1use std::cmp::Ordering;
3use std::collections::{BTreeMap, HashMap};
4use std::path::{Path, PathBuf};
5use std::time::Duration;
6
7use anyhow::{Context, Result};
8use async_trait::async_trait;
9use bitcoin::hashes::sha256;
10use fedimint_aead::{encrypt, get_encryption_key, random_salt};
11use fedimint_api_client::api::{
12 LegacyFederationStatus, LegacyP2PConnectionStatus, LegacyPeerStatus, StatusResponse,
13};
14use fedimint_core::admin_client::{GuardianConfigBackup, ServerStatusLegacy, SetupStatus};
15use fedimint_core::backup::{
16 BackupStatistics, ClientBackupKey, ClientBackupKeyPrefix, ClientBackupSnapshot,
17};
18use fedimint_core::config::{ClientConfig, JsonClientConfig, META_FEDERATION_NAME_KEY};
19use fedimint_core::core::backup::{BACKUP_REQUEST_MAX_PAYLOAD_SIZE_BYTES, SignedBackupRequest};
20use fedimint_core::core::{DynOutputOutcome, ModuleInstanceId, ModuleKind};
21use fedimint_core::db::{
22 Committable, Database, DatabaseTransaction, IDatabaseTransactionOpsCoreTyped,
23};
24#[allow(deprecated)]
25use fedimint_core::endpoint_constants::AWAIT_OUTPUT_OUTCOME_ENDPOINT;
26use fedimint_core::endpoint_constants::{
27 API_ANNOUNCEMENTS_ENDPOINT, AUDIT_ENDPOINT, AUTH_ENDPOINT, AWAIT_OUTPUTS_OUTCOMES_ENDPOINT,
28 AWAIT_SESSION_OUTCOME_ENDPOINT, AWAIT_SIGNED_SESSION_OUTCOME_ENDPOINT,
29 AWAIT_TRANSACTION_ENDPOINT, BACKUP_ENDPOINT, BACKUP_STATISTICS_ENDPOINT,
30 CHANGE_PASSWORD_ENDPOINT, CLIENT_CONFIG_ENDPOINT, CLIENT_CONFIG_JSON_ENDPOINT,
31 CONSENSUS_ORD_LATENCY_ENDPOINT, FEDERATION_ID_ENDPOINT, FEDIMINTD_VERSION_ENDPOINT,
32 GUARDIAN_CONFIG_BACKUP_ENDPOINT, INVITE_CODE_ENDPOINT, P2P_CONNECTION_STATUS_ENDPOINT,
33 RECOVER_ENDPOINT, SERVER_CONFIG_CONSENSUS_HASH_ENDPOINT, SESSION_COUNT_ENDPOINT,
34 SESSION_STATUS_ENDPOINT, SESSION_STATUS_V2_ENDPOINT, SETUP_STATUS_ENDPOINT, SHUTDOWN_ENDPOINT,
35 SIGN_API_ANNOUNCEMENT_ENDPOINT, STATUS_ENDPOINT, SUBMIT_API_ANNOUNCEMENT_ENDPOINT,
36 SUBMIT_TRANSACTION_ENDPOINT, VERSION_ENDPOINT,
37};
38use fedimint_core::epoch::ConsensusItem;
39use fedimint_core::module::audit::{Audit, AuditSummary};
40use fedimint_core::module::{
41 ApiAuth, ApiEndpoint, ApiEndpointContext, ApiError, ApiRequestErased, ApiResult, ApiVersion,
42 SerdeModuleEncoding, SerdeModuleEncodingBase64, SupportedApiVersionsSummary, api_endpoint,
43};
44use fedimint_core::net::api_announcement::{
45 ApiAnnouncement, SignedApiAnnouncement, SignedApiAnnouncementSubmission,
46};
47use fedimint_core::net::auth::{GuardianAuthToken, check_auth};
48use fedimint_core::secp256k1::{PublicKey, SECP256K1};
49use fedimint_core::session_outcome::{
50 SessionOutcome, SessionStatus, SessionStatusV2, SignedSessionOutcome,
51};
52use fedimint_core::task::TaskGroup;
53use fedimint_core::transaction::{
54 SerdeTransaction, Transaction, TransactionError, TransactionSubmissionOutcome,
55};
56use fedimint_core::util::{FmtCompact, SafeUrl};
57use fedimint_core::{OutPoint, OutPointRange, PeerId, TransactionId, secp256k1};
58use fedimint_logging::LOG_NET_API;
59use fedimint_server_core::bitcoin_rpc::ServerBitcoinRpcMonitor;
60use fedimint_server_core::dashboard_ui::{
61 IDashboardApi, P2PConnectionStatus, ServerBitcoinRpcStatus,
62};
63use fedimint_server_core::{DynServerModule, ServerModuleRegistry, ServerModuleRegistryExt};
64use futures::StreamExt;
65use tokio::sync::watch::{self, Receiver, Sender};
66use tracing::{debug, info, warn};
67
68use crate::config::io::{
69 CONSENSUS_CONFIG, ENCRYPTED_EXT, JSON_EXT, LOCAL_CONFIG, PRIVATE_CONFIG, SALT_FILE,
70 reencrypt_private_config,
71};
72use crate::config::{ServerConfig, legacy_consensus_config_hash};
73use crate::consensus::db::{AcceptedItemPrefix, AcceptedTransactionKey, SignedSessionOutcomeKey};
74use crate::consensus::engine::get_finished_session_count_static;
75use crate::consensus::transaction::{TxProcessingMode, process_transaction_with_dbtx};
76use crate::metrics::{BACKUP_WRITE_SIZE_BYTES, STORED_BACKUPS_COUNT};
77use crate::net::api::HasApiContext;
78use crate::net::api::announcement::{ApiAnnouncementKey, ApiAnnouncementPrefix};
79use crate::net::p2p::P2PStatusReceivers;
80
81#[derive(Clone)]
82pub struct ConsensusApi {
83 pub cfg: ServerConfig,
85 pub cfg_dir: PathBuf,
87 pub db: Database,
89 pub modules: ServerModuleRegistry,
91 pub client_cfg: ClientConfig,
93 pub force_api_secret: Option<String>,
94 pub submission_sender: async_channel::Sender<ConsensusItem>,
96 pub shutdown_receiver: Receiver<Option<u64>>,
97 pub shutdown_sender: Sender<Option<u64>>,
98 pub ord_latency_receiver: watch::Receiver<Option<Duration>>,
99 pub p2p_status_receivers: P2PStatusReceivers,
100 pub ci_status_receivers: BTreeMap<PeerId, Receiver<Option<u64>>>,
101 pub bitcoin_rpc_connection: ServerBitcoinRpcMonitor,
102 pub supported_api_versions: SupportedApiVersionsSummary,
103 pub code_version_str: String,
104 pub task_group: TaskGroup,
105}
106
107impl ConsensusApi {
108 pub fn api_versions_summary(&self) -> &SupportedApiVersionsSummary {
109 &self.supported_api_versions
110 }
111
112 pub fn get_active_api_secret(&self) -> Option<String> {
113 self.force_api_secret.clone()
116 }
117
118 pub async fn submit_transaction(
121 &self,
122 transaction: Transaction,
123 ) -> Result<TransactionId, TransactionError> {
124 let txid = transaction.tx_hash();
125
126 debug!(target: LOG_NET_API, %txid, "Received a submitted transaction");
127
128 let mut dbtx = self.db.begin_transaction_nc().await;
130 if dbtx
132 .get_value(&AcceptedTransactionKey(txid))
133 .await
134 .is_some()
135 {
136 debug!(target: LOG_NET_API, %txid, "Transaction already accepted");
137 return Ok(txid);
138 }
139
140 dbtx.ignore_uncommitted();
142
143 process_transaction_with_dbtx(
144 self.modules.clone(),
145 &mut dbtx,
146 &transaction,
147 self.cfg.consensus.version,
148 TxProcessingMode::Submission,
149 )
150 .await
151 .inspect_err(|err| {
152 debug!(target: LOG_NET_API, %txid, err = %err.fmt_compact(), "Transaction rejected");
153 })?;
154
155 let _ = self
156 .submission_sender
157 .send(ConsensusItem::Transaction(transaction.clone()))
158 .await
159 .inspect_err(|err| {
160 warn!(target: LOG_NET_API, %txid, err = %err.fmt_compact(), "Unable to submit the tx into consensus");
161 });
162
163 Ok(txid)
164 }
165
166 pub async fn await_transaction(
167 &self,
168 txid: TransactionId,
169 ) -> (Vec<ModuleInstanceId>, DatabaseTransaction<'_, Committable>) {
170 self.db
171 .wait_key_check(&AcceptedTransactionKey(txid), std::convert::identity)
172 .await
173 }
174
175 pub async fn await_output_outcome(
176 &self,
177 outpoint: OutPoint,
178 ) -> Result<SerdeModuleEncoding<DynOutputOutcome>> {
179 let (module_ids, mut dbtx) = self.await_transaction(outpoint.txid).await;
180
181 let module_id = module_ids
182 .into_iter()
183 .nth(outpoint.out_idx as usize)
184 .with_context(|| format!("Outpoint index out of bounds {outpoint:?}"))?;
185
186 #[allow(deprecated)]
187 let outcome = self
188 .modules
189 .get_expect(module_id)
190 .output_status(
191 &mut dbtx.to_ref_with_prefix_module_id(module_id).0.into_nc(),
192 outpoint,
193 module_id,
194 )
195 .await
196 .context("No output outcome for outpoint")?;
197
198 Ok((&outcome).into())
199 }
200
201 pub async fn await_outputs_outcomes(
202 &self,
203 outpoint_range: OutPointRange,
204 ) -> Result<Vec<Option<SerdeModuleEncoding<DynOutputOutcome>>>> {
205 let (module_ids, mut dbtx) = self.await_transaction(outpoint_range.txid()).await;
207
208 let mut outcomes = Vec::with_capacity(outpoint_range.count());
209
210 for outpoint in outpoint_range {
211 let module_id = module_ids
212 .get(outpoint.out_idx as usize)
213 .with_context(|| format!("Outpoint index out of bounds {outpoint:?}"))?;
214
215 #[allow(deprecated)]
216 let outcome = self
217 .modules
218 .get_expect(*module_id)
219 .output_status(
220 &mut dbtx.to_ref_with_prefix_module_id(*module_id).0.into_nc(),
221 outpoint,
222 *module_id,
223 )
224 .await
225 .map(|outcome| (&outcome).into());
226
227 outcomes.push(outcome);
228 }
229
230 Ok(outcomes)
231 }
232
233 pub async fn session_count(&self) -> u64 {
234 get_finished_session_count_static(&mut self.db.begin_transaction_nc().await).await
235 }
236
237 pub async fn await_signed_session_outcome(&self, index: u64) -> SignedSessionOutcome {
238 self.db
239 .wait_key_check(&SignedSessionOutcomeKey(index), std::convert::identity)
240 .await
241 .0
242 }
243
244 pub async fn session_status(&self, session_index: u64) -> SessionStatusV2 {
245 let mut dbtx = self.db.begin_transaction_nc().await;
246
247 match session_index.cmp(&get_finished_session_count_static(&mut dbtx).await) {
248 Ordering::Greater => SessionStatusV2::Initial,
249 Ordering::Equal => SessionStatusV2::Pending(
250 dbtx.find_by_prefix(&AcceptedItemPrefix)
251 .await
252 .map(|entry| entry.1)
253 .collect()
254 .await,
255 ),
256 Ordering::Less => SessionStatusV2::Complete(
257 dbtx.get_value(&SignedSessionOutcomeKey(session_index))
258 .await
259 .expect("There are no gaps in session outcomes"),
260 ),
261 }
262 }
263
264 pub async fn get_federation_status(&self) -> ApiResult<LegacyFederationStatus> {
265 let session_count = self.session_count().await;
266 let scheduled_shutdown = self.shutdown_receiver.borrow().to_owned();
267
268 let status_by_peer = self
269 .p2p_status_receivers
270 .iter()
271 .map(|(peer, p2p_receiver)| {
272 let ci_receiver = self.ci_status_receivers.get(peer).unwrap();
273
274 let consensus_status = LegacyPeerStatus {
275 connection_status: match *p2p_receiver.borrow() {
276 Some(..) => LegacyP2PConnectionStatus::Connected,
277 None => LegacyP2PConnectionStatus::Disconnected,
278 },
279 last_contribution: *ci_receiver.borrow(),
280 flagged: ci_receiver.borrow().unwrap_or(0) + 1 < session_count,
281 };
282
283 (*peer, consensus_status)
284 })
285 .collect::<HashMap<PeerId, LegacyPeerStatus>>();
286
287 let peers_flagged = status_by_peer
288 .values()
289 .filter(|status| status.flagged)
290 .count() as u64;
291
292 let peers_online = status_by_peer
293 .values()
294 .filter(|status| status.connection_status == LegacyP2PConnectionStatus::Connected)
295 .count() as u64;
296
297 let peers_offline = status_by_peer
298 .values()
299 .filter(|status| status.connection_status == LegacyP2PConnectionStatus::Disconnected)
300 .count() as u64;
301
302 Ok(LegacyFederationStatus {
303 session_count,
304 status_by_peer,
305 peers_online,
306 peers_offline,
307 peers_flagged,
308 scheduled_shutdown,
309 })
310 }
311
312 fn shutdown(&self, index: Option<u64>) {
313 self.shutdown_sender.send_replace(index);
314 }
315
316 async fn get_federation_audit(&self) -> ApiResult<AuditSummary> {
317 let mut dbtx = self.db.begin_transaction_nc().await;
318 dbtx.ignore_uncommitted();
322
323 let mut audit = Audit::default();
324 let mut module_instance_id_to_kind: HashMap<ModuleInstanceId, String> = HashMap::new();
325 for (module_instance_id, kind, module) in self.modules.iter_modules() {
326 module_instance_id_to_kind.insert(module_instance_id, kind.as_str().to_string());
327 module
328 .audit(
329 &mut dbtx.to_ref_with_prefix_module_id(module_instance_id).0,
330 &mut audit,
331 module_instance_id,
332 )
333 .await;
334 }
335 Ok(AuditSummary::from_audit(
336 &audit,
337 &module_instance_id_to_kind,
338 ))
339 }
340
341 fn get_guardian_config_backup(
346 &self,
347 password: &str,
348 _auth: &GuardianAuthToken,
349 ) -> GuardianConfigBackup {
350 let mut tar_archive_builder = tar::Builder::new(Vec::new());
351
352 let mut append = |name: &Path, data: &[u8]| {
353 let mut header = tar::Header::new_gnu();
354 header.set_path(name).expect("Error setting path");
355 header.set_size(data.len() as u64);
356 header.set_mode(0o644);
357 header.set_cksum();
358 tar_archive_builder
359 .append(&header, data)
360 .expect("Error adding data to tar archive");
361 };
362
363 append(
364 &PathBuf::from(LOCAL_CONFIG).with_extension(JSON_EXT),
365 &serde_json::to_vec(&self.cfg.local).expect("Error encoding local config"),
366 );
367
368 append(
369 &PathBuf::from(CONSENSUS_CONFIG).with_extension(JSON_EXT),
370 &serde_json::to_vec(&self.cfg.consensus).expect("Error encoding consensus config"),
371 );
372
373 let encryption_salt = random_salt();
379 append(&PathBuf::from(SALT_FILE), encryption_salt.as_bytes());
380
381 let private_config_bytes =
382 serde_json::to_vec(&self.cfg.private).expect("Error encoding private config");
383 let encryption_key = get_encryption_key(password, &encryption_salt)
384 .expect("Generating key from password failed");
385 let private_config_encrypted =
386 hex::encode(encrypt(private_config_bytes, &encryption_key).expect("Encryption failed"));
387 append(
388 &PathBuf::from(PRIVATE_CONFIG).with_extension(ENCRYPTED_EXT),
389 private_config_encrypted.as_bytes(),
390 );
391
392 let tar_archive_bytes = tar_archive_builder
393 .into_inner()
394 .expect("Error building tar archive");
395
396 GuardianConfigBackup { tar_archive_bytes }
397 }
398
399 async fn handle_backup_request(
400 &self,
401 dbtx: &mut DatabaseTransaction<'_>,
402 request: SignedBackupRequest,
403 ) -> Result<(), ApiError> {
404 let request = request
405 .verify_valid(SECP256K1)
406 .map_err(|_| ApiError::bad_request("invalid request".into()))?;
407
408 if request.payload.len() > BACKUP_REQUEST_MAX_PAYLOAD_SIZE_BYTES {
409 return Err(ApiError::bad_request("snapshot too large".into()));
410 }
411 debug!(target: LOG_NET_API, id = %request.id, len = request.payload.len(), "Received client backup request");
412 if let Some(prev) = dbtx.get_value(&ClientBackupKey(request.id)).await
413 && request.timestamp <= prev.timestamp
414 {
415 debug!(target: LOG_NET_API, id = %request.id, len = request.payload.len(), "Received client backup request with old timestamp - ignoring");
416 return Err(ApiError::bad_request("timestamp too small".into()));
417 }
418
419 info!(target: LOG_NET_API, id = %request.id, len = request.payload.len(), "Storing new client backup");
420 let overwritten = dbtx
421 .insert_entry(
422 &ClientBackupKey(request.id),
423 &ClientBackupSnapshot {
424 timestamp: request.timestamp,
425 data: request.payload.clone(),
426 },
427 )
428 .await
429 .is_some();
430 BACKUP_WRITE_SIZE_BYTES.observe(request.payload.len() as f64);
431 if !overwritten {
432 dbtx.on_commit(|| STORED_BACKUPS_COUNT.inc());
433 }
434
435 Ok(())
436 }
437
438 async fn handle_recover_request(
439 &self,
440 dbtx: &mut DatabaseTransaction<'_>,
441 id: PublicKey,
442 ) -> Option<ClientBackupSnapshot> {
443 dbtx.get_value(&ClientBackupKey(id)).await
444 }
445
446 async fn api_announcements(&self) -> BTreeMap<PeerId, SignedApiAnnouncement> {
449 self.db
450 .begin_transaction_nc()
451 .await
452 .find_by_prefix(&ApiAnnouncementPrefix)
453 .await
454 .map(|(announcement_key, announcement)| (announcement_key.0, announcement))
455 .collect()
456 .await
457 }
458
459 fn fedimintd_version(&self) -> String {
461 self.code_version_str.clone()
462 }
463
464 async fn submit_api_announcement(
467 &self,
468 peer_id: PeerId,
469 announcement: SignedApiAnnouncement,
470 ) -> Result<(), ApiError> {
471 let Some(peer_key) = self.cfg.consensus.broadcast_public_keys.get(&peer_id) else {
472 return Err(ApiError::bad_request("Peer not in federation".into()));
473 };
474
475 if !announcement.verify(SECP256K1, peer_key) {
476 return Err(ApiError::bad_request("Invalid signature".into()));
477 }
478
479 let mut dbtx = self.db.begin_transaction().await;
480
481 if let Some(existing_announcement) = dbtx.get_value(&ApiAnnouncementKey(peer_id)).await {
482 if existing_announcement.api_announcement == announcement.api_announcement {
486 return Ok(());
487 }
488
489 if existing_announcement.api_announcement.nonce >= announcement.api_announcement.nonce {
492 return Err(ApiError::bad_request(
493 "Outdated or redundant announcement".into(),
494 ));
495 }
496 }
497
498 dbtx.insert_entry(&ApiAnnouncementKey(peer_id), &announcement)
499 .await;
500 dbtx.commit_tx().await;
501 Ok(())
502 }
503
504 async fn sign_api_announcement(&self, new_url: SafeUrl) -> SignedApiAnnouncement {
505 self.db
506 .autocommit(
507 |dbtx, _| {
508 let new_url_inner = new_url.clone();
509 Box::pin(async move {
510 let new_nonce = dbtx
511 .get_value(&ApiAnnouncementKey(self.cfg.local.identity))
512 .await
513 .map_or(0, |a| a.api_announcement.nonce + 1);
514 let announcement = ApiAnnouncement {
515 api_url: new_url_inner,
516 nonce: new_nonce,
517 };
518 let ctx = secp256k1::Secp256k1::new();
519 let signed_announcement = announcement
520 .sign(&ctx, &self.cfg.private.broadcast_secret_key.keypair(&ctx));
521
522 dbtx.insert_entry(
523 &ApiAnnouncementKey(self.cfg.local.identity),
524 &signed_announcement,
525 )
526 .await;
527
528 Result::<_, ()>::Ok(signed_announcement)
529 })
530 },
531 None,
532 )
533 .await
534 .expect("Will not terminate on error")
535 }
536
537 fn change_guardian_password(
542 &self,
543 new_password: &str,
544 _auth: &GuardianAuthToken,
545 ) -> Result<(), ApiError> {
546 reencrypt_private_config(&self.cfg_dir, &self.cfg.private, new_password)
547 .map_err(|e| ApiError::server_error(format!("Failed to change password: {e}")))?;
548
549 info!(target: LOG_NET_API, "Successfully changed guardian password");
550
551 Ok(())
552 }
553}
554
555#[async_trait]
556impl HasApiContext<ConsensusApi> for ConsensusApi {
557 async fn context(
558 &self,
559 request: &ApiRequestErased,
560 id: Option<ModuleInstanceId>,
561 ) -> (&ConsensusApi, ApiEndpointContext) {
562 let mut db = self.db.clone();
563 if let Some(id) = id {
564 db = self.db.with_prefix_module_id(id).0;
565 }
566 (
567 self,
568 ApiEndpointContext::new(
569 db,
570 request.auth == Some(self.cfg.private.api_auth.clone()),
571 request.auth.clone(),
572 ),
573 )
574 }
575}
576
577#[async_trait]
578impl HasApiContext<DynServerModule> for ConsensusApi {
579 async fn context(
580 &self,
581 request: &ApiRequestErased,
582 id: Option<ModuleInstanceId>,
583 ) -> (&DynServerModule, ApiEndpointContext) {
584 let (_, context): (&ConsensusApi, _) = self.context(request, id).await;
585 (
586 self.modules.get_expect(id.expect("required module id")),
587 context,
588 )
589 }
590}
591
592#[async_trait]
593impl IDashboardApi for ConsensusApi {
594 async fn auth(&self) -> ApiAuth {
595 self.cfg.private.api_auth.clone()
596 }
597
598 async fn guardian_id(&self) -> PeerId {
599 self.cfg.local.identity
600 }
601
602 async fn guardian_names(&self) -> BTreeMap<PeerId, String> {
603 self.cfg
604 .consensus
605 .api_endpoints()
606 .iter()
607 .map(|(peer_id, endpoint)| (*peer_id, endpoint.name.clone()))
608 .collect()
609 }
610
611 async fn federation_name(&self) -> String {
612 self.cfg
613 .consensus
614 .meta
615 .get(META_FEDERATION_NAME_KEY)
616 .cloned()
617 .expect("Federation name must be set")
618 }
619
620 async fn session_count(&self) -> u64 {
621 self.session_count().await
622 }
623
624 async fn get_session_status(&self, session_idx: u64) -> SessionStatusV2 {
625 self.session_status(session_idx).await
626 }
627
628 async fn consensus_ord_latency(&self) -> Option<Duration> {
629 *self.ord_latency_receiver.borrow()
630 }
631
632 async fn p2p_connection_status(&self) -> BTreeMap<PeerId, Option<P2PConnectionStatus>> {
633 self.p2p_status_receivers
634 .iter()
635 .map(|(peer, receiver)| (*peer, receiver.borrow().clone()))
636 .collect()
637 }
638
639 async fn federation_invite_code(&self) -> String {
640 self.cfg
641 .get_invite_code(self.get_active_api_secret())
642 .to_string()
643 }
644
645 async fn federation_audit(&self) -> AuditSummary {
646 self.get_federation_audit()
647 .await
648 .expect("Failed to get federation audit")
649 }
650
651 async fn bitcoin_rpc_url(&self) -> SafeUrl {
652 self.bitcoin_rpc_connection.url()
653 }
654
655 async fn bitcoin_rpc_status(&self) -> Option<ServerBitcoinRpcStatus> {
656 self.bitcoin_rpc_connection.status()
657 }
658
659 async fn download_guardian_config_backup(
660 &self,
661 password: &str,
662 guardian_auth: &GuardianAuthToken,
663 ) -> GuardianConfigBackup {
664 self.get_guardian_config_backup(password, guardian_auth)
665 }
666
667 fn get_module_by_kind(&self, kind: ModuleKind) -> Option<&DynServerModule> {
668 self.modules
669 .iter_modules()
670 .find_map(|(_, module_kind, module)| {
671 if *module_kind == kind {
672 Some(module)
673 } else {
674 None
675 }
676 })
677 }
678
679 async fn fedimintd_version(&self) -> String {
680 self.code_version_str.clone()
681 }
682
683 async fn change_password(
684 &self,
685 new_password: &str,
686 current_password: &str,
687 guardian_auth: &GuardianAuthToken,
688 ) -> Result<(), String> {
689 let auth = &self.auth().await.0;
690 if auth != current_password {
691 return Err("Current password is incorrect".into());
692 }
693 self.change_guardian_password(new_password, guardian_auth)
694 .map_err(|e| e.to_string())
695 }
696}
697
698pub fn server_endpoints() -> Vec<ApiEndpoint<ConsensusApi>> {
699 vec![
700 api_endpoint! {
701 VERSION_ENDPOINT,
702 ApiVersion::new(0, 0),
703 async |fedimint: &ConsensusApi, _context, _v: ()| -> SupportedApiVersionsSummary {
704 Ok(fedimint.api_versions_summary().to_owned())
705 }
706 },
707 api_endpoint! {
708 SUBMIT_TRANSACTION_ENDPOINT,
709 ApiVersion::new(0, 0),
710 async |fedimint: &ConsensusApi, _context, transaction: SerdeTransaction| -> SerdeModuleEncoding<TransactionSubmissionOutcome> {
711 let transaction = transaction
712 .try_into_inner(&fedimint.modules.decoder_registry())
713 .map_err(|e| ApiError::bad_request(e.to_string()))?;
714
715 Ok((&TransactionSubmissionOutcome(fedimint.submit_transaction(transaction).await)).into())
718 }
719 },
720 api_endpoint! {
721 AWAIT_TRANSACTION_ENDPOINT,
722 ApiVersion::new(0, 0),
723 async |fedimint: &ConsensusApi, _context, tx_hash: TransactionId| -> TransactionId {
724 fedimint.await_transaction(tx_hash).await;
725
726 Ok(tx_hash)
727 }
728 },
729 api_endpoint! {
730 AWAIT_OUTPUT_OUTCOME_ENDPOINT,
731 ApiVersion::new(0, 0),
732 async |fedimint: &ConsensusApi, _context, outpoint: OutPoint| -> SerdeModuleEncoding<DynOutputOutcome> {
733 let outcome = fedimint
734 .await_output_outcome(outpoint)
735 .await
736 .map_err(|e| ApiError::bad_request(e.to_string()))?;
737
738 Ok(outcome)
739 }
740 },
741 api_endpoint! {
742 AWAIT_OUTPUTS_OUTCOMES_ENDPOINT,
743 ApiVersion::new(0, 8),
744 async |fedimint: &ConsensusApi, _context, outpoint_range: OutPointRange| -> Vec<Option<SerdeModuleEncoding<DynOutputOutcome>>> {
745 let outcomes = fedimint
746 .await_outputs_outcomes(outpoint_range)
747 .await
748 .map_err(|e| ApiError::bad_request(e.to_string()))?;
749
750 Ok(outcomes)
751 }
752 },
753 api_endpoint! {
754 INVITE_CODE_ENDPOINT,
755 ApiVersion::new(0, 0),
756 async |fedimint: &ConsensusApi, _context, _v: ()| -> String {
757 Ok(fedimint.cfg.get_invite_code(fedimint.get_active_api_secret()).to_string())
758 }
759 },
760 api_endpoint! {
761 FEDERATION_ID_ENDPOINT,
762 ApiVersion::new(0, 2),
763 async |fedimint: &ConsensusApi, _context, _v: ()| -> String {
764 Ok(fedimint.cfg.calculate_federation_id().to_string())
765 }
766 },
767 api_endpoint! {
768 CLIENT_CONFIG_ENDPOINT,
769 ApiVersion::new(0, 0),
770 async |fedimint: &ConsensusApi, _context, _v: ()| -> ClientConfig {
771 Ok(fedimint.client_cfg.clone())
772 }
773 },
774 api_endpoint! {
776 CLIENT_CONFIG_JSON_ENDPOINT,
777 ApiVersion::new(0, 0),
778 async |fedimint: &ConsensusApi, _context, _v: ()| -> JsonClientConfig {
779 Ok(fedimint.client_cfg.to_json())
780 }
781 },
782 api_endpoint! {
783 SERVER_CONFIG_CONSENSUS_HASH_ENDPOINT,
784 ApiVersion::new(0, 0),
785 async |fedimint: &ConsensusApi, _context, _v: ()| -> sha256::Hash {
786 Ok(legacy_consensus_config_hash(&fedimint.cfg.consensus))
787 }
788 },
789 api_endpoint! {
790 STATUS_ENDPOINT,
791 ApiVersion::new(0, 0),
792 async |fedimint: &ConsensusApi, _context, _v: ()| -> StatusResponse {
793 Ok(StatusResponse {
794 server: ServerStatusLegacy::ConsensusRunning,
795 federation: Some(fedimint.get_federation_status().await?)
796 })}
797 },
798 api_endpoint! {
799 SETUP_STATUS_ENDPOINT,
800 ApiVersion::new(0, 0),
801 async |_f: &ConsensusApi, _c, _v: ()| -> SetupStatus {
802 Ok(SetupStatus::ConsensusIsRunning)
803 }
804 },
805 api_endpoint! {
806 CONSENSUS_ORD_LATENCY_ENDPOINT,
807 ApiVersion::new(0, 0),
808 async |fedimint: &ConsensusApi, _c, _v: ()| -> Option<Duration> {
809 Ok(*fedimint.ord_latency_receiver.borrow())
810 }
811 },
812 api_endpoint! {
813 P2P_CONNECTION_STATUS_ENDPOINT,
814 ApiVersion::new(0, 0),
815 async |fedimint: &ConsensusApi, _c, _v: ()| -> BTreeMap<PeerId, Option<P2PConnectionStatus>> {
816 Ok(fedimint.p2p_status_receivers
817 .iter()
818 .map(|(peer, receiver)| (*peer, receiver.borrow().clone()))
819 .collect())
820 }
821 },
822 api_endpoint! {
823 SESSION_COUNT_ENDPOINT,
824 ApiVersion::new(0, 0),
825 async |fedimint: &ConsensusApi, _context, _v: ()| -> u64 {
826 Ok(fedimint.session_count().await)
827 }
828 },
829 api_endpoint! {
830 AWAIT_SESSION_OUTCOME_ENDPOINT,
831 ApiVersion::new(0, 0),
832 async |fedimint: &ConsensusApi, _context, index: u64| -> SerdeModuleEncoding<SessionOutcome> {
833 Ok((&fedimint.await_signed_session_outcome(index).await.session_outcome).into())
834 }
835 },
836 api_endpoint! {
837 AWAIT_SIGNED_SESSION_OUTCOME_ENDPOINT,
838 ApiVersion::new(0, 0),
839 async |fedimint: &ConsensusApi, _context, index: u64| -> SerdeModuleEncoding<SignedSessionOutcome> {
840 Ok((&fedimint.await_signed_session_outcome(index).await).into())
841 }
842 },
843 api_endpoint! {
844 SESSION_STATUS_ENDPOINT,
845 ApiVersion::new(0, 1),
846 async |fedimint: &ConsensusApi, _context, index: u64| -> SerdeModuleEncoding<SessionStatus> {
847 Ok((&SessionStatus::from(fedimint.session_status(index).await)).into())
848 }
849 },
850 api_endpoint! {
851 SESSION_STATUS_V2_ENDPOINT,
852 ApiVersion::new(0, 5),
853 async |fedimint: &ConsensusApi, _context, index: u64| -> SerdeModuleEncodingBase64<SessionStatusV2> {
854 Ok((&fedimint.session_status(index).await).into())
855 }
856 },
857 api_endpoint! {
858 SHUTDOWN_ENDPOINT,
859 ApiVersion::new(0, 3),
860 async |fedimint: &ConsensusApi, context, index: Option<u64>| -> () {
861 check_auth(context)?;
862 fedimint.shutdown(index);
863 Ok(())
864 }
865 },
866 api_endpoint! {
867 AUDIT_ENDPOINT,
868 ApiVersion::new(0, 0),
869 async |fedimint: &ConsensusApi, context, _v: ()| -> AuditSummary {
870 check_auth(context)?;
871 Ok(fedimint.get_federation_audit().await?)
872 }
873 },
874 api_endpoint! {
875 GUARDIAN_CONFIG_BACKUP_ENDPOINT,
876 ApiVersion::new(0, 2),
877 async |fedimint: &ConsensusApi, context, _v: ()| -> GuardianConfigBackup {
878 let auth = check_auth(context)?;
879 let password = context.request_auth().expect("Auth was checked before").0;
880 Ok(fedimint.get_guardian_config_backup(&password, &auth))
881 }
882 },
883 api_endpoint! {
884 BACKUP_ENDPOINT,
885 ApiVersion::new(0, 0),
886 async |fedimint: &ConsensusApi, context, request: SignedBackupRequest| -> () {
887 let db = context.db();
888 let mut dbtx = db.begin_transaction().await;
889 fedimint
890 .handle_backup_request(&mut dbtx.to_ref_nc(), request).await?;
891 dbtx.commit_tx_result().await?;
892 Ok(())
893
894 }
895 },
896 api_endpoint! {
897 RECOVER_ENDPOINT,
898 ApiVersion::new(0, 0),
899 async |fedimint: &ConsensusApi, context, id: PublicKey| -> Option<ClientBackupSnapshot> {
900 let db = context.db();
901 let mut dbtx = db.begin_transaction_nc().await;
902 Ok(fedimint
903 .handle_recover_request(&mut dbtx, id).await)
904 }
905 },
906 api_endpoint! {
907 AUTH_ENDPOINT,
908 ApiVersion::new(0, 0),
909 async |_fedimint: &ConsensusApi, context, _v: ()| -> () {
910 check_auth(context)?;
911 Ok(())
912 }
913 },
914 api_endpoint! {
915 API_ANNOUNCEMENTS_ENDPOINT,
916 ApiVersion::new(0, 3),
917 async |fedimint: &ConsensusApi, _context, _v: ()| -> BTreeMap<PeerId, SignedApiAnnouncement> {
918 Ok(fedimint.api_announcements().await)
919 }
920 },
921 api_endpoint! {
922 SUBMIT_API_ANNOUNCEMENT_ENDPOINT,
923 ApiVersion::new(0, 3),
924 async |fedimint: &ConsensusApi, _context, submission: SignedApiAnnouncementSubmission| -> () {
925 fedimint.submit_api_announcement(submission.peer_id, submission.signed_api_announcement).await
926 }
927 },
928 api_endpoint! {
929 SIGN_API_ANNOUNCEMENT_ENDPOINT,
930 ApiVersion::new(0, 3),
931 async |fedimint: &ConsensusApi, context, new_url: SafeUrl| -> SignedApiAnnouncement {
932 check_auth(context)?;
933 Ok(fedimint.sign_api_announcement(new_url).await)
934 }
935 },
936 api_endpoint! {
937 FEDIMINTD_VERSION_ENDPOINT,
938 ApiVersion::new(0, 4),
939 async |fedimint: &ConsensusApi, _context, _v: ()| -> String {
940 Ok(fedimint.fedimintd_version())
941 }
942 },
943 api_endpoint! {
944 BACKUP_STATISTICS_ENDPOINT,
945 ApiVersion::new(0, 5),
946 async |_fedimint: &ConsensusApi, context, _v: ()| -> BackupStatistics {
947 check_auth(context)?;
948 let db = context.db();
949 let mut dbtx = db.begin_transaction_nc().await;
950 Ok(backup_statistics_static(&mut dbtx).await)
951 }
952 },
953 api_endpoint! {
954 CHANGE_PASSWORD_ENDPOINT,
955 ApiVersion::new(0, 6),
956 async |fedimint: &ConsensusApi, context, new_password: String| -> () {
957 let auth = check_auth(context)?;
958 fedimint.change_guardian_password(&new_password, &auth)?;
959 let task_group = fedimint.task_group.clone();
960 fedimint_core::runtime::spawn("shutdown after password change", async move {
961 info!(target: LOG_NET_API, "Will shutdown after password change");
962 fedimint_core:: runtime::sleep(Duration::from_secs(1)).await;
963 task_group.shutdown();
964 });
965 Ok(())
966 }
967 },
968 ]
969}
970
971pub(crate) async fn backup_statistics_static(
972 dbtx: &mut DatabaseTransaction<'_>,
973) -> BackupStatistics {
974 const DAY_SECS: u64 = 24 * 60 * 60;
975 const WEEK_SECS: u64 = 7 * DAY_SECS;
976 const MONTH_SECS: u64 = 30 * DAY_SECS;
977 const QUARTER_SECS: u64 = 3 * MONTH_SECS;
978
979 let mut backup_stats = BackupStatistics::default();
980
981 let mut all_backups_stream = dbtx.find_by_prefix(&ClientBackupKeyPrefix).await;
982 while let Some((_, backup)) = all_backups_stream.next().await {
983 backup_stats.num_backups += 1;
984 backup_stats.total_size += backup.data.len();
985
986 let age_secs = backup.timestamp.elapsed().unwrap_or_default().as_secs();
987 if age_secs < DAY_SECS {
988 backup_stats.refreshed_1d += 1;
989 }
990 if age_secs < WEEK_SECS {
991 backup_stats.refreshed_1w += 1;
992 }
993 if age_secs < MONTH_SECS {
994 backup_stats.refreshed_1m += 1;
995 }
996 if age_secs < QUARTER_SECS {
997 backup_stats.refreshed_3m += 1;
998 }
999 }
1000
1001 backup_stats
1002}