_id to readme.md config example --- README.md | 1 + config.example.toml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 767c6dfb..3a7d7e50 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,7 @@ service_bind_address = "0.0.0.0:8081" secret_key = "secret_key" # Secret key for the tokens generation access_token_lifetime = 1 # In minutes refresh_token_lifetime = 1 # In days +google_client_id="" # Google client id for google login (In case google-oauth feature is enabled) ``` 4. Create required directories diff --git a/config.example.toml b/config.example.toml index edfb3cbe..cf397d69 100644 --- a/config.example.toml +++ b/config.example.toml @@ -32,4 +32,4 @@ service_bind_address = "0.0.0.0:8081" secret_key = "secret_key" # Secret key for the tokens generation access_token_lifetime = 1 # In minutes refresh_token_lifetime = 1 # In days -google_client_id="" # Google client id for google login +google_client_id="" # Google client id for google login (In case google-oauth feature is enabled) From f2534dd35c894b2354db4fc18264168d96629ac7 Mon Sep 17 00:00:00 2001 From: Martin Stefcek Date: Tue, 21 Jan 2025 16:17:30 +0100 Subject: [PATCH 3/5] update dockerfile --- .github/workflows/release.yml | 16 +++++++++++++++- Dockerfile | 8 +++++++- README.md | 4 ++++ docker-compose.yaml | 17 ++++++++++++++--- 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e484fb75..01325705 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,12 +35,26 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push Docker image + - name: Build and push Local Docker image uses: docker/build-push-action@v5 with: context: . push: true platforms: linux/amd64,linux/arm64 + build-args: + PROFILE=local + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:local-latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} + + - name: Build and push Cloud Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + build-args: + PROFILE=cloud tags: | ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} diff --git a/Dockerfile b/Dockerfile index b7ea845a..8e4c8aea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ ARG TARGETARCH # Trace level argument ARG TRACE_LEVEL +ARG PROFILE # Install build dependencies RUN apt-get update && apt-get install -y \ @@ -21,8 +22,13 @@ WORKDIR /usr/src/atoma-proxy COPY . . + # Compile -RUN RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy +RUN if [ "$PROFILE" = "local" ]; then \ + RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy --no-default-features; \ + else \ + RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy; \ + fi # Final stage FROM --platform=$TARGETPLATFORM debian:bullseye-slim diff --git a/README.md b/README.md index 3a7d7e50..430c816a 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,10 @@ The deployment consists of two main services: - **PostgreSQL**: Manages the database for the Atoma Proxy - **Atoma Proxy**: Manages the proxy operations and connects to the Atoma Network +#### Profiles +- local - this is for targeting the local deployment of the proxy +- cloud - has the same features as the local, but also enables zklogin using google oauth + #### Service URLs - Atoma Proxy: `http://localhost:8080` (configured via ATOMA_PROXY_PORT). This is the main service that you will use to interact with the Atoma Network, via an diff --git a/docker-compose.yaml b/docker-compose.yaml index 5f416e8a..90d9ef91 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,10 +1,9 @@ # Base configurations that are common between environments x-atoma-proxy-base: &atoma-proxy-base - image: ghcr.io/atoma-network/atoma-proxy:latest - build: + build: &atoma-proxy-base-build context: . dockerfile: Dockerfile - args: + args: &atoma-proxy-base-build-args TRACE_LEVEL: ${TRACE_LEVEL:-info} volumes: - ${CONFIG_PATH:-./config.toml}:/app/config.toml @@ -70,6 +69,12 @@ services: atoma-proxy-local: profiles: ["local"] <<: *atoma-proxy-base + image: ghcr.io/atoma-network/atoma-proxy:local-latest + build: + <<: *atoma-proxy-base-build + args: + <<: *atoma-proxy-base-build-args + PROFILE: local ports: - "${ATOMA_SERVICE_PORT:-8080}:8080" - "${ATOMA_PROXY_SERVICE_PORT:-8081}:8081" @@ -78,6 +83,12 @@ services: atoma-proxy-cloud: profiles: ["cloud"] <<: *atoma-proxy-base + image: ghcr.io/atoma-network/atoma-proxy:latest + build: + <<: *atoma-proxy-base-build + args: + <<: *atoma-proxy-base-build-args + PROFILE: cloud labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`api.atoma.network`)" From b3a07e3a3edd581d9aa4f8a2fbef7a837a0c955f Mon Sep 17 00:00:00 2001 From: Martin Stefcek Date: Tue, 21 Jan 2025 16:22:27 +0100 Subject: [PATCH 4/5] change default features --- Dockerfile | 4 ++-- atoma-proxy/Cargo.toml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8e4c8aea..7b4c2ef8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,8 @@ COPY . . # Compile -RUN if [ "$PROFILE" = "local" ]; then \ - RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy --no-default-features; \ +RUN if [ "$PROFILE" = "cloud" ]; then \ + RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy --features google-oauth; \ else \ RUST_LOG=${TRACE_LEVEL} cargo build --release --bin atoma-proxy; \ fi diff --git a/atoma-proxy/Cargo.toml b/atoma-proxy/Cargo.toml index 59cc19d0..6ecaa0c4 100644 --- a/atoma-proxy/Cargo.toml +++ b/atoma-proxy/Cargo.toml @@ -44,5 +44,4 @@ utoipa = { workspace = true, features = ["axum_extras", "preserve_path_order"] } utoipa-swagger-ui = { workspace = true, features = ["axum"] } [features] -default = ["google-oauth"] google-oauth = ["atoma-auth/google-oauth", "atoma-proxy-service/google-oauth"] From 9317808bfffd9a51bc24ced6807f7a02198c6ae5 Mon Sep 17 00:00:00 2001 From: Martin Stefcek Date: Tue, 21 Jan 2025 16:35:48 +0100 Subject: [PATCH 5/5] address comments --- README.md | 2 +- config.example.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 430c816a..b542e91e 100644 --- a/README.md +++ b/README.md @@ -142,7 +142,7 @@ The deployment consists of two main services: #### Profiles - local - this is for targeting the local deployment of the proxy -- cloud - has the same features as the local, but also enables zklogin using google oauth +- cloud - this is when the proxy is being deployed as a service. It has a zklogin (google oauth) feature enabled, which is not available for the local option. #### Service URLs diff --git a/config.example.toml b/config.example.toml index cf397d69..eb78b66c 100644 --- a/config.example.toml +++ b/config.example.toml @@ -32,4 +32,4 @@ service_bind_address = "0.0.0.0:8081" secret_key = "secret_key" # Secret key for the tokens generation access_token_lifetime = 1 # In minutes refresh_token_lifetime = 1 # In days -google_client_id="" # Google client id for google login (In case google-oauth feature is enabled) +google_client_id="" # required only when google-oauth feature is enabled. Google client id for google login.