[AppGate] Implement the MVP AppGateServer

pkg/appgateserver/cmd/cmd.go

@@ -86,17 +86,6 @@ func runAppGateServer(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("failed to parse listening endpoint: %w", err)
 	}
 
-	// Obtain the comet websocket endpoint from the client context.
-	cometWSUrl, err := url.Parse(clientCtx.NodeURI + "/websocket")
-	if err != nil {
-		return fmt.Errorf("failed to parse block query URL: %w", err)
-	}
-	cometWSUrl.Scheme = "ws"
-	// If the comet websocket URL is not provided, use the one from the client context.
-	if flagCometWebsocketUrl == "" {
-		flagCometWebsocketUrl = cometWSUrl.String()
-	}
-
 	log.Printf("INFO: Creating block client, using comet websocket URL: %s...", flagCometWebsocketUrl)
 
 	// Create the block client with its dependency on the events client.

pkg/appgateserver/jsonrpc.go

@@ -88,7 +88,7 @@ func (app *appGateServer) handleJSONRPCRelay(
 	}
 
 	// Perform the HTTP request to the relayer.
-	log.Printf("DEBUG: Sending relay request to %s", supplierUrl)
+	log.Printf("DEBUG: Sending signed relay request to %s", supplierUrl)
 	relayHTTPResponse, err := http.DefaultClient.Do(relayHTTPRequest)
 	if err != nil {
 		return err
@@ -112,6 +112,7 @@ func (app *appGateServer) handleJSONRPCRelay(
 	// as in some relayer early failures, it may not be signed by the supplier.
 	// TODO_IMPROVE: Add more logging & telemetry so we can get visibility and signal into
 	// failed responses.
+	log.Println("DEBUG: Verifying signed relay response from...")
 	if err := app.verifyResponse(ctx, supplierAddress, relayResponse); err != nil {
 		return err
 	}

pkg/appgateserver/options.go

@@ -4,7 +4,7 @@ import (
 	"net/url"
 )
 
-// WithSigningInformation sets the signing key and app address for server.
+// WithSigningInformation sets the signing key and app address for the server.
 func WithSigningInformation(signingInfo *SigningInformation) appGateServerOption {
 	return func(appGateServer *appGateServer) {
 		appGateServer.signingInformation = signingInfo

pkg/appgateserver/relay_verifier.go

@@ -17,13 +17,13 @@ func (app *appGateServer) verifyResponse(
 	relayResponse *types.RelayResponse,
 ) error {
 	// Get the supplier's public key.
-	pubKey, err := app.getSupplierPubKeyFromAddress(ctx, supplierAddress)
+	supplierPubKey, err := app.getSupplierPubKeyFromAddress(ctx, supplierAddress)
 	if err != nil {
 		return err
 	}
 
 	// Extract the supplier's signature
-	signature := relayResponse.Meta.SupplierSignature
+	supplierSignature := relayResponse.Meta.SupplierSignature
 
 	// Get the relay response signable bytes and hash them.
 	responseBz, err := relayResponse.GetSignableBytes()
@@ -33,7 +33,7 @@ func (app *appGateServer) verifyResponse(
 	hash := crypto.Sha256(responseBz)
 
 	// Verify the relay response signature.
-	if !pubKey.VerifySignature(hash, signature) {
+	if !supplierPubKey.VerifySignature(hash, supplierSignature) {
 		return ErrAppGateInvalidRelayResponseSignature
 	}
 
@@ -46,9 +46,9 @@ func (app *appGateServer) getSupplierPubKeyFromAddress(
 	ctx context.Context,
 	supplierAddress string,
 ) (cryptotypes.PubKey, error) {
-	pubKey, ok := app.supplierAccountCache[supplierAddress]
+	supplierPubKey, ok := app.supplierAccountCache[supplierAddress]
 	if ok {
-		return pubKey, nil
+		return supplierPubKey, nil
 	}
 
 	// Query for the supplier account to get the application's public key

pkg/appgateserver/rings.go

@@ -41,7 +41,7 @@ func (app *appGateServer) getRingSingerForAppAddress(ctx context.Context, appAdd
 		ring, err = newRingFromPoints(points)
 	}
 	if err != nil {
-		log.Printf("ERROR: Unable to get ring for address: %s [%w]", appAddress, err)
+		log.Printf("ERROR: Unable to get ring for address: %s [%v]", appAddress, err)
 		return nil, err
 	}
 
@@ -65,8 +65,8 @@ func newRingFromPoints(points []ringtypes.Point) (*ring.Ring, error) {
 	return ring.NewFixedKeyRingFromPublicKeys(ring_secp256k1.NewCurve(), points)
 }
 
-// getDelegatedPubKeysForAddress returns the ring used to sign a message for the given application
-// address, by querying the portal module for it's delegated pubkeys
+// getDelegatedPubKeysForAddress returns the ring used to sign a message for the given
+// application address, by querying the application module for it's delegated pubkeys
 func (app *appGateServer) getDelegatedPubKeysForAddress(
 	ctx context.Context,
 	appAddress string,
@@ -84,9 +84,17 @@ func (app *appGateServer) getDelegatedPubKeysForAddress(
 	// create a slice of addresses for the ring
 	ringAddresses := make([]string, 0)
 	ringAddresses = append(ringAddresses, appAddress) // app address is index 0
-	ringAddresses = append(ringAddresses, appAddress) // add app address twice to make the ring size of mininmum 2
-	if len(res.Application.DelegateeGatewayAddresses) > 0 {
-		ringAddresses = append(ringAddresses, res.Application.DelegateeGatewayAddresses...) // delegatee addresses are index 1+
+	if len(res.Application.DelegateeGatewayAddresses) < 1 {
+		// add app address twice to make the ring size of mininmum 2
+		// TODO_TECHDEBT: We are adding the appAddress twice because a ring
+		// signature requires AT LEAST two pubKeys. When the Application has
+		// not delegated to any gateways, we add the application's own address
+		// twice. This is a HACK and should be investigated as to what is the
+		// best approach to take in this situation.
+		ringAddresses = append(ringAddresses, appAddress)
+	} else if len(res.Application.DelegateeGatewayAddresses) > 0 {
+		// add the delegatee gateway addresses
+		ringAddresses = append(ringAddresses, res.Application.DelegateeGatewayAddresses...)
 	}
 
 	// get the points on the secp256k1 curve for the addresses
@@ -102,9 +110,9 @@ func (app *appGateServer) getDelegatedPubKeysForAddress(
 	return points, nil
 }
 
-// addressesToPoints converts a slice of addresses to a slice of points on the secp256k1 curve
-// it does so by querying the account module for the public key for each address and converting
-// them to the corresponding points on the secp256k1 curve
+// addressesToPoints converts a slice of addresses to a slice of points on the
+// secp256k1 curve, by querying the account module for the public key for each
+// address and converting them to the corresponding points on the secp256k1 curve
 func (app *appGateServer) addressesToPoints(ctx context.Context, addresses []string) ([]ringtypes.Point, error) {
 	curve := ring_secp256k1.NewCurve()
 	points := make([]ringtypes.Point, len(addresses))

pkg/relayer/proxy/rings.go

@@ -60,9 +60,17 @@ func (rp *relayerProxy) getDelegatedPubKeysForAddress(
 	// create a slice of addresses for the ring
 	ringAddresses := make([]string, 0)
 	ringAddresses = append(ringAddresses, appAddress) // app address is index 0
-	ringAddresses = append(ringAddresses, appAddress) // add app address twice to make the ring size of mininmum 2
-	if len(res.Application.DelegateeGatewayAddresses) > 0 {
-		ringAddresses = append(ringAddresses, res.Application.DelegateeGatewayAddresses...) // delegatee addresses are index 1+
+	if len(res.Application.DelegateeGatewayAddresses) < 1 {
+		// add app address twice to make the ring size of mininmum 2
+		// TODO_TECHDEBT: We are adding the appAddress twice because a ring
+		// signature requires AT LEAST two pubKeys. When the Application has
+		// not delegated to any gateways, we add the application's own address
+		// twice. This is a HACK and should be investigated as to what is the
+		// best approach to take in this situation.
+		ringAddresses = append(ringAddresses, appAddress)
+	} else if len(res.Application.DelegateeGatewayAddresses) > 0 {
+		// add the delegatee gateway addresses
+		ringAddresses = append(ringAddresses, res.Application.DelegateeGatewayAddresses...)
 	}
 
 	// get the points on the secp256k1 curve for the addresses